548b55add64df4fe9929c0fbc8b8e913d4a4570b0e92297c3ed543b864f14ad7

Analysis

max time kernel
120s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18/08/2024, 05:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9a415c1a913f55019211455dabe45170N.exe
Size

135KB
MD5

9a415c1a913f55019211455dabe45170
SHA1

0b4d290c273b6a2b93e3abe69fea0ddd72915ee2
SHA256

548b55add64df4fe9929c0fbc8b8e913d4a4570b0e92297c3ed543b864f14ad7
SHA512

15ddf86ec89316b520ec2865d1e9517056c6f8e599215409b95dd0c9d4b068081f2b05f12ca56a58564d5a92d7d01fc0dc3f83b7924fb7424b9b5629723a2d60
SSDEEP

3072:62ssWpcU7lK1lKgkE12ssWpcU7lK1lKgkEZ:MVyU7lK1lKkVVyU7lK1lKkZ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4686) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
4416	_MS.POWERPNT.16.1033.hxn.exe
4768	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	9a415c1a913f55019211455dabe45170N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	9a415c1a913f55019211455dabe45170N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\jfxrt.jar.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l1-2-0.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ppd.xrm-ms.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_fr.properties.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ppd.xrm-ms.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ul-oob.xrm-ms.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Practices.Unity.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Controls.Ribbon.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-oob.xrm-ms.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-pl.xrm-ms.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ppd.xrm-ms.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Input.Manipulations.resources.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsFormsIntegration.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ppd.xrm-ms.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-pl.xrm-ms.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXT.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Parallel.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.Primitives.resources.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.WindowsAzure.StorageClient.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationProvider.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Controls.Ribbon.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationTypes.resources.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.ServicePoint.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xerces.md.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\pack200.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClient.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\ReachFramework.resources.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationUI.resources.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CSIRESOURCES.DLL.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ExcelCombinedFloatieModel.bin.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ar\msipc.dll.mui.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	Zombie.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-pl.xrm-ms.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-80.png.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msproof7.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\calendars.properties.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-oob.xrm-ms.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_MS.POWERPNT.16.1033.hxn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9a415c1a913f55019211455dabe45170N.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4032 wrote to memory of 4416	4032	9a415c1a913f55019211455dabe45170N.exe	84
PID 4032 wrote to memory of 4416	4032	9a415c1a913f55019211455dabe45170N.exe	84
PID 4032 wrote to memory of 4416	4032	9a415c1a913f55019211455dabe45170N.exe	84
PID 4032 wrote to memory of 4768	4032	9a415c1a913f55019211455dabe45170N.exe	85
PID 4032 wrote to memory of 4768	4032	9a415c1a913f55019211455dabe45170N.exe	85
PID 4032 wrote to memory of 4768	4032	9a415c1a913f55019211455dabe45170N.exe	85

C:\Users\Admin\AppData\Local\Temp\9a415c1a913f55019211455dabe45170N.exe
"C:\Users\Admin\AppData\Local\Temp\9a415c1a913f55019211455dabe45170N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4032
- C:\Users\Admin\AppData\Local\Temp\_MS.POWERPNT.16.1033.hxn.exe
  "_MS.POWERPNT.16.1033.hxn.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4416
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-355097885-2402257403-2971294179-1000\desktop.ini.tmp

Filesize
67KB

MD5
2c252d043edca4f0d620b5535df8c40a

SHA1
730a0cfbb8cb1001535d9ffc47b6ec195f99bb98

SHA256
a188fa7394fd4a75c8d901a8938ea060cffe2363dd497870db6eff8ad7319aaf

SHA512
6d6f7179ba2a1ad64fe108d80d8aac04cc46c732b5d6de2687a1dcb8507e3dd98cad53348607ac9a9e08882f22a243983fab952210718a79d9ac6a75d127a9c1

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
179KB

MD5
a75289d65c6bb37990e48bd1eb16a4d2

SHA1
6af5c230c92638e080d9c8598749df860dec3aca

SHA256
0617a33280d9eff6b72bfdd05cc20c23778a2334bff0f16ac606944edaf23be2

SHA512
012dc5beb7756ad5155b1e3053d22339277c342f35d2b3d670b1568f6ca18f35d37d5920401f224ba1dc4070ee10fa2986ce1dc84beedd6393b6494340fad1bb

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
132KB

MD5
1f1bf56fd602695a446debfb56b9261e

SHA1
27bc3471e349be60a3c03969bd741507fc878f38

SHA256
ecc80189a924a0824f2f3080856a41a33105711de01447b75555009d5b1dc3c3

SHA512
c38ad3d3ae89a22c80cdf63c8edfd2b20e759852b5699976674eb7aca0836e9d59817b8c4b9dff2b7a61bfd5ca6ddd547481d3515cd1ed2614ae2ff20f881e1c

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
611KB

MD5
632be055f963195ea0c4eef6387a112e

SHA1
a723e079c0df3dc41ed4ee33ee4be189201308e9

SHA256
13c45b08d9fab1e5acbd3d57b2bd21d2b8079dc027d2a1144424393981b2497d

SHA512
d134a492fe1f6d33a13e1d03a3d2f8fd3fbf06e6b27a4f336ef2059fd3e63ef1834e1b4b2439dc622430ac593f97badaca37ff0cac64979e4eb3cbd89184b696

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
277KB

MD5
aad471c42b51d4031a094a5444e510c0

SHA1
c8c9b145a164967bab1618b99593303f1d598fad

SHA256
8595d1cbe14b95fb3c92075968cff339f5e7b799cbb71fc588440e7878b4c19c

SHA512
056818ced711908f5e3e2c2358d2e869b46c115be879b46ea1e1585cbda7d678a428b76f38ffcd75a985b4a347da9418dd5a18d127e346f229d127ce994c948c

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
256KB

MD5
6924eebcb4095a8edb0dee3050b88397

SHA1
054ef46bf3fe4c8f431427b4ca5884dcdaf96a09

SHA256
9ca7f59b6c3ce7747780401419c98d13b52997ecc06cff3ac50de8b7243439aa

SHA512
b8bcbcda10608ef1ae137ed9a526613b18c57bc5c79931c96ca12e0b46300577523127c17b7cf81330489a53f2a29e93a1d1b37f1738de7a51a98384549b2793

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
998KB

MD5
a05f08a726a5a041a27e8cc67af01d88

SHA1
240ea4439f26b8646f216df55975ab1bfa175cab

SHA256
45bc8a4460608d6358eb0aa760c148232b436941f5a8406ac19f582d8d062056

SHA512
74d13b99276e4de30f06d24e5d83805eb8479ed622cae268103f909a986008c125ab06946d1c2c70cc0d3f54f03a95a3b5a63f974ae6d333a8fc701c57a1b9c3

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
751KB

MD5
fc1f7ab765214ec35cee681665f602f0

SHA1
223bfe0bf860f404b8ed52a480fca3b3d1fa33ac

SHA256
c5bde94c17d422bad4071ad104c40da36300c35ee2f6ebdae66a4a34c5280bc6

SHA512
700fd8974dfca1e495cd9a32dd669888656e9a13a927b16ed3cd780758d8edc6deaceb0afe1b805bf912b6656b5128a54b4fd202c1ca4ce773187fd4f3ef97b7

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
124KB

MD5
985e347fc56252d5f9f4c24f2aa0238b

SHA1
62280c69585164fe82302ddc6792b7e2214bc518

SHA256
98336c49d4bf6d1c16d510af823e3c462e09f002f90530a254375bfe4f21a40e

SHA512
3a09fcb1cf5d6c73d9aedfb0e24686f6e2df9a88a29ec1da5fd7fc916b742e6f2a77931fce9085ae31d626ca441af7abef2abc695f4a3fc4c2a15959abdd5678

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
76KB

MD5
1b0a4f19a87832f7d6914d204a02ff40

SHA1
d86718934d098a5603b7ca0f6eb052b108ae116e

SHA256
f17216c57ce940404f10d75aed39c50456c92db47b1918a53a6897b540e4f4d7

SHA512
3c9157b578d0e31f53d31ea0f9a72d9250783cc5c827d428061d727c09b0bc45f6e9c952b5c83f4bdedc5bab2fc146c5601ffc77fd0670a8c47019c3ad8e550f

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
75KB

MD5
5868a75c05f1e0dd3813586e1eb868aa

SHA1
2b7d69e4bab73a12988ff8b1e619fbfe94bd23f0

SHA256
d661eeaa93e639145c5884eb131a584c370c105a9dbf7f2d99a99ab46d9bd266

SHA512
408ce7a61c4670aec527c14b118281348c379c294c23af43e8af0eff0494f4ed215013e9d71100a65f1920cfca99c5a8b731c738593ab8d793337358f7c57d8f

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
80KB

MD5
4f399bd9b8ebb02ae6d8ba7984b9d603

SHA1
a35916bd30d13909f06036ad3ca876d25dd8918a

SHA256
72a333932ba72330c776733c381b7e5f99c225cf197f50f39d515cfa81ef5002

SHA512
429dc5edfd5cfbc783960eae74a0f129e67b338bc89b5b9d0e51660b0485d33b1407de6f83d969496d0e284cf9012ee11b3da9c539f162c9ef57e12d08d3f825

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
81KB

MD5
43e9a1122690567e5133994797d085f7

SHA1
7fd59f275b98e817215223a698c442cd6039962e

SHA256
8f946adcaa2d6398227f5200eb3893159ea2a0d0bb01efc9120c0117e50af26e

SHA512
b916679b3c8bce28ac22ba63fbe6684815acbec4c626941677cf71dbf099366ce0c914a5830475763df73f7fd89e3a4a63736dd205ff6a3cb2e1478d44891a5e

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
78KB

MD5
16dc32ff9e6367adf9f587ea410393fc

SHA1
ed6fba2f7d3a52fbd2040befa0f6a5f50723e939

SHA256
1c1123726d8650a626064884510c34de25c06e2b08fd9e01427908befd71cb82

SHA512
c35797fd7ee1eabd442e118ff40e651cbe49d47a95cc1b2838691d3158aa4996c0cff1f4f80c68bafbb902663d1749775f7793ba07c2bdf345bedff18550f7be

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
76KB

MD5
b4180dedf1c5a2e7a2b97a140e53fbd0

SHA1
28fa5d47211f95fd1c81de72d10ed37afffa40ff

SHA256
c07f2e7cff6a976322dd76102cee510fd89786479832b1de02210b7fffd516c0

SHA512
5992328241ec78e78118bf951f17d5ab2f8856174a4e84505bafc148121185654983792b50c230da790eabc15ef2aeb3ee87e2c62705a79bf90a245796052054

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
72KB

MD5
6a4c7449bb655004005243a3959e252e

SHA1
f0ed24f886f5cc74bbbe3d30ecf9b030b5d9f4bb

SHA256
a6fbc0e4f049c1a0dcbd71592077fd80d62d1428d0bad3cad6a174b2b351f23b

SHA512
e31c4ed01e24e12bcb48947b218c9154964f59d1ed25158a996d57f8d9354e1e4f14e71a26106f56770a69098195aab83ff60a9916bcf7ade39c8e0305a5f1f6

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
76KB

MD5
8a73eb075ce4d754bb1fc974d953999a

SHA1
8f0eafbaa70a408c300efd02c4ea23c345e64c7c

SHA256
36d068946fa56928d7d4cbca2536c3ea290acbcee3f3f43d43e86358b8dc8907

SHA512
8ac37805451056f170c77594c838dbb0076a0641a4c30f203d55f32fbad6b68d3802d96a4001d2cbe45f66fa11373b19ba6439ba59f0663ae852bed3601a040f

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
77KB

MD5
b8ae81139291b01d8a32620edb82c3f7

SHA1
53ad4dd562ceae332934103269b57c2a52957296

SHA256
95600cb97e60e664eea9949db5f74232f5895b0a53baf838855daa2f8c80614a

SHA512
2213fc1d39737568d65a3f33e1347433f390c4858f682db6de81b258463786fcc62da77f7f2327f17e0c8b94b9ff2dbfe1b01f3f34127da2789977ab09658b80

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
83KB

MD5
527fc232050247582710edea14434832

SHA1
70d54d264cd4b85a47643b2b7a80c1357402b5d1

SHA256
d6d813f4bc6f12b38d29e3a252146feb1559c0de1fa69d1c849d7597e86fe3b1

SHA512
d325887339d8bf3e9ef010b343b8d8c77997b4cd3d1d1da8d2547529bcbc1ae7271933805871e6831ef7de2f750ccf9fa4f300a076edeef3b92beafbdf94ed44

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
74KB

MD5
14895490e77a9d6600f0c78683703cb2

SHA1
457956859f679cc67b1893044ebb050675546c32

SHA256
090b2b8bab8322b6e82083a2869b24c80f5683188d71e924dcaa48c655a23233

SHA512
7213479d35022646683d7549004381b96401363bce4468557ed68fb5bd8d4de457c094b68fc175c9196d1c9de9e60342520e3941cc81e4cadcd52b65c6632ee8

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
77KB

MD5
649626202d3e80adfa4dc0a368877c41

SHA1
7c5ac380673b0db29ca42ae774cf8910c21c6e6d

SHA256
2fda29c37057ee7dc031bf682cd5ed4ff0ccf8b616235b607ed1e84789637bdd

SHA512
d7ec52b60a08b05090e97b770be4ae32a80af510e990b9216515209dfb05e25125fdb8a84a956f4b7132e523edfea2304147c97426d125e3f93999ef4a4ba4b6

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
75KB

MD5
e418881f19e220dde6e34e450e4cffdf

SHA1
b1d3a7b97f270f51d72bf5edab42fa665725f284

SHA256
d861fe76d15d68cf88d5f3a0838b9a33c9ee85ef842f104acdbd5b0f355e740c

SHA512
b33a50b675ec1916d9410ad8f654ccb9e8ef5a829d95721acf29568bb9401dfac7dec60cfc7e35b78e022522388b248046f6cffa55a83e3b0cc53f416ed437a1

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
74KB

MD5
9afa4c6b90fad3c9914ace4ae65e18a4

SHA1
b8a2822fb1ce8ed5b403c2aaf03b198b12dad6a5

SHA256
2a80a0de68465f6f904e5fc8e764ebcde5be94c53990d16a0cfe32bba3521654

SHA512
d56c7f504fdd06776be6333772265783c16ba38c8b96e5fc605d0c3cd840731e6d754e2977906b4d03653cea53ce74c76fcbf9d5dc97829f4eec354ec4093f00

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
75KB

MD5
1c1941b55d33d790a7521beb8e6d3cc6

SHA1
e66df9508de7f69748818fe44a1565769b5f9354

SHA256
e5dcf43c84b6a56b8071801fe0e92d1701c2262888435b9fcaf9d7088309413f

SHA512
2ad903b9eb0129896bd89c3741f258c673e33edefbdc361d9091a24e1471280521091fb13eb7dabb8ed92b93000744ee5b22176844d14b29adf787e7b633d577

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
85KB

MD5
fdb0a4c4129f7e0a2efe350cc600afcb

SHA1
a5e5b810ad340dc46aecc7bc31c90037cb189f5c

SHA256
02b3e5a4ef6eddceff22152bf42f1f136b2ddd631aecce7280f2dca13b19dd4e

SHA512
c104f56c6d207fc960fa19460b4ff99affddb7f2b4e4779ee22922cdf2118fd838d4e9cfe63c619e01a7ac34c1cbdbb4fe4b0e4b739da6637a12b5ab8f855f8d

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
78KB

MD5
8c7238dd953174908d714816fc2c67aa

SHA1
19f9fbf281aaa3a5eadeed65a0cd39043fc7dcaa

SHA256
f4051b222a3c7bead778df1d56bdef38d5a56480b742bfb6080fc1da423b11a0

SHA512
9052f58f2ed86f59fb13904bc002bb2a3508f80b61c66cf4918b1a1ff940e90304196afaa8ab2be97b306a82a0a4d3517a44b7a1b7cc11830fc546fb2cb8844f

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
77KB

MD5
9908c72bafa7bcdaad07156fd3b704f2

SHA1
69bbc5e69c98c4359724f3f482f53358701e5fde

SHA256
8dbcd9a2f7afd6a66b8a5e918db66a1de82bcc72137ad49c3cd5c78c1162ffa2

SHA512
43a997451b3b705b713d5bcffb9fe077576f8820a0c97c9d32b80486d28070f21ca16aaa5ae75cc898ba5101ca3eb99ff3bc1d2403b4015cd3367d330a5e94fc

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
81KB

MD5
d5f1531566da00e3fd45fbbce01b4503

SHA1
a9776dbfbaf6fe452f334887d3dddabeb05d6947

SHA256
46c4c85961271e9b5be31530d606c5e76c19eca83da82050d58ea0601abcb3dd

SHA512
750e2cc9c703ac43c27f809c13288c8f2c961a2ac7c966594446cf3cad1435e0868387f06b380bb630cb8d653238a9b27bf905c15d13366fd8545bd644e839c3

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
76KB

MD5
457cd7fa71401ea0fffe6d8fa6783de9

SHA1
3b734786965adac4336aeef5120b128826be38ee

SHA256
eed3f311683e37a123de1e7b19d5dfeb1b7693f062efeb4c4fe5fb860f406fd3

SHA512
1ecc7f3f2d31bf75be194588749e800671ac4c4ae2fe5a9c59764ab102050b07a725236ef0056fc34c322db96a145ac26a871780ebc87a97eaf71dbbccf416d5

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
77KB

MD5
05c49be6811408376f28e442b858fc0e

SHA1
a62ed9ab53b1f61debd6c0f4e78eb9a8645ef7fd

SHA256
34bd1d65a221a3b8174846315146f050e6278e633cd97ac5bd3d2afb285aa22b

SHA512
e8b823561dd841b868db5e094a6968b17d7359a2a66099cbb2fb43996c5733417f47f147f11ddd428321f16225497f94a6063057f4391fae59e35430efeb860c

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
79KB

MD5
f44e484c4e7cbabedfc136fa7cded884

SHA1
57fc3a7967e2eb28e99d087c052ffce877692213

SHA256
cad13c99c4cfa8bc141dc5afb9efe56362c52e71d822629a21c526c90248311d

SHA512
faf078556154ab7682de3707972197f6e05f8ee008d5a6c2fbd987d4e59275244197100d87aaedfe18a63f34717e44c3bb3926fd9ba310a573d426ef397af90b

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
85KB

MD5
77e1d12c2ba6c3fd808dea8f3557cc29

SHA1
b931057321dbb63fc8fb73d5be17b67b158d25e9

SHA256
f1431d4e339e49200a5be9fe2e4df5d5699fc74f83f3d35979aa889b12de96fd

SHA512
ed8bf0eb0bb66ef8bd592d2ea0397ba73a47dcfc1c16bd9e78a706f4b7b459fb1eacf607806d2cbe8271aa54b60f8c4d75923e0f2de30384140c92d5294c2622

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
75KB

MD5
20960a894e7d8c6d89122961601c9127

SHA1
e4f02292264a8757422b696c8f9cddf50779b796

SHA256
953a9dafeb1bdc0963276213adae33d4f6c40766c9063f979f43346d7358fce3

SHA512
8f924c25d4ac3cb57671f247201abba8e138b8c811b1c4f366e998b92244c747f82d1c2403ed31906ec3ee7851a45a31a8a7cdef6adbfdd28ebffce057060e5d

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
75KB

MD5
f29f138a7dc363891b34f5f8495a4401

SHA1
47056c7e659955194246ca3c5d5a12f5a513db58

SHA256
65f03159276b831d3262df1292bb87c15152a1fda115468936adc1913ba430a7

SHA512
bac9879ae216f174ae3a4a3d5b1a5510ca7d0d3bc47cb221ad23d25bed11f49dab6e3eed4d9a12cab31dddb34eae5efaf68deeeb110478f4b137ad20e3bd7ffa

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
78KB

MD5
175cd1f18e0127e71cfe64e7f4741946

SHA1
92c8f146b1e2d35143fdc46c2f08b59ba9420504

SHA256
2c9a3d780f0cb2ba077bd3949d2a03fd88836fa99945a89f021e838bd13a5fcb

SHA512
fe5666660fe9ad5de641d59b5b1e79f53ea303c68bf3a034bfb568ef72e13fbb01fd564a408ac6b9188e6d812bc98e43e5e16f8ac43b57a8859b2a48f74f3c57

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
79KB

MD5
496f725cc91f03e5189eca59ccf0a94e

SHA1
0d0c6fe4d88b09369bea69c794ded2372a5e3d18

SHA256
f50aaccdc0e54a87ce9176d2dfa2c0e215071dcfadc277e7f48107cf5b7daabc

SHA512
4cf3761d99eb0de455ba39b9d0f182ec9a224506f07dd0c1990b80328ba07d481652bb6e61c26289511fa917473b3281a1c76c2ba3e29f75627eda35055ce7e3

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
72KB

MD5
043e01770c97e088bdfbced8290456b0

SHA1
c97eda92d2141cd78544b83a2defb1270bf04140

SHA256
bbbc037afbdaba0379fbf5d51683857ab536f9f9a04f69cf9d0e2c2e89c72b01

SHA512
d408062a8a773c809ea440d142d28ef59369f1482d4186501094d706c0026046c654ad5a11eb9025a155beb398f81c9c84e336c2d0bc8627d322c5bad10dab2e

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
79KB

MD5
b3ff6aaff51c461f4358c44ae6bcda3d

SHA1
0d3be4c4706d432cc9a2ba7c31dd560516d88252

SHA256
a8c40932e56057d3afdd8d77226c2680805f226fcd4e04d106596bec00a62301

SHA512
39597a617d89c9c6817999711f030e786e97d6f7a3d53e129066a5e30af22363bf00bfa15d07a76c290d86f04f485b925d7cd1d5c6be6d3c4f707b9d77cbb199

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
77KB

MD5
7d8ee1d00dcde46821ed741b6ec552f8

SHA1
bbb172053621d9f2bc203f9b6f884d4239c5c49d

SHA256
e811b27f2d0ab32ad805166a4962c235bf70c9c257568d8e0a6b36e1a96b7d65

SHA512
6f62854c281666d2fb9f77e0238fc0bd7c1d4062b9693216663969f1e910b77921e1cb4f7b3cbf215d28f4b21a9368ef434705f62a19d3c5311132a5dec84282

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
76KB

MD5
2d1520d9f0ea13788d81f05701999e8c

SHA1
905ed7eea3fa63fb590ea5f64c8e7fb55556f3d8

SHA256
7f1d158967ea7ae0b37a1d69bcce151696a8cfa6398e9757a5505304eec81ae4

SHA512
cc9caf433f6151d0fdc0dd075bab74e3a20dc427907214923ec97ccfefea6cc76d6e7b29d91c49105b3a96bf87ecef1158880eccaa67dd729a463bcae6dde282

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
86KB

MD5
9bb328187b006b49ccb0d0db5d79c2be

SHA1
b0af532f7d9c296d528f5d90fd0e8e3ead76cf8e

SHA256
8ed63d6fb2b8c4dc68400da9ae3d47b23a20b3d0bdec194a1ef21855423c6553

SHA512
be7b55ac838c17102f3b81ca84c7d597d282059c30b70c4b10751edf6878ae6d5dfb0b97bcf445884924f177e4ac0b1c4c45406c6f580c09575e17cfad537678

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
88KB

MD5
47006ee78e06e2b09bd05c90aa3c8a48

SHA1
ccb162d92f54b47ef518e270b162f67dda0f6106

SHA256
8f936d9679d669d35c488e403430c2c8dd673ec1b76dc7a744e6e6dabf7c98a9

SHA512
0a5a099b6cb3a2fdd45a62109aba2f9313b6644eea9d71848909a801a52ab282e4dfbdccfb66740110bc96cf29bb0101abd1b2b3be7d124f305eca1f63ddcafe

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
77KB

MD5
f71517499cfae7839d67803421708fa4

SHA1
9912a821a9c9dd6b32fb4a258b1fbaefd355f7d7

SHA256
8cf312c1d2157098469a66ccca6683061a357b8d72d7fb0fbd2bf8855f39a29c

SHA512
6bddb594c40381598900788e9efc3aaab73355cb43268c5a0d52fa0e364f47e1ecb1457f4f3c37e338535a5ba524b779e48199fa08dd5a74f763ad74821aba0f

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
72KB

MD5
b64efd379ac2e198d96c30463264f7e3

SHA1
5ed86533ff4b0b305f6d6472d2132ec64313ba68

SHA256
8ecc29b6e382a8d5247820309768cfb9f3400f3042e3ba28285090667cf73172

SHA512
df43a8c40edd8538ee3ed4167e0722a46e3321b5020d23ee15b344134d571acb75d4d29db19c686bf6028f220b5bf7cec87ae8eed05716203f7bb69721aa2846

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
67KB

MD5
95fe7b334655488645f1c7d0b4eb3cdb

SHA1
4e5ef2f3c545e9d6a3c0f803e788e3da383111e5

SHA256
7b1c3e62c81c299d7731116b719e0a432cdbd0737df88e9e7e88ca2e9e7a8c8e

SHA512
1272d571b6237f8ee16805ffc9cf59682f7ba865f096f9aee17fc8bca3c2c99b973cf4033fceb417547b05936d0eb41d392849bf48a8cbd6a44b9ba6db3df9de

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
73KB

MD5
4f46593aa8cc1afd869bbb2f71178f7e

SHA1
0b86fee6ec8e2bb681c1becf00360556a4998d95

SHA256
8f4c2917098fa19b62c520ab98746b7e9429a532fb4c0891f8311422b16d9fc1

SHA512
8a6eb0652a8ef6b083ee3cb03fb4bf2512ff42aa9b77a4025f3f49e3cf78d727ec37dc62340314494d8d081e4526a39461e413205f60e79f6e811492e5258cf9

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
82KB

MD5
47911a41a883a5de239136eb5eb08632

SHA1
55d006897d06e294a5939e14d8542ec47e0ffd14

SHA256
6f5f7dc12bce92546ebf5432d8442ec6f144605ad7b08f8813fa29786a0c8701

SHA512
47d4c98525890c6eb7bc96a70ff45b866f640be568442f28c0dbce2b902002874a1cea8e937982a55f4014f7f07d3fd08717114d6c5d03f6f19095ca3fcdc6d9

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt.tmp

Filesize
77KB

MD5
0f2fd55c344dbe0cf687b5cf30d12750

SHA1
6d75e8a9ef8e524ca6868cf3d26f7e9cecf7f5db

SHA256
70db831b4fe171476d35ff8961f20c6e5b37d87e574004f037bfa7a6d429ee5f

SHA512
a6a19738c1dd275b5a4a2ba8ac5168a25805a211a44d93a505e808e21c5d7f504b7a71040e3a2e7c41d5056eccfe488fbd4c08810cba6362b13cad804213fad8

Download Submit
C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

Filesize
76KB

MD5
18630198d1a2bc8b2427376d7949dde5

SHA1
b3dd379e793d594334323533963c5b55b915f0a1

SHA256
9381d70f81867e3632eb2c883d874108f5cb8c494e329c051122b7fe3f192ec4

SHA512
60bce8ef3e1be8c23606753ec13ff2ead5373a428e9d57da2b1b0191fc85609e0e9cbe0687a8919222757b9a5c7ca27dec3d4a688afedd79fd26fb9011967216

Download Submit
C:\Program Files\7-Zip\Lang\ro.txt.tmp

Filesize
75KB

MD5
c1a0e0a3931da09dad9358d57240e559

SHA1
e1ef30312c567d3eba63a26fd33c1c4feced9af2

SHA256
27444d235b417fa143cd78b95b329e05c7ffe4a058d2dce9c5e311603b2a8e0c

SHA512
c114a542a28a0a682dfd17402d5fbd603baaf508a213958fd62e9d04c7fdeb6ea0d8706977d5bff2228ed90206ee8d842bad4caa88992323374009a730b73fa6

Download Submit
C:\Program Files\7-Zip\Lang\ru.txt.tmp

Filesize
82KB

MD5
8e30e299e94db457fb7f05b189d94f82

SHA1
1a872c262366540eab8af1140dc364b8c1dac70e

SHA256
bc243dd029b6e23a5aad3d47b1d9aabf8fe9c2e5b010908c747bc145dc1e7dc0

SHA512
7a2062451bfc042fd9a8d0ec7f7f7ac78748c9295450134364b9779fc4b6a7c8fa52bc2e8c068c6bc8c2acc7cfed3b5bc9df510ebc96ba81fb46094813bbf8f6

Download Submit
C:\Program Files\7-Zip\Lang\sa.txt.tmp

Filesize
86KB

MD5
61e141ed14b35aa6870360f26a695bfe

SHA1
fe6fbb94906f6016cb2c6232c19c26b88c7139b4

SHA256
c3a0b328c706644b2b2edd7615fad59e886da9d0eff943495aed6adf210bbd37

SHA512
95288287997e788d53d2fbc4e11a42ffaf4a6dbbdbeb0a2e7f7d53e7bf047eaf8fd2e7d371c9e47df6dd731fe48708132ea401708b036ac5280f7b6d05249f9e

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
68KB

MD5
875c673799d1a01cf642040057211f70

SHA1
54a1fe3a8beeb56a53a581a1ad526963db212af4

SHA256
dcc63a9cc85f9773371f8b337aa818d113664a42fffcb37a9949310b98bf10d5

SHA512
68c3b840dedd11ef76808a37ad3b891d9a8d65c52e4508a8664b0f194311fbb4864625c17f144e16d4c1a2e9102e8e364bf0d48666ba7acd209f808bcbc6c198

Download Submit
C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp

Filesize
73KB

MD5
6ae348164d672fad16663bc542573e0b

SHA1
bbbe80aa4fbc73380d89ea4a52fb81ab7561ceeb

SHA256
bcf29ff197a6e1549ac3bf706cd3edeed89cde75d74f2f73b48fa8d641ecf63c

SHA512
f13e655fc05a95f26204761462180b1294de211b3bfeaf7f0cdfbf8173b6cae94a5b8618ae897a6c46ecf61cf24ae6b7b5b842ed3116fa2365cab0d90aadf5a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MS.POWERPNT.16.1033.hxn.exe

Filesize
67KB

MD5
ff67069b1260f64a9f210332a07dbf65

SHA1
24ff30f95c5d641fa2201336a59819fcd62d92a6

SHA256
923d230e460c6c26acbdde96a55280f4920280a92f4bcd6e3c5b8e5ae31c24d6

SHA512
578b7230ef0250422207393b7d2de6de03912f66e0ff721bea056a06d3f6fd3b904c6cac8104fbbf9af65855baf509c5216cd0834c95922f8b2adec08965039d

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
67KB

MD5
411a32db65917554e566668c4e6ddf07

SHA1
e11b0274619e652bac2d59b0ad77ffb4bca9a7ed

SHA256
5e0b58b1366f940c761b8c92a8ccae4d8acfe88397e0596d0c986a3bb287f319

SHA512
8c7a0525e5aadd07795d91212063247f901b5e3de125cbd4bc27ed6239333a19ba2ee9be2e57900a6b2c87b8f4ca0b8f45dce9b3dca6ed0b19b52682130029d7

Download Submit