d996305f414cc1a937e3c08c751ecc7d36111d1574ac17eba31a0517cf47becd

Analysis

max time kernel
120s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 00:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d996305f414cc1a937e3c08c751ecc7d36111d1574ac17eba31a0517cf47becdN.exe
Size

110KB
MD5

ddaf6a644b80b6e5730ae6472ad20b10
SHA1

7564429d41095ae00ca3635a686d21de73f585a3
SHA256

d996305f414cc1a937e3c08c751ecc7d36111d1574ac17eba31a0517cf47becd
SHA512

4efa31ffe0932795cae71100b144acdb9dc33f7c700c3480a735b26fc1209df6bdf642300c4fa4879d69e23d594d24b17c0fbbc911b32e22487d93c76baf43e9
SSDEEP

3072:6pWpBwchcwDqT0T1pWpBwchcwDqT0TVfz:P2Ym2YV

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4551) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
4256	_MicrosoftNotepad.xml.exe
552	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	d996305f414cc1a937e3c08c751ecc7d36111d1574ac17eba31a0517cf47becdN.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	d996305f414cc1a937e3c08c751ecc7d36111d1574ac17eba31a0517cf47becdN.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Royale.dll.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PenImc_cor3.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\jce.jar.tmp	_MicrosoftNotepad.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ppd.xrm-ms.tmp	_MicrosoftNotepad.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Loader.dll.tmp	_MicrosoftNotepad.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	_MicrosoftNotepad.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.Editors.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationTypes.resources.dll.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-pl.xrm-ms.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\ReachFramework.resources.dll.tmp	_MicrosoftNotepad.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-pl.xrm-ms.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WWINTL.DLL.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsFormsIntegration.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems64.dll.tmp	_MicrosoftNotepad.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Xaml.resources.dll.tmp	_MicrosoftNotepad.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.bfc.tmp	_MicrosoftNotepad.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\Invite or Link.one.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.dll.tmp	_MicrosoftNotepad.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	_MicrosoftNotepad.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\WindowsBase.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md.tmp	_MicrosoftNotepad.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tracing.dll.tmp	_MicrosoftNotepad.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.dll.tmp	_MicrosoftNotepad.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Xaml.resources.dll.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Extensions\external_extensions.json.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\glib.md.tmp	_MicrosoftNotepad.xml.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\hwrdeulm.dat.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui.exe.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-pl.xrm-ms.tmp	_MicrosoftNotepad.xml.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui.tmp	_MicrosoftNotepad.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore.dll.tmp	_MicrosoftNotepad.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Immutable.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Quic.dll.tmp	_MicrosoftNotepad.xml.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemData.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-phn.xrm-ms.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Expressions.dll.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\Java\jdk-1.8\bin\orbd.exe.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.ja-jp.txt.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebClient.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationProvider.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp	_MicrosoftNotepad.xml.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140_1.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.tmp	_MicrosoftNotepad.xml.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d996305f414cc1a937e3c08c751ecc7d36111d1574ac17eba31a0517cf47becdN.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_MicrosoftNotepad.xml.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 748 wrote to memory of 4256	748	d996305f414cc1a937e3c08c751ecc7d36111d1574ac17eba31a0517cf47becdN.exe	87
PID 748 wrote to memory of 4256	748	d996305f414cc1a937e3c08c751ecc7d36111d1574ac17eba31a0517cf47becdN.exe	87
PID 748 wrote to memory of 4256	748	d996305f414cc1a937e3c08c751ecc7d36111d1574ac17eba31a0517cf47becdN.exe	87
PID 748 wrote to memory of 552	748	d996305f414cc1a937e3c08c751ecc7d36111d1574ac17eba31a0517cf47becdN.exe	86
PID 748 wrote to memory of 552	748	d996305f414cc1a937e3c08c751ecc7d36111d1574ac17eba31a0517cf47becdN.exe	86
PID 748 wrote to memory of 552	748	d996305f414cc1a937e3c08c751ecc7d36111d1574ac17eba31a0517cf47becdN.exe	86

C:\Users\Admin\AppData\Local\Temp\d996305f414cc1a937e3c08c751ecc7d36111d1574ac17eba31a0517cf47becdN.exe
"C:\Users\Admin\AppData\Local\Temp\d996305f414cc1a937e3c08c751ecc7d36111d1574ac17eba31a0517cf47becdN.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:748
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:552
- C:\Users\Admin\AppData\Local\Temp\_MicrosoftNotepad.xml.exe
  "_MicrosoftNotepad.xml.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2629364133-3182087385-364449604-1000\desktop.ini.exe.tmp

Filesize
110KB

MD5
1b38885cbf13f1d36cfd02de95eed8cd

SHA1
e5773697dd3b4953c4809d0236e24f495e9b4cf4

SHA256
83e1631717964de10fc44f1cc0b4bc3fb2e9a289bea7c6f4f6ac87d60dd1b029

SHA512
c44fc14a71df3b2d99aa407e82e3a902b498ba74e62430a3090addb32f11dc13d5bda4484f1b84dd9686a538e6409491a19f586f4dc76b3ec00a0c4a39df9678

Download Submit
C:\$Recycle.Bin\S-1-5-21-2629364133-3182087385-364449604-1000\desktop.ini.tmp

Filesize
56KB

MD5
e2bf391c7d58a640ed52e7e65f9ce9ae

SHA1
e0700dbc0827af048cdc856db8785458f5068d40

SHA256
f442d6ae5ab8b451c95362d9014180db4ce7dd3f29ad1d1bec907ec320feb096

SHA512
2cb8eaed58e233598da9bed8748fffd17be9043b856c61e3ae36e0f0806c7d668eec906c83614b94a173774b467d003dc5bd149d8a8ba312b2e5a832b46b74e4

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
168KB

MD5
e25c47bc887baf484bb319fb41de0ab7

SHA1
618bed50942df7d37431e983663f8bcc352387f4

SHA256
7dfb319b3f2bdada9041fdbe711057c8649f823ebb69efab9671d86a2ed57fd4

SHA512
d802b8ef63851d46edd7934dafa8985006153ffb4c1f443a8946d0e173c32b13a3471f88f9fb15ebc115c0bfbbcef4e6c4f0ff4e5771c5fdfcd608ab96cddb2c

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
155KB

MD5
6ab5620236f4775fc3a54b3ac1e6d861

SHA1
df6275fe79c702bcbdf1d13565507dbf777522e4

SHA256
ad90729237a57b10a3baf45b06d1c7f3d43e1993b0856786d719526d2d148927

SHA512
c5eb95e3a1ff0f4231f31273a90a47ffcf43e54d6c3816299d35d7a45d52b463785fc881a2e810b253707ea6ecaa60460a04eac3d80d45b936fd56adc9a18274

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
121KB

MD5
5f3fd6d0666aecbb6c3aa68726e2ec4d

SHA1
f332cca9133f2308b3f8b3dfb015004329161d0d

SHA256
c79331c4c6cd1c26bf03fddaf5e9f5141ac38178ff78131d25afe6d890f08998

SHA512
9d13ee5223815ebac674c17598ea112a2baf7343719dd580a88bc37d7e970826e7f2202e6341ffec7facc2dcd491d48c5ce91a2358599cdd12945932292e1b44

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
f4a08bef5abf76adf075f6058afa4d2e

SHA1
86bd80eef126d609471b344fcb1555a5380a0eb0

SHA256
425ae435f7e3894bfc8833d02e6fe5707783bffbbd345dc49d34f82c358a0874

SHA512
989de282e28596df9f0382630d5736bbab36ba9353ffba319984085982c3c386d5df0d4fc0b8c358edd6af769e57c20d945406534ea6ba5cbb299dc99dae6d7c

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
598KB

MD5
0a0ce10ad906bc5772ac1f374908cfa7

SHA1
cdec89b5f49d38cae6ef8bb08f1de436b6108794

SHA256
a814610ef0768e53d57f02f0fc163d9b8b9e7a420770a99969ac726acc7dba6a

SHA512
d868bd9e8250aae01383515989b53949a167be28933b028f68f60ffc5722342e9c08e94a89aa44db1c35e083f28f8a640bd31bc9c9c6fbf850ae979d4aced762

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
600KB

MD5
eac4e2029c74dca6835d37dced7c4e7e

SHA1
d78e93fb0def5f7d366c94d0adc5d8d57c5e356e

SHA256
82d70521dee28b35f875221504624bef4f59597734730ab9ecd78976873f719c

SHA512
12c11190ff3e5ec6245041f92a82ebfe90fa1835314a3fa08c8833bb0bd750f5ca1d8f9f141a7fc4955a14d65832ae14feb3d82d27cf14db7d5adb798f290769

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
265KB

MD5
63c767ee88538854b3ca701cc35c658f

SHA1
a3949c4111806391d9545e4328d2330700233387

SHA256
dec04db24dc872330022524b745417533cdfa7813ea59b4148d84643cdf8c524

SHA512
2b2080a684e2aeab962c1b572ddeec8d23bbabbd9b752c0f6bf2050f2344854f99bb22a47579785376a9f1698db16757536641fa781ccd7d57db64b7b79b98ad

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
244KB

MD5
a0add7b748d3f921e413080fbcccc75f

SHA1
cca57f005cb8ca2fd6912133dec8f90daf350941

SHA256
3aa8bb9ffaf51b743c692f785c224cd65626b379a22e9ed8e5c104436b00fde4

SHA512
7d0a1e4dca5414cd9a0f0e2c9dea8230e675722a9ec0305fb8f4c9efb7427285ba66cecec65afd0d3d79b9bb80b067eafb180372719cbff559ff185149c92f7d

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
984KB

MD5
301028fa10ff7813098e80dee6f93209

SHA1
220d5a8a653a42c108c1c979a9c5535a0da604a6

SHA256
4028ad93dc94836633809c960c9baeaac069e5e0f86db3af4e1906f70d476161

SHA512
bc13e0fd92c0ff15f818433e726edafecf193cde8b997a2b9fffe1e26feab3b6ec6e522c6fa94309c0e851454fe045d948be415f58b56b0b7cb83df6bf177688

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
986KB

MD5
cb061b285144ed7bdad04bf76e162879

SHA1
c27002b97468d6d3c1bacb516c4a4fe33b48df79

SHA256
5c891901d89ae8c341c0f23f9c231de1b36dc511ea3bd47ca3265b48f9d139ed

SHA512
905bceb873a97a8c78e5060d958e7606d5bf16754706b83a0f2aaf494f3080c03dea3701faa77f0ff67623ba368c2bf2c2643252cf491b0d183eacc937d74744

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
740KB

MD5
da59364961b288f9954a7eaf36bfb2ba

SHA1
6554eca7669e119f7a8357043a3a200fcdb9a4a5

SHA256
9335c7b941a8e98c57d9da70b95af132cb902186104e723b53c1e49c76f63941

SHA512
7d4c780c8c6c2fedb120398979f3586eea2c87dd17884139a893152ac18b1d2e01cf859c7c23bd092192316176a135ec0985cf96d1e8813b1fa5c130705a2c02

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
740KB

MD5
9a44c150eafa541b4b0bdd2d8ecf146b

SHA1
89c62756c7c7077da173d47284741db638125f3b

SHA256
3712845160652f6366ab38365e08d086922e7f53a405776daab1dff6b17f0934

SHA512
e67c1a2a1cf24a3a5bd580ac3db16d22c36a5b25b782596a8cf5aa3826ee3d8cd6aadf6e98bb9e06ec05fb9846371205775c4f64b5f32d26d96ae3adbcff2fd4

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.exe

Filesize
64KB

MD5
aeb1b812d8e1faa23ed6ef3f45016ceb

SHA1
612e2463b765446e452e46fa2f7282f6b624ff47

SHA256
367d1a8307a5e751ee0b753af9f4528e6275d65026d5c904be30bed80f106320

SHA512
93ebe971d88cdd7ab542bf6728f72a0530fcb36073832813ebdfd983e0af37d6409175b07a0dc6da6ee4ecfd4ed159a2c5082340fa809b43bcc154b462bcc4ac

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
65KB

MD5
cb3fe976d9c824add565f9010d8ee5bc

SHA1
f27286a6489cfb72952259d553ab6e7f0f0fb758

SHA256
deaa03c0de2d1fc57b4693e83bf91435430f8ffefed2d54249f003e9220bcf52

SHA512
1a9b31adc55783931b72a8783250aefa545f57bf66ac4e6993da01ab22776600220d5967558247714444deba3347e69b9ed9303866262a7f425de09ae82a8d28

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
65KB

MD5
597ea41c3e3da9ee882f899805d95e8b

SHA1
a6e5cb56bffe06020f0d996db7a3d0cbe6d3a84b

SHA256
1702563e130f17a6c535f953819328ea3610464f78d897d784fc81d0257f39f4

SHA512
cc7f96e1a8f4f0c6d13163df83cc9b9b7c83d7b1664a5129297f2945743acecc4ac215e808ef796b9fdc68bb7b79af73a6e6fdb06923a75fc6177492000077b3

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
67KB

MD5
ae1c6285449634a50917c474504c76e9

SHA1
9d3b6e54a0da27090ce9781cda917598563a9267

SHA256
24fd3e6fc827c9cdbe5a716ba7a08668e82e94edbab4138cd1d7b9c916d65a06

SHA512
330714727926335b88938368135a5eed0a2374d2c439fc264d577fac5b976f67591d6e493dbe01a1d665e6d81acfdc5ef9dc55e827eea93a0b2fc00a8fb79460

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
70KB

MD5
7ed7d18782b7e29cb267e9f9de7ec027

SHA1
d00f0d482a72b9e1f24dc04a536563b0a30a633b

SHA256
aa9a894de941ef1851951c8e5a02d4267050ca986f90defc884f01d10338561d

SHA512
0c4081cdaeecdd507c1d2fb4a66a886492ea2072fdaa0467eeaa17f7251870ab57d60c5f60a38a9a7edf48db855a62ae1247d6bdb3aa8370fc3f8de304a43a15

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
59KB

MD5
5f7983adbf4b6012c62790e89bbc105a

SHA1
a88c8a039ecad3d74393e5a16a97ce5eff874a47

SHA256
a57686a3658f18dc3b2384f8ec1594e531288c9b45ced8fcb53154b0b252957d

SHA512
b707a6c649ec52be1af80c1359a0eebedf5f5d1d03e879cb717f645399f34a81f51ad7acb85018cc1999e54fa4105ee0b74f9e61912bebbd9e721695dfe5c104

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
65KB

MD5
d9dd63dbe5bfc22c11e202db537dc35a

SHA1
a914b45c0541687c549ae89586698ed368fe9067

SHA256
f8108822876372124975b89be523e83ad37ed401445ff547ac991cba72ecda8a

SHA512
58f9dfed36ee51c8bfc0fddb758c647cc6cbbceb5eb19ddb7f92372a6c96bfd3bf2718b9e27ba5d449318ea5be5176c499d6d0359798990522219b11c837a375

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
56KB

MD5
5a41d88e71a9b7df36dae2612f781fb1

SHA1
c095281f002bef282c6ad76b0ddad6ca8b65d638

SHA256
71c9844ebbf34fea8f523905a562179934e971c8650971072a6c76bf62bd6081

SHA512
70d7193f63d9585e8a30bc58ba24024a717910c02b402bf85255597bf27a3407b43a6a508a20c16384fdee7cba6bab63b0c9160ac984ead1422af8640a069156

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
62KB

MD5
66c1499974b2e2aba0b3ac3077ad11f2

SHA1
742be2e94e2a8471416638ca7aa00fbd3b02785c

SHA256
8371f492ea1d1be21c3bb43f55863675462848e50aef4f5ce9bc063509b7ebe9

SHA512
6f4f77a3916b346b9542c52b7c4d5565b5ee5b3d2f433a69589ec4c195c992a88960c1bd9c0152acccd098864d7afd80c1f192d70fd88c764bf6ff44e0f12355

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
63KB

MD5
4ab8aa92cbf1504ebf659abea73bb053

SHA1
938bbcc90826ee65f57a12c82153423e9a35e9ab

SHA256
48c19deec666da27ff6ad0beab4214941a5e5c06d698cec226ea45e29c4f847c

SHA512
f22efac7f53e20493b6f3d03ee52cd72cec28dd964256053515bb7801aa489298569f2c9b848487ded51021b1ab63d51537e90f15184ea90858667b5198277f3

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
63KB

MD5
cb4a3c500cd5548c608e46974c8f2347

SHA1
9509d5b6843132e35e86674fe3ba11a08c52471b

SHA256
d13e5e0f0c614b3943830405ac25a71ddb7dbfc538a93b540c850b61e86a9396

SHA512
f7ebbdd466f948c16cf3cac86196313d1afd22fe05b3a457b4ff9732b6f5c83262378c7074e089ac25a151039f6b1807a6e2c11f6f53e19e80a94df295f2207a

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
69KB

MD5
60a0825f6518e7b154e48ed4f4513293

SHA1
2f1099e96459cd28cbb663b1b849d80677b306df

SHA256
745001fc37aceb55fb3de62b673cc8bd02bf8f2bae9d4e9430fe823b86136fc3

SHA512
ce7565546ca66d9a95db9ee5a36cb9227926d23783749fc40720319e5959c0fea3183c428548c173d730e39f8b58b08f0af65263e06dff455d8881d66d922d1f

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
63KB

MD5
0300a58f3b487df59961a6302c5177f3

SHA1
82e7a6a4757979fcbd7e9ca240ddeb4a4ca4c47e

SHA256
44b83dc9d0aa14ed1df7f5005d89cd59f4a8e11782cb9af052ea3b896b3d243d

SHA512
63fbc5d77bbd9614af51b7a208a1f4986ac084e78361cd7b996568f4ad67c5b3ecde342b5155cab58d157dfb665a0c67bdbaf4c01932c1f7a886bd4f51ffa933

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
64KB

MD5
917fb31bae31536d221b030a527aeaab

SHA1
4612ff65d156f12723e60948132edc12018ba20d

SHA256
1bd7a5b71fae815fc8e5fdb66a39ba94d206c264cf9d1bbcd5588d6a7aef42e2

SHA512
4652a1681414944e05c7074213bdc76a5bf2dd09098eb6c6b4f078ea3e44ac020ae3012e2e65555881cca22d1f48ac95a2171f97f347ca70c304429bc45a4151

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
61KB

MD5
f4d10200a11214414baa6ae968d3cb1c

SHA1
7bf05fa9a5ca36ec89ebdbf72dddf10324c01757

SHA256
cf1f02cc9a3d0ce6de42edf91eefecd26d53429655be80f265eeb06bddd882a4

SHA512
548ce0f0bb5e8a11404c466cd3681b9c81c961936059e5974bc2486d8f7f4ee5285c9382e95fc14d26815e62a94ab173c97d5ee0bb35690b6ea94618d2cd4882

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
62KB

MD5
17bae037d5439d010032b80e5e2a3c57

SHA1
9cc558f0d8f8ec7b94cc100ea589c28a1be277bf

SHA256
893b005f89e3e272a3e34fcbf6108749ab5f510908f77703d0f452525a8a20a5

SHA512
dfe0199e680ccbc40c084402e0490dd67335a7479f3cbd3dfcc0fb18016c5aedacd5e2e14a094d5a6a051afb6542e410b9319331b7a1fce1a035c3d39c5cbc22

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
56KB

MD5
482727bcc6decfc97b7758678485ef36

SHA1
ef801fd320a386f2b9d516488e152edbb089838e

SHA256
eecdb27b4343233ac3b67ebd2da8c9e68d3f34154f6bdf6741654a731cd4664b

SHA512
3bb95687c8cf792551b28b9fe82b244b7eb81544988002b10a5926568d8f058580c27f7aef5d78a0a6eee1b029d3c733986d9088222400b2fdd977fcef606ae7

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
65KB

MD5
a94c8e73c1c8dd526f81d870eb62af37

SHA1
ac4f53668bbd59c634c72f21552d4aaee5409286

SHA256
c147ce4ea78ab8971decf23a0d90fdfa91ebc8224ade1a82333b8ca4192b80e4

SHA512
6cef53a7863a7506313af221f3a12f7a753588c13a5447825bdf6cd3f6dde14f4a3b7c878ddb7b0121d93c3f1c314ac454721d9c16bd51c9f803a5d95364c0d7

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
56KB

MD5
10f7dded56a0f7489297f48d55be9c29

SHA1
a1375fbabc0fe4cfdf683de4cc6770dca9ec76bf

SHA256
55374a57fb70705ac94eb759572ac095e6cc09c06272e7628632a8ded3e2c5fe

SHA512
7db5d16a5ce730cbfd6d9024077cc8b7931f697ff2ffbed2e607106f79e08fb53d318ee3042bdf142a88656ae163904b1302781ebae5e0b6e2a59b2a2027b185

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
66KB

MD5
f4c2f74ec0f3c8d84b23ba70312127cb

SHA1
7649492ee80a5b2bad43fcbeaac390bb73f39d36

SHA256
aa4be14ba7964e529f01da3c12a4e27c3152411c424b3e1b44643b75f65d65ba

SHA512
1332bf98fdce36a622ea71cf89dbde09c11d7ef99f1fc539242aa9a6ea21ce9f25dc4d293b8839dc26c40a30310a77449f44fd4c9975e509be6d80e22457b953

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
70KB

MD5
3e60678f66833b08bd1ffa0cde456345

SHA1
ac21cbd4a8080a9b0bc042466b3a36d2fcf9d476

SHA256
f2ac1d854d05e2cf76e9cde542f648c1b97e0a50e21691c8ad8cecf164997f83

SHA512
6c2ce3427a4e7981cf8e01a7291abf16c84552c9267ce563870e1a08f277cff5b7b9372f2a0db94e012fe8a3262714ebf5a1ee1e357476f0234cd52b33418a22

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
64KB

MD5
58f45594dc37c7409bc14deaa347be05

SHA1
a69d4d9975565537caafd71f7307973eceb91b7b

SHA256
161268d9864ada3d36f57d8bfa8aef5804648c43c2efcd133403be7a3f9af517

SHA512
aa51ec027b8a23594584e8362ddb8f66d25073f741b927197b46cc18dade90adcef7597b929ae01091fbb53a4a683832b2f80978550adf780fc6b50582f4a77c

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
56KB

MD5
293e50f53c560bf0fb807a03378f68c2

SHA1
4e1bbd40f4d613c9413d100a4af17a3628cfd0a6

SHA256
b8f30033a761f67dae52d5872d11457c9850fd1bf367fc82c1960b2330b75198

SHA512
aadc674542355476b63443f0733bde2c21f587166f4cd3590127b1d8f0dd7564165ad6ddcec3825be9da7876129dc08c725eac271d000e8c78e188157019399d

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
63KB

MD5
4fc951e3b3ee5f13a87aa4504bd380e9

SHA1
61f9bd7446905d587c4820fbb5f9b4ea21f6d2c7

SHA256
8568de6e008e20076d139d9f506a2d9a8b4b3bfaac8ca54f3f71db750ccc3f27

SHA512
230931863399ad3accc3714adf8df30867fc41664eaa1f4199bdee625a5a3c9465bb42197f90a9bfd5c4abe430a318382cbadba4fd04e5b4c29d535a50e56630

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
66KB

MD5
954050e88de37158321aabab5178b932

SHA1
ceedffcd60d64a3ddbccd9f168d9c895592e54d7

SHA256
9c8eb65292d7fa70afd34db706740accac490be8230a9e46438bbc843ff03105

SHA512
6c86c466018cdd45dca1aace7ba81f0a3bce4ba7b0eac5ddcbd59f98d4da0168b927f2042348691415ee38ad38c26b4bd61eb53acdc3c684e9932927c8899c04

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
64KB

MD5
74a5da1be12a4e21cde93a3d426438af

SHA1
0dbe7bf0df1fcdd04ef5cee3a501d0993b1569e9

SHA256
550d23fbaecdc098aca0df052abf51e70993b1b9d3d67fe969c839bcd62f6ff5

SHA512
8b8cfda4c977ba0e055c2eea1e25c3ee7d1965d999bdccb9c69464b756f5ac1857ade57690cf2ec8b94baf60664b61705734c9bc793b57d8cbf8506fe25c75b9

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
62KB

MD5
7012258c5a9d76a5834d6e5a5c05e7bd

SHA1
330df23fa2b3605052eb604e9d6218be3cf6bc81

SHA256
1d3128c2a47887ebc98f25b3c49c5f184f6dbb9b6814949ad0f3224873b4ff10

SHA512
b5aa1c2665e5e579c90c231ce5f512ca10dab4ad035396a62f52d6ff43c7f154d26334dba1e05c827574caf93eb5cdd2a1a838153b1bd826b1cba41e7449fcd0

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
64KB

MD5
a30c366c77bad6830f7dd7c6767327b3

SHA1
60b7cf2f5e3bd67c9e59c5772e1466e1cd1b234e

SHA256
8d56003d4260916889f1193ad96dd49bd093bda95026276e129bf1c715b7359b

SHA512
1949400aa6c3b66c5387def037339a72e2a72dd9667ee0505a7159d876520ad427d6cbd1d4d4fd4aad924dff6e00eddd7eabd5228562b434778beed716aaa005

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
68KB

MD5
30fb83de1f80d5e927a9ee9e1e03a57a

SHA1
b066651205fe5338e78a5c9c82d5ba284ff08a50

SHA256
04a9bd889d5c4f00b10c9dc32b322ea52c67c16b19bbdc8f807a254f4a20c1d3

SHA512
2ce41664751b2707d4a5fe2f2fb0122ef63e39530f21b7a52def2c75f19f93ff78b7f12345ac0a19be1359b914c01067a55abe491c2adee0971acc1cbcef423f

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
59KB

MD5
66e4e66b1c299b4d4c655bfb76863765

SHA1
3970824bd5df1316dbeead6b818992abe614f8fa

SHA256
8460ca7a1e72c49d255d4be84dd7c55643563a88a73c312eb86ca1b97b442cc9

SHA512
198fa5ad8e697e6843c8d21e682fc04a69b357ff690d944a983480917023e488739c50a94ea7163b067c42f716af5f13611c8d03ff20e01f0c1e12a9754d9d9f

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
68KB

MD5
84a3c2ea3ef80cb30e973bdd60bd66ec

SHA1
36a7f77992a1cf02b67cdbab89c94d46054b13b1

SHA256
6aca52838ec3b9a03f34ec89efd7bfc248690765d2c6ec3e303b6dd5bdc70ce7

SHA512
9353ea63b7d02f9a045ec604138960080f0fbdfa390fccd553d18bba2c57b135493e939ed533e3fde1469c0cac9fb22702be53edcb91161a6006a5e64b092fb5

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
61KB

MD5
5ad7ad5148876fe94491aee91c13cfb1

SHA1
c19504e42e6c17115584cb53d894cabf29a833d9

SHA256
f94ec166fa883f0f1b5feec9e19e53ba797570e08fc08947e46ed14a80fd8424

SHA512
1682c427166f19b806ebbf72b04792bc9a221bdff719025db032067ddfdbb522ec3f8431d512edc5c232399131cfb3e100a21a9475b6ad2193e3d498510693ba

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
62KB

MD5
9a85431b85bd2c3284aad7bd50b13275

SHA1
dc0286e8882a811105a2553fa61ff6226e8abbf9

SHA256
014627952a2d4d3293b037571f803d9276d473c529ba78c58c0bae22997a8ccf

SHA512
31e037a09c5ab7933e98f2a67648a72cd7b09596ba9cfbdd22495fd2e2566685cda4282385a793ee10e7363bf28e5c3d37d5d2001a0a5813c3dd032f5a632663

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
75KB

MD5
d3d6af9e0146128c8fc730654da52bd0

SHA1
2a38c51670b8403e47eb05a7e1f10c68a8c5d5e5

SHA256
85d379605c044bc95e6b3c1ec9e3bd307040fbcba54751f5fcf0d2cfa31d7909

SHA512
c253f20139b4d6080119b0eb59279fa59814250e8873b5a232ebf2aa13d1198fa564b7ce01fda883adf54aa8cc7293892166fa8467cbea0fa52c6da49b830d55

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
66KB

MD5
58129d7344a5ac09bfea0b502a70d4cd

SHA1
9b0d9479c8014cbb75f8d5cfc504a96e041bdf04

SHA256
501e426cc615c9e18f90ef99dce3411b427e07e50967bc74bc1a36e30809aa25

SHA512
20c270f57243d50b6d2e91afc5706ac59e07ab6e2a48a4ec2d28efcb94a973f0c0351754a966210b1ed2098e9a04c012cc39fefe9321087d721ed33bab555658

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
61KB

MD5
00a6e1a2ad2802a7a32b61a5ca18e886

SHA1
a838b26aa7318a4e4f721f3916a6c927734c4b3f

SHA256
47be1ad0d4bab1564d0dc10626e1ddf6bfeb0db668ece90f7ce305fe88d3a793

SHA512
8646ae102412e68393ff41f2b488e6f79538fa5b3d576ba7965c0b175f43534224f68d308dca2f0c5ea5bff6fe1772ec595077271de50411bbaa6784e941878a

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
70KB

MD5
f97b3e6ed228991c02b5961c214267a0

SHA1
7c39be6cb9b6b219f0d4e1cefce2a97463184a3a

SHA256
e93114c7ab1bfffe7a2b7ed59f5f212f544b1e6ca0e3254a5794133797feae84

SHA512
74d98092e4a3ddaeb46180dc88a9eebe1a46a7da1ead149f62c6d2eec7737d30cbdf4af0d271d59b16c1d4be7f70cadda09296bdaebd46d13b4b4d9e40b0e977

Download Submit
C:\Program Files\7-Zip\Lang\sa.txt.tmp

Filesize
75KB

MD5
f1f5d102e24c30e8eef29af6e4a2b945

SHA1
b4d7fc9c9ea45791fd988176ff42a33958f1aac7

SHA256
cfa361d37c59623fde45b6685a8252ea4ecd3c8e2a11f83e8a370ef0f71e3d7c

SHA512
40d36b46ef6070de7122f6a37ae7279bfab92b0748b7ac31a123df2d353b39837e259c83eda0567f19507b7365e22bb8742dc53f87e1f3b1712d63d138cd1887

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui.tmp

Filesize
61KB

MD5
f17a214c7c92d7c486bc7dece38cbee9

SHA1
339a6e1a6d50bc1278d74515a918b6d3a28874df

SHA256
e7d3c9b632dd587d44b923d57fff8121d8e96415ce4ead7e1e48524ff51fa7d7

SHA512
23b44c15bb46f56c0c07284504f5fb76186a088f1216f2cb86af6333cf2d07445b6583e7b63a2bed9e3c3e7fa8d8b9d1cb67d474ccfc8ac9e2d04867473f1cd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MicrosoftNotepad.xml.exe

Filesize
56KB

MD5
42a51ceefe4ba75e42a1ef46ea91bcff

SHA1
313551ae3a508255e53b030e2ffd21cba6ae73fe

SHA256
69849fd7d916a2a0e8fe9875da1aa42fabe1dfd9b09baf9c09a7fcb13ed574ca

SHA512
331bb77f1c24834c804ae79759007c53d0b55f9db0720dac144ada32b2563e3d3caf6cbad5f94e195d2eef859f8ae9e26cffd281f2384d3f2038134dd2e69d1f

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
54KB

MD5
dbeca3de837c5ca875b6c91bbc049724

SHA1
8954da16a1cf564e897aa57d3ed0749048694df0

SHA256
faaf849809b64aa9d54de3a544530996955dddee688bd43019be93c7afc79972

SHA512
50c3ebe0e44fd6510970a033211f4efbd8cfdc38a8f18cadbcf2691c117a3e3446117e5a92b0dc5ae56ff3b39098d11eb2d29c5dce2a4c9d4ca1e13cfe7d1afc

Download Submit