a9e783d97a172c71c068d4d3a318b848c2b6a32f9d9731bb647269a18f80720e

Analysis

max time kernel
149s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 05:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a9e783d97a172c71c068d4d3a318b848c2b6a32f9d9731bb647269a18f80720eN.exe
Size

169KB
MD5

a2e09ce953c479ed297d0a8e5bf0bb80
SHA1

9c3eae1fcfa822cf43187fa569eb1fae13766e4b
SHA256

a9e783d97a172c71c068d4d3a318b848c2b6a32f9d9731bb647269a18f80720e
SHA512

5bab5dfeb48f72c787d0d8878afe08daf8b88b8a13f8d17a1209ee0e3a5ab530b11074b432459d31c67e5c98448222cccbd0c9b73dc9735ab1abc20ba2e74a07
SSDEEP

1536:W7ZhA7dABJJ7TTQoQJTW7JJ7TTQoQ57ZhA7dABJJ7TTQoQJTW7JJ7TTQoQY:6e76BoRyoRje76BoRyoRY

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (5072) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
1372	Zombie.exe
4952	_MpDiag.bin.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	a9e783d97a172c71c068d4d3a318b848c2b6a32f9d9731bb647269a18f80720eN.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	a9e783d97a172c71c068d4d3a318b848c2b6a32f9d9731bb647269a18f80720eN.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l2-1-0.dll.tmp	_MpDiag.bin.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\TYPE.WAV.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Process.dll.tmp	_MpDiag.bin.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationFramework.resources.dll.tmp	_MpDiag.bin.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Controls.Ribbon.resources.dll.tmp	_MpDiag.bin.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp	_MpDiag.bin.exe
File created	C:\Program Files\Java\jre-1.8\lib\currency.data.tmp	_MpDiag.bin.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Json.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp	_MpDiag.bin.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ppd.xrm-ms.tmp	_MpDiag.bin.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-phn.xrm-ms.tmp	_MpDiag.bin.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_F_COL.HXK.tmp	_MpDiag.bin.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Queryable.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationUI.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero2.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\jfr.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.XLS.tmp	_MpDiag.bin.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.DriveInfo.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClientSideProviders.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationProvider.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationCore.resources.dll.tmp	_MpDiag.bin.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-phn.xrm-ms.tmp	_MpDiag.bin.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Practices.Unity.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Metadata.dll.tmp	_MpDiag.bin.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOARIACAPI.DLL.tmp	_MpDiag.bin.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8EN.LEX.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessVDI2019_eula.txt.tmp	_MpDiag.bin.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow Orange.xml.tmp	_MpDiag.bin.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.dll.tmp	_MpDiag.bin.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Xaml.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\psfontj2d.properties.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml.tmp	_MpDiag.bin.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.ResourceManager.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Controls.Ribbon.dll.tmp	_MpDiag.bin.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsBase.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.dll.tmp	_MpDiag.bin.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\lib\tools.jar.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\react-native-win32.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag.png.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-180.png.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\fr.pak.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	_MpDiag.bin.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Franklin Gothic.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ppd.xrm-ms.tmp	_MpDiag.bin.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-ul-oob.xrm-ms.tmp	_MpDiag.bin.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\DBGHELP.DLL.tmp	_MpDiag.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	_MpDiag.bin.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\ReachFramework.resources.dll.tmp	_MpDiag.bin.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp	_MpDiag.bin.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieTextModel.bin.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_MpDiag.bin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a9e783d97a172c71c068d4d3a318b848c2b6a32f9d9731bb647269a18f80720eN.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1308 wrote to memory of 1372	1308	a9e783d97a172c71c068d4d3a318b848c2b6a32f9d9731bb647269a18f80720eN.exe	82
PID 1308 wrote to memory of 1372	1308	a9e783d97a172c71c068d4d3a318b848c2b6a32f9d9731bb647269a18f80720eN.exe	82
PID 1308 wrote to memory of 1372	1308	a9e783d97a172c71c068d4d3a318b848c2b6a32f9d9731bb647269a18f80720eN.exe	82
PID 1308 wrote to memory of 4952	1308	a9e783d97a172c71c068d4d3a318b848c2b6a32f9d9731bb647269a18f80720eN.exe	83
PID 1308 wrote to memory of 4952	1308	a9e783d97a172c71c068d4d3a318b848c2b6a32f9d9731bb647269a18f80720eN.exe	83
PID 1308 wrote to memory of 4952	1308	a9e783d97a172c71c068d4d3a318b848c2b6a32f9d9731bb647269a18f80720eN.exe	83

C:\Users\Admin\AppData\Local\Temp\a9e783d97a172c71c068d4d3a318b848c2b6a32f9d9731bb647269a18f80720eN.exe
"C:\Users\Admin\AppData\Local\Temp\a9e783d97a172c71c068d4d3a318b848c2b6a32f9d9731bb647269a18f80720eN.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1308
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:1372
- C:\Users\Admin\AppData\Local\Temp\_MpDiag.bin.exe
  "_MpDiag.bin.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1194130065-3471212556-1656947724-1000\desktop.ini.exe

Filesize
84KB

MD5
0429069cb666cd32ba6478b2af59e605

SHA1
c6c151459d1624b4d87fc02fb219ead5366f2a66

SHA256
5c2cf65a7ebf431ab38bb299342b27514437010f0e35bb9971335c8707b6676c

SHA512
9a3760ab6e8038ab7080289bd17e2090604e6564ef27e8be52ef4fc961f9ad55580a9e5067999b843585782ee09fee0b73728d5a11fee20a5ebffb806b005277

Download Submit
C:\$Recycle.Bin\S-1-5-21-1194130065-3471212556-1656947724-1000\desktop.ini.exe.tmp

Filesize
169KB

MD5
2e82fd9dca545db5acea4e575b7ec5e4

SHA1
6484e5186d54de7d903e5ae7c4e862d0df26be55

SHA256
4dc9cb4885274f87854a23e892d60195581509a2cbb008be141fc54949cf1582

SHA512
bee0193cd4dd8cf253dfc70c7af934ef5dabc74956995aecaf1e5d1c7e9524b12fc187f6f088ddbe441fc8462aee04d2a8643e25ccebae6f24efbdcf5dee81bd

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
197KB

MD5
bbecbfee2521d79f0e344f40d0372018

SHA1
a195a3442a8a06b3ab4aeb83f6ed1ad2b44467a1

SHA256
fc187015aab9779212c291ea1feb1b634bf4010dc35dc6168762e438ea5860f5

SHA512
60452a1205e298c937a9136e70a1a7c45296d54b7264d3f51badd69b3170be1340842c6e5d9a9ae3e1fa67dd99f125c386bcba0e64385b95e4d869234fe881a7

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
149KB

MD5
9de612d8230919918330173b5810774d

SHA1
16dfb8359d20dcc4fb6eaa1be12b0003e4bf67a9

SHA256
9c9d55a45370cd18b4da515d7fd997e55ad63820a1c63370f901645064fc0a92

SHA512
caf637fdbbf2eff9ed618181b85be7946c8617ddb6571a4c6c932ac74c7fc7c6aceed4d5db2b2b2feeea25e5a36977104da81316401efe2bec12f9e62fa3cb74

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
628KB

MD5
559594f2c25b02cb0647094b22e6ce3d

SHA1
1d5bf2c4c3696b93c67a277908a258d517e234c9

SHA256
87fe61ede51905db86dd23aad36d410c4183cd63201eb53720263b1cf535cfbc

SHA512
14d0a090896b70b83fc3b6874149f332899ac47213aa7c450c9134a1a1d4871d89eb11813421ab437336d6a45f07bccb7cc85d42a5b13c5e498605354817e152

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
294KB

MD5
8d97a1052127c5650d518c32c02ccc4f

SHA1
3b53ec2de1a338d0d1c4c096a84f208be8cd8a65

SHA256
fb1764c34a7a691d32b4442adf27c91021025878cd85ae92b93c18a02918799d

SHA512
fdc18e395017899e9b25d6ea768b351574e0c6671811835005ade52dee4f19587d68bd339f2ae9d171f42f9548866c0b2357bcdc2012c32f018f5ab0f6b116c9

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
1015KB

MD5
f0be53fc8eed622b66ffd33d81bcb91f

SHA1
12d7b59a2f7834c23fdc4ea0162c6819d322369b

SHA256
005c1650710346a514685d12f5ff33812d229a73b800cef684f30d7f5b6d2887

SHA512
f0b34566b2761f3262f8120e2322e3c6ec76f752f38c290e11c3548d675e308b843080c04703fd9d1ec51daf3bbf621d31b5c21f4e9a397cc04e0a2785255cf1

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
768KB

MD5
8df197821ada7e628ff636338e282a2c

SHA1
c21475d5d6729695789208a3c30e1887c36e8cd1

SHA256
513d1d4365a736b130227ca7cdb87f8a349f56981cabecdf0ad4a8cf60add5b2

SHA512
a688e1fa820ca51b4ccb53ab8d93ff602281697b77025ba0e5a8d458bdc055af354326b505b7cc49f65a9b13b11f058cddc09fe57a7ac65267eb9e4b8eca5f8e

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
141KB

MD5
0cecfcc622114cb6dce47e219fd74eef

SHA1
2f2f649336912e3216b1df71e30b247cef373204

SHA256
bb9ca0cdf7ea7afd8efb7e2e9eaefb88e82f9ed30cb97ff228ef3253b5b30e4b

SHA512
5d1c44d05c37aaa133f72014b1f440212d1b19395802cf59e9fb606150072ec526fb4f6a3abdbc08f1d549e1fe828756dfd2df597d88a30133050e9bb4260aab

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
94KB

MD5
10da0ff1648631c9cfb9582d3d64fd0f

SHA1
0f8ea32056d77950155e89a0ec0c3b5a46f32510

SHA256
761d6be2a958ba3d47a684b599b75819d8897bcd2ce7afce6fdcb6bf20b4036b

SHA512
2ed27ee02e75b6344e1a9409a1da01688c29978d948227866cb73387416218089c00ded4f12c798d3752c20d61db11c787c1ae87f13a26df6e9864598b00a41a

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
92KB

MD5
cb2cb3a5553141e234d6692bd3909968

SHA1
12ba6b763a0eac28587468cbc174860959554873

SHA256
d57b8ae24786d897ea499a89ec3d40357257495dd4b838c10d198377b906f059

SHA512
a751743cfa9e65f1eb1af5ea6ac0a3fcf496ddf4bdb62d284bd75b2a0625f22969e2c9a4fa74234cec5dae04e867f0ef4e4e10ed1e53789a6744031e7761461a

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
96KB

MD5
c29659edd75a268b4701999426d681b7

SHA1
f87a5a1cd555cae606732cc10a5be222e4fd7a7b

SHA256
ff89e79d97e6891132cc5210573584ff9fda4721182b0e0f5291e6ab709df37a

SHA512
1cc31ba889a847c37fb222008b7f801cdae331774d545af71ee1442e83a0645d574556f29e269c3e5ce3c203c43a91260a9e9f80b97c70cb405f7f6bea465af4

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
93KB

MD5
0baf77f5deedce0d2a813370a694dbb8

SHA1
5d0b34bdfc675c806a7be0e3261a4aa4e748379b

SHA256
7c357070bb2ad98fc196980e79d1ec83e00bbf9e93198152dcf284dc4d857203

SHA512
442f54bf1896184107f87b7fb942a0b7ce9041733f3e1a9e9b0cbc519b93a1506a80c9bb35e4ece4373a0df799b1e5f7218c85aee147c70f3157e29fe23bcc36

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
95KB

MD5
e894fb8f43dd12cd499fd93f71599e65

SHA1
7bf18c5496e9063d67a3e4a3e08a5844497043b1

SHA256
f170d1d1eff7aaa455d205c47518bd5f28109993c4fefe40a5d8d24cf1f81e86

SHA512
918424fffd876b6a8425e36fcbf60b5486d27482dc3174230a914df3c45cc449455557b23141a7ea23f85596bcbeecf6094a077aed63d72026482b5a729e7643

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
97KB

MD5
7d68961d75f0abadf989fa506eee4850

SHA1
91364557eec4cd0a1c4465a2e69dcd3946933c67

SHA256
f8fafbeac1f89f7bea070dba6b43f16b8a7e415410fefcd5fb5744765e77ad38

SHA512
11ce57a02b5660ef02c52ee8636683d816873555fc656f983d3d0c1e4941e5d8831a3652d78671489dae6da579c93f04d3b235330dd137d95a1e854005ec3da6

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
99KB

MD5
9962e7e4fa6cf9adae115438cce5a60c

SHA1
1119b0e048ef34cdc9bd19566cda771a5a412526

SHA256
32b23ea6a719b65b93352285f4785fe3f0d0ef21b4243e7c80842140aa21b282

SHA512
a367adec87cdcfa13e2e493a1d781d75d1913cdf01227a74ce6d895b6836cdf86ae97ead8d62590b9b2ba07b1c1b782787b87bbe4da35cb2c263d02ccd319f41

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
89KB

MD5
773553aa33a434dde2f256aeec7956f0

SHA1
1ac61db554000483d152190d88e6f6f4ad00b9aa

SHA256
5e242cfeac62d2a3f166990a391923ea3c0b8228381ab0d75a6e5316144f8580

SHA512
8c9905acace5e46c2a832e3ad7b5fd7cf6da3d3e9a3cc789bbba2bf9263d9a75b49eac4ac649d350fb2da9617b1258d0badda6588e16f5195d5f1f5a14ce94d9

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
93KB

MD5
d07ba112b60b4f4993b6513aeacc6aed

SHA1
4a1968bab0416810da258bd87ba51df84340d358

SHA256
be35e29d7db7f818a552b233b7580eb6ed1249e27860a9824864a1909a7ac73f

SHA512
958c6e6afada59bc8192aa9b3c5be77300762a1a3911609ae310f8ddfc78499cc160514ce85c16d1fce36d5b9b7568ae909eaa79c8aa9caf3d02c0262db489a7

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
84KB

MD5
9161c4d914262eba0715d133e2398ee7

SHA1
52cb35b39cbb26feb0878cee5855c57107328725

SHA256
4d646ab6771cb124bfbb092d297e78e64a7ac577dc40c1d76ee59a43c49c3a11

SHA512
f3309582a42a836199bcaeae6c23c12332e258219acb12d645afbb4312108f86a09ef53601dfd13ce79bac7d8bfe048d6321429dd49baade5af0190eb15b0a79

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
100KB

MD5
81c69e18bc5f671af94c27f08fd4ef98

SHA1
2dcf17fef66dd51c64f6e6776daf67c5cb589027

SHA256
5f0950ec52dc9326829e68f6ef93ff2fc7e6eda1023d285135a713f2b70da686

SHA512
2fd4a3374b80e04bb5166b78798c4eb41b35f1acc226bbb06a330f9636a617743a5cd10227dd2774be9f0a6dccf03f420d31c09d6c3136b856e957f7aea03751

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
94KB

MD5
328268bc694a8178e9b44f6e0d54b37c

SHA1
eb5ccaf37da40f55ab1d84aec4041a8fe305c99c

SHA256
78c8028d23e6303bece8ce28c9347d681464e55852146b6e30b7a2ed682c78fe

SHA512
ebd67c3994b1d35f2cef40eb49ccec1dd81e52aa2207d222ef805fdc6ee2ebbba0a1a1e2944cc5eb83b61aba11ff754ee98215008fdb636a1b9cc57892cda659

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
92KB

MD5
5fd8bb7c060666e387dfbb6306e936b9

SHA1
36724742a6de333cfc9745663489248a3add4c78

SHA256
bd173029fefc30eb43e2cef638b62c6acb260666b1911c1599412c9c9af31f83

SHA512
30bf88e9a0df8d8b3a6bbc5038ed586448940e27526fe9c72776dd9df83a13efb87436dd6556f8469490b2536a2cb4401aeff7ba530a9276ab7e847a7f54579b

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
98KB

MD5
184c4b895bf18169550c1114b6f30b5b

SHA1
b6d2721e5c8d1e88684050df50c8ee84bb8f725b

SHA256
b2ac89efd89695e1b480a8ce26ec2cd58a19ba0ad9ef2d3d99750c8c4dbec94f

SHA512
ce3af6226de076194c799d6cb0379c9fadeee5846aacd493e26a1e05b0c044daf77cbb2eff4e203289309206d60046dce8390b2f015737162bde8a52112bc2ce

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
93KB

MD5
c7d5f7505df883c66cb7f1326293586a

SHA1
2a57f6affbfec5573f847a3279921b415d89d990

SHA256
1e77292d3d75eb4e9ee2dde54eaecdfdd030aeb4b14abaeed9acc310c0d9ac5d

SHA512
2d2df7f64ddcd05aad2608ca3e33aaadebe1182a7fd5f4d04b9bccd72948a2e7f27fca92fb7cfe6f9a1b35ba1dc09ff36bcda32f641b25f4f7f8216878d23e10

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
94KB

MD5
0b0b5fcf35a17ce39965f6ced549142d

SHA1
d634cddf7b502acdbb27f80411826c8d99eef938

SHA256
9a067cc2f52f5fdc89a6bc2284ecde2b80ecb95cd1eb9c8be44117bf59a7bddc

SHA512
7af7b5965d4ec2361db20f7cf743528c1a5a6a75b02a5f886fdaaed7453940019fe76e1a0b5636ec068bef970c3feddbceefe7280c64975f7375dd074e0edc17

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
90KB

MD5
bc070fb6715e7b831476dbe3b566ddb2

SHA1
3e2832b8cbc53eb24a7dd05a8ef5e16d2355ecfc

SHA256
6dba23d9a35a8cc136b01523f8e6b4618f37f5f4638d15518bb50259fdc52922

SHA512
6745c347d8768ad0e027da780a74819ba0a1c8fbae380eaecde1a08d17164d8381ee9b087670c872b3f379f448745eb33bcae902fdb8d40496f590f8401e34e5

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
92KB

MD5
ad9a4d4693b0f41298390cfac736b7a6

SHA1
3b36f526bc4c8bd474c2e58ab9e1274a5099937b

SHA256
205ae41cdac13a3b7f1ba7bcbda4f200460f2e2d7bf3b7e7a2c5e1e5afc7d6f8

SHA512
aaddc3a078edf88a86badf7648885de5287d48aaa43e117e21f5058bfb8f43c45d7ea00874db314f9d6fc3ba6e8d217181362a1a2954d07f5f450bee7d0df25b

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
102KB

MD5
8a9135f2b8d144dc55bf9c05c293162b

SHA1
08982f3367e8a4006ee112c4cdd70182ef182e3b

SHA256
6b3b41c28363e39d3a5c47b89c71d22e5743f9c592877eb3881df3444d666b61

SHA512
5f492396347ec4b63023483450dfe7d98548dc45d74a1690f4d60acbbcce43c269f9df8aaeab77050b480ddda4a5d0bd392ca96e278356aa4ec59a87c2a9f075

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
95KB

MD5
7b5db737067a71feb877cf52b1b88521

SHA1
f48d6e341f32267c252a367d81902206fccc6d0e

SHA256
525db7a20e4023be84a215359e308c161f0e58f1ecbc5c000f34c06921007d19

SHA512
29db2871f283f36a3d1d946d25ffccdf9cb95752a76ecf1f9b74f72e8ee3cc8a6bad2dac96eac73a6da4d748f690468b5180ff1f7c6760d29d0ecde0f4ff95ab

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
102KB

MD5
45aa552c193d054394faa69d8870252c

SHA1
869ab4c12ea0d8fdd898c8e0712539e89f4c2115

SHA256
4276b19f2a75f3d0203f76e529bacb4cd14a5a80ea30e66f4a158301fa9f24d7

SHA512
9b1bd574c805b9d920ee9555016768ae8657fc1e2771738ef737cb7f22c8860fe3853bb9773fb63ef197ce2ca00cee050af21d4dd10db7ea7cf897985dcbfcf2

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
93KB

MD5
9e173aff685f7beadfd6584d6f392717

SHA1
1f6f211b02019b0784197d40b7fbd0ee12b48025

SHA256
704da8b859712cfa1b22c6bb4f6b7c5b3fb2c6bfa7e212c873fed950c9234f7c

SHA512
48c98d37648726ffe78b5b0d8c068ce3c7f55ff1feab4f8dec83f078c8067806370ff203a531b4edf6fb6f5706e2860564baac9b5b6b707444e8e9508488d83e

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
94KB

MD5
3ba1309ec8f4dce3176309e5bf8d4453

SHA1
2d6bdb580b3ca3b39de03cffb59ee150d31ae808

SHA256
37bcafb4d8794888b3e901341e813f4b67da5897a3b90a5dd50c2bf53a7e09b2

SHA512
eb6f67b81386300b2273800bf4206770e45723a4d2aad81654650a91fe6515b222f8eba563da156aef597bc39b2428c000bd8e30e03cb0b3ac484369aaccb02a

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
98KB

MD5
acb524e5b76454b16da4ee131885e1aa

SHA1
1cdf478ad5f5cb6208ee25c0ee6f5cd7076b3c56

SHA256
0853336f02dd489cba790977f49b7f68b978af07dcf35be327604f63cb8471bf

SHA512
e1baa7f459e828f7b4beab3268a9a36c65080d6f572d5ce209b262cf718cb7536a04b8e04e0de678f2cf3c82d1a72ad2eef619f92fef645b1b7222fc8719d8a4

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
92KB

MD5
9e10fd2b12fa029121b1558001e3a199

SHA1
27bcb79cafd12cbabc806b57c367c75bc6eb749d

SHA256
4e9d353eca3342273c96499658b6fee3962a360aa172467bee0a8b947c17d000

SHA512
6209ec627a4c06de5242042ef2406b4289e6724d95471aa09fa8301ce593fe5743f30ed185558662c7f0687be7d279a1017fce9c90d8dbf6d8cedb910a08a88b

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
94KB

MD5
cc439e914369339d43cdaa6b3b53da40

SHA1
cac55664bdee42c76a1ae92a8322620ffa086664

SHA256
3d85fcac5329700cb279f51aab96f7e04c22e0a72745addafada873959e626e5

SHA512
eb45b3641e97f70fdfe857864b3b6e1e408385296ebda6b60cd0da5c929f8f30adea758b5cad783ace5b65540cd5b24d8f6e3165bbf57acce30716f21fa5670e

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
93KB

MD5
fd14361669c133516ab2eaf8b059c4af

SHA1
17827f7fb6dfa984b5eb55951f0e4f909bac76c1

SHA256
db8f6fbe3297c5b3d455d6614c1153c0aa61dcd3d311902452655be725bf3db8

SHA512
0773c3f195daa23b49c5fb0ed3e4bda852b90dcb59a1870fcfd814aaa78127f13804e24d5f9fb99a2013e4b488a56a39ffb62d2075459188ef746c77f4ed160f

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
94KB

MD5
6d3ea3ee8ab4eff44860cc32f711f1e9

SHA1
e186726cd5432ac6c944c8722516f342217b5682

SHA256
379294a68a4003e3c906126f1b4d3d7354b25e24dd92ccb6ad83dd99f65bbaee

SHA512
22c8e61c42cdf53699489d53bb34429606a68e78068d0c06da1a8bdecfba2d2308290baaa14b8795623c45e9a8137b6ccbb42ef6247e676aec0652f7e8e29c12

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
96KB

MD5
713419d987aca0bece1815b900778ae6

SHA1
c3b4b493569a7d5d166b36544916d6995bc2e261

SHA256
dbd4e0339721dea5ec9396ea631f41b90be28b610048889f082bb7d76e97316e

SHA512
9dcd882f5c679e49300727fe6f6ff4d9979823fd4b186e8e2b0ddce9b5abfc043a6dd76bb11a53904151023389450a660ebe6313e69daf1070d9d7c961d2cd91

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
102KB

MD5
28a14ff262921f7632af5846bb0cf7b1

SHA1
75b364fbed97ccca8ffbd441f5879b4dc8d44946

SHA256
74826c410c0526482f6286dcc382d820fbed7568be7751d8d2e40cd220b854af

SHA512
06d9b5c42e9fa8bcb03f17d258f89e150ce59545d0cf44237dfa13544e6122fe4266762d64497db09341538dd0a440631a59dd8f6832fa6a700ed692e31e2982

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
92KB

MD5
83e631597812968e8f295ab0571aff35

SHA1
3b1be00c6083cf760314916162be1076b761218e

SHA256
87721c4cf247cb59196169a63c20141a7ea494c2de0d52f607a08ae0b150937b

SHA512
e8810c23c5750b3d8c91305adfe0eb3af7a812e66b58968a3ac43d10a9d3b448d1a4253be73a7c1195cdc9c86673aba588c4de52fbbeccf67af7c2cf20b31cb9

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
94KB

MD5
a223c9c6334cc458dfc8fe2883d57922

SHA1
d6373dbaae6c0d81c4d59a56aea35ebcb511c6be

SHA256
4d3e13e457cb0426510910e44d4180941c7c52a2e26664b1c24619ebe263b790

SHA512
22f41973270c23f66125703eaaac7aca3999f965835ea4568c204c5e18d605bb9c28eddc8d34b79a814ca31fbb358900f7a7aad7e534f18dbc3982b35368fafe

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
94KB

MD5
041ff017c0e35933e1648bf69128cb08

SHA1
98fb59314fd599c43b18ad669c1cac747f90095f

SHA256
10424130be6c35298b63264b11fb45784271f42b527a9a494d695b4badff7fc2

SHA512
2e9171f67013c121e84fd019ca5f62087ace0349d6e9d7dd8ccf22198acc72213d33ea21bd70848a83db3dbd660ec50f92a196989695a9262dd36243059243f6

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
92KB

MD5
0e7cdfcba2ab74bfd67e69f9d841d513

SHA1
55dba7167bd3f28fa7b5904b952bb855369024ff

SHA256
c875dbae8d80d3979f559267fbb60045bfa1fb19f72146db517f2c7221f1c246

SHA512
e91506cd88feddec9d8f0694ea96687f5ef9a2be97ef48df91a9ea1b9b5a5966c06d4ff8eb7162bb12451d92e5241c794d23edc18984507ff9aa18dd86c4f768

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
90KB

MD5
c1d69a35628fdb7fa4dc375629b55e59

SHA1
8fb87f5482af120d5277cf6569de72c94ac794b7

SHA256
b1dde96d4509230c17ddcf81f531f3152e55fe94f73506de5cc4d70e99b49dc2

SHA512
39b90f525bdd00c9bc63861e3ece3bfffb3bc5705a701e401b2e6992948eff273366a44b0e6a7c97487367252117920c8a5bc65adb3c22f7c6c4f717a32271fe

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
92KB

MD5
6520257da923bfbcccc30c6543575ab1

SHA1
b67a3f68f344f82640db7667c765a39d10dfb5cd

SHA256
9a0e1f84f540102a12e6af2fa70a6da7a14ed9f0d68bc572080d94b99a6a4aea

SHA512
89a00243405713e660e4d8c0ec483ff74ae722ec611b72089185a45ee1cd6ccb1077c0733f034922601b45861cee5b1cd108c9ad486236af7e9236245b926552

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
89KB

MD5
95f8ce659e327b1663e87967d5a98ced

SHA1
26c5e5d46d64498dc710c309e523ef44fddd79b5

SHA256
772b40a134d6d755c3fa0658d37a6766b8df95d7a58c4c745688b2917e8659a5

SHA512
3c3355e7f7f3ece1f7b81fc6a265ee35ce95839905955cf8d1e4f5928af72af25136d657416eee1dd8c42d9d16e85b6efd77f78fe889629dc4cb85ed853d4e7f

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
97KB

MD5
1d36b2907648f70623abf8615045ed2f

SHA1
8b489a2ff5e67f5d0ee617db9ee346d56c6fa91d

SHA256
8ae9be09119df40b7fea9d41086d76318f0bdfdcfec0f3e1a8fe4e4b2b2c57d6

SHA512
f097c4c07a21476b70d9916e618062ca44b9e7d9c7a317a3e8a8dde6f48e850c25e28cf90f0f293286d8e93c5c080505071fb1c9f652d23dedcd5f2cd6afc65f

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp

Filesize
93KB

MD5
8d47c110e460083b7497d577dd7e876c

SHA1
8e903edc24771304b9f3b5c4fec074a1598e38c3

SHA256
64675e3ca22946acae5f2eb342c2072ac16e52c2ed4f449f9b4d2a7811262928

SHA512
a6fb8a99c88efaceb4b5df99373a1d192e11cd5bbd7e750e8b97f418c8c77ef1ab9c6f67c2e663e20aa3062ca7fa62ba45f7714af3fbc7ece4d00f71f23f670e

Download Submit
C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

Filesize
94KB

MD5
19fcb985fcd2eb62ed4ea48635a41e9b

SHA1
6de72ec89b89071f517fa96dd1d1d8b3a5af4bc3

SHA256
f60bbe6e6fd66135c58a77862fdd05724ef28c54a87860f7d5f91265287c86ee

SHA512
2eace404c7f9d10af05e8accd8f6721b3748de2574a9ace2b4bac263b86c1e8146fb8d743352a58cf45a149bc1029b70759357fa4b422052c2e0b4da03b6a4c4

Download Submit
C:\Program Files\7-Zip\Lang\ru.txt.tmp

Filesize
99KB

MD5
be15a5162672bf324f5909b5486fe50c

SHA1
059571c561bb43eb1ee35349d4efcdfc926dc086

SHA256
7620c60fd4b0a9eddf2abcc96ae2bbe796fcb2faeb8fabd86ae80f04f4889096

SHA512
ec832c5270c43d527242ff88a499486efc10612d21bc9df4fa73c8c076b213b0f0611668536b68869188ad6e7e354cb0df71895a63024fc90e4fc2b6158f4ab0

Download Submit
C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp

Filesize
92KB

MD5
c54181de5a30b2e53c3787f6f728960a

SHA1
161e5ed91b1384f7967fdb2802a859cb7494cba0

SHA256
24046d9924555f42e30f09c2e09d0d6ce9aa1cc272ad0737638efc41fde61de7

SHA512
c326e4148d40c94cd0980d99d5f6f29df9bcaac9601f4ba4f0303abff1dff6279072b6eb2fdab26f1b3422885306f2240ccce8c1ff492a98bba81cfc0fe4f3ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MpDiag.bin.exe

Filesize
84KB

MD5
a999c6b230685e166b7dc5fa7352277c

SHA1
bc94eb9b0dabf80f35aa723b6e299625834cdd22

SHA256
d257b07d1f74e9c809b163be85a5e9f3d31fc587ff65987ed2a19a6a881f9c0a

SHA512
4e9518f55350f80ec01bae2a3aa13989a2beec2aa82889733502da40ffacf4d29120ba1623496713ad86374c06872f9bcc6cb1eaedcd464e96db9024e38d2c80

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
84KB

MD5
8d65da5d74236d0b9e1401248dcdb649

SHA1
b4ffa293f125f09e22cab25eb3aac1bc620f834e

SHA256
634e6308d69cd45284e763413f97673fdb7b5c60c3f09749843e4ed04dd63c51

SHA512
cc262691d1a044640835ec59e21cd4a212f2f4ab9c4dff646561e90847909cf9beabab3b1f11a95834c4c7c437f013958d3b9cef73c039af0abe4d7839fd5160

Download Submit