e50e90a7857785788270f99e864b5879ce44c90e2f73f4ce65148ea04b9304c7

Analysis

max time kernel
120s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 02:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8335568cf800207b9e79a1941aff2a90N.exe
Size

81KB
MD5

8335568cf800207b9e79a1941aff2a90
SHA1

1e3ccf00f6d7f27ab68ba39da3cba4642d1f8606
SHA256

e50e90a7857785788270f99e864b5879ce44c90e2f73f4ce65148ea04b9304c7
SHA512

9ff7a1c1b5611a5c33e6538a3bdd6ab962c2d4875aa8c13a0557e8e1650c728af1968a5c372050b57f4af8dc6220628df8ecc56a8a61ef025f55526f7def5900
SSDEEP

1536:W7Z2sspApctpQRtpQR/7Z2sspApctpQRtpQRq:62ssWpACc2ssWpACj

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4806) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
5040	Zombie.exe
2852	_Speech Recognition.lnk.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	8335568cf800207b9e79a1941aff2a90N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	8335568cf800207b9e79a1941aff2a90N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\hijrah-config-umalqura.properties.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\cpprestsdk.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\descript.ion.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\coreclr.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ObjectModel.dll.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Primitives.dll.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11cryptotoken.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-pl.xrm-ms.tmp	_Speech Recognition.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ul-oob.xrm-ms.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\en-US.pak.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\DBGHELP.DLL.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClientSideProviders.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-oob.xrm-ms.tmp	_Speech Recognition.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ul-oob.xrm-ms.tmp	_Speech Recognition.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Memory.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-runtime-l1-1-0.dll.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.dll.tmp	_Speech Recognition.lnk.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\fi.pak.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\icu_web.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-synch-l1-2-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-80.png.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-oob.xrm-ms.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\lpc.win32.bundle.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Design.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java.exe.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green.xml.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ppd.xrm-ms.tmp	_Speech Recognition.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.UnmanagedMemoryStream.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationTypes.resources.dll.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md.tmp	_Speech Recognition.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryLog.xltx.tmp	_Speech Recognition.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Input.Manipulations.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-pl.xrm-ms.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Linq.dll.tmp	_Speech Recognition.lnk.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\security\cacerts.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jmap.exe.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\initial_preferences.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Presentation.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationUI.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\ReachFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-heap-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-pl.xrm-ms.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\WPFEXTENSIONS.DLL.tmp	_Speech Recognition.lnk.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_Speech Recognition.lnk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8335568cf800207b9e79a1941aff2a90N.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 624 wrote to memory of 5040	624	8335568cf800207b9e79a1941aff2a90N.exe	84
PID 624 wrote to memory of 5040	624	8335568cf800207b9e79a1941aff2a90N.exe	84
PID 624 wrote to memory of 5040	624	8335568cf800207b9e79a1941aff2a90N.exe	84
PID 624 wrote to memory of 2852	624	8335568cf800207b9e79a1941aff2a90N.exe	85
PID 624 wrote to memory of 2852	624	8335568cf800207b9e79a1941aff2a90N.exe	85
PID 624 wrote to memory of 2852	624	8335568cf800207b9e79a1941aff2a90N.exe	85

C:\Users\Admin\AppData\Local\Temp\8335568cf800207b9e79a1941aff2a90N.exe
"C:\Users\Admin\AppData\Local\Temp\8335568cf800207b9e79a1941aff2a90N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:624
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:5040
- C:\Users\Admin\AppData\Local\Temp\_Speech Recognition.lnk.exe
  "_Speech Recognition.lnk.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-945322488-2060912225-3527527000-1000\desktop.ini.exe.tmp

Filesize
82KB

MD5
a8b23b136da3c2d8f108f5d26f5b797c

SHA1
08ccd1dd47428c7443655ed8a188a3e4a690f87f

SHA256
4393e16eea3338d3b3af42c384530c41a577ba9499cf2143ce35963490d20800

SHA512
221289e969404f334198a9617fa090f5c3bc8ebd74bf5eb940b6447d33352eae270bcdfe1da0ae7e28641af61bfec6295680b8d696b3eabd0bba9301b57bf1e6

Download Submit
C:\$Recycle.Bin\S-1-5-21-945322488-2060912225-3527527000-1000\desktop.ini.tmp

Filesize
39KB

MD5
6b973ccfc8960c96f77fe98c9c39de63

SHA1
d5e2bf7728cd2a3e1fc9232a530e6e56d40f2986

SHA256
99f20ccf14015431a24a4d23cc208329c4d9ad1e250e4af75f2243d7ec805338

SHA512
3d0b57deda521d393f4cfaac465053ad573f4bf06247c673913cabaa82b1809f9ec4bbd67978713f64323f331cb6b28cf70bcc58c8a8a51a77f911242df61787

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
152KB

MD5
45fd57c13151082b237e30b0c900d7e4

SHA1
31b92fa0ed16630b2717d46064aeedb67a13cb75

SHA256
c609c71c54a8bc403ce0b0b4db230b12127d2506b4927e27b98e1ccd6383ce14

SHA512
129c38f415cffb8ab4ac2b53ea455e78f383a212bdc7514af0650223e8230596bf1e6869083e17aadf1aae8ae967c8d4bb3cbda8db1e5e96fa248cda441d89f1

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
141KB

MD5
755a3a63d692d2013ac3426481eecc7c

SHA1
fbf925680cd338ac048179775decac8a0b928591

SHA256
150359826f7664c4606d8c4b53a8453d88bbc767ac19d7c33fb5455c84426d06

SHA512
25a4b1a2f07a8ea96f5c55c35bc4440554ee78b669f731e8fb0be5c47f4857da4b4c42cdcee10fb93b296cc41064f3aa847672c15a0471c4cc13fdf76e17b96d

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
748fab3f157ef61edaa80cadc013e8b5

SHA1
90542ca0477233292735cf39196a395cb6132bee

SHA256
e9ed852bad94dcb50c3a1001b0199f157316ac29827f64a05c17978c6a1b4a62

SHA512
a929a86557f25e50ef6e036c7d633e49263d3288215532c7e9e9283ab65bd3f3fed7ef657ef34f3081e49afaf3df46aec7d4f348a935ce0e508dbb541e30f4ff

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
586KB

MD5
4c2ef2d1ebff617b54cf9a90c27836bf

SHA1
1f85fe0ccf730bdffc92bda654f041fc88d86f67

SHA256
fc0a865e105e3be95541294d44c54ae747a9920b8d8be5489cb162d7b94f2d97

SHA512
c49498cc3dac6319b47ac3ce1876d7e13ddad1e53ac8f17382b11d00bfae843e2268faa358ca32f7592efc412703c5b05bbad1ed96225dadac4fd421d7071da6

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
251KB

MD5
de5b3b5c5e1f8c8932dac406f463ccfc

SHA1
581b07359e84fb27b3c6557476884a97b4c6e387

SHA256
e52f301aa59f2fa82bd7be73607b21a2d6a328e11caea8d562ffe4811269653e

SHA512
645f585c31c2ba3f7eeef8a0d6bacc37af3f2658b748f152a8c07ac8d75ae3ce76d4bfe824729b50584fc0698aedf9d1554d2c17f8a76c7891ab6e1cf3723c9a

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
230KB

MD5
124346007569e011318539aa1c5580ae

SHA1
8be0db00949c0885020b54b405f9f214a8fd73a9

SHA256
3f7196fc91e9e6dbf49c182969d154d836efe35efa740d36304602764d35459d

SHA512
7e0200d7cdfb18e0d0d3c1f93594e8177abbd1a21ecd6af6e0adc72ff0b8d03af3a08ffe091bae4a385c3e7673936ceffb3e6e0853c5afbbf2a95249a463fcf7

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
972KB

MD5
db2d883ad0f1a3a2e747445866569241

SHA1
c04163b011916a9c1b2bbca6aca883fe7b85843d

SHA256
2503835ed77cb8c19ff433c0b56fad3685d761cea8bcabe4a8755dff63b26e72

SHA512
0281440a9f78fa001f06875fc5042d09eafe32b68796d604e5398977d64f9dc4cc3f898d613d409d6c84028331d04d0fcd23d8fe5c05009019f2d0fead1ea8d9

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
726KB

MD5
68371d2c995d9a9b923287a484220421

SHA1
68196c687abc349d581bed112747a300b35720af

SHA256
e8296dd2445409dddbe79704e7a0701ef5cc7e922e6e0f06ec433f59c2f5649e

SHA512
1c47a227bf8bfec169d1a9ea92f83db9faab16c1f46502713c30bab669a2607445f90a6007831158e811ee6cb88e8af4741963ec645d9969756869631a24a973

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
99KB

MD5
1d6a9ff9b502e574f8d65361aa3685ca

SHA1
d347539890d7f688b6014df6709cc83be9e87d3b

SHA256
d402d5882b180b13ace2fa4a47cc599b47beb28f234f15ed2fc1ad11a1a51047

SHA512
2b3586d73d4528b08833b1376f781fe6c674371ddee03d51d4b48bead6abc756e9fcd958bd1cd79a6d32d6580c67acd36e650fe2c6e90e2835a361e9ad1449da

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
49KB

MD5
045fff3c43f01c8066c4d3c2a18a202f

SHA1
a076f6f1798bec75e1399e96c8b1586cc5e64b38

SHA256
68ddb1b2954835658e3dbc58941cebd83faad115197aa1091ebb67a42f133dd7

SHA512
b788eea6115007d76303ecc551b19aecc579d1c7d0ffad71de5dfedef4a9e7af353fa6830d67299c01ab0fc31ac3d793a3d78d85c53b1bf389ce51198089552e

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
54KB

MD5
0e23a4826977e687ed1e6bfce170f05f

SHA1
a7b6bf2eea27d78a3827e1aa7a0161a6692c85a8

SHA256
b7ccbce314dfe105f563585e487bbf50cfd6fe8325c37c67e7d3ae6e51492c77

SHA512
a05dbe844d8f069ba2847889e9afc112030934f3666955a10ddd1bdf434a1225f99e5ce80287382bf7e47231a4c05aa3d627e750bdfbf2b6218d68ef381b0349

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
39KB

MD5
ff7b7b71a628af296311fd5898650d85

SHA1
70326569390f77a5179a6a237f68927a7fad7535

SHA256
bf107c0ea235da390cf1907a4e883d180c866bbbbfd72257d779b57f7f78560e

SHA512
5fc292cb6f20e1481b7adee846130cb188c215299cb6c382fa483c5ff7300b54be42bdb8aa0b9d57456705d62f3e24e689829ec47b67c6acfda5ed5616c1c160

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
54KB

MD5
d99500abbc2ceb1418ce67917ab84ed8

SHA1
4f621be80be253a4ce22f6b3dfd3fd4e1268b5cd

SHA256
22e0b9d0666b90c863bf0204969843a043541d0ccc0e24340cc34f29f988513b

SHA512
e261cb7011425f29727c2bf27f6f1d5eb4b08db8b9594bd0cccb0b53053715154692a37564cf9f79f75e77f379f67da75b3328c9780dc50ee6c7e53437982a5a

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
47KB

MD5
9650b69e1a4b26e882df8e012a1214a2

SHA1
6393548a7836c660395cbb5554f34c6e71567719

SHA256
f774d69c907168781808cdc490aa71a3118e70c7c61329986d861d85b0ad7858

SHA512
5b7f600e0ce519d3d9ad31f5ebd9c4704e71b960431b485bb0c9157e5a97b342a40ec12a243084b90f53d8f13e525d6ebd48b55477431937261ea91ecb191dd8

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
51KB

MD5
a3ad7dba8788ffe47a4a23d9a64d2152

SHA1
79606f05dfb8aad17ba2ddcfe8ed4e51c13c6574

SHA256
300e2d21d9ea7c16f6119ed58f0c6fc2011a52744f77042d0adf4e7ac7952c06

SHA512
462f4b8d493914b4f52b1bfd6c4af99561e8232fcae264afbc0b5c695f375111974203be0dd94771f9166faf9b659a2d691c92bd3286966e69b431cbb9bb6727

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
50KB

MD5
4c8f18a04b5d0f36a3371add1e48b15a

SHA1
50d3bfd73d91c98889e859d1cdea8804073f5106

SHA256
f7185267acc261bb96a5df4f2ca2e0bf51bbc7a8f48dccf6f56018d19cc0781f

SHA512
6061f38552654436a984fedb78596df448414c450b44a1630f5e957bd0f498248720cf14823d6e503e2cdddb74bd85cdcaedae1d9b0a445bce286a6e64107e4f

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
58KB

MD5
523bcda2141f53a8fc3fa32126a4df6e

SHA1
1dfe27cbac8753044739003a0d84dae064286d2f

SHA256
9db40a3c3a905eea587e0a8e6435295ac85fb97770db1eee3e337aa6f75e0c5f

SHA512
099f0c1dda5ccda9d29d240bb511b49776f2a79a3ae26d69a8bacb1e464a6d5e81a346833ab7b45cc3d02b137211573f4f09517ce5bb11abffdc9a8d4d135db7

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
46KB

MD5
8ae403e9b0b36bf461075cc04858b96a

SHA1
1c1ad1eae45134eef44efc1a31516b502e1459ec

SHA256
b982239171d23863a687520a6e329143dc51b205b4e2cfba2458383cda6c50ce

SHA512
980ff4137445bce767377af41fd7e641d495ec3d8c73aea1847f83f5f37c4dfc373d6f5b468cd4960b2b75bc8166c6609464f243f3936b3a3c4eb23d1eb1e69b

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
55KB

MD5
8001ac882395649f9c8c381235ab2b09

SHA1
8f8ebecbc81b749c70c823d751991efa8f936fdc

SHA256
3a8296bd2fc7db706347ef7213a4331fede3cb43111add66a27b244b7be900b4

SHA512
d6ff9ced65a829f22d4451b114586177b5fee14d4ca5b48110251e7a765039355c89b57b1175b376918554675977d4f84a827c0f557a06b940ba0432e630a849

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
49KB

MD5
9fc1793cc3a41bcbf683bcd2c3a093da

SHA1
7d859cd6fcca630096aeb82ad8f44dc8dd740eda

SHA256
c4421dbf3bfdc13be002c1f990b494fcbb1344646a743f8d94cbcf7a9e4342d9

SHA512
3c6f1b6ef44b207ac894fa689a14e1bf6f450f0e0de83a3115709d1035a27da4efcf10ede26acf4e51b66d5a6f530e8a318fdee182c6eac0e04b7cf7b9a320cd

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
50KB

MD5
e7fc95a4f02d75aa9acf7585213bc8c9

SHA1
d17347aadde3ffb13f4e5e3cd083b14840e5a6d4

SHA256
9c44ae6f50c00e9a3385961df81fb739af1496bd2afa9c8fe54a64bd4429bd80

SHA512
4186ff9c2c1f796336f817873edeb452c93076bb001e20fa64a47ded936368356d52e36cd3373e52e3880d142ce3c1133c9f0b6d870b2653c5e01c9c631a8704

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
49KB

MD5
95af4973c759216a8e44cd2aa01b64c1

SHA1
22d129ca851c66af34b0c9fffaa7f854cb0d03c3

SHA256
03a356447ee5f8d2154e592ac99c7fad5bb7d313243de08d2bdf7b9a7b3087b0

SHA512
232f5406ea582415e6662cf0ac8a80649902e19d98643fe2a0ef52f33c9b14cedbf551c88eed44466afae43fd649b8ad87ee25aa633e0fa6c44a50c568f45786

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
59KB

MD5
626db520c14dae1e39b137134a9a7907

SHA1
266b70554ab6d752b5749cab9a19ae07873550d0

SHA256
b1ef30855762e91e8944e502d4c4b60ff293e1d022034c7a89bc98f2958796a8

SHA512
bff2713851529c129937297bdee1bc90adee5836734c5e5b12624ae52a57dc9a50bfdf95933df3b50105787b612dd66626ad961d6434bfddf39ed7030db13893

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
55KB

MD5
3be774dcaa14907dd66c2ee2e9fc75f2

SHA1
23d2f28e516debdf0f61a697e1501a97a1a1231a

SHA256
83dbb9f6415d9d9ea0bf4ac3b9ea01bbe38b9ec6d38fa0035ae7a709a0781bc4

SHA512
fcaa17ff782aa20c17a5a5ac7840b747adbe5c78838893440b87e458f1a1b3a83bcd45fdbb8e9b7d1852c78b8fe5e9bf9f2f62b769e5c66a76821d5f2e01a635

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
48KB

MD5
b8bcf525ea61a5ce7ec6a7141f956309

SHA1
7c4eb114ed42b4e4174c1ffe2cdf2ae8a9626b67

SHA256
98cdcc6edc121f08766fb96960d84df9034fb7d60f879e5efe86415301f148b1

SHA512
0f4dfb957a0adf90f2aeca95c2733e20ec7afa3ac5dd1db3e24d7b05cd0925ba1e3b1f34d0985302e9dd5840817ccc0faa0568598a91ea1e493a1fd348710c4b

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
50KB

MD5
0699c25cf51596ea759d4f4f409601e6

SHA1
3d53ab51c7053fced64b4fe1d087b256652ad0f7

SHA256
e883d2f172412bc3fce0a72f6f368f1dab7d9a51aacdee30bdb53c3ea5b86156

SHA512
01266777161b7aa8a9d9a9bfcbc03e47959ff05fef0591407183a0bd250cb7cce065fd3dc4370a23851b3e747534d04388f796f4f4e469f8f30b0cfc997c6282

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
51KB

MD5
361ca316d388decca596307afa3cb35d

SHA1
e3089a9af3852a4dfb1e032d9cf84d59478256b3

SHA256
51dc9df22ffb612058996532a058cd09fd68781203953c1c03ad03cc63ac85b3

SHA512
cbee6d5211e3eb90f83dc8d938f32ed7c6d8483cd8c94910ce6bd92b871b472b89841881d883f7a0e5087682c50cbf13752b1be441c9d9b5752147197610b3cc

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
50KB

MD5
1c307c508c4575950019c78c39067743

SHA1
73d4bcc17f7951f9b147296277f63fca6a9ba1ca

SHA256
49e40b741a87d9bb9e5f05ddfe695def80ab1e0311ce6d85ab1bbf9f0c917789

SHA512
d28c2917d1d997f7fe8b07858b88cb5920fcc52a2c22ad8bce0fc7060349c223c768ddaf63813ac3a6b63e47c457a8736087b2e0a8b0312065e5e94bbc121c16

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
49KB

MD5
96ab6998dad479b4119d03f1b46cacae

SHA1
dd8741b06b9418fd2da82f2eee147aac22849b36

SHA256
86d31808276bdcd17dee40d35431e3b1af01409218adbcfbc48f3dd84620654e

SHA512
6b2cb24f29e540aa40ac8f2c0444696f0c37a4d1520654c7c7ad16f5e55aee2d90e81613d8ee2484c2ff6dc70973cd6e00140ebee48bee29a5c3fdd0f4c05807

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
54KB

MD5
29755c743fdabc4f8ae593b312ff9228

SHA1
1247028c2b429f2349871c6ba0bc23723263db21

SHA256
7a48d06d163f546b5303255ac7b866b88bb695a705a5a05de3886f45c274d151

SHA512
f4188c44347bba0d531c721142f957a7ec96419fd86d4474bdc98fff6d8a75b4ae160e1bf7a1155fb47c827718189c35f6e05a197bfde1cd3a4640f65dc18ab6

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
47KB

MD5
354d8b934ef8243c97f62cbad2f3f261

SHA1
bc413f3c9a72be7b585a803155798911e83a96a7

SHA256
5cb444690604c879674b857f5fc7c955635d2c174435d7d5b8845fc2b860732a

SHA512
9152b7ad6e70d26e57a79929bf8acb59563919e9fec3e2fa172a5977226a2708881476c2c66581355f0447535cdbb2edc9f4347c1018a51e645dd02e4c5d5d19

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
54KB

MD5
f91a73ef1647b1a82f6788a889b2550d

SHA1
e757bd0257ad88205bce55edaf0b9a57ad3added

SHA256
86d40c3429c97376f43fd257e58d1fba730bfe30d7164a8db28fc26602d19f67

SHA512
90b0717bb2ad2614339ee6b5e421c48b294816ad1b4877d06ff0c3dc2e61ffa4482bb5fa41659d4b96c8a2e4724c577a3cedb48cfe07ec619039971ce1229bc8

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
47KB

MD5
f50c9f58c779fb9448c5a3c57f6f3ca5

SHA1
4eb823abf7b6444f2e6c8988f9c5ce5433a15089

SHA256
12e5eabda0d8a05661f97f5a6c6b21c3a04840ffac2462f4b58946f73d15af07

SHA512
e243ad6a9b7d109785b57d3864d6e99e56d48eec910072477ead8e7f650783c80c8a4351058f17e902d72ded699201a3eb9986ca3d2efd026a95fc02100ea0b5

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
50KB

MD5
9f8930bfac0740cb628fcc064934003f

SHA1
b931e3a9b26f598333a2f9d1df3b03aa3efcc905

SHA256
54c0daccb75a48c6876d6f6f44ae0bdb9ee3dbb93d02eda67b7415931d9a301e

SHA512
454a6a286af2a7e8f4f9017b919fd4fd6185d3743e6aead027379c67e98b2f0a48d6c50806b605b06a048a66b9f386f90d93b6ff0cdaec7c13780a0ec549b37b

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
63KB

MD5
cae58d85c648047ae559a8a4646418d3

SHA1
6c143d616325926a073a627e5bf2f574dcd84d5e

SHA256
3925c8be099513c708e0f452aed135ccb21653df322f2f7195820ddabd3ed5ea

SHA512
000e6436c1b5f958934a6b3e5bcc2743cfc085af5896fee15fa293cc00c4029a9dbd89ac5057af9e533b4ac38868fe4556ea55f85ac3754741c74a47c69e2c94

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
52KB

MD5
54ecde1dc0494b1a01c2111eb1c4cd57

SHA1
8e8838a4e1e8f71ded661097d25a36ea7ec239f8

SHA256
345489904d17502aaad1eaf08feaa4ea26516293ad9c121aa9493aa0352a34b9

SHA512
aadd9fbd29d23deb3afe86b1a458017e97f19ebd23ceab3c0b80954e510eae86c0493fd4e4e8d2d9f77d2cebebe4c3cc0c95d64e9fb15f761d1fc1c3982139b1

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
39KB

MD5
e5df4fbe69f6c1782c36165b8e99b6cb

SHA1
3a90c623ca3cfd9000bf948e021bed0a9cca49d9

SHA256
b7c7cc06e531b0588fff7b10e8252b6e03125dbb787aa23f7d724ba32c2720b7

SHA512
b97327618cbca13ffd6b28c5b31dea4edd883a0cbab8767fa91d3af16e24acf76031346b3ae92e59b8db352002a96241c2ddebf25af4b7034dff77a98bf6ac66

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
55KB

MD5
977b181bcc51d4004fa0c55d9e4c6823

SHA1
a1c30d0f65afb83f6dd7c06d9f5cc0292e385720

SHA256
988d66ed3b7459e081874525d957e34782577bb4760aba2162b0e4b21dd165e6

SHA512
18757a26f4e8184e25a91c0cc6c356d03a635b1e600932ede11c2e6eefa31d74c4b165c1955b6ca91868597aa7897ac51ec03ccc867cf9058b2f355dc7988146

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
47KB

MD5
3b50d8b8aec0a788b79db9d1c8ddc59c

SHA1
e54afcf052b5bd0ac0b9a446e6b26ec3bea3bfd7

SHA256
366e716a64b6f3d3dea4890c2a891b05cfaf2c687df0760b171c68b4746e6dbc

SHA512
a666e152e2d436f3321a928c12f5ca0449abc250c6b4f8d2fc82f82c61d340182911d6064c27f733112a215c0c67bf148b25e4eb3926212b32dc594ae33974ff

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
56KB

MD5
fac8e52cfd9cf153391b18a2493a5f6b

SHA1
f6d130237bc6c90e2b5a6af0a606f0ead2c5347f

SHA256
05d5c431bbcc0978988bf6f7df025ff370698cf9fd81198cafd9b57b0baa497d

SHA512
988b0f76d52997de1c24af857ac338c76c64ba11efabe83f48060e342830cd3d0ff58df6fa22bce07bd970d0a8ef7058a7e38dadcb097dcfcac1552c23cc6bc6

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt.tmp

Filesize
51KB

MD5
8bf621d5cae5711e418a4cc8b5567a31

SHA1
e80aca3405c72328dae2d1f697303551296a8e6d

SHA256
38648aec1efd8829f6f595ba0c43806d5d87afef99b620679dbc736d104e5c53

SHA512
14b185189cefd8e231d1d7ab0cc367dafa450421bb7553bb816afbaab9a6d9be12f1865547caf43ffbc8ae666129b0119919c1a9fe8d71e57a76e20e8d6dadf4

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp

Filesize
50KB

MD5
de3bd8274898f83c3b1310a6e09e8600

SHA1
c416b24355620f6af3d6d44aa06cf85c3f388b18

SHA256
60679df802729e4f0d39dd9febdf8e38e3c2c9ef4ebd242d5ed253d4e8122076

SHA512
ef7f6c2e81c679c2beea6ca77cefa2ef709a0b8a67be9c24770d48ba5cd773af2f3bfaf1be13522ed86d71d715366c25c77b76cad62c297aabef2f4cac685df8

Download Submit
C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

Filesize
49KB

MD5
36233e6422268902b02c1c2bbe0573a0

SHA1
b91c27b731df55b85572d3cb05a75a6846b34b6c

SHA256
bce6dca0c29d9733d72554830a355e80b0eae36d81d9d3bbd7c136a5ade86c86

SHA512
272da83b410ff07e6c251eb563d5efc81e8e1e9dbd87129e06956327a4fc8aa0d586ca9039762fdc795f7a7e99eaa7dca6d6b6910f5db0d636b892c74e64d893

Download Submit
C:\Program Files\7-Zip\Lang\pt.txt.tmp

Filesize
51KB

MD5
8dbb36d1baf15e2844e5f4271985f710

SHA1
23286bc7d93a7cc2f118c002d84000a23a5e18f6

SHA256
b87c22ba1deab0afb520090fd3c453138a4ee21688ef46057612f1e60b2d80a7

SHA512
dff6e6fef4fa0e1f9cdc583a08d7ce0256e101d05fdd5c25e6ce1e4480f5394519b69af5a65d20115862a02438b86acaf34545dc788cd2d091f014a2b76a4346

Download Submit
C:\Program Files\7-Zip\Lang\ru.txt.tmp

Filesize
57KB

MD5
387fc47c7d2f42f3f73fb4bbfe734354

SHA1
215e70feecf947331439297ec13ad7512c084020

SHA256
35668b433d9567768ce0ec58c6d6f0e29488055cd06fd307b7dc75b4e1541621

SHA512
80f9bc312038b6fcf2ef94014b1566323681be6748db4df7441974e7680ba3a7bb47ce4bc180b9a1ce08289c0dd95cedcc110d7ca6054dd8bb9aa9f4a27df1ac

Download Submit
C:\Program Files\7-Zip\Lang\sk.txt.tmp

Filesize
51KB

MD5
5fe641ceac6adfd72a231cf852c22a98

SHA1
926868e86330f8c4823be3b1c94f9479966ea362

SHA256
c38f30334f1f3a36d082ead54f506b6743a66ea3b58f6bcdcb8d0c5e4f616dba

SHA512
acb9c52a522d5f0a99a1eab28171d8e53221089a2a1335f1a793c27f6d2b1455614944de6a6b2a5f5f82220c89c1d57ec1dc52d5849d759f81994236df4620ad

Download Submit
C:\Program Files\7-Zip\Lang\sq.txt.tmp

Filesize
48KB

MD5
c069a574007d577c25716719ea95b5e6

SHA1
d01fb1f31547d87040a8d01f3c8293425ab70f24

SHA256
0268b5efc81cc8bda8ba9bf7a61cd866adcac4e88c53839a1caf1f36135d535a

SHA512
9420b6b3e6a805a49335a85a411af3cad24804e7609d2902cef9fd32c642578d324445135263c5edf71f425611963e9730e645fb672d47104708772a61960d86

Download Submit
C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp

Filesize
53KB

MD5
59ddbae03d113c23a61e4c6abcab5821

SHA1
33986ba8126586a731a2ee3b65cb860d9a9788ba

SHA256
b5d6818850ce333c6c0573d87133847d74db278b5c3079a5d9ff36ac511560e8

SHA512
1d5922bfea178f8186a8988fb870cd4c04fd8ec07a94b7e877f187daa17a98d2fc435db1820df4bae5a5735ee3224dea8a46bd175655209d8cc287918b8c4a44

Download Submit
C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp

Filesize
49KB

MD5
ca6f002eaaf91f2e15098711181103a4

SHA1
806cd8dc9dca127583df480fd1e357f76066c1a4

SHA256
5eeb6986a8d292232a14b3dede6ff5b6d6f138baa651a132e4f3db380c1e07ad

SHA512
515c5dbe8c2fe17dfc646c740a64e27074dca18eabeb26fb62a0d0b05c5c98ddffe7e52d4b638b6348b59af01632f022953b59cb2c55cf0e1ceccd75224d667f

Download Submit
C:\Program Files\7-Zip\Lang\sv.txt.tmp

Filesize
48KB

MD5
d037a0dd71c3b4fccb2e8914d7e087d3

SHA1
5c1182cf4532b43386a560f309bf5d7589546381

SHA256
4942dad715c57864b931a8cb45802c49b92ed187e0c4d3a3661c7832c9e3aa53

SHA512
b8d4cbe1f7de6ba77c0b639aa531f6511d227fa39371698735cca058655de82c5ce87620de5969396b78a9e2505df3f4452d8474f4b1b31356a4cda7c2da19a2

Download Submit
C:\Program Files\7-Zip\Lang\ta.txt.tmp

Filesize
54KB

MD5
46a9a7fba52f775711cb1fea8a6fed2f

SHA1
c795cf358d616fa9374a798d248a5061fec2ba58

SHA256
68d564a0c28e0dedcf10a26f4be07917b05fd5ae0e52f8b2348d5d31c1a4f096

SHA512
966398331ef8da5d5a3ccf0dd8b6b435cd830d8bc4142be73ade305de00120290bd2dc01d075eed5f0eec0977fed49906e4c4b926427f7ff83a892f8aaa6447e

Download Submit
C:\Program Files\7-Zip\Lang\tk.txt.tmp

Filesize
51KB

MD5
7488932b74e8d21ded2f2be3b5e14a52

SHA1
2388b6956e6bc971133649573d0adaee0b041fbc

SHA256
5434eda14e3d94bfbfb6567d808921256e820259469a7507cc7078230fb3b4a7

SHA512
7ea85e45b97dc123131238959e70f0899b76480674d595158926314dc5139b3a670ccfa88caa988cef25650810210a65a91d5e93ecf4c3fd3eddbf385c626b07

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
42KB

MD5
48aef716326587b50c37a57bedc1ae0a

SHA1
49b704939db7616ee3894b93ed75cdce4df5c7db

SHA256
305db2fe14484cbc794148d1731dde0c9d9d2d10bd854d9a43b88e28a176d7a6

SHA512
2c0ac15301e67a004eb367e40efcf6763d005ed57bb4f0473ee31a5a72e121d05b8672bd3e171c7bcb4b4e1c8d4618b2246afc2c1d41f8f53c9d0f60ecc453a4

Download Submit
C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp

Filesize
48KB

MD5
ebb238ab7a6f73bfc6b57e1fa50ecb54

SHA1
d9184956f2c11c0a7fcf3f949ac446e431d13214

SHA256
b3c433075d33d3771dcbd53228600075d235327719dc0a67c982955332dc398e

SHA512
7ef63a7c90f8f420832ce7161d024a91c74dc6908d22be02733392a59360a02794e8aad0b5b41853a7f7be6e17a6f789281cd08cb18309bf6b70133d7c8b0eec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_Speech Recognition.lnk.exe

Filesize
42KB

MD5
b05ca4c05035de486b6539b65c04622b

SHA1
e181b7ebe0c30ed9c7e4513f33f2f19695ee8408

SHA256
6f527772d5001100f4a632a6f51fe73d995c474308d94a46f7ca5a4e1e6de937

SHA512
3537d37c573d4f497648cbc5cadf7e677d15082a4fa5fa81802c56ee8cb221afc11da0f741cb0dc601e91789cb1949749fdad828dfd583ca5e6efcf3be6c1c7c

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
39KB

MD5
044cdedf6410d4f0eb6fec3982cd8dea

SHA1
3be3624ad6e2d6812d6fba5941196d558d538471

SHA256
4dc7b28e04a50a163cda35b17de1fbb714ae8c55289faf41477b074d6cc402ee

SHA512
29651dd61ec41112c2f85c15c03a3e8d6465095e0caae338fd198e7fd3609d999d3d6734c33145582851173010afd0f383f9aaec28b466207af7517e96e06d60

Download Submit