b420cfae1e71b60265c4aa4af39c32f75c4d0e19a8c680941686edf2ece8ebb5

Analysis

max time kernel
120s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15-09-2024 03:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c9f81d604f3020f0445936a103fb4e90N.exe
Size

102KB
MD5

c9f81d604f3020f0445936a103fb4e90
SHA1

86c42aae37b714d7dc21c887d6ac1bd3db971339
SHA256

b420cfae1e71b60265c4aa4af39c32f75c4d0e19a8c680941686edf2ece8ebb5
SHA512

0ab5efb20080f282b5feefc6ec413b063a5090abe73b1de1a88d2917f724524989c66eadaa58e1ca1dd6d3b547cab363281d29cfbfccd37643fc277fa11a84fb
SSDEEP

1536:W7ZppApktshJYAJYDVXxXIYcUYcE7ZppApktshJYAJYDVXxXIYcUYc+:6pWpktsUVXxXgpWpktsUVXxXK

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4812) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
3976	Zombie.exe
784	_MS.LYNC_BASIC.16.1033.hxn.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	c9f81d604f3020f0445936a103fb4e90N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	c9f81d604f3020f0445936a103fb4e90N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClientSideProviders.resources.dll.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\cs.pak.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicelegant.dotx.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.ResourceManager.dll.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-pl.xrm-ms.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\WPFEXTENSIONS.DLL.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceProcess.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-100.png.exe.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.resources.dll.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ppd.xrm-ms.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-180.png.exe.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ppd.xrm-ms.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.PPT.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\orcl7.xsl.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Input.Manipulations.resources.dll.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Xaml.resources.dll.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-phn.xrm-ms.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-oob.xrm-ms.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\flat_officeFontsPreview.ttf.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlSerializer.dll.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Controls.Ribbon.dll.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_1.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.dll.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Quic.dll.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsBase.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationFramework.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClient.resources.dll.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.dll.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Dynamic.Runtime.dll.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ppd.xrm-ms.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Formatters.dll.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\WindowsBase.resources.dll.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File created	C:\Program Files\Java\jre-1.8\lib\charsets.jar.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ul-oob.xrm-ms.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsBase.resources.dll.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSOUC.EXE.tmp	_MS.LYNC_BASIC.16.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ExcelCombinedFloatieModel.bin.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrgc.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\COPYRIGHT.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c9f81d604f3020f0445936a103fb4e90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_MS.LYNC_BASIC.16.1033.hxn.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 3976	2284	c9f81d604f3020f0445936a103fb4e90N.exe	84
PID 2284 wrote to memory of 3976	2284	c9f81d604f3020f0445936a103fb4e90N.exe	84
PID 2284 wrote to memory of 3976	2284	c9f81d604f3020f0445936a103fb4e90N.exe	84
PID 2284 wrote to memory of 784	2284	c9f81d604f3020f0445936a103fb4e90N.exe	83
PID 2284 wrote to memory of 784	2284	c9f81d604f3020f0445936a103fb4e90N.exe	83
PID 2284 wrote to memory of 784	2284	c9f81d604f3020f0445936a103fb4e90N.exe	83

C:\Users\Admin\AppData\Local\Temp\c9f81d604f3020f0445936a103fb4e90N.exe
"C:\Users\Admin\AppData\Local\Temp\c9f81d604f3020f0445936a103fb4e90N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Users\Admin\AppData\Local\Temp\_MS.LYNC_BASIC.16.1033.hxn.exe
  "_MS.LYNC_BASIC.16.1033.hxn.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:784
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2392887640-1187051047-2909758433-1000\desktop.ini.exe.tmp

Filesize
103KB

MD5
faea4cb83864c3b57ef01e4c5caefaeb

SHA1
22afdc9fae23764fc60b4059bfe8c26c80336f56

SHA256
92ea4ebbe6498e84a8f6e4f7b62267633cc0eddaaa7ec3c45756613daab773e0

SHA512
7b235e55f2cfad570fd220f2fa66fe7f38371062d68acaf5088665508a6f21f1a12f66844a98ce19f2d82dc85d7479d28c48d68ab950271f3bedf2af726332aa

Download Submit
C:\$Recycle.Bin\S-1-5-21-2392887640-1187051047-2909758433-1000\desktop.ini.tmp

Filesize
51KB

MD5
0a9742999cc1044a08a02dea3a7393db

SHA1
713706dee0c8bc7120b43ff8383536655e9435c7

SHA256
d909a55ac7e47067419fc3f8962bd6decef1cbba7172a9cb6f07178a90f82604

SHA512
2bf567b3de9c395f3cd26aef21954ec49a32d89f9b305f31369a3404c2f7814d617d3f1c2a5cf713110167c65ae53fda49ca78ec29abfe15789565ff22c5ef6a

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
163KB

MD5
cd7db532c7c2e94bb7953cc617c9e7b5

SHA1
6c4de898499f8a98496bdfcb1cb0993223ce54a3

SHA256
51e40ce55053f6857ca3a907dde1b8b1851d8165a56fa6933bac726a21bb7b53

SHA512
338401a8a07c9738d1a8de93cb9bb1f9b38e5943c8536fdf45ab42d5d0c4fb643343e8d5787b97339f474c2d922fac1c28844a04a0d81b79b7cc5f7e473a72f2

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
150KB

MD5
94b63cbd96a6bca09bf2dd08b7fe2d0c

SHA1
2fdf7a1289bc4b7c1d602ee52412c1a1d21c183e

SHA256
9b3e6592139d6ecd5cbc1fd39f62ed6311858901c358852e898f2202dd9eb820

SHA512
72b292d2285eb8470d6b94fdd1475535394e084af72e8ebe14359e40dc3b65ae98a2d54b24c5147f55f02d24c13b07bba8f113233fe2e7f713b668ab6edfe5b9

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.2MB

MD5
497e22fd726a3d4a69e59a4db3eb13b6

SHA1
191abf90c00df43de9938f7017a0b3dc591577c1

SHA256
15c5be7c616adf582d1f79e5fcc9663ab94971d8305ff8b0bb6481c13a071240

SHA512
2d51d81c85cc2a5fbbf9b0bffc732154be267471d1c2ea36f8b474f396c431ac3cf896c6ba4740dedfb58ae78270fc15d6abaca5f15d2c64e9554a185749140f

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
33110c41d35e43afe396483646910551

SHA1
9d0568ccaf65e2ed1101ecf42c058f21e797ea9f

SHA256
c6f309b9eadc90c5f02779f0ab7ca25cbfaa125db591e891de389664fa4ae5c0

SHA512
fe380be6e019c8e51204150222e3104d68a5a0b35798a948d3b1fed86e2bc019e8de88168d8d5944023e4c1ab35df4746a1620879fd7c73292ff6328aa47369c

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
595KB

MD5
cea29f552c4cfdbc2fcdbabe48171c7b

SHA1
4de13412da70d90c87395f935bfc2781df9c8010

SHA256
6d58322f86fc602a95fd52d7919a5209d01abe7b37bfeae3637c84694aad16ee

SHA512
ea01ac6b80c84cd392745cec8c269174e602e342b69386cda9df6d2e76443bb99774796e21822019f0c8b87a34bf5ea0820ff028ac929d97e6fc356220c34c18

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
261KB

MD5
337a51665ddb3341012677afe599f72c

SHA1
47ef7246d8793146617fb52accbf6883f1693c73

SHA256
919b5d8c4d492d21c58a9c1100898ec9720834355f2fa37fffba45062942ebff

SHA512
80a4cfab049e679faaae8caace60b04f54848eddc0cde07e122c0205e6c8a8022a69caa6bc922eb4e88851b9b8c5fcdd9bc7d5b55ae2d8b9b9333dcbdedbb2bb

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
64KB

MD5
e4c9aeff9345caf7e21cd56a240557eb

SHA1
e1c61546bc83567f99fa7c8e4df5a3e720f445e8

SHA256
4883a2e9647b5d29d35881736e05bfca2b5b840310ca1cf91e99440ab0b1357a

SHA512
6b21d23336c1745972cf0349087917bf29df1b0dac7b0bf5eee224d016ed71a72c8946b46ad7cda2b544a6495a76ed1b7c2bee9a902cd8cb773f4b3fe8330bd0

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
982KB

MD5
a9ab443bd8169fae75869fa44a434d46

SHA1
d28a034a3feb66fa369ddb364bd08a7df283b3fb

SHA256
91ae5e33fbcdc42c7850f7e76c31a94ec6778590a040b3d70d1b60b9845e7dd1

SHA512
d67d0a66ff33ac680d78bff5ce9991e51c8344c9d358ece5e242d096b08deb0acd615b5462cc3442f77702c6138c46f250bc8d4834c6c7c278030253c651481a

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
735KB

MD5
d7e6d09033c080e42b07852f1a99cfc0

SHA1
50c250a92de276db1a2957a653cf65b5712f9acb

SHA256
266e0cc04345a111837955055377956aba8118c8dcb64c373d8e0e87159eaaab

SHA512
d03ac8895a6b981221f5d30171347de5b51adedc55ba9d73afed809507c14131fa9ad2c5aa7bda16318e365a78b1706faa7094f459bc27f384accfd42d89f424

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
108KB

MD5
d35bf7b2405dccb59ea9dae2cbbd9c4f

SHA1
ca28a4519a3757c3ecc5ea1cd295e4d30e00a3c0

SHA256
7ea5d75625ee650be6e64cc93e9ed2c1f5b2088b3a5be0c59b78b9dbc16c699a

SHA512
8960aa4e90a4979127fafe5b881c00058ac439aeca0e45bfe1291edb749bd71a2787a4a6a19e9ac733cfa526ceeb10a7a975a141afe30e83272aec2511b90e16

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
60KB

MD5
7ea6fd6d3c349a5ca4444ed3229857fe

SHA1
300f8cbc68438a94ad9538b1da62a2894fd66428

SHA256
6dc1f0807cafdbc3eaf9c34cb5b4fade8f813db9e6cd9cb7873d105c2d63ae0e

SHA512
c1f9d9c9f3e777c879f3250a7d3c179f6e44d62b73cbe524ea025e7ce2750ba580429454ee2e6b9e6c6f7b27add2c0c7e829611368dc776a41e57f0b71b4d099

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
61KB

MD5
42e330eb7c9621f3199450a6aa6b09c2

SHA1
c1223ea1df2db09142e98c7779f373b1fb6e5d1d

SHA256
53c837065a47bb388c65dcf5169f2718a7d7976453cab93afed2944c58d48844

SHA512
709382aad1167ebb9a34dd14e56bee1e327b553502a7aecc3bff42c85c5d2fba73a533cda3d406a60246c451de3b2eb4b1d1287be20f805e5b50beb6f94fd87f

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
63KB

MD5
28123e18731b4ae2ed214ac6a962ffa4

SHA1
499dd8f07b37f9032a10a8d08175aad0cede24f1

SHA256
9f5ad6809bf82aa63944be669521df395d5d57699aea989fa7c786f7d37d75e7

SHA512
e618e02577e853d7158eb1de93fa6a612e1a335faafbc53280aca762320d3dd8bbe8d5881c4e1af433660b35667b1ddacb79d2963a7d4a81ad67fe9fbed7216d

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
64KB

MD5
bb7f7d2bdc7d3888b2cb9615a2dab3df

SHA1
cc71081660afa7c4e9bc06fea62ec3d0667ab760

SHA256
ce8aa71c1a92c00bd1fcc18ddb3a3d91e62f41319a117ae23d2ccbe88627f3a4

SHA512
2723f677df3e4db387e22bc1f49ab0b7e0faf73d549841d94789c12c1f0692e79a29b12a46179bd63d4d6b3ae0e88b1ef0cef8cf810faf5770c7d7fd8736657c

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
66KB

MD5
47535956d83ae4b5dd698f50195c4f70

SHA1
4334002ff0cab65c41ed2634642188d79e01592e

SHA256
85ce14c0fab6731575c68cc5c1b82ebd37136af155ebed3f70132db8d2746bdd

SHA512
685b896ceb8590154af8ac680f74666dee91ca0b4d8cc61413249dd18a03d5a2721f8cf4f33ca97578503dde1919c13e959c635af0a9c37a10a5039ca10efeb8

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
57KB

MD5
8d20261b6dee1c7858f0948189834f48

SHA1
7029c3594b24519b8cc6fcbfc61c99ea39898d16

SHA256
d4cca8d15d541ec67b271b92f631ec5d435785f04edbd5fdbc1792436d71a420

SHA512
5bdfc115e71e7d65519e7fe9d446fb8d0ba5d9f31d60a66f1e82c0b38373c86bf6701fb779ff29220311706e08429f637b4fff090cd3af9bee19c339216ec29e

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
60KB

MD5
13b56b5fdbe034becdbe7fee8d3ff7b3

SHA1
c06c8a58d63ee7b27da703c476b8c96156527b0c

SHA256
0d02f1f247090683f2a1de7d643e3b6ae600691c5b90985b8750f8b2f07a4bd4

SHA512
7309c5a0742d675204ddcfa68deb76b73961a7b8bbd2671bc61012c4c443a7b332a046511a4afb0700ac7608f6e0c71de45b01128ebd17aa2bcf6cdcc53ff426

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
60KB

MD5
14639962a758f2a0a166d9f631f5e532

SHA1
52e04e5db992cada1b87b2ed092a4b18211086f8

SHA256
48cdc34907a5c33afa271c386b91033c52d1de2f20637e47441cdafa5f6662a5

SHA512
d0e4972ff74f47529ce43e2f15fd2afe0592655f6847e8f7a66610edcc5c2d144c58d34931f7a15b2146b954ed8de21cb21d979110d8f57f117740150f70ab53

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
56KB

MD5
7694b3a4c2efe511c31ed4f6d42250c7

SHA1
23a07cd262d9bf17535a343eefda31a06169f851

SHA256
1876c5d9e2fab1a06cbe22f5a0cc79eec4dc63472dc98fd3497ccb4cfccdbb52

SHA512
1eacca20f93f3d7280212055c5d064e5497dea92340bc04b56cfc8f8cc84c890d1a4c42a2c0172d867729e8e3fba495fab361dcab0ddf7cb16d6f11af0fe3396

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
60KB

MD5
e112ac8ccdf161a369ff547242c9d220

SHA1
b6ec82d4f10afa5bf280a0125bc32d6694907e8a

SHA256
46dc08ab8e830e0b174633a24c132932cc66fde371a413abb2980a8cf5ad5a38

SHA512
8a767eba8c16cdcbbe02eddce3f033c0846b0e97d2ef9c455f94e14c374053bfcf24f18b9b9c7b2f1cbdb853c3b021b501f141e8674f1d6b0e36af6a93d03ab1

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
58KB

MD5
bcfb4a81797e3598fd10414d3c3110fe

SHA1
5a1685b31c8636736b1c4d842ccd9ef839b4c59a

SHA256
95f38933c52dc773ba4cb4935533f3206a5066877fd26dbd46da39ab243d70c9

SHA512
48d9b470fbda0b966ee79a4c639278fb440b6848a290798bb63b47c66c4c7fc54cfc07b3d421b7213e11c252db4fe0474ebe2532fe3a4707e2f477b50564ec05

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
57KB

MD5
3ef644b6b39859dd7a40368b69e0603b

SHA1
413fa26d74ea2cfc0777d9dba4ae86249119dc49

SHA256
c5ec99d73001856050a0bd2c9a8d52f44efe2f5eb0d6ed47274460fbd56e2e16

SHA512
13914a348575e2012b6d1729238cd0d0bf817046eb35f7509f8078646d7e76399516954159092245ad801467c8a070453396e60a2d6e62be8e6a4c6fb6f08eac

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
61KB

MD5
8045b6517986a525814b2d33f4847d32

SHA1
8be4ef080480368c90c6d0b875e33f98dcef44ef

SHA256
fb57ff2615f690ba396b09bb57b7ea1329ba537a227fb01331fb25629aad47e2

SHA512
b2278c67b9f3260ce2e2c5276a4ba8bbb1d163a020a42adb51d055b23934b639fbe704b786ea3ab0c49e488d8c187554e38062a1cd07061f1c8458c7a23212e0

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
58KB

MD5
72c9c02c47f15ff5792800874bbdabb8

SHA1
aeba0e085cc86d049cb5c487828fb2997d83d5b8

SHA256
ab6a4d1ce48caabef946e58be024e2f15b36fb475e7bd61866ca4fef848d1f95

SHA512
0d1f96631d93dff1e76879e6cc2bc36817bc57f018caa28f0da399e6d6c3e3af1773796e53973d711c2a77987e7b2373faae1f28d4fa5fa06a82e68eca900a5f

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
60KB

MD5
8f55ef82803910e15b1299371e8783f2

SHA1
2cfc8ac8ab6d24daf2ca1c5ad1e2e4e3a9f4ab19

SHA256
839859f9ecf27ebf8db89b7c2ae899111337b1fc95cc3f3e24ed5d7c53afae51

SHA512
5eb9ff2ec4c20e0a06b69184f4f757e765b00da126191e362bfc8df3335d4f3811face8c30e08c71ce750d48c252be1f42ac1b04f0f8aaa0ad30d19243670831

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
58KB

MD5
983676b2bfcabee22f113f4b4cd4ca86

SHA1
3ad101e5268394b1b1aee894a5071082e05d260a

SHA256
3e6896ee50b569afb166c7b0894dddba4dde5321e7b96447557f2c0ca4d1b889

SHA512
7201a7f8cbc4ae3897f8bf8f83a0590cbcd919f2dbdaebe7866a87b3949228d979811fe7dd6651010b7a00f2b0749d9c03772917af71e2400b8eb28e65105158

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
64KB

MD5
58736c388741b622f47341c2129eb883

SHA1
cbfbfc5f50bdd5d72ea1efdabfcfb031cac6e4bc

SHA256
b143f47589e7d83b8cb523165e13930c5a2f98d025d33c57696c76de5fde81a7

SHA512
19cb6d53a8bb7cf5733837746dc2bab7d9f54c4154fb58e3ce872dbffd9ce783159c6d0d3c56306189541890f01a223c24fc07c4f4162d673c73fc69ab571968

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
59KB

MD5
0b6b6a3e57235b155fa691d9d10a22bc

SHA1
f8c89cc7e7c1a77d8f2fb6917ba918e61e50ae7f

SHA256
96b6d44a8e99ff08a3b9714c7a6b0f54e897e0c1f4da66f8e3b73afc569ec85c

SHA512
b7ee7230c26448e432d10f2e10cf6944142097d0fbbd57e9380bcd97d26709f1ea089bfc69fbf3db631db00150a3549de4cbbfba45bc05095c1d6321b3c7e0f9

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
58KB

MD5
91267210a52f25c5a89064d58df058eb

SHA1
11088054f501a2e0357b257bbf56524ff7eb9ef4

SHA256
72a6be9c2b06d1111b32db96912ab082fa95072b0c0d6e63cb3d66d1e0aeb33d

SHA512
862c0c769a537079f5a5c0ee558cacad37ae39740065f395804967ae2f8788a8908267c77c2c58aa4ca64ef4a5c95aade734f44a23091a1d1ff5b4ac35c902de

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
61KB

MD5
fa92496f0b9a41e60da5ac530008a662

SHA1
e396664a6a2cd47ab8fc28d2424474480c70703d

SHA256
932ca8e488c3aea7cffe58b69e3331950deb4f1139a9958bfd592ef75d4d0a47

SHA512
66bfee8d67384bd06be6f022639059699ae1ab218b55e0f736bf3cfca625a856059a8b33f151849d3026ebea3a1ff12cce00b92c5b33c6a1953b2264948e00ae

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
69KB

MD5
b0e9052ca44d6833b69c314411b31fa4

SHA1
8698b2c0eacfb6e4daa1d1e8451a3ef1743a4718

SHA256
887c56f4687745fbcbb0cb56a5072aa6e3fd9564220ef995d20815f92e1de234

SHA512
b17bb0df110d25c749ef477ba56ea4b8a612d30f254e99d9edf82235317fbf8440f2dbfc48ffae717afed655720dcf993d3ca61e1c44802867a3a1df35eab486

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
59KB

MD5
0394e2b925d853c381602e11f03f320c

SHA1
23dd31425061f496e7814e43c087f7dbb2e90f94

SHA256
22b9b9f6f996e2a27cb7367b6e1bf8873fdc878a3e2db7fb1f3f53b2f2f12516

SHA512
960d0c72a4aac30252d0e8ec9764e070d7352ec45913f134f17b76a9755b58c7f54ec268be21c0753256fe3bda1a93226b80e24c57e7961cc2a28aca8195ad50

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
61KB

MD5
8545a8028ec77cbc1e4fa2b19e5966fc

SHA1
42b53c8df4267ed9a7571660661719b5ca7dabb3

SHA256
7cf71871714e61048c57302065611cf486df431364bc682608933c64c1793547

SHA512
a34a599f86667ec70c3b4d3f75d9339bfce597549f5cb7e0e033be436ce2ac471d60ba7183e708d6c5957b96bc2acbbb1c129d91c8ee52a36eecc1bc51d37a3e

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
52KB

MD5
e0df90f65b17a5590d078e0406e5c2fd

SHA1
d628f01cc14c9b97c8aa8d69ec5e1b39f836d7d7

SHA256
43b53e2e6d13fa21c65c3eaed66e6497c33270000105b683e2b4bbbee48e8ea3

SHA512
9d7eb28500218984d06548fd99ee0b895656ea2874c845388a754f90205a292acf55cbc5019d80f17f7ba2b8225071024cc731d0e9891a3252afad8e58347714

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
61KB

MD5
56dfb8e77815ce5efde02d6466dc1345

SHA1
db3fc7a050d2b332e148ce4736c11b7e9a817ba5

SHA256
3be091314e6321bdbf5ec6585e960e0641dc3aeaae04cfeda0fd1fbecd2e3d03

SHA512
14ccc1018515628cf6a41f7f549cdeb4aa658d8eab271df1fd67ba3c4575375cc6478873f22a0f6f8be14b558b988d736d9067697afd886956fec3c91856451f

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
59KB

MD5
5ac0166ca89ef445e1e77878524b7697

SHA1
8222c2f646bf27ead277b785eeb7375e24d50a88

SHA256
be2406aa3b4248a633092ff9fb2fd73b4ba31fe9f2b58bcad0de46f7d065efcb

SHA512
ad1329480ad68cf1659443cb88c6477d6b05bd9e2041877fdf2729a30cd6da91eaf251ef094ac4d63c3c97ad25cabf4a8b4dac2843a8ae51a0427f935d64196c

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
60KB

MD5
7f9d9c2bf6066ce4cee48b8114f0124f

SHA1
21f05151874509ff6fab706571bd8d07d648ffbf

SHA256
4f853f210a4fbbf41530878683fcde0e76b8d409de6f11b61a809d00bd364ccb

SHA512
748512fd2c90e02e47319859a8f6dca8be810920031792ca51de67847cb37729557cc5aa7b1c14681720da30ba5d563dde509cdd60e258c7b3596717b008b946

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
63KB

MD5
8152b03af55b61a5dcebc827003078bd

SHA1
5e6064283da7f59a389aaf01d6029dc57dd70991

SHA256
dd8a367135679fa74e4e018f56f834c147bc0038fddbb8bd779b9c1f8c6fc21b

SHA512
bef07427ce55da24301224e7232bcfa615e5cbbea0ac7f014c8a5dd485fb70ebc4af74b69915d22e7bfc8287b6af9ad867b71f9fdbb96b110f5f1c8507edd27e

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
68KB

MD5
672313d69a07c0b50437334bcc16c1a6

SHA1
83c6c8de565182226e7b4e534a603b50002bbf2d

SHA256
3097096283ce64d4f919c43546c30ac58c2ad93db07fb82b158b41288ce68b5d

SHA512
f75e1a3b66fc933a4b6c3e52013ee41e9454bd418663965d35bc2e0ef75857125c090f5c01a249835f77aa0c000ece2764d7183ec1978adbc5dad0b5826504e0

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
59KB

MD5
16f01463a63d111ab32a4c5b5d389daa

SHA1
9af731a77c949a657c8fcae631a25c76dcc1271d

SHA256
5bcb3d72fb6f091d194bc0cbf704e864c493637a7fba80ba61e1574fc43e904d

SHA512
d946c520dfed8b8ba6b425c8353ac3af5f80e1b0a04a75f76dbb2fb28e56ffeaa295aaa6e2c76eafcd90b1a2c98283795594d8dd4ec9af6228bcc64d8381f6d6

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
60KB

MD5
71171a79b36a7adb718ecd852489f060

SHA1
99a70d38f28a7ce761fa32c2a3fb3b09cee9d41e

SHA256
1f4ee48ce9c2c789cc49287b2bdec6d132a24a9f4bd36620b921e3fe9d3306b2

SHA512
a7a105b8dc8ef82f5d27e72bcde235419ac1f7a9ee1caf4d1347d043e3c1f8c49884bb6037b88d59acf5fea1e40f6d2a0c5a4583779206220e8c64132d8ca437

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
61KB

MD5
1d5ce6848e05e904299fa1e06faefaa0

SHA1
4ee166433094e91387658c1c32f4722dee7a50f9

SHA256
033024744159d6d9662b6a1c87782b7345b8f0dcaac9c0784cb8efea3f17deed

SHA512
e5003604ceacbeb838bd1364fc9fc0a56f1802644b7ec621e7b8fe459efb1f2f1c455d7364a68a4087e591f102030c683ec0d93abe17802907daa7be330fe7ed

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
63KB

MD5
1148863ce0eb0d207578872fa82edd8b

SHA1
4daa2df0d7ed38b2c04bdc647887d91068000aa1

SHA256
d34b491870608a8656ae0786d0b6d37c5a88af65d606c65ac7277c4f7632020c

SHA512
9289186fb46968aa0f1ccbe04d874b9bb6cfab76265c16508b1d083d512aa334b1a5511c2845630b069ed7946446bed2df3dbb5aabd02e6296c8c82e2f889d8e

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
56KB

MD5
10692c50b14632b7b8f83eadb4a15b71

SHA1
6d6e4c59206dfc4bb5805005df7988aae5108aee

SHA256
7edc37771859608a653cb2c213fc3ff5c6976a1afe753a10a11afc39c8871a7f

SHA512
845da7d55c698208bdde7af47128fb4b3bc4709e7511224b337dd5cd07fed0e96c443a574debe8147654ddb320e58659cb8b404cd96adfaee7345de3909a5af2

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
64KB

MD5
5ec14d3fc01b94b0f9613494fcb0fa5f

SHA1
9f6e2b11e6b58bbdf56f5c0432243b7977be3f37

SHA256
fe94e8abf2611fa7ed0969879a5af24f8295cda5e827d930eaf4dd903831b37c

SHA512
19b4da8c69078db4032db73a45c20ac3502115648884e2b3cc84d656cc628fc42e0f9bc8a779e45e394a8c501f93e08532652dd01da5f9d1b0c8520ee71beb1f

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
51KB

MD5
af8bea88ff51fafdd3a79966e425e856

SHA1
df21ea59c0b9f234bef2b3714689a20a26f2d2b7

SHA256
882a36749c8561c065b18c446e4d8215b38ad560f2ef3077450f91c8a427091e

SHA512
23927e9a6bf5be0e80fb0a88cf4441940bf7e9314c3dc673cea0feeee33f90efabdc79032d57f86f2c50dcac9d898b58d1e7d8419b917d9ef566137ac7638967

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
60KB

MD5
7f14899233fa9ae95602d2d298039797

SHA1
105e8a29e6e9de6f1f77bc8a7199eae5907e9e97

SHA256
639679ee47052ccf7c106def60bd547d5dd91235ed05c1a489f2d4bb99e17a1b

SHA512
06cc8c29f6acbcb3a9c8b05f62b7ceb8749ed11185269a8ed529f1afac9398489a8788dd5ba04ed4dd3206cddadd95fa210885357d9be4feef017a8fadf98776

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
71KB

MD5
a99d2f7c02e880f553feefa38294dab4

SHA1
e5f4318e108b517fc3a2e047b3c26a9c73e7ca06

SHA256
acd83cf26cdee7612114597b11dd1f703374a9d762534910b76147b8f8159a9f

SHA512
d3e78ab6d89ab42761d6b71049d29aa854fefbe928e64ce1ff56a96cccab668ddfcc3bf513b0d31b8302d3ab38833d20f40fddb8c3d9f589465e3e9869aa7f55

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
62KB

MD5
b4451c822a452ddd3472015c6dcd1b7d

SHA1
8f12c424adb1166066f5edb3866e35b06691fdd8

SHA256
f440ad385c477c3450312e9b76f6495a3d24c1a53614b88669a26e17343036b1

SHA512
10c2cbe22b9ddaa223157fa995625c787cd9e8fab2e8cb661d0b782c0229d140c57b77e1ee523a6e34c8a0535857841a42f3e2a82c22671a476a49a30006d263

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
56KB

MD5
306edabfaeab7f419d173aefcf723305

SHA1
bf793682731cb9f5abc0a9d9d1bf9367f12ef64c

SHA256
a61f5a10d706b4f88dde09f42f69814c75354ff11d28c69ddec724bee4277cc4

SHA512
dd080b3efc4bdaaa0dd06073c856b6f10577a6be1bb9d5bff62a4cc073f17dd74ac9092777a628a15ed61e276fe12f2c0ef7553bb1ee75166a26ea93e696b551

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
57KB

MD5
3dbed65a350ffccbaca3276a72552668

SHA1
03a6762590141006c29b1e7359715297b2496595

SHA256
32688bf8be4cd11ca049000aae2b3ad89f1695db9d7868f71dd8b6cea4d0c276

SHA512
bf69062331528e9cc741801c721cc584aaa5a3b72cbaf4a0e8514e9112e029d470096b72d75105421d603f1669354fb94afcb677e20873710c8dfc9edfe852ca

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
51KB

MD5
62ad9fe9bf132583e6e1292ed513c440

SHA1
6498ee416c9c64009259ffcca48d21f2f87808f6

SHA256
de6af855be6581c565b971bf45bae54a63d2f9ed43e6f2a60cb422467bb45ca0

SHA512
ac8cd6aa002dab44cc3e5a50433cb2e5984be3254fa12981b06ae7a937c44fc0d80a7abb7cc41d69fe41cb13d11b1efe870ef8f8be8fb4e4fc4f829f77d78b96

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui.tmp

Filesize
62KB

MD5
d1b5f6a27fc8a98c01485a0522677048

SHA1
d1007a2328b8cfb3e17d9a695c5c2f5ca4871e01

SHA256
2177f7ff76bb950d3b23426c4cf4683e990013e55ab8f0b0eb4272bc1dff3c22

SHA512
e41da23ebfdc93fc4ff5a19e82270e9cfc736a388694c8f1159119b357450104db9f8d6fc99270dc64a8bcfcadd8928c3f97ebcb1a6a5d23c35198996b2ced80

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MS.LYNC_BASIC.16.1033.hxn.exe

Filesize
51KB

MD5
3c3409311e4e889091f165be1118aede

SHA1
3ff739d46ea035a902f94943e2ae29412f3caa22

SHA256
ac7d63c13bb00dc1e5e8c45ae4a623a1db9d312a9ac29345e65116149666b17a

SHA512
dc1c0df35087d7bfa1a6b9d2f0cef570eec6ee46e578a17ed5ced9b7c043f0c28add787a6447cd1f0cc3b6688e34ba978607f9f25cd9b0cf838cf7772823cafb

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
51KB

MD5
31b92b5edc4a8b286769098a14c138aa

SHA1
39a9bc3f16836e1d0056775080f0c425c61c63af

SHA256
a29e831e44b018ee4e9c715dfa3ee1e3c8f892d53e9a850ee0fcf6748402b0ea

SHA512
e970fb3c35ee053757d9160ff2ffc6a36debde0d666d3e28a2909965fbc717db46a90fd7eec3124427a720d4d6c2b0bef7447faf9b8fb1e87b785809dcb266ba

Download Submit