eb905719123e80e5097724466a41664a27cb81893a0cc76686e85bdc86368d58

Analysis

max time kernel
119s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2024, 16:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5a03dfa8ef63de30efddb7eac81f04b0N.exe
Size

86KB
MD5

5a03dfa8ef63de30efddb7eac81f04b0
SHA1

59b27bfcb62cb176d499f8a8eea34bd2733b22c7
SHA256

eb905719123e80e5097724466a41664a27cb81893a0cc76686e85bdc86368d58
SHA512

d810a22315fa37c73505b0cb13e167e28da73b802f1ff8b4b12d4aed6d36ee984431200d2449516b316322e7f91e566d2cc4b0dbac07345fc345ed386bec1427
SSDEEP

1536:W7ZppApBULcfpHLcfpyDN7ZppApBULcfpHLcfpyDP:6pWpBwchcwDXpWpBwchcwDP

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4698) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
2140	_Quick Assist.lnk.exe
3932	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	5a03dfa8ef63de30efddb7eac81f04b0N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	5a03dfa8ef63de30efddb7eac81f04b0N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Annotations.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-pl.xrm-ms.tmp	_Quick Assist.lnk.exe
File created	C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp	_Quick Assist.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ppd.xrm-ms.tmp	_Quick Assist.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690.XSL.tmp	_Quick Assist.lnk.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ko.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsBase.resources.dll.tmp	_Quick Assist.lnk.exe
File created	C:\Program Files\Internet Explorer\uk-UA\ieinstal.exe.mui.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.EventSource.dll.tmp	_Quick Assist.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\DIFF_MATCH_PATCH_WIN32.DLL.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Primitives.dll.tmp	_Quick Assist.lnk.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Extensions\external_extensions.json.tmp	_Quick Assist.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.exe.tmp	_Quick Assist.lnk.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	_Quick Assist.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul-oob.xrm-ms.tmp	_Quick Assist.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\msjet.xsl.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	_Quick Assist.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationClientSideProviders.dll.tmp	_Quick Assist.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul.xrm-ms.tmp	_Quick Assist.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ppd.xrm-ms.tmp	_Quick Assist.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ul-oob.xrm-ms.tmp	_Quick Assist.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-pl.xrm-ms.tmp	_Quick Assist.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Handles.dll.tmp	_Quick Assist.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsBase.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-pl.xrm-ms.tmp	_Quick Assist.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSIPC\en-us\msipc.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-1.dll.tmp	_Quick Assist.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ppd.xrm-ms.tmp	_Quick Assist.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.manifest.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	_Quick Assist.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\zip.dll.tmp	_Quick Assist.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libffi.md.tmp	_Quick Assist.lnk.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md.tmp	_Quick Assist.lnk.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	_Quick Assist.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml.tmp	_Quick Assist.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp	_Quick Assist.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationTypes.resources.dll.tmp	_Quick Assist.lnk.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md.tmp	_Quick Assist.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-pl.xrm-ms.tmp	_Quick Assist.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXT.tmp	_Quick Assist.lnk.exe
File opened for modification	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	_Quick Assist.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\config.xml.tmp	_Quick Assist.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLPROXY.DLL.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Calendars.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.dll.tmp	_Quick Assist.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsBase.resources.dll.tmp	_Quick Assist.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5a03dfa8ef63de30efddb7eac81f04b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_Quick Assist.lnk.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4800 wrote to memory of 3932	4800	5a03dfa8ef63de30efddb7eac81f04b0N.exe	84
PID 4800 wrote to memory of 3932	4800	5a03dfa8ef63de30efddb7eac81f04b0N.exe	84
PID 4800 wrote to memory of 3932	4800	5a03dfa8ef63de30efddb7eac81f04b0N.exe	84
PID 4800 wrote to memory of 2140	4800	5a03dfa8ef63de30efddb7eac81f04b0N.exe	85
PID 4800 wrote to memory of 2140	4800	5a03dfa8ef63de30efddb7eac81f04b0N.exe	85
PID 4800 wrote to memory of 2140	4800	5a03dfa8ef63de30efddb7eac81f04b0N.exe	85

C:\Users\Admin\AppData\Local\Temp\5a03dfa8ef63de30efddb7eac81f04b0N.exe
"C:\Users\Admin\AppData\Local\Temp\5a03dfa8ef63de30efddb7eac81f04b0N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4800
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3932
- C:\Users\Admin\AppData\Local\Temp\_Quick Assist.lnk.exe
  "_Quick Assist.lnk.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-355097885-2402257403-2971294179-1000\desktop.ini.exe.tmp

Filesize
86KB

MD5
e462259dde434362650760dd348172bf

SHA1
c99e3ec76fbb5ed9462a7291f73611e6eba246fa

SHA256
3a8574a1b24a027207b5db7f7b8daa15244a6fc5147c2d6ac87932b50c153023

SHA512
f1e58dae03f3e1eee0622a0d695079077cc9daa0528d7459bc7f5b714f77c2cf4ce423fc0b96db8b8b6f2c30273f2ebcfaafa16c5ab5af7a3b9da3ecc7c1ec59

Download Submit
C:\$Recycle.Bin\S-1-5-21-355097885-2402257403-2971294179-1000\desktop.ini.tmp

Filesize
42KB

MD5
8b7e5965c50e49a4eac012822867a971

SHA1
5ca579279277f7d70ab9e1e7392faac2e37c844d

SHA256
fa856a1a2b769520164bf4d52c09d078a9c7fc1b8124f096d21d51c8391eb096

SHA512
a62d935c235a61d615642bf9d5b23e1083c5865baf14334137860b001464000a0859bff4256d02e9d6a1ef382521e00098d1935d828cde323f879edd814bf4d4

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
154KB

MD5
13a049047b6df8378f4cc93c5acedb93

SHA1
afe738172b23ffd8a2c2b50691a3e58c26fdce5b

SHA256
b1b435977e0c34fba62a337dfbdffa9cc389300e0b1a719762e2446046c7b0f7

SHA512
09fd842419a1804d3fdf56c4c5457de12bca49ce85de584463745a33470412b7eb71f4cd36c348b6f5992958632cff69d775a44c404226425a4a300f1f77fa4c

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
315c03efec4b4dff862c7b6c10529016

SHA1
340c2e4e14a5fb091f7e886872d58336eef503fe

SHA256
21b8db59c683b69d8206e220913ecb4a29f3a4009ad72dc1f9b66f777e49fcbb

SHA512
0e02fa403b126c4dc069390e7c234ff186716849cc795faa6bbf4e919dc62489d1c231ca158e10181967895cb6d9e6671a204926a157913705079574162d1a4f

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
a93df49eb0e5f770f502510dc5e5de6a

SHA1
2f9ab133c3982011475aa66603421bd21f3b7d87

SHA256
df7a6935af2744a7aee0c19f82bd200b2bf44808f4236e8d6025c6433dadb9d5

SHA512
dc19e9cde3d5f4834f655a3aba5a3a7d8dc23118675bd771262d975552fc0e0e23d62b5c15216486a7fdaf7768f8679051987da66df4d21557f69736769ab3c0

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
588KB

MD5
a8397e58df943f1a823a81df1ab71ab4

SHA1
4fc2d7aec828b800339ed3bf0380cca7570d806f

SHA256
20a6c6f2f3c6b2bdacbdb25672d842efdd82d6afd1d1ed8b214fa4ef3f3b8b99

SHA512
436c69ac3f5771f860b0cb8212209436e5f830dd33a42072e9c18bfaad3d04faab93736fba612ec4327c0f9a99a62ec90486504a5512d3a05acc56a470596426

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
253KB

MD5
f024e8b81dce360f46c914f22b22836a

SHA1
52e049a3c41054a2101e25519c771476a26d2314

SHA256
83996daba514bbf4ea1d717582ec74e34effe40bd9b4c765b3c22ae771deeef7

SHA512
a68607425a3afcb762a0dfbb608db6a68e65ba38f81062cff0027cb4ba77c29cd20e2a95d6449d716d050264fc3b39025b17f5f8174263c2b7b9244171542713

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
232KB

MD5
4e3f9f727204bcc015a2e89a9cd70bd5

SHA1
a467271512776ebf46902bd0e90646dbd4f045a1

SHA256
7daf3e5aac787fe9b6826f795632aa25494b8ce4663ed22eb34d2f128b0aefd2

SHA512
d086ab62e3bb82a6b413963c5a2b9edb3fc260a00c3830ad1a80e96a63f9edd9d1e3f9a84da6764c369b0e1cd79fb938cbd11f7e8934a8ba5d2b46cced04cde2

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
974KB

MD5
ca5e5583daabd99c8b1cf9550ae076bc

SHA1
2ed3162c0d6cd77f98425eb3c45b9d0c32220479

SHA256
4fdf5debdab8600e81bc7bcc98b08f897fa10a14d768b7162f7445c8b375322b

SHA512
496867660f7608503011ff7bb01b5f2c8df89956e22db13783117ed880bf89728b5845f79596556e1f13298fa8cab0b870ac5356a4d922e911f12dd58009de98

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
974KB

MD5
ccc4ae3b8c5ec35b2c3793ad3a605499

SHA1
9e59067aec3fc4de3e743cd5f1db8a91a3d83266

SHA256
b4f0e652e54b1e019fae8b0e72f9075ba7c83379e169340dc96aa67cd4ee5239

SHA512
4c0c9877dbd24f0d032a7df40859ae7f5afe3a5d49718fe1e6545418c20bb7494d4b3298e774f34f211d9042105a052db8f6a91d2528981df9f8da9f2a84287c

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
728KB

MD5
49f5ee6a1bfa79dcc4a7c4cdc487309d

SHA1
f65c2e6ca4e472b807f7e91ad021c20a99541c4a

SHA256
a058dfa0015aac4bc880107fcb8287b614f20509ff17cacfb8f9dc706a20b481

SHA512
75ad41be9cf29212481b525181ea3dd8ae60cc485d5f1da27d2659a02671a3dd773bd5c82e81f039530f636c40daf28001055d34511b2dabdbfdc236f85b1ad1

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.exe

Filesize
54KB

MD5
97d68042641588cd49787ade2d038dc4

SHA1
f9d56482e70b99c8922e10649f61cd6facb5a494

SHA256
c0138fd6d960be2274320fae218866b23dbd016b9a20682d46967af3d546eaaf

SHA512
a3ced8e8d5287eb7f938c0f87b4233117a597f67a9d54503f2900c7586ac591b31b2d911b00bbff7ca63cd91e4e0cc9fd8b9630258fc3b608681493013661753

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.exe

Filesize
51KB

MD5
80dd534c1fcc4f6312a0000881f3b64e

SHA1
561fef2c378e254e7732ca9a3e74bfcecc49a0a3

SHA256
fddb1f78b5d24cb0dc4f11e67a09e76dc548a6558ef29daa8d6f23b7ab482a37

SHA512
cabb64f65bf581c193dbb98c5b522e07aa704fcc5267499c02bd9c2776a76aec1a8db47dcdd81967fcb28f3a469794630b594158f287db78c200f45c5197749c

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.exe

Filesize
56KB

MD5
b91c7a1bef251a3fe6ad0557376a5566

SHA1
1be16fa76a4a70ad18c81c2d94788e8a7de80769

SHA256
bcf06255bef0b8d5b9869bb9c7810fec994736a73b9d140ce8baf16ec74e8173

SHA512
509cc3692789493ef8b3e87d68d3905404ecf87425c6359ab4bb65ea55d0e0cb3c9697a18fcff5a605f82717e601ca055951c620abf328cca8de488c1c1711f5

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
53KB

MD5
e33b844d6a906123ca180494b8d239c6

SHA1
24dbbb48076bbd21ea8a2b2d72cffb4634be71b2

SHA256
a2c2cf291e59cf60a31f832037a3795f59790539713068b7ed9ca86128d406cc

SHA512
5860c75142d17000bdb42a1cd2012c01c787c54a23893884837682076f8f22e4a25358fff04e90275093778ef25f28c015085720ab9dfe9a562bd26a1f424875

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
51KB

MD5
beefe69a89c59dfe23777dec44905913

SHA1
82ae34dbac1c666c8e3ac358c595818c871cefb0

SHA256
442a42c714aad226f60184b4644156fecbda581ad895787581ca57679fde9fc1

SHA512
2a16fe998029f2b70f2ff77e65695ab9eeab4b88762c922e3242fb4f817b48bb49d8bac2d4ac66f556a5c2977215d644e91531f73636b84951869e01bdd64b37

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
49KB

MD5
35153be46edff0bfd657544c98f7142f

SHA1
2fa5ffd30c8733cc0ac56cf7259a5ef996b824ab

SHA256
f499cf2fc7a24745161585a53abb8f3f69f94cae637ef508036072ed2fa8cc54

SHA512
ad144b617995a088f9c17ce3e6179fa1e324d9e3ae3f0b19b3b87545bc31456538928c0ea2a169aea61ba13f8d213fbbf8eff21af1d852ee3cabe40386b9247e

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
54KB

MD5
2882c8daf2a6dac19af4c7210d7b67f0

SHA1
96c3c805d6e2bfc7fd68072a5d9537a993f1cc51

SHA256
b12af1432dd1a6546ec2f41082196977c02b35df42298fd013e09d6537205e72

SHA512
03b60a3c58a9bbf53d7b7bc814bc0debaf1ae7e485889bf9741fdb09f42cf13f62a0e274596de35e09202c7f1a5154fe16abd9fb85d7ae0ebc6da0ea1220604b

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
52KB

MD5
cbf95669bcf6e47f5b64d7241ed7c5b8

SHA1
fa59566e508963dbb8037edb40f635ee8484aa9c

SHA256
6856ea19ccf58e5270719f0c974b2e5cce4bc0f13541865ed14877904c3bd492

SHA512
c33b05ce64ed0ed9d1029dc7a1f2d80ae6d3718600658664f7099d59dd6da1fc51b21e9899e2be24e3e7e566bc8e77c3ebec43a0e2db4011a504e4e44e797038

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
51KB

MD5
ec137029c604402a19f2cce38d3e28e4

SHA1
31d8b22525a9b20fca3f977d46d4678c0583ff6a

SHA256
631036ea64972ab081116b87136dc036e7e713a65faeebae0b3ecd358e8232b4

SHA512
1ff9f17b5c5d1968a4fbae00bfcbc619ec8ea200ee9ec87aec8e85aa074528374493aca778a922d94132026d11bde8bc49f6a74d9bf7094a0688389d68d8e1d5

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
57KB

MD5
52604c0d06d5ca168d010272faa9e2ac

SHA1
dbc8e675be5e6e0b0c86f3dcd762244141a98b2a

SHA256
a792359931be3c2018e07121f2a3f0761e379a40caa6e1e4718e62a36f983e58

SHA512
c5244ea53d3da084887aa9967f5e5b0e5be8687ed159fac660cd19c7bd60688c369400c9aee4f1f3ea708a15969c9552f6fb7a44016f5ec9b828574ac8105e7f

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
53KB

MD5
43e5f3bee42c960e9da827cd9449c246

SHA1
98d0e31bebad7ef4ae65f6d239719fec3646e954

SHA256
d747f10a68b783bcfe0b59209ad0a51821d303e744883e3da31eeb9fa04f777a

SHA512
ce60a058ae924c5793c433e641dd97b5aac9d3c2c3e4dfb303f2c15f2c229d936af1375d2a44a0c2484e39f999cec7867c98ac1332ab9c264c96112421b923d6

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
53KB

MD5
08cc81866854ec256fd7d31415598a82

SHA1
9bb3945c1a2c8f9fc5806b0f3251fbb381e52557

SHA256
26b34dbe75b0721f7aa2c39546c233481fc5d934dbdbf711e6d0bb89c54c01a6

SHA512
152fedbcf77ded88f9b223d9b48ddf76c19ff3ff5be3658bab71d973f66d550fdf8901713b9d942a3301c4d360bfbf3706cb0c20249202aae326a8accc3455fa

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
48KB

MD5
a2778ecfb2bf0130e00b0005b4dd9dfe

SHA1
7f5a2d812030fa76a0a16d08092f30b5b6d00e36

SHA256
5b638582abd135795aad42cf53fc8fa9ed0fa749e3b810e2eb6e2a29946e8f40

SHA512
ce2abc82a005b461ea3b20a9e5be0ef5e72cd793883ae018f4d66522511ca6cc29fa3ea8eb868a8377bc5fab63ec1bece00c848c7ca5690ce6f90355d7085cb7

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
52KB

MD5
9b04e7366d57695c1d5258e8f1807539

SHA1
a1c48fb43cde7b4c974f463b6383167c3b0542e7

SHA256
43dbcb9ef60a213fd9356d1347fd537f3829f8c51d5070230cbc540eb7e2936a

SHA512
89d55b6aa07c9ae740ee845ec5b558edbb31615a6095f59eb19cd082e783e459e7c7f0832755fc1ec03b1435942f3b66ad104c40ed3f52492a193922865ace35

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
53KB

MD5
0390ffb3710d575c31ded999e6ecb00c

SHA1
dd1850ebd712705889e9abb586c0e32aeddcf9d0

SHA256
1f76303ca2131da0a0c45be97596a7ef0ee8a58874499022e1146fdaf76d3131

SHA512
fd4db5f8c042e3c4d0c7a1d9d0e646094af16d735ba12a31c471abd86623bf6f2a3b5748266a363c6a416fed9d4818ecdb26da59ec91cfb7c1de72df516452c2

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
61KB

MD5
304f0e801a0d638e25c2b610f8faa294

SHA1
8c6017c985a450a5f5e04af49ff2ff90754802ad

SHA256
d4b5cd6876c298fd734befb805b938c4c019e27c65859fcf59759871bd8da4be

SHA512
54c99301185c7f86927eb38643d3ca312f6cf5defedd83bcf93439cd15f345f2ae324488cc8c90c7091145f9d869f2a232b9fc715f45fed606870645f978d273

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
55KB

MD5
ac9700ec999db259a90aec9afd8a0c78

SHA1
c1ff1e2e483b1356464a4f9dcb513972c40f9693

SHA256
d86a5ed9ac1deeb1183737ac8c7950f89146d1b8c6172560d245804720b4aff0

SHA512
c55cce8408bd31901d6c9e5d6c78c8f44c271e042677444821681289d718de326ca963cbbc3ce8f5979887d14a2123640612a83b1f633b0a1ed96736df548eeb

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
61KB

MD5
dbf84f544af944b71bd7c0e7a516c021

SHA1
8e7d5a097afddc62ed5430cfe04a57f645935b60

SHA256
c64d2f467ff2348938cb9aca7b4a219b237da8f4d181fefc3f92f236d81970c0

SHA512
ca3e68cbd1644ce5b395338310c97fbecbd7db23ce921bdec420c00b15d567eef5b33301259a864a4791eaa39b34a94d5bee7a09781d81ec714c6f44e5441687

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
54KB

MD5
4761a7b30b480ef1046dabd50b8eb7d7

SHA1
1d3d434468e3cf631d045c5778efaae008f07963

SHA256
4f20bd3fc1b2848f8d6e4fc193c7d92d172466976f3efc9d474b5c7cb313ed9a

SHA512
56e4d1d0cc0346343995a4a1b1753a4ac7d2620dd687501a12f437f989de7b994f8584739a977a08cd65aab3e6a038fe23bdf5c3bad892591f6af7f31a0f2933

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
55KB

MD5
73718260e2944106168c4bef6bfc2fca

SHA1
1a27781a960fbfe1db4c46f042ea97bca58da899

SHA256
7680e925294feb8ea96b4455ef2f029d1a6778dda67dfac5e3e6386d63f8676a

SHA512
18fcc84441e4e6dc55da73161f8cf6862bea53f844b03701c167625d3b2e40045775795731670f7af931cd7c7c683b8c8e9761dba9e1c5ef1c428e489be33e08

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
51KB

MD5
2b771baca33e755c8a235efe8be860a1

SHA1
88061a055c9c4f049bca39d1946799130986c281

SHA256
e2fff8662c3254a1332ac60ca366a43c7774667e42c6f298e18540c638ebf28d

SHA512
5c6900ab26eeaffefbff63831fdbadeb5212738efb58ed6efe8d0fd2c3574a3f218a3578953b06c4eab16072a25147a88ccd13a07f01a9b194558c64ba2fe7f2

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
51KB

MD5
6f56e791ea17d654928801c847ac5bbb

SHA1
ba0c00a5f38cb4103a8080a9a8feeec4f25c17b1

SHA256
797e3d42773870d257ca121b6f12c129b202402fcb4b2b7fdee90a7fd1ebf626

SHA512
2e0b099525425f35270632e6b14d50c9a3febaa4bd807dcb3ccc000dc49fe5c98c93e131b32c56c67c31764eced9169ffad4365a4c882267fedfbd16bea32f08

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
56KB

MD5
21effe588f3ea5aec5ae0c6df83b6e49

SHA1
0e0a1b9884c70c92418a01fb5f7041edd2443828

SHA256
75448fa3776bbe82c730ab12e5b10521a6dd310aa151ed95d32a0aec26315a07

SHA512
3ffb337c22f7f78e67a89a2b5ac7bae1afe76ac3edd890a10f440c4dbbfddb06f83cc79fcf1c8f733554c9324b55203bab6635372cd9b457781ee999b7d5d11a

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
62KB

MD5
60d3fff54dd87dc3f39b1edf88e3365b

SHA1
ee4f995238bb14d0ae8229a34cd36a0f746372d5

SHA256
7634b5d620f5654e2d03075442e629ded4b7195d2cbd15b0873c812f54d3e5fc

SHA512
a65c519ace2ea99d0ec899492bbaba9c2bb61d3d403156654d428819ddf05be7aa75e4d65f5ef186d784228333e22f7180a5b42ad740c0f4b2dec49a382cfb96

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
54KB

MD5
0ee3744d54241f810e71bb25921d7a46

SHA1
ae8fcb2d2cbe7f795a89970b4e2d81e6f2f5e6f4

SHA256
52598ae2f64d725901f50713ffb90e64cbdc07154d3a153915b6a7df3e37cace

SHA512
2559ddaea88ef7a532d0bebc88c0e6ab7f33cd368fcdd1ffac745342fa670afc2347254994ff339265c9a99a6de4c9eca041839e4e756fdb5cfaad952ab498e7

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
54KB

MD5
8f44e3882d346daf7b8b5ed3fb5d1706

SHA1
c7fb3705a6ee6695e3cb28609714f555b7404a82

SHA256
ddee03baecc6c3beab2ef1489af68393706a8711863e9b13b0199d4783c6fa74

SHA512
b52339acddeaaa5fa9c90545190dd968f1d9eb19b1728082d36f20eb22de649721d514cdbc7f9aa83ee3ddd96f553e0ddbdab41886836b0249f8b93fcd0ce6c6

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
53KB

MD5
c19dad41ab949d37753d194e6c041d7f

SHA1
3a734a987020464ab4dcbd61854da35be10aa8c9

SHA256
7bb07c2847b014611acb7c9a0a44c729de1e2642aae1de752a5606a1ef18880c

SHA512
972767052928eaaa0a4cd9f4ef656adb7f30f43ba4e68217d6cfa451709e0058590e8b4c62037c47deef94c63836c15bdff94747cdea2b1abd5dac0e48896c4c

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
49KB

MD5
379697b5312800736de33c9cd2f5063a

SHA1
46f71c3cf562bc24d73e0f2f63241b591ca46a8f

SHA256
2d9c0394231f7e1ca0f268f56e5fa3d597f419219939036fe6bb03a4100903c0

SHA512
96a6c2b7d09017af746bb596254403ed4bc8bfcd99f980dfbd87f4260e0ee6a91e056f8fd2ea8a3fdea93f4989e3ef2f76fb4199c40727c80d9a319c7e82a970

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
56KB

MD5
4ee87e6c1262d143a067d2634016438d

SHA1
8ea5a32bc144adbcd2c3f1d56e520ed17ff547f1

SHA256
30e9f155f04f99799789cb3f966fc7803537945e144445f130755b295bd85443

SHA512
0c0147dd4b1ce39fba2ea1eeb3c934478ded4f7f5f6958d4a34b0db9e927dd264f3a08ac873e97235d60894319eed55c097e97ce10c994e65a07fed6a4c7090b

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
50KB

MD5
71eb0b67f3421dea8455806cdc1c50e6

SHA1
64a774f7ad92372bad369fe20d59e3271a1c5dfe

SHA256
6517cf6eac068e084d69b84dbb9e60bf95119521297285d96ceef616c987e81c

SHA512
259a53ebb184e003826e405f9011081ee9a6792fe9ae6f99c06b9b469a8a7acd379943990396a397552dff55f517a2971f06c6671ffbe9f97b6b48ad4ba8e58f

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
50KB

MD5
deea263013f284c5c9887c44262975e2

SHA1
ad8bcff603c1d3b4f3d5e0dbc0dabd0018fe40d7

SHA256
3948e53bf1ab763ed4163703fa1754e7dfaa6a39b982aa3adebc3e9aba013d52

SHA512
6699511e385aee43f9d23199a4bb416c93fb903ebf73b4da66ae9c9ff4a2d3aeab04003ac481b3338b9a0a0ab8fc1d0b20d7ed265c8326e2d7bea22244586bb9

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
61KB

MD5
c5adcbc95da1047f624099743386f745

SHA1
4c125e1851ec5bee2db49093f8025f96a7f53092

SHA256
5daa26f9cf1df537dc9050e9c6b733a7931268f9168b56ae9ea4b0b6bf7d9a8b

SHA512
19d731d0a94638e3f914fe28b782a37f4d209b6bff74429f27e0c6333898656e344e49be4d4669e3432d9fdbe4aadd54f1e82a360a02437b6a3eb854143add18

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
62KB

MD5
4e4fc5ff7d00626141edd9d96a40929a

SHA1
9ee66fa593ea7fe6cc857f206845b47d7a00d56c

SHA256
8ec4c7a3c66cd32d6b3e2a7a024e2a78714a00b8322e6c4e499912f9db3f2778

SHA512
534c59f6255b7e95114e0376303b7e1b48679afd8b5dcb20f9222eeedd4a198b8694cb7a7e7ad4e0d728c507497df6486698f535fc3ef559b809584293906f75

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
50KB

MD5
87598dcfc49f0c46760bd07d9c7512f7

SHA1
9d91a71d0c80bd91ecc6340cbb62ed35bd6f76e9

SHA256
0b002e98c2fd811d7ad282b39a01bdaca187fb56fe3dc68c36654a3d6831e601

SHA512
4203d4952c6d14d2618dfd198a0ac226b842dc1e90322b3d5559b49eb9aa54fe52d58a53c5870137d021789068683d804df533165973b158bcaaecb7d1731efc

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
55KB

MD5
b9ca43a4ab031ecf0fa741080575bd6d

SHA1
f5951692eb184a692e29ddb927c83d337dc00449

SHA256
f17047bc4fb55670b355dc28a92ab543050953e333ae059df6fcf49d3736fdfe

SHA512
97a20dd967c4e1302c09c0517eb064df58090a0e5d70aa5840eb317425eb457883f093a38f2768fd15122be7634779621364af598a8286729e8ee9d6aec72cd7

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
47KB

MD5
c6e5303fba5cfb54f4a246628cda1f32

SHA1
0e58c2df3249fbaeaa4516705fbad7e837684b3d

SHA256
441096aadde0808b8f8062dbeabfe5e2c262b8d35a0973f02d95e66a24bee39b

SHA512
4069aa3952fd3f10bc45fa1a56c3f8a1d7122402da9b6dc8abc7108c5f1616d1d08c3232126c15b192244e80f21813903cb0b77812f902a704993fdfffafa594

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp

Filesize
50KB

MD5
4a3d9477765b59dfc2c3d329c4f129bf

SHA1
212ced36f58216d8d43df3a09287edb5dddd389d

SHA256
ad9e59161ca1c4c7623dd9db5492316c2e52afe0895c1f787617042f3522ee34

SHA512
6a1eaec03bc3922bcab44a36cf3d129b95961bdf1f76ad7e7d0d33a63e54c5634f58ec6410619cea73cd017de932380840642a85e94ef2272b95bb2dd105b665

Download Submit
C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

Filesize
53KB

MD5
544c13d251fea6369c88d1e1a3454b05

SHA1
8c4df021cd90af0a974dce151fac68d86cb68364

SHA256
ba767f6598acecb468dcc0716001ecb24cd0d651248760f68bc69338bb2b6a86

SHA512
1f69d008a89283e9670747b91e70ee664696c7b15e0f98df5ddea52cb377bb55afbe0536af219f5ebc89800a055872ecd46abaf429d9f0dab8f12cb95ffabc05

Download Submit
C:\Program Files\7-Zip\Lang\pt.txt.tmp

Filesize
53KB

MD5
a2c24eed628fa6976d1443d886f88dfd

SHA1
be9ee7279deed741fe4f736c633a88e737a530b7

SHA256
ccfa99ce69b5cd452a8c2405fccfc4f074cede3ca14d583dd78d34e420bfe77c

SHA512
8ff9e06b05e521c83394e5ddd5d01e297fd6225bfa946c36bc07625d61735daa71e7daf3538f72f967dbed6edd8f5341ca6a0be47c9bb2aba46489413ae0620a

Download Submit
C:\Program Files\7-Zip\Lang\ro.txt.tmp

Filesize
51KB

MD5
0c223709fd5ee1919d84286a8e637be1

SHA1
bab6db0e613cbbd0b50370092926e234a0c80790

SHA256
ed0f0d886e8a14f276b4da69202ad0c8dbba352173c3bdda3b393cbb2cd79a96

SHA512
18a33c281556fa9bc70f1ccc24f6e1166fda3868e5b2860a3c9c01b406818ee4f6e514b12ca895d11828fa80ee18fbda9bb17bad06445ad93300779fa869224e

Download Submit
C:\Program Files\7-Zip\Lang\ru.txt.tmp

Filesize
59KB

MD5
9cf929fe060dfe8f25a67de305020d81

SHA1
5cb13e36e3071013283b4012d0011fe55100e700

SHA256
bc9d7ab24ab37e443bef5368b3a6e2f0a38c6059d7f1b09413816ee01d1c1eab

SHA512
0f4c5e26ee626bc44cd673c72087e451b5c56074121ec9974d7c097c6d8e37e165f36c324b4cf21c78279d7413c9800dc50166bbce8e3ed8220d7ee7fa70962c

Download Submit
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp

Filesize
62KB

MD5
3d5405436038a9519cab6d9bc83ec78f

SHA1
22a6848c81e3404ec718172f7781161c027d81ad

SHA256
951a00b6a59a4d7402a9355e581967e00de8bad1f7ef5be5825f0781a3e2dc96

SHA512
d0c5bb8bc5a916f4531e75c59cbd9c7ec41fdfd8409e781ec401c40c2d98f8277b547a843850e952d817d5bd28494a03746388e9fe0f25bd413a7add8030b581

Download Submit
C:\Users\Admin\AppData\Local\Temp\_Quick Assist.lnk.exe

Filesize
44KB

MD5
280b59e9c5685add3995f2ffd2e507d8

SHA1
103616d0eb62285197aa840f1cc0e1c66df8a1a6

SHA256
61e5bd7cb4c697f8c65eb91cb951b9a1b8b071f0c917ccd42627c6dfb241e6ac

SHA512
9f59b0ac97fb94c2e956a56acb911ace3ae445ac0875e9d892bc4d8719e65c686ebaead92e26d38ff844b92413f194914c5f7ec79450b88a487442a15338129e

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
41KB

MD5
dba8dc55eca26ebae45273c84ccf79de

SHA1
d4e14960e19ef8a6b81bffcfa6fadfc09ff253e9

SHA256
aa031d61f3216e5237e73f5d4f2d6684177b06f1bf7f719c8494d22cb51df639

SHA512
6b65bcabd2ae0b0b8eb80a8754a1c097ca04c4a6cc3d7250d3aec4a467a7b78f73d4e0b4066675cc1c50c00f62aae840f7c6ac7587febe991be9ac8d0254488c

Download Submit