56621bf934bddb03d2a408af775b88267ee63ae70e5e64a296c53de6bf59a5c9

Analysis

max time kernel
120s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/08/2024, 13:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

626ecf8752105c60fdeb1d49cdd672f0N.exe
Size

185KB
MD5

626ecf8752105c60fdeb1d49cdd672f0
SHA1

f67140b7c509829b4dd88bff9e3c62c581a09f8d
SHA256

56621bf934bddb03d2a408af775b88267ee63ae70e5e64a296c53de6bf59a5c9
SHA512

b2a8e87de8010f481f01d65b8414d0d4e22f2ba0e4024ef3b63e1e4ab646a0fcc7a54f27881ce248b594c3dacfbaca6fd470eda2a16567a9fb7711114ca236cc
SSDEEP

3072:62ssWpGgrM+t58qKcAK+j4n7ByeFUb2ssWpGgrM+t58qKcAK+j4n7ByeFU/:MVwgrM0MeFUvVwgrM0MeFU/

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4581) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
1428	Zombie.exe
2728	_Wordpad.lnk.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	626ecf8752105c60fdeb1d49cdd672f0N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	626ecf8752105c60fdeb1d49cdd672f0N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsFormsIntegration.resources.dll.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Green.xml.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Grace-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Primitives.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Configuration.dll.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Brotli.dll.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jmc.txt.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ppd.xrm-ms.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-phn.xrm-ms.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-140.png.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-100.png.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\instrument.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.ValueTuple.dll.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ta.pak.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Primitives.dll.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-pl.xrm-ms.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-synch-l1-2-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Configuration\card_expiration_terms_dict.txt.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\Common Files\System\ado\msado21.tlb.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClient.dll.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-phn.xrm-ms.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-pl.xrm-ms.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.OLE.Interop.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.ReaderWriter.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\release.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientPreview_eula.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINDATAPROVIDER.DLL.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\IEEE2006OfficeOnline.xsl.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul.xrm-ms.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub_eula.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL.HXS.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.Editors.dll.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieXLEditTextModel.bin.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Xaml.resources.dll.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Internet Explorer\uk-UA\ieinstal.exe.mui.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ppd.xrm-ms.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.cpl.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-pl.xrm-ms.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONENGINE.DLL.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.resources.dll.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\ssn_high_group_info.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Xaml.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemData.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\WindowsFormsIntegration.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Xaml.resources.dll.tmp	_Wordpad.lnk.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	626ecf8752105c60fdeb1d49cdd672f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_Wordpad.lnk.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1340 wrote to memory of 1428	1340	626ecf8752105c60fdeb1d49cdd672f0N.exe	85
PID 1340 wrote to memory of 1428	1340	626ecf8752105c60fdeb1d49cdd672f0N.exe	85
PID 1340 wrote to memory of 1428	1340	626ecf8752105c60fdeb1d49cdd672f0N.exe	85
PID 1340 wrote to memory of 2728	1340	626ecf8752105c60fdeb1d49cdd672f0N.exe	84
PID 1340 wrote to memory of 2728	1340	626ecf8752105c60fdeb1d49cdd672f0N.exe	84
PID 1340 wrote to memory of 2728	1340	626ecf8752105c60fdeb1d49cdd672f0N.exe	84

C:\Users\Admin\AppData\Local\Temp\626ecf8752105c60fdeb1d49cdd672f0N.exe
"C:\Users\Admin\AppData\Local\Temp\626ecf8752105c60fdeb1d49cdd672f0N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1340
- C:\Users\Admin\AppData\Local\Temp\_Wordpad.lnk.exe
  "_Wordpad.lnk.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2728
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:1428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-523280732-2327480845-3730041215-1000\desktop.ini.exe.tmp

Filesize
186KB

MD5
f2cae1df8f0f0a41a4fc3d315618d9c3

SHA1
d37d1af8cf31de3ef67fd23f9beee5febea9f5b4

SHA256
8c70059c23512f4dbc54c1578a4f888703c48e09503195cff897dc52a9469c64

SHA512
887be8e1d4309c36e917cf76dfd95c094fdadbd41530aedd69597da54d8910f3c6643445d9c66d0081da0e2d32ca96f4a60c0113c20ece6d62e64e2a74f9b8a1

Download Submit
C:\$Recycle.Bin\S-1-5-21-523280732-2327480845-3730041215-1000\desktop.ini.tmp

Filesize
91KB

MD5
9a4e31b5c6d6dfdb46752661bb68a2d7

SHA1
0f234b1d92c4af8979f4fe679bfa2dc31930ab51

SHA256
5aad625d4dacb763fe41c944561deb0ac33941e620485f907e892d3a5920e1eb

SHA512
8ef0924f9daa2ab02c66f48486e7441bc3d5a5a1507c7786f5c9c8f2f10f40e224145d1cec7271ee546a822f3a4f55087f263a2c5b49319382c84d747644c724

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
204KB

MD5
27a5a3d3fdabbb21a98b8829068cf3fe

SHA1
dc94f78cf6457345a1d7d1164af6f21069e824fb

SHA256
dba1063befeca3e50bbcb2a7eba1dd60eb7761d71ce0d307e03d90f791149cdc

SHA512
66e89bce8f9c0142a1ea08f03c82bfed49e941492d08de693a8893dc39460e88cc943122b4c1760b3c22c41904126ee5ccc2b4ecf4138c5547e8892e5bf6e4b6

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
159KB

MD5
ebd310850af5b3f668bcfd10ce08326e

SHA1
93cc0524e34732ecb5548a89f57cf5d07529d58f

SHA256
fa03f42c34fcc9e189ed197ffdd5117dfc1ce0efcee461c6487d2598c4e63328

SHA512
d216a00897bd311566cc44e99c9e766a1ed7cd8267294f7a29117f5791a918c7d61425d0b5613b0d12d7576e7b103b329899eb9bf191573b5d9c86c1815f16cf

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
1d1a3a4c7afab945e7870c4e4d9bd506

SHA1
b8c90182db34daf3e5a9aac4314d574401dd0f4a

SHA256
7179c6c50e1bc3c24482ad8e9411e59aa7be7b10028deb7c33581d57cd9db182

SHA512
4cbf1f14b43a12a3169e3a37169e8ff1b173280337e23c0f0e747c64a3904869bbb5cfc491699123491d2bfadce9d671ebddf804b70ef1a4d5c6d539746a27e5

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
320KB

MD5
2b23428e232589060137f85284fe201b

SHA1
10f2daeb4e49f64f26a28a80793a5c7bb09d6948

SHA256
b09221fe831b11bdcb098672753ac286b0c3b0c002f28b0837b3fe7c9b9f1c17

SHA512
de656f7ad5c5dd48095ca87f979981075387d36e17b276e80c20e706812dcae76682bbfa6e5899f3682c887a1a719b48b4905020aa5e9a492f5dbed79517d1de

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
638KB

MD5
1f7514ef94980d02e9f182999c604d8c

SHA1
3906611c7a1fade0a4f0c910b9b9a924b3c74e31

SHA256
4b2fd402fecf8d2916545a0e5064bbe3debbc4fde27c1f7ba5bd91dc61f0403b

SHA512
0b9098ee45d23d87925484220a9f253ad0fd31e08caef2f613be202b91d5acb00b32460a04cd32843e50216c60964afc9c42e515bd646aadd398f2003664a77e

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
303KB

MD5
d2562f45a2748db85e1f1c92254b73aa

SHA1
87b833b0bd877b8c21fef2c3af4b0e810e1e67f0

SHA256
b2c23320330b2875b4a9bed4a8b7c88447df2f047256df8fe29aa9645a666786

SHA512
edbd95d66b18b30e8a0d938d43a505117d1f5c7e777903a5bb4cd6e5c967ceae57710fb9bd4ad0514e1a21ccc72786be22d879b46f169b8a677f8b662da6bbaf

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
282KB

MD5
3ddb1a53ca77412bee2906d5e03f1393

SHA1
dfbf65a37e97aa450b195e9c80a6f559a479a1a7

SHA256
c494a93d0fc56dc22cc651bd51668465eb4d009eaeed57d47148dbafc1f23053

SHA512
e60b1456503529a5847937904c8ddc2a70154e94f01eec73887e8211cb79b5a36c2fb8061dff3418f7487d54631ab0cd4e7d1d945c176d9fe1d3ba32b650652b

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
778KB

MD5
f2db8adf3cb350f7b65b84d37b4d7d12

SHA1
b730e65016e617e62faa688a0920469cb6ae9669

SHA256
099a3d2928698994eebcbf66ad1ba41d9ff279dad1f6c7e0f261bea26b44a7b1

SHA512
27c3593f9a86cca2b9c6c63847d2fe7a12f12f47a787c8e244c9ec2c60590229a21b6bb75c862b2356ce6c1b062e2790c8b7ac8c12a508a1b3224301184c2834

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
92KB

MD5
9bce4c962ddf25ee394c76bbc9a8a7b8

SHA1
13e6e90e88ef0fc1129389944e6177827720e508

SHA256
c01d3de0c5e02fe27ebfa8ade489e6b5703f79edd03553928d65ecebc1a51a04

SHA512
f734859838a225d6a2c18cb3e58782a4303513040e279e304d95f95b119634c5a57d62273b0aa22a74c548b9e63ec64e9894aa8023f035e77367a19a6b7a79df

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
103KB

MD5
271eb1429b9e0ab6138ab426c5d96278

SHA1
e9db9efea76250bed7eb003e6d27cf86e950da49

SHA256
759a478c6e28fdb567b9a61b1e17ad39985bdc0fe2ae90365f356e352f1540b4

SHA512
adec4480dcdf495454ed23a785ae88c7e7cc9cbc5129d9e44777cc463f26822db1a08057bf6154b49757e197dd75fa5177318f2d7ec33ed85bf4814280777625

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
101KB

MD5
5105011ab5ad038817bdef86c127830e

SHA1
4a92e850fb1ad6fb7eee9b147242dd3f644bd3f8

SHA256
c068e3ad3e94087873fa55060db5597390926fa4dc5f5ac4ab056d45cad770b2

SHA512
cbc5d9580cebb8f371f4b45e4f2b9f7a0fec5fddb608e5dc3669fb1a0d26038605a23b8f2196719d61351da7db4d695cd4175c7c41599fb5f59bb007e58b8dd9

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
103KB

MD5
a8ffb139008bcd034edb30f75f10e0ef

SHA1
9d7dc99060ee5cc453ca491de873cad4c2825eae

SHA256
ab2527b3bece7a944ce4c768abb90f66753ec5efbfaf4e9b78ef476ff1bcce07

SHA512
fc04d515258a7c3a487550389f12be754d1b024fd29f8bd5fe08c19052e8d0b6f8c16cd003c154b82a1a88aa0be815e9aec7ff25400f8bea2115e72e5ac09478

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
105KB

MD5
00a9cde76e86e3217c919c11067344c6

SHA1
17a6fd38c176f4d057bcd23a7f76b0f689bccdeb

SHA256
4eb5997d2985cae8286a3093f4f26f867733199f01bf8a0650369cbc92bf0079

SHA512
5b8617a05c274561026f50b2f6c65fcd7a5ec1e9cb284704229ba277e3fbb249cb8cf0bee46ea2b23769f131a1bf62fb123a72c4eadd594b8973b63ac1442691

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
108KB

MD5
959bc69859d53307aabd058161ca191f

SHA1
0e49521286563ed5e3a24bee9765aa6ca331e4bf

SHA256
b7f649724425cf7d39b840690208754034e2658c615d3686ba55f4a2a4af6f95

SHA512
36c3cdbdf4e6d4683a007a8ea65a771de16d9583d3b6971bab690fd90d8fb27289b3e973e69c32498542c9af479df55d4cd3abf19b90cb892cffc7a6d300ad8f

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
102KB

MD5
9278850103cc4ea9880a2928565fe8ed

SHA1
a77054de98aed889cfba7af3ea50fadb64f74704

SHA256
8a356c9d8a0ca90ce6a2289893366b973982e9cf79ccccab334e5aa15fa684c3

SHA512
6a5158ff2537003c71122d2a48a7b677f7581030b1a0fa3f30a9a0e2095981f465b0bdb4fb375b2b360da3af417647eba1589fb7baa83e7620ec5b9304b9a07f

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
101KB

MD5
2a60fa5399fb4fb0cbdfa3d6b3616028

SHA1
33f7732aaa9aabce17e0bd2a712d1a32c744c6b2

SHA256
2b0c19209b8a3153a0faa8502165b65c96ab816ed7505f8087254e6c51470ebd

SHA512
2d1a0da1bede0f416b9f3f32504b43a212ad8566c9b0a679ec6d4236d849117d119a1d41fd30aa2e6b88f3ea09ff59953c70a0f1f37906311565bed2ee180577

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
101KB

MD5
b881ef10aae94186650aaf1a49ea5540

SHA1
d30e5af5384e1aa1c7a90be638d4574e9584d5d0

SHA256
11edb093ab8c044f10ee96cb6bc5caba76c16c936aee743b67d1ea25dd2b07ef

SHA512
b7a181c3a7962c2b7a0943c622ece9daf455c6952c1149516a99e6995e2a493f668beff9093e5dbc2b0bf823128d322947ff6f97d8653dff4cb1b8edfdea785a

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
96KB

MD5
8a56fa046096f480b936f09ff333964e

SHA1
75f920cdfacce1c91c3af6c3a25d40e1559d03dd

SHA256
8975947335d9bba323ccc083c162cfb898f8aa168a1591be721027dcdb4d419c

SHA512
d82e925598d5f9bb65099bf7b5923464fd5254fc8d12fe1580c1ed2519530a6939433042d82d5dc337e6e0f6659715cad6e23e79d6518f76b2844622a0202755

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
100KB

MD5
872d611c254cd4e096d92fd80297e316

SHA1
89408a0817e6e4555bc142157e70f3a4da4bf251

SHA256
05b50af835b762ecaeecab1912cbcfab4054939b29b14a5eae23546d91ef5c6b

SHA512
1b93d20981244bc57963f88d5f01d3dd811cd6f98bcd75a39e19d624b471a814c021454431462bf741a1985e3a0268176f4de4405c42005af423d2b3516a91c1

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
102KB

MD5
89917c5765364ff698086f0094bf27d6

SHA1
a774c359701c6b1c5f108ded586669069a7123d3

SHA256
363965c4f80b613d967851fbbdf4aeed5a6b8147b25b61df2831520b8f17bb0c

SHA512
b4160aaf763a03b884c274c79bb00ff6dca29db1480139537ca778b28a421874bd0d433ce34cdef269a25d613431b8f84683758da38d292ccae72052614fa679

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
101KB

MD5
812cd45d2ff1b5df5dce0275ce711198

SHA1
cff44538db7922cfc8006acf54c10b58ba2e5ddc

SHA256
8e76438a041caee16bf4e244f029810fec44c555daf389784e7c092c32ee1727

SHA512
099b0f870cb09a3662f06410a4687c122e0bff866f31126c899b4a548d34ad7b1a9b7eb707ad57a975901de94863793a9e990c23f9d174928a6c38d6d73cd2e8

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
102KB

MD5
e5650401a6d246af310643c2e2222d8c

SHA1
ebe214a80b4d271655bcd7f55cd4fe45d8a22e68

SHA256
86da841ca6b7449920e20a51705c5c28d0042e561baf96aa41aef59c693f2e35

SHA512
dc3807ea64ff49d67a979b4c679beb8f780738e3870ad2d5fc618c1c025045bee47d6eb102e120b85ab0600fe65fbf406ee7e3ef69b4fb378e84645e24791a82

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
99KB

MD5
ddd93f188fda7b2fdf2e6f36bc5224f1

SHA1
cdbf23a70aa1c062f38a00715844a8acc6b16fc0

SHA256
2dcb5eefb17b40eec10e079a4ef56d48213281bc14b6afe0c56d3ca8f028133b

SHA512
c7592aae6e417c78330559a006d236ba7f2bf7b70b78776a2ad28a9b32ff5c15e43a7589c11b945fe6828c55b815f9e59c66ea7a15a9e2b18033af7045277b00

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
102KB

MD5
29be0e0eadaf3256249955e3b5f3f970

SHA1
6a28965103fd37ca3a519466eeffa227e6d0caf9

SHA256
209643377401a93e38e656ca71c233a84c07b6797bd6c083b8f28738d301de7a

SHA512
17120671bc85233297328a97e012451270edd2cb2d333fa98c02ce8fa26b2a7b7cb5689a06d49b88f52cfeddbe432c3545bbfab886d4565176d3e28d7cdd01f5

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
103KB

MD5
f7e70108e557beaa6f37acd808769b8b

SHA1
5161b6089bf01b0c16aca70bd84b15d878fe7529

SHA256
6fde707c7fb83f8c5554f330a2ff7ebbc639aacb46f0057b34d6752b1fa2dfa6

SHA512
6acf645641e99e27c8b27c29918296a174df3b526fdbb0608269873f721a10dde15db382eb60312b0a5fe5685a3a94375c28080b64eace0984acc2f523da557f

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
111KB

MD5
fb2249ccb351eff3c2aec3a83be74743

SHA1
7d229f4afa027a3c5c3ae4c326b68a72e7690574

SHA256
79940f9d0ac9970daf396b1cb8555c4202ef10f094c1ff5278507b7863cf084c

SHA512
8fcad66206c9eb72fddd698e1b86d66f618fd314a109a2bcd2c906fdde25cf96f38bc2d45d30bcfdcd10a9c03937b5d5ca5a3a51cb213cce328148ee30902aa0

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
102KB

MD5
4f9390447d58247394d80836ae616e6e

SHA1
1d4299b9ebe995f9993a5bb53f981cf55970370f

SHA256
28352d125db8852b6e99e2ee66b7fa083b6b089158976614af4a39313e70b255

SHA512
bf28af4d08d3ac62240abdb30e4b35334620c0e4ac197e85eb85fd5d4483a05159fb5f2490418535518b01fd8e85e89730093e64d483365833c5e2c2fe6151c6

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
111KB

MD5
1ccf5f072368ec62017dad06ef39f395

SHA1
525027c1b6041c2a59615a04f8d0e471b71e2cda

SHA256
1e548f2c7d8ff4b5580fb374f39528459b20d6ee32ffb59ce44092a052d483d3

SHA512
83b44e77e51ddb2be9a5843ec4ddf95db9f107ee4985c2c177a674df379c32bf5feb87538c6a1759688c607b8445a54a23e3bce007c565883b5bf1590f3d0df8

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
100KB

MD5
712d45aa1c5653ef305bd2d169ec406a

SHA1
ae6dc465c92f41ebdc30baa1ac4d1c334ed68354

SHA256
478e45c93ce9636bb864c451ea3bdd09e2356b2d45e962a1f65302fbe6fc1b2b

SHA512
7d787d055b8818dbbc75fe5608322edf872d83793c31762805b4179bf5536f9728a9746cddaea3d4b5c827906b5131b16aa667048b5085128143d7694ce100ce

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
103KB

MD5
26b5c368136bea193420c99fa3c23384

SHA1
1081f05000733828bd9ecd269daefdbfa4e5b83f

SHA256
38e209dbe8087e97a35111bc556e85dfed96a51c649cec35bc82734ea4e15d22

SHA512
98a57db7e387c05ed4ba5d8e6c2ac72c10ed885ffdf1ecc64c683bb55017bd0c5b1f74162812a3305fea7a84af66c09594a430c093a9029d481a73a7cbaf9737

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
107KB

MD5
b1e6d3144d193bef711846e2f0441b0e

SHA1
40b3505624202a1b47ae283d9e255a05e9e3fdbe

SHA256
05ebd87867ba24cce2434924d3d74bd22d1efe772884db5f4ffbdd36e7dc5126

SHA512
c0ba40598c413950a988b44662f56b96d37c1f8675b35e2b90df4d629bde2ec7d9edb1e53729c8631da11fb417dd4d782eff507fbacbfbdc010fe4f467607c5e

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
101KB

MD5
9f0556e4c6acb5383252ed8432a6faa8

SHA1
c4cc127d434d6d372f9ab0607eee9f79570f90ff

SHA256
c085c7f0c51810da527cf3fd7abc2fd4c18753dfb6554d2d0b93ec5ca8a78ca9

SHA512
fe115b494a166e022dff12346195d83309f34746f2678976ace9cbd902988930b9e9e24cc4b1261103e7910db98c41317b73c938c124d7cc06d29fa1034cc834

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
103KB

MD5
465b9f2e36507e57a34135e1b0eee910

SHA1
310d1256ca3103c506ecbd4b73efbf2dcc460852

SHA256
ca631edbcec7afc7a9ecf3f8111073b1f5bc366d978cb9567dbae33178141785

SHA512
9fd7a988a9756a3dbc75b41946fd8bfefc49ecaba0c14bdfa16f504c6bdd106ce820e5fc8490a8bc0c932bde7f22215e029f81a83abc392e7397721b64dfb625

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
105KB

MD5
8d3c553c9670106cfaf6fbe2d9294c74

SHA1
b8d35f249586fd4251470ebd647468c877cc39d1

SHA256
f6fe8441e4bd9ed1b27209770b931acf42281babaea8aec20e58a3022d71757b

SHA512
8ce57aff52d45e5bed03ccec755c7587c1554ecfd1c1ad83e0e5bfc6cbaddb97de67089f1848c10028ae3e92f7ec6f9eaae6fd8992996de54289d777fe2a465d

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
99KB

MD5
33421718f1abb530c7dac9669c262da8

SHA1
70388933e31b2dd6937238dd709853105d196049

SHA256
3d0edf702ccc197ab066bd3e0debca993bb3bd2bdcf74c3eb44daffa5938d12d

SHA512
e7553e2973da93950d4755bdd82cd6fed9858c0051424cef7176c428a307149ca7f0de224871aa6188e6962ba79b5178d4ee72658e8c314a1675fc0ca46cff0f

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
94KB

MD5
47d81717860197c72ec6886cb0b1b7a4

SHA1
4272d6fea054b463272bfde6d853df6e0ae8e2e2

SHA256
c8c972263e91c87d3cbad3b036d02b954c26cec5c2ba56756c095d352060ed07

SHA512
0bffac749c059d1911bc1b5f2db06c4a7e8eb59db980c793f70447f62a88976f829a74d8b94ffc65bb5dffdc8d48f2b763566297004e8d0b49135cc3645f6f3e

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
102KB

MD5
4d57fa2acbc6f9fa08954e3fbcf3adf2

SHA1
e4eb280ffbcef43de1f5f4b68685ead2e957bfd0

SHA256
38535ee64a792bbe608141945d7911b7d0e9ebe76418f5824fd4bf397ab56009

SHA512
4000b1e3a3954fb9c69c806f56d91635e06f6629938c2ac556e909c602e31db2bbd58b8328dbb03e5b8a1d4855f2337842038386b9f220b93c6d924fd02ba24c

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
104KB

MD5
68a19ea466b60484a999f91d79a0fd0d

SHA1
87f9f15079557930cf5faf90cea6a59bd2db94f8

SHA256
15f4fbe77a0a93821316aba731972725a6449d5983ad9598e2de7b87d5005e91

SHA512
17166c3de1ea0c5c36ceda7657c03fd591d422ffa6806a6c54e23c4137ddd1c2a0722ad6c25e2e81221924b5219c852a5c50be2253e178ce10245549f2b4b9d0

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
100KB

MD5
8c4e0dd28405611472cc5f534d67a905

SHA1
6d5684697596a6ead847342eb6338b91d394219f

SHA256
ea8586e1d34d4e0eaf8bbbeaf463ab07e003ce66a70aaa1c2657fbe4acc867d0

SHA512
96a651ff958e8ba118bcb1d185a92bcb00b22a67740a8f7da9918fbcd884c75c8cf1c0e6982d3b0b68f4edfd2c974dece26ebb66e1c24b1e8ecedd8c6d82dff7

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
106KB

MD5
17e4ece78dd71d772ab6cc37ff15b946

SHA1
1affbdde5fa6386c114da93573b6316be9887111

SHA256
e346b2d05a4f6ff22a28840a84a947317bb6c85509d9aa92a237d78bd3283e51

SHA512
f40c710dc0c029657ecd48ead46af7ff5eca42ed13f318016b1fd0ab59cbc8751287934baab44199e8cef7041dc5922e7c1ca086b0b9d384480d239063a27c9d

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
99KB

MD5
2a908734ecfa8e5950319c0875505315

SHA1
46b9fdf37ed950d0580b9da8173617a53f2d41dc

SHA256
6c3cfd5ca8e90839c607faa0daad1b56ad414a98f30ed0e4c3a48c6b0785cacb

SHA512
7a5421b3529c94e3aadab604ea5f06ef20a0e0ea514ec4ab29427ee631f76d9763f64147a2d02a18a0ea3a311dade26a2f8f5cd2659d91e998d73c0e306974b7

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
103KB

MD5
5ebaf40e42bb3b0e25af45c7c0b66704

SHA1
8195c359367b17b70154e0597500bba110ef425b

SHA256
6dd5d0dd9751c3821960d07c6f78c1d29507351bae6df3090f86ad452486cb31

SHA512
78a10092d2d8f6c9876e6bab8500a7badf72b86c9b40084f44cdb30caae1d5396426115c7dceb167b5d85c805c213e09aff83d762f72307fea30ae00ca0b2c13

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
103KB

MD5
bae0c8edca49fe422fa8d14fda39e704

SHA1
8bceaa8f1f7beb699d88e620cfa16541b134f603

SHA256
fc2a3a4079a17b76752b96899badb7bf3cbd2cc243452b554a90c6c521f23bda

SHA512
6f101991596fba039c5d33872ae300350149d301cc68a31faaec81acba5e0ecbb7b6e0e93b1e207f3a04ea9a54550d3053429314e9cbbcb7eef735e7f0cd9196

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
94KB

MD5
6e4a6177923035cfd7e13d982ef9b7f3

SHA1
529baae7f5e14e197d2a9e06b2125c2bf39077cf

SHA256
8a35a25754ca085806a2b3e21e6b29c37cdfc921e621ad9d556296930a90abce

SHA512
0bfa9ca21e1ae3f04ed4f461113226d2275c0fb50fffa907eef2726ec7110d3148af6d3e7d0fa13368140bfc3f4143a95f921219c4dde7c5621b99b497fae13b

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
112KB

MD5
6bfa8794139077f52c0f363d2cc3bedb

SHA1
b8db47ce44bf66af371596d04178ab976c57e102

SHA256
03fd8012bafd0841da895e0e4b9069797c1e4f26fad36f27c1c2b77d4b57582f

SHA512
43d86ec5aee4a960b7986508aa9ec64bb6834edc147d56798f9c2f2fdc1cd1c554c6c1385efe7ba6410bf62292d663ae7a5f0bf92521bf12d74f8a07406f7e8d

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
96KB

MD5
020c90cd8e672169aa6e839de515195b

SHA1
2637ce8844b0259045762ffc86cca0f3661413b4

SHA256
531e27f17faeb5ff110c5bb959569a4d62abd5fa4cc42b31841046f8c8d325d6

SHA512
962ffc731f641a02de4602c8a0f297e10d6b71f01ba8d114bbd86008670ec596d246d119339369127ba1a34ceeddcce8eb43ada7dd7dace23384488bf58ba454

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
97KB

MD5
a911d1a9e22d3203b0a361ae5ed7f43f

SHA1
ed2fcb0240d29f2008716c94fc1ab7f586edaf56

SHA256
ad856768878232bd2fdadbb03cd712658e6d9da1203ee1c03b85f3f3986f2d8f

SHA512
6e550cf93bb12b4f03460b0ff7a61b514aaaa8e1a53647fc3633fbcc9b0db07e3be523da74440c92987f4dccc8fc0abf2bc428e3772bbf91bbb5b8844441b137

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
97KB

MD5
365ee7cdbd818aac4a4dd7f77111ad80

SHA1
66f6c6072f5cfe89d22b64d9c8e064397da8cfb7

SHA256
9392a614fe5e8c1af087b8d76c785f0bde8381ddbe7f6728bec93e493ba95efd

SHA512
9b03ad3a84572305e8ab3ad6600388c8151bc71f37cbce1e36fc2e54b49632348b9addd54ecf2cbcbfc5281eccf3f36396ebed447446149f150a6d1bae642c9b

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
108KB

MD5
98679ad781dab2c5df570f5f65758912

SHA1
da29ed3388e1bdeec0b37204c494623ae3ef0a5e

SHA256
f41e9cbfb1380d58836d61491720cad5cedc5471d6caf9cba39bf52be4b3bccd

SHA512
2af4ebb3c06cbe691abc5840b6ebb6a5f4b0f7e4d7580f1ca007c2280cb6eb04ea6c2369b9f5230ace021dd5af8d77cb1d253a6f55802721bc845084016e2ada

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt.tmp

Filesize
103KB

MD5
9c2c7cda6a0b379a0ce9d4533328c1bf

SHA1
7b756cef3a7ff75c222ce104d3eb521131ca640e

SHA256
8351f7919e9c87fbf73a647c44ef50b70b4eb24c10f552c49423d39dd6cc1972

SHA512
fbfc68baadfdbaf8fc6fddec0786c415b058bedacce4e42fc7e5de805dacf03beb16197c6f064c6911c127f0af099822b3467921ef5ffe923d111d0334823c08

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp

Filesize
102KB

MD5
6e0e032ea0c3d20a6fa46fe74be95515

SHA1
807a2f249f1afaa0be0c201bc7b1982264104a0b

SHA256
b9dc188d768e4a7a1a835028f3072b426ff2e0ccf87e89cfcd108f3b55270432

SHA512
5edbb42c114a136243c53788587e87012eae6269447984a03e19c9e378df38306f730d884ca3df9d724ecb54cd8d5e4a23c6a10c4ba0db85b564c2eb301ca0cd

Download Submit
C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

Filesize
103KB

MD5
cefe57dd76aa2fe05957fec8a2b69fe6

SHA1
35477de07144728e38a8834f090dca3dcf8e8149

SHA256
24bd38971c10112723c05c9818587bf26012565ff14ccc776fbbdeb80c1ff28c

SHA512
4871e1215c42f09bdbffb27b0f87d5fdaf2ba97cef23344bea164327d3f73e3ba114d8fffb690cfca868941c2d2ce339368e40fca56b98190238eed39a0e83a7

Download Submit
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationProvider.resources.dll.tmp

Filesize
109KB

MD5
8947883a7d3979705f5eaad31d162834

SHA1
9134ec009fe963800fe40e2c5a23480ee3da7785

SHA256
d38100faee3803e4c730f72e383ce46b3b2eb7a9dd0dee37e6cdd321f5c3a86d

SHA512
e66a90d6d74b6b4e76bc282855b2655078e09cefca53d1d6a9306787699db5f41cba3070a521ffd1f62665ef43248f16ed64f876b4c5d54e8f8a6c4f244ce9a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_Wordpad.lnk.exe

Filesize
93KB

MD5
e7d963a5d4153911b8ca3ef0f5a75362

SHA1
f31e2382b2fe1eb01b8bd7ccc7d93a159fdbac49

SHA256
0cc759e1a8f896a94f1b393412ff22269d0a12f974b293f8c9f4b4dc50e3fe29

SHA512
4df258dfb554d176e2d30c462f89242cac24ad102dce4cf228a239f6528d8f7c871728a1451a9e3917281ceb1a92a8cdf19a2e1e46e4f2afd5e8cc2ec22b42e1

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
91KB

MD5
834be7674292181b640dfa9c2716edfb

SHA1
242cf8c49d6696487206847638e16f6a3757a56e

SHA256
d52241eec04436e9f475d4c305230da1c8c2d55041db6cb1a283a1063b02a1dc

SHA512
108ba6a375b63f41f69efa95840e8a722f90031995c7d496903a87acc36e851ab6bf64d3aabeb11ab53357146e06b56fd87c5870fb7ecef8fad2d1b87c39f198

Download Submit