48356a69f2ac21cac416bf54cd99940148d4df14360b173b06ba056b1253c99e

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18/08/2024, 20:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

48356a69f2ac21cac416bf54cd99940148d4df14360b173b06ba056b1253c99e.exe
Size

82KB
MD5

06b636a0949bd7858c8e57a528e1c84f
SHA1

08fdd5e3f8920730c5df55dbb8d5e4110b42df1a
SHA256

48356a69f2ac21cac416bf54cd99940148d4df14360b173b06ba056b1253c99e
SHA512

56f1fa9b75f9885b30218c4d60f6e711588b3a0a21aabc1886a6fd209bafd66401159bb62696641e624863f3d743a0dde24eec748413d5de1f91581302d51376
SSDEEP

1536:W7ZhA7pApM21LOA1LOrtkpt6uZ7ZhA7pApM21LOA1LOrtkpt6u/:6e7WpMgLOiLOrt+e7WpMgLOiLOrtG

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (5362) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
3744	Zombie.exe
1504	_Get Help.url.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	48356a69f2ac21cac416bf54cd99940148d4df14360b173b06ba056b1253c99e.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	48356a69f2ac21cac416bf54cd99940148d4df14360b173b06ba056b1253c99e.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Marquee.xml.tmp	_Get Help.url.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHART.DLL.tmp	_Get Help.url.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONGRAPHICS.DLL.tmp	_Get Help.url.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\ssleay32.dll.tmp	_Get Help.url.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN121.XML.tmp	_Get Help.url.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.tmp	_Get Help.url.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic-Palatino Linotype.xml.tmp	_Get Help.url.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp	_Get Help.url.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Xaml.resources.dll.tmp	_Get Help.url.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Excel.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Annotations.dll.tmp	_Get Help.url.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL010.XML.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-100.png.exe.tmp	_Get Help.url.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Xaml.resources.dll.tmp	_Get Help.url.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ul-oob.xrm-ms.tmp	_Get Help.url.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\STSLISTI.DLL.tmp	_Get Help.url.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.Primitives.dll.tmp	_Get Help.url.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp	_Get Help.url.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Quic.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClient.resources.dll.tmp	_Get Help.url.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.EXCEL.16.1033.hxn.exe.tmp	_Get Help.url.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.DataContractSerialization.dll.tmp	_Get Help.url.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md.exe.tmp	_Get Help.url.exe
File created	C:\Program Files\Microsoft Office\root\rsod\osm.x-none.msi.16.x-none.tree.dat.tmp	_Get Help.url.exe
File created	C:\Program Files\dotnet\host\fxr\7.0.16\hostfxr.dll.tmp	_Get Help.url.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\C2R64.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml.tmp	_Get Help.url.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	_Get Help.url.exe
File created	C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp	_Get Help.url.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationTypes.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\include\classfile_constants.h.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\lib\sa-jdi.jar.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ppd.xrm-ms.tmp	_Get Help.url.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	_Get Help.url.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Metadata.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\c2rpridslicensefiles_auto.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.ZipFile.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\ReachFramework.resources.dll.tmp	_Get Help.url.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsBase.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Client\concrt140.dll.tmp	_Get Help.url.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ppd.xrm-ms.tmp	_Get Help.url.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office-client15.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\WordNaiveBayesCommandRanker.txt.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.ProgressiveProcessing.dll.tmp	_Get Help.url.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.tmp	_Get Help.url.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11wrapper.md.tmp	_Get Help.url.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\javafx\glib.md.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	48356a69f2ac21cac416bf54cd99940148d4df14360b173b06ba056b1253c99e.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_Get Help.url.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 3744	3000	48356a69f2ac21cac416bf54cd99940148d4df14360b173b06ba056b1253c99e.exe	84
PID 3000 wrote to memory of 3744	3000	48356a69f2ac21cac416bf54cd99940148d4df14360b173b06ba056b1253c99e.exe	84
PID 3000 wrote to memory of 3744	3000	48356a69f2ac21cac416bf54cd99940148d4df14360b173b06ba056b1253c99e.exe	84
PID 3000 wrote to memory of 1504	3000	48356a69f2ac21cac416bf54cd99940148d4df14360b173b06ba056b1253c99e.exe	85
PID 3000 wrote to memory of 1504	3000	48356a69f2ac21cac416bf54cd99940148d4df14360b173b06ba056b1253c99e.exe	85
PID 3000 wrote to memory of 1504	3000	48356a69f2ac21cac416bf54cd99940148d4df14360b173b06ba056b1253c99e.exe	85

C:\Users\Admin\AppData\Local\Temp\48356a69f2ac21cac416bf54cd99940148d4df14360b173b06ba056b1253c99e.exe
"C:\Users\Admin\AppData\Local\Temp\48356a69f2ac21cac416bf54cd99940148d4df14360b173b06ba056b1253c99e.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3744
- C:\Users\Admin\AppData\Local\Temp\_Get Help.url.exe
  "_Get Help.url.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:1504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-945322488-2060912225-3527527000-1000\desktop.ini.tmp

Filesize
41KB

MD5
d994d656010e1dd98bbc9dabd1672e93

SHA1
227ea2ff44eb141bd5442c6e419b0b7c01bd91a6

SHA256
437404dd7afd07c0188c8f3612b03cf4a81ba398725348a109d88fac3fd5e6b5

SHA512
d3fa8918632a3627ef859c5d6e9beda2520afaec3218fbe4f36504b88f515f67004a13b180bc5215448ebbeff0a0cde25f03de97832ebd71b398fa45fb6dcfec

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
153KB

MD5
130d9a0b47eb5c315aa331a56c41da93

SHA1
b577a6748a3af25ea839ff188cdbcfc2943a595f

SHA256
da2494f65076d6fc0789f62b37ded8a53aa31ef7d47127f9ae961e8bc6e02369

SHA512
a7ef98291a2ae6efc661397168c7d4e845b2f509095fa4d112c207bb9f3055aca0c5bf54f9a64c9a9e96a5e796a71721c3707d2aaf2f0431c3e6ad232b902cb3

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
140KB

MD5
7976c91c20a9ee7fef2a8d6cf44c921f

SHA1
8fe6b2e7a16748b0f68e7e1996d89d1b021f1177

SHA256
3694359468323ef808b6a5067439753386c9c9126abc5c0980d3bbb0a99bd2f9

SHA512
66bc4c66102c43a4c8571c0ee5b320f69eec52efdf07476e5ab4df162e134982762e3801b35fc5833b655ed41bdaa94d1e253b81bf551acc782cb532f5b0c61a

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
140KB

MD5
7fec65d510cfa7f259dc32876eb878c9

SHA1
622fe9ac4d2abe5aec5689d6825b18a3884d5315

SHA256
751ac40ec138b4a3f2cb56d24dafcbb850f22b082f8ff0abf271b3e47bbb52df

SHA512
0c408e2c13bdc55a6d17d0b2ffbba7427848c1c1bbb1cb80efa46783185a02ff1e3208fcaed074b926978e27c01543e1770959aaacca155c2cabe8a3b37a899c

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
4b45eb319a68766c9db8644a4883ecda

SHA1
9551ee738d597c1425a7d0b08e2e1eb7e7a31baf

SHA256
19db6a3b58c3d67302aee8f6170134a4a1f5012bf43e26a33c93888f58f85d62

SHA512
8a6a94f00febdef603d5664c4f2cbe79be8eb56d841d30757de286e8bac564ba4e95e20b379572a76561a3583930d7e0f7d995b29b53b43416c02b2199b4ae41

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
1de37f39ffdd11884e5ab282cbdd7a21

SHA1
e362eda4bb16475d79ee394a3997d6f5d91e7296

SHA256
62780aceafadc4eb89b6ab8b161ee089a80dc59ece8aa8a21940432f912b6e5f

SHA512
408b6014d49715d066f75a15a720f9995193833e1fed0b51694ff00019350c693e7b86511b793501c236f766010c5dde48a7e1c2b30bdf82d2258a8b040873e8

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
585KB

MD5
66d47df27826dd403561106f298ac007

SHA1
2f947695811a6ab2ec3c5704b4103b5c60291a63

SHA256
f7692b8b4b7295b821eb9183f9a409f6718da5e339124060e98c4e9416df9427

SHA512
1048df70540b5705be7f6195e7fa3b350582804bdcfd39287f7afd839350e9bfcf99cbc8ea1104cd24e707a2702c85059b273113692088b56698eea2b6b01619

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
251KB

MD5
207d46364966a8aa288d0ffd1edf5927

SHA1
80520db9eeef33d3adffcaef40e0a9a193e15375

SHA256
2c0557e94487b96d35edc7766994a1c88516a8298a64d187c3f8af7687e5a38d

SHA512
c62677e0b7dce0f986fc3260574ba2ae1269c3c3f739346a5e54bb1a18db792dc388c0705d75c16bb1c2ee0d63c76216e860ea5d1da309848ef92023a569645c

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
230KB

MD5
c7a4fd8aab2cab5fc341386fa871882d

SHA1
7622d518256f5e4ab54cb1c2ad9f5beba9b539f0

SHA256
dada5cd5ecdcc66dd91d05e695f7ec77c758fd7d2fbe37cce9fcf073eeea6be1

SHA512
6f49138e4687bae03b91afb7eaa4646e92319c138b7439b7077a2797950e913f0fad8c4b5a1a90f148b516db3a215bb6d20c3f410ae1cc6f09fd98316cca6495

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
972KB

MD5
84a14933f5a6d45a4042d7981779277b

SHA1
815a8022cab90837ab777f60e5ec32f01cc32eec

SHA256
bd052dce81f724eb4ddcb0e762d2a5dc7f6f4f6ed63ea4df959528d09ee45162

SHA512
f3426f59b3ce1b5eaea908015d141bf46be0154ba6ccfa8655955aca7a9127993a24e18c43e97e36b2c48ffcfb07b1727cf68c841bc019f8378c2033ab621096

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
725KB

MD5
e429b61c36d9a7694b1b57e9e6abc0d6

SHA1
a3d94ba91471a82652d9eb776309ef6cab438db5

SHA256
954d2c2fca68ffc218d7170408ad77e21540f4dc4d70dabcd32c3a3bea596671

SHA512
1a3d1e96a946ea407c6b32800a3b17098fc656c14b67761141d59d7f85440d9868ee92b22ff1f5eddfbbf54adcd9bac3c0c93fa3c7efd300cd62faff8cf29c4d

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.exe

Filesize
51KB

MD5
e15ec569fb3d553e54d4b67265ef27eb

SHA1
6fac436038f0de80c17396e983f9f6bb5c63eed9

SHA256
9245e6a2860c9609aeb40236f56381ab64b345176e83e3c59222fd7b53cf4a94

SHA512
3e4bc1fe24102b6bb8b12b1c0a3036d556a8aba74a2f8eff005f90ed33ff58d07255fe1f0e89f5291fe759b0760d055a92d88a889d86092865d751e68923bd43

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.exe

Filesize
49KB

MD5
421f8af91c01e415d2499528a3888f55

SHA1
e3c51663eb0e262f904bdf151599cee1ef07839e

SHA256
bb85c9fa4021321498abd8b2ba4aa7609c1997a2a85633c758b31523cdd69ae3

SHA512
e609470887166d0fbab6f4f541c4e2e7f98f26b6b4a071f15c6dd03d7c944c92f0955a3a49df005ac57b9f505dd62477b79b3674336f4a4d056d0b8cddf626c7

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
46KB

MD5
4975eb72d12adf51ec03f223e172405d

SHA1
d13bd7c5ca0f26b6f805d4e309162be7c6fa7fe6

SHA256
c41aaafd1d326d953aa7b1cba0cf6557e0cd757694eeca40c990c0cc4ea0584c

SHA512
6c304914fbd8ad1b18ed2c7844c16a5f0ba149d55c5266db8b1f98196363b50fbd53bf26e733f4ca98b6e393ef9a5766cd7e33cb18fcb9e4c6613e612ec6ff12

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
49KB

MD5
eb2e2151654f10ede4c1957890ff6c54

SHA1
37bedbbb258a93e13f9f55194edc00ed6df2e94e

SHA256
b6d93c4d3369773c4d20768136e6390b4de27b496cc3ac22999ce23666e4c924

SHA512
6bce111104c1fd3ee34ffaf182fb7f1647a0afe66a4693cf9dc7df190a763300ad660a5da148214bb79b3a80c416cff099babcb01f3427c47d0d4e72073c05c9

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
49KB

MD5
b660590000a219f9eb9486ffa099adf5

SHA1
5f57d70a4719298da25b0eaa6165ccafa809eb0e

SHA256
62e9518798cb818efb4fb8c2c8aeb29f44e4a56da373c84ab34ab092a5f8f501

SHA512
ec7bc6c1b759063e78ca4155e4649fe584d75c47e022e93919de63e08f8433b5bf83d100c9d967998023e7eae4ae57c36030bb051c8ef6d90613c3b1fc4adf5e

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
51KB

MD5
7309102b3af6e8deaa3f9b3600a84578

SHA1
0916352c8c28b892077e34f722828bebe78156ad

SHA256
5a612a1f377fd8297bce3f7c1f1dca0f57547ef53073248e00698fbd7331cf4a

SHA512
83bc912ebbdd9ff92fd485ab39435ce2b9b5de30a3cfa4247a5f5073cbdfd39f6891e5cea855697f482511a35601036352b8017c56ed3495c22bd1cf56c017b5

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
48KB

MD5
e1ccaec17c636a1a6ee2be1087a046d8

SHA1
23b4c4c0f9df802dbbc8c7d571c341772f2c909f

SHA256
1fe77123ad2e3ef88f4f5a808e236de3f75921cd741edcf1a8fd306c8e29f159

SHA512
5241600f860c6b707a3665bed7807c825ac3cd61602b873ad7d86179bedd509d2d80d43329daecf91862577190d0df121dfb1209ca572af87aee6229621f870d

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
49KB

MD5
d9f3a3dcf222878b8ddf4f64c6ddb77b

SHA1
3d08b86c87e43ddda31d568f94919af103b741e0

SHA256
4766fa7533521bc8aa938a545e4cbe3570515c6c37f98a478cc1921e155be285

SHA512
7564da672077741b5bda96b11da43cfa09a7c55ae538c85086a48f03b55c814ab9835409974f77e58c646bb559716944d33071b34f6771862fe339f50c3ae074

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
55KB

MD5
ab76a8f7e566994a7ab099ea57ab96d7

SHA1
59df1bfa9883e6f08857a82053714c7133319d45

SHA256
3696f8a337c8e8b0914ee42eea4a29a31f48e05b0bc9e874450b6d710d9d747d

SHA512
9bb19fe338b9819de97163c9ee6e3a0d8381dc6a778ebbf42c2dbfb62320678e997fa13e5b7c8c58bff65ad3b13fdcd50b3f397324c96104ac2e97450450cc0b

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
50KB

MD5
4ae474922ca6bfcb78525fe7f8c56a3b

SHA1
9bc488e7a49a94004abe09091ac60ab802e74bb1

SHA256
7cc6a7dd90bec3d4fdc78d2406f55cf941d71bc2ea96b881d47f0abb489a4080

SHA512
8d498fb9a655985b25c600a21efabbe93e3e609b6e5a2fea4d7aa94cae31cfafe724c60d0fb2d6cd15f481c580c6f9c61c9677f6ec5943e53f3bf620024102a8

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
51KB

MD5
951d48283ab70b3c1630f4e3ba762298

SHA1
ef54ca9d0fe318e3aa2d1f22259a5d7e707e1686

SHA256
58812168bded3bdc7bcea64ef4c3095615f87104e17bb4be855efaba06ccef03

SHA512
673f89148fbcd3e7eab92f1e35b53a0f0968baf7780c80d8a17131d748e1023d14822956b7c1caa7d6f81b56d5297dad0d8981757e9a57854d4dd687281522ca

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
49KB

MD5
af2c5e520c447d437f59553681364be6

SHA1
a552a0b31fb476c2d5b983e602cad7b9395bdd6f

SHA256
a6f9846756834264471634c2df19d524a6a7161c73573632036fe9a518d4532b

SHA512
8b9a060b66719b70ffd9778f1fe02c9121832b09362a14e79a0b131cf137fdd3d0a6d18afe712b97724f7d1dce0d6561d1547fb1301cd8229c50d4b794981b0b

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
49KB

MD5
dd55903f7c1ed3f41acf1ccf475b5cab

SHA1
7a9bb0cdcb0063357699a90c3f4c4620b5325805

SHA256
2a22043584ed00f6495f7337c8e3b0ca5107fc10f77ab7339c4018ed6d2a1f27

SHA512
a96da5f742213429a59be2f04b796ba72fc1e92ece4d6e030d6531be802721220c91ec4cbf8141ffc7f54f688281d5423c7cf4330d43b0b96f3a7801c9a0e2a4

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
51KB

MD5
1e567f5a0ee8cb898bee7be35f563c79

SHA1
e71f4bb133dd075402df2a54f15a457aa4e3753e

SHA256
83c1d502e93a436bfc04613fcd115f36ea7dfc5b2c16ca01158c57a86a453bf4

SHA512
cc3747902dcde8a434adc9f0fa8a9074bbae08c24fc8d1c4cfe7221138ca00ccd93fb6b36dab2b664402a740389f6ce2a339dc478f54fa33ffd58efc9a803c1f

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
59KB

MD5
3b8396beff000f9318468e43dd35a52d

SHA1
f29245de95bbe3421891184e4bb9ec033b0d37d3

SHA256
ccd97a14af61c515c2566993cfb7b2b70761585f49c78c405c2d63ada1a779c4

SHA512
ad8a015a0b820a3421352d8b7d97a4a2f3be48439e129e875f97002e45caa224459f7520f3d0338083f36fd9b5220506808547c2de37547f013fed6391c7fded

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
58KB

MD5
fd45921b962a1dd52741b240323f2515

SHA1
06196f927afaacce6d8512b1b84bac8ec035dd53

SHA256
881c3278d7a7eb1279823fd06aab8e787b005cb9700ef6a93c410612a38026d5

SHA512
a335d8362908748b85e36e78f0621bb364971c21ef25ecff6dd2422a9d3c1da8f6bb75111b4cb7f67e833102d4e5204635cdff5f24a0fc86a6fe39c6d1b13cd1

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
49KB

MD5
20208304740ce3536297f0e96af18d56

SHA1
66fa515e165d1fbbf26cd6c5f478bb8c147e5c07

SHA256
79d6225e845b3c409f7f7113d2cdc2c17d4943a5655297457f58d8fcaf890ccf

SHA512
e82ef937c00433d6fcaee940b9ac0a1c436669c20029addc813321dc6cc150a53f86e71ea57a02fa8c4d728c2044ccc751d1e9934735c49f7a44a741cda2addb

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
51KB

MD5
c87ded48e20c14ec55662aad958c0576

SHA1
85dd942630c5e76d536a16b652c98cef2f0ab4c5

SHA256
90594e6092575baf133e5457de0c75925304cb3b7ac6dc1b5df94c305d6e220b

SHA512
623d60ffc8136ac59250e98363644e2592f70776f5c112f2edbd2df50e36fd296f4927d892f4d4aee4c0ea02862bf56af38e93bbbe73b5c729ae8531594d412d

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
50KB

MD5
44c0b30643d58279a94814de014b2e36

SHA1
ecd76a6686fb3ae96e7fc157196eb5ab8ab692fb

SHA256
bfa6431c5346592b9074042166bdf1e4d484825bed205f1a2611b44fa8fc354c

SHA512
e9c477448554fb07eb3d531c3b50ad87694c5d34a20bf45446125287c3c7cfbaf05a9c3eff0212a16b43f476e998b370b9b19da55e17ed7134649d582fd635c1

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
53KB

MD5
39528c7cd27a938a9f93379dcf4a45bd

SHA1
f77ed6150b090282ecc240c087a5c1270fcbaca9

SHA256
961afd1e8addc2f32ef965a791d3e2004d4e11770fcebfbf5e8f776f6162745f

SHA512
c5bd5ed98930917517c7edc78653a6711445d3bc8d242789bbb1bfdc2578f5d375cbde598ae48cff12a959d615f4283ee9ccff5472771a43342bf7f3199c00fa

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
59KB

MD5
2e5ed406dd12ff19772cf729061233ea

SHA1
e6a41edb3f572b1e884704b9b0fa68d6bf1560bd

SHA256
e1a2dba07eeb5dd47284b30f6257c0f757f844f52dc8bc3ce365bf905d919b56

SHA512
26da2d122f0cf19e837db83e36abf14e85cca643f8f8767dae71c0d6499b383d7dc82682db83eadad8fefa249a9ffec15b497db0633a86450f2320137502369e

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
49KB

MD5
ba288ebf7fa1e5ad13f78ed863d876c0

SHA1
b76d6b0ecad670d31cc6c46e78753245840bf2b3

SHA256
0c0fee8d91a0f5f3a18605189a3930748ccf62339d7fe5a567255380cc4e1c58

SHA512
8c761c6f0704d38d1ad69c8a8613bf54c07194ea178e1b53cbc6c9068ff422125a61b36cead79cae9c3122fd4b77b56dd9ef4ed996e468b83cc45472b97455f0

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
50KB

MD5
ae83800ba337d9f9f2ee7af17c35069b

SHA1
2c4d53a77907a23eade26b013248defd60e933e9

SHA256
86e9fa3cf4fbf5acce0d37ed4fad8d1434c281f60c7fbc8c71eea033d1f3c47a

SHA512
536e90ef50003475f7c3a49cb338b8e0e2e3c174fc85c3d23b2a55116502d39a59f0fce6f04c172fa6602fd11a76c157229ea76d86b1e6ce6346734f0cf0b765

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
53KB

MD5
747105a43119b622099f3d4bffa773ac

SHA1
ee5f1e94d3bb73dea86099afb1baef20b0e054cb

SHA256
cf3b75d3ddf3f420ba7af9a9d1733daba431eb9e17da77a9cc272a9bc392db2f

SHA512
10adbf442a38c677cdc043eaf378b72dccfddc418d8298b7ea7efd0686a17dfcef81d560a60166bca720db6e0034ec4a0e61fb5fe4342fe1ea82d2a414a9affb

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
53KB

MD5
fa3481a54516b2b13636ecfff87ba59e

SHA1
6766a61e24ab428f8f89bfc88e6859d74dc4b4db

SHA256
58a938ae91d5e8a51b4da8409e90cce7e94af09920275347915c150416488062

SHA512
039e0b81dfa1821afa29500399bfe0319c65d22447177706d778d1b2c66b7b2dee52b4a7b71bfa3abc043ece494176c0d36f245273f7cfff243edbd0d0900b25

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
51KB

MD5
5fdfbf3e9383363741863c332831579a

SHA1
6ddd324b38914762474267c0d80e66258246055b

SHA256
467014ca500a6f002b8127860d5192cf068fed5fc65f282b1c54cd7bea948de2

SHA512
5876b869bfa92a4552d4fd120346aa17d05111695b22e415ba90234f5615b84232cdf20c1a8243bb47da63bf31aa77c44eafe24f3c638ec2e247d1b9d6f9d4b1

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
41KB

MD5
46c91589b97e3d62dc5e30d3e23c43e2

SHA1
7484f1c059d356240e89f2bf18ab9d4a62bb753e

SHA256
56b760bdcd70078017f8d14594edcb096904d6b2c4bb770fccaec35b23acce47

SHA512
432d563a7307c4f7d072a33aa6339e3eb85cfaf32f937393fabfad179eaf08d9891f4b8b5222ba81f8f3de0b84ce25cdf95265196fe04f56e6ff8e879be8b2ef

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
50KB

MD5
3824e4f2d0de42585abbce2594401a33

SHA1
a12d975d24cb534fc472104ef2166ae4383ecfc0

SHA256
a342e5b2c0b64f51724e06a3abead494bc8ce776b37db260eafbe275bfb1dff1

SHA512
8001f3c3fa7ef646e3ebfcd63735bad901f3c24c45c619b25f236d531309f03dabd89b1b825962cd8ca3eadb3f5f08bce90c762ed7ce303536554ec24b15a3a8

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
61KB

MD5
3ad86893bfecfa5c4e67cea645c5402a

SHA1
b9866de9cd77c77ae9e100b5b5706ce1b45b07e5

SHA256
1ee7b45b557dfebd4573911b4b9cbf692abd43e2cfd1191920e4c148c8b12ed8

SHA512
91d144e2b76e64aa41bcf51d0d98d02a3086f590d865b48c8df8f03f9e8d9bec92583a66690ef6a389042d7b9d6459fd0f98516cec1f46a265625cbde823ffa4

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
62KB

MD5
b507d4ee86540fcd378a869353146fe7

SHA1
02742d70dfa19a2aeefcac2b779fc8e0969ec753

SHA256
796533a11ebce80e3e2e5be777a8ea06e8b692c31f6616d071b413b39355dd1d

SHA512
39ef6504819a574a237e17124b7f9ab7b34e4bd1d8e38f462ba4ed7375609566f280049a8aa42b9e1c1425d77dc20a22caca5b0ee86d0083bb100cd21f18e934

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
46KB

MD5
f4d097329f1f9699528fa99e91a31ea3

SHA1
9d8d07ba2135bcb39ac8d713238b8c3372a37b01

SHA256
213b97352bd6093c6e36ee07aba7a2a4f87698a3920f07b5fa2439296dff1eb0

SHA512
3381bc91dd81a0d4a7ca8f4d70a78467288544531d7b78f051ecea9c6b6bcfbef5a94a751c0365cd877f1807cab3b1bdec33bd343bcd46484b37a9842979db57

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
41KB

MD5
0ea8ce125e42ec0edb40897851346801

SHA1
f1ae1c134d66330efe15c6b2bba251129a7bef97

SHA256
22498c207828df7f201d458f8a0d67b8acc5b0f774c459e9442a9efbb27de2e2

SHA512
e2c37e28367dd8cbd5712fad56412e2ea9c14d4e2203550c1ecad33b3cadc51786f53bd3d37ce748db16d283217a7f0599377da57e68431be2a88b7aabe008da

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
54KB

MD5
ec97189e5305076152541f93a40c3af2

SHA1
70f5b7f1041057d249b431653f0bc65607329b05

SHA256
a0d2133cd4c682e5f1fcf5ec2d0186e837beac18e7b510a9a41a00c2c6e74714

SHA512
008ab0085f09a602ea9c8397222d135447125e0a50a5d70c99b588cda688f0ba75d2f55663f11bdf8dda5441b787e3f2d6c13be3496d205d99056f231c597c84

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
51KB

MD5
67cd4948a9cab5e1f7f30d30e90189e2

SHA1
9b3b932e2308dec26cc1280be18a2d141b0fe4d5

SHA256
13cd387b245575c77ee4129e2d965684adf1c14401c8529b849196c63b7238dc

SHA512
ab6a12422b7258020c71b162864d3b31556a3c0c4af938918c5afde55ddec9462baaef4c9f4811f709f52124919182b4b24da22f54547fb9f4fed5c1aaa5b2ff

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
47KB

MD5
cdc6b15b07ab101cf18d405a9455aeb2

SHA1
194895a1d5d7e87510bc3093cf6741abe100659b

SHA256
95cc50dd71f20c3e8766e25d26d76e2730a3ad183eb471f5013b1b0190e0b394

SHA512
cce87c5b022f891f5081f6e5b10bd3101d2ee9f5d2637fdee7937b57af35f24f41b925116f600b6024af62294234570b1dc8191caf01649b5c7bd9e67bf4e6f2

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
55KB

MD5
40d3a9d579fea249581da65274b001f1

SHA1
dda4f406677fe38337e26500251494e77f1e3c4e

SHA256
b06518a9681d86c44e832ad9113825293f5fd027f37c0c5cc4dbd3be938e9b5e

SHA512
5935cd09bc7fe15a76109ec6ab2993a23eca554ba948a485d7a2ed80feae4afcdf63810a070f9ba4d53e38e7a95bfb87299e3220b19b4c347778b14ecefe6cb8

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt.tmp

Filesize
16KB

MD5
62b1740244b728bf99a06131b30d6ed1

SHA1
13c3637d80fdf4074b93d18610edc1024273444f

SHA256
dba0616b44e86fdf4f8b5e441fdae9beb61296688c8bb97c295d206cfa3fb8bf

SHA512
3d9963df010c51837f82fe12d505eef7150a56a2b9625aef6e3428b1982fb8a06d683ac6b72072e4f98a9dd21a0bbd00362911102e8eff8ddd4f847172bd52f5

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt.tmp

Filesize
51KB

MD5
e3955695e6917f43f4caca7d4c8ec8f4

SHA1
8461c29029677102600e4001276eb72cc6d2ad5a

SHA256
0751288986d42228cd98b55e36315e02541722df7e012578e49c52587a433df4

SHA512
166473729758a70b0f223b92af1ca25a1d044e329713ad76f4843212807721e051801ca9f86711ad07741ffe90c11dc89d74b52b79f2e0c766f1dd856c6dddf4

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp

Filesize
49KB

MD5
0aea435a00c6ecdf2e38744e83142e92

SHA1
747626c2434fdabdc8756f35804ff15a1c128864

SHA256
6460fa3269a6ec791201d29b7fba9e8003f8546e11b867ceea86c67de7540971

SHA512
9083d978d1332f5bdb235ec683fa1be5e32d357a519011708e7cdc2efc9241e94b074738e4cf22b437458666e272768d8d2efb4bb21185de9bd0ccb80c28a8f6

Download Submit
C:\Program Files\7-Zip\Lang\si.txt.tmp

Filesize
60KB

MD5
cf9d140787a1f2a97d8fc751be1eb92a

SHA1
f7c1d4b780d2e53442a9ef104891630b912d3dd5

SHA256
741bcfae8cee2e9c5d96f32efaea4354b9506be0e73e73e85b74accf822c89d0

SHA512
fb1927ed33dd7d4de3fb48134b13c5d61919e3a30afc2c52698924dc1334a8c82691dac552edc369fb131bb4bc3afd41c7737681e604e20b3844f3fd5958d805

Download Submit
C:\Program Files\7-Zip\Lang\sq.txt.tmp

Filesize
47KB

MD5
c61f4186bb85213eb160a09300899e38

SHA1
7cd047deef368f39323aee3ed6fdaa733ca17315

SHA256
2e5de4e77689d42712ca199a92191acaa1d3659ff0c7f5f3003ac5e3a5725bd3

SHA512
26baa2282a986cf43a101e579ef78a2cc2f38cf35475ccef645de9a6d201a8f04b829cf8cf51facbae7736ce09b02864282d2bbc3ec2e27108044a54c2db312c

Download Submit
C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp

Filesize
53KB

MD5
73a31479e2a9c520e34d2af825dc9bb9

SHA1
9549b609474d8020b0d49e4023330d924f14c31f

SHA256
6ccab5acf054b302546992c3b2ad67e8a616695028a69fefb10c85e8a0a916fb

SHA512
960dfabc245d3826e63193913f5e9a1bdc1ac38fdfe90be318cbe7548f034732c91497ca7545110b826043b1ccef9aac8cedccced965a6a820148aded9779655

Download Submit
C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp

Filesize
48KB

MD5
919c4261de1e5984e9ae8872a0e0b395

SHA1
44bf3923bdf41dafab226c31b6f555a97eb55db6

SHA256
aabc74fdbd5276f25ad7a2cf05a3927707f50618e646bb8b8e935c56dad0efa0

SHA512
e84ff2b7babde3ea358c773c046677f1c683561315fa572fa07a1e0b67658c6f5e918fdeccb3841765ff3fae68379843efc422755e2d937888d5f7a5204af5bc

Download Submit
C:\Program Files\7-Zip\Lang\sw.txt.tmp

Filesize
41KB

MD5
f71f69a9be5f998150bc9cef5cd38344

SHA1
908ec528ee400b4e9febf802091a30664b59b06c

SHA256
6d7906962e100e0fa98f84ddf13e21a3bf8ebb178f45fc2b96e0110b0d61b847

SHA512
edd04607ba9ff31e2f7040fd9b522382a29561a7d0b49eed6e20f17c58116f511b2695f542a209446227f3c4185b64d7f8adec610c8ab0f00af5311e79a5161f

Download Submit
C:\Program Files\7-Zip\Lang\tg.txt.tmp

Filesize
56KB

MD5
a2cefa05bcf12fc66957e46f7b6b8d39

SHA1
edb89ac6d5f86b14b3392fb46498d873d040b075

SHA256
455a064aca1d0c0b9b8fd581a23384760c156abcd7aab783a8f5044e22e1bb21

SHA512
72840cbf4e69278f17c75f81a5f728f0de79872cf9a430121afc07b5fa1711d326740ad6548c49e4ee3b6ea3a374185c3e722b8a7447e354f94681a432068833

Download Submit
C:\Program Files\7-Zip\Lang\uk.txt.tmp

Filesize
41KB

MD5
bb344cd63af89a65b58886035bf20be5

SHA1
daa4317c6bc840c59e8bf74b3dd70a42432d8d3f

SHA256
2e5f19eb1335243a2afbce16d134f7234aeb54c054c46d76fac99f37602a5895

SHA512
f98d5f5ca693b550e7c1a842d5ea51acd55e11357265e22c87e2b6059c16a1b80e62b78920c02b153e5a1d153aa2f0852c7439d0f9135306ceb81ad6459014b3

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-pl.xrm-ms.tmp

Filesize
51KB

MD5
7d10d09bfa534d3051766031c42ea648

SHA1
391b5f790c487d68fedb00b6a6677bbe586f6254

SHA256
f65b28ac569a94c9eae8956411e07a1bf9d13ebe5639d7cfa371a2d8f0bbaffe

SHA512
b72f5a5e190b213a202d9edbba98bcc74d0a6d11080441ddb5f72d9dce61daf1296cd2bb074ed37af1cde70348f85ad6c9e7cf432570a7e5c436afefaf362f01

Download Submit
C:\Users\Admin\AppData\Local\Temp\_Get Help.url.exe

Filesize
41KB

MD5
92b670dee9ed797a5d8717ad7c59361d

SHA1
8b39c8edec359b5e9b542506648f6dbac81f7acf

SHA256
3b1ae17804363abeab249b1c516096677d55d6d4cf245498168d95d95b4b1a56

SHA512
fa38f751eb9051c9d49ac61451f7f87e094340d5de829603dbe84e3d591f1c88fd0fc544338edd981042955d009a86197005a459602ae300ba46b8fba59daea5

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
41KB

MD5
a891afe0e321a2dfd1010df02608bb4f

SHA1
d7c72fe747f86d7e3f69bce43fa6cb0687066b3b

SHA256
5774cf29f46c9d988266f4bdaed0caf2d13f1cc0cbc1ddf7e13e1474a290d80b

SHA512
f97db1d4677196c4cf25315f249540384f55151ed5706ec43e8e980ea7b5e0a14c577bfe88156af9da6f3bc8c1140312a7870b368ba3ce6fb57107dec826ad86

Download Submit