58072cea03ae9046d48fdcd6a649150e2ae220bfdd5ea6fac43946684944d7a6

Analysis

max time kernel
120s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24-08-2024 14:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83059fdfcfeb45db3da7b2a38d089990N.exe
Size

175KB
MD5

83059fdfcfeb45db3da7b2a38d089990
SHA1

6facaeed9cb17b954cc0cf8a0632d1eea6fb083f
SHA256

58072cea03ae9046d48fdcd6a649150e2ae220bfdd5ea6fac43946684944d7a6
SHA512

c3d7148e041e49880528ad78d46f980812aa9368779b92b065a0cc935339653af576da66e28386c84540e81acdc7ba8ab78a972b74c63662199db5735882d009
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eBSWSYGe7WpMaxeb0CYJ97lEYNR73e+eBSWSYb:RqKvb0CYJ973e+eBSCqKvb0CYJ973e+G

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4546) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
5108	Zombie.exe
968	_MS.POWERPNT.16.1033.hxn.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	83059fdfcfeb45db3da7b2a38d089990N.exe
File created	C:\Windows\SysWOW64\Zombie.exe	83059fdfcfeb45db3da7b2a38d089990N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\bin\rmid.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\Integrator.exe.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ppd.xrm-ms.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ppd.xrm-ms.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\w2k_lsa_auth.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\nio.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSQRY32.CHM.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationCore.resources.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2ssv.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\icu_web.md.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\client_eula.txt.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\LyncBasic_Eula.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.PerformanceCounter.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\fil.pak.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Formatters.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ppd.xrm-ms.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encodings.Web.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.FileSystem.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\cs.pak.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\jli.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ppd.xrm-ms.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_WHATSNEW.XML.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.AppContext.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Console.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Configuration.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Loader.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-pl.xrm-ms.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-180.png.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.UnmanagedMemoryStream.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.Design.resources.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationUI.resources.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-100.png.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.EventBasedAsync.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Contracts.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-phn.xrm-ms.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	_MS.POWERPNT.16.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorrc.dll.tmp	_MS.POWERPNT.16.1033.hxn.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	83059fdfcfeb45db3da7b2a38d089990N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_MS.POWERPNT.16.1033.hxn.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1524 wrote to memory of 5108	1524	83059fdfcfeb45db3da7b2a38d089990N.exe	84
PID 1524 wrote to memory of 5108	1524	83059fdfcfeb45db3da7b2a38d089990N.exe	84
PID 1524 wrote to memory of 5108	1524	83059fdfcfeb45db3da7b2a38d089990N.exe	84
PID 1524 wrote to memory of 968	1524	83059fdfcfeb45db3da7b2a38d089990N.exe	85
PID 1524 wrote to memory of 968	1524	83059fdfcfeb45db3da7b2a38d089990N.exe	85
PID 1524 wrote to memory of 968	1524	83059fdfcfeb45db3da7b2a38d089990N.exe	85

C:\Users\Admin\AppData\Local\Temp\83059fdfcfeb45db3da7b2a38d089990N.exe
"C:\Users\Admin\AppData\Local\Temp\83059fdfcfeb45db3da7b2a38d089990N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1524
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:5108
- C:\Users\Admin\AppData\Local\Temp\_MS.POWERPNT.16.1033.hxn.exe
  "_MS.POWERPNT.16.1033.hxn.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2392887640-1187051047-2909758433-1000\desktop.ini.tmp

Filesize
88KB

MD5
5e134a8ffe55f083872d8aebbf424d05

SHA1
f8782bf564421788e70cda8c2aeb198a6e63d47a

SHA256
93cd8a416ff6de6cc58973153dfe5805aae557f16c97d4f4caf108c445529959

SHA512
4f9c9b0fc9a26bad9f31051ef67e77f3f86e950743dd0ad76842cd3d2ac37b3020da4d42abc61225536a2efd74b587ec1f2e76d60f4e620f3bd75d863deae6b5

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
200KB

MD5
8c86be1ab5346c029bdb0076f3b36325

SHA1
bbda42fbedca61cb7af554d34b4f92c839e85869

SHA256
811a2b9c3d50bc899b3087897bf9c750518e84f9eac95b8abf7efad09b31e131

SHA512
41b3df64067e71916797251ba70c74b3fff732bafe115bf85469e7babf693d3cd54dcabd650943196ce04e0311ac6b9469eec9ccb32566cf87f2109628426879

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
153KB

MD5
3d5f0c5073a7addc2a3f2d02d25b09de

SHA1
f6dd993011f392f0546940ef06fcbfbc33b36488

SHA256
9bc6b1435856d81bff00673c0ed152f1ee2205d4482bbbcd6c62286b72b92b79

SHA512
eb8b0164ba74fdd2e2ff3ad2e91ed625608f6e774bdd28f4118f44a7d6e132ba8f0c5bb54eb86f02cc55376a76b84293e6f00c8d213b9b87ce4da35cfa2b28c5

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
6bcffd8dbb93e8a60f303669c6b60368

SHA1
25e4c400187a237b8345fe3940def2230feef31d

SHA256
bfbcca6eb733092cbec1f63299dd3d4b787e50fade9f8f6a3e0c9c2f71b87403

SHA512
11b4d039e48a3e2761ff6875756dcddd18c53586807389663542289f897e2ae019be3bf01144d2075786900b0849a520f7f54944d3396090488ec03f52f0e3df

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
632KB

MD5
d71e7263d92c0e0a4a7abd70f83aea9c

SHA1
513b10ab9e18eaea44c2d96b119f17bc840b41d1

SHA256
30ebd9bab3828d2ddf2078054223452f1132ef6069c9a950c4ebcfe679cc19f3

SHA512
bc5d3fd7d51aeac856b97e642f53a83d7bb3f7067623b368c1b89744a257f0f7dc12adcb1149ad19d450338266b6be8eeccf964e93d1756c275d5d1afbd5f517

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
276KB

MD5
2694cf26b5c2cff09fbfc105ddd580fb

SHA1
87d484360469c872447022cdf22b2dffe6db944b

SHA256
6975077cb0b0483873ec6faaa253830ceeb861e3f94c0e25d20f9b07b58ee695

SHA512
0145698a431e7e05df9666e7bc9912f833eecf450d129110847e3efe5a43b8c884c1d5f4917c33ce3c2bc781d6b735c3f314260b2626b1f25e307f1d9ed1e1e0

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
1018KB

MD5
5c9098a31009fa08af5ad74c37f89343

SHA1
00a33e7eaf2a1a28f32be4556e77a719de84fe43

SHA256
2d20b22a1320a345f8e105c248c55559d18bd722902633cc3040f69828b06e78

SHA512
7f4043bdaa5883bac84956fa69ad82731d94241eda881f20caeb7dfbc56e9dec578d1603452ff3db59774cf881a04ed39cbb1a1614ae5bb1494dc39c6eadeb28

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
772KB

MD5
4a4be8a034de75b61a3f7893c57d780f

SHA1
5f8da7ac2976118206bb34ba6df10bcab3b636a8

SHA256
f8159ea5b6b716711b82dc0f966b50894de6fd84c65adf6ff2c7b9361b864d2e

SHA512
6b15aab686fa007c90e1218f386b9270960b65d37b7ce5437023fd4e20a6b7b8900aa59f621ec32dc400353a90a22767d9b3d59d57f38ed2d676ae990c271495

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.exe

Filesize
97KB

MD5
9416d145c705dc18f5d2c6d45e413b73

SHA1
c1304c589670498a15e7ddf952c6dadd81589fa7

SHA256
3488cb79f1a5cb487a7a72a1e1533e0924cc133ab0d9ea94c2ca8056f806856f

SHA512
519de8ae0344d5eefbfc3737effc9d5a6d3e72840dfeca384e7f5cde8bc024eb5f588d88efb89753fc29df3e88a0aef5a22f6c3b8ebaa1b45f76ca13f8b23a18

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
93KB

MD5
54e4225cd13f613d68cabedc84594ea1

SHA1
46d85a557fb746a6cd69bb757b8a5eff771701bc

SHA256
d89a989ba7105f936bbebcfc884b2e40da08c075b06783b9eaaa9bb09a589598

SHA512
107a758f09b941e5cfa665a79affd2b41ee78e9811b542063397839dca1964312ee30b62a3ec5f63b7130ac53a19f4f1762e45fbfe6510ee5e8edcd2d4ca5888

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
97KB

MD5
680b7496b944f520ccbd174a8188df55

SHA1
fa33e4f348a4e0b158fdead7a3de254e63e522ea

SHA256
692b6f5b119d5e906700d0decbfd4c8925ea173bd4258fdca701a3e2f9222501

SHA512
e9534fe85ecc155f60d80e88a392691499ffdb9974aa68f0343e9f493a27c9b2d74fd21aa45fdb223921956677992e58e2794630b1d00af9edb0f4a1ba59578c

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
99KB

MD5
f012ccf3b5a1f68d866bc9c6c87331be

SHA1
636c56e96b06157afe7816bb0135f196bd541a03

SHA256
f5dae97df26414d12278c787466fcdccab0096e17efeba39b9fdc9f25d4ad85e

SHA512
adbc8d2899cad3a11a0ddd5eded8626ac1c098d492c38a1f62f3a9c6c90891c396e93dc9279cd38dc193fb5a912c239cae27673a5e321cf89df87ecbf5caed9b

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
101KB

MD5
ac79c239aef19e23a6529bda8cccd449

SHA1
f5806c1695230c74b57f9012b75ba77f00e925d1

SHA256
0fc3ddef2d73bc46ff36d56ea6b8bdc19a57aaea53408d994d0cd7ab8f703872

SHA512
2ed6dbb9e9eea748954a58bfac7e3cab8d7f3c9fd1d3f436b8866d9e85506acb4764b04d3a3e055724722a2868d4ff36c62a3cbc4473b2db060d5a83e8af546f

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
103KB

MD5
a8e876ce690a8e1877ff0e2b2c9bc5ca

SHA1
3fe8cfd2c3e9425e141946dd01288303215b2b04

SHA256
80d76da80a8b08e825c2c119cfe3b7d55fd3f9bc0edd4c17ad847b685e25d663

SHA512
1efa7cc5cb1ef19305ae6f2c37dac528372fd23d677371533b358e4a5377cf7e0b91699b80ad680f129126b91257d465a4a804607f77aa5cdb93deb3eee5e494

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
93KB

MD5
cba3cc84c8b8bb6af916d83537573259

SHA1
07c72b47c4b3e2cfdc8c7ee67505b59289281b18

SHA256
c6ff03c2ea09b09bb68255083db0671abbcf5619a23b4105810ea62fbaba6748

SHA512
be1c1b07ef4691f17727e8b59cfd950b1b18154556dcfd2d553cb5e959f98a8938ab0fc88bd1663f7fbe0fe0d8abf4fc18a5d52286fd32563631e8fd83598f2b

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
97KB

MD5
01cd99d73590fbb312be23bf730154da

SHA1
55639bbf37bb357481d1e36674a5736313050b63

SHA256
9da42749e6b9cf4485a86c2071c9815820611a2b35fe8ad190b873075c4f74b3

SHA512
1335294c20ced389b9a3bdaaef4cff7210e2ca5e91c44713f19b530fba585d28d460d4967780f6014a7d92656a1bb4567e2ef7a1846b7b0103b22adb3fb0f3fe

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
93KB

MD5
227458c68ec3e3302b7d568ad43829ae

SHA1
ce7251aa9c857ab2fd74476d401fdead987d4e70

SHA256
5adda6161691c1f2dd884e8c9ef4c653ce3e7883a988ff5386913a1e06da3863

SHA512
9ab477dee39346be02077baab7198b391e14efe9d647fc9dd91f70aee571122679a2126c38683b8274766f96dac069fe5d80bedbd792f6e0bf23ac48b336ed54

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
97KB

MD5
e49ecaf0c3a9a93b63d3bf0e8d77abff

SHA1
935598625d111ee5923187db49732b9f07df01a9

SHA256
c1da0abfdb66f53787cafe2e0afc8270850a9e74433db21888c8796b6a3ee175

SHA512
beac51854e6b0c432fed1600d5de988297fcaa9866a3e6c3678473e24aa358ee2cf478504c85d4b971e74f439d5593b1ad07b2a254e824636155c77a6d9995cd

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
104KB

MD5
d1458e6f4bfe7852891e5bf6cd6f880e

SHA1
b5cd6903a1e4c010f0c935c7e9fc300d452770da

SHA256
b6e5d89c5bcc4c9df108cde35a35194e0ba14133b0d6d6fc8eae54a0b3405686

SHA512
b409ee7815627f62a4775a32c2089095d8733fc182792f76ccd53f658fd8438a1e750c06d34ded8b149172e2f1109f774c6c5260a8f60af280707651358d003a

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
92KB

MD5
465ff35d5f7fc2c0e8d061ab797d29d3

SHA1
a7c195754abe3adc88bf917419aaf59897616892

SHA256
04ea3733556166ee9bc02ec25a9f96aaef4dbd7e6349a72713adbf16762f5511

SHA512
cd38821b58985f41fd9a5cf26692dc6eac461bc1fb41e9b46db811dd5da7d7a75e72333f257cffc28e138b7ec761007ff377a75f03b4aeadd61fd48f6f9c6c5b

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
97KB

MD5
1166ad1e31a464ad4195162505784ee7

SHA1
592c00363b777ecaa8a61e6a5100dee65034ba35

SHA256
fd2afd4cb1ec21d7aa893c02f5a9215d7c43d9dbdd7ccb7977a782c4888f3ff8

SHA512
e4437c44439ae2a5eb518005bfd8fc4aa91a3e8ee524db684647e98fff2ed27d457a5d495820901e02f3f8341544c8d870b49bcf590e36e36b04b3b43f099809

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
88KB

MD5
1858ef007d5f7849069f76dc60fb6e12

SHA1
aa2e8fea6012bf70444393bd5d8f5b73dcb79ad9

SHA256
53fd600c5caa38ea3bd4400dd8694f4cb0823cc51cecf904a610646c1289daf0

SHA512
7d0dd0817c869c3303af5d950c969d11be9da633eff6a81b382e8c62eaf89b3f371fce86428f9562d2c5c9acb18b8b261993d932b8896ea5885bc62605563c86

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
97KB

MD5
667d75619f4bc1fd896a47e7ce3f6720

SHA1
afae92aeaeed5bb3e36f8d5b6945d8d15e8900e9

SHA256
c262dd4bffce46bdaab5c099609b82d48dec25a54708907d1ca42f0d24f512de

SHA512
21a8b2eb70ddcc40b14670a0b26e00e927d9ed99512ffc986ec250c9e9f1f8db361d93ea676c33ec247a58d22042211600f8eb5fa3d1ab1a9f52e5c13b90fa2c

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
95KB

MD5
e1ec34c000ca107fa06eae2a34081eb2

SHA1
f6ce4ed32a05ec4454bdb524e661df05832a33c9

SHA256
312b0b08bc8e2b5fbe0675a50a419cc7306b5c2ec2af410551c75f08d73c25ce

SHA512
079197f5c98b22ec2872f13c8378452c58a5e629a2a85f8a817e745c8d6dd1886b2cbdda3904c2b4e5bc5b8dafb753d398b55f5cdecc3608545cc58b38696240

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
96KB

MD5
5311036fd5ea33aa26ab2750493e63a3

SHA1
80fb684f14d7153c9e77c6d579337091729b0c92

SHA256
792a5b4ea71b7638c5d9206d10553d34c008937b1484213ddc3dbd2496b6bcc8

SHA512
564f3e07aea50ad825b56e4e3c318f7d4c9246f2672011d2e9cb8d33cf7230999eac12ec6b16d73c7cc2d7bc71079ea9f18b541454ec240acec363af65776fee

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
96KB

MD5
a2d388dad7b685e43676b76b77bc3100

SHA1
f2618a898a39a7f5eb2c9d726ffc5dd34a7435f2

SHA256
c4af146dc92d0511040e404e9aef0d68bcd1045104ab09e42c9edef37ea76fc7

SHA512
39850c0d8a559ef01bc37cccc0ce74aad0f2c56bac47025ec40b81b03d648c90b445dd0900ae296ef94c3f48fb7a68d83aad40daa1aad51301a21ec5f8507cc4

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
105KB

MD5
f65af8ec6bb0b32dcab462afe469f1b7

SHA1
e8b4910b38bbc94f85db5d7519b70536138d3eb8

SHA256
b19e534e2e19212dac6a25b69b44fe532d2a5a492d843be132c0d63f6884eaa9

SHA512
78133a7585cf854db0b3c673dc275b98883ccb087e1c6662b0567a7d78a6081caaf99fa5c126841e2a11a39565fb906892235c1f8fa232ecebecd9116474ecde

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
105KB

MD5
1da1e3a97f72bb459218da44152d28b1

SHA1
ffb976070bf0ca4f20e725822a25dccc18fcb8c6

SHA256
86a3351af0fe75d3cb5994923bf8d4fe6eb8e83dd56d404eea332a37437a2eb9

SHA512
418a30cdc3c7240f9bb71435d44bfadecea37da590b7585f87ed5cf85d68f805e77fdf233a7b848b6c086c9b020a805f3d83ee445125dee0e4d2befd87ca774e

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
98KB

MD5
96bd744f4c29fa730c4f4717c904091a

SHA1
f67e5d2d3901d52eafb6a2706472f13ca4ac00fb

SHA256
b4f7bf00a98bc031a71853cb04ce86187944978b60cb89a3beb2620cc2261cc4

SHA512
60c5ef8790a0a82484a98afd5ef373e8020280ba8aecefc1e04d05ce298a6fc524eff13a3fe3df3882d0a180b0dd085a67aef78e113f3559a0d07937b95ce608

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
102KB

MD5
3bb53791b52945bc4cc843666946f264

SHA1
31636d321467f19766f57322501aca64de85042f

SHA256
fcb8ce29b02dfc032977cef49601ee94cafcd3de5d5c3c367c3014b474c62ba5

SHA512
3867244f100f9a3a5cb63d2763624458183abc30042c0f908dd91fe622ffabe87e7b024a5a600fddd88ad2723726dab04c70c27690213664b629bf7bda15ff02

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
98KB

MD5
4575148540de0c7d7da32ac63da53450

SHA1
8fe42846285c765df1cac720cb9c0d9d853731b6

SHA256
d6ae9b2e10357142b20a672303074734a79515791b016a6a8e6ee7945239f516

SHA512
19eb4e6aa8fc662e6fa307a2a9c25c473e14941218d48fa537c11604b05b66605f3f0a52b2c8f8fbd2b70bb33e5b0caa546d85a69b9947e353c8a9204a290c6d

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
96KB

MD5
0000cdbf08e8db40f4c687351e809042

SHA1
2a25f998b66ca27b96add56384f1fa071e62c33b

SHA256
7cbbb72de92b126f1d4e6c086689fdf82de30d247b23abac45de68839e7ff8d6

SHA512
4a345a59f7d61efa1056f97e2cd19cfefd38038d5615d11bfbfcbd606cdc848b8e85e46b94bd66c4abe552ee2e49898fb2eb54605bbe2f16cc1b520f8e72f554

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
97KB

MD5
17eab25188cb925658cc8833b3ec1c07

SHA1
8c011b77d4426d2153cf2a26ce19d7027e860c07

SHA256
13d447a66718d23f8ba11d77c3f73115454fa974f27424a76a1502675d5cf3b7

SHA512
b9f6523b551470b2b4d25baef772a2b9d6bc5aef4ad52eeca2d341f60babf41db722b2c432e74561a595a74a05a490815e90d9e21355c69fec2278fa6879a5ca

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
100KB

MD5
80eea568ad488267605a0e8b623734a4

SHA1
f9969b91026e6ea311481693e1f17d9f87856442

SHA256
71a0f438edcf2a46231670a8e59631991b55e9e2a55846f78d3e073cebbedc12

SHA512
035728500b001e566329058c2cab72d95276232215cfc3a6e3f6dac729be8624b4b3ac2ebf43290f33c77aeeee1eda52179f7cf9b15a297224d1e1e329ff08f8

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
96KB

MD5
1ac7235723ee53cc9461370a86fc460c

SHA1
e967d6dc3d0d98a4e7c5aa99849e5de3184554f6

SHA256
8b2fca7703a318982f18fb2b2678e6b135e88d2db6f2497f88d8be971eb68ce8

SHA512
d19e0301c9754b676bf3ffd225bc3e89f16c8b913cb011e1d5a5fe37df36849535341c4c20e01324a6141bc65178282ba4a075b7f51e412206f0b48ddac301fd

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
96KB

MD5
76b7bfe60365c3f6cb8d58eff92843f1

SHA1
a193c001336a86ef4d0854e9f6cae7ad1422342a

SHA256
b7eaac30d4d0934c4e05b0da7f00dcf2285227b245bf25529eb5d33d45106650

SHA512
5737b59f8ce512d96e037984240aa32a0d1966b30931c34124d50d70105a4bed15170c3aaca6797c8865a1bc82a0f378bb304dd7dc6286770844090f8409aace

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
94KB

MD5
f844dea541d6cd6e73857245ae7e47dd

SHA1
3f025b2b42b068fdb0674711ac8efb6950018378

SHA256
e145cfcc6cc677ec77975c1370d5960ce11007131cb8e28f68c81dfacf3a06a6

SHA512
2d1ac1d8a76c67352492eaab6fbf73921a74ed80e979bbc50a92adce19ffe717483fc7bfee2832662acfab0832f68dde05492c61178c9c4ebb5c0b3f917a5b9a

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
100KB

MD5
dbeb473154eea03015416ef5549cae22

SHA1
10b89968fa75a955608ba13ada3502bf2012ae5c

SHA256
bb14e1a7185de5b6eeea2b633172e1b51ae877cf9d866d6b9f5f3f147c1d52b1

SHA512
324e41a82fbb5750967111f69429deeac0f34522dda861732700c9fbb47ed230000205c0c9713b0660fbcea6d3fe4b1a850c9ca75ee7b0318d39df5d553d9384

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
97KB

MD5
b1d437f3ae1311f5a34fd28797a01997

SHA1
067d8c90868670685f8f18269792f22fc3f7fe59

SHA256
0db8d83140e98548c91efa73c49633497887c14378278b41dcea4221137d9996

SHA512
fed19fe5d92d99e9635318d2af72480398f2dae4cec117a8939fd680a7a1c29887b0b0112ea4d955d6522e52682bccae18e5e8eb83cf1ed35d5b2ce10d12060d

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
92KB

MD5
4f8d26723684fef52ad1860db13468b2

SHA1
fc1d9a2990655453e7c5003dd4b65fbc7471db95

SHA256
41d3baf2f330d5dbff880f426ee9ebbe125e58ca2a71c2f288460ccf6cfbc73d

SHA512
ed0043b918653ca419bd8aba1baed4f1023aa3cdc2eb5a9bbb7ee3a1878067cd86159c2838334339e2effa3a33b1886895f55c7f0a0d51bc68c5054abc7718b1

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
88KB

MD5
43fa2ca913359b763109ae261847ffc4

SHA1
323ce400fdb2d619da1246bb89788a2ea94dc91b

SHA256
2c351acb4eae465e798eed4a05dc0781a4d048e1997ebf7cdddca996e412134a

SHA512
3beeeec825a9fda39d26466bdc824247747bd9bf11a027c8ce18e3c95e7f0ee5a0465147189eaddb5fc3ca79fe9a91eba53e896900fa51215a42922f5185d502

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
107KB

MD5
2054aec553bfee16e886a58af787e401

SHA1
b54a6c503a50a76f508d0d07b70ae58e7df5f668

SHA256
b8137fe298ed5f4e90053451124e22daf54b30232afeb0498a1b08f8eee317e9

SHA512
71fffe90f2a2aba4b7dff21dc086bde2cd449811a4cd5b9dfd9b7f68677ded918fb060e61b5fe58854c27debdb1635892644edf29eb8b4e8f835e8589f31306d

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
109KB

MD5
2b6ee6e62bd5f9996964b36ed2f2c895

SHA1
502ff9a88653f793944e24c30474c198eb411f93

SHA256
d1afe1688eec7661f48d014fd6bef336da38c248cfd6ea20cbaf1a0143439332

SHA512
f52fe5d708b1c4d8079b26283d1697d612775b741611aa1596cc6e5fbd68939157b23c6da2601ced5032f7db29eef5da7ed09936bbf2e3c2be55dc394cfdc10e

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
98KB

MD5
1ea713890ed3cf2f936e0254fae28ba5

SHA1
59c4fa44d5d6d0b74173ab6ed358bafaa23d43bc

SHA256
2f815d80910f66ca946e0b31c805ef250f359de133a23d25aed97931138d96df

SHA512
e7e1134799a56a963168cbd1c5c7db5ba0bd2c995445f581f5f2fc3023ace05bb00f0bd32a2a63202c819648ef5f327236977659ee644cd6d262c99708fe8c0c

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
92KB

MD5
0971eeb4781b0187f7079fbefdb2ca4d

SHA1
5a3721910e14bd59fa5e02ba8468b98fe78a3eb4

SHA256
cfa3f3894df2b1d3c0829228b6e18cabfaf8311ab3fcf438e7cbcdb0dd901e94

SHA512
664d09118a0f26bb62c8dffb01e952c3e2f067252310e5133113fd5b9aac5fea066cf85f8a01a2c5de899f2917e78ba6c5cacc5c583824b01a0f4491fdfbead7

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
93KB

MD5
882b8f92186f055e42815ef56c0536b8

SHA1
3a8e6322acdb28d3beb79e7752dde8bf7d1706fd

SHA256
d9e1a19383fb8c97252fdf8621e7d2131562e077157fc925f9fdfb7ad4f8e98a

SHA512
20341c4838636a60d1c7c8a4d88cb5af892ded9c195c88df3e79d1ac3d2904a256c5e6f06ba843b602b132c2490e0a23810b688af9635f664194995073d05206

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
101KB

MD5
44da96013f00e8ec95f1be31e7d4143d

SHA1
00e0178b786bb4043d983a270f22b48c29762dfc

SHA256
8fd6babf15da6455f5b12f014c1ae2acaca429aa95c1d8c7940d9a5a5980b041

SHA512
1050455c31dfd726c6742581636c1f5e51f1ab1b96af8c200e93ea46444d3c62bd7cf575b5345dd7bffad27417b94fff8dc6a42b53f43402729dc6850a91c642

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
94KB

MD5
f85aebdd15cb50812d8c431213e6bd7c

SHA1
2f1a00ac9bef54c46c643ea40de14dd587f4ae1b

SHA256
0fb6024de782aec3ecccf5212972c39d2065f4f15dbadfcdff44f6589c9b2385

SHA512
1e63ed37905eecf9972ee59927278cc7a8a2c0c1a5f9b3bdc7a7d90cc265c567a2fbcbf2a3bfa8e02f2d0c424ad7f77b40e07ff5fd16c5df08d92e9f2e734dc6

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
102KB

MD5
b31983fbf890de1f36109d8cd09a4478

SHA1
af6083095eb87df6f943f2a952092388700336e6

SHA256
9d759899c6cb02fe4638609da31d717785901076642cc749d540ec8bf7f3da41

SHA512
cec621b8b08e0ec38ba5f020fee32e83b19e11951deb87473ce52709eab786e11b2af0b6cfdf941283e256f5a0a694c059138afeeac4b02f4afa0d52b3134646

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp

Filesize
87KB

MD5
e810b34bc7b843905a289e4f914b8e5f

SHA1
2e1f99f54668e039cf4f922017f769af098939c9

SHA256
96437a1a981a3062952b0285cc4c9e8444a5e6ae58c429611591e6d6c6b8ab46

SHA512
186a4c34c861bfe517dfe5bcdd9aa713b00a4dbab128b4e1891cccd2665456e87a579328665d8a19e4e3ee44f11c4c25209a4c24a9c6534fb0359c4386509d92

Download Submit
C:\Program Files\7-Zip\Lang\pt.txt.tmp

Filesize
97KB

MD5
237c087b32e20ebc8977ded983a0f865

SHA1
cfd8bb3ce0cf97df83f3914a02ff28745589a72c

SHA256
20e3d748753a1bb865380ba8b0df1d9e39947938674c8997a7c875dc7411bfd7

SHA512
c33fe49a608a36101cd1d3064c3401d5be7009270666f82ac8004fbf4b8ad2aa0f540d5dcd4ca2edf125169a3dd0251f7899b12f96cb0cf2d7545aff64116791

Download Submit
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp

Filesize
105KB

MD5
d952320fff3931415f63bcd6064e41a0

SHA1
bf9f2e44837ee4095ecbeef3d169c2219a6c8059

SHA256
821759db164218112773fe47559117af45ab5172e8544c2fe77f1e19b618d99f

SHA512
f78a890ca896baaf1a4b171e047b37b10e6a861e93a4b65ab0277e99462f93ad1201d8b6208abb039754904987d7e535b00757d35d2f503027de1274cd6adcec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MS.POWERPNT.16.1033.hxn.exe

Filesize
88KB

MD5
f6238ea8b911a8a3790a78160ac2f114

SHA1
30f60db442d64193a12ec75e92856290810cf33c

SHA256
63ea5f5a58401dfa6791b4d6295e67bc07dc056add43d78e26517fb744c5cd21

SHA512
6c5c7c49b21dbbc608fd004ccaf03c1ba057141671c45040c142a46dfe8f90dabd5684ceb7dc1090131fad7d9e34e5ba62c01e102cb71e536ce77e75a57ecae1

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
87KB

MD5
31bd68ea44790a755717f40b1a866c36

SHA1
93ae8b598678ceb81a06d65fab836b7b8096aa21

SHA256
f99a71e029e93fbb956628080c9f227ce0f86eab52692a0dc38e2b949878e565

SHA512
b3c8bdd94592e20a064bb171599ebf6085a7b961a9ab2d0284eaa6a20017a9eb6897ad203a788e3affcc1adeb52eab969353d02607538ebcbb4068c5b6ece5b1

Download Submit