daf57c17e4bf968fdb23e9b0bf56c25c32c2a94b6870d9ada3509ed68b800db6

Analysis

max time kernel
119s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18-08-2024 03:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b43b3d2232d371ddae8f865b21439a60N.exe
Size

115KB
MD5

b43b3d2232d371ddae8f865b21439a60
SHA1

320541d1fa7529e828edeea50d6a141ec7ce5885
SHA256

daf57c17e4bf968fdb23e9b0bf56c25c32c2a94b6870d9ada3509ed68b800db6
SHA512

44b7cf10e24f0e68eae7e6bcd18072af87aa19343f71f6fc3d943ab6c33fd471662b435962a27c0fcd7002857fbefbac85514c3b6ff7170c54120d6635f69608
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8zxY5HTWn1++PJHJXA/OsIZfzc3/Q8zxY57:KQSox5DQSox57

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (4680) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
3328	Zombie.exe
4820	_Speech Recognition.lnk.exe

UPX packed file 54 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1056-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x000900000002346e-7.dat	upx
behavioral2/files/0x00080000000234db-8.dat	upx
behavioral2/files/0x00070000000234df-12.dat	upx
behavioral2/memory/4820-11-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x000200000001e568-16.dat	upx
behavioral2/files/0x00040000000228de-22.dat	upx
behavioral2/files/0x0003000000022967-26.dat	upx
behavioral2/files/0x0003000000022968-30.dat	upx
behavioral2/files/0x000300000002296b-38.dat	upx
behavioral2/files/0x000300000002296d-42.dat	upx
behavioral2/files/0x000400000002296d-46.dat	upx
behavioral2/files/0x00130000000228df-50.dat	upx
behavioral2/files/0x00140000000228df-54.dat	upx
behavioral2/files/0x00030000000228e6-64.dat	upx
behavioral2/files/0x00050000000228e6-72.dat	upx
behavioral2/files/0x00060000000228e6-80.dat	upx
behavioral2/files/0x00180000000228f0-84.dat	upx
behavioral2/files/0x00070000000228e6-88.dat	upx
behavioral2/files/0x00190000000228f0-92.dat	upx
behavioral2/files/0x0013000000022906-96.dat	upx
behavioral2/files/0x0003000000022908-104.dat	upx
behavioral2/files/0x0014000000022906-110.dat	upx
behavioral2/files/0x0004000000022908-113.dat	upx
behavioral2/files/0x0003000000022909-114.dat	upx
behavioral2/files/0x000300000002290a-121.dat	upx
behavioral2/files/0x000300000002290b-122.dat	upx
behavioral2/files/0x000300000002290c-126.dat	upx
behavioral2/files/0x000300000002290e-138.dat	upx
behavioral2/files/0x000400000002290e-144.dat	upx
behavioral2/files/0x000300000002290f-145.dat	upx
behavioral2/files/0x0003000000022910-149.dat	upx
behavioral2/files/0x000400000002290f-159.dat	upx
behavioral2/files/0x0004000000022910-160.dat	upx
behavioral2/files/0x0004000000022911-164.dat	upx
behavioral2/files/0x0005000000022910-168.dat	upx
behavioral2/files/0x0003000000022914-180.dat	upx
behavioral2/files/0x0003000000022915-183.dat	upx
behavioral2/files/0x0003000000022918-198.dat	upx
behavioral2/files/0x0018000000022917-202.dat	upx
behavioral2/files/0x0003000000022919-206.dat	upx
behavioral2/files/0x0004000000022918-210.dat	upx
behavioral2/files/0x000300000002291b-218.dat	upx
behavioral2/files/0x000600000002291a-227.dat	upx
behavioral2/files/0x000700000002291a-234.dat	upx
behavioral2/files/0x000300000002291d-240.dat	upx
behavioral2/files/0x000300000002291d-243.dat	upx
behavioral2/files/0x000300000002291f-246.dat	upx
behavioral2/files/0x0003000000022921-252.dat	upx
behavioral2/files/0x000400000002291f-257.dat	upx
behavioral2/files/0x0003000000022922-266.dat	upx
behavioral2/files/0x0005000000022921-272.dat	upx
behavioral2/files/0x0004000000022922-273.dat	upx
behavioral2/files/0x000200000002125c-6654.dat	upx

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	b43b3d2232d371ddae8f865b21439a60N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	b43b3d2232d371ddae8f865b21439a60N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\MSSRINTL.DLL.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GRAPH.ICO.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.dll.tmp	_Speech Recognition.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\jaccess.jar.tmp	_Speech Recognition.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ppd.xrm-ms.tmp	_Speech Recognition.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ppd.xrm-ms.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.DataAnnotations.dll.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\jpeg_fx.md.tmp	_Speech Recognition.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ppd.xrm-ms.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ppd.xrm-ms.tmp	_Speech Recognition.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ul-oob.xrm-ms.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-180.png.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationUI.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\glib.md.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\dotnet\host\fxr\7.0.16\hostfxr.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationProvider.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXC.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.DataStreamer.Excel.dll.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Configuration.SString.dll.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri.xml.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Timer.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlDocument.dll.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.dll.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\bcel.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Corbel.xml.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.NonGeneric.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\snmp.acl.template.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Extensions.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ppd.xrm-ms.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-pl.xrm-ms.tmp	_Speech Recognition.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NameResolution.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\ReachFramework.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-140.png.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.Xml.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\Office16\SLERROR.XML.tmp	_Speech Recognition.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\AppVLP.exe.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.X509Certificates.dll.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore_amd64_amd64_7.0.1624.6629.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-phn.xrm-ms.tmp	_Speech Recognition.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.dll.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11wrapper.md.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\lib\jconsole.jar.tmp	_Speech Recognition.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ppd.xrm-ms.tmp	_Speech Recognition.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b43b3d2232d371ddae8f865b21439a60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_Speech Recognition.lnk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1056 wrote to memory of 4820	1056	b43b3d2232d371ddae8f865b21439a60N.exe	85
PID 1056 wrote to memory of 3328	1056	b43b3d2232d371ddae8f865b21439a60N.exe	84
PID 1056 wrote to memory of 3328	1056	b43b3d2232d371ddae8f865b21439a60N.exe	84
PID 1056 wrote to memory of 3328	1056	b43b3d2232d371ddae8f865b21439a60N.exe	84
PID 1056 wrote to memory of 4820	1056	b43b3d2232d371ddae8f865b21439a60N.exe	85
PID 1056 wrote to memory of 4820	1056	b43b3d2232d371ddae8f865b21439a60N.exe	85

C:\Users\Admin\AppData\Local\Temp\b43b3d2232d371ddae8f865b21439a60N.exe
"C:\Users\Admin\AppData\Local\Temp\b43b3d2232d371ddae8f865b21439a60N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1056
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3328
- C:\Users\Admin\AppData\Local\Temp\_Speech Recognition.lnk.exe
  "_Speech Recognition.lnk.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2718105630-359604950-2820636825-1000\desktop.ini.tmp

Filesize
59KB

MD5
382ce9d53c5976066bef5f20248ea768

SHA1
e227e9ce688984b04799a74187f3b42e3f0457c4

SHA256
19ab2ae8caed09b5ed5e57b15c23d4d95c3cef676b3741124a6629c7e0382c1c

SHA512
d6ba225f2622a6b2e61c8724ada1da696005e7aa9e56abe0069de7e3c5665bb6d2f12bd9bab8a708d13a998833403de0c5b2fb31d710ed53a6ffd93b25f11f3e

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
171KB

MD5
767569a5512a98a3ba5715a4107794cf

SHA1
e4fe8cddceae87fdd9fb59a74b4f5dd2c3542076

SHA256
52b2019ec501ff40a3bc7cff780b88d8159677ea9bf4dfdf3d9cd109c75ebf9e

SHA512
451abd07ac1314d9962f94ce967808ab6761cec0e951afe314a2e12396a703e1d660294271f9a3e4091fd0b3deb38a1a3b87828b1f83d947c86ead9955bab26f

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
124KB

MD5
ac08a9c396c26b77a2e82048a5418252

SHA1
64da1b5d4b7bf976732328ad7749dc7061d048f3

SHA256
eda708c99733c8bbc638e5ecb68bab1bd0a8befc6caf07389c72abcbc5fd6b1c

SHA512
0cde5b679c31cf43062fe4b31fbb9cc442b889d6a5ec468b9623ae4f0f39a84f6e154026d5c9589fd7789eb502d56374d22e44ea6c607c3b7a75da7b5396849c

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
87648f23e6da9b2683c18d1d46e041a9

SHA1
83e2714c706ce598fab7f08e21b64480763369ef

SHA256
c99f08d159768f3f9f4b8e351363765b49c91e22b95443cfeb868025951bc37f

SHA512
84d620d7d1d0bcc9e312a549d6b99c94a3c0b87809ae96ca228912a6ab929fe72b9ab1fc42321f5c8c9dde05a8f9b8bd02a82e5d71189f89cf06205e9ddee02f

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
600KB

MD5
9af5aacecc46899265c7b83592e512ea

SHA1
bed860eac844fae3d4cabf299a71af3f2ac22ffe

SHA256
56a396554902c633d6a2d43ba97a1874312d847e162eead1455326b9ff1bd9bf

SHA512
7a966b680e9c26f1d361b5f3114d2865f0e619bceecd7b8ecb4d7151f02d56d5cee45853a0b8e787764c9e09f700258ba30ccb44b967c9f2890cfc5d180e4d7d

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
989KB

MD5
341d4629b1e274f74959988f63246132

SHA1
bc7c98db368b94c73ca97d3e3bc39ba5eb6a2c9e

SHA256
8036799d075909739f4f906db0d896a995aaa29705269e60bb914fd31f2cc762

SHA512
fd29898cb55d701cb78c8cf2c640e5014080ce978db5022f94aa8b5ccc63d458eeaf80c8e68eb7c9855f18a8d9d98abd38ed71c12a0a464f5640f65636a9041d

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
743KB

MD5
ef16666c09b0794ab33b93e83e80d84a

SHA1
ed86f5f0e64b7de433d9906b3e99dbe062aa690f

SHA256
372abad9c9893c0dde2c88f659d85cddb1d00864e1ad4552b63e1f6243843a7b

SHA512
f427271b677a54edbc0a36221f23d1200faeb277df2691e85f7ab3f3748a6668e0eeaa89714cebb153de36211190f3fff8fd449ea216d8e23ffab1f9d2e0bbbb

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
113KB

MD5
90e3fffce859971dc765826bab9a8b0f

SHA1
40bf2c34c103bb62ec4827a500e03d566c106892

SHA256
81ee0b0c6b5e9ae54f8af93498c6a2b8732e7cbcfabf680c159e4c1ecb451eee

SHA512
24950a9794080935a7decb2925ce858665d810f5a25ca163f26a14b45ffc1df387b3db9d5bebced8171ceb7e27cc94212a7ef34b4cd2dd19abfc12a92e191ec9

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
68KB

MD5
924fc7d6b5ce96233ff9799854271363

SHA1
c519b822cd1f88d62695b6d17ba469988e1bf5bd

SHA256
c97012a1aacc805d60d47a119e0113de23f6ff67327e1a3538fb6bd7cba6e054

SHA512
e6f6f6e161b417d218b47bde150760fd25eb488a62f560dde1a8c1c22e7842425d5d6f290b16e13dfb13b72690e2bdd28d4f78c473af47fb7a0f4b72a3c1f48c

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
61KB

MD5
88105c057e4787fd38e17d701aa4ba88

SHA1
955741ef4b0c633cd1cd439a700db5ca921cf0b3

SHA256
a6eeb6de2dc6d464118b60a8c83faa4d9fe4fe390b509bf9a90a47a579848c0d

SHA512
bde8403fd1ab2fe398b4e08f2462249178307c75ed7036e0b839a746d77a6bc36ed0839add5dbcef72391efddcc5236063de6016fe9ce4ceb92b8c663d2f3dd3

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
67KB

MD5
ec4bfd5f8371a4440ad79fd30e88f3c5

SHA1
0027ed9c786d0a616158f2cd31651d957b2e5000

SHA256
b8540af7dfe300b8254d2df7584051594bfb66a4e6c6ecb9b4af7e5ae278d215

SHA512
d327d5a87993fa82c40fddfc414c31a4b2026810dd027ac9e67fe244de3d6f8d7e3b5cdd3aa50d6b4a06a1597024517d83540d0960311cfbfbe5a77eaeab1a73

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
69KB

MD5
412c1eaa7da0950967884bb351721a8d

SHA1
e927dc67bb30fa8a4e1c3f87a6e302f90740227a

SHA256
fdbad1778556586cf8b5b9c1991d65f6cf1eda805040c3b9633d13ec237c85be

SHA512
3cd43148e28911494b2a72232075802b389ef36a3d2ab66020196aebe4eb5c23bba2807c0f2fd83d624b8bcd2ea3c9c81601158ca97d94ff035c869b1d9b684f

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
71KB

MD5
6f29a78c0079fcbe68d10ed37ea4ecc3

SHA1
c120a1cad0fe5f6b43921759c9ba8566df7202f3

SHA256
7cc07eb79da2c7a65712756c4b706d47a6eb961a20599a8629f04ba99b032ff7

SHA512
bf858d43a7e8e94587f43550b10de381560126827bed2e8163c60721d91835d96a2d278f138a6dc34cacf99233e3c4020332f8c6e62f391a696c4ca6bcda4373

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
61KB

MD5
f5835cba3216fef99f7bda2d43773f00

SHA1
73c39336ad44d27c76b222819599b32f76e8220d

SHA256
7425ab625929408457e232c19c6e8fb11f2e03fd065f0891c938134d9cfb22d8

SHA512
714ef9a18207d2276b9ad8785e56fe039d2b5bbafd9e4bda8383abeeb9bff62d51cd22b2de61e9de59e85e9b750d300d4f0a01f5ae3100654b5f8fa082249383

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
68KB

MD5
cc579abd1738e9e3a1fd9db87f38d96d

SHA1
48f390c302bc1cf3bf1de4192c750127b5c87287

SHA256
b2531a8855a95ce3e6acf1e1c01eaf283faeaaae5c75fa265986dfd2cc02406c

SHA512
6dd4387238b66d94a79a125b3202b4841d056f84c5c00f903ffa8e613ad0d6f336fa3a59394698bc7423e8c89d28e8a9912b308910dfd9225ee05ab807c16408

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
67KB

MD5
43720876cb9f493dd15425bf8dd6cfec

SHA1
b2c75b5350033bdad20b832e2bd060585d6e6a01

SHA256
82524c54e7768503fa5b5badad59354d91f38dcb9a05a4d09da19c438b663f29

SHA512
8ca0ae2b134283de3b14765797d254b25815bf34cc431be3e8b289a8485af2b4878e09511fe1336c20ddac58319228d4425063be8e87419b79d298edc58a58bb

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
64KB

MD5
2a7e8c175a7ba7a7e9604f00d9193f04

SHA1
1ccddce21c9fb3e0b29a4710bc42c48f83ee380c

SHA256
59e423e37ad9aefdeb03f321f4dc2e7750348baf64e8f75df963cf9a5d6aa8dd

SHA512
d9645c797f32675c49bd461c25b7b208dc03183aa2847c2343557afda48df2e5439977420b0a3db8b0e12c80e69c7d1679151d6d56e3dc1d54134ca2b1c504c3

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
68KB

MD5
c9202f6e59947967baa3efd98be10b10

SHA1
e321b9f4efc68bd4d32909a146c959a595296248

SHA256
444d91ef228d5f60b771b903426052b4b8f24006679a1374a569b431ca9d6f79

SHA512
532fe0c15170335cdb48fb204329bac1457cbb1a3ba2676e35ede142924c48e6a62ad0dfe2acb30e551de5b189e5ad598a39e1843b1bf0845648f036720cfcad

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
75KB

MD5
ae745dd984bc48dd87e6aee666359b33

SHA1
d5139c6c508a32761da2e5c114784c74da31994f

SHA256
7ea808d09f078da6530d1131810a4f0199118261ca291ba57399b783a2346cc4

SHA512
ab4465fa86e9591237b4c9733191ec721263757ffb4ddd6b28dab4364b33f6aa686a029376707b5d1c176b9e0fa3e0d11c5583549ebb49c1a2158972f75b0b88

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
66KB

MD5
40ea2923da3c556d7a70a94a7b394733

SHA1
4eb550d95096340a7cce04b308fd7f17eada0d56

SHA256
f240f612d45385b3e4915ac65a8b6bd30f5e023a6b571c82216fd26668f229ee

SHA512
092997c2b7384ccc9a0736e24728fad3faf53e761edf7da8c7336b16c157ce53ad5fe91f0f3f410a6efe186591a23a69e0a20baefa3aac5f87ee8edeeab6be21

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
64KB

MD5
b94b7db36d2019719263888179708481

SHA1
38c4a01773803a4a4c5acb5bd0950e580132beb3

SHA256
d6444a9a26e7f7d5d835a83e1492b7c5bcae245e507c1f1218a0dffe4d69d95f

SHA512
e859616023904febd9a404e3020eb1817559db4d1f0fd5ae009940928002b2a5a017eee12f283b5f46ebfc050fc61abc282f6bc5d02dc34558fe12eeb0e889ab

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
66KB

MD5
9e32b53bb334dbdde44eff20b7288d2d

SHA1
fe5531806180078eaa30c96a7ba1b21e677b90fc

SHA256
9bbf2d93e6f5f7af1afc0bb32eee3b5f5f6fa28e87e20be3fd07778a749280e9

SHA512
6e4734ec662170280b367f2eed582481aee0b3e434f2b3358b5cc18528702b8316ea7c49ef5ad29e1b6d13d7e2433a2a6911f28411bf09ab72bfa798d5c0c9c6

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
63KB

MD5
23b4c5d904dc6540398f24c917ff9744

SHA1
c7fb6f4f5085126a2f3a10ada2e2a945056ef8e2

SHA256
fc1bdde3e983ba4955fd240132f0781ebf581295f7a6cab80030e21b4174d79f

SHA512
534f292341e40d16524e561a1c0cfec05e0687afdbd1b81d389227b59094bae515257ae8ca65ed43509e57ba0ec30d5475414dabcb166754821cc7ab9b5dc77c

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
67KB

MD5
ec486bb5cfe754c1ea2b72b6df7f0fbe

SHA1
ee86dd236f6f3d70b45cb3ea8bb77399d4683c2a

SHA256
925555f0189933b981f56edc937b5a10fc086a38dcc110e528eeb37dce850267

SHA512
35088406803e12ad2f8aec4b99bd0349d35902e9f616be5875f8c070744817389d2a3fc1308c4c52147abe35675f8ca2d311421462a128cb827a06f4e77b2623

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
68KB

MD5
92721583488d2437b6d90021bcb98126

SHA1
e65c48316db8ad2c8cd61e9628d196eff5b669c1

SHA256
fa529bdc5771a11b012c0439a9a4d140954f78768585ad20103263e5f533cb8a

SHA512
f9f543f6321bec72237f5238404ccc6422bcbe9f4c4cb946e0bb2c20c5d93acca9a3ba42ee3fd75f846901467f6adc99bb571f47b55d3854f8fd38f94ebeb8f1

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
66KB

MD5
275797bdcee6acb4b3cec8af0dedaca0

SHA1
fff0856b8c501b00ed2c31bbf3dfd29c3e89eaaf

SHA256
d98505cade9044ebad3bc95dbd4dee45e9630a6fcbb417bbfda8c4d13fb3692e

SHA512
afab99e6a10ff7d2c8f633441c468de1011ed7f7ee54c30777c022565257431295cedd73df7334a4549de9ef21035df849bc867412bc080a2e351f3902847ec3

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
65KB

MD5
0850cbae66173a787a5ea4a193fe4624

SHA1
83b57c53810ed84c856c89ba82a799dce0c498a2

SHA256
fface79deb739fdebdd8947ffb2ea158de188aaaffa668db25cda45e286fbd5a

SHA512
33509c384890a0721d1c6694c63058566c03509552fe39fae12bf218d2155d9c8974007e9549eb85701c3b1a4e316737f20932c9903f72cde3b8dce421329fb3

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
68KB

MD5
dc2b3639ad1b92249fe3c16df86c0733

SHA1
2dc3cea0bf293f051a4de1f9f21fbd8cb6319b04

SHA256
e85b0329d56f8ea8d17017e4bfcb3bdc003d455f89a9543c86f7264bd58e3724

SHA512
20000daf2f63f03e761acf12c6bfcc438df4fb08f83984b6d84a401a1a6f236809b3a8e528ccba05d9fba83eed2c0657d319e5a1d5b7cbea14d3358d6edfc6e6

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
76KB

MD5
60d91cbcc8c0c16cab983ac6b9984f5b

SHA1
52eee4e06be8afcc62d32ce76d9115fb2909af66

SHA256
64ebabd1bb3d91e49b08541934ad9a94e9e3bf313c045e725d9898087a50f877

SHA512
576bcb2ad1647b65e510cb541fc39e026fc1bb5f630a6506406f0e2355ce74a76fdaeaf249b1234020a132dda6f34e3643646d7a957d8d9ee944b418b8b7dc82

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
56KB

MD5
9223a00baacf8c2a95d52c63ead1027f

SHA1
1454356f4c5860a91b062f64b133c959b4ecff0e

SHA256
40f6bb4fab90e266617e4fe5f6ef0707ea77847fd13cd85679406299725c1a3e

SHA512
e0d2f3e17ed64728b9f24c486bf87b8434bd7d331a2bc4e7f3f4cbf7ce79d359780e68bb2b03b97f2db0f74028d9011a46357bba270116d06b89f96020f55386

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
76KB

MD5
6effb2b964cdf154b23eccb3767c3831

SHA1
193aefc39137513faf3d0d3ce2ac2baee1617b29

SHA256
27f42e31dec4b74ebc72b31a02801defce296a75c0a36a97998323ad283e4011

SHA512
063faabc0827497eb38c625af0f667b5cc4af4a072f45221e7e17da517d503fc4f4fd8098f82ea18ed6a6998c716bd3cbbb1a74b9e0615e3ebd0c99ab95158cc

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
67KB

MD5
8ea501cb0f825bdb85ca4ac7436b6c66

SHA1
74b6129d10c080a3195e49ef132ba4601e62c4b3

SHA256
1a7916aba2fdf152fee82b9ed259bb14144bac53ea29b09321e7d4a0e5a1e349

SHA512
92715e07a53eea5a52caa1065203a5175108aa5f5adf1a4f231f5d633256fe55ce6623f0d671559061c63d0e997ed6cfbdd96c0650567ca291919666711c589a

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
68KB

MD5
3ca1b2855805695e6ed35b00e84936cb

SHA1
f1b54135bef7cb77e2589bf9d69f78bb21c90883

SHA256
5f78518603a5d10533db87874ee549d1e51d5fd0972e2d4344f74b49ca120fce

SHA512
cb37b7dcb9a5e6d1fa4cb0aab27368c1e3dd208a34710775decf481fa9820720485666b84461f2870abca5e3061a7599ff8198a2c40e0e73f9388b4bea94161c

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
64KB

MD5
53581e628110a33ebda4fc3a75e5d8d6

SHA1
40628c653dfc5dcc5e9a495b9d08b79fc7f248ab

SHA256
7c43488a4ad35531e5ab52348d375f0d50781cf21783ed3462610142dd2ecf47

SHA512
45d9648eb8b6645a3e3c41990681f29ffb59758ef945ce02c0e561109cde3fa28614ebabd845cc15395e4f43c8afbb7b530a9be98269af1456bd9c33a69b15c5

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
67KB

MD5
3761cfa8d379ec5afe4dbe9f4bed3acb

SHA1
86c092f76c9147f5bc464c2fb277b6ea05b4b13e

SHA256
4b57cd4fe9740bcd2774f56ab0812c4da2c6e10ebcee6b78bec8765db4d180ae

SHA512
e3cdccd4cfc5e73227e58a4a6438196c52e8697c91d1e3b3b4e90a191254ce93310303c23e9e21d1e641031a22e95d88ada2d8f2a1ee640a536e81f9ebd563ea

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
69KB

MD5
6ba745802b230605dcfc0f066ea9aed6

SHA1
5c8bb61797f10e064de425428d1570df439b2dbb

SHA256
a160b8d5d11651a6c5eb0d890e63b9b5b543ba04618491b766fbb7647901c3c8

SHA512
5f0590704a92ccdc2aae7903c3d599e7399f8e8f245574432631ed7cddcbaaa56b6bebbf038e5fa22c8a2dfb519acdf5cd16c6b20ab260d2f54f6df18bea3f67

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
69KB

MD5
7c21d48a03bec9e31ea1c9d3a3d95dd9

SHA1
b611a147198883948d530ace1c50cd33da04b004

SHA256
50632e9c298c445fb21e57ed0a9c346ff8386894913448bfc5943573d567e9f1

SHA512
e4eed20ea3c6b9af40a3edc38efbb1d947e5303bd458119584438c98d1b667eb9ca8a63a345f3cee9fc6d18906133dcbd5fed64aadec5cafa6b59fa690e8e8d9

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
44KB

MD5
48acf8e3ccf9b08d6f85f6fa42f88fab

SHA1
3b56ca4525e11d1a2ca3b52970720da15b751f9d

SHA256
dd702af1c7d8ac8cb837d5f57b86be458f5b6b878d45c7923d185fe001c7485c

SHA512
edb39f630b45de1d9bc1729fdcfbffcdabd7e878140496cd0087f0cf018569916e1eaa77a9139e86f7eb4b2840f7b7a9c171c394aa9dc153a70bca68f5ef1475

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
65KB

MD5
9ba67123c4585248e296335f904c00f7

SHA1
834fecddfadd75d83ac1adc6319532a19228778a

SHA256
fe49cbaac5fc2424d5a6c92c9ad71ca696f007ac790e90899fcdae44d915f27d

SHA512
7e91b90a57813cf1d638ae5110b20fb058dc1cc448abe15b5893e497872ee0fd6eb5d25a2e469319ebc1fea3b79d9214ce9d7f5b7b3740b9c114761fcbd5bfec

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
67KB

MD5
c5dd6820934d1e4c9527e73afd30a170

SHA1
17447f9feac4f814e24bb2993bc97a4e7e2d4b4e

SHA256
dcf4af8d7fe8a1be51cd3d1a624dc030212344b687a0a998e4924bb2e6172d4b

SHA512
5843c1cc22a833f84fec57fe1c03ba7a3cc8b3448e601d216b1760a7cd5602320cfb7abff1ad08908a71b833edee1907de4f1ebe4a341d7513e5cf276cf0af0c

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
76KB

MD5
408b91dc1345ca8471e70b7afc158e55

SHA1
0b067bf21ac373fb4534a4d377db6af1d2f3910c

SHA256
baa0e68c77c27591f03534df0c7683503d6e2532c7b3b83ee356fc9af57eee7f

SHA512
bde3edbce20ac7606908eb0b1fd157099fa5895be7dd9b45ee481afe094fa4cd3f81794e66de6a1b65a830d14941ec990b1afeba28ad01275b9149ca3cebc717

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
78KB

MD5
8e4324afafff0d9b0671de8943bef97c

SHA1
42e51f51b1cc482b6e253caa6863e171e7710692

SHA256
e8ef06fb7a2736d7d423f60a9a7ccc85818a19bd7e041c286eceefc880a727e6

SHA512
ca9f1abd01a0f133d64e2866fd2d50b76c3d5f989ce1a33b60755e5945fac1bf3179f45ba965a728349e117cd00309d926d69d404e2f4cfd406ab6042f295a51

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
69KB

MD5
7917a89e7900b7424b94645eee62bf39

SHA1
d653eeef0fb0ec2a2c4f6d50fad3ba785cb4c305

SHA256
7e7dc08fb0a0958a19b182a077c62e15ddd0c3ba657f1c9a42658f71dba1ae04

SHA512
959ce42a53b6ca6c07237a66509216d38db0b10fda3a021383cda8afee9a8970952e7aa69c444f3400eb55b0f633950f058621b495743ce2119099a24d8cde4d

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
62KB

MD5
7e7aba97345a0532ca030ccf85ceb3e4

SHA1
b162fc24517d9bbf07b7ee8b95a1564d7e04c010

SHA256
bbff0f51de96807d63163af1790119c202006f28325f24c80ab56fbba8a57c6b

SHA512
934b9cd97dbfe940a871f2c473a0d5ecad540b7c30eb59ac408f6affb028bc6307510ed4522c8fa932a80f1c44317ea443fcbaa6f4222860b9242d1dba52a1a1

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
59KB

MD5
f568eb3c48e75b34f7d4f61743b12d75

SHA1
e7e733bfe5af76da51613af0b468241151f22827

SHA256
c99aab9818576e03fc8f591729e59544cbaacfc21f832158c0d681f573c84a26

SHA512
8461f5805c8afb919fbb4f882a7cc2cbe8912d28b816a803c1055de0a5f34f2f458f25919b8449b551599171adee3831f406d6f1b18d23800541603166779a95

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
70KB

MD5
4c89715a6c561c21a9cb112236361181

SHA1
c69efddeb0c4563696e102172d38da1d4052850f

SHA256
cfe9fa4a26c43ac72b404b631e59c93135f49373a7b114238bc4034ca4b519a2

SHA512
a5c38145b7eb73ed0e50ac91d7ca4606ad841bf0396a29500959fca898569f009d067fdca6d4edcd601b8f58af006055c65d73a9fdc4a33e410d59c1bcd93c1c

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt.tmp

Filesize
68KB

MD5
e5ebeb7d583b4bfee73c43c69f1efa64

SHA1
144d7e1bc7a4f324ba303302e6f68a639a0f4e15

SHA256
7af2decb2f878a09612ae6f6ed27915aa535949d29e9459b8b474f36db5b2b67

SHA512
0c00eae63e988465bacff5c4791e4bad80a755adcc3745d39036766dd82d178f20eb2057700d33be72fd6a8309c6d499226f68f74343e5321a6203d75fdaa8c8

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp

Filesize
67KB

MD5
c0b6ede37767a5cab6da4229074dc205

SHA1
5fdf2577c8605ca22299e196a999467e3cf19ccf

SHA256
3fb8053158894b07ee06728cd0f7ce260041eeefbcb80b277de68c3fef05de4f

SHA512
8a5b9ea522f4fc55ce591cf33c3b7444371fea10f43e1876f3143634460a5cfdd76c9f24bfebff581f858c1519b36362df6383318bdc00d503052a9f81a60892

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
59KB

MD5
b104038d919797e7e0d7fe2afbf1dacc

SHA1
b164f89a0dfdf530779579c684009cbb06ee71ea

SHA256
c9f818fde86cc44b99d3be9260fe76ff9f5f4ea55ab4b2a0daad5258318276b2

SHA512
094ab22502ffc85f90ecc3547602f13adc6fca779a8f11e452a298155a4cbd3cce6963c8f3910044f088c943f92957fede28ed08a667d0bdb57354f56dc81904

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\net.properties.tmp

Filesize
64KB

MD5
0dc1872dca10fac120ee02d6eaefc6cb

SHA1
1482ba1f4faa347d877c6160202f6e314914055d

SHA256
41fe69badd3a2b5a0e1c34c69e924e7960e52654f86078e6c7b689c64d220901

SHA512
9b4aa4d4e745502e68f3cb1fae556073f7fecc29f6c8cf278e75534fb43517a45516eec07358f605361efc2e50d712ea244b77a42d69dd9bfd92e60463a1c9a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_Speech Recognition.lnk.exe

Filesize
59KB

MD5
8dc4951b289cf753876573d0d684ee70

SHA1
019403a77502df78ebd6464899a702b0060e1595

SHA256
0b3ae42c27ebcfc084d41a075409c5cd8d057530c3dc0a9d15879e7389e2b60d

SHA512
994eecd75a066aa34b9f149c05f62e863f5617752e0d7f2a593e0a797d36406b02ea15bd0a725c91ceeba9eaa1cb6803094204ed89d34290b21d4e7d2d1f1849

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
56KB

MD5
3f974af248ea9235ed5473a1e2198f54

SHA1
d7b9dd02cccd120dc9268e0c452a935a0ebc629c

SHA256
98f5f9d99631b531e52d0f38bfee5d42e66bf3e92b7ff5909370ff4aa17b6734

SHA512
92b36f0084ac2d9fe623acd8c4e0ff4bec47a2d7aa372b038c06d369a02d8c11d0ced03f2f2d2033d31ea8649769c76c43fb4fef0c095fece67342b8325a2b9b

Download Submit
memory/1056-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4820-11-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download