5ba484dc7185b0e40ea02efddb97a3a88b5289714b9650fe374977c2175a760b

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 21:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ba484dc7185b0e40ea02efddb97a3a88b5289714b9650fe374977c2175a760b.exe
Size

96KB
MD5

05a30ea6cdc81769e9297ce3f97b2e78
SHA1

2beaf55d8475b181eaa755c28b566955d454ddfa
SHA256

5ba484dc7185b0e40ea02efddb97a3a88b5289714b9650fe374977c2175a760b
SHA512

768948d5522b853c05a30c52a0a37e5aba68f4c2408e50210557041947601635011157724f424b5b29d5226370a6b54bc4673045b80a55992df4b26ee19b88d7
SSDEEP

1536:W7ZhA7pApM21LOA1LOrtkpt6UrX4sS07ZhA7pApM21LOA1LOrtkpt6UrX4sS2:6e7WpMgLOiLOrt0e7WpMgLOiLOrt2

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4903) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
2956	Zombie.exe
3968	_08 - Homegroup.lnk.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	5ba484dc7185b0e40ea02efddb97a3a88b5289714b9650fe374977c2175a760b.exe
File created	C:\Windows\SysWOW64\Zombie.exe	5ba484dc7185b0e40ea02efddb97a3a88b5289714b9650fe374977c2175a760b.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-180.png.tmp	_08 - Homegroup.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jli.dll.tmp	_08 - Homegroup.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\PowerPointNaiveBayesCommandRanker.txt.tmp	_08 - Homegroup.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationTypes.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ul-oob.xrm-ms.tmp	_08 - Homegroup.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL117.XML.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.tmp	_08 - Homegroup.lnk.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ro.pak.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-pl.xrm-ms.tmp	_08 - Homegroup.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-80.png.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Primitives.dll.tmp	_08 - Homegroup.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp	_08 - Homegroup.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ppd.xrm-ms.tmp	_08 - Homegroup.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp	_08 - Homegroup.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationCore.resources.dll.tmp	_08 - Homegroup.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL090.XML.tmp	_08 - Homegroup.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ppd.xrm-ms.tmp	_08 - Homegroup.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.Win32.SystemEvents.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\es-419.pak.tmp	_08 - Homegroup.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsdt.dll.tmp	_08 - Homegroup.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\[email protected]	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\jfxrt.jar.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\ReachFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.dll.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll.tmp	_08 - Homegroup.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationTypes.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Xaml.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationFramework.resources.dll.tmp	_08 - Homegroup.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ssv.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml.tmp	_08 - Homegroup.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationCore.resources.dll.tmp	_08 - Homegroup.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-phn.xrm-ms.tmp	_08 - Homegroup.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\EntityPicker.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul.xrm-ms.tmp	_08 - Homegroup.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-stil.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationCore.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\lv.pak.tmp	_08 - Homegroup.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javaws.exe.tmp	_08 - Homegroup.lnk.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	_08 - Homegroup.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.dll.tmp	_08 - Homegroup.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ja\msipc.dll.mui.tmp	_08 - Homegroup.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Input.Manipulations.resources.dll.tmp	_08 - Homegroup.lnk.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5ba484dc7185b0e40ea02efddb97a3a88b5289714b9650fe374977c2175a760b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_08 - Homegroup.lnk.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3992 wrote to memory of 2956	3992	5ba484dc7185b0e40ea02efddb97a3a88b5289714b9650fe374977c2175a760b.exe	85
PID 3992 wrote to memory of 2956	3992	5ba484dc7185b0e40ea02efddb97a3a88b5289714b9650fe374977c2175a760b.exe	85
PID 3992 wrote to memory of 2956	3992	5ba484dc7185b0e40ea02efddb97a3a88b5289714b9650fe374977c2175a760b.exe	85
PID 3992 wrote to memory of 3968	3992	5ba484dc7185b0e40ea02efddb97a3a88b5289714b9650fe374977c2175a760b.exe	84
PID 3992 wrote to memory of 3968	3992	5ba484dc7185b0e40ea02efddb97a3a88b5289714b9650fe374977c2175a760b.exe	84
PID 3992 wrote to memory of 3968	3992	5ba484dc7185b0e40ea02efddb97a3a88b5289714b9650fe374977c2175a760b.exe	84

C:\Users\Admin\AppData\Local\Temp\5ba484dc7185b0e40ea02efddb97a3a88b5289714b9650fe374977c2175a760b.exe
"C:\Users\Admin\AppData\Local\Temp\5ba484dc7185b0e40ea02efddb97a3a88b5289714b9650fe374977c2175a760b.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3992
- C:\Users\Admin\AppData\Local\Temp\_08 - Homegroup.lnk.exe
  "_08 - Homegroup.lnk.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3968
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-786284298-625481688-3210388970-1000\desktop.ini.exe.tmp

Filesize
97KB

MD5
d8e56a5965a3490cb3d963f7554ff881

SHA1
76dd12764e00dd9088138b742b37dc9265e7cc1f

SHA256
e743d7c1a9df81d0e7a859c4c57ecb2ae0b014ef1dc7aa3fcef326876c1762a1

SHA512
dbf07c6ad0bf114eb17d1d84f6171629b28e3d4cfdb47f0f787344e9b4f7312a72394a9a19bc8c5f27bff803df551078e446947f14e5722315b5d5165cae4773

Download Submit
C:\$Recycle.Bin\S-1-5-21-786284298-625481688-3210388970-1000\desktop.ini.tmp

Filesize
48KB

MD5
0e84f476f2ef66c237251580a47804b3

SHA1
7cb53e0c66e90c7882819e221a40145ccf7de22e

SHA256
95829c94600e8057db7955e2c37e40f8791d7f95e51b0700e20062924730b3c0

SHA512
dc9af34710bb521e9675b739f1b50d5bce6534bb9c9ab63a52501f17eeece188d58a1f5c0d912c58300d5e412ba8900484f47dfee57ca3d8bab7b99c72c3350e

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
160KB

MD5
7a07bfc352edb91f0525c096006b7a21

SHA1
f30158a6acfa23c775718b7c4cc488597796e88e

SHA256
bc0cba237c5647f3f6022cb95569df929f28e12949090eeece780b19871def25

SHA512
1e6f381c9b7727ad0913217eaec89d1286fc8000ed6a9e6f67367f45d25597990d57923666cd2000313a9bc1af1e87065933025a00f7a221d6a8432dad315c0c

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
147KB

MD5
f8e94d1e0b707ec88eac22e748f86997

SHA1
d7fcbc423513b4e41a6aff2d831af76b80a65374

SHA256
328ab60b0d6aaa11fc7c06d05ef5b07589fcca5cbd4bc37e4a17aaf844d6d9b4

SHA512
f017b3b5687ba2e140b449988020e2511bde6dc2597109e8143a9c0de71f75af71616f7425b7eef3b27eac158a8e4d55a9fc7090d76bcd1c76b33f3aa496fa0e

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
73ff7e15bc6b4bde4dc1d933592ec476

SHA1
bfbc3f7ca4d62fe87a98f2c4db3526bd39544695

SHA256
cbe8b84e1cf89ad94946ae50662b6e456609af572d55c76c7583811ae3be0666

SHA512
511cbc7b254942f93d5f83b73f185c5412110c34fd30f237b0bbbbabed5163c9eb9b3f47e8efaa6994191556b6435b6967f02a41a07150ab6d0415b0dcb97585

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
592KB

MD5
c5dda275562a767c82b14ba7ca23a9e3

SHA1
7e44f1940dc6bd36ac9a792c0b09308fa1dc4052

SHA256
25e8a88472563d464c37c87f0870dfb32ad9ece0ff49e945d0e92ed15705d99b

SHA512
4754aced6c49f14f60c2bc84a9b6c2597c22b67560f5ca6f007c88d222a53d3fbe1e7a7b61874d7176ed2a8b1fff3bad4425ab3293bf74a90dc6dddf412ed852

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
237KB

MD5
3aa73446c3d3541044eb1f79ef76c970

SHA1
dacdf4bd2af6ca7e0e73559bf23455363363bea0

SHA256
71ef5d5b5ff8fe98e6ed96a0c68b0665a2bf001cbe14f42cb110f66b92f2a03f

SHA512
d12e08e641287b887c1e74c4ebdc10ce18d6b74ee7b51668f0d3a4d0d7c3ea1fe0778ebcd5587923a9394b4fb7780d732fb2081ff18de279f685cbbecdf2b74e

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
979KB

MD5
b579eda08aef74991736b8b7ade8635c

SHA1
4672a1450662d6d9fb22961f1c8d0c797040af84

SHA256
d8ecde7ef60efb606734a7fbd5e1506a9841a1f9dafbfb20eed692f382535a6d

SHA512
9f24d2f75b8002ccd1796a89f618e9e794c0358b56fe66f4c88c4b279027853b7ffd62735094084f102491d10c28bd69833d912319a4063b6d25cdc3ca73b6c4

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
732KB

MD5
5992a83702d2119c18c977c5a4b4e682

SHA1
24e28ad8123478211591dd9fc1370821e1557d91

SHA256
3dfd2fe59a8491f75134a681246eaf0ea79b3c6b1cb2b4253ec64eb8d7c5d942

SHA512
0cbb0369db74498f612ac580ca9cf103acf26ffb8b1d28a230d2369c55bd1751b98a76dadd06653804a9bc4f117cb8d1de8c236a5bc4c0a1afb1620398e94974

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
58KB

MD5
97c86825ff5dd915c3c0540e013e2815

SHA1
9632701aca626493d03f55e454003a8df01e73ad

SHA256
a4d074f8ba689f99aba9c69cabd5a39c32f197de00465accceb44a92d8e8e389

SHA512
418c32470a200f02cdaa6c1c11fb39ed045198b9cfcf294986e5cefabadc3a54663e99cdbcc261f36cbde173b98991d255e6b87d7aa92d5944fd531a7474114e

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
56KB

MD5
11cd043ee2fd2918fba1223f2c6cf083

SHA1
b9d0c69f1ae08e32972d336d57d7bad6910975a5

SHA256
f6ea655215d2f499b6314df91a427afa7f8c70b0b93c6cedaeaadd32ab4f5a29

SHA512
3f20f7054c11dd40678a462de774d892ee06cd7b43a674917f9e437d1727cdaa661c1a9a074070d015279d940215730a9e3e0d211ea9debdb5150c051519d311

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
59KB

MD5
eb1bde605df6cce99fea5fe7377b4b0c

SHA1
0b773eba802608640cca5b4b1d06c81ceff61702

SHA256
39534ccf29935d809ce6123dd5b74b8a905f5c1643cffa92139a92b53c5d9ef8

SHA512
7fcb870228a727d1bfb72b6b6eae4fd18e1921c6aff34fc5a3d4f4c20bf3382c8f8f479a445aa1d31a8b19140cb5ca8511229f0292dc7e8e7fc6327ea0d2a2fa

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
59KB

MD5
fb6dee2af60ba881005642970bd60228

SHA1
0a05379bfc1e877719850c52114ae46291a342aa

SHA256
eaa0e264451bb8bbf56cdd958f897ba210d3aa711378cf4ee8a49638d7300b0b

SHA512
b88461c618755ac21f9a95abe6f0d23d103f389a4df5e4ba6cfc59f708d58502d1d5482b12f188863ecea8dd7debafe50d461f5244947b9e7b3c5e4d2494274f

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
61KB

MD5
9ae7fc49bf0372dd632970bf3b797caa

SHA1
1c66a7d6b8789c9e1cb1392f852dfd23d0c65de2

SHA256
29da900ecf72c1a75e89156a8498d1e686590c83d6776f8bffbf5f890cf124f0

SHA512
1c82ab49535894bd92dc9a96e97645328f8b41eadf3f05278f648fa6068009b2ba03f391e2156df0d9cc07b790a6570af5a66d1cf3a4cded1f420b96d5aec21f

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
54KB

MD5
0e9ff70ac1f5f04ef4a60851597b8a6e

SHA1
7817a4ad8b598408e25309532039c7a469910a4e

SHA256
e56e83b0d309c0c5392b95f66064205b388ecadf5fc0227cc5876bba24f92bba

SHA512
0fef4b13946c2f277507a9f762dc4b3229e57ddfb316095c5b9f349c43aceb8acc2b85a997c433e5d229b4b9638d5833915d6a99b8226154914c527169ca6690

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
57KB

MD5
f7e4d887f681316e0ce2463a535c85b9

SHA1
a00d0d16ec96c9834ada9959b0217742a958392a

SHA256
d365cba46211a76af97b1a519e883ddc46aafd4a75eaddb38378ddbab6248901

SHA512
992bca26b4c87ff5639bf3e99917e4ebfbdcf0abbe85fa0a274955190dd4afa0b469650360b548d78039787db08e51ea0ba915e1f058e1255338e3ca7f13f608

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
58KB

MD5
4da7b49b578b7267f9fbc53ddf14d041

SHA1
05d071d2950f3c0be2db8dff1afbc9000e0d461f

SHA256
95ed7e841d666301722d7b0a61363f2b969f808800b089955d11d4eeb2f86284

SHA512
f1bb27f91026d1dcf34f85206f88d34704b42505e2d4812f83c3c9369d28c4e68fb4a46ea1ae7fd7e1feb424614cff1e03ed337b52c407cb6ce533424a6621f8

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
57KB

MD5
cec2fe977aec592356eae1574e2d74ed

SHA1
ce43240bbe8ecd710cdfe91b75d7466e07c132dd

SHA256
ff41c31453905e247b0f5840cbff24245ee842c4fe75be2a19d4beb9b1efd6f8

SHA512
496e073f33f1c385d5705ec2d86bfcfa51b568bef816de638b4fbc477426190143a4185d60bb5ca8e8f30c1d46ee3d88497c5dad36401fac3a524af696e59d43

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
56KB

MD5
1a1d5bbae20111278e9ad4d8691b57da

SHA1
3c0ad0fa57851a1b2f0dbbc9b56be174c78d6431

SHA256
c6c2cf90d389770504f6148469cdd66b9a7116e267746718ecdaf0633ea2c793

SHA512
5b407b9033027cd5ab3d0adbcf1e0d50b23c517497e48620c9e92d7b5415e3a5a3a295172788d146e9ff59dd2f2655cd7ce8c30c2f33bf1150b3426edf18be66

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
56KB

MD5
829ab47dbc048796001e7874d8958087

SHA1
e22fa18705dfd8eeef9a705e4d7c84dd581068b9

SHA256
9b9974c5ca15486044462d987f916c09ccc3277e610e258eb058ce10c95f0fcc

SHA512
d8e144c45389de83c9b6ff41c5ac9108bae6faf101d9db2e2dcc2cd5581fd8d80084aa097930369af493fc0a7b9bd688f58ceaec144afbdf200e465bfd48c149

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
53KB

MD5
68c3de1c4fc0f90c3818f5787821d452

SHA1
d2e68b5ea6ed986b047a6ca27d94be5d57e935ac

SHA256
4255f9f159b50c05e72bc176817e98f822990e4716eca0efeab6e08851a6c08c

SHA512
cabad36b7010c363fe3aaa19795b8cc9fe69e2244fd457b926186ed7e0c058ab42a604953a28c3593e516f8043f33486072724ebf46981df2802c3306ff5f187

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
58KB

MD5
fdebc6c673ca2b82fb9632e945ded601

SHA1
3e3c82b0e6687894af924435bd3d265267935f04

SHA256
e8a513e7a19371a7d68dd85942be53729e2e6a96ded10b57127e51a3fbf4fa40

SHA512
be19d8ee1c111bc4ba0fd5481213618a90c7a95af2b4ebe5ac5ab9469cd666343ec03a1f2d458fe0146ac332945d4a3095e2744fffe49fee9dad429341a27fe8

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
55KB

MD5
2b713c05eb660e08f50b15e0d0a2a41e

SHA1
30a0a634fe311133f9eb4a622024403f7984c2f8

SHA256
9aaac3ffffb70c2cd25bbe43f5a94bd463c45c0046f3478681d8c3e4386f8d17

SHA512
dd774323eb6890db6513ff6d062ef0001557666c32f38af0ddd30c98861b949be63817eb7d5082a4c905d8e009c233b03bab9bbd6e5acba144983b44593b3037

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
56KB

MD5
2c273535cd3f6d0315d4d3450a4c29ad

SHA1
4e6958db6227c2350258d9b5a5be0a3cc016179b

SHA256
f6dcd97ca74c03d15f7d51af1130ac72a354d61d269bf095af2f1756fb0f574b

SHA512
bdc17fa2ff5f242935ad863e99c2e80059c55c0abf24d128968f3551f25320233d248deccf7989fca4f2a1f148eb3183f2c039bf0b8446a6eddee9d1ade9043e

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
62KB

MD5
bf937a820b87bdc1db7276fbacad7052

SHA1
9f19a5596d78590b7e9e7fe10bf9f78abb489f82

SHA256
b8ca475201ac7792e9ad600b1a67399e38416eac68b108d8464430847960258f

SHA512
372cea0b28adbac4c8e7fdb9845d8e545ef29d91079a5110d93ab5eb73e95d863a94cb1e4f8f2d0ad5ab665e90a47f2a887f666338c62e5feece22690dd2b956

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
57KB

MD5
1d3a35c7e737c0a61d4a7dd6a30bba9f

SHA1
5047adcced6f3e1a48ef8ad1dca81878eb045773

SHA256
3174e3d6ed4d3299500773ce997ece61de5d69df75a2765d242adaea32955fb0

SHA512
8385614a6c2acb5c507e75b40c0eb7afc3712e7fd958e67943c26877dc83c2aa31b5c76e7ac5f981bb32b828d950acd45e1a30e81c5ab38b524fe00e0876693a

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
55KB

MD5
e7c6858cc4495e868948bde418e338d8

SHA1
6dd5a2bbfc5d8a8517ca5eec77eb0dbecf837ecf

SHA256
7132e2caafb3e338b914553cfd099e2be9b9238f8959c630ce8493bf18798681

SHA512
d138473086958aa19ee8b6762e7d1b946a562d50e3bc87c6e4c3ebeef0ef0515c6bdefd378713b1debfa05b8e9c7c554df529b1c5bea4fff648d3d63a9d2e264

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
58KB

MD5
5a1b66c965f26328bae9848a8c329a04

SHA1
5315ee81b32c883d19336569917a0c9901b418b9

SHA256
aab0598a7e1c4a322a8ed3b529c613418a269c6de5105117b33181d823547424

SHA512
658d60a7b30136679c1893cf57d1a7e36e293a92a9bf40f92a7e297e6a823d6f9d953f22fe0507b20086fca7c3a0c696872c5f933d7dc6bbf7d5bf12df84f0fa

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
59KB

MD5
370553bbdcf602167d2c21abf8637615

SHA1
45d4309577e7c2a899e33cda83b3a1c981fb328d

SHA256
aae96ab4a8914b8acc231bbac83dd8e084e7d88cba775b4628ecd49be212df64

SHA512
aae3d4a900f0939051212d6dcbeae6298ea90ee0e3f88d8547b24cc03897c3d552197474fb8e6165e83b2f67fddfbc1d5c1860337015e6366f2d82af6d1eb942

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
66KB

MD5
7ca92f3cb55120ede808627fbf8f89bf

SHA1
78c88feca377b0c70a1607fbfc1a1d24c3fde436

SHA256
bf189e6090c13290ea8c8f7cd5ce5abdf102cc8e52baa7088b3dea1841b07e5d

SHA512
b1c94438c31187cb71443399a7615239d32b1f688a7d2985528a1a9722f3c137384e668105d834250462853d84085a0ecbf3fe43dbf72d17097e9a9756846dd5

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
57KB

MD5
082510776cd13fb51afcda3e6817223e

SHA1
690b67f6669f4c29ab42c5591d1b037534cac25e

SHA256
ae64c01277a479295266206e4fffa716375c312a9a24521fc08d7b22ed259663

SHA512
ea18045158dd824f9d7221f0f2f5434a22dc5b8eea85c6678304bbe59a43705eed86ef9a9cc085759c5d0056ff18c85813f1fd64e5245f599936287638a6c366

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
62KB

MD5
518ba97ba12ea9576c72bf51390f3df9

SHA1
9e2ccd1ffc4af4ab814383a68bc31930dfc98d42

SHA256
49ea35f3eb0364cd7be500e5c823eea12ed810c066674586e677cb3a8c2f7764

SHA512
833d1a8559643da0d4562d70a034afc91fd3d039a036dd3d96fa5e8f172160b0e98392085be2c63da1a7c6498a852b9f8ba16764ec0972274789245a22a6fc16

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
57KB

MD5
3f2ec0bb571b6bfef84169e4924a7dc8

SHA1
def21e531d338b71355c61936eba6e3c02ce2bd9

SHA256
704eaae497a648b4eadb744b22e23d0ab53fb536a2d6c0d4c41a58e159f0b6fa

SHA512
1f0736da4dd2d59de0f19c1088e597db1a57c10de01ecb9f68499bd26cf18a941197c67b5082d9d0999670b6b223e6895fb613d56c6e5dbc5d04553b75f4386f

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
57KB

MD5
520c59f6db48c64aac86ed13e8fb07ea

SHA1
fdc0220e6c05cde84098a4ca502d814e2b001234

SHA256
72774de716b6c8e049c0e3706d2eafee0cc3a1e5d8a71aa6abb8becc3dc67261

SHA512
97955b0655f51d9444bc34c999221126aa0f5b736260baaba4e3255824aaa93b5af5d10adedd308e08ac384079ba31ab9f91b87cbda9c3ba2194173f3ca4232d

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
58KB

MD5
cfe8ac1b6359087dd7b0fa739f39746c

SHA1
5108a21a192c79f135183f45ea637fe61bd3726c

SHA256
caa63673a797249dd20678118af9a57accd7570040e5e972f3ffd31fb342ec24

SHA512
0b7589f99fc30a928b2dfbed733da84a03bad563f2fafdf49e2f97a4cff1bbb06398afb77bef9db983f45e05d2406b94c9d7b3e6dc71dd5207bbe1ebaf401baf

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
60KB

MD5
da8053c58793ae8554d186d5d4ab6cd2

SHA1
14899a822e75b176d2a8dceb8e4343d18636af64

SHA256
c9214c95446e6cde160f189cd610ed99ca5916561f73e50c6303d4e4f0371071

SHA512
4fdc39dadfa465c58fd02dbd0464bb6599c3d3344cc525d2dd4a866c9071d08fe548f06d9fef708f09125120174375be082b990d5078319d44136465d0726b2f

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
66KB

MD5
ebf8f9af894161e8a40aa0401aa4b380

SHA1
5cfa41c425d16f3313ecd7f90c2a08e28e9c8eb2

SHA256
d9bd610659fcc3f2e97b430f84ce22c4810e25c832146a7da4a3f63dc31413ae

SHA512
38a558ff484bc6a04aef878cdacdd97ba19cb6a66befef2d832bd6fb7b801cd90a11bdf7d44180bc868a325ab3f4dfb0c3abcc81751f2eb3ed9f5f4e4ee145a3

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
56KB

MD5
719df2ed8e1e4c92d09514eb320e817c

SHA1
a4ac2e79f3a7b05542d978221db4f1d6f542fd03

SHA256
cb1a97c156c81e420299c91ba01630f1e3772034214a7dec5ef9c21aca0a0709

SHA512
78c277cee9aeb735a080e9319704f9dc32523f35f1fc80ca2d6b3aa0f0125fef8f6e4ae576e8d66e0445f030657bce820902921a6b51e057b53daa08bd55c83e

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
59KB

MD5
beb4f3be0863d976d4ac23c721e307d2

SHA1
e5a876d2f377dc5937c63a93953b347d47b2f74c

SHA256
4859abd7e8db856fcaff1069637776f2f4df21a5724679ff12ebfc8b14a23ebf

SHA512
b04cae51f5ecd24dba4a38194ac22450972261d8ae995e84c74988874c704191960edfce81fc2c7672dce8a2967ffab67bd82e4f18e5b9510621a731d8373205

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
58KB

MD5
9bad86a6c1d3a962087e8d203b2cbfa1

SHA1
7e90433ab3135e11695dfbe233866534f1307e12

SHA256
1cd350add95c715809addb7e1a861f8fd07e90412fb017137fbc4ea6548153b5

SHA512
776d33bb4c812f18b86fed11c952dfc4a71ce1e7d98d175f1c18886b56e949f78b53c5098449cfc2eeecb03c1c0eea1c658369fc062ca128364c5fabfa993cd9

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
60KB

MD5
b261452d0fe4dc958ae747011f5177fe

SHA1
8f287d0a3a333635cb9d89c0e4c511745c45d19a

SHA256
e48b5b15a6bb33ba5014f3a5bc212e3bf2ca8e76ed4cab0de70cbe24b16f7710

SHA512
cb60362cdb332d5e1c1c729c09f3c4696c8ca110c701a70acfc566fa76a3e479e4fb600a04653b7ca9667ff50d58decd7df75302a7c025e224abc0369915a47a

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
48KB

MD5
2f1907a40e8376d81decc974c1a1e1d2

SHA1
8e7022cda9090057c3ad8f6870aa542a8520e16d

SHA256
44c57ed77b5d782406508af1b36aaee4e3abfc4759b5ba76257ca1f13aca3fcb

SHA512
b51dd78b5b8d9de4e0fbec7821dd9fad7b5cb484103924b7e627122052c523124f7e30549315928f9b9fa36573a64cbd1f748175cab7d7ba2e3adc3a4a271e9a

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
60KB

MD5
e772e33515440d8eb5ad308e9b0a7a42

SHA1
6fcb5c2ad94965bc66ca4eb5d5331cf80aa9314d

SHA256
1b507820718d9bc9f1b22bae41dc03918474382e1f5f2d6453316ad338cd1517

SHA512
d4e93c3bd62e13a83e5959c87f2b4068f304ec28fea972e49d20161c16b9f96b9c0f2df8092e0f4d44b8f1cca990c2703a75c8efc81d1d5c6adcafe245198de5

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
57KB

MD5
437c23694dcc626c939513f004875f59

SHA1
10eebc06320c2299815e39973805b95793415e7f

SHA256
f09dbc48b2b59452ccd6b8f8dda10d748e7abdaad632af033e8aa1a789e0f3dd

SHA512
28435247328091f6a303c58fccbf8335c34c112a9499b0c678dba3babce39edaaeaa29409ea9ca2c8849eb600958a2f7e2728d10f4befd3e7f5bca468659eab8

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
56KB

MD5
36228dfa3b26934d35bb4aed70857382

SHA1
f9cc61e3eef17776c1749fb5c0dac9a453345e9a

SHA256
5520ed6dccd73cd6cc71f850e535022688d6a769eabdf9bcf6b45118bb596fd5

SHA512
9bebd70907bfd9074e7c66cd4f77470e2dc188d4970186729b1293a1f4fb6fa9c2421a43ca92153bfbdabe973617bef71becd9d9f561365375e2cd86526068b1

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
48KB

MD5
a3e1870c0632129c569de381c0be46ad

SHA1
3542476c4e4907a8ec065b62499f2f75c8ae7af2

SHA256
abd0e5b370677277ca2c3cc65a320abe51a78517c29f671aea69639edfe511bd

SHA512
a99e4201b6a2f1ebe099acc56da15e3e29699b31bde50a46b91f8117028fa3306832920436dfbae22a6b8a438be9b2c5dcff2dad6bf10411a86526a04ec48658

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
68KB

MD5
5dc273cf9605e84cfb062babe1f3d5d8

SHA1
370d3b6c45ad437f404f159595b4afeeaffdbe5e

SHA256
63a04d7f62ba0d837bdaa865d1d61427f7303c797cba5adb890b328bd3717f31

SHA512
d78ef46d760aac49ed300eb9d8c51ec3a0da0179cfa73527bab22cc7af1d2bf8cb07d2868781e7287367097e285c8c23ee0aea026998f8cec9868ab23abb0c80

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
69KB

MD5
4f60827c06b79fade1dbc8245ad903d4

SHA1
7893f5b492f6e0378cf3e105bc1f4cf6700339c4

SHA256
5cae0fe2d4be61302b88c33f73065fc7b4eb56921a231a0f760fef8ef761ff31

SHA512
62902e35b9dd6b1acbb1d41dcc8829b98ce1b8bc67e2758cbbe5cdd16f2d557649ce5721e2ad5476c0432c626b7d7775e613b47a8f08416278d2153c0556c1f2

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
69KB

MD5
edbd71c0619e7afcc2c12881a1d4907e

SHA1
4f63fa6f45b6fb538565eb026d2b7fec19f68fbd

SHA256
fb24bbb980963764abd7046fe5a2a861b1c605adefc0f663fa588fe3a4620b7f

SHA512
8a0a9968646c69f69c51cc753d3dd77b81fd0c7cc65b64eff089449242bdd213049650b0d69180f7b132434366a19ab9290769476eb6aa79fe2b6f1329f83cd9

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp

Filesize
56KB

MD5
5fdd3d016af5e9755b45f99476098f43

SHA1
e889cf2a052deed47fa5eee44030bfbeaf3bea7d

SHA256
0cb9da4786241b91145a3702527cedf18ffebe3f04f6e0634d6cb39b0262acdd

SHA512
742ccdf311a63af93da7032d2de59505106153cb5dd8f4b49dba037b512d807ebc9f1bfc533347e5fcb788f2cdd37092adbe9e5a6600fb88aeafbfff0917f492

Download Submit
C:\Program Files\7-Zip\Lang\pt.txt.tmp

Filesize
57KB

MD5
84fa662a49190f99362681edf507515a

SHA1
e9755dadf813a65cdde18b8379de92e8e3422a81

SHA256
2cbdce3177c2454d7ec5b6562d4cc35a970ffc47de5821686aa2fe41ffdced7b

SHA512
cf94ab4e18b4b93f395290ae5b9ce62d4d0daf0305b487778e566eb4367f5cf4fc6b3dd94b3d6dd0361abb1ac8921e5e1fee7f9cecda2b4355955284db689652

Download Submit
C:\Program Files\7-Zip\Lang\ro.txt.tmp

Filesize
55KB

MD5
5d195bbaf1a57e4371b519f1d9fffdeb

SHA1
3788415b447d0e2e37834b47f30eed92636c68c4

SHA256
731c9cbb4d1c432ea4788a3b1f4bf26b696b0234150a5a94843b3a0d8c4f0566

SHA512
c6a9837b0f87172a73e4b06c6f77948a1ae0acb0555acb74b53ea22fdf9b7d4b211624757a81457c6bf32422c7c7d10d1b06d8330b83f47a41275ce08e2670c0

Download Submit
C:\Program Files\7-Zip\Lang\ru.txt.tmp

Filesize
63KB

MD5
7c0719db91fca27c250ba32242f6316c

SHA1
4e617661d0ecde4ea7d22811afceb800c34f70cc

SHA256
4dd2e63ba442d7c524e4468ad035027b438b7389aa7ad65eb8b7fcfacc0db0a5

SHA512
2c9ec36695c0ec22a40cb2559d96b3d1887e35424097d08bf1bef0ccd5fb08237bfcffa4c5ba804eab92daa397ff12e33c1d1a92d25404fcf6495e7e198847ed

Download Submit
C:\Program Files\7-Zip\Lang\sa.txt.tmp

Filesize
67KB

MD5
1be32c1b5929831af9e96b520ca95e88

SHA1
8b5416619386f27d7130b38c72ddd6aea4407915

SHA256
91ffc8fcdf4b2e967dfa54aa474666805f7609119d98f0a5f34eb562ff51407f

SHA512
f6f4656b1fcfcfe2a6bfc5cbbf60a63ad5071a214b2871d57b72f4fdc2362c3fa611dfed77ef296114058149a3b1658f65126da113208fd9166ff01793a83b38

Download Submit
C:\Program Files\7-Zip\Lang\si.txt.tmp

Filesize
67KB

MD5
2209133b17065e6939479d6de50f76ba

SHA1
b5516d23961076c19bd61e9c64dfe07ab826dedc

SHA256
ce59a883ed9b9c521d703e9aa8075b4aca382504859351d96f52d5253b340c30

SHA512
6c3764e32fd5be2a0e3457e759a388e5ec75e7472a7eb8029439b90f718962fcd612eeef124df51a0ba729676ba210de28a0ee67ef0b8de92035609454a0db1b

Download Submit
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationProvider.resources.dll.tmp

Filesize
63KB

MD5
7e5f6caaa8484887e918f0d228cf9c91

SHA1
28f998099ebd96ceba7bd7875f299aedacdde69c

SHA256
2dd33bdbe3f6293b812b50736f7b07dc710bcfec40dbe61eec5a11877bbafb68

SHA512
fbcaed95eec8bf86330c69ba0a881fbd2d449e194d506eeef276257f582fd0032afa9b92596001b58dbcfb948cc9c584afa5050020e657942c79f8b8c18e968d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_08 - Homegroup.lnk.exe

Filesize
48KB

MD5
8e93c316cff874df3deea2b5dbaded29

SHA1
8bdda0cffe2fc3a39a7480baf5b4023081cc965d

SHA256
ddfaa7f1201e43988d788f90f3f5fe04a86926c168a3fd96717ab5f80c317f59

SHA512
bdb165eef5dc1ecf02b365309d413d2255348e5ea18ad0756c2e8b5eea1b62af6f761e6e3dd69a75a297cd32e008d7573d48e311e6d200e61c4153a7d85dd6d7

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
48KB

MD5
07314509ed2275c2395b2d97a3056859

SHA1
7b0138acde962a7819f6b93c5f54040addbb6b16

SHA256
d22a1aace78a449ead22c391d5b70f58d4f65087e59b399724b33cde2720e6df

SHA512
888f8fa2c1a60cd74f6662ccfe961ff46ff7f06fab997edc11485c389a8d3b6917eb33d8c9f72f27290890d89e86f7638c86a6d13e4fc97add216248b6c63c19

Download Submit