7fc8d9dc4e94247c6d5b8be4708f422d6c12ee4e7f0370636e473d55e613a3fe

Analysis

max time kernel
120s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 11:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f8cc4a565b49022cd6a7de0cd5cc5c0N.exe
Size

96KB
MD5

2f8cc4a565b49022cd6a7de0cd5cc5c0
SHA1

b82740c5f6dc904c5fc80536446d1da3a81860d4
SHA256

7fc8d9dc4e94247c6d5b8be4708f422d6c12ee4e7f0370636e473d55e613a3fe
SHA512

f20d51203d20863243818e073e43af22347c8f54af23d3c31d2bc842c260e12729c86c79cfbc431cdf165bb74ff1627fef157c019a4bffc65a0f801e9edc4c76
SSDEEP

1536:W7ZppApN0hcM0hco7ZppApN0hcM0hcW6e:6pWpLpWpp

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4688) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
5024	_MS.MSACCESS.16.1033.hxn.exe
3552	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	2f8cc4a565b49022cd6a7de0cd5cc5c0N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	2f8cc4a565b49022cd6a7de0cd5cc5c0N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.Core.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClient.resources.dll.tmp	_MS.MSACCESS.16.1033.hxn.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\jvm.dll.tmp	_MS.MSACCESS.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt.tmp	_MS.MSACCESS.16.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.resources.dll.tmp	_MS.MSACCESS.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ppd.xrm-ms.tmp	_MS.MSACCESS.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OAuth.dll.tmp	_MS.MSACCESS.16.1033.hxn.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\ReachFramework.resources.dll.tmp	_MS.MSACCESS.16.1033.hxn.exe
File created	C:\Program Files\Java\jre-1.8\bin\gstreamer-lite.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ppd.xrm-ms.tmp	_MS.MSACCESS.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ppd.xrm-ms.tmp	_MS.MSACCESS.16.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationUI.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Types.dll.tmp	_MS.MSACCESS.16.1033.hxn.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui.tmp	_MS.MSACCESS.16.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Accessibility.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationTypes.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-phn.xrm-ms.tmp	_MS.MSACCESS.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.dll.tmp	_MS.MSACCESS.16.1033.hxn.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.tmp	_MS.MSACCESS.16.1033.hxn.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\host\fxr\8.0.2\hostfxr.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.SystemEvents.dll.tmp	_MS.MSACCESS.16.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml.tmp	_MS.MSACCESS.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	_MS.MSACCESS.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EntityPickerIntl.dll.tmp	_MS.MSACCESS.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\FUNCRES.XLAM.tmp	_MS.MSACCESS.16.1033.hxn.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\STSLISTI.DLL.tmp	_MS.MSACCESS.16.1033.hxn.exe
File created	C:\Program Files\Java\jre-1.8\lib\plugin.jar.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Aspect.xml.tmp	_MS.MSACCESS.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ppd.xrm-ms.tmp	_MS.MSACCESS.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsBase.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Primitives.resources.dll.tmp	_MS.MSACCESS.16.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Design.resources.dll.tmp	_MS.MSACCESS.16.1033.hxn.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md.tmp	_MS.MSACCESS.16.1033.hxn.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\icu.md.tmp	_MS.MSACCESS.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ul-oob.xrm-ms.tmp	_MS.MSACCESS.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ul-oob.xrm-ms.tmp	_MS.MSACCESS.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Immutable.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationCore.resources.dll.tmp	_MS.MSACCESS.16.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.ProtectedData.dll.tmp	_MS.MSACCESS.16.1033.hxn.exe
File created	C:\Program Files\Java\jre-1.8\lib\jfxswt.jar.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic-Palatino Linotype.xml.tmp	_MS.MSACCESS.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.Extensions.dll.tmp	_MS.MSACCESS.16.1033.hxn.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat.tmp	_MS.MSACCESS.16.1033.hxn.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jdwp.dll.tmp	_MS.MSACCESS.16.1033.hxn.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2f8cc4a565b49022cd6a7de0cd5cc5c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_MS.MSACCESS.16.1033.hxn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 5024	3028	2f8cc4a565b49022cd6a7de0cd5cc5c0N.exe	83
PID 3028 wrote to memory of 5024	3028	2f8cc4a565b49022cd6a7de0cd5cc5c0N.exe	83
PID 3028 wrote to memory of 5024	3028	2f8cc4a565b49022cd6a7de0cd5cc5c0N.exe	83
PID 3028 wrote to memory of 3552	3028	2f8cc4a565b49022cd6a7de0cd5cc5c0N.exe	84
PID 3028 wrote to memory of 3552	3028	2f8cc4a565b49022cd6a7de0cd5cc5c0N.exe	84
PID 3028 wrote to memory of 3552	3028	2f8cc4a565b49022cd6a7de0cd5cc5c0N.exe	84

C:\Users\Admin\AppData\Local\Temp\2f8cc4a565b49022cd6a7de0cd5cc5c0N.exe
"C:\Users\Admin\AppData\Local\Temp\2f8cc4a565b49022cd6a7de0cd5cc5c0N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Users\Admin\AppData\Local\Temp\_MS.MSACCESS.16.1033.hxn.exe
  "_MS.MSACCESS.16.1033.hxn.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:5024
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-945322488-2060912225-3527527000-1000\desktop.ini.tmp.tmp

Filesize
97KB

MD5
2bad312d1801abdbe4d344487afd08dd

SHA1
bb1998c7bec939670fee39f877734b8ed62bb9eb

SHA256
86cc34795a55b08e2cff0f7c0039c087c9408ecdb80dfbde7f7690fc6f28a648

SHA512
69c5e3494f87f085e70d99f5b94eeda51225d6e4aa8dcb46c04d2885f40663b9f5db3fc214c5ae88f7ac29e8233f25d61c7231930da635ba488775a8504939bf

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
160KB

MD5
1cc52c67d2eff64adc85e54ce0c42284

SHA1
7b275a62515df7d75e652efda64bacaa06ff231c

SHA256
b0ba45cdd0924c669bce496395a2b83ae6afeaa3b3d01cb0784c3b9d15e3d034

SHA512
f72abd026c48f937057426fe0bfe393f9c02fd6d329cd3539767c3b9e47506b571ff4326b1c9946ab07dc08b491e10808b6992552379f12e982d8c935a7fd1a0

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
113KB

MD5
8295190392535a5bedfe72c6d20d4246

SHA1
8e9b5ba4787fa6cac1a24f625c194806ee5ba3f6

SHA256
b77a5380521ab6c3bc9c80af6c51d867d40c44b50bcba61b08828e2467a2e4a6

SHA512
fc117a88de199e252d102653079111352ec3013d50dbb1f5496af730cc87eeb7479c50a96009771a5de2a878e62d60cda6af26a4ea4e966726693b76106ec276

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
17d6c75cc17dc461d7f025e37b0a1a3d

SHA1
d01d21a0695650c59b6b27dc5548405b0f39146c

SHA256
735b4e66cc6d298c6d74338d09a69be3bae7526eaf0c46f740d39aa8fba94f64

SHA512
6b3e67ef92431d33bea73c37cd39725c387297c121fa6908664ed0ca3de99593c7c83763b067ff79408d0ac970a370506c4cd692dd30c8289868e60556b66fe6

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
592KB

MD5
77a920ce9bb750b50cc1ff267d3adec5

SHA1
47f480a0c551f782d387c8c08ab5c64de51606d2

SHA256
05616fa949ca54b21392aa9c200b4fef6dd8911bdc82945875b22fd70c014f66

SHA512
14a79cec56b33dd4de7ba91451f3a60c2d92a0a71fac514a35b9c77d456b35543d7c904e4f42f3b747fea3fa13f6d1c82eb260a4452f4506446f287ba6e14540

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
258KB

MD5
a4b79dab56f3c34767bfd00ce139c4f2

SHA1
efb7304e54a847120b2f8fe3c9610cbfa7ec4020

SHA256
b71cf1c4b5263472c8c0371cca201d4330bdf47af098df7d57cf670036f23961

SHA512
d500d3d774153c771fb8fd1858c6a43655b0f34dd43add797d4de41ab1599e7b2528e9ef129f1d55229f60da3dd303f8ed6a4d9e975145e4152053bf42d2583e

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
237KB

MD5
78d7539c91a00efb5292c56f9046f33b

SHA1
edd79dd90c48fb46086b8b29fde9d86e597eadc3

SHA256
a65bcc87b95a668bcb11303b8236b2255e04dddd4a79228b6a10e8026cbd8533

SHA512
545b1b4fc38ce638117e8f1ceec0617afd7c06422515dcfa4d034c337fd5e8962dcf7445dd87cccdd417edb9d63a4f3f37c026f93ac56ed2297085338b9e54d1

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
979KB

MD5
f23932a2961beeb1242f9817f807296f

SHA1
d9b19212a438047ffb98f76058ed17c85e2431b4

SHA256
5f23d564540c6d5692612125d99b08ad0b0f7f75e0b9a52f8ef0b84cb74a1eca

SHA512
9069e197a560b6b027046d3ca3a45314c22d4f511df14a33b39389ef5c6d98f1b2324a39a227f8b0cea0a6e921a000c267fcdb6f19c9ce2cc83001f4500e918d

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
732KB

MD5
17a1ed612136cfb70b101a5701afdbfe

SHA1
93f56a7618e8845acbcc003f3850cf0cb2886033

SHA256
0dfa89f98b036991f7a3c57c96c7ef147af8ceabe3f48b951ed9df9a91f14314

SHA512
f0e84e6a1c9dfffe8e949d3f6cf3e606ceaf065e88edea513cf56db1cde72c6554eb7b3dcf46817a78afe32f834beba8da3cfb436d366c91730cef8a4dfde0ee

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
57KB

MD5
a493c91796248f2d511510d6cdcdb303

SHA1
8628b12a73d3db3a8f2a21ea45e17b2075941bc7

SHA256
d13e63843e85fc52e042e768225ad4cad7388b3ccf3ae55d52c8a887d15fcb0d

SHA512
fd8409daa7cc6fd80386b6227b2e0b76d21cdd7fea4eec49346df61e78fdce058c2c6f4049d00186eae01bbc2f94c1a17facd53c12efa077c8858147f23486ed

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
55KB

MD5
ee6a000798c9e51e79d960eae605337b

SHA1
fbadb82ac60a8153920ce7722fa34b76770abe4e

SHA256
5e2f1f4493567e004d90e5b8ac664f1ea37839f4b5566a2df6e012fd37645165

SHA512
525551762f8b66f1f6f53e005faf8634fa6b3f3f9626712f5b0ca01a0e8247f7fff75626a6a1cee925780e003cd6cd9ba8c831fb0658630ffd36dbdbfad2296c

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
60KB

MD5
4916e4fb2a5d171f9753042d7498fcab

SHA1
6838d3b44d555271291600c8aec6226de7e03bfd

SHA256
8ff191478aa556115d3088e6abe7a558995a956b16394cec401b7ffa6ed57ad7

SHA512
95338ffc9628ec365c6eab77841aed6d0c0d48a0d6691f0533ec8daa9bc3edd0e1e511f364e46f9a7e79f4747cbf7bb03a9f8ac87195e7ce2a3da5035b8184d1

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
53KB

MD5
0d9461a2f41c8a9063c98d423fc881ba

SHA1
990bea341691314ea7043c9c0638231b2a53de70

SHA256
723eecaa018b8df4e6fc48f10fbb32df1f519afae78bdb3292145372049293e2

SHA512
b498b99bdfd3646241ac226e6193acc83f19d026c2a7f63fdffba5ea2013c84204bcd2694d2adc1d97ffc2e76054b9c372f92c1169b0f3a1fc974875d87d1eaf

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
59KB

MD5
12bf90ece3c32ad468d833ef433763e2

SHA1
7576cc3b2c9fe82df055f22d4c3938561f632f87

SHA256
5576a865378fcd01bf074782d752acba3ead9f75f639de1e836e2eb8edd4d3fb

SHA512
4c905963cd736170c8b687aba07d03b28e1638553e6a53515e384fdaf8a4a284e64fe4a599a8a8219faafe552b4402ed2f39e470d6c105f9fc1c183d28ac97d9

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
60KB

MD5
487a92fef078ebd281256ce74b949251

SHA1
4c91d7c203fd85d5ec37e2d9c6e4277a0f06e2e1

SHA256
36532a5a18052ea6c964d4227392f6b44b581745b8748680273119813b69137c

SHA512
00e39c74ddd23634d0bc0fd4c50936e4d47411d5cd02220e8b09b35e2bb0a0933b938234f5f38289e1d270d1d70e8db8e941527c604ee6f46d2f5933de80df7b

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
53KB

MD5
2cfb3a7b7a9de1b0f92dbfff55cd8cd5

SHA1
de77379346ed33a5c22c0096ed4c38d8f71e7ad3

SHA256
8bc72b5c4fdcd6edc3302eb1dfc5daafd6d9e37893e841ed7ae79611acd93466

SHA512
acbe5afe4b2422b2b9e1ee388205412954f99b5139e477374bd1543135e5898c08b1fefb74d11f393d77db7ca4b3872cdd270e1f6dd8010b35acc19ec2ef431f

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
57KB

MD5
f9dcf705a54f0a6740b7856b521667c4

SHA1
0528e9c3c8e15ee7dbb5698e6682e8115fe0555c

SHA256
ce5940336e22510c7da6ed8ff8f92225abccda51156c1c8c796a582b65b1b697

SHA512
1ea2b7238c4e8cae815ff20e033292c95fef52641aaf92eec5046b7d823d4ffe019d4a27a534193f642f88063d269917f937b049bfc196e903163550c6d82ef7

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
58KB

MD5
d7b414c4050165fcb3a5ae9a89377ece

SHA1
e7212ac607d0bb266e7463787aa96c643754d2a7

SHA256
cf9f3e149f68b1dbe2cdbf65691d0ab255fe62221694b86908e47f2c16f87317

SHA512
350eb140ff54c26920ed098176d16430d1d92256cead625395f709459a93cc92f29d3de74c32b4065436869acb1fb36bb113dc35e9c2150fab4a146b729c2140

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
56KB

MD5
8ad80a2258aa5dd38905d8396804340c

SHA1
03a68af66119472fa437a640224cfa8f04a5f530

SHA256
46c87a2dcafa4018d64123633e6d0a5dd1fb34a8c1c0a7685fb6b285ac428ea0

SHA512
5f354ede04d9e03c707718db7c234641b7391d8a5352cb32e80d17d73d490f2c1e5adec48c3dc0a43d69d4abc42d0bb39a686772be332528d22fe6685fcea576

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
53KB

MD5
81ae2d2495a6fbf4dd29a527c40dc418

SHA1
56b9f226aeb74e0b2c5234bf8eef4131c3c59f58

SHA256
b497adf9533fb8313bf4d220eddba19ab6f5c65ceee64d81d349b907f431275e

SHA512
a73cac101ade02111b41d3f574c7984456cb036288b97b830f37057af454c2bd990104901b3089cb151e165910265e34a31a6d7f6336f03593944118ed704bcd

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
56KB

MD5
d419af25cd35cb6784ab8993fe797aa6

SHA1
b7e9ba9c02f1a42617ea5ae72854d6bf32221072

SHA256
7da4792bace9a384d8e13fda0fdf4573dd1b8572056068b5cea5f561241e73a0

SHA512
37daf5d136e5a0d7ed65ee0dc0c0f67bdfdac6afc77334ef8fbb80d78d674a05bfad28c94ed2cef50332051c7937b77f995c1fdb9dc419238883a0901785ce99

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
57KB

MD5
31f2dd373d3fc0d9037818c43c1139ea

SHA1
b8628ba5d40366c6b7f6245061494cc126c13daa

SHA256
9480565781a797729adb77fdc2c9eac102cc96efe6f0227688d0502938cf5061

SHA512
571521d1c06059ef88429a94fab3d691624bb216b844e7bcc19d90ec2b80a1f301686705fe2f7d4d9d4a2cd279c3a340827d10d7f25babb0d0e1fcc931244584

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
56KB

MD5
539699d422920ca3c73ece9512523d8f

SHA1
c5635b8ea3c6ce75bd582ded510af6ede0588935

SHA256
3e720f54eddca41ed7c652ce5e153521fc64f9b3260c87ea9db098cdeae9967c

SHA512
8cf3d54ff3ee3f03aafa7b3cf5862f98ee6ee93de39bc1b9ed8b208a519e62f076f5b85ace750d8e90a768d9eb4988c07916158ca16eafe55c842daf94badaa4

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
53KB

MD5
27da935178f8e176f269ad87568ff1ac

SHA1
56d9e9dec9517f2999cc10f4d7a23320a01db342

SHA256
eb28fbb0b193b78498f2490fda88594d1a724ef41f079314b9dbaaba895f5384

SHA512
2e622b592e4bd32ef97ca7d458181d69ffdc7654147676b7de8a5a9c3b4212829210fb08cc76bc315fc57b7bb2f1e3369f8ceee48f230061796edb5f7662af1e

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
58KB

MD5
c359fe5cf20ab782c1b1c5dd7c624e74

SHA1
697a908a4a87e6618689f6e8e944f70915452d3c

SHA256
00b5b18d53ba7b0c863908de486e6bf2207ebfa3007f20c97da517e636c45d48

SHA512
935b3c7f41d0efffcfd198961a54a032aa6981537f1a047f6817a973b7c11d72d203306422278039d699f2636a5c75904f99692e5b5692b801375caa516bb372

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
57KB

MD5
375f03af27c7c1b53e1e5ceceea8e1db

SHA1
c678370957999d30522c95a6d67de57141bb8464

SHA256
38a30f8de34a924f10e5f200e92f30689ac99b1244db3310d39a8e920ef4d572

SHA512
351d91a82b096acbbcbe86e993c14c88954accc4665d1c997032fba0fd7f043d3ecde3379c4ec3f24f17931235e5c4e48e6dc5b8241f6efc8e17417229eee041

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
56KB

MD5
9fcfcec6dbd61520d11510ab54f949b0

SHA1
ca837759cfd48d794519265fd0ddbf4dbfee706a

SHA256
593eb838e000f4f20b893039a269e8bb080bd18280cf21ebffac40f0e743486b

SHA512
f81e72251e38badac957fd0f88010f5e7928fc5958fd84118cb7bdd0b12feee19450ac38c36ab21cc0a4d3490cb2e4feb7a022a2a457719151f41bb8d41f3faf

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
62KB

MD5
9657a6385afbaee278efe3bf0d3687ed

SHA1
d9e35207a70e1988472c93605ffc31ed2164a0c5

SHA256
19ced607ef5c50839569b75ba820508ffde766bec96488c3db64ae52beb96b6e

SHA512
a5d70916aff7767770f0ed0a271e339d83d5ca352ce4783eba2972ef001ebf8e2a7d19f46bd856c6dcfd8fdfb981d50d82bf1570c55dadb50ed03a6052431b45

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
56KB

MD5
2fd6d8f7de0d130e47030e02897ec4a7

SHA1
e25326bd1145cc0c0ae3f53c57b9c2e0457dd311

SHA256
949a418882d09158511a9b329cf0ba5a30400e97b949c0aab186f35b7e134687

SHA512
557fcadaa5ef7a0b5235f4790b3692ac43abd758002d13c6db246602fa6149dfd468d867e072a09406e2c44dfff56a84b4bd08fc662dc2dd9ece602adb2d851c

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
48KB

MD5
2fd7c150aed774554d5ceb62a2ba4fa1

SHA1
80d9952ef45db163d9b2590359f50f006c9b34b0

SHA256
aab80c2a69041216e9656902e696f029652f060b8c9196f51b2e12b08358d003

SHA512
b60fe5853fc5dca99f96ac63c1befe410578e9268f3ea15fb70d916696ebaf5a3a5f4ebef318f97e8545200be9a6400f4c73097fcf0935ced23951416682c223

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
66KB

MD5
54a32cc78eded239bb325fa86a821ddd

SHA1
89d9b6e9882416e7ddd383ccd12b0bda9af1f283

SHA256
0bd304d4c9959e762aecde1bfa4143695bb2a8c92c7b13509425aa7c22c48b4d

SHA512
11da9ab6bdc9e1fc3ce00f377d196c6f025ec9c503138279044f1632b002c7999b1a71a282dc7cbb27de43e02ffddd70ec710204bfd10e5e40d3f8f1e3dbec99

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
59KB

MD5
2fba0b1d1cbd0ae736f42968970dd085

SHA1
eeaf7ce1d1263d8382eb5e4fe1d5c8cf67e328fc

SHA256
c4a0771a4dbf310639e9217aace4a29cadda4eab0f60c24111e52f6a2b09c689

SHA512
88de5f55a4be9d5d257a00e4816cf10c9a0ac98d60fca83dbb6b32e9f9f7be76703a48e9b84df4c5e3b89277a2d65545e339f123562e561346207adf6cfee790

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
66KB

MD5
29477f4002b62c8d2f793e2cad072ec2

SHA1
74218682d0accc4b951fd35f20d34e15efa2e97e

SHA256
1c4c088eb6b8e8161c532d6d831d9e00a547c3d44f01d155d6fb98d59482d25a

SHA512
d379983685ab4460ff373a31af4b93870023c9f1a3cebfc34c43a6d25a576750ad8d0d184038b7c297725359a7d8297bbfbd43b917dceec054246a97f06de0ab

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
57KB

MD5
deff6339c745d871901c70fab1ee0e9e

SHA1
2a22ee790ad95ecdd6c1525430180078a52c91e3

SHA256
9d5b0404676b2471ce7e592ec95f1ea08d6f3e566f01f6d48143f80d51ed00c8

SHA512
6959d935a1570b08c566bc29dc3f69c754fefbd2e7c1cba8a4b0d8e00418297d4c49538f2a114bbd382e8f6b8ead637eeaa91bb9b1a328ceee9354a56298aa5d

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
60KB

MD5
9be5ebd6350f2bc3af69bb3ea7e917e1

SHA1
8cb43d1dc9f3d018fbe0e163169566acafcf5f0e

SHA256
ae09725775317f2f4b5dc297d0cb7742626b713b0d0061157abbd073180e1578

SHA512
c63c5daa39fff567909d7d84c5ed5db42f9a3224319652d87c21124e622650cbc1fd261a532c4db1f6b495f261caa566e869a1378e8b05e0c5f178269b7ed603

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
65KB

MD5
9b90a77762f5d3de62d8d1120e28f447

SHA1
a9fba4db5f4dec62ad40b6bf11215fb75c5def53

SHA256
bc6bc8fca0bb3e93f59afbc141279062398c55f4141aa4e93b6233953e33e9d3

SHA512
2ff8034b4df82e90ec807b5ff9aaf922736c8349bab421cc415d959a414f14ef146e03038b0fd434cf1b0fc2d0c462fc22058eda1c6e2fcd580e68c6482735b2

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
55KB

MD5
73c75343185a554d75e7ab91acb69c69

SHA1
3f48062faa4333d829a3f3a249771a8750649462

SHA256
c3abf9d89c0973151247a7ebded75b40ab8ae4dcf9396029bcad83e3ffaa9f05

SHA512
4ca38454c74e2ab465dc77670603611bcfad36bd8c6ba78d39ea9941dd4abb0e62cbcb1dee7ec3d186b3f3a60794619c4c1f77d9b39f65fb3c220ca770808b1d

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
56KB

MD5
44356b843e77ff59ef7265730af41398

SHA1
5f890becef2cc4459e19dff87f78dc6c07e08d69

SHA256
5414601478549bba9865284ed4a6b6fe71225a4faed9a0d4da0e9d6d37fcd519

SHA512
c8b1fe1990b417eff28b132fd98ba7deeda2ebb5084db58903b5957a8b152be76329f0906c4ba0ceaa63ced5a44d556ed9f88febeed8e5e73620a95a8485c416

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
58KB

MD5
6e103bc4c404688e6e3524d19ba3ce52

SHA1
d0642c256d30d96c80344ad81cd81ead92499ad4

SHA256
9af38884f3f70b7cfc49339bc0de7c9892fc5265986bc4b8048b8b1822adfc75

SHA512
0000358f8deee29260a61a08e4fbe2457b77448a0f78ea450d90c6195ab5d45d4ce34cfdbd214ede9eb09bd008c28c7f7f8d86996b32c3561f047b10c7c6e54a

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
60KB

MD5
f889b4a418054e1a22cec6401d748658

SHA1
fbf4def2ac52a59639e888e15387dd7cab9e1465

SHA256
f88c3118704c92ae399bd89ec6767717861012c8c0d464cf0ba396bfbc9d914d

SHA512
5d8ab1422d3e3e17606b9fa95ec4b39024b432b23bbe0ff35ee5fda3b188fd754e2dae9c46f02962b6aa6c9444033652b714dfdd627b0013d9e83d654e8ac3cd

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
54KB

MD5
326cbc3bb928b5a40a115f3bb42e81da

SHA1
489c8268916c33201596a73ea6368a32734ebe0a

SHA256
efb439110ec0ad6a847784242128c595d9be276c63c0e1303aff54d2cbd3367a

SHA512
616e79230e192ecaffa338714b2a97af815bc1125fc8875cb8c39c095ee2b12208f1315253e7d901f0274d4a3824db1dfb6b1350a45d4d032d57832b8fbc6a81

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
57KB

MD5
f5f35329686b499dc85063388872e6e9

SHA1
57043aaa5fbe552762f225d1269a4fe3460a3bf1

SHA256
f6b388ff5a9ed0936facd37fdb19b0c757970b8372279b2e74c0a621cacf7ebd

SHA512
56daddb52b5f6ce4477f665de32c1933e5c39767c0d88540bd72c70fdd4e99d915201b4ce1154b446d47d94caf7bff81462a2436f60a56abce57e4bc59d733c5

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
57KB

MD5
2892f84761a406e0a117def972802302

SHA1
a58bd5ddbd40448ff2b2413f47b2c2309b3f4e63

SHA256
77c44ed46fabdba7bc6f0694b2812b03e9a4a6aff9982c781b9bf2bbb44823fb

SHA512
48ab8025323d3f20f568be8a97384c560430092b29d9d32f5819d64c0c218c799d658dadce3abda86d137cd14a22acb844fca4cc449d010f359a471947db29b2

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
68KB

MD5
3c25db6860ba70afb24a30eb949672be

SHA1
bcd69ad4daacef0353eec6b9bab51ea02d17c167

SHA256
174f989ca488180540d9b9041323021bd1a3e94c3483e1044c8b1f1896c8c74a

SHA512
0dcf66a7916cd0b45e20caf1c1c1d97292c7d6a6c0d0ee31eff68633097ad5f6791dd97859d9364f35ec76707552c12fe600c37e49b161d6d9d6475f72fa3864

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
69KB

MD5
d37b9983b43d55fe08a4c65bcad58568

SHA1
63dfc612db02e4524cc500f6739024f974058d53

SHA256
0c91da5de7456f824c7ba59ccd10e009bbb533bcc45caa2932d874ae37b1958e

SHA512
f80c51756d5bba0b3f01993d7450c85e5901122f69d99a5823804b973d58744cffb7ebcb1c2054652227a0a5058524c76cbb8e85bc322640063c22b82af12dc4

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
53KB

MD5
2662c45ce77106750005f4efa7f4a52e

SHA1
b48965079df307129dabc26ac268c7de5eb6ff3e

SHA256
50db2cd85dc9c5a4267e5a6a1d20076d8e48975b4eca190e72257d6239aa615a

SHA512
b504e57c0806bf167b2cfb4799aa390e6d5c0b7b405f2ae0c16c1a35f5f0a8ae5aa3bfe7dbec0204e2a6dfb1bb7bb2dff268f7629aef76417f717429186b723d

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
54KB

MD5
6ade051eefdf29bb02144dae4537be0b

SHA1
bafb4843eb70d7754ac29ff20afe3a0c333e57e8

SHA256
3ceb8a1de56ae038f041b5f0917ccffb3f48a021d69f51b72949ecbd1083db02

SHA512
31dedf47b72a0f3c85715851283fd52a36cb074506b462ed24c2b07bf82a900e506eb3cf28c589ca3841ccce98f037b7119bc0220262774498e834e65602f4f7

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
61KB

MD5
3f943e7efb87bf6edfe63503d4b66e6d

SHA1
f409d8abad4180026b436c834a8e8bf8527a9828

SHA256
e72604d4938f7c798bb4ebb435aac0fba8d7ce36fb0954977dfa7e58d28bb41f

SHA512
95b292c8d73e7b2a3c6b3b9b908460eba626d6086f4f6d98ff5304121db4301af1f9bc7dbe64aef1b44625d8c534d986e35b130068491681b9fbae38ba598d98

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
58KB

MD5
428239eb8674382e7988936e70a0ffe8

SHA1
e044086b3f2eac6e44d76ffaf92d627f60135ff1

SHA256
60a221b53ea81f7f5912f3aa82c3f6444f157f12fd2e4bfdf66c1cad264c09aa

SHA512
ba45cd5e3a44d3781ae836cd5e4040dab518ff3d73274401275ead816f143c98861f7fa1720efc0029e5cc8820ff8250b854bb162f45655ecd1995086c4066b1

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
54KB

MD5
499db5874171178984b0a5119e0479c7

SHA1
8493c9de52745b462d6c92bea376c60c67cdbada

SHA256
c53ef67f12c3b96850680d9b91b75ab21117a246417f9a487907d24db38d21f3

SHA512
221c0919d43e0297b842357f878d23bdd2c43c9665dcfb228abd890b860174b8854c1aabf382391add8bb383ea0186e14cf215a9dbef6ccb43071132aa142fff

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
63KB

MD5
21c31ff4d57aa9836383ad8d5edc20fc

SHA1
2980052b70abdc21da4ef8b1e93a83c7fe6ec647

SHA256
e733ca57df9720a2703135bc252ea6ba0f04ecdd2821cd5ef2728330f24aa8d6

SHA512
035c9241f11a21168df083702bd5cbcbd42af630cb9138b53534a27c75f477c7b00be704197773dd78012300edea60048eaa3ddb396c2bf87634e5b3616caf6f

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt.tmp

Filesize
58KB

MD5
06aa4ed749291f766871cff07e585bcf

SHA1
5106ec53d1fb09a5a8711d3350d6f3a01095ae03

SHA256
98432dc670bfa1ad1351110f3df36aaf4d3beae9c1df82ed7b14956a3fcabb75

SHA512
3b97c070c53ab01a7a1677ba75a2fb668f71d5896efc09208a46e447143c0d26abed65abfb818bed613263704d6da20707bf3efc0badb5a301ef55e01c521632

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp

Filesize
56KB

MD5
e3fdfa94462984366ec5a267bc516812

SHA1
5fb24fd79bd54c53f830136cb6b526c3c6a1055e

SHA256
d86078be053adcf273ed269056ed3bba6e448199f93be6aa053bb01949ec6927

SHA512
62efcf84b8195f7aecc47da003f3eb02926ff54ea52ba774e9c7e5ec1c966651edb8377af01dfd034e89581cc1ac74a65cc9ae5810202a0db30a57e0816af3af

Download Submit
C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

Filesize
57KB

MD5
3974abb298a5950e654000712726433f

SHA1
869423a0f1b5fc8df7ffed886978a51cd01b1a08

SHA256
dfdcaf6e7c8214e76d4f53f73674a4454aa7b091dea4619de9659a5e82a8ac59

SHA512
997a8f6761d626015b384ff22930d4ce19dd840efbc2fed145e4abd318400ae10f32a22d1605e9384870644d2bb1b194fab4a84a3b4685a624cdff71250223dd

Download Submit
C:\Program Files\7-Zip\Lang\pt.txt.tmp

Filesize
48KB

MD5
d3f2b8d5423a1f4ac7d2f424774e6518

SHA1
ae3a0eb3d5deb30626c5a084348b06143b0f8c75

SHA256
d36af45a85549fd22a0062d51722f61764f660a02dbc7d279697ee1def9232eb

SHA512
d1cf5802277b2e968523d8fa4472a41147bae4c6a2f9a83a063ebdd698be6691f2eb6db0ff080ccd8165f8f05dc2b505490cb4d21c04cf91bf70b9574226c628

Download Submit
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Extensions.dll.tmp

Filesize
64KB

MD5
56a9abd5bea70022b9288717697afc57

SHA1
8236e0ad0665fc13cfd966f79764eb36168ccf61

SHA256
144b82c96d7b41ebef31311fe3fd441a91fc97f4164b50c3eb23995d7a0fa6ef

SHA512
509e650df9ef19aa67264c2934f02c39815e4b9f74b7f5ecea2a9748b9a30d24709619b1471223fe9219c178f2b21d6a2af4191f72d0624f151dd193da0807de

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MS.MSACCESS.16.1033.hxn.exe

Filesize
48KB

MD5
c15d8de8bcc8124fa3db7c2e8c7bf1ea

SHA1
aaa912b8ed4358396a873c1552b769100fa68c2d

SHA256
703f3452be0c6a69187ae973b576ae4788387db2b21f55fb44e51b15bcc78301

SHA512
7cc18cb8cb6d390c2d9094cdf55e0bb832ecfbb8e40083770698b47496c6680b66b5c56a72e5fb759a1198f667497dc46056cca00492f1251e0323ab3d6ce359

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
47KB

MD5
8d4b2ed7bca6d761c82fb46cd34e5a32

SHA1
8ae6b8a686061d2b58f193fa4fdb9674df2331b2

SHA256
21e63bd80389160ab30ad975badf83a480654aac77980a03aff6ff406e1cf9e9

SHA512
eeb82f85c8bd100a9c88ce77e6d5d5d09a78cdde1ef18ffeb67cc38521a3b8134f2bafe0b73ee45ef8aa4e5ec4a8375e44822343a5b973cb3e3532e932d68006

Download Submit