c8b138e442171b11f3e4c7ece1743a9928ca3893891485912b5c8a3d13c591ed

Analysis

max time kernel
150s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12-09-2024 01:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c8b138e442171b11f3e4c7ece1743a9928ca3893891485912b5c8a3d13c591ed.exe
Size

92KB
MD5

9cdc468ada03c59e4de75144f4601e4c
SHA1

58eff1c8e80feb1da76607150df7b9d7215c2a4a
SHA256

c8b138e442171b11f3e4c7ece1743a9928ca3893891485912b5c8a3d13c591ed
SHA512

0da8e40bfced00d2210eca84e664c22cdfdce58cb11b51f9f4ce4a973b7246650e949400b1cf9d1f864b4b44c9ced1b6ab6d03ffd2c2e386f697920f3ea114e8
SSDEEP

768:W7Blp9pARFbhOCQCPjv7Blp9pARFbhOCQCPjXz:W7Z9pApOCQCr7Z9pApOCQCH

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (5250) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
1436	_OneDrive for Business.lnk.exe
2020	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	c8b138e442171b11f3e4c7ece1743a9928ca3893891485912b5c8a3d13c591ed.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	c8b138e442171b11f3e4c7ece1743a9928ca3893891485912b5c8a3d13c591ed.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ul-oob.xrm-ms.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-100.png.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL093.XML.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsBase.resources.dll.tmp	_OneDrive for Business.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.IO.Packaging.dll.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javah.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\offsymxl.ttf.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN022.XML.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsBase.resources.dll.tmp	_OneDrive for Business.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Outlook.dll.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-140.png.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-MEDIUM.TTF.tmp	_OneDrive for Business.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-oob.xrm-ms.tmp	_OneDrive for Business.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ul-oob.xrm-ms.tmp	_OneDrive for Business.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-ms.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.DataSetExtensions.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\RedAndBlackLetter.dotx.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.dll.tmp	Zombie.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Slipstream.xml.tmp	_OneDrive for Business.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieTextModel.bin.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Primitives.dll.tmp	_OneDrive for Business.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Luna.dll.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PPSLAX.DLL.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8FR.LEX.tmp	_OneDrive for Business.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ppd.xrm-ms.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelTellMeOnnxModel.bin.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-140.png.tmp	_OneDrive for Business.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Extensions\external_extensions.json.exe.tmp	_OneDrive for Business.lnk.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\c2rpridslicensefiles_auto.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Excel.dll.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.Lightweight.dll.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ul-oob.xrm-ms.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbProvider.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Extensions.dll.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Java\jre-1.8\release.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-140.png.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\SUCTION.WAV.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\notice.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.DLL.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\msotdintl.dll.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\YEAR.XSL.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c8b138e442171b11f3e4c7ece1743a9928ca3893891485912b5c8a3d13c591ed.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_OneDrive for Business.lnk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4272 wrote to memory of 1436	4272	c8b138e442171b11f3e4c7ece1743a9928ca3893891485912b5c8a3d13c591ed.exe	83
PID 4272 wrote to memory of 1436	4272	c8b138e442171b11f3e4c7ece1743a9928ca3893891485912b5c8a3d13c591ed.exe	83
PID 4272 wrote to memory of 1436	4272	c8b138e442171b11f3e4c7ece1743a9928ca3893891485912b5c8a3d13c591ed.exe	83
PID 4272 wrote to memory of 2020	4272	c8b138e442171b11f3e4c7ece1743a9928ca3893891485912b5c8a3d13c591ed.exe	84
PID 4272 wrote to memory of 2020	4272	c8b138e442171b11f3e4c7ece1743a9928ca3893891485912b5c8a3d13c591ed.exe	84
PID 4272 wrote to memory of 2020	4272	c8b138e442171b11f3e4c7ece1743a9928ca3893891485912b5c8a3d13c591ed.exe	84

C:\Users\Admin\AppData\Local\Temp\c8b138e442171b11f3e4c7ece1743a9928ca3893891485912b5c8a3d13c591ed.exe
"C:\Users\Admin\AppData\Local\Temp\c8b138e442171b11f3e4c7ece1743a9928ca3893891485912b5c8a3d13c591ed.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4272
- C:\Users\Admin\AppData\Local\Temp\_OneDrive for Business.lnk.exe
  "_OneDrive for Business.lnk.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:1436
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2412658365-3084825385-3340777666-1000\desktop.ini.tmp

Filesize
48KB

MD5
8521581580e4072a720ccb6847bde642

SHA1
432274f842fb9797a2ddfc521311e3628b047982

SHA256
5125b8e2e82fb6b9ec029970a708373b4602e868d399b14af0db8426e62234b0

SHA512
947c237d700beab1c7c76c85b18ebd6aad5586103b89d5bc553cb7117681027e4162e18bb1d0ea87350c8197bc852298cad48518b4f0c9823ce9e2a13df38ef5

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
161KB

MD5
d032f34efee439a98d803612a5bca6a7

SHA1
656ef63d79882b4abe26da52cf79bf4882393d63

SHA256
2d115455bd822bbe5a0e54d4da0b0ea280d897aec404f93772b2f39a9173b883

SHA512
1f58243ba3819ed7e2ec3df88d88c509fb077aab0920e3fefa53b2df1332220895814660ddd915b530b7432c84e21b9922afd8037d3f3faed5752ccc67f3b0dd

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
113KB

MD5
3338dce857d763d03fb58705ddb4a60d

SHA1
78cee3702878a9b0fc6aad22178bd67b8a103414

SHA256
179de6cf5fc5b33385df3553cef8fa1904ba31bda3e24fd39e1f72020b3d6761

SHA512
2205b71374d0251f04994160632fbf7e3efabb169dab5d3e86704bd9fd468c1ef2be6a7a3fbb7be486b540299a2f7a516639392d448c3cd8931438a0b6bc039b

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
889614fb97b8a90cef36a333bd6d807f

SHA1
35a8f3a859bc2b172deaab58fd63d01308a71019

SHA256
14e6741b110aafad2db76c382c17167e96433bcda6d8b934c1d5e26c5f33554a

SHA512
66b950de746e77672e3a065d576bfaa40b1c2961a78af9795d5a8afd4f35b164404346cf38bec5cb58e594215029328483f362a02bd92e02ac30bf18f1ce0148

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
592KB

MD5
663713f60bd9e7df75a870d9af807b03

SHA1
d9816a0aea59cb04ad6e3af623110bd7d030b3e3

SHA256
b5055c6adc624232af430484e37b0747b46b7a9945be7f7b019bdf5724893f58

SHA512
e43a774923805db7b8785fdb8890126e53f74cd2774a62cfebc3b779c28b8f1d0e03773a085927470956701e3151f53262f30092b993f2ade9e7d034092233fb

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
979KB

MD5
b40f33d145e564cd270e916d58ec10c6

SHA1
941bbf7e08778d6aae8202b26b398727fcd709e9

SHA256
ada48d33fd0c2eb6ec2b65b63683646d85f90d2cea47571cc31fcfccc45f165f

SHA512
8b143a9b93492a041e202e9a55309d385014c92cc1f53eddd2ae1372c945b8445ea8cd81a0fb9ba01d984f0c0c61edb7dd62c3c70e1b4e98280f7706d302b8ff

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
732KB

MD5
8258073b2e61521754223b46d3aefe74

SHA1
1ac83bc7e7a8533f79bff8bfccfcb3ad82a53e9e

SHA256
7af55d7b4802fc5ce1a14c6ca825fbe45e371161d8d91d7baa06fd32c856d712

SHA512
33e666ba921c4c770be871d518631ca8c001a5f15d3de1e7fed48404b99aaf54bf4170e79e585419e6e10a05036dddc849b808c51da1e7508d08d9756091c8d8

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
105KB

MD5
c83878b2156468a6e5d28eccc3f81519

SHA1
d8b8ec682d66b77cdf6e5dea48a7a76fbadd3c00

SHA256
dd99e72d4b781b68a0e5b576a343903d5a9df1ee8b3f932c34ad57407e3dab04

SHA512
2e2ac1f7ca3d6f5c4c1fe2c5e78b94f210199af44eb1898f163bdbad8769bbac2d5ee5d13fa4d79ab176bfefcaa9c3e0378b7bb6eeb1d3c65af87fe63b4a6c75

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.exe

Filesize
58KB

MD5
82a3bba755a95735d0af34c2f3f739da

SHA1
f5c84d0a9e54b7881dc07d90434de20e36e915a1

SHA256
ba8df574a93e059328d50d2223b4994758f7c86ae8a01595c1232e003f9b5a91

SHA512
fe290f2cdf7d89eed8f3f5bddfa541d8fa7c1ec67e2495d4a6843c3fe4a9d4606837ccc7a606fa328e95cc72c9a812103bca7a8b1bb79736b8ab68e36dbdc7af

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.exe

Filesize
56KB

MD5
f577605e98a1f468deaf703247f9af0e

SHA1
4e2495d8ee48384836d35286436719d1e6669268

SHA256
21505b73f53515a90e4eb3e84f034520dcea5d149919d5ad20bd9c3130cbbcf7

SHA512
f54427968be502596c1e80675099be6e51e2a55b699251ef1e7d488d4d9d394e76a2d6135da63b812f40584cf8bd7d59dbbe0c8bca8926594a6bb3b2aa1b3c46

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.exe

Filesize
61KB

MD5
33780c1c100b594efc30ec6770beffa7

SHA1
0b48d5984a34e85e6b8d51f09060084c28ff6b4b

SHA256
29b55e8983e64d9c21d27827074692b7aefe68e33aa387691aa1bf777c831e25

SHA512
eec842e66349f7435b57328f7a7d79dadaae309d4b4a757faafd8fcfe200d86a9cf75561c78dab65468eb4bd600570a234731463781224a177ce142478487853

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
57KB

MD5
7859419962899dd3b48e4c858aa313cb

SHA1
91d139e0f0a507094605195d0e623e528a41e341

SHA256
c5ce1af60d6242f438408acd0d80e40dd3fed2952edbc0dcfc18fdf2342f6f7f

SHA512
e14bbbd8054852634a94483e98175a934f5eb89e73aeb847f4fbb8c4f458f306c3889603dfb5df88899fbfffb40e6d4e12390861ca392d342a6320938b458b1a

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
56KB

MD5
f89b37559018dc7af2fe6f51cf220729

SHA1
d703c900d3f6f0050b3a0d9f247b46087661a676

SHA256
fa304627fee8ab4d6770ca576e8c2dd9757ac4fe8159d6666a86b09d883ef1a5

SHA512
c56d4f995e8e019094717d1ceff3e71a22fe9f4d7e34aad4d157acce216f4ae83e3148be4a33d68078dfeced7939a9fa97410cf925e87b033dbba5494b265f79

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
58KB

MD5
7f45203f7a0a589de00d5dba3bc6c1a8

SHA1
3094c404126ed8cef1b1a0ef921d41f65d01d471

SHA256
403c50b592eced09531f1b3dcadb49e6715e5d7b33bd90fa0e0f1453dbac56cc

SHA512
74c93322cdaf29ef7419469c7bd361c9232f3f9ad8b20218dc7f8e4d43eb2624e954526c63f2f1d56eccee0e05fc3bf7e5e1442d8f08cc12abd1cd16b1c120a1

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
65KB

MD5
55fc1aa891e0eae91aaefa9beb025415

SHA1
3583a7ea451a74c9ea3b7e66cc6897d58493bd77

SHA256
1dad161a706effd0f2a5cc73eb5b916d8ce38a60e9c2d2ad98503fbd4c6bc9f5

SHA512
8f30185818d937d7b595fe3930e2d2350d335b3550c39d71eaf2c8e788dfec8aca8d82d738081a7338874491e10f82503d5a8215eea8d9615bb88774f39e2234

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
56KB

MD5
1f2466484d1d7897b15768023c14161d

SHA1
3279b3d12ead1f6c1ec2c9fed38156a284275090

SHA256
006a9a44af2b01b554ba3b30eb84b728b158e38daf87c1dcb30f8cace22be35a

SHA512
575edf30866596513c420b299404a5e3da34b74ea94f8c21b2c6146708b77019a2beded0dce277666648b1f29006a3f44cf75573f55c9ef60cb1ef1fb4ae83cd

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
53KB

MD5
398c06e8197fa54666fa740d7b4261ba

SHA1
ecd312c6f98227e569dca7bfe036220e52bddf3f

SHA256
074a40bf3cf92cebefab815e83637925c7182b4555a8c01663704ee9be8e47ca

SHA512
ca21ef2294fefaa97cd682a3c7c7f4449c3fee56aeede37247eb309176a268e11f60696ebf65a98ab1bf8de202b0685739b4a1e004a04cdf00383aab3b5503cd

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
58KB

MD5
bb77e870e721d223a4b514eea4923adf

SHA1
628e0fa9480ec65d5ac2cf6a61aeeb50138b1118

SHA256
b60703a2e5fc12e551ee3ad5a620a8ce7f4b095e12470e3c7fb75ab51575892b

SHA512
6c979873f346b6268100a74019c192ee0a2e82eb176dd7bddef614cb5b4edd8d216cda557cb4d1c25e97fd9a51f8f7183f7e80beb61e042e9e18cd3ad934e1c0

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
55KB

MD5
2b98713d5c2ea33f45b566a03dffe40e

SHA1
9d4b79c1f8842fab64fd78e00a3546e29c0b5aab

SHA256
37dff56944de21fdd8e00610b2cf724f82a07b94c63a0f442390a40b774b5015

SHA512
95be807d9b4ea9ee47eec918a614fccd6a9e13acd1e2effa758f2c94468e6cc1bfdc29a89c208321f18ca2f8e0804b24941198d0e1089744b129a7538d1c37c2

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
57KB

MD5
0f6e52847069296ca78643eab78edc11

SHA1
6e99eae7079379ae5b1dfc5884dd9b2c097499ba

SHA256
c68b38f45c176d502023c243c1765716801e2250e5f8ace3fa6de59edba828d8

SHA512
61ecc40d32e116508045799918945f0c79ed6912daa21844d182bfe76aeb34b8dc24eb34de298651e80686cc3169c8ba66934eb7ec7479f988fb2b663b5053e8

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
56KB

MD5
80fb89c66f85f7be6955a3c3b185a706

SHA1
83a912113c3c565b21b64520f88a3218ad781acf

SHA256
43913e79f820c9e4934e64f0243ef6e220a05a9aae99fe37e4a8cd95a8b8c645

SHA512
807b438f5b3758a0d421ecbb344977d691c21c03b1bd891e96a346be5eeeb720d48a2bfc7166b56aa9a03b039d9da77682b8ed030e0cf466d59e60b68a6886dd

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
62KB

MD5
44a58e3b6b290de1da58f2fa6b5f56ef

SHA1
622bbbf3a75b532a789e1b5f184f1c76d0d9e35b

SHA256
048f69ef85df8bdc7d96d2e948169d094d99136a555187c2e551ab6ce5171dba

SHA512
48e6cd50c55709f8825e2430119c846533c281cbe832a935b56a1635ae70312455be726ea2607b5ff92156a5be237b460f488712a61b29caf68190a5f1559884

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
56KB

MD5
36c2dc4108465c45273c46264a74742d

SHA1
6136f094c582cf9b01fd373d90f389f545ce58a7

SHA256
bd8b9679de41abc1eacc3a78e1dda138e5b7310a60070e5899d34484e82c5883

SHA512
90d86ac883d65f05b58d395c83c6bcb933e1e84ff4894f27f0547794765a0e9491d5121fa37a872860cb331454fbc6cba50b4b9981e13aba338c93be4de1b5ed

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
49KB

MD5
6f7404b4de6c01b3b57a307573a2ec9e

SHA1
e8f8ed05d7f52793bfccf1715b67e9fcc777dcfa

SHA256
a881b50d4de05893a9a554914c87c0bf413d4d050f7d903c67fc7c5c0da877cd

SHA512
6b6b3204d8336e6da25d2de6e3156dc516c25fa400a5369e6ff583e2fc613cfd49163f999a642c643f15dbcbd02aa63bd1164db2634abb2591d0c3c906c57f5b

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
51KB

MD5
a6ff15299bed608a9d750ffbd0d27738

SHA1
1670259980ca3d79dcfd45720b213a2132461113

SHA256
6a6a23b5cd3b9dc788b2d8c1bc93c391296035d8577661fd80a9325293c3492d

SHA512
45f06592e268257a0a496eee745bdae9111bff6ef1a95d34a702223b0691f1c0552a45202f0fd1d3f805de37548987d1240e55159b33467678aef5e7d00a3a54

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
52KB

MD5
495599de38746c879678554ff9075a7a

SHA1
ed95d2a8a40833027d462f2dbaedf5f246305a47

SHA256
d72cf80ae58b83d895822bbdf60272c96bdf509828056707ad4608fcf3abfb1c

SHA512
9cfdf2fde99335103b1082a6a69439abc1f1f6c05ff534efb22ba980b332cec34403c68253219932d3a81d4b01943c3072e950452321ff0c59ad9a95039d5770

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
60KB

MD5
413e93f824495a2d597872b87d5db4e1

SHA1
cf7ceac582e09ae679396737865feab8e331d77f

SHA256
2aeb67b01f51b7461eaf2de2983e003fe4fa86ee92dc54896c5b83334d10a95f

SHA512
f24cf5f2fe6a2926565cc24c89fb05c227075fd989fe1c5b0ca90fc10086f83feb52af73a5d504fb1fd595ae306141e80aab47b44c59878271497f8f8b30c682

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
54KB

MD5
69a4046d46a804a4d81d1b497ef93eed

SHA1
5d58a8f2d52996e4cd0fa59dce09981180829f02

SHA256
12fdf2e05da1c9537d7d9526681f6d3091eac9c25b34510bf1e6b5f074d89e39

SHA512
5799f40d4209aff891e13c13e93bcfb878523762348e933d02d1b9b6f07c35b2aac48a9ae96d878dda074c2874c1912ea4545222089072c589b7d32a8aef18ab

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
66KB

MD5
e5e2abf2b95191e9e70bbe83c5860e89

SHA1
cb2f8fff8021fb0078ab5a49c253c1c9f81ad7bf

SHA256
ef1677c0a5f8857b34e9b5f7408103d57a3fd70b54b941970f8de9311b1a31db

SHA512
e1a82eddce762d4d13ab283428333fb2ff9bf5890ad2327bba3abbd355442b43254025e5b97667e4fd699d6cf09c235e37c7f53db04a556fe186ccee7d92e6db

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
66KB

MD5
676eea72eb3c101e2f7b172bd01ed68d

SHA1
b95bffc075329fe5414800649fc7b00a564ca52d

SHA256
e1b6a954f8cb0a2470f441b4a8d065ef87d24d93487a54de6ff9b48ebf4ceeb2

SHA512
cd2047f7849eaad3fb3d6b4b2325794ddf21509b829233d98ea8578257177d4546aec7f1083f29205a350fe1ff9c51e6c5855e2300fae1bf49ec858b60d62fa0

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
57KB

MD5
3779f658a5f57d4ad64104191c71e911

SHA1
b1c03084583e2b67f5a308a8eb508506f56b53c9

SHA256
ecc7c67375351dc8ba0aa9f0a49c0b909e20c0ff529cbaeefe175f15fafe32aa

SHA512
6958e9a7d7130dfb23b3a3200e72ecb0c7ade6f810df80e276cb0abdf752a1dc75cc34e2ff2d07ae0fc538ec81605c50d7291f7253776e35a820c3214adf79df

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
48KB

MD5
009d676016dc1631c269a08ff89740dd

SHA1
1d9850e4a9e9a7a43954e7f9827e393bb7ec0080

SHA256
718892ee3a54b0d006568275788c6b34dbccf0e08dbcdab36117219996b19211

SHA512
b93a336c0b0935c2fa061c644ce85ecfc459367cc8ab7f5a325d458efcd2ea2d97eccf6d94c3f8f3c196c84deeb94f99d4d352e8a7dc25e0eb3c7bbaf7c2f697

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
58KB

MD5
e77d47596ccc540b47b5a0bc084b1be3

SHA1
6c454b0b58fbc96dea55dd373bd8f9c4054c6357

SHA256
04896e5018970d90b68a31d1f2b13b423b2298f080d965a45199d53c9d1fdfdd

SHA512
db01c0f0f452978f9d6d835c6f054afaed403fc52af4cd3b106100cb0c5524ae25b9c7bb5ccc3957ec67a56f3ec3c35a115ee35afa1b6b9db3a23a0fb3766777

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
51KB

MD5
fa7613d28205aee44a79f2ed253f7063

SHA1
0e9d3184447a5a453ad0d512c16b08bd3d4763ce

SHA256
f12e25d9f311eab8569d35d3e31464b58fbd2116474a9f94683fcbd284078e78

SHA512
00d5f39e4de3002ec8944319307a596bf7a8223f1a24685f2dd42ad777b8237623ad8a4482402c2a80302729238c07de1fbaf1242262707c6a65295c21c3dd77

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
60KB

MD5
39835fc76a72882cc2c94a056aee7608

SHA1
3665041571a8ead4b57fd120db78f24d72c6e23e

SHA256
ac1061d8329d09089c3392816b35d950e667d1d476e07c45fdf778f0fd64691b

SHA512
f4b3d1548d176c7eab504bd04390a7f488298ff8f2c724cd8fea5db820b4ec22bf5eaa60ab5ed458313b630642a5ef884f23aee4e11249bfa15640dc2cc71e9a

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
61KB

MD5
d1141045c5e43021f1efcb738e66fbb2

SHA1
9c2120cddae074c43a917c3d4b22cea7f53ed367

SHA256
de80d274180f0ad0f947b7ffb7ef544f8498425093a13bbf8d087655179b9fcf

SHA512
d20fb0968303f0cf0337405fed2a752df6c854e34932cd706d9317b5b453fa48a77fa5a91d7491729eee5adf6efdca67ee8abbf282943c23a06f023f02881fb2

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
51KB

MD5
803bbf4f31a43b6942b336dc0b1c908c

SHA1
3b0fd4fb6347cea1fea29d359c45051a069217af

SHA256
82cbfcfa7964a82b52c761e1112c59974026ae3ab5f1e86e4eed18abf59dbd30

SHA512
184618b9d42ee3832efa66890afb665352014dd3afc3d2b4a57d60051eb9f85bdb944f69332e47c91b79977964f1b2a00e1f81ac5a42767688d220ee1d321307

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
53KB

MD5
44fd035bd0a6dcf6efb91655fd4b453f

SHA1
ac55ceca99761825e33d0ffa5fe3490fa7c350f1

SHA256
b91a98626f97923131cf6328457e1fa1f9d284815c7e58dcb5bd30b2279f90de

SHA512
be8b969483d2181cd11e4297b1fde09d7f1a5a33eca21e6425264f11e25f5d601b1859a27055d2cef673a8a9d00cd3560a4899a8bbf46a20288de8aabe5221d9

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
55KB

MD5
38aa33c7b111c84c85d09f35f4f6267e

SHA1
f637542f9a0a86c3055f169b85c2cfa93c3be373

SHA256
f5f2add7f48e075db55da14852362c2451cab9639482e0faf4447def5f72f4d2

SHA512
40ed9a8582b8f682caccfef51e2356af0aeec2641d2ea070d1e69bfb4cde3e7158b556c691fa7613d029d8682aadc1f6b76cf5b4554e8957eed9f0248c24b271

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
49KB

MD5
29c6fa0c51e9bc421f91c0d99a9c6602

SHA1
2089ebb513f33dc5f0fab95ec6c0981743b11ef9

SHA256
d37e996f12d4e7a00d3afeaeaeca28545cc58b27bd1e37eff8084a01ce7ca07b

SHA512
3af8d2b6f6fa5c73c4c59620d350c8d03cdc1d5471c5e1ece7a0ea408515164aaba30652537dff5fbb5552ae431da00a037ee60cef5cbde18204d06919010977

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
55KB

MD5
cb76c1753aab7bad0bb6268baa1f8393

SHA1
94709df419cf4df08688e87444407c1a01d0f866

SHA256
a20572d78564bd58740394b398d2065e83f50bf36e193b86a70da5a2a3a9869e

SHA512
785a064652c624cc7883e2775ef7b3d8ef95a821c880ccdbb00447730ffdd6f268644a5704dce2c5151002f6be642b11816c93d0d9cc970e791093dc5cb21d6e

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
56KB

MD5
74199fb49446cb870baddc59a6662a9b

SHA1
024db97a15041d49c7867bd6f39a75eb36bec21f

SHA256
50b057bcabe04847e62cc7f179e1a1c241d4499f9513d6a6e9669de6149894d2

SHA512
60b15bac8de7a9271245b79c7649139fa3069a72c23fbbfebd916a512d4440ec32c6e06051230de54d506dc23eedefe5045c10b89386ad690c19c8ab9792625e

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
57KB

MD5
4995444cab1e63599df43ff4ce249c05

SHA1
14f5b24c3c46ca877e43c1868c4c6ba43c64fcfe

SHA256
688043dff8167273d4eabe206077b8ad342c58f1a31c342a9f61ec641517106b

SHA512
c68eaf2c8a246149549b6130b49a0c6cd62acb53178c48438ef64001c0d40995c767e84b3c1163e74a06b9404e831959fff57d7a9ffee0dce00dacaa276d2324

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
43KB

MD5
cc54df5019f696b8a186354bdc45e859

SHA1
1b0da819d03c874dd3d441517043798e3beebb1b

SHA256
27073b7d061b5c9e6a4cc4781c80a10d13035b3b8ba714cdb0050095f6731dd6

SHA512
c04e6789481dcfdb6d1c408d68901e051a6723a2d906e33d3ec818130af2558548aaa09f1959f33615d65f3ae19459d43fc30306f1522a57b21adaa840fc5a5e

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
48KB

MD5
f730fe403704f460336de50f1ff5637d

SHA1
1d168f24529fadb16a47e3553eb17220f7cc9815

SHA256
55e096bb34939b18781a64858b32433d2d81b4d7dddb0822bbad33eec75c1a15

SHA512
13eb15e67b54b1a1a5cb0cc5a438549d7f40aca938dd6ae6bc5030538842567693ec7a063038acaa9621c552d9ecec2829cbfbc2dc5e5347463a1dc689e8defa

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
69KB

MD5
84312558fb95f641e7ab4fde5e55031c

SHA1
6c9d4331ced0b200d33a5f8c3eaee12574b7f1e8

SHA256
05a390780fba9a7045e55da6a0098ae8563a93b1660a3701da57a87f856e29b7

SHA512
2ec3a07c5d877b2ac625ebf1d1a0276e11551213c0860eb3a483f00f715078fb9cba3a9528478c5ee62c85492bd0df2093548e658f9e2769b0fa4deb91b426f2

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
53KB

MD5
ad1850f6876ba7f028edb2e394d993a8

SHA1
08fee8fbc0e521db0dd0d63287075d00f2c1b1c4

SHA256
69dda748474c6826eba677aa6d456b3198e95f1c5fc87395bee44e8712306a29

SHA512
f1d5e335bdc2b670f392509a20035fc188109476ba695cc155d929866cf7c36aaef52d13652fa7ebc317b43b33188adaa8f7ee4a3a2cee00e66a132b1e949037

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
48KB

MD5
afdbfbb8dc05735fe35a1f3db8288d9a

SHA1
a6d0d488b1b9a87e44de94cee17494f2b421e33d

SHA256
9bd0b88abce836216cec610b4cc7b766b4fdf635ee4cead51fd134254b102c8c

SHA512
1d98f035b87054d0e85b5c40d7aa8f3ba5fdbba6eae390ae048afd550c2e255f5931121821f865c823092280f2b9194030c8c479bb5bbae5e89a8cd370bc4ac5

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
54KB

MD5
d7269bdd114a38480eb49b82171ab19c

SHA1
5d9b53e3d48b9848dbfa8066b614e237d8b92433

SHA256
f64fe0fa0f68ceb864f16eb6f626534bb2a48f3787843e1fb06a85538e305522

SHA512
205dc6db473232c161e53b655ce96cf8d896fd6c90d5c86c49526f3c9fe7158c7ffa079d0e1e6facf7f79b8c59386496cfe5b47373fefd82aa6b28ca135190a6

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
61KB

MD5
c40e4a7299612377f9576db7d5fc828a

SHA1
7b63de02b4bd1349595dabb3b26f02703cf82c1e

SHA256
dad1897595112d07ae30aa5ab3ded7c0ed40eea2b2d62826e00fb059f56a3e10

SHA512
5fde5c760a382c00f90bc57bdc23df64db567f529b8493c25d38bdf25710a48f72ad0bef65f914fb665314848c2cd7ddcbe931e6601a0869e6061e161180edd5

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
58KB

MD5
ea14f8e5cd5317de7260ee240851263b

SHA1
7e0f0f336003f788126b42efdf322d087f0ec7d8

SHA256
4bdc928eb02375d231136eb86965c4a7be5dfa30d1eaf584a53803dbe0faf758

SHA512
d499aad8fcdc7e972bd14dd2ff4f66f1db737bb3ff8ceab3e77c0ae56e58b30f15e1fd3639d695efb5328a61cda24d96fa14a977eb1c44ae07502c36182f39f0

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp

Filesize
57KB

MD5
db2c6f6b319d2113a438a2396db9b21a

SHA1
7587619fa78383cad2c26c343a88e4f7e9034563

SHA256
c1d16b975440ebd5215209c97a8330d8ef7acb5cc396d61a05bf7ae5f439548c

SHA512
99ebce5ddcd8a40fbf41c503db2b1335a1bd51da6c68cf09fb648a1fe861b8e686617836476e599545c40b9a0c5770655f60c5f66bb0b94138b48963ac5b663b

Download Submit
C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

Filesize
58KB

MD5
85271cc9eb06072538dc335a0d68f140

SHA1
4bcc1c33967a3db9382bf731ad19a376b18c5436

SHA256
15ac86f445aba901f7a1c11f26cadcc7793481db49dd0245e20344ef17ec17cc

SHA512
d0aa224ab32065171e1265e49e46107599fef74a7f64e92b880165edc1da3e601bb50ff10838e40f8f98619d20da340f8f11e16415559f2fabd98fee3c9c0603

Download Submit
C:\Program Files\7-Zip\Lang\pt.txt.tmp

Filesize
58KB

MD5
fc5575497fb2265a45a9a49d5b0de538

SHA1
7ee29c2b5e9eabb905d33c0b8f69b4cb31adcf44

SHA256
d69f1dcd77f9e20a94163dc3c3b03cc0ac6ee83c334313b9f1df52bf5680fc8d

SHA512
3f80fe2d3e057861f92d46f3babd4afc939ca9707ec54381b562705d844f164bd72ec43ab2cbfc8e60ec8de61513dbfb26e78039a73c078c72fcc8c984437e4c

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
48KB

MD5
c56d4bc66f0417fe09855b268d9498c8

SHA1
726cf87e5fe8bd0f2891867a19f28f4183e9bcda

SHA256
4e5d4ec376a93e862a04deef7d50f72cb319a8a71307841e90386e03f28f4610

SHA512
560ffaf67703256c888f2709b2c25012494a87994cdfdf4ca0dc0dfb9be67ab6a7a0ab10ea5f8bbb3c88b9f4fabbbbfff059c700bc1491db1197d289f3182023

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp

Filesize
55KB

MD5
becbc32957919e4dae4df271ab18d23f

SHA1
c691ad1e51e9de38848e14877330fa7f053da92e

SHA256
8bb9f4aea2e6b1d640f245dbafb3952a216bdc8bcde5782a3225b664143838db

SHA512
a51cd5d9bec98897a7ba6e2c5f1605aafd9006b952395abe01467439e4e68f45d9ca83a8d4e36d8bf0dbddfd179bcb75cc16c00d251ad5affb93bf70212c9bc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_OneDrive for Business.lnk.exe

Filesize
48KB

MD5
2d7c321f67e85a5e6e1ebb125ff5e2b5

SHA1
c8939ab186de0cd8c032da6d442dc4e356985f8a

SHA256
ed9666c1d61e24038e59001793d060cd00d7964ae15cfdbdb53e474f2f47029e

SHA512
4075dbf003b6dfcf6f5d76ac950785e699cd218a00e311ebfb7bc549ae7bfc632bd9edd290ccca6f9be65603adea3ba3e725ca169402b5729fbc9803364f4b30

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
43KB

MD5
a155fa62059f1c24cb0a85d13849df43

SHA1
dc96efa6e5da79e00199aca1e2747fbec458738f

SHA256
9d99bdadc3d32f9d0cffa16e76e9020b298ba2602c3a1409acad6f8964741100

SHA512
e125490df8525b8f1107191f2a33761eb55ef9a1b9456c89ce9829eabd4f8412396963ca7c9d7a098d69a342092ee354082d3930a2c5f9997b43e2b56214375a

Download Submit