22f326076786bbb401796f03841845b772f62cf15b8cf5e9db0e8360795b4852

Analysis

max time kernel
149s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/08/2024, 19:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

22f326076786bbb401796f03841845b772f62cf15b8cf5e9db0e8360795b4852.exe
Size

75KB
MD5

bd00b5bb81a095c73562ab11437aa808
SHA1

1747600f7870a83187db7f8e9139a0bcd361bec6
SHA256

22f326076786bbb401796f03841845b772f62cf15b8cf5e9db0e8360795b4852
SHA512

15bcc10f452485d8877c7e744244a7d447ae475e3f63cd584ea58cecaeaf4770ccba0f801f13ba4ecc79007e8babbdd5055246eec50dfbced5fa3d7f224fc37d
SSDEEP

768:/7BlpQpARFbhsYcUYcG7BlpQpARFbhsYcUYce:/7ZQpApsYcUYcG7ZQpApsYcUYce

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (5249) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
4116	Zombie.exe
4828	_Check For Updates.lnk.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	22f326076786bbb401796f03841845b772f62cf15b8cf5e9db0e8360795b4852.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	22f326076786bbb401796f03841845b772f62cf15b8cf5e9db0e8360795b4852.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-ms.tmp	_Check For Updates.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\SLINTL.DLL.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-140.png.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Channels.dll.tmp	_Check For Updates.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-pl.xrm-ms.tmp	_Check For Updates.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ppd.xrm-ms.tmp	_Check For Updates.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\salesforce.ini.tmp	_Check For Updates.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN105.XML.tmp	_Check For Updates.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsFormsIntegration.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2native.dll.tmp	_Check For Updates.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Cng.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.dll.tmp	_Check For Updates.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\bin\kinit.exe.tmp	_Check For Updates.lnk.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clretwrc.dll.tmp	_Check For Updates.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-180.png.tmp	_Check For Updates.lnk.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\wpfgfx_cor3.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.PPT.tmp	_Check For Updates.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\C2R64.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorlib.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationProvider.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Retrospect.thmx.tmp	_Check For Updates.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-80.png.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\PersonalMonthlyBudget.xltx.tmp	_Check For Updates.lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.tmp	_Check For Updates.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsFormsIntegration.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebHeaderCollection.dll.tmp	_Check For Updates.lnk.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\es.pak.tmp	_Check For Updates.lnk.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbInterop.dll.tmp	_Check For Updates.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ObjectModel.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.Calendars.dll.tmp	_Check For Updates.lnk.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Frosted Glass.eftx.tmp	_Check For Updates.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-phn.xrm-ms.tmp	_Check For Updates.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\ReachFramework.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\accessibility.properties.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Primitives.resources.dll.tmp	_Check For Updates.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART1.BDR.tmp	_Check For Updates.lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp	_Check For Updates.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\icu_web.md.tmp	_Check For Updates.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7EN.dub.tmp	_Check For Updates.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.dll.tmp	_Check For Updates.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\ReachFramework.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XDocument.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Design.resources.dll.tmp	_Check For Updates.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ppd.xrm-ms.tmp	_Check For Updates.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\DBGHELP.DLL.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\NL7MODELS0009.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrjit.dll.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	22f326076786bbb401796f03841845b772f62cf15b8cf5e9db0e8360795b4852.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_Check For Updates.lnk.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 4116	1184	22f326076786bbb401796f03841845b772f62cf15b8cf5e9db0e8360795b4852.exe	85
PID 1184 wrote to memory of 4116	1184	22f326076786bbb401796f03841845b772f62cf15b8cf5e9db0e8360795b4852.exe	85
PID 1184 wrote to memory of 4116	1184	22f326076786bbb401796f03841845b772f62cf15b8cf5e9db0e8360795b4852.exe	85
PID 1184 wrote to memory of 4828	1184	22f326076786bbb401796f03841845b772f62cf15b8cf5e9db0e8360795b4852.exe	84
PID 1184 wrote to memory of 4828	1184	22f326076786bbb401796f03841845b772f62cf15b8cf5e9db0e8360795b4852.exe	84
PID 1184 wrote to memory of 4828	1184	22f326076786bbb401796f03841845b772f62cf15b8cf5e9db0e8360795b4852.exe	84

C:\Users\Admin\AppData\Local\Temp\22f326076786bbb401796f03841845b772f62cf15b8cf5e9db0e8360795b4852.exe
"C:\Users\Admin\AppData\Local\Temp\22f326076786bbb401796f03841845b772f62cf15b8cf5e9db0e8360795b4852.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Users\Admin\AppData\Local\Temp\_Check For Updates.lnk.exe
  "_Check For Updates.lnk.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4828
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2412658365-3084825385-3340777666-1000\desktop.ini.exe.tmp

Filesize
75KB

MD5
8ec33830c15660437389b2299a232321

SHA1
8ffee483a409a505bc2fd0da52f4f8c00c251533

SHA256
1653778126f150f1d7c27fe0e0d19cd4e05310d0e71657e83ae073a0c62e85ad

SHA512
640839da44c9c2ec0a6f5dabab85ff4ad49167f90374dbd1b471e4554ff320e481450e3c0000c3c2fb88ba3c1e8bcfe1c560640af6b16af3d05cbbcb5d41824a

Download Submit
C:\$Recycle.Bin\S-1-5-21-2412658365-3084825385-3340777666-1000\desktop.ini.tmp

Filesize
35KB

MD5
6299804aac333c8717f04c2949578e1a

SHA1
2e3720fcb271c59010c505823a9f63cd7473428a

SHA256
8c32d8cb3759fbdd4232ffc74ad68299c5c4689e1df9fe55a5c244c0d6e6a6d8

SHA512
c9f51fd1a9aee654791d798c21ef562239be8072f88688f37ef28f78cde87f36abdacbbe09528d6d53855d047bfc5fe171b55edd2e82532259433834139e4167

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
40KB

MD5
11451af30b71a690262440d6417d6511

SHA1
52dd100eab98878f9854b1707a9e3957ee75d401

SHA256
7c4ea1ed380e4b5dec0f1704a661db9a4d328eb8a7d83e9dc2158e5210fac3c7

SHA512
9ccaaacc6d3e1a91b8455fc2da42f53673c802e385cf22af6f85423654069944053704a31e699fcf6e3cf4660368e1173e56923d45c93df53064c4daa2d59de9

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
104KB

MD5
7af99947f467a8b88a43b0201d28b5d8

SHA1
28b168c6626880d4fa99f4da545af52536ad2e60

SHA256
1b3466d589062b72811ef8f66510d21908ae186d2c22c3a2f01ffcf1a6a16e39

SHA512
647f9a35979e24d11b203db048fa62e58f9251d74293566f3d310288070cd3d895ef41de0fac187e0909bfdf5898ac51bc39190f959bb1705dc8b149f5f9b874

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
ec3aa852ae5838be897bdd50f3aced72

SHA1
51ff2c96a9099a709f0342ba5a4af2748b5b4cfc

SHA256
b80f2bcb47a5e9b9fd7c63257241be0b5790c46d8b8c277fd44ad9381b718a3b

SHA512
51b511f248e4adc9071ad92e4274e1a14c6c8c7b48daee649edbcb50e17d424f3666c45e741aa2d2c55636ed61142e6937ed45c1ec23b56532becabdfe9cdb26

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
579KB

MD5
7e5b95cb7efb95adf6a599e7fab75304

SHA1
051f70cfda67cdb598092a75e552d1c77613b86a

SHA256
1ac7d8e083515e1cbf85aca4c4a65dc9e0922db2f570afc890a86b37cca4d6c2

SHA512
0b091fabfdc0c58a606f0209d1438a97d0b5b9c3adb78b92e8cf333faf9df73afa1e4f8c375dd01126a97cbbcb896ba1194316bb1f0a77ca51b59d23fc51fc3a

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
249KB

MD5
21bfae225d3147becd580ddd44ea56cb

SHA1
b1af958659a5d10fb510c157583aeae58c199778

SHA256
9796b1f63c08ace887ffd5b1f2cdb497b841b39c438a1877cc471adb9932f072

SHA512
14c53e9fbc62e9bcbaa36e29b243091d4b65d8a8652649146fa3b6d7f942937e32fe6ff221fc6e5928acea5f53a57a30d019fd299f1f00751326c710ad53bf88

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
228KB

MD5
20a2e5619710b3c0b5ae53e12729aa11

SHA1
e1b0016473902fcbcb6781a0b4fb40d069d4b6d4

SHA256
882a63e98b83dedefff99fd6c1150105eac01bde779395e26d304eee95b4dbda

SHA512
3b3fa1dbcab5f9e5cb514220e11d6cc34629d2ad310f6dd71684b791d35e160904899015eedd5cdd2b21f3bdfce66117265829a838bc5d77a6f8e699c93f46f9

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
32KB

MD5
0fb49baa6e11a10935b4758d0e78cd80

SHA1
103c4cbded5d71395b6c7ed0daea929d8aa31edb

SHA256
175acfe215074d1b99ad8b9b57a62b8073eb18cb55e11d75b2693d0603572e85

SHA512
2d4af949ea508be200ef989a0742104eb021e70d2b15c6b81b98918299226843b0b2863fed7e7bd78ac8d469f3a43b468807f291e542ef3e0991cda32635f2f8

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
970KB

MD5
97c5326d89b98d20f547f331f9ea91ac

SHA1
2380f6ab35978386f15c5996ee1b1ba80e417446

SHA256
a8ae402dcbe41c37a431840e56bf9e7691fb82cfa00d8264709dedfa5ebfa96d

SHA512
7218cfed3ab37e5d09e0d1769f3d65ac3f7634e93f4d3c68f7223ee3e9d9fa1d8b4bfa9c7a40bd7a4822e51743e166361ae784e762a36816d04fa4eba01612e4

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
723KB

MD5
2c0d6a5ae16f012dbd913771280ebb8a

SHA1
f2bfb29aad21b1112eb77803a352637ec5ead9d1

SHA256
79aca3a08cb93f9e193cd09f6500c4def4a5a8e7415f8550f236d318f6d36f82

SHA512
402aa4986a8f9396c9f1dec638ad9b429b21c7e0664b27bc22b99c4534f79a9ad76f3aecaccbb3b683938a419525e1d372b486a0a1e0ea42a9dbc625986cfa61

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
96KB

MD5
4671d7099e4fe68e95c30c6b133ed44b

SHA1
a7975fa5ec1629326a7125c6c097f63f0c8959be

SHA256
93978a7508b1cbf30de5d250509a77c91949a9f972b8106167eaf8274e1d524e

SHA512
357f5732f2f0fe941e706c6106e00c3180093433db7be0c7158b89760867a19fa65f1ed0860884e99dd375f83a4f706bc9cf03a0690b48fef5b4b2b06b4aadb2

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
47KB

MD5
40cf56be1d471eb9166641963a8f520c

SHA1
5e08c799587981d7df6ccf6e7a0686454c3f03ee

SHA256
ffb562d37dd6c5fde2efbe7142de8bd22798faf24859a647aaec555872a76a0a

SHA512
dae4142c3c8ab515ab73c9c55aff1dea18e0db92c5eafa8a7f8cc50d89cff12760670bf2a8ad9eedfecb4b8822cb9b6d9767da6ee09daad89caafede48ee1a8c

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
49KB

MD5
cf12ab836ffeae72e21567d3e177db24

SHA1
3d0e13b121ba99948ff8c5cecc2ce2d937c8a2e8

SHA256
73fa9bf95fd3d92401633e762e0dbb4f5d4242d9148c0fd3042f5860b9ee5de0

SHA512
4a1b2a08e9b7e3f29e948799f70fa8e0628e5c2df17a64f634d05a16cd34977aa95f03ef8aaf3d7701d7feffe828142a00bd2f800a31fff9163ac23a6dc01be1

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
51KB

MD5
5ca6f9133e7bc13817f729811a27f858

SHA1
0b15a9255db3666c556d500e6cd2d5e852a823ae

SHA256
f0ed0e207082d5a9dea27f152b15073acf97fff06a68ab17eae8c70fd6cf3d65

SHA512
e699c89ade999908f187581184fba6963b830193bb1bb6d91877319ee4d40d01a8d6a8224b67e87effe68ae336dd21d7f02aaf2ea916ec546772fcd03ac52ba9

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
52KB

MD5
80e37db750720a39f915d47c4ad6ec78

SHA1
4fd3c5973219e74b5178c842577b9b52f08d8028

SHA256
ad074aa1ebc300f2bb51c168d053b12cee73ac6799ac5bebc1460dc7910863f6

SHA512
55191bdf09209b8e86ba9e1987637855264e1213629fe9871fd5c74acc32428d58d84380742c100900e455a561087a3540d560c30e34b6f775ae72f75c45799b

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
54KB

MD5
554231c19fcbd6f3dfde1ad6b72b1ab2

SHA1
a633548f7d755ab569a7d0582e6e245f0f03f136

SHA256
89146ecd74c53b52717629c1efa2887e1ffb6fcbd9f0dba9d5bf1b15f4952bd0

SHA512
a4dc648ac75b7f99768dc8834dc0146dbc2213fe6d5c9785edfd268a8071b67f853fcaa8c1719c00b5e13f337246ad36e65331ccfa6bb4e7d9f17a2e190e6b4e

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
44KB

MD5
75d88dc4b228796b1dc6e3bead4c98a4

SHA1
b134e08d92715be1680b0338762cf6672176d13c

SHA256
fd2849961f7e07d92dd04c5655b5b57a49183d7b1ce6f751e832a056e5e8f688

SHA512
d258f86264634be42719679040a91c98849c367a828c664778eb6b521b186c375919e873d7931fa83c5942b7ec20e7823f37110fe01bf15003cb3c434cd6ce07

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
39KB

MD5
84bb18b5eae4a01d03151e4dcdd56506

SHA1
6ad0a889f7692e54f5c8000d05069c6b7f1f76f8

SHA256
3b7db19e6bf0a1b0166332187ce5593b779b86a3df5e04d3612678719acb083b

SHA512
12c8ef408d3a7d866f976faed2ce59785362498095e2ff07d950a37e22001b2e94f8dba5185f97d4576a6190a59cba93c81f1893b17739012e309af207fc12c6

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
44KB

MD5
bcb1f052169e6a56aa3da8c27830504e

SHA1
1aac394583603c313b3bfbe86f2e4f37ca5e47a1

SHA256
e071c56d019c4e1227e49d04a0daedd3c98c978a79b377033125495b6f53826b

SHA512
6b932e851b56cbcdf3843770d965bf47891536420deb4942399875afbb3f7d684ed3728a50f9f0b171766cfb047a2068c1b7e265d83ba0064ad9a88a16ce3871

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
44KB

MD5
eb633f6525700506085c2d06c6b73ccb

SHA1
43ce0f72642f1601732015dc61724b7116ba5e0e

SHA256
141402f34e0164f5f2d11d23aa6122460beee51ff725eeb686a9dc7072229a0f

SHA512
23eafd8992ba965817bde1e9c0e34b155b382894ebd4b2c1c03cba36454d049370d87a24690981472982483850ef40fb558c6b3c0045a7ab1bdc6ff2904ba098

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
56KB

MD5
a92caa3b41359e49129034e22c4a7b46

SHA1
2eb3a9f300f6761888ac2d86d75dd94cf3d7a8f3

SHA256
dcf001886090c242045318bb56d698b30e85084dc36fa2f1d63aafe3c03012b6

SHA512
f6351a544964dbd10fb1bfd3ca4307df1c3512028b499aa5632f8639ffd8f44613d47fe3aeaae629085ec61e4a2875a42c73756195aae3cd06e9814ff95d69b2

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
43KB

MD5
b13be239a4074bd9ab010a82ca0e31a0

SHA1
18e3c956bf30c98005dd7184f10728d93295b95d

SHA256
f512a8d8b68617885689cd9f70ddec6b2c90de400e347a413dd613ead73d07bd

SHA512
b9240ef3d1a9a2a9e59c28362d3467881382054125beecdc9791c8e728dcaa0187a35bb527b3b94448174b5dcc418f5c2db932a6bcbe5469c4d8a86b6955040c

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
35KB

MD5
d2c76c9c62d1e6b3ff62fd0d1048c7b0

SHA1
ebad884755fef0bc74f6b9a00013fac653874319

SHA256
ad5b0ad7c15a903a961eb545e8bbbffbb3db1d83bed59b54e1da6aac6cdb35d9

SHA512
a1681e64646bdf0c5b06958c1fce91b26f392151bebb64dbaea9f0be1a5f20d7d6fa29efd1900950435b82de7391ad6f643ec3f640e43ab8c336b2db7e68e31c

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
42KB

MD5
6126a1d3eb98e687b580b33df390306a

SHA1
f2833895bbbf66860d1a7eeb63b2acc028088a27

SHA256
2c2571a9e8e8f75f805f95df07716e906bfd3d46048883e59556f1e1fc8d383d

SHA512
6c2fd2ecd9989d309cfb48d018ec511c1883a5b5f544af4b57a02d0efa053f338cd80cb9b7a813b02ac8d8fa8c24143371c5ce4c446116ff40b9d28d6e4b83f4

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
47KB

MD5
a00bf3543d2f00a4e613dfc4fbc5df47

SHA1
d1a1220da767b212f7b5f0ce57d7e0fc98328069

SHA256
d2db0dfb87a36be81593e9b1e518da1b8939b1b4c3c1b787dc1a837037cdb2d2

SHA512
bbdf18d557c06d0d21947d4baa33aacbe66d37fb48c5eac69426251cf11d5af9924564a232b1ea0321b05ba28ce64e3e51f88fd5835ddabf3f7ee4c479a2d955

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
48KB

MD5
5d22d9e4e31f869287479a1ac89d5c59

SHA1
5d9a591a6ac125c07683fb3464340e6fc0cc6d7f

SHA256
660a0e61bdab01fd73e929b09d2604d130f8c5a904f037da6d00f5db31c9ff0f

SHA512
107f4a2653afa3c02d7acc26e165f27e8265430d59b91681eb8125fecb66c3d928239cc75e5e7bbeccc4481f9837f12997a3b050e6a50e3a285ebaa2ddfcfd9c

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
45KB

MD5
08e8862fe3d589c6f71a73a34ece8dda

SHA1
3be5e991ebfa13efa3df11cc6bd7abe118a69459

SHA256
7b780b16591045e5d37d2ce15e92d0fbb8805457412c468dbcfc9536b9aec3a5

SHA512
8dd7d7a3f046f12dac17fbb022025431d76c6ebb9dfd6ae1c09b00adafc4e78fbc41fcedc2940902ce3310828369e1a977011aaccd5e6bed58aa8578ba45129f

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
47KB

MD5
2b25dff871cb260ce823c335dbb145c0

SHA1
a830272d518fbc2f018fc1ea7aa4554825ebf085

SHA256
492e45d85b2199d13866b25f48271085b266b2890c829d66995fa116446bab7a

SHA512
7dcc57b7946a6de3299ea487dd9bf1ac6301ada573c39c4a6b30d7c8f9872f833bf0a8f16381e853a305f3880e40887685b44bc0cddf70ebfb514eb060ec5dc0

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
47KB

MD5
678b322b3d6e5a6986cf2c4cba5b56e2

SHA1
b23c1b93a0200810cbd072b401ca61d410dc5b3c

SHA256
c1e77d123313072089df73d2bc562c2c60db6e938f2481d3bf37c6e3a034a10e

SHA512
d9dacb32154a8e52529bcd959b216729715e8ddfffcae7ef2a8ad461e613c49da59d18b41ae196cecacafaef60b7a071f3b11d78a38bcf92d9a1d70ed93c0174

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
52KB

MD5
7c7eb36a30c1a41f3b995ca99aefcdeb

SHA1
c33be2acf44f811922e7a8350ccbbb7e89d1eff9

SHA256
ad7260fd5161336b0187b219ca4dba1fe43e2f18c0f6184914881179e70817f3

SHA512
bb8b12725b11bd8338d44b4124862a39bc9a0f232bab3732019d830d2505daed94e8c58611fb173aa8b898addd6374b968f49436e7d0933dc3ee8cf5867e3494

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
39KB

MD5
7837701874a8c45a16054de8ddfbe588

SHA1
eb4b77ad919a50c05dedbd4b0e2e952fc8c03b3a

SHA256
e525923c6c8c97a57a766261b4287b6e066f0f4d33f9ff7eb77ee8a7ac238b8d

SHA512
8df9358ec408fee7ff99cbfedd4d4c8d77c77bb56761637cdd20dde52ceb34a73d7295439ad28f92fb1c79d873ca75c1f8e0ded0d6c465440e5833dee72cbd04

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
48KB

MD5
dfb497774b4802bba260d706a649319d

SHA1
0fdb88f491c58d3456938f87daa19fbb9723e328

SHA256
3581cb766da941c1a923fb001a0ef1fb1f789099d7ed9ed86faf094313d0d2bb

SHA512
f6485c4b49a9ec543741279756b398d65179cf84a0f8b13c2d5923b873686281cff10644b60786fe485e8844074a4cc2940ad5efdd387f1223ad9f9ec8b8e2e4

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
49KB

MD5
33ffed7d32774ec538d5e192fbe261b6

SHA1
082209ef88960b3ebdc5fda8669a0625a80f7da1

SHA256
aab9f04b067a3909b7d26ce14cc807dd44e27f9e095aeaad5da1c6333750d9ba

SHA512
1de3a9beee344e6f4a72e5cf4eb0137cb353d4f18634814951140eb050b11cab170c26ac8fb2fe02df11d337b1407621a609d844c5442963939bf17a3d21ff12

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
48KB

MD5
8400dc5847ce31958704e7b1677485d2

SHA1
5e5c356ae14a6b30aff63b55a419ae6d60bff438

SHA256
cd857d8590a8d36176208a131ba5799490bd7b42452bfe18c6ab80500a02305f

SHA512
e24c77655ac9815b233989e0037e3bcdedc86cfe11dd8de9f5b10050336f2239a59a801a4978352eecf735aa36fb3af204c0bd8aa0d0a0d755f6a04ae3113ec9

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
48KB

MD5
8123df1445b8c93705d1331233bd32f1

SHA1
a5047d7988e85ade6efdc2b0bbec51a4c910a829

SHA256
9ebe794cb19a76f8c213eac266a5acdeae5f3f3c339f9aff329c5f9855cf9330

SHA512
f4fc90fd612c06ff0b339a300cd09ff7e11c01b7560644c68b9b736856a77d39815c621c55cc1f5bed950a98c5b71d0b5d4af6f763753a7dc4b196c08f9e4ef3

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
49KB

MD5
90fcebe085ebfe60878843ef8704e684

SHA1
f12ef96842de4572546894f8dfd5dad377171830

SHA256
b5730f37cddce9e4c1d6543103fb3b7983207a1d07ea8fad8581434dbd072987

SHA512
f8bf8f59dae1bc55d4e78156c8d918d62cb109e0c776f955d988be54fbb5a2d55ac7a580f18f0a4366aff983f2dee5499130789bb5a54be14476cc5fdef7464f

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
51KB

MD5
48c1083d3808345bf682def475d6484f

SHA1
17db70bc827a6b0d754ce2d57aabd0e7c6a6f0a1

SHA256
e2d0f7c9a1446258035e08d11e6b7536cbe38f0e1f26f1def97da54e17fa63a4

SHA512
b73c897346ab42584cfba03c4cc40d7e83f272c3b6e93b6207f632befcd5e1ea21b28188c341cb8dad0079a0e15c1f2cf0fc8c7e56453e95e29123a68ac0a5db

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
51KB

MD5
63dc559b3bcccdc765f1582412729bfa

SHA1
af02859f4e1bfc0c297226b45bf44d9bfba3598e

SHA256
6704e5299c69d23de7a9190f00ede25f7c275a81629ed2da173cdadae0611545

SHA512
75f7ce0248bea4874592e8ad800cd2cb55541e8da3708cebe6a5cde9d0bd59025ed5627a14da501b447791c2d1af0c990f2d5bf90b02d4c7b3cf4fed08ea1522

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
57KB

MD5
f6bd0239ccc6a24468caf0ab4e58c622

SHA1
3e28265228c809d26a96f3d918d13da5f71c3809

SHA256
25a5fb49f9e29dbbf41e3e67f85854fe4d9824b08cf78a793d03f43e15657261

SHA512
1b2cfad434aa33b6bde48121fa1066b87a2d9f79f480c09dfcf9c0727bd7e4d39bfd57c302db130dbcdbc3791770f46611c89759deddf6d092b7a0a1fa28d9de

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
43KB

MD5
8189edc8d0b19a3c0c4e5b1cca80280a

SHA1
3b79c1bd6fc8f0e91949700cda1f01f7794d1f41

SHA256
ca9771e4febb86a32afffbae40e0d875274192e70544ee657645b0f9988608a1

SHA512
5e6a5782687343472ddaf005d1f82f120483e74b02a37d897a72a0cf30492976fde856b85e1adf1d26461456bdbcb108b8f3331899993735b6cacba817c8a34e

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
50KB

MD5
a30d68a9dccf6aa087307bbd8f362e81

SHA1
22190e3aa05b6f6c1879b73eb8f7f2dd3a046ed6

SHA256
4987fc86903091c0461597750b3dd50e30b6b302a2d7a3deffe356b27995682f

SHA512
db76bfe03417ab2848182fb070128565839ddd7c15605c4f91657aebaffee69de80a9f3c34722f27f84ffc6b816fcfc32814d2d414254f67a483f1402196fa6f

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
50KB

MD5
785585a85e35c6ce6e7e16adea395895

SHA1
789ec5f11571610bf44f90302f3536dbd834e2ac

SHA256
f4d47cd30292d9aee5d7a4ab5edd3d38c12b459c5aebedd7bcb858e4c051ba84

SHA512
919ac0384324075648af1e4ceab0e364026b92ea9191be48c1a523e503c806384020bfc67e672cf1f0e9d95e9ae625b67d0438ec4ea7783373b8969f30a582b3

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
45KB

MD5
e3f42c83b65b5d6cbd12e58d7c28b922

SHA1
bdb60d9569a639e2f149c509db419c42ba3f26e2

SHA256
6e1f571511876278ed1b145a7a7fdecb53f73992a6a66e00df58e21ca388f977

SHA512
89598cd24f46650113104b0451c52994e36bfdfcd4e3be58a22be737a0ef72a5111bd87715593674f1e41114da10f351aa898c9371bbfe4f4cd5442ba5c0dda6

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
47KB

MD5
e2ef20a40012e02d9778383f6f152322

SHA1
7566744e04a9dd4e0cd506f187a1984780b6e276

SHA256
e3732a402b03dad0536dbfac1626ca99468c204c38bcbd0fd2f09b91580b384f

SHA512
8f5b598d38f55ded948803ae3f707bd315fbf2e829eeef62410b0b725d86b6ac84afbf92c6452cb84b0773684932ac1cd461308284c89c48ad8ab18a201ea02d

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
47KB

MD5
a6e9d678e8e3328ae9c516ea215b4805

SHA1
c3f99fb1bb59758124a1051a491e70b5a39f623a

SHA256
d9481c9c8dce832f9e444fa8e875d3f64643983aa4dd6d4ccdcf214633cd15c9

SHA512
7b960ff6d4e9d194c9821351c7fda76552cbb8205fb5520692eb6914175dc0b82b7c44dc541766df141dd2dbedde0cfe01e5d9077169b2b26b0765be1feb472e

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
51KB

MD5
ceec77c9dd26d6beb5e1a4ff135f1581

SHA1
b746a90ed7224c1a110a0c9b96d569f44b70cb6d

SHA256
ea45643772b54463b2e1b26a510b4363331fed2e33d824c26538ec84723c9129

SHA512
3403549ee43119f816d5ed05427fab40c7f4046141b85afbba5368206f068ce41452c5472eec75f5a7f1838d2314ae059511c6d4ad1f2b36b8b1341e0ec66a68

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
43KB

MD5
e6eae47b53e4e483642eddf74937ca60

SHA1
3b6f792400fe536c6c7257179bdac9a22b0b844a

SHA256
57fd1c57ea79459e82609e7aae6597ba9530ca43059f046ac53c00a0798d6daa

SHA512
17f72fab3a909004dff8a99a7594233d7e3372fe7456e8a63e6c7f8a65b23e149ad7b37cc26b06e7862d4626b0b7a83658f87369d40b761e67d4e6ad8005e116

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
45KB

MD5
d7aa5f17b8a64f5ee1f3dc287e5005d3

SHA1
d348fcd5014e5d324c0458f73632b63392ded8a7

SHA256
a4d5206b6c519073b1a21dd32b21c702ff4a069dff01686846bc9b0d73ec0cca

SHA512
951fc13bf2542d1ba074b7a5b6169d77a5244238bd6f3a837d3e21505d6e2de153e11dfb19407c6a33d10e6137cd092d5f0f8ff98491b9c20c4bc7a0ca9ef3aa

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
44KB

MD5
d5b61608eeee5add736e38d9139de183

SHA1
da27a209b5e1b1e33840ac24f79e88e10eed28c8

SHA256
3ba2064f8a542fb1474d86b60a58cb1e563455bb07ebf9b82b39364633a115ba

SHA512
61428db3aafb490f026623477c364bb736be77781bf86a2229537979e438aeab8a71eb4240339b3a3bcae8ebab8d62212fb136b4e759025b3cb6601c0d44c8aa

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
59KB

MD5
b8d79ab6e9af338b1d5e0ac53f66e889

SHA1
5952218968496a18b2156796bcb095e28dc85206

SHA256
7fbb85feb5d68cc30f82eef78eae8ab0dd296cea19d11c3d952b9879a5d28416

SHA512
82fad4c1fd4795715665f7a3526f1b75e1b00b2440527835a22d6e1bfcf875ad4e40b89cc2a777215b619a239c214e0a9780172ff195d8a0d0e6d9cb671e74c7

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
56KB

MD5
f2ee86a18e959015b99ded72f9ef3e63

SHA1
810874496941597e0f91f5cdf944e7d709a62eb5

SHA256
c368ec2733ee6ddf37a7cc958be8859ee1a4799ef1e440fc6d86512750055842

SHA512
ec2ec9749bef96f86133074e4ece711c6792cacff3b72f4d1a20f6841eb53094f5f2beb302720bddf9d5777118da1b048ec548ee512fa19718717a1d587cbe01

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
46KB

MD5
8ee64485d9c5ddc9f6e49dc9722eb3e2

SHA1
66bb1e2803dd6c70ef09f0ac6512d67a47919812

SHA256
f7e420750be5b30ca43045105438252f4d831d7fede977228bc7ce6d9b2bac97

SHA512
c5eed184c6a9a7077573ffdf0db1c79082ff0721f4b6d23c7339a6cce3d83be0f8aaf5ff1d2aba32eacaa425b570ac317d4541d7f5cb9121e31c6ed9d4552cd9

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
39KB

MD5
2d62ad6d03139e789479f64316f6bdc5

SHA1
7f8a94f52510c8e4bfa96ddf977cc4d7564ed0c9

SHA256
b1b62216c1a1effddd74640a754d27b8e5a051474931035865deae165957f1d6

SHA512
ac013edeb964bd4fa8d706df517950447971514d431298a75147392e8ca91976c9b15887e25b748b48403af02a0031305480b2ec847b9ac85780ef8dc85d4bf5

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-string-l1-1-0.dll.tmp

Filesize
46KB

MD5
16c5b755b45147c109acd097672dc927

SHA1
ee694946f4bebdc0c35e536ee1445ce100c2acc7

SHA256
88a628596ce300700beb62391f1db6861445610dc2f9fece9ce7b0e79261d6e0

SHA512
a2e62ea65870240d65f5fead15685bfc7aa787a8d9156068a059a12fbd957c8a1f2eb19eb42d5760557a8a8be0f57b38451c6304ae50552f60f88c01d754efcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_Check For Updates.lnk.exe

Filesize
39KB

MD5
90563f2b37ff0ae819ec1d6ed4ad532d

SHA1
c04dc9aca22ed9f2b771b86558ebd54e5fedd577

SHA256
7b4425e59048c854735cb0ba77f3e1e304a787fc44f6973ab7a8e285989ce14a

SHA512
6ae29e5aff02a130bda72b5342087c1e669aa33c9374551097dddd9f8d6f4c624e49dd77941a66774ed7b71c0902f22807505c038a6ac2ae6160187ee1e4a9b5

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
35KB

MD5
2f2a749d6ccf2e05863804961ef11222

SHA1
3eea543a54ecbe99eaf7d6a3857445de2ded1321

SHA256
d6569e606ca9fc10e552ddfa65e7c5b61f7035344e984d5e0efe4be78d926efe

SHA512
46877e3e4085927d47964b9d09da0ea72e20644998614df77477f843e71bd964c74974e6594d384c430896164db38c083b6e54fd377d241ffa2edb188d4f4269

Download Submit
memory/1184-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1184-2512-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download