926ddac9fd07c57888e21bdc8bd004e872f2ef9e3da058067b9e0f06a3890401

Analysis

max time kernel
120s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2024, 13:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a78f31f5f563170f68920b15be60e790N.exe
Size

97KB
MD5

a78f31f5f563170f68920b15be60e790
SHA1

93c72021459b5f30ee53135e6d96963f83747721
SHA256

926ddac9fd07c57888e21bdc8bd004e872f2ef9e3da058067b9e0f06a3890401
SHA512

4f4cb3f8b177d1bc328b35661a038b4f683850fe7ccdfd7ab6d4558c20d770d6583f8182be0f1c80e386ba684d60f70edc0621f8fad7f8724feefabce25d9f45
SSDEEP

1536:/7ZQpApq1unAQanAQf7ZQpApq1unAQanAQQh6:9QWpQQWp0

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4819) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
2636	_analyticsevents.dat.exe
4556	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	a78f31f5f563170f68920b15be60e790N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	a78f31f5f563170f68920b15be60e790N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\sr.pak.tmp	_analyticsevents.dat.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\th.pak.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\netstandard.dll.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ppd.xrm-ms.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-oob.xrm-ms.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationTypes.resources.dll.tmp	_analyticsevents.dat.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsdt.dll.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ppd.xrm-ms.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ExcelTellMeOnnxModel.bin.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.ResourceManager.dll.tmp	_analyticsevents.dat.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\card_security_terms_dict.txt.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-oob.xrm-ms.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdClient.dll.tmp	_analyticsevents.dat.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOARIA.DLL.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.Pkcs.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Primitives.resources.dll.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationUI.resources.dll.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.password.template.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Outlook.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Extensions.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 6.0.27 (x64).swidtag.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\lcms.dll.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.tmp	_analyticsevents.dat.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ul-oob.xrm-ms.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\sqmapi_x64.dll.tmp	_analyticsevents.dat.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationTypes.resources.dll.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationUI.resources.dll.tmp	_analyticsevents.dat.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationTypes.resources.dll.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ppd.xrm-ms.tmp	_analyticsevents.dat.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll.tmp	_analyticsevents.dat.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp	_analyticsevents.dat.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ppd.xrm-ms.tmp	_analyticsevents.dat.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-oob.xrm-ms.tmp	_analyticsevents.dat.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ul-oob.xrm-ms.tmp	_analyticsevents.dat.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.dll.tmp	_analyticsevents.dat.exe
File created	C:\Program Files\ImportStop.ini.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\javafx\libffi.md.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Threading.AccessControl.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\LICENSE.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-pl.xrm-ms.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ul-oob.xrm-ms.tmp	_analyticsevents.dat.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoianetutil.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.dll.tmp	_analyticsevents.dat.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_analyticsevents.dat.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a78f31f5f563170f68920b15be60e790N.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1464 wrote to memory of 2636	1464	a78f31f5f563170f68920b15be60e790N.exe	85
PID 1464 wrote to memory of 2636	1464	a78f31f5f563170f68920b15be60e790N.exe	85
PID 1464 wrote to memory of 2636	1464	a78f31f5f563170f68920b15be60e790N.exe	85
PID 1464 wrote to memory of 4556	1464	a78f31f5f563170f68920b15be60e790N.exe	84
PID 1464 wrote to memory of 4556	1464	a78f31f5f563170f68920b15be60e790N.exe	84
PID 1464 wrote to memory of 4556	1464	a78f31f5f563170f68920b15be60e790N.exe	84

C:\Users\Admin\AppData\Local\Temp\a78f31f5f563170f68920b15be60e790N.exe
"C:\Users\Admin\AppData\Local\Temp\a78f31f5f563170f68920b15be60e790N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1464
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4556
- C:\Users\Admin\AppData\Local\Temp\_analyticsevents.dat.exe
  "_analyticsevents.dat.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1302416131-1437503476-2806442725-1000\desktop.ini.exe

Filesize
49KB

MD5
56c7827baebeaf436ab36728683fd738

SHA1
3aaf20747eeaf140282756c6a880570cb191e87e

SHA256
ff7db342f61a401c87c457f091e46fd0e6f21fe3871b659e87befeb261e901a4

SHA512
be3deda19db675adb4274a1a0ee4d8bab186c20c1178c3914752587880a3b384dc677ea734a955142a9842aacfbe941a0761fa456bd9ab709691bf8854782882

Download Submit
C:\$Recycle.Bin\S-1-5-21-1302416131-1437503476-2806442725-1000\desktop.ini.exe.tmp

Filesize
97KB

MD5
aa41773a536ffc55c6e43fc0cb099cc3

SHA1
a0c691edffcf533353bf83db22f8d2757c16351e

SHA256
9012f0dcdb6874ec295dbdb4a2bda5a82ba6c29156957690ab69810527e50936

SHA512
f019e2294f6daaa55908c46117d259e25490ede928526e88e0a67d9fa07933afb9d5f763b3547f80c96cd0dc7178d2a37ea10591725e758cc35260a60b4b7de3

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
161KB

MD5
f825c94b4d95b32358527c684c701248

SHA1
40c35f91ffb208367b27d1c1df77c18252b17095

SHA256
68464b8707b8fc4fbb08ca5122213c5238eb4f57191840484d7efde7312b9b18

SHA512
6a180744febf44134d533e77099283ba3b49e005d113d2ca1e147c9e7e7afe7ca4cc52f56d4460b86d7069c15f6655b34a410db424121e82381a990c084cb212

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.7MB

MD5
bee2c01c8954209b4587620f65280eef

SHA1
a26bb03ec2fe4be4fd818608207b2c7421450832

SHA256
2239707695bf0e144965f8e85ebedec946343aa10ca528ce0786ff44dde953b7

SHA512
bf094497c1ab607cec92923b6553a472e22ec8987f94cbdf52a83b618046528098f6d54033999c352b54ee2c295cf22919a1038b1884d74cbf86ba4965dfa3b9

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
592KB

MD5
ef91f951788c6235c2b74ef679178471

SHA1
262aeb81426a4564e3d311e3bf1d7dccd1eea469

SHA256
6449c38d0b5148ae328690ad3c9d884aed0d6a46e05cb49e025360519adb399f

SHA512
e973bbea52e7028cd27f2a348137f640ce318ae535e025a99c808bc59a552b45aa99a4eaed3952555f1776c99f28a557742763ee73e63ac479aab9890f028cf0

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
237KB

MD5
0e4f4b3151c56da9b315162f7ad9c3d1

SHA1
1cfc4944f75405796810af5483087bdfd1ee2ef4

SHA256
816479fdf86ff88c253be0984731d62acf2b0810c551e7b78297892f67e7813d

SHA512
ebe0be03f4aee9c6ad37e0df4996a02e29b8de8c731116b54aef93614e346a79fc5d371079fd3a7693a347f2a9791b23cac4871170ff6a0bf9f6a14e78f412b7

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
979KB

MD5
c1da16281e536e09f15d46d20807def9

SHA1
67f202f2c1b780ba8f88868d1b546b7089e77234

SHA256
756ea3f6d4e58802a06643b2405298f82cfe6574e9ecf5d839904cf778af39a0

SHA512
974cc1d825cc08ecda5a57e07212184db4c94434840ca62628b0e3b7861eaf32dcf43b7bfcd279f43e4d7e6ca42bddafc7252e9a00bcc4813da27a9bcf3c21db

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
733KB

MD5
046854ad8c4b5d4266ca551195d246b1

SHA1
deb4b9f5fa71ae210eba59998ac4f4c0ffe2bbe4

SHA256
f11d96f118fa2a3a5c093d0a404f093fde7457eb423129eb7c5ba44de6bcec1d

SHA512
857b9ec4a886a1240aa325f7a3455d612204833d812e7eadebc72b22d21a8904e808079fe53a4ebcba42c13ad347e7f04cb204071aa9c6aeea0a3a01c83c07a1

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
105KB

MD5
98c390499a457649bba613e8bdc2149b

SHA1
65bb1aa26e2454a4e17daef875539ca2fc953c3e

SHA256
dfba030e42ec3c947960b64dea75647b3092cb6b6234be9331885cd2febb8b0a

SHA512
c0958d36e69ee7d881386e72edb753240579e9cd9afb23b7abd9f611f09494e137145fac59ba1f819db05a36018f040d7270e354fa15046bf7f70a9316a2fc21

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.exe

Filesize
58KB

MD5
9e37eb23102c64a1ab02aca726ab025c

SHA1
9400e61ceecd80ec2824af1adb9fb3fbdfac9d6f

SHA256
e70e7dc0587820b66f1b6b1d8986ee3902525e122f8a3400e2c18a8c8421ec98

SHA512
014b0d1e905e141c777872104c729e1ec78d889f2167d32ca6986af1f5921c37e20c8a35a2c693535824c8aa7d6eb762fb2681acaa22e4dabb5768f1c310d3ff

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.exe

Filesize
55KB

MD5
1f17b762d2cadcd97917d4bed698b56f

SHA1
8e511000a7da146a67da759d0979209e06b4fa73

SHA256
25c05fd3a44349e09cf9ff537582e1870979a7e8a797202b5c246b3f687c9078

SHA512
ee41d4aa3581319bc8e3b9ddade0252671fb781ba0ecca41c40d3832d32c8f99f124c9e9f7e6d28c639752832374dcdd3af9c45e46ae972ddadac69c2e99d898

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
58KB

MD5
e61f129fdbf02c3198e297b394617efd

SHA1
d4150378789227f8aaf7e82338e82f3fd49ea6cf

SHA256
3e898f90a9147d02d0481b95c5e4334d8517e8b94993ab5f84f50e40d4e6f564

SHA512
48f44406be2bf6faf8a8ffeecec1d8297f570e587c8705f60bfb9e4e5567cdd204d93387b4fdedd4041d297f9c739482a26818ed0493e4e8984f8708a5a7c2bb

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
56KB

MD5
00d6830546098391bd42ee784a6a2871

SHA1
e9982fad4d6293641a33a94501d2703843db3b94

SHA256
7dd2d17902a735e208b838075e2c941d4e7bb7fec4e7763535e61bc91c76bce2

SHA512
a7c535a8125aa891378c05c4840031054bc9298bcbcedcd4005a0142f3e92efd1f2fea601a7eb79edfc87e7965b553b8bc1247dd792c90fa07607ffdf6c140c2

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
64KB

MD5
22fb3b40443c6017fd4384f326963313

SHA1
d57daf3d60d322b28e3548dad2aa55935dd3ec61

SHA256
b15ac00a9c0de3acdc597750b914603b6127946d96e1719ceb31140647dab0c8

SHA512
031e4c25ccc5836a9daf44e3ee1456eae0c9acc068da9d69fe42e0499b45079601b83869978bf719e3a649d27cd963ba14c3eb2b123536e12aec96eef23ca8aa

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
49KB

MD5
3cb77309afa17cfc195acba6d0c418ce

SHA1
fbd8ea87d5f85a0045b51ec41b9654d2046439a8

SHA256
5fed1eaa8060e92a21f97c5792081029e67240abcf88f60deec478f782a38e38

SHA512
cb1a20545b3eaf0349463e6c6b46d4dff4af4c9925001f6afb51c95f6a61a13e2eb2d9aca8fd34bdade953716e37b3f84ac78f8984f4a129420836200ec02b8a

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
53KB

MD5
051fa9c0d80fd70ed58046866fcf927b

SHA1
26a07b0288a03c91d936bbd96bdd9cda672c6d05

SHA256
895843c596cbd714bd33c9b0b35d0635717b2b005ce57865c0b710e3e8d7ab0f

SHA512
ba617af8896beb02606c4cb3e868041858247f9ec4ec0f03f821fc5fb6bdccb386a54bf8aa1d5bb861b4121da2e9798ca0725bd70ee284d31331ed4790ad0356

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
58KB

MD5
5a79a38f4eaf2ad85581d48c38b38a82

SHA1
b134ba232d47cd6f28c4e478957430783aedf34e

SHA256
3295198be0d89553983c17d376b72fd20c092d2e6c2683df1fec656df522b97d

SHA512
b3636f6fa06509bd01024ec80d5eee6e23a525627f59b4a5b6c8159f95f14ba7b19757ea0dbcecb3b0c97d9011f098309bae6e8b6fe35567615b08bcb6cd5a47

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
57KB

MD5
6eb0a01d1b5b9af6c693d0ec6e4290de

SHA1
42a263144a0418f2955faab06ef3d0af84fc24c2

SHA256
4d0ff7e8fb76261852e90a11cd0a115a633434436e57f42b265ab692abec22e0

SHA512
23777e505338486183ff0c4e44ff73ad74c4bd4c645d6a84b8ab7ac52c30112f75ee67a883bafea1e8c550dcea179e61eec9444237559d67b9d15302ddb9e2a6

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
55KB

MD5
54fe3386624361e36e3595aa3b02b49c

SHA1
4439f107f5a84bf9d1f11690e45d056b12cb12b6

SHA256
fd16d276c895eec4c0b05aed8e6f65ca29c3deb0b28da6127e2d135fbc8633e7

SHA512
3f700d5d0c78312feb0e7d091d09967be6de0a1786ba31cd758e9a1cdffd291b6f5be256faf2720ff4df030f79894d254ce531c490c3c15ddb3427470fed5e20

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
57KB

MD5
3471a3c068e24085a3862bc632130ecb

SHA1
c19cfb6df07ad8f0ddb040142082a6050fa56666

SHA256
7b7bd45ff6f573f37e4ec302e0bcf4c9d993143cb781e09243e6097a02d16665

SHA512
c4d7622cb5db3e96e319f24950d55f13e7eb6ea7760c838e7c14f2f99581195a08ae9b3cbfe158a0d8673fa00dc28a989d22f9145e222dbcaad22d4624e69e6c

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
57KB

MD5
00019b784d1c739c1e7ce9dba22c75f9

SHA1
113a2a3f72a559669d270870d26ea04837643365

SHA256
4090ff6fc383bc287aa08cde4ce9c4ff7c3609e0e1f3688af196342da75ad969

SHA512
2eae87685e2c6b94e83034ccd716fc7a2a517684fdf48442957ba1c71a4607b73da3a55ddfc693e664001911b343d4dde3eb0e4148655c6c79b64f96efa5bc1c

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
56KB

MD5
6bf05ccf831bf46bcc6f269e5bba9829

SHA1
b4582c1be28c8d4092f78ff94725bf2092e196af

SHA256
1ceee627da67e4b37b919ae2c5644927a6e5ab6c4187af18a03c1c4ce4885337

SHA512
dc5327cfb2dff094e01e3b1aa59fcd863b3f7b59d5e375ba7e0c04057e9d797448fa2d77970b986b2cea978bcc5a46cb9c16218800d70ce13b8d11e0d1449629

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
57KB

MD5
b4756900846e24c754ae896e25a72700

SHA1
38e22695643580ebb831bcf18872acb385e9c501

SHA256
e745aaf0639ac14a56913e634964c76392bba459563ea7366d9d5078948cbd9c

SHA512
501beb7805428ca1081b7cf6395fcb67ccb412479e9a0d4543fa8ce4e4acbae43b2cf24f8fc0c7e3ade1656098d829afc8c561e53569ceb62a7fe611c9f009cc

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
66KB

MD5
daf33fd294da752ec86c1241fd2dfad6

SHA1
8479b498a5d531cad2881d07397d48763fbe39f7

SHA256
035ab0dd61dbba44d2780434af1d93c4318a609e5776055636ebc3f73fbb2648

SHA512
16298b5b23e7df4fbac530151ef82bc367a8288c3a2f001bd31f49c9f6c804d6f075eb406f2dbbab4db782a889fc32f23f32bd8291259a47ffc59c8549fac1c5

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
66KB

MD5
e7caaa71e843d813e2a1017f9f7143be

SHA1
496f6a2637366931df40ee90cfde945f0e565215

SHA256
681d572718b532cf9cc30639d490aa46e9152413eaeb288be6b9aa6dc8162872

SHA512
bcda80f48c01bb173659d4fff6dcb400444539d529bf153cadd7f41e8d2a5e2ec7507a5968c3004e2bb0aa50663eaecb4be9b48ed0cfe2a71be8f2609613d435

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
59KB

MD5
4aa71a9f7b828588ff27b28021f3e5ea

SHA1
8df663a04ec84f9afc2d6e1b95c0b35a2e84b8cb

SHA256
55a7328510d219924048bb5efa18109bc0847525abc2a1fa95958a521cf6296a

SHA512
6aad05ac19f57262eb1972477e30940cea6c5314a299c934b0b6a0dc2b8cebf5383babdebf7cd91b1f0daf94bba481bcd9b81e1d861af8aac2a8f711f20ba7e6

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
63KB

MD5
e999a65f0cf7a320862d7e50d4241845

SHA1
173026d3cdace25f8972cd62161165ec6eeb2590

SHA256
8325e9ba0873e6996b316e4327de291912934cff7a9eb8a3df1226008d2e19ae

SHA512
e131973b0a5176a8385586ae66b1fbf31c32c2aff96bfb5428944d947f284422fed0ce296c24538c81673749a588a9f930851d2b5a181d3ce103ada1ed1799da

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
57KB

MD5
81eabb0a5731c5a05ac4392db68e60a5

SHA1
c7389816b72bf39aa29518a81565809df8c54127

SHA256
45ab75fcc3bceff0e38e344164c6fc0def078496c43e58a16c9c54312780c287

SHA512
699c54b23c7c32fcde2b3ab621ed6db209a247edf80af47cca069e78f6137a179f9d2a61555cff3a040aed3544929657e67eaf7af5e01b9991bd8402dca1b512

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
58KB

MD5
de098f3586a4e200bb6b148634b4516f

SHA1
59060084bf1f8f60ffab5d3aee62ba2521bc9417

SHA256
333c4d5a89d042a41bbe152c025e54b1f1e007c1d20734a06c373daabaa04633

SHA512
357883f3b22c548761186f2f06e897e03da29895e90ddb707faef642bf9d59f24de1c47fb666f8557a3ad6125c53b51075a23f05b391b730c0da6594020cac56

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
56KB

MD5
03b40a9bbe54e26e8e1ef5973e9c8ac4

SHA1
5ad090890575ac3e8d2f254273432d55d89bf922

SHA256
fe4f24ab371e939cf7a8587c1e418d56a2fa726d2f8ace75ecc667343d314758

SHA512
8ee18f8864b9bd440becaa6ef573832c7c62863d60969fde5cf589e1b22d9d5eac02dcca7e205df6dab8e64830713b05b0abe2ae11c9fc273a322da44fafc0f9

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
66KB

MD5
38429bd1db618fa9f3431e1ce5bdc26c

SHA1
e1099a49e3561b964279aaf99a211681b6d702b5

SHA256
8a2d4ac2039b529afbcb473b5bbc14a17ac2c4255537f539b064d05c9f530f5c

SHA512
d69e7099ca1801036107f9e5e0437f17e6eb707dd621bfd6c7d8dd43fd30de38a2c7787971c290e169087a148f47fd84e58e8d47d63a8793f50ae54d02d3bd9a

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
56KB

MD5
ffd63dab379646e62e8d4104714d6de1

SHA1
09137fd819c70980146d26cc32eab447198cdbcd

SHA256
96076b245e4462f14cdb4782080a3a357e23b04c7f23c7445197899bd174e3a1

SHA512
61f16cf8f59a7af7b399f5f6eccb5314411ee83fc4b81d880debb833d12e24cf36e396d1407b35ee9a84293ba556a7f6b0e4bcad0a29d91bee52c0ee9d197e6e

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
56KB

MD5
7b90bf54c6ba74338a66f5e164e85a63

SHA1
10038372fb2adf17f3cc93dc43471ece5b19f5f5

SHA256
c3cf931e3fd2ced197480a9fd2771a46ed97503aec4cb5e8e4d42bd89fef7996

SHA512
7d98e5aeda553a336bb25f625cb752568560fc2595fc8ad3a92af28dd798f91766b1f21f69449a435e40179365d87e8323586bc9b945a74f5a49977062482fc9

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
58KB

MD5
397780cea2f4f498f9422791cb47da77

SHA1
e71be3c0ad3d6258fcd9334dd9454038d2c7b23c

SHA256
052ad95c0a18d21bd4b2dd9cee3c141946da606748157682391103d813ab150f

SHA512
aadc89fb20bdbf8c47f610ea3980d872f9c5443297cc51cf5262b9d458f5dea320a100bbd071365f159db28c93d8ecb040175ddf6a70239233d75ed5d36913c5

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
60KB

MD5
9a2e85fbd769487d3815bd028b870983

SHA1
736a2eb20ac39a831cb0c4101c10b52ba59f5fd2

SHA256
efa1109edfb5f0ca1d6d03bde7b1ad950409767befa28c794c285be7aa905ecc

SHA512
e85485a8d9f73148c9d8357b190fb7b62694eb32ba2d821490952e3bfbf5487cc93237bb6749d7368a1285f1ada382e8d5ba13fd13e7692db0c83368f9ac321a

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
49KB

MD5
2c69cccc67e9a78f5df95eaf23c9d62d

SHA1
b9de32350f5f56427181b53f10aa4c9eabb2e378

SHA256
a428d62023fb73ff5283e1c32deffacff7b309623b85260c22645edef121b5ca

SHA512
87b7664c921775c676b2bcc836ca9e1212a0b8ca85bba434fdace4ede10175b6f704f6759c8ef746e23da5c3e08c2ffe7e55bb5afe84f172e6ae46183ce85301

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
61KB

MD5
96c6bc2b897596ed51437020f95f5334

SHA1
dd781b8c83b0593881edee12b0bca99a4f231071

SHA256
737b977a38e011dd1ab26fd131777868ecb85059df2bf271c1b34dc37a5b597f

SHA512
55df985e83fcc0b64003578138e0d07652ad4694bc2112560ccf716b3dd3e3dfca26fdeb550ec2f893e8d8b74c3198eb62989212f6b0cd3b96a7a4b7ef157fc8

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
56KB

MD5
9235e94dfd0e6c72d1ad2c92abd39f1d

SHA1
57221229135eadf1d13429c10280505ea806bd17

SHA256
ce0a1da2d201b97485a3a2e15100f659f3fa56b5e4e32d65fe7f3daf50939392

SHA512
fb7a0d7686a8a3a4ee8fc6e4b2beb8d5d0269ef08a4d374f0961df4c46dbaaeac4550465439a1222f2f33354057dc555c967f4127776d5518aba0057e6f60012

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
54KB

MD5
fa424cc95b363c024c7fd97b4eaeead2

SHA1
361a57f0f6dc4613d7b6697595b218cfbe6d1661

SHA256
a76b0bab86ad77645ce1c39e261c05c88ab548d0363eab11a9c08f2e9e8d047a

SHA512
56946dee7bc84b5c1bd7eb00782ed44214a31b11993c615d08143a4cee4a355b39ac8e5d6de982b68d45291407da2aabd08786b814a107f56e12721da6ed2e70

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
57KB

MD5
fd8bffa868cfe60a540fce2541514b80

SHA1
36c376f08d0a379bbb18f27fa78cf2c7d05c6fd2

SHA256
147816ede762037a01b40898728712e39c8dbe23241c51f877b0efa89adb4305

SHA512
d7a4080238872d3550a079fe70b97a3aacf3c311bd1c1e381a2f4a4f7551e2c6cc2d13f243e2146a0cb0a36f16899eb3b1303a8fb632c449dabd812a32ea5087

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
69KB

MD5
25524553c532df3fba68425816f31f12

SHA1
5678969ca0f9c8f3b9b4fd2e5a413a15dec867ee

SHA256
e220ef851b4de3d51da7bb03f3743bf96dcec2b441db37e2d20b4de0dbb87042

SHA512
78b17338f6827bb10b85de615b3766cbef7781b66e77e7c7322ba7a735a105ff1e08b7c15173a69cd87d730971a5b8fbf88bf03116cb0eb6dfdc82e6c4f48772

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
70KB

MD5
cc77412b5afa0eea5d95237121c2938f

SHA1
405b7f47479c7eb97e91a19a8cf8758391187ba1

SHA256
4bdd1ecccc1826739b15c2238a301ace7fe15956950e86c3139dcb3c27acc5f1

SHA512
43b59c618b30a744250b7e8261a1880ae21cf3c808b3ab53c35e486077171ed3538beced2eae1179ba1b2e224babd3741231f54810cc6ae08275608223cce2d6

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
59KB

MD5
2fbbe02c0c544641532abaec36a1b018

SHA1
31d4a7eb6a6d2c52b16e7d429786c367784e1088

SHA256
07dc58d9b70b2e67b330fafaeb1014df9ca4ceaff8c26a51e7bea540f750b450

SHA512
3d3bb9f8b6fd35ba5072d983d29021ae5df4877c5b6c20e67a0ed8d4686c142d637c3505201268e1e5984d22140e55a4aebf2b2ce423702093bb82f5d74dd8e0

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
54KB

MD5
f20613619f1b6e4516fbffd6793b62f4

SHA1
0f8917d2a1c5ff5e395ead42af94b94dfe4015a8

SHA256
a09e92c42492129066d411c5ee2cdb1cbbae4e013d9b2e90cc5ed40e488e9c12

SHA512
861a10f5cf73a415f8079cea6063c275f8b114fd9f28bb525e53c3c35763c5005c5e3160d4784339ee6b38d4655fdefcb03a9b150c6b9136d6c6a0aef46d985d

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
58KB

MD5
36d48c3bf77857dc0341b0584419cbc5

SHA1
906d88d45d18a2e6ca705386a0b3f127fa775fd8

SHA256
749b15259dac48aa2272226c057e07e99f8d8a7a780917f4cf69cab0db8a89b1

SHA512
2f9d1d8c6c7d3aadfb401f420ca8d120e1cbbab23bf831ce7d230a134588ffea6da21915c1db4022bfefd1ee274ffc5738cee2a3e4fa72c16721861f9d07d90e

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
48KB

MD5
f0f3991df5f80b678394c452ae9e17d4

SHA1
873722f95abd6a0d9ee64abb6ffd2cab0c76ee31

SHA256
b0ccc1571df05853a23af609240ee63221355fdef00f518cdf0b57ec3a12bc76

SHA512
87265c7b7b14a453de0743a9f26a4c51550f8bf41212e06eda565e782d20fa2cfcda0288148bc2f04e4f0f5e3af30d96466faad06ff8fa22e344f7a3509c4866

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt.tmp

Filesize
57KB

MD5
004fd8faab00b90f151f8e258bc303c9

SHA1
31158d93583843f02de622bc898ec94d51d07596

SHA256
5c3e81928103efa146c48668e102ed291212e7ac9396146b73ae60dfee6fb482

SHA512
8439a5efeed8150cdde0695a0b4d28258f06c882e8e6ae5b6d7839019c04ce5f33cfd94cc2fa67d126f265b1292eaaf43f3d4b4320d57c57cec8061043391390

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp

Filesize
56KB

MD5
63232fd4d112a6c997691bd172f56372

SHA1
f6abb51d5b8e7a69711d83dc841ca983487b1c2c

SHA256
cea658d0674ca0c70f7d7dc4cfde33c1d2511aabc51a4f023b1d9029441135ec

SHA512
ce645988fd265657188d350fd7839f1ede63deb669f7d2e072fc6a7c1bc3517affcd47ffe28f3d3e163f57cab49da3516070410b08c04d336318e5973e8ad069

Download Submit
C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

Filesize
57KB

MD5
4473b4819874b5ac548078d665c699bf

SHA1
12e957cc102123fb66860b5baabdef9aa3dc2cdb

SHA256
ec2e13610fa343aacc236a1bfd694f1d2d759d0a615382ae50eb160dd6b8e4a3

SHA512
f7547cb933fed9af7b61df41b868d72763fba20f0ca4981f2c18634a2ae0b48be52861f8353b1360e67bd2e7332ff6ea4cf92f43b5f67710ba2326a66ce53904

Download Submit
C:\Program Files\7-Zip\Lang\ro.txt.tmp

Filesize
56KB

MD5
7d3e94ea166703ab0b09f7057fb0a27d

SHA1
e04efb366eb90ae7c7c9a4653a3b8d45b0dbc235

SHA256
7e5b721f2e89b69f78d14a58b49aae35bff3f4d2805c5303d9523666cf4906e3

SHA512
eac4fa3e0cf02ff448002d39fd8e0f67403735a817baf4f6a0ef27bfc8a6109e8bdb84b36a10fafe157ae7a5e91d42acc3e468e4ac88005e433ef27a233409ba

Download Submit
C:\Program Files\7-Zip\Lang\ru.txt.tmp

Filesize
64KB

MD5
3ed8714ca7fdf290984d69ab260c7fbd

SHA1
f2ce978af1cb1d916887c84ee7ac3feecc4756b2

SHA256
e217df8a7382740caed1f7693e5059b3b112a50b1da3374bb66508ac9bdd4773

SHA512
9166bb15fa0f9d1acc76be57df603c97ef33361beeedeeda9e6ea883f5f42f8cd8355672cb7a9e4fec754b969327cf47d76943d942620ca554d2075e95c1b6b5

Download Submit
C:\Program Files\7-Zip\Lang\si.txt.tmp

Filesize
68KB

MD5
9c1ee89ef499240a68295a07a3286087

SHA1
8aa5f01b6e808e42aac36ddbe668dd317d93ad34

SHA256
0835a5cae5b2a354fb8f6c5ee8ab927cb8b926d430932a1ee4ec0aba96e7e00a

SHA512
92bc312710910eda2403fa2cb4f053da5d6f160c53be504e4c4ef04294f9149126d0bf9561e1de287c56753259393123a745a36d32437b6b07363bad489ff97e

Download Submit
C:\Program Files\7-Zip\Lang\sk.txt.tmp

Filesize
58KB

MD5
5dddb103308a814190df6202f331f279

SHA1
a34451682a7e1039a73c618c641dc675000c65ca

SHA256
1afd3ddc683cad60734563c373cf4d622df5c374c7fdd2788aa25f704af1ccd3

SHA512
8d68799eb402e9d401f4687daa14d56dd8a83a7ed6628f2aea986581a4745d1ff8b60536491c74ea8c8c0772697e56ecd89c34664f1e63af7443b8e5d91333ed

Download Submit
C:\Program Files\7-Zip\Lang\sl.txt.tmp

Filesize
56KB

MD5
c874720153994837cc5587a2ea76ae62

SHA1
b485ad359efbcfd7ee804e6788c2565a6241cd70

SHA256
5b5fde9a8bc971af8be26986050ea6818d009931d1f3d427ab75f8443783e8df

SHA512
d3b3a289feb10c769a37838199c1f23dbf2583b5bb4b649ae2971e037a31382080ae3c6e8ad69602498bf7395d6287098fdbbbbb16b6692442edca3b22b293b2

Download Submit
C:\Program Files\7-Zip\Lang\sq.txt.tmp

Filesize
55KB

MD5
6764fc06d4a5ec2c208d5549981df9c2

SHA1
21e1a94b94832eb5e7aeb3fddec4c1f64d18e9ae

SHA256
f996b12601ebc89dc53e0ee2f78706172c6eeb0a97fd938e47057c120d1e856e

SHA512
d9780957be6e8b8639fef64430faeb58f448f778f8cfa553d07fa5bfc8f5a1e4008d666ffe996c9c4a47d8d675a8fa28fc7c09467c88c7981b30ff8536b8e0d4

Download Submit
C:\Program Files\Java\jre-1.8\lib\currency.data.tmp

Filesize
56KB

MD5
97a966bdfcd75358a5581a8d1effc33a

SHA1
89d7922b24681dbd9c2318d3c63d7ba65c8c7a5b

SHA256
88a44a60eb18f5886075f98e5caa616f08af27a55d8bdd0a0b4156d99c618477

SHA512
8fa5a6c3000c9aa22d9c01c0c8336b28f9c23a8e37ef99cd01b95c239d0f780ba739ebfc34d08a3ab58b6cf48cad867e4b8b490f9b46d2b39edd1f3865540bc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_analyticsevents.dat.exe

Filesize
49KB

MD5
0dbf39e25c8f717e7b831e4c731d9371

SHA1
853ec4c6873555668d987634288e2e4d022fa386

SHA256
bd6277e5011d51be95f759c14cc3f9dd65d59c151ba1c6f13c4f779157f424f0

SHA512
f8f7d429adc032c1420493231fc94bb5df5f208c1caef92d7ae4c524d0b967163921f74276bb3b909791c800599ffd7b713d5681608279ce08b300ad649fe7f5

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
48KB

MD5
03d6949f6f3bfe04ed7b20079e43b635

SHA1
fed02b255b21236813185b807df82f1b899ae501

SHA256
952be650d87ca6e914cc6e81e4f1da1fbeb1be99af963fbf28f9ffbe7d8f0000

SHA512
4544db212380e23eb81ac6ca5bb859e92b3ae32a2fbe99f41016bb7cc1c628c825e4b610dca3cfe9a4f8721e49a68f2f27562f7156703c59c3a315126e77fad9

Download Submit
memory/1464-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2636-15-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download