7c9453c967b31fe090233706c0c37337eb9d5fcf0455bcb53924e334d5577d42

Analysis

max time kernel
150s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 22:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7c9453c967b31fe090233706c0c37337eb9d5fcf0455bcb53924e334d5577d42.exe
Size

183KB
MD5

9cee80a2497cf3d6122696e912556184
SHA1

a821380d7317629636bc0599f49ae39b0d99f51d
SHA256

7c9453c967b31fe090233706c0c37337eb9d5fcf0455bcb53924e334d5577d42
SHA512

314885e01a04c733ff6d30d7627383edd008e55dbae417ac822a54feab738f2daa076931fa3e6cbe08688bbfba91aa3b41f59bd962c23d9c1017f14362c65589
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBF:PqFF2Ie+efsL1UabUaAqFF2Ie+efsL1f

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4898) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
708	Zombie.exe
3084	_Wordpad.lnk.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	7c9453c967b31fe090233706c0c37337eb9d5fcf0455bcb53924e334d5577d42.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	7c9453c967b31fe090233706c0c37337eb9d5fcf0455bcb53924e334d5577d42.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationTypes.resources.dll.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\es.pak.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Slipstream.xml.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Extensions.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.CodePages.dll.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ppd.xrm-ms.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN107.XML.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-phn.xrm-ms.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClientSideProviders.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\unicode.md.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\gstreamer-lite.dll.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-pl.xrm-ms.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.config.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Edm.NetFX35.V7.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationProvider.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690.XSL.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.ReaderWriter.dll.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Java\jre-1.8\lib\charsets.jar.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationCore.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\keytool.exe.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Green.xml.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ppd.xrm-ms.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ppd.xrm-ms.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSPECTRE.DLL.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-convert-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsFormsIntegration.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\tr.pak.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-pl.xrm-ms.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationCore.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Xml.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Xaml.resources.dll.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsBase.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.Unsafe.dll.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\dxil.dll.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java_crw_demo.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaws.exe.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jps.exe.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-oob.xrm-ms.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-oob.xrm-ms.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemDrawing.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClient.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\AdHocReportingExcelClient.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.TypeExtensions.dll.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_Wordpad.lnk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7c9453c967b31fe090233706c0c37337eb9d5fcf0455bcb53924e334d5577d42.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3248 wrote to memory of 708	3248	7c9453c967b31fe090233706c0c37337eb9d5fcf0455bcb53924e334d5577d42.exe	84
PID 3248 wrote to memory of 708	3248	7c9453c967b31fe090233706c0c37337eb9d5fcf0455bcb53924e334d5577d42.exe	84
PID 3248 wrote to memory of 708	3248	7c9453c967b31fe090233706c0c37337eb9d5fcf0455bcb53924e334d5577d42.exe	84
PID 3248 wrote to memory of 3084	3248	7c9453c967b31fe090233706c0c37337eb9d5fcf0455bcb53924e334d5577d42.exe	85
PID 3248 wrote to memory of 3084	3248	7c9453c967b31fe090233706c0c37337eb9d5fcf0455bcb53924e334d5577d42.exe	85
PID 3248 wrote to memory of 3084	3248	7c9453c967b31fe090233706c0c37337eb9d5fcf0455bcb53924e334d5577d42.exe	85

C:\Users\Admin\AppData\Local\Temp\7c9453c967b31fe090233706c0c37337eb9d5fcf0455bcb53924e334d5577d42.exe
"C:\Users\Admin\AppData\Local\Temp\7c9453c967b31fe090233706c0c37337eb9d5fcf0455bcb53924e334d5577d42.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3248
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:708
- C:\Users\Admin\AppData\Local\Temp\_Wordpad.lnk.exe
  "_Wordpad.lnk.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4182098368-2521458979-3782681353-1000\desktop.ini.exe

Filesize
90KB

MD5
c99c6c1f7aae534173fd9183588d919d

SHA1
0a83dc99a3050c47cf6ec52bc9f8d9e64ed0f384

SHA256
df65b999c1429ac3649b73272f846cdaa3b7f7e01742ad550a854730dfbb1ef0

SHA512
61639404a100eb030ac724cdb052b84eddace64e50f30c4bd979d38c5f16a2342ed69bd0d11de55026f959115aaa7db3bbb1a5b536ccce76ca9f590fafba7f1a

Download Submit
C:\$Recycle.Bin\S-1-5-21-4182098368-2521458979-3782681353-1000\desktop.ini.exe.tmp

Filesize
183KB

MD5
64bc45f7899b78f63c7af543bb74e70e

SHA1
2c9398ae65554d113be65ddd0751df7fbde59c3f

SHA256
541f4285430565f9c708331f9d458cd9d13df9208d31e06200b89a3daf834795

SHA512
d76da00f60c16b1c90861b2c2def3bdde2371a556263caff82f7b8dc19de3880e0cca0ddb94336ade29a131c66dded29df273b98f5aa608e52a656ab635b631e

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
203KB

MD5
b63f5958bba7764022a9769063254e18

SHA1
f031f4c34c1fca879701a7929adf38b5be084624

SHA256
3faf3a5c02d878dea9e294b198448fa9e3793dda2efdea5fc1f490c35993c147

SHA512
4a01ef8a8883a47ee6b56848f8cf0627ea12bec97e50273519afb4deeb017e61299e5b3ce2b071389b83e39e0f5800f2b2e75520a7aa4a899840122d2bbdfe98

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
157KB

MD5
505c979f2a724ed22b10b9afcb3c3191

SHA1
284a431581e18549ee639397101adbcc4781e99b

SHA256
3966e361b0b5e96decc258faabf2fa6c81672037e68c7387d2c7d9063dffe810

SHA512
d43c1e9a4a9286a84faf031fa66823e4849c4a55bf9e546ea700352fe63c2831f39af31e678baf752443c9d6c3c5944d33c027a9c4f005b2f24fd30e92c2ba8b

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
080f8d4cc52103e2a494421afd137385

SHA1
4b94bb4ced731098733083012805afe7df38d5c8

SHA256
f2f415b190cfe1193532ab0f998acd360d0f0d8497718ab81255a2d814e6ec51

SHA512
181df134cb678c3994ed4d81d1f73a4260a06a4a23541eb33d46d465c98d72a26162e5d34f785ee748f81ceeea37f59dd4d349ad9cdfa88498d7c7a8fc88e871

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
634KB

MD5
4c691853c9e6ca9032a95b75ce010b35

SHA1
334b9d73f16314d9a17a89a85b0b04054a157b0f

SHA256
c3211d51a2b6c095f1e653b462477a4218c43b8e8848839bb361a7f79001951f

SHA512
0e9140a1a3d46c45f307eba8fb7f27e9a6ecfd35571bc065914b7954c5a515b244c86b59292ab5f8bbe746addf472791f1116fe9fdd607b150f8f7d07731ded1

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
302KB

MD5
236c3fd8cfbf02e28265a699c4f972c0

SHA1
41c4aca8653ae74ad2eea376c94570fcae7aaab6

SHA256
75978d277160390667cf1e2c89488dcf7185487f44f97d36b5f9121dc40f7d99

SHA512
420a60a3db21e2dd43971506ffa6d9f394d2aa5f2db550d5c0430addc00ade707fee721f5ea780ebea4e79112d0dc7752ed29e91dcf6fdbd5427e572daac2da9

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
281KB

MD5
56cd2c8b72e39e82b169c675c6c211b0

SHA1
52dded55be1eb599257f802b2591f3fbb777b02d

SHA256
b0c6ed69da6ca1cab434d1abf12810ae26c3270877f97117049a7fe94fe00ed8

SHA512
bd95960f82a3c7ee86f1873f5606c897ead31c9ffeaa41106c45e2c6630d14c2468a60b6f5fbea5d8c3fe04f766e242eaebc286bbc6e015eaf3460cbfb5ad469

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
1023KB

MD5
e7b682c5e68aed6828adc85486d2847f

SHA1
a8a47675b4cded2d8dcd587fbd376d28fee3896b

SHA256
4a4e5c8387438d54560f30f7c8ea32278dfd672361e4fd55431ae14746b53510

SHA512
8a1ca96affc4c4a6e02a3d6efb1b175866c6e268a732ffb7476115e7e3381bb555b2f7e588ea96b1eec6373a5126ec04339dbf8001dc422e6be9571722570335

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
776KB

MD5
1429eda3bff76a7d5438dab331773cf6

SHA1
29a918fd13f0c31a830bd138407c9d3dbcc24e81

SHA256
ed9f2206598b645478531cd30cc0790e1b722eb92893fe5e649519efca987003

SHA512
e16302040ea9d4e5c61b1a4efc84a7653b208c979040c262feb3ff84f6fbad4e8b3e8f01fbde692bee4eabe0ab27875423a0da618c175bfd4a720d8c5927a598

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
102KB

MD5
22406a373e0966c08372306b96a1a73a

SHA1
406bfa75800772f0d16904a899cb4c3045cbb502

SHA256
9e258e48d48ea9e30be2f7e2179f00e868a82474c422ae594232f536b29e90e0

SHA512
39d394615bacece3cf2642ec705d7500ffeb8a31aa62f6f89b27d0d3cda420d8910cb088e02995fa2597e43fdb1d4b605c85aad02dd2204466c9e0cd254e5e56

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
105KB

MD5
0ef7e23821570435ebafc93a170e4735

SHA1
e4b55cbc2e5c090b0c1fb2877563e46a121ec56c

SHA256
5ebe8ede2a03a939fdae30df02fd50a2fcd6c231294e8cd3a3c1f030397858e5

SHA512
5d6bf02df3c83b292c9564e363427101d5c1458c896c96f0a06d73a005021e78084f9064426f4aad6367344b59d144c2e22b171513babf2504ea1b5aafbe5de6

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
103KB

MD5
227bac3f28f5a7ba0dad1bc9a1be15e6

SHA1
f3a633de101a8515116b825db883c8ab96cdeaef

SHA256
0645ed70d91a35272f685bfe2a52859951b3420bf8aa202257b8d19a0d605642

SHA512
2bf8140d37d6f1bdcdcfe3fbd4d46b3035c17f438578daceac328cddab870310b012c252c12628b997da5afb1bacca449752380051827113506059145af7af0a

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
104KB

MD5
13ad6efc28d912c13763438141bb8ffa

SHA1
750005af5fdcde47de32de17caffe958b426a61f

SHA256
4055a25c5e667a29941cc8ec9e1e4bb7ad1b236f4aeb2866d5da92f8b6d9c613

SHA512
cea512791410de612ac35a76e4295770d7321ec0fe459cbe974e4edbda5ee5fff68c59fe2e86221e52b85a6755d09a9ce77b5b3071f50d9036c07671ef4819e5

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
105KB

MD5
9643573437e900fec0b81f74e558e179

SHA1
3572c1aefb53e33a909bad536bdbb8e2d219937f

SHA256
76a2543a1a177d17036afc0bea96d4376cf8d671da0f22015a4ca1548d08f546

SHA512
2ad54ae19294cb2b062ee85035c673037f4180abcbd48246adf21628f19b8fc919e359bb38cc6b47860b27c7ca8c58d1444d044ded39cc66b04532462bec8592

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
105KB

MD5
b49497a1955b030ff17031a41eb028ba

SHA1
5e3aab6234e05633b7170baf1f7650d0e40196a2

SHA256
103877581e3776526f5d6dddd1229297b89aa366ba6fd3d5f08c4f0be5be95e1

SHA512
defaa254fd66913d3e7fc3790436cd5a485c0d5556fc4073b16e562448efd6badee7a55b7252b270e0d0534752136ca47682a70d1ee5fe18616541d1f8aef034

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
101KB

MD5
5d6d449bb19a85e6ee21bb3afe25a217

SHA1
f795fe9ea1dc1dd2b2e3bdb2b0b7c0c3fd4b5a54

SHA256
a356ae8e97fc8dc28579fc062112e45ee30c2f68159ec3a4f8d696b853408241

SHA512
7e8fd2cc8720504328c0daf6c4b59f9b42de9baf48ff042b80846201e5dffc3e3ba714720e3aea9bc6ef91ccb2cc371f24bd569f311c3d5deb3479fab2243207

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
99KB

MD5
853dcf29aaeb9541bdb1caf798a9c05b

SHA1
8d167f64e6782f938669ad3f014f645696dc04f5

SHA256
5020805f952a438f1deb9cf18c7bbbeea078c1c0272cb5360ebd2aceace58a67

SHA512
0fde6ab3fc50cf1196a0bc30af70ada3dc2f079fc606c1ff9360483153ae82c2b7d041116b5387ad00f07176690ce75260adf6447608deb469fd42a745376cf0

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
98KB

MD5
7bab09f63f5db8acb40f5df5da9651d5

SHA1
9ca955656991ad19d0e82da33a15c8704126c388

SHA256
333eea2202c4fe1dc238df226ad95c8e9d737965556522aa9273baf6c2541cc9

SHA512
3f560afb290dc871a49fa7d51b76f70a82492399b5878e90c669396479033740b0e933bcc4aed13a7253fc1b0431e288c9a88d97a8541bc3235c6503324e6f92

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
106KB

MD5
fb2a12ace2ec13b4eb5005728b0681c1

SHA1
31ead9b91c599b70c746e9fc960c2160227cd8e5

SHA256
7e8d9c94a7fcd0ae36f248af47f4a8ed94ba03faf049d193c333a2a2f1e505ee

SHA512
876eae396ef9ccb94f8217d41645dd450e3925c27f326583a2fe471244758e763cd22a036da724462875afd916fc864430c8ccaea3831a013c314434a155066f

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
97KB

MD5
f4674e0c447da392fab3e7d7b9fdd507

SHA1
cbd48a559cf208393d7fcf20a053cc626d88fc64

SHA256
33812adf2d4debde07cc9d8b67cc97ea939c8003b05b4942c65794cc822bd344

SHA512
c8e381df725d6872f3dc40c14fc8c3366ad38988b126e42215062779386d5ea96125aa047dbe1dd57b9b4bad73959d8e93cdbde680e5317ec07773e5b1b7180c

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
97KB

MD5
75076c937e4ed429276b8449e2544108

SHA1
4ab04f64665784d0f8c0aed68b4d7c14b368b714

SHA256
5f0041184aec70531fc6e77dd29970cc80e53a1aa74cc452255f91598891f9aa

SHA512
8f6104ccd257149d571b0777290393d19e4552ab88d5a0a38d0dccc9bd14f161912091336c68cd4f1814ab6d8f366ad5b49e7ea1eda7c9871aeb393f56a1ac76

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
101KB

MD5
4fac1ca0f8621c5453a81f86b6a7978b

SHA1
cbe6bbb72a69e796a640f316e282e7779f8cf09e

SHA256
8c5721563cb0096bfd5e9313a3d49ad89ada873c72911bd8b7570c1dccd52f47

SHA512
990aafc79d4f3f1ba23940c4e4f8db13442787a76427ae859b76e40fa7faed444eccb4ceb9bb1fce419c079e5d51b52f4ae01a44dcb568676a12aef526d1a020

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
100KB

MD5
7508d041c94507b6f41fb0bd0de21d16

SHA1
35ed739bc4afd626b701eb4a7675eb14fb0d22ee

SHA256
7dd3542d2eb0ae345e9f7487a902cba56cee782954305ae1d32180c638fb7170

SHA512
16d663fa386ab06ac53481510832cdd8d1f9c144c6c9b6ae689f04a05eb616d2979911994d60f327281b09a5910cc95c8e44ac0b896f8d8df0bef8337dea9f78

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
100KB

MD5
4e18230a808740f2632b5a36c38661c7

SHA1
5de71cc062e7ae2d2aad34efe0f24bde38e32265

SHA256
57497e275c837bfd5b4af0c9ae92d8ae44e9bfe0658c6dbb553158ac5b48bd2b

SHA512
371c30109429e601b79980613cc509a5ed0f3652c39bc447dcb1a350ecee51517540769241a44a5e574588bab09b1871c915fe746a94c4e9e0c4b90da6dd71d9

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
96KB

MD5
2fb52f8392d7f9e145b81df0de2c1658

SHA1
5e155a14057e52497b8c601bb55e71610e65656d

SHA256
f7b7e4fea54028307e61e96ae52604bafa35bee771b32c665217643642b406aa

SHA512
69adc942e7077e677e6c0bec6976fb6899244ab8d737ff02587d9222553bdc1de3a29e321fe5d61d59bfc63515c0fdf05ea44d1fff6e546f3a23690d76492a61

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
100KB

MD5
12247831ffb9c2d13bc1d3b51915da82

SHA1
4b20849230b685f24b75e7bec8ea55cdb579539d

SHA256
63b706096005453ad481f3b91a28c6f07f7c17a07c39adf3805714cc5649d849

SHA512
55ccbdcf0a60b800d6fd6771a82abcd01caeb95d97e7dd34f831a6e44b8ce77e46c8a4f76045099299e97868c2abf473533bed0e3b5839ec7a3ec21fce58b973

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
102KB

MD5
0f4e9dced2971672a3120ddfbc430949

SHA1
0dbca3f4bd3586615f8bbc6e1f29903f0b011660

SHA256
f5f4c254b73ad8ed4cfeb7f7f4fd8585ada0a64fb720e8c5a1b2d980403f02eb

SHA512
20fd50021f477a0ebcbc022f5905e08d60966bd9e0c3400fbedaca929c5948fdf3237ecafa8c3b4ec7cc131a17ced07dfc9cd256077aca0cd1e28cdd75c795df

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
107KB

MD5
7de9d90e2142c563d0d30c6c86bdb996

SHA1
9e48c8d4995239341c81e1648513386bdd55064c

SHA256
facec558d48ef27c3db6c1bd9e035b19c25e523f60502c126cad20e936283627

SHA512
e021d102b7afef7ee20164cbcec72ba99f530b20577788ec9128060a236d60cea9bbd202031fbffac500cffcfd86215c18ea886eb61a2e9b2f3de4d7126752a8

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
101KB

MD5
7b47d284e00b20e10f071adb4c0d0e5b

SHA1
bdb7b64a7c008adcafec9835cf4b66552db4e502

SHA256
568d71d97313818d9d9f0d81ac627cc63eb504a785fb6d173c60e9a723f976a0

SHA512
0b769bf1eb22e6eab62f3d17aca18bf411673c2d84ee9e4856814e40d3e661c86b7e8a06c987dc40fea6ff04beae3146fa33d3516e211241b88639fae0845c09

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
100KB

MD5
c77fc14d216298aa78c6b67d85a12c1c

SHA1
b201497e33136eb418cdb5c79cc416efe0d4d305

SHA256
26a233f3f713a696be76f5cdd5bef7c16a9b8ea8d8def8da9e3ad8e029be8d04

SHA512
7910e4ee7ade4c093147141a01a2e545a59d4d75594ac03053502009a023591d52d7b937a3215f6738b406ea6eefc27684912733121057972ee336fd7d722ea7

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
104KB

MD5
6c781e1ca179e5de86b8280c0e0cddcb

SHA1
8f752bf14fdac9385f64fca6441cf1b88df013f4

SHA256
28e35aa3733a12acee7c330e33edfcc19129de6771c5c517bdddc047d713772a

SHA512
23a5497e728b1bdb56cd6676dd81272f79efd9a1c752b26848d3ed2c34db49df1fb3a3fd2526f3c266a944a6897036e548a5aaaa293b2c8dc05ea1d457c814f9

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
98KB

MD5
6761a0028e31c188625f5c82ad678aa2

SHA1
3c590ba6ab8185ebb338fafc5c5d84ad6fab13c7

SHA256
5b7ab139b8d2bb1872afd33616993451ab13406789d4c9d5bf675d804a3565e3

SHA512
206ff90d8663b4ba721da41829539160f55d9343a8f0b1c45e15b75ff748824e1cae93293d264c529129ea9004214cb63de4870f08ab753fb37a486177766ec7

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
102KB

MD5
20fb75ad6c2856b6c9c4b3f3fb40ec83

SHA1
11bc10626fc12b5c2297c8431bb46a1d31408972

SHA256
39b2dad0ddaa294d42804e00af55d76e35d4be642203ac92d7f66569ea015a5a

SHA512
43039d8e9eef4f8f771bae083021978d14f70a3bc52ee0481ea8846684b02f4ec518dc74a5860fdc6d92ac1cb17f68080b6e54045fb28326bcd8a56bd20b6313

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
102KB

MD5
2481ad3627e23a4062f14cf75f1fbdaa

SHA1
788dbe0f5973169bcfa1fbe5d29fa6aed25044bd

SHA256
46b9b926950cbc3b774dd380a6a87f3e51499e8058c736c8b1b52372e2b468e4

SHA512
25614c1c19b951358207d24abfc4035db96cb451f78a3a37bb78f8fde5afb61ee5627a4b356965467a8153fe1c5a65991acc3ed93bc32feec2d2256dd0757586

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
98KB

MD5
f89d44a65d63aa10c7721b5b321f431e

SHA1
a8a1ad82720f872e4de5d9c5a6cbdf705607ea5f

SHA256
d65d6936c082d3b1a98f7599d75fa21bd1c277cb45cfb5462d49f29442b2e5b9

SHA512
420adc3da9e8c41b2cf820a1faf37c9f783472f0273d01bce487103bf004611fd2c94344839429c90f41914e3b58bddf560f10d44bc60942c85e57016cb1801d

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
100KB

MD5
c47263caf240940bd35dc1e00d4f8fb4

SHA1
903c4fb97e10f7120127259357e6fdb9c9c1b373

SHA256
2fe697d65c1f7acd4471ea991a342b6d2022a9631366c0af46015e358fba43df

SHA512
9a7f5f4c11fe8eaa7cfecea7db8f6727766efbc23ca859047244ca234139f26ff773dd9a6c88a05639dfe174887ac2d70470c7bc3321627302c2d6b9169d8d85

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
100KB

MD5
280292aaafa64777a48d3d757b548bcd

SHA1
633586f3017fdd0d302150e14e648f7233f00b00

SHA256
c882aec4a1d8203dfcc0c5b3ca6d66858085feee977e7157de0981dbc68f6388

SHA512
b96e9f94e458b0982ed9eeaad56524cad77a2e9ede3f95dfb4485bb3961fb4f4dd5ffe59354b33e8bab80f249d71f1006710ae0ad6261e62898cc1fd0059f3e8

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
104KB

MD5
5b177f88aeb8475bc266f8d436bcef2f

SHA1
8475b44ff22f60eccc0a43e440cb73c856926d69

SHA256
6dd14f2802eb6c135d4ec00db36e591c7cf18d9d65fd38d0fa0d48d7c9a342fb

SHA512
ebee6c4d8a842e6930d2d0929e08fcf00c4df97959eeda46d0e28962ac2eb8c295c5d95c054bb449b0c28983ba4ae7d306cb7d13cacd7ae1e806bc7fbf54afee

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
101KB

MD5
8ca306285cb0fdbd5bd83c288a841ac6

SHA1
6b50c7ddb2e3d0cf3a2f6208690d058995fbcf1a

SHA256
0bb47318c1fab62cc07afffd005f422452ebf51257e747fca597aa4dea4a0848

SHA512
061f5c2c8ccc7d42d9267f88b0befbba99e94f538172d70c4eb059956395827644888d227b57d81a2f43272c2080c9c4e92f8156e7a6c4b7c3f1054531f70290

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
100KB

MD5
10c99eae5424edd4494f4d1fbe71ac78

SHA1
55c3db16b015895648597bf4d5aed6220ba54bb8

SHA256
00b4dfd9c0194859983d6d362d2d8f9181e951c172e840e09153e93403467337

SHA512
84c7f6833f9d6787c4472d4a1b3db7ac5fb59a8eed7e13fde41f9975ef06ea549341b51e965d7783aae9e48cac88f349711e654bf395eb369bb59d855d7386d0

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
100KB

MD5
e359d373590a696fa4f5985e3ac86f0a

SHA1
635ee94d6e0d21185d836e89902f2dc8d09ac33c

SHA256
051b10ba11dd3ac5af781961489c9c05cca6a85518aa3a5771fc3dc64936869c

SHA512
22425ff75510254a2de613de10971c6061d89e8df6cd1f11056290ede2f38c947c70e6594124fba01e5477fd055d333e354ff52a1c383d9b5dda24539be69a14

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
103KB

MD5
b6eb4c3c7d0d2b73fe6c4811c0495f89

SHA1
c573876721ae15c30746c3b49497e83dd91435a6

SHA256
19905d9c795258dcf36436146061d7e91430164a93e19c2bf129f441549c5842

SHA512
40590f4fa5a810a22c2853bb2f94a5ef8edc046e17502f59ee711a27cce2b0d39d3cc7eb053d55222b6fcd0eb5528c2ac3c0e4a012fe15f04cf2dcd2af6c59eb

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
95KB

MD5
28184234109a1982df2fc5aae7b2bc2a

SHA1
674afcaf9eca80746dcfbec6873b05c7881d311b

SHA256
7692c3d8f7e6f14f6a295cb8ce9c65a75c076cae8f229325fe473c170076ecad

SHA512
1e58699d13d1d61820c436d638e0bad8aec78d356a62d7faa1ff7ce668761c4ecd0aadaf9e0444b40894508820a7b8636cf68bc25646f4a272012e06a78fa26c

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
105KB

MD5
e307d4fab4e573ba75d08644ed63b226

SHA1
ac097333c36facbb93efbae26036f96f6be0ccf3

SHA256
efe3828377c5e452b970ff302b897908a6c5431674d2ff1af6bdb3051a3b20c2

SHA512
9e5e698a802aa8acd10edc881111959c813bd1ac293b6c94a468115066f58753307612f1c7f88f604dc3020bfc08e08c1638422fac43befdefc1cf2cce369b92

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
107KB

MD5
41b8aef2726db32b6294b09887f32983

SHA1
2543fd6a89e5c85faa287c1424dcf530982c9e19

SHA256
5c2a49b8527452930e2fc3c0af4ce5f6a7ed28c7493caa6fa34551d711f9600c

SHA512
4cbab725e57d8695f7eb929acef61229ffdff575a05dd6ec12ed34a50c4a9edbcfbb79c9888c21e5f5965636e11475c2188782fb14ee1e30b13aac9f8db44508

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt.tmp

Filesize
102KB

MD5
db3463437124911ac94b885911ed7b68

SHA1
a12c27ec97753e9a0c850f10a8642968f9f2e45e

SHA256
78bf8c81294d3bafcd7bc3b7f77749fc3167bbc671254bfd11d1808d61cf7478

SHA512
32e5450ef80b29bb52091d1ac50d39dccc5db80d1f5c6672a03e103c8f596734fbd9ff2158782bbc1a42f781cb45bac5e90e4f9c2148639172d6fd0790b6afe7

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp

Filesize
101KB

MD5
26d76715f970b0c7968d8618262d3085

SHA1
cf24461deb01b5389ee5c33ddc344172334e5d90

SHA256
c578b3c8920fab7d46514694f6af35de7d68f658b3c727c0e358614c75fd3a47

SHA512
ff5ab1c30e8dc2387913c563eff4d33eef974a69c381b27db35c8f04f1eadb4c5569acd0c712f8cc80ecb07afafbfb8a3d2687a2f3fd5e11dbc8c4975a78a1f9

Download Submit
C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

Filesize
102KB

MD5
f8f2166f6cda218932a5b8e91c9b1693

SHA1
62b7d089f06b42595265224efdaaed3149805edb

SHA256
00f1334185bfaec20816223eea0d4723e1e84d0612d7c672219b608b3ec31aa7

SHA512
eeccb03238ef559d82b9f864d53404859f915a86bf5a19bb6b5ea1f03794ce7c67a38aee034a9ba0977125162f840d22610dfa077ab0db6db1207aec83e82c88

Download Submit
C:\Program Files\7-Zip\Lang\pt.txt.tmp

Filesize
102KB

MD5
e56d8846ff1c5a38fabf0c0be516d106

SHA1
489202171c45b57a75b07a9855606fbc383d8a89

SHA256
d63979135e7a442a82dde30ddd76aa45ebc937a8a84a0a731192c395507f48b5

SHA512
7c7bd0d1973475277f4bd199df3404b5cdc99d80b3f1bb622ac8b09f7663a03f9c56e2bdee99e6f8e9cd313a57d7337caa642057ee9f498348db473bfe200486

Download Submit
C:\Program Files\7-Zip\Lang\ru.txt.tmp

Filesize
107KB

MD5
e997844802755f4b7cdc775c336f80d8

SHA1
28cef4283ff1aceb64b123db199fc4cec3952f9e

SHA256
57e98c813aa8c368e396be6747d2cf94732e4065ffa5560470763646e74ff377

SHA512
b534f003138c95e6287a629bad8816bc22cee2a98ee48a992cfb293b8237beecc2ca1f397450343d11e3c9cee49147eef8bd8743e4b35d145a1b8eff85a65bff

Download Submit
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-string-l1-1-0.dll.tmp

Filesize
113KB

MD5
0126f674782d4df8100929ba92d8dab5

SHA1
b318ee3ca143c4fb41199ae20dc5ba54fc7e6429

SHA256
f912ffab0df47b0f3f9fdff687cd7dd853d4e7188ec1d81734d4fa0240c75eb8

SHA512
abad7effdbadda19f7c2630410f10c11dd2e95c2af3122f1550be5d5258e61f7d0bc9e0e0116baca81d3a6b2e10ccdb4d76e3588fbcba4d5d146d983d2844ce9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_Wordpad.lnk.exe

Filesize
92KB

MD5
6a2af1c9631db124ca3c5fdf5999c9ed

SHA1
ec86aff55b88db651bf78da57dec50de7c316932

SHA256
c1b4579bfe9b2260837e67499fe172064318e1c040ad1251069f7dd7f4c08a2a

SHA512
91f21171c58ffe2dbf7cfef0ef43ccb141b31de31dcdf5b52aeecfd73da881541ea1f3abdf59fe05a610c7b11429decadbb30eca7982078a4129a0289f5d6c41

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
90KB

MD5
8f84da29f19168b64358bf676b9a5ae1

SHA1
7ee2e950896ab5fb92242dfbe18a6beb8bff4112

SHA256
b926128f5174a9952a65f1da0b97d898c118425afdff4d6c1e5b6044a980aa3f

SHA512
e21595e6b556f4669b4c86896642f5da62d5853e208ef502383d9a7df5fa1c7204222a383058dd2da158cd84b9dd0004b4a9f15d1c18e65e8845bc7ebf358998

Download Submit