a95115a2c16e99208c3eca76e625c8c0886e550925f0ae568d351ba1d7b6c7bf

Analysis

max time kernel
120s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20-08-2024 00:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

46bc250216f8960a66626f5829952d70N.exe
Size

142KB
MD5

46bc250216f8960a66626f5829952d70
SHA1

3654566760a6346fd2c139fa35fe49f1bd9f6d1a
SHA256

a95115a2c16e99208c3eca76e625c8c0886e550925f0ae568d351ba1d7b6c7bf
SHA512

e3fc694c078dc22019a7578122175871d7c43a93178b2c9018f2d8f7d76c6af0a025c750e349a94aa08026500085872ca182228d82a2a981a61db5a76becbc6a
SSDEEP

3072:9QWpze+eJfFpsJOfFpsJ5DVSWu0SWu4QWpze+eJfFpsJOfFpsJ5DVSWu0SWuw:Lpe+ewDVSWu0SWugpe+ewDVSWu0SWuw

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4645) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
708	_MS.POWERPNT.16.1033.hxn.exe
3120	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	46bc250216f8960a66626f5829952d70N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	46bc250216f8960a66626f5829952d70N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.Extensions.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-ms.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsyml.ttf.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.deps.json.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONDIRECTX.DLL.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.cpl.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_HK.properties.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ppd.xrm-ms.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ul-oob.xrm-ms.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+Connect to New Data Source.odc.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-100.png.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Windows.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ppd.xrm-ms.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\IFDPINTL.DLL.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-oob.xrm-ms.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\IEEE2006OfficeOnline.xsl.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Input.Manipulations.resources.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\santuario.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Integral.thmx.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ms.pak.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\cldrdata.jar.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-phn.xrm-ms.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Linq.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\nio.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationCore.resources.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-100.png.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\security\javaws.policy.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-pl.xrm-ms.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.DispatchProxy.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Json.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\default_apps\external_extensions.json.exe.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Configuration.SString.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Algorithms.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationFramework.resources.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationUI.resources.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.DataWarehouse.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART14.BDR.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-runtime-l1-1-0.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\ReachFramework.resources.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ppd.xrm-ms.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ul-oob.xrm-ms.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-oob.xrm-ms.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Informix.xsl.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	46bc250216f8960a66626f5829952d70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_MS.POWERPNT.16.1033.hxn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3444 wrote to memory of 708	3444	46bc250216f8960a66626f5829952d70N.exe	84
PID 3444 wrote to memory of 708	3444	46bc250216f8960a66626f5829952d70N.exe	84
PID 3444 wrote to memory of 708	3444	46bc250216f8960a66626f5829952d70N.exe	84
PID 3444 wrote to memory of 3120	3444	46bc250216f8960a66626f5829952d70N.exe	85
PID 3444 wrote to memory of 3120	3444	46bc250216f8960a66626f5829952d70N.exe	85
PID 3444 wrote to memory of 3120	3444	46bc250216f8960a66626f5829952d70N.exe	85

C:\Users\Admin\AppData\Local\Temp\46bc250216f8960a66626f5829952d70N.exe
"C:\Users\Admin\AppData\Local\Temp\46bc250216f8960a66626f5829952d70N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3444
- C:\Users\Admin\AppData\Local\Temp\_MS.POWERPNT.16.1033.hxn.exe
  "_MS.POWERPNT.16.1033.hxn.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:708
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2392887640-1187051047-2909758433-1000\desktop.ini.exe.tmp

Filesize
142KB

MD5
02f530c9b75fed4473338f1483d65ad4

SHA1
622fe6d2f0110ce74b2fd506eee86d4c9e05ebad

SHA256
23a000514fcbf265f9accc084cf8ba1ddcb82cb96924a6348189e60392e065e6

SHA512
1db24a21d014e0478debc10f2260aab45fc8bbb16a239c316437593a83172d7da8345d6f600bba1de4f9af1975994f0913a0aef522fd01e65a7db4fac5abeec2

Download Submit
C:\$Recycle.Bin\S-1-5-21-2392887640-1187051047-2909758433-1000\desktop.ini.tmp

Filesize
71KB

MD5
479869e78300ee769a35e0a8fffcd8df

SHA1
b3ffdaae9dbf3b6d5f081a024e7043ea5a69b0b2

SHA256
32c10885e744e7a57235c09898b91f8a66368e8658a875d5ae8c29fbdb1f1b85

SHA512
71e4f949407a0b7f35df46d9f78034957d0b0bb909d96bdcd9d623121327f7d451eb5af845a603a79af697492ef8d5aaa8d491ee13ae9a22b5b735812d33fad9

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
184KB

MD5
49c2276ca634f117f4c843cea52c8dee

SHA1
99d3816ce66a0bad21403d0bed1835842064556c

SHA256
8accb4456d0d2437e8382d0c8d6653f4294dec48f500d1345a5a6411db73a471

SHA512
8924fc2ab0802830cc2e01b11aff2f9f4db285f6094e9d1daf59a8d83e86f68d2003346fa85bc35c32b18813b5f7d19c920e106055369885dd0b3f48653bd6a0

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
136KB

MD5
981b9e8b002dd5d475a334588b462611

SHA1
4017c1258f37a099a6cc9ffc423dcf26eba44f03

SHA256
57926810e1942d99b920089b02a497a0bc50f554750b121e922550dca073c013

SHA512
e3828d04dd7dede0887fc645ae207f62293d9ffa2947be01bf68d96a564b29fcb6d7388ec4eb90a8cfa24cab5d50e54d7489c4b92f5fd0640ec6c59f5c7e208c

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.5MB

MD5
62ff46f61428e5d160eff11b8a552307

SHA1
03ab49e3cbceaa80e45eb4b824217d23b29dbd7d

SHA256
328a66fec370027c412293203679850bd4eb94f6d0a7149bd877d33cedaf66fc

SHA512
cb1e999f399c180cd89678c9bb75330e8c3078028398d5b82695287d8b3910008f8698800f3375d7ea51477b60062847a626b7f995b10ad3a0a065ebd59960cb

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
c0098c3f3f9b37c73a94b1a3f5aaecc3

SHA1
837a855f27f6b915b89ba73d531ac55b5a5a6c39

SHA256
d96e68359733dc66ea0e6e7865807a55b4de64e600e2575fb72994d964c8a7c9

SHA512
205165b95ad8027372bff4910685ee18e8ff0d4251efc4a1a5e372355e3d1f92618c06204447ea6ba22d2cb7725982e98b8800d1ad9979415ed58397e21bb9ff

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
615KB

MD5
2ca18b3cc982098145906b78d03f03a2

SHA1
bdfbdca2c0984e6288df306542424f7db7c0f0ff

SHA256
39462ed98a0e8a9cd42f7fc325beb7979ee0efacadd810df1dc33ea69cc0f8e8

SHA512
b2849c405057fae7b6e1056a3d49bcf2151b45d70e9d0223310ff39e5ba149e2b43f4a3d855784b16e7bcb88423b14d289fa648a49196de85e850a773a0cec3d

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
280KB

MD5
fc72c7a603bbb03e79edb3a9a15cfd55

SHA1
a09c4885c533deb5630f425cf8843b37a650169d

SHA256
daacddcdae66bcbb17c651c9e49172e561950890a1624675a9beebf4ff845fab

SHA512
fbdf015a643107f4b095262a834630f4ee6773e5d9b2db8955f881bc36bb9442fb688942db14adfb05922631199cf8a0b39830455e6d0c8a22bd98aecdd1d0ed

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
259KB

MD5
8536aee1440815f2c5dc9c4a9e7761c9

SHA1
164f5adf5d2a3ec3b2cc1b42ae080c8edcd8ad5d

SHA256
a5e56af380779b73169b5041dd3e9638bcd514e66c2a01622787200f1ab25334

SHA512
9a7e59922f16e2363d3dc4de7432a5d3da8e9171ca976da599770d701a1b30706d4fba22947dee4132dd1ca42bdf12769e89ca42a7685aab8a186db5512403c5

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
1001KB

MD5
61b92aedd4e3f72e329915bf26034643

SHA1
0d88f27c3f30977eacd0a628ee5bc6da7e1fb25a

SHA256
4d100b946c86852db5c678e59b1cb24ea7eb0427df3c1785ef024dd06eaab9b2

SHA512
c432630fdf3737bfead1c02340e673c0bc7c0ffa2dff6f80b8f540d11430bcf2d2529500611511e33e384c51f89f078e28307c8c4befa2dc6aafe44002d56447

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
755KB

MD5
2051e0c8989004ed4a06e7bbdc1e7761

SHA1
113e8b210e705c6495ebb0a47f4c765e956a9717

SHA256
afbd9ab64adb7fbb0d886ebf9929b95eb4776b6d53855d578e263fa8275bb24c

SHA512
34657769239c922070aa6456cce6d0b35e828447855794d880c7a9ff9d2e070ae88862238f5ea6debf09abd246c3a384f5b996b51c2bd6acd40fbac6020cb5b7

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
128KB

MD5
c5540c97632c21a1eb0336332be70e5e

SHA1
497241feaceccafdf6ef706c1c9eee375a176098

SHA256
8e6241f731948fabfa44bb35784b868cca529c0a384bd5bd43c3b35c8604df9c

SHA512
8e63ec10a13a255f22136f5cce139268eed6f90d8b7ca5d354223b8aa3d937c1265ce1918fca9495589f7dc6343d4020e1af963b2d89daeb46cfafe913edca7c

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
81KB

MD5
a6c364d1e10c2e1d1f1526654a506ed8

SHA1
c6f4d985d0faa7f18b3d26e4d10280ce82d62c91

SHA256
64b4ad8514632f4bdfe608cdd99e6bf9ba8ce9accfacd92282a6261de66cd0cc

SHA512
70222fd90a71efba39eba143a94a166554adc30442a9033ded23aebb3edb984a5ce909e9d272d50cd03cc47b34ebdfe019c84c61487538421c2b7a2abaab3b23

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
79KB

MD5
61fd9f68d72c66db0826285604623f39

SHA1
3306f31dbd383574d82cac2b7ca40b7ab9e4fb62

SHA256
3c0f51c6b3565f02a6c3eaca3133407e37c9c405f3bc68a19c82a0da7bb868e4

SHA512
bdfe44013be35d0cc372f7db2673a6f9e61a5a0556dd094d145156a3d291db08924355332a70ef9ab60844e48329698ad48b77751abcfb54aa8053cbacbfe68a

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
83KB

MD5
1b8c36423a17b5e2e99a99f88930b295

SHA1
f89f2cf36113fcb1f97f31715b6092c1cd10a45e

SHA256
72879b647214ff4f19dabc102b836c8b492ec35b31ae76e475778ac7f84c274f

SHA512
738342ded41fffd181a8eddf3519b49849e2ec31b51deba4d29fbec1ca9bdd44b85a3e8caba1b936c3b57ec6ade97f967830212df0ab0c8e5a44e30486be841b

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
76KB

MD5
330079f9bfc277771f1467d3f67e8c4e

SHA1
359dfacfc50cff219b9751ea5344fb71640b92d9

SHA256
b8829e18cd2ee724d87bc5096292a177e371466a29acfa01df1a6fd857564949

SHA512
47c0f69f1a746bc83a85fe352462967c22961d689447c8166ccd508ab0f3c1f301f3128a1b292e74779921a2e26344fab85b2f73d70ae0a8e1f6fc99b0080a18

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
80KB

MD5
eb79199f9544f67c16a966d4d9a8149d

SHA1
ae65d56f6fb811f3c833a0f7080fb24ef84533f8

SHA256
b264b77f98ff3b4a7654da20fa7e1b2eeb95d38f33c6b355b2ec5208cb110607

SHA512
c2bd8608236a39bd6d35bffce12073f021abc212c8bc286518955e19d56c8c957730b38e39c29811f52e127e7714b5e2d57264a32ff9f75d50cf7c7b6f6c813a

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
82KB

MD5
f7c5d9bff48384f9fa0cd05169133f5d

SHA1
4f94b40374b9118a002b2ab90845afafc3bdff0b

SHA256
876d1141aaf1cb3530ab239bbda0e124cd98eae39556d4083484433dcc500c11

SHA512
7b47ab9f434ec193a80640e03fdc2a02ce8348ae245795837c44b7382dd222fce69835ae438d865e8d98c9b78c9fea1cd0f8061b87f18ceba36c5fb4e252cea3

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
86KB

MD5
4bc29ed09ce8e73a5827c4064691079d

SHA1
103d8f277f615f27bdeec038c065338d48bf82d6

SHA256
b23f86161acaf647d3fa0fd0b880167e75da9a223a6c268c560da847ad8c18ec

SHA512
19005a52d1ad789ae86f0c901d94dfef56b25382c64951a73cf885af727481bb73c4102fbc4ee52cf5ace97eb3ee3ee2a8f02da1aea4cbb576702a20ecb46fbc

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
76KB

MD5
de1350888aac52293508f05fb2e62560

SHA1
ccfbe90a57f279f80e2e46ac76201cda160a592e

SHA256
5e0a5f2dde25c3ce5b61f49f0aa3f48c289f3f74f62b92a665c18601de0babda

SHA512
8cdf9ba0452beed2dd61859d64efd04b6ac2c58a13cbf14c82d9d2580799f9fcaf6bc681e3a93061cbe8db49eac2ae362502f3ca1c742500ddab3069fe93cdab

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
80KB

MD5
40e3fe64fe4463b3bd97786773844a3e

SHA1
91ff784d56c1ed328b02d9653374cd5bcdc03fe5

SHA256
ecf836b6088f59bea844b975848f30b278c12fc65124f9ef385ab89179a5ef25

SHA512
ef73d730869df4049c079117d7eafbc249b005afadef0603ec225dc0514dc1bc98823fccdf6cb7d9f5b3a07b5d92faa6ddd0133d19be8318b65282106fcb1f00

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
82KB

MD5
4257bef8e1ffaeb3e21e21b8c8a4bc2b

SHA1
ab77573867f8b53cac0e97e24081cdccceaecd22

SHA256
1ee818dad9d8fb9b2923b5e63f35cb88e353048a45a724dc0cba68dd3a53d568

SHA512
551b852bbd5d3c19c92a2ba4aff357878a213878e4e16f9af2f505c6fc05f84f73d1252b634e34b13ae3ef0d860ddbe3ea6d2957afc6fef391a7ad52706cb5c5

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
80KB

MD5
fbb448af9d0740ffea96047c77e3fa40

SHA1
9adb4c822f716c1d0ac1e87b227bdd903d8f165f

SHA256
7baa51dad569ea8d7f1f3aa881521f9e9188fdfbdc1ce335b63fc194556f93d9

SHA512
632e8ce485c9e31129f251278b6919c34e91a0305069b4b25715f86917f578b5ad51be9d4f65b12fbe436f433e8d827258b7a952fca35f8b72d429e22b396701

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
76KB

MD5
bb15c158d5290016736aea2f3abfae0a

SHA1
44436c11a5e81052f48c545245df86297e865365

SHA256
e7466d602763a78e9554301e72229831f7c561e279ed37e32f4b6662bba5c220

SHA512
84e72217b535039f9185f138452524a167061ff65e4c5feede0112def60239fc81da8b7016c858522f3e18c32fc748ee310cd04290971803974b0aad5dde2cc7

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
79KB

MD5
769c02700bc8b5b661d3f68bd1dbd170

SHA1
ab415bfe7aa421de26c7dc12737a23006daad572

SHA256
24f7f7134f5e06ab2a32013351428aed1d6305f77741a805c16ae94756dc6246

SHA512
3863173e7aec8fd9be4ea9649b96ce46f59cbfb360aed4ca8f7863ec0487a3a4b1c16d9c7ffe46df654a68ab0f800620d477109403a39d2d2c2e6ebb3665c9e1

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
80KB

MD5
504b0832425cfb67a31480048bfa8573

SHA1
a770bdcf6939f00902caa7956e0bb9486e907c3b

SHA256
d8f1ad307fe9ccf8a23019b6e28ada2d0cddd7920166604b2f5bdba080f28cee

SHA512
8b0bc7354fdfac28a8477587de97663a8dc2a465bc575c9bec9692fccefcb8c91198a36619bb8416a10b56dc7b5d4fedb0547e2ea1a4fd10d7bee2421c772271

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
87KB

MD5
b98d9fe83dde237100d2aca849a7144c

SHA1
49cdb993af17004cb43e703f14f4738f023d3f31

SHA256
e5483def7e885fbb24401acb66c5a6e4b1a1a0e0c98d01379f03f30784632794

SHA512
8fda6c93458061332be5b21359803f023f76287603f2238138d88dc7855ada0c3a86053062c8c6ac4dfd62376a0261e61227d84d46cfcfcd143beaebcfaed229

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
78KB

MD5
bc56912c7623b503e9b6447f30d087e1

SHA1
72c4788c7a1d1e8fefa3f519859b275383dd2909

SHA256
715f0f5c2d6cc036639ae0648dc98eed4e4384e82f6466603a1fbfea0340d0ff

SHA512
d4e0306f3c8c444ddce96b6cedb5e2951bc7eae0fffe289f6ff302edf06b25d9c7d3833c7ed73d3a68c7022056acedae4c4553f8e71d0c58665bcf94dc7cf71a

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
70KB

MD5
cbbedac8cf09f452a400d69019d5bf87

SHA1
9409b6970ee0e114983ae6f0493edb0577123977

SHA256
df386e9afd1966ccb2741e2e6e8bcd80bf91413122633e8bcdc2c0f66cb5f930

SHA512
db8687c4b2cf4e86785c4d87fd64559d03e691ba7c5e5c1507cd3f5612233c14200d89536d66b30dbad436b869ffa145df51bc32c500af6c8604c490b65e1a84

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
79KB

MD5
1de4656903fdb12efe24053c3b7d6a32

SHA1
b9964eb8977692a1811de8b7adbe1b21a26ec1df

SHA256
4d28943f15d8206913e0e0597f8f9cb697133ac443248cfaedcaab448b1eb368

SHA512
0a15f79252370210451a5420a415fe06963cab678df1a867ac07ce3f865bdf759339f0503e83f953dbbf89c8342adf1666a0bdc8131fceb847c25898a5db8858

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
84KB

MD5
ab3078fd811cc2e83752fd412fdc2ba0

SHA1
0df1fa016f3602d240b6a145c84a7d2cc9632aea

SHA256
76306f29c7d5a90ebbcab62cbd6452c26d708c9768684d754e21d1e313b7fa82

SHA512
f5ae84c2965f3866fdbf71bc55ade9b34a27ce235f740020c38a8759452811c0f84dd67380181807cfffd70ae6b8a27cf79c0377dce1e30b57ff3c96563670f0

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
79KB

MD5
3f45ba454ce02de7868c744c26587bdb

SHA1
80a455279467d69e51fccc51684e34a37f3fbab7

SHA256
30c7841c68b67ab3c273ca653df46a5a950cf100b3f39202c2c3cf677fb9c47e

SHA512
ac0671efb0dd138a2690fd6c4ddcdb3af083726e8cf9c319c246e414d3ab15ec3bbaeb8b5fc08d8cbb84f3535595c0e47a33def793489881d09af24d35790d67

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
78KB

MD5
4a3e70cf14a57a203cc5ac39ea4e2c3b

SHA1
6136111c006a7038c571c215d55b318a754976cf

SHA256
43c2ca2d709fe79e0d9256010059f5da0d2b0f5d7c36ed23ed6b35d450583555

SHA512
2aeca5879d401c9a8176203f6455f44e7da674a2150653b663c055453949727b5b46b2c5c9985795f791d9e8debf6d72d9bebae632b85448ed7a564149a66f52

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
77KB

MD5
1bd214fac3d898af8380ade326dabce7

SHA1
3c03a6af0b73ec3e0f744b458050733086868a1c

SHA256
59ac661bd9d1720341307d5a44223255f0eeb4d13ff26da5fe21160135e2ad32

SHA512
5fe2ce03ff55b3656bed88a3c621310f93f4697528d9f91dc0521bfc48316d9ef733ab01bd398d64c339d4957e8a8bbd29b9879552d85fb64cd19dd613fdb002

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
70KB

MD5
dc64209e7442ea993e41d1f47f4e7bc9

SHA1
47824d84d85e1ac6a78eb708e0d6fab25892dd0e

SHA256
4400a3e209bce4cd98ad697759506838ad092318b8fd4b850642bbd745ee8d2d

SHA512
de8265e49b88acaebfc2ae290d7893f1b2d416d93b09fbcee5057cd9149274c623f57b5ddfd2a98ef54ece32f67a187dfdea26966af57b969f51199843382949

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
80KB

MD5
7d97ff807c3140c991ad864bf53269a9

SHA1
aeb7898ca7c977af7efa0180a3549a0c5e7e8d28

SHA256
2d15bd61050a75557dbf93be1516fad8181698439f1b11dee533196686f92b35

SHA512
4dd64100e1d0b039046bed8935a8006f615e968b07473837f744f6738a65354b67ce13c44e556c864eb2dab07e2968a66a6bbf641e19eb0376f51af41a57324c

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
88KB

MD5
494164a91b88178b1f29081d409bbf83

SHA1
9b095da14a25a0f33864e00f9f34f3ddb374f775

SHA256
9c05d87172d94f3eacefb61b4a2e74749d66c5ae4b652deff7c9f06df5e386cb

SHA512
e490a21e9e2658630f66206796e34a7604e165c9b38dc5aec9302a14377d9d4f0ee75d915abfe910a296467f17e1c07a92ae606a7855bea4c7d18018313e4339

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
81KB

MD5
cdc05ee51f9720861533c61352b7d0b7

SHA1
9aabce389938c827410558a3a982fdd66bc4bf68

SHA256
e572d2bf38b56ef9b542f9281f7d4f9d8343138fcabc2bd2e9e712fb8386dc71

SHA512
af48cf7baddaa819d95252244a89bce9e25f1f03d81a0d1e4f1821cbcb549e675baabe3df5b6d72fb0ca468ce29ae5dcc543774d3299d26e84d4893ae3c0cbcb

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
88KB

MD5
015bfe57b542c4ac9d7a263e77b31145

SHA1
4f4d6027de64f364bc689b48718109b6fd778cd1

SHA256
4e0cbdf52982b4bcc1ccb7bb8569e7b4e5ae42836fd64afa5c56de1d3a766c1e

SHA512
63e7b94df86c160660337a3faeee16f869b209fe5ec7dfd20782d0f33eee7fc7a12b7387a5d983f63924c88d2699d54d10caf0a71b514c09001ad2324cae704e

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
79KB

MD5
558f55a90b28d7faa98dd83d8bc10969

SHA1
526f8b284ab95fbed45ed70c54470890a13fc4ec

SHA256
25f9ffbce8efcf9eb5e153c4b0585cf1699bb9baf51465d0451b376825d17870

SHA512
deaa2e2759676a0ecd1bc2d77922ba3cc6d6cc80387ef8d41242cede2a89098eeeacf2622e283552d59be151cafe8dc1331d5d5b911df90495b66161e08af8e6

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
81KB

MD5
ad6e661d5f75932aa559e17cd3feb0d3

SHA1
08f19493ce184b5e37f97c730ae66d314b30ec36

SHA256
03800db4688f1d917194c42a83f13e92e168f79fe2488a9cd45a896acd8b521a

SHA512
c75d496bd45b71db9a877f1ea193890dde16a5407027c2233a85218ed378d8ec66c8a78284abd9411a55657c4b4216cba77d3f234f39093bac87419b8d52806a

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
79KB

MD5
47956718e6fde69edff150f27fa605d1

SHA1
8bf0c34dcaec9d59caafdc4283e1c5c655a14a3b

SHA256
323349d4ec3f3fe338a3f6c4e393d0bd29bd39c1b2688a9dfff23f720351ff72

SHA512
bbf3b9750843475dd6350fb570feb5c376f39bcabae705290d3903ba9f1b51774ea24a8e5e352c7d36d44b80ff976f9ee8e9692b9c024867f112280a53b023f7

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
81KB

MD5
d2ed73ed698a04a1917249a74f63d5dd

SHA1
a71c1a6fafd960ee983a9ad5902fac3f16dd156c

SHA256
4dcb167153a992b66746433f7b5812a4d5ada731c95b16c84b7e37d068e42300

SHA512
b97613209194419eccfa062c372c4341f96aa39d1f76bf19c365932d2f55de122971499dcef4ecf16f6b9bfcaf0bf7f95d380c923880f5bf9fd240b4975c9f81

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
81KB

MD5
42129d7c5337bc68cce2349103076085

SHA1
982fc50766d6f711dc421fe00cce2cf92c0d57d0

SHA256
436aceb3700c5f837c112c306bf82c4e77d2fb69252cc2d333296ff5bd1392d1

SHA512
ca88320331871dc1d834983126688b2f70bf0c1558e5df4d56eb14289674cce069e94a55e598859c1a685c94c611eef1f5eff9cc05dc2828790a99f41ab25cd3

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
83KB

MD5
9098cc65cb6d3bae07bc801037b99aed

SHA1
45a02f2c98e719e58ab397be54b23a2fc4cb64a1

SHA256
46e794f3cc7f8c1af79e553928ddb6b9ed72a368110346797e4fa8fd303c3356

SHA512
51bf3eff1dc444cbcb11a43c34e9cc6195562624b14e8bbc918699a14ea8427f5b3aae1df7c78843a1867d5a92f726a8fdcc57df84a4fac0d50602d2e1681bf2

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
79KB

MD5
1785b35720710d9f52e54973d0a97e18

SHA1
026a6c09550792bc2f218fc2440cf83259629abc

SHA256
db443628b1f8a47a7977809df39d9307c5434029dcf8fbf970adeea495693b75

SHA512
599299eb9d4e4279987703622d866db7614c2c728b2843c09462471f3d214f9fa4187914e8ca22012a8111cd9beeeda8852e161706b2f93a0dd6125b218b456d

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
81KB

MD5
6251f81b4f0ccebae4be34842cabc69b

SHA1
ad569986e992c1f1e219fbb3895000a8e4001d7c

SHA256
8ecb70c9d44796d116777ead2f0baa9f1b56119b5343d665b042d6ed0de9a585

SHA512
8ae561e0431ba8dba365894457f815966868f786c0cb2845907d4323e671c0f8ac145b82d6a3ae111fdc025dbacfdeb596980d52ee5ec9c7f95d397e55f961a2

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
80KB

MD5
eb0ff1bc08b62be6dc3398b95c5d7f75

SHA1
27ebf4f86cde0229ccf6985efbc9988d8c4133e8

SHA256
a6ddf69a38b476d3995f3c4701d8726d96529c59bc54a950c2f9ac7519255469

SHA512
fd467b0fff34238fee8e8a0a3bae2d615ec9e2c8c340fd791b3ee78e67b1f82561c470a534fa240cdfe30ac2b067c2b7eb629ddd47d8fe71a6f3278ed2e06720

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
83KB

MD5
796391214e186d05f3acaa96ecdf4f88

SHA1
4d002dcf93084e78397d0968f356bca5b2ec6bd1

SHA256
1b1238384e79290c96c35d96dcf357fb46f74ddb00299342e96f84e6d2965c1a

SHA512
1fce1e3eecb84bf91bd031e6c4f49b1fdb0d7cd9a558691d336ae37c7834726966cf731223ce29c2905ba9588405713882fe5706dfbeb65ed51db9f4e6d8581a

Download Submit
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationTypes.resources.dll.tmp

Filesize
89KB

MD5
7202bbd9c36e5fa09b08c5b054b023de

SHA1
5b821ca1456c0653fb59c54d3ec1dc54d93991ed

SHA256
13a77e59d387c867301cdc7224e3587493cf6c3a7aa7c51689b4c1b9353cce7f

SHA512
24aa07d721ca21bb109dd6f6dfcec4a8e2b201eba57f1ce46d4698ec47240601cce90c726dd8e5b07b00a38d4b448bf7c5479dcea084b42ecb24f929f0abfa0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MS.POWERPNT.16.1033.hxn.exe

Filesize
71KB

MD5
867ad900ad6db1a16979e2b1ca3a551e

SHA1
bf5c3d48fa86a371777d872f3b9190a668a669e0

SHA256
4835b643e9e8150bf7e31e62e328656f6d841cbf5a99aa1d3741d8afdf58ad90

SHA512
f1b4eb1b0c7b9648f85aeb50a3c0a3b558d757bb7024892d452a9c404150b213ac19aa78d2e3c81250efa1ce5351e55606e6a614ee5acfcd00d3a63f5a671c12

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
70KB

MD5
f4d98ee084ade4c40c1e2adc056a4b5d

SHA1
7f8d3c55db6e0cc26f294b6dc337625d74d5a266

SHA256
b047c5793c00fad9663faee8a2cf1bb2d7bf9f0d04aab6d8528a6d3de4718b61

SHA512
99940ab951aad585bde7f9754000ce9783b4f50c476af0c49d081e0929bcfc30f7d796587fc5c2745d30bbc8cbdccac5a9f4ee4aa988bd75b2205db12f32a46e

Download Submit
memory/708-11-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3444-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download