a8971320794e2f5811b29cbfc1d9985f410031f4e2f614b0e80d68dcc7d38c43

Analysis

max time kernel
120s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 05:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a8971320794e2f5811b29cbfc1d9985f410031f4e2f614b0e80d68dcc7d38c43N.exe
Size

77KB
MD5

12bccd56216839183e640f8fe1146d90
SHA1

65170af608dab569cc4f9f5fa90111d0e4b04aaa
SHA256

a8971320794e2f5811b29cbfc1d9985f410031f4e2f614b0e80d68dcc7d38c43
SHA512

5834ee28701d82a82830f09b2b7cd87d2fcd6035247ab4d07e60a62fb82f2bf8a265f8bdbf10781f6e9e85b2a804bc80ae9a3d4dc6738d45189824ebef75c7d2
SSDEEP

768:W7BlpppARFbhknrzzA8JQ2AdJCzA8JQ2AdJWX0kXX0k8y7BlpppARFbhknrzzA8b:W7ZppApkGpJy7ZppApkGpJ6

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4810) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
1332	_Firefox.lnk.exe
4388	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	a8971320794e2f5811b29cbfc1d9985f410031f4e2f614b0e80d68dcc7d38c43N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	a8971320794e2f5811b29cbfc1d9985f410031f4e2f614b0e80d68dcc7d38c43N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-localization-l1-2-0.dll.tmp	_Firefox.lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.Lightweight.dll.tmp	_Firefox.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ul-oob.xrm-ms.tmp	_Firefox.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ppd.xrm-ms.tmp	_Firefox.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.resources.dll.tmp	_Firefox.lnk.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\MEIPreload\manifest.json.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow Orange.xml.tmp	_Firefox.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLPROXY.DLL.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-memory-l1-1-0.dll.tmp	_Firefox.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp	_Firefox.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.dll.tmp	_Firefox.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	_Firefox.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Input.Manipulations.resources.dll.tmp	_Firefox.lnk.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	_Firefox.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	_Firefox.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub_eula.txt.tmp	_Firefox.lnk.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Input.Manipulations.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\tzmappings.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Integral.thmx.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ppd.xrm-ms.tmp	_Firefox.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationTypes.resources.dll.tmp	_Firefox.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Threading.AccessControl.dll.tmp	_Firefox.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Initialization.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOHEV.DLL.tmp	_Firefox.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-80.png.tmp	_Firefox.lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp	_Firefox.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp	_Firefox.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-pl.xrm-ms.tmp	_Firefox.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-oob.xrm-ms.tmp	_Firefox.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp	_Firefox.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-pl.xrm-ms.tmp	_Firefox.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\offsymxl.ttf.tmp	_Firefox.lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp	_Firefox.lnk.exe
File opened for modification	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	_Firefox.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\ReachFramework.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClientSideProviders.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2XML.XSL.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER.XLAM.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-100.png.tmp	_Firefox.lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Quic.dll.tmp	_Firefox.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstat.exe.tmp	_Firefox.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusDemoR_BypassTrial180-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\XLLEX.DLL.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlDocument.dll.tmp	_Firefox.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationTypes.dll.tmp	_Firefox.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsBase.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	_Firefox.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	_Firefox.lnk.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a8971320794e2f5811b29cbfc1d9985f410031f4e2f614b0e80d68dcc7d38c43N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_Firefox.lnk.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3444 wrote to memory of 1332	3444	a8971320794e2f5811b29cbfc1d9985f410031f4e2f614b0e80d68dcc7d38c43N.exe	83
PID 3444 wrote to memory of 1332	3444	a8971320794e2f5811b29cbfc1d9985f410031f4e2f614b0e80d68dcc7d38c43N.exe	83
PID 3444 wrote to memory of 1332	3444	a8971320794e2f5811b29cbfc1d9985f410031f4e2f614b0e80d68dcc7d38c43N.exe	83
PID 3444 wrote to memory of 4388	3444	a8971320794e2f5811b29cbfc1d9985f410031f4e2f614b0e80d68dcc7d38c43N.exe	82
PID 3444 wrote to memory of 4388	3444	a8971320794e2f5811b29cbfc1d9985f410031f4e2f614b0e80d68dcc7d38c43N.exe	82
PID 3444 wrote to memory of 4388	3444	a8971320794e2f5811b29cbfc1d9985f410031f4e2f614b0e80d68dcc7d38c43N.exe	82

C:\Users\Admin\AppData\Local\Temp\a8971320794e2f5811b29cbfc1d9985f410031f4e2f614b0e80d68dcc7d38c43N.exe
"C:\Users\Admin\AppData\Local\Temp\a8971320794e2f5811b29cbfc1d9985f410031f4e2f614b0e80d68dcc7d38c43N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3444
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4388
- C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe
  "_Firefox.lnk.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:1332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-786284298-625481688-3210388970-1000\desktop.ini.exe

Filesize
40KB

MD5
59d3e446ea3151c295ddb33a2338c6c0

SHA1
a64b8cfd0122f7a7dfc0960a303670ed91fb8037

SHA256
1bfe1c9c248d91a9341f1bb66fd1582267268c83b86504d9a4980a0f009ddaf8

SHA512
89fa1c0bc412ed35a00e1195b548166505a86a5fe72c085e8da9295a67043894b5141f71305c53ebbcc89ef195c127604071ab99667b58f71fc930d0511fd585

Download Submit
C:\$Recycle.Bin\S-1-5-21-786284298-625481688-3210388970-1000\desktop.ini.exe.tmp

Filesize
78KB

MD5
d983ae97aaf01ac1ccea603202a0e31e

SHA1
752657c291137af101eaa3a874ceeb1ad2d947c8

SHA256
bdb2eab8636fedf83431c5cec9f2e9e95c18f9a625755de41258eb4aef13fe3d

SHA512
51d2725ab472ad0ea9744e65ef9b276feebc206689c3628b62c140a67320c51a6eb6fc7c751495f8009ed3e95844783c7fde970f665818196beec0cdd34fc3f3

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
152KB

MD5
6c310e7ffa524d1fcd6af0d18c21ae0b

SHA1
cad17d0d68b3fe5e3a925f0dc6618f2acbff4616

SHA256
54cc836a6f97efa74f2a4999fba86e584f68cd374acb48f4c38b40082e09efa4

SHA512
26f1857459b5eb6a16906875baa09d0a5623545af99a4f48e60a1810bfdaccd67fc33754a38ef55855eda79d54c8a34f9ce65700986b4fc457cf4e94d7deca7e

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
104KB

MD5
489b322a5907c3378a52c980ab1eb003

SHA1
924bc4872ddbee52dd28b2d36abb9cdaf0c2b8e0

SHA256
6ac7415d05ac48d64b4d7f1d0bf12e0c0a40cf44c68f180c827d3d4f36862c71

SHA512
7d1e2ad813bc27a799f9c97355fa8a45950c59641743ed631abd1a1d9edf307969921ff7f56ab34b4918342196fc75cd6b688a7acbc55a05d686f4cb53f0f145

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
ea0f727e62d303e088799c1b9337b0e2

SHA1
43fccd68ce3365c9b3ba5595b7ecd43b4527f692

SHA256
139def2b9bdb16da69c9382c73d63befbaff7015d6607f0e3f3305c23e1a8265

SHA512
0b3542a7d79a0f04cc83a0786c7da029a32c8a740129f469202bbb290aa077033fce219b2a5756f8439ee1466f4bc6b4afa52a75d58bdaa608ddd388104d60e0

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
583KB

MD5
661f6ee24985d4f1fa46f6f3b9b64b3a

SHA1
7a910d97f40bd9a168ddcc1bf9c803b82bf7e864

SHA256
87751ec45c438b830131550e52809c3f781a3265deb55c968713f6914b6d5517

SHA512
d60580b3d20bf53f7bf0ce8c9b85a0d8c4c98489f489b464bacc0479961530b27753cf3423442aee9cd41bb55acf1ed97a2adc6ffbc007125449804e0f2273c3

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
249KB

MD5
5662138d4449ac711dc7b33032c15a6b

SHA1
091f2c040d3d62887c8cf2d7da118bbb310e68f1

SHA256
edc15094c019de816416b7ee3b294993d3e6139f0cae335a584e728e1edda52a

SHA512
d8dec0f992ef4dcaccf46bef4bb9748d5c1539cf6a3098b504525b4b8393fbe3b9b8763ad02ec8a9bf1d37002b594823edf163bd277e21525a372e33a254e44c

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
228KB

MD5
768c99eedc894adfe757622484912d94

SHA1
d985b85756e9eed985cad7b2a2bb84cc955c1051

SHA256
392406c1d2a685d641ac82cc280a923a984eb2773410ee59f13ccb070100d78c

SHA512
02e98e7e8cee84fc74499684c58d1377f42e673aef058679d03c6afa761cb8f41d089b28d172a2d7a0c0526dac5803a730f6d98d29cf1cb845a8d690cb99d0b2

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
970KB

MD5
7e1d0bcd3d7ad3dbf0959ba9e36194dd

SHA1
54ee14904e5cf5cb8e638f7700d2192d226b16d6

SHA256
c79af5c35f45c5986040239081e427c6c990ea6a10674591b2821ede86bb984f

SHA512
5ef2b8f505e345809db9189b8964973772a3c9114a7de6bc1b67e6384a717e718f47cb0ea60d66c57aed47e4871375072515d17df5cc7e2a2b94b1a2c2d029b7

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
723KB

MD5
b3cf332f40655b305798def4956efef7

SHA1
8ac1d05e52880ab9270ceb42cd2c720cbff4161a

SHA256
7f83f870eae30be1d096b97f387a7ede9ddba66484aa77f13179285da434595f

SHA512
076f817580ad25912d40ca89cd082f365024e607eb458e61b20306dcbcbbf3bd17ae4900b88086751569027d4c1ac320208e9bec5f5a7cd65dbc3e74d7f72cc5

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
49KB

MD5
48b8156d9b3589f1eec4d80c44fdb380

SHA1
e26c08d2d10489b3a0a5dfa0ecdb002ab9ab5654

SHA256
091ea4377a0e3ea6524cfbf68ec069ca8ad7d7b3b67ebea34edf021d8034d024

SHA512
ec6ba9c20182e22bde7137f8b83d4eec40de6acb212255d42df38e28e6d0a6aad2f61b871d8687147de9ca1afa09aa78887d45d9dcf925c416f38b4664c49f6f

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
39KB

MD5
3945ff7c5e33c9050ea21a4c3f8fae1d

SHA1
a74d0eedf156b9b2ceb8f5629cd18cf4eaefb270

SHA256
fc21d72899a232f14ff5bb6c0f774fcc82aaeb6907a6bff468a9fddd07e6942a

SHA512
be22cfa0fd6dc0dd415a0b18633fb1f771d71ac8355d18136778bdd99fa5b3bf3157c7c28dc4267432d3e25754c6a18cb2d2e597135504feeea309740c2eedd1

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
43KB

MD5
82e4f9e55b7a2adad82c2ad5a68003ef

SHA1
ad54ff514ff50d38cfefafb6e61526f714bcdd19

SHA256
6db75074238e06783ea498edfcf280c3c138ca4261a376cf0da199978e64a042

SHA512
d82fb1ca20d461179fbd23e21adf33d431b3e7313c06520cabfbcfc1e22348c8729b5f7d2829acfc6d35da36f0695e80112fd660e28032ab422202f3c1d5b985

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
47KB

MD5
a55ce1d027250a2907fd5369cc285f1f

SHA1
c233fe2a64178b5aee13fd52b0a27ab29e88975f

SHA256
762cbc0757778048b0370203de15c383119514976803201e379d49276bc45c2f

SHA512
be1a20b5c9d65073fb896019526375320b99e738fec792bcbda418f8aeafae02c7b6513963d3f22111b2acec9ab4ad10f10389590bc0277af5f4bed1c800024b

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
50KB

MD5
83090c3ddae50d41eb5a9a8ede1ca569

SHA1
fc68f20376202791f000f9efc49bedd9b372265a

SHA256
4b46492f3de40d2c4cf454f3d719284c88ef8ef4e7dd89c64c2925f255bb9450

SHA512
27d56a6b00bd16b41d36d5623a66b8bf341e1f8c4b8b6d9e8728094d8586943c32e3a168bae6fb1d2e8347e9a39f48f08d766343e61dbed7323ef6f7ddc45bc4

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
51KB

MD5
304343396163555d679c28a32f54bff5

SHA1
28b88d9c5c41f75795ee41b95b3d8ce9d6be1d9d

SHA256
c7584ee8b621c60d3c791ceccc39bc908d3ab280103876b12a7678aebc46f269

SHA512
3c27cf821796ba0b8d898702d797f00c13ae6c7993b098348128012d11bfab07a5de412d80994953f54fa8837346664a862d0183c80cef2ab2c2fec4e3ed469d

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
52KB

MD5
ee5193fd621efa16bd7510c20ccc0256

SHA1
67fbfe6eff238fccba424a0861a275396be7b6af

SHA256
5f0188b637d519d31724dc615d86afbd19cd4009f1e0fa43c07ec3f35d54042b

SHA512
8bb2ecb82bc04265d7f9f30c5d72bf8d24e68bfd90875460ce3908dc86e8b81b8dc11ed72bacc17edbafb1d2d7565329f24306e4700c654fcf96702128e61489

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
49KB

MD5
a952b4bc70aecb5cbe2b15a9d95b42ce

SHA1
d0a8562fa61f0fe2c47e482b420e0e1393fad5cf

SHA256
145d0e1eaa72dff6742092be283acd24a6a0fedb04821ea2906f1011ad40717c

SHA512
5e9c893fe8b388c487e4e447c1f368f9af974b5f2bd86615c90682aaa1b9f9101b4e97689037da6a1bdddd18d18dcf9d3754e26828a48375837a07416950cbce

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
50KB

MD5
93d85939ad0e91f7d0c386a4c10d9a2f

SHA1
24fb4a20b5777927a84ced1b292adcddcd77a64d

SHA256
bf586935d65f514dcb35c5c894287dfd95ce38b12412fc8ddbd70e9b5b3558fe

SHA512
ada09809197e195671537ffb541dbc401e19af8f4362d2c276abe8826953bca4a7c531f051968b4ed65a2960b2e635a509727c9151d9a5a14670c393d323b65e

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
46KB

MD5
08190b4ade238ac602972fbe8d9e447d

SHA1
7acf3afef858161e66cabdbe328eec64a9c0ce8b

SHA256
167885fd4b27419f9fae68ddbe365d7470bb0c448837138612077a0f3c4acf3c

SHA512
215f9c5ce9a6fac86ccde56a3aced696c5eedd89f18a91fa730f7a74857cc3d86b90b4116bb0cb45e023a76780a66625967531f395f0a6baad2962dcb744b45d

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
43KB

MD5
f15bbaac74cfe3ab35cb03e120128eba

SHA1
b531f5bcd35bda2792f50cb98d59ce24df3e826b

SHA256
aad02d788b82ae3d3d1d431ccbb8520ed0cf5a7955f49df8411770d5a330401f

SHA512
46cac2e39c84829b45e1bde7dce3440a11857f8fd71a6b4800d9ce9e012613fc27ddf048c545dfd5c198b10807b1bc110dbb8817d014a2c084653c84f72d7a7d

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
49KB

MD5
f31876fcfb73326dd37638610aa72e15

SHA1
9df5a3dd92c63205b6d264d85bc4d9aa72a414bc

SHA256
13f4283488b9339b8cee6977203dabd0b0785be23f70c03f716dc1a7ada2505f

SHA512
c337bfbdff02fe903a458a9028c745fb35eb79306a030abc1f6f35668c41745fe5df4185e5f773bda91d75e258f8824d57572141764a9747e88770d74c14055f

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
56KB

MD5
0e05a95ddb60b9d0b09233f49ef8744c

SHA1
7c2048c3dd34ad3b4c23627bb227e8b60447acb9

SHA256
24f77f043728b664e157d41b052f8c88e345a3b1f550953a564aa1a16d282961

SHA512
870298835ab64fdaae2ea187549cc0d1aa0a7d8ad9d7d0676ee74e63f406dc55066c2d8d6938313084eeaa9634bbf62104cd615f03063e5503baf7536791d8df

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
45KB

MD5
485735e79ce3c7a507d051c2d68bffb5

SHA1
b5cf2a3ae289dc0f60aefe429461b1645792a4bf

SHA256
5f6cc145655090864971dc054a68ed59a5bcd184fd0d1b3d0063503741cb14b9

SHA512
042809d68013c19c38c4637ef7e22466aeb29b3cdf1c9aac08cf73367f210e17a43c3c27d417a332022832e984374b0d9858c3a4859aeb655fe11722c666ea6a

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
37KB

MD5
6ec25c98ee7b938ab4c255734892192b

SHA1
47ab643a5badd3cb53e069a018a46e12fb9a07a3

SHA256
8e381b6c1e76b756c62ed82883640c972dbdd34159fffd09544a79236e1e8a8e

SHA512
6be94a9e85c5d86f6245e4a624acf18f74d0f91a453a97b039a9598c904795c3d4714b87f6a50d156231d9bd74ae88cdf6ccd33a99d82eaebd8f053f72ef682a

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
44KB

MD5
5b496c466a15eba2f8362ec8d0798e10

SHA1
40c3fa346d745781753ce8e392807c23d005e36a

SHA256
b13a91e430768c59aef10917f7d984732c024101ba96d07b9ee92ed1d6958a49

SHA512
b8177f493a10cdfbdf397d55daf865d5a264ae9798c18577221f86ef3c96e26c0c33b2c85690c19ec7b3418ffdd6b0a547b613082bfdec34dc477a892094779c

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
46KB

MD5
59f8046094f615b6c66590940548bc7c

SHA1
9be589717499b63b09936db846d1cc567accc17c

SHA256
9a6824eadd93487e1710a9476d4fe8458085d1396bd756679c1f9996cf58ae10

SHA512
7b532ccd8d631576c5b375af65b179b33b02fd3cb823f83dd1399cc3b7af97d9285245a3352c2b8df2fad46afe3e6d56f529eb402c0d2db05ec3e3c91fc961d4

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
45KB

MD5
c81122397048df63051b3bb7d4a05ac0

SHA1
74832e5db59d9f6eead65e4066bd768beb024556

SHA256
8e6abb1f284e055bbdfe6309da66060fe2873fe702fcb52df970c36e79f4e015

SHA512
fcb4b7294b5274eb80ee417107ad3f72ae6c0ff439024d5dee1f5dbbb0af8ad461ab1c6b2bbee6c53afcc7bb59d1f6bc6288fca2b3502de3b6ac83608950f14f

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
47KB

MD5
71d6099658fc023a59782c2cc5b5fe83

SHA1
b5c4b93f5d4b48757acd23991cb465f7167230cd

SHA256
1b2c1cfe0e973a4a084244f8f52e9c18b1a2516e6181aae8d9f085e8d347d5b3

SHA512
939a009b002333e204800b9ff045e06a639c5d10e1d85e7a3e495f79e38abf8e9296d19688ff024303c8136f96b3458d9e1e9a624f19ad3fdfd4f76dfca55dfc

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
45KB

MD5
262f13e4f855f3d4eaebd92feeafe70c

SHA1
ce706099cd4366dc239060840fb918fbb180de24

SHA256
798fd07520d435f058f2ac0d99bf244d699f92e758294a0dcb71c17998193b11

SHA512
c90179ebe89db90d26325c49bd23344ebd83d8736ba0c28ccee20e4ee47b83a7537628cad1f0652fdbe5f8a9911199a841967e4909c98cddb22d83acf419a448

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
39KB

MD5
c1ee8efde07c952e516648b477e5133a

SHA1
f26c961cb917008b7680d599d96dc614c7724c7e

SHA256
c4e618050b9e12db24c0a4d23170c7b7c3f4abf44926dde7692b16d8314fdd36

SHA512
57f42e4a5ec847532b43e5070ca677bc8a3a5be363945fe803e904f1ec7c22b92d1881c9014f310b5cdf641ea627628bbfb4da60970935b647d39a07b807416f

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
46KB

MD5
21147a7071c514cceb0d2b40d9fa0d91

SHA1
a9e65da1a4caf9daa799c6bcf9c444d1f00259e7

SHA256
12e7f963020369c4f3b331b48dc0b8f3f8ad02d699285b7a1989f29e277b1956

SHA512
4a231136c7e27781cdd07346f4ebe26f2ddbfdade56e069adbf589168b20380419e95fc8df617ab0e2cddad1c2931c11fbcd80e096faccdc894ee2508bdc6d2a

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
51KB

MD5
39bc94f259582749ee0423057cc7185a

SHA1
e8df5a949a1344b840e031f86c7654434132ae1b

SHA256
f28462fe3def69d2ebc80de95d7bd428843f16e62f8d157c2e4c1f97299d17cd

SHA512
1f1485be934958fed81b1862952c6ac938a27ea9f93c72ebf73d18eb6a9b34c395de37425008713154a5a8dfab64706cfd4cac0c1b4372b4dc422276b72b6967

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
39KB

MD5
80f83dd7b32f3d9825493ce1655e9ff7

SHA1
e82674b19c1ca45a8fc48ce172fe6e8236079307

SHA256
36cc46253313d294e235431105d179967cbbbb7e27551cef27a376a99582ea3b

SHA512
5b9fc87f902755eadd485a6dfc892dbc17192c7bd0835672905216402be97391648e17f5186623eda2557c6aa20ecc666a8fd57894c8964baa405029ab905216

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
46KB

MD5
ed701299f04d2a80d0dd14a0e0b445db

SHA1
85c7faaf44d02566b615b86e920d3984b15f36aa

SHA256
73e1fdbd54e51670a554cdf47a36579de6174ce39877fe60e19a230f4ec04b4f

SHA512
260d1e202b992ce78ee47702204bd1353ba4d77f73ae1b9eb72e5f17e2921f1edcb9376c4135c62580835bba5ef752d5cf373e869d6c213155c2318c719e04af

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
47KB

MD5
765598dbdca0635362287c11b6b668ff

SHA1
f7bf76f6c9eb4af0b803f10ae577cbc310d0836f

SHA256
845eb4b945cf54e08a42141a707b531aac6893a37c8bf97d70f3eaf9044a882a

SHA512
f173c7bf007484dc8b43acce05dd765812f3e89b1f620b7e5f26dc0673d10201c579ba935fd32ea93cd8337160b1be97e13b7b07610693263c82c290982af880

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
51KB

MD5
376688ed45cffe3bcfddce5e3c221a81

SHA1
9c21181816aa342ded7a3a9e85e8afae636a08bc

SHA256
35ece69c360741bb206db1a94d9eac8aab55363fa56413b5f1688f100840389b

SHA512
a4d23e3c48f45d677160776e31426ffb46d64b1ce3bd016e08889b3e3968913703375ff9185e49acd99f8a9b252281fbfa62aff970f36ba2a46046e5546e5ee2

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
46KB

MD5
93cdb092b6ee4efc9a8b93d036c5e6df

SHA1
066608eb81a55483bff6c733a46f4125422b3484

SHA256
2ec6aa41851637d136996fb03676bed42ae87da95469b6c9b9d274f95324597c

SHA512
07e55d23a5b427b612de656d788598b824b766402239efe38fd17d9f7652f90ae8a5af5ff51922609b114e5d704b389fbb8461c9fe40846101d6c46907a30d17

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
49KB

MD5
4c9667be21a4bbc38954acbbd797f316

SHA1
53bb4652aa6c52d57a1d1a3b7a3c1ff9e4358493

SHA256
b539ae01fc2a0c437271bf3643c85bec1a51c43715422bdd7cc044eb1dc42368

SHA512
548ecd08e407b7d5eb202c283a89cb4e289b0546789636679519e90fb5ae92d0cd0d1ebefcf8bd64f3a3b98bcd4a6fc44264e121c98599ab25915ef6ffaa6207

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
46KB

MD5
ad842dde68db15bebd881a9ba63c9bac

SHA1
6cec64dd216650d6ea45de1886a5ec581bf742b9

SHA256
059d9251f12c0f219deb861791864031f7d9c8b6bd77595f010c8c716d88f9e5

SHA512
436a95766ab6dcc75dc4a570969e1a8df255dd7a3f7cbf6e9dbdf3bc7a8eae5d443a798c96e965d959ff9b9325bbcfcd9885cbe6b52380594c1d86827dcda62b

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
49KB

MD5
99b66341c6732567485bacf06ea84216

SHA1
83c10a4a2373b5827e61ebf64460bb5a257b757c

SHA256
759400a68f20d47ffe8ac05ecb13a0f182b402192deaf271ccc8dd2e32b2e653

SHA512
923a24e73dd2c94342d69181b6fe444346970b1d08ceac7f16a1855712e4ffb6f1eda13afb5197508fde0250859601646e55a80ef23eff3a3986a1857f5562ee

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
51KB

MD5
ebfdf41a3a2c958aa7b113a32a3757e3

SHA1
71e1ed8c88e3b5be847482cf0fd9a622f5f00986

SHA256
8be3ad74bc2d8d070bdc603eefeb7663d564b04167053ec8c059de1831a2db2d

SHA512
b710cdc1072a387976389a07b6c400de16372d84c6fb37419a7a571d9e9b4238010fda305dffd357ffe0e3bcfd9a07ab12e1f25accdd2a176742678699607157

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
47KB

MD5
f8f6d339b11e3caa93c8036fc8d2ed56

SHA1
458accad9ea033e0527c98fdf33b3aef0b999e30

SHA256
c0e62151dc508338040ee54e90bfaba6973626da6e4b1e91591c8dd7def2937d

SHA512
90c40bce74a595ad2037820fd6d51df0ef6b9a1ac6308159e8d8eac3921ad4bd58dafec5e65c8540bdd0450b7d49872c7fcb3e091055a3bf5eb18bcc3a7dc834

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
47KB

MD5
207174cda6dba2a9f6a3fadbd34627bc

SHA1
c76ca9598f59565795c10a616ef8657a0df94081

SHA256
0a8fd2f020a6c76895c7b5e186b63309011808fdb9da844346ebfa09baf67284

SHA512
01e854b4e28e60b412a9b9d72a0a945dc0d9e28d43075205d1df9e273e3ab7e0e17c17eb78d1ed5c11afd8030013860884c08e2df625a468ad654c645bb36d96

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
48KB

MD5
ec9066594f12d8edb8396fd7aeb134e4

SHA1
00786648908604ad898cbfc4e9662e909e28393b

SHA256
99aaed9915ceabfb0298c044ff653d71043fcd3de2afdbe151e269e596a493d7

SHA512
c68320595ac6c2fc20480809c2399c7853a6110c183bc9e910fef05320729ad1db78a3e34e3536a76bb5f65c0e883249657dcc1d91db09d11db55ed4c1a31510

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
52KB

MD5
7e32f638e6ddb9e4004f7f1ccea8ab32

SHA1
1995f3b6a3897a05a4e0e031aedca8197a08eaf8

SHA256
d18b98c845c9a2287ea109676b37c9e894b81874679e15de793b48d713db9f9b

SHA512
f317dc744a73ac33bafa812c506e3fd3c3df0c68ff16e223ec2f6dea60828ffb5aa85e7c7fc91cb24fc88359a33ef0badc4c49013577a340cf72b92a877ed287

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
52KB

MD5
58a06e4fcd146307f2410dee68982cdc

SHA1
ef93953ef78f5d4360e27a798c958dfb74fe914c

SHA256
2b4f5392cd91557ac0ecc9e6c0b77f2cf0bacf99ef01ebac5fc3a870d4595c8e

SHA512
83a1a45b326330c3f12ef68d58360752f4cc186534ae1202d80abcd7c17ca74fc14c501ad2c930c79432f9716d8d95e96d2480a460890a4dbece6a45bd534757

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
39KB

MD5
23dec928fbe2d0ace262a8251b246539

SHA1
5d680ff5d61c56d945b1adf52664d810f4523ed9

SHA256
29f0fd6aa572b18c8aa3ba8d9bbe840bebd81b0f306b46935bf4f1d9402f309b

SHA512
ecf6eae90c42bace9468fdb79288e1027c60da075d88e1a3890f1beb772ebeb960d1ada68e2a8396a461df7721678c34f49837f4ca25023f39cb7c297f7fbecd

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
47KB

MD5
6594843eca08c149f5cb5634e524d4f9

SHA1
ccb36bf9eec2393c0c8f4cd89148283a6178efb7

SHA256
2a0291b56a91ec9a57b381545487f4c3081f460544b1dda4d7b0d72475787c02

SHA512
3c48a5ee10f41e6095af4886aa8102b209deeeff7620906b64c3cc2b4754e01507e66b20b4c61b9b2122e7e6e609b47cb979f3c33c1c4ef07024e14bc31f46cf

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
43KB

MD5
b775c2d662504dc60148d298112e9860

SHA1
33144505dc244551339f9583f21db7c7d90f87a8

SHA256
b2ed69806104f5112d693e01bfb1c788246ab6213ed0aedb74710da20f474160

SHA512
b34e18506f19b6e88b02ecd1806810170cf2f1314b39f3d27f2f6b71fb6691b1a7cfa905bed8d80ab21878cef43d4543a4d06b484c3c4714aacd1e9aa31a361b

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
46KB

MD5
20fcbc661db3a56cf97b25a31c4e20ab

SHA1
2af5fcc0a31b9db302245fb67ff42357e820856c

SHA256
2d8d4f26d6f6d2334ac4a090885f61685dca9fff1c2a49d211dff5ce69f5336c

SHA512
0ea2275d9ded6b90238d3ae4db302ada83a2ba2787705ff9afa6fe8d21c6b9a355d0f9549fe00b8db03b32088a3c8998cbfaaf77eac809fd7be1a6c0fa77989f

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
59KB

MD5
f865f67cee8d0bf07c83b1c32c11f3f0

SHA1
20ca09742e3c9ce9e96a2c745c6dbafdffc801d8

SHA256
7458734066f6df826c21bed99e7beee6edeefcede32a97557412512d904c1274

SHA512
5c64efc92014582f3063c485b1e09b84706f01ae123a8d95f45ab6433a2bf22aa07f33ebad4c45d8dcb033838e69f7a6cc878f24a2263dd6165004a8c4c9a47b

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
61KB

MD5
49579706e8e978fb0c1b647462722331

SHA1
c1ccc4e6543d1ae215b67751063d3b45426fc3ea

SHA256
9523153901c212f2df9c07a346a1b2516592cec0790a3429dcb5256da41a97ee

SHA512
6abcaab6cb745c7f4a030ddc0c418edc676e8212404876aecd1ed6d4c245e74e8b7136798b4ce09504544cb075c7ef6c763dd422402a331c6b976222d187aaaa

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui.tmp

Filesize
46KB

MD5
dc95bcd4994e90a0e78cba429f10a0d4

SHA1
43db579bf37225255c59d740d628535110e353d2

SHA256
42e62473b2aba84cf91fefe19f4d9f3a0eca9a724016b1ab87e431ebd61e1c28

SHA512
3cf6d2290084039cd31a1d37aaf06d1b8bc29c4ec3cdc3056235942f92145b4e3dd6a8c5a8048befe452989eff6387b584c49ed2957cc5f938ecf73c9e015489

Download Submit
C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe

Filesize
39KB

MD5
6a8a99c6e38bda403a203ca08ae0e25c

SHA1
7bc24e310b8be789283b833a4056a7507367ce44

SHA256
d2bec7f6b3a24d7ad46ba305dd8d3b5c4d45cc9270e705404a729363a480e8e3

SHA512
9970e9cfc5f75b68037de3d53f003cf65b8f0b6c4c66a9a5ca373473886f1d5e085fc6b5903de75bf3034d15b1f53db06bc17d7e0a45cbd084179495ee2ede82

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
37KB

MD5
c88a3204e6699711264907b11e734cc6

SHA1
535b66fdeb64fa1772e8c592d9130858011369ee

SHA256
532875f3f8f9a2b90d1f30c9e08f56824b7c410b0db64f1f628105932be195e1

SHA512
d0b46e5704cb8befe9370e4e3d28e49295fcc0ee6a4a14667fc63372ed4dc17d6845a5f92ad0a1ab50ac7399a38a6a827b76f501e1db6ca9cd94d88d6fedf1ec

Download Submit