285b6d1269dcee9e2a29e6fdc1e6529c56a84cca3f7ebb76d7e67f02d82382e9

Analysis

max time kernel
150s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2024, 17:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

285b6d1269dcee9e2a29e6fdc1e6529c56a84cca3f7ebb76d7e67f02d82382e9N.exe
Size

90KB
MD5

8809fb2c1a69174a99fff7007f9e9870
SHA1

f7c402470fef63c1552bd1f03b366ddb8804f40a
SHA256

285b6d1269dcee9e2a29e6fdc1e6529c56a84cca3f7ebb76d7e67f02d82382e9
SHA512

37eaa958d22249b31489db6c1c12bf85260d493f2996f42c999f8b0802be47cb81c739b5ec75cd304206e59bd7bd0055567ce3256c545a8de34b38c6bae440ea
SSDEEP

1536:W7ZppApBULcfpHLcfpyDv7ZppApBULcfpHLcfpyDz+Zf+Zs:6pWpBwchcwDtpWpBwchcwD4

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (5211) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
1848	Zombie.exe
2260	_Snipping Tool.lnk.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	285b6d1269dcee9e2a29e6fdc1e6529c56a84cca3f7ebb76d7e67f02d82382e9N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	285b6d1269dcee9e2a29e6fdc1e6529c56a84cca3f7ebb76d7e67f02d82382e9N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ppd.xrm-ms.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l2-1-0.dll.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Extensions.dll.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.RegularExpressions.dll.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\ReachFramework.resources.dll.tmp	_Snipping Tool.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-pl.xrm-ms.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mip.exe.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ul-oob.xrm-ms.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ppd.xrm-ms.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp	_Snipping Tool.lnk.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jsound.dll.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\PUSH.WAV.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity-dark.png.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	_Snipping Tool.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmuxmui.msi.16.en-us.xml.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cryptix.md.tmp	_Snipping Tool.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ppd.xrm-ms.tmp	_Snipping Tool.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\SalesReport.xltx.tmp	_Snipping Tool.lnk.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\InputPersonalization.exe.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Controls.Ribbon.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ppd.xrm-ms.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\mscss7wre_es.dub.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Extensions.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Extensions.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\excel-udf-host.win32.bundle.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\GettingStarted16\SLINTL.DLL.tmp	_Snipping Tool.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationProvider.resources.dll.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\pt-PT.pak.tmp	_Snipping Tool.lnk.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\STSLIST.CHM.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Custom.propdesc.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-pl.xrm-ms.tmp	_Snipping Tool.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-phn.xrm-ms.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSO.FRAMEPROTOCOLWIN32.DLL.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Expressions.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore.dll.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\hijrah-config-umalqura.properties.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ul-oob.xrm-ms.tmp	_Snipping Tool.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationUI.resources.dll.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Quic.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Printing.dll.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\blacklisted.certs.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Registry.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\pkeyconfig-office.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Cng.dll.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.resources.dll.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.SystemEvents.dll.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-phn.xrm-ms.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ppd.xrm-ms.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	285b6d1269dcee9e2a29e6fdc1e6529c56a84cca3f7ebb76d7e67f02d82382e9N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_Snipping Tool.lnk.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2260	_Snipping Tool.lnk.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 2260	1508	285b6d1269dcee9e2a29e6fdc1e6529c56a84cca3f7ebb76d7e67f02d82382e9N.exe	82
PID 1508 wrote to memory of 2260	1508	285b6d1269dcee9e2a29e6fdc1e6529c56a84cca3f7ebb76d7e67f02d82382e9N.exe	82
PID 1508 wrote to memory of 2260	1508	285b6d1269dcee9e2a29e6fdc1e6529c56a84cca3f7ebb76d7e67f02d82382e9N.exe	82
PID 1508 wrote to memory of 1848	1508	285b6d1269dcee9e2a29e6fdc1e6529c56a84cca3f7ebb76d7e67f02d82382e9N.exe	83
PID 1508 wrote to memory of 1848	1508	285b6d1269dcee9e2a29e6fdc1e6529c56a84cca3f7ebb76d7e67f02d82382e9N.exe	83
PID 1508 wrote to memory of 1848	1508	285b6d1269dcee9e2a29e6fdc1e6529c56a84cca3f7ebb76d7e67f02d82382e9N.exe	83

C:\Users\Admin\AppData\Local\Temp\285b6d1269dcee9e2a29e6fdc1e6529c56a84cca3f7ebb76d7e67f02d82382e9N.exe
"C:\Users\Admin\AppData\Local\Temp\285b6d1269dcee9e2a29e6fdc1e6529c56a84cca3f7ebb76d7e67f02d82382e9N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Users\Admin\AppData\Local\Temp\_Snipping Tool.lnk.exe
  "_Snipping Tool.lnk.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:2260
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:1848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1302416131-1437503476-2806442725-1000\desktop.ini.exe

Filesize
44KB

MD5
4fbabc271e2cef5572455b9c39431e05

SHA1
3d68a9ae2c10875279b83f5cb819242cc1041c3b

SHA256
2361f77146c5c55bc28e7de6707513b45d5b1d09fecb3868ad50da64f79faca1

SHA512
673c184cc69a46c4fe35a84e12103e5d15871701db7b048329f9a230c375ea9412ee3be410916b6a9b15982da6c2d9a08ad6708177c0a7a07b86f13414fca372

Download Submit
C:\$Recycle.Bin\S-1-5-21-1302416131-1437503476-2806442725-1000\desktop.ini.exe.tmp

Filesize
91KB

MD5
079d0d860a957eafed46aa99f4dabb79

SHA1
b5548f557480454abfcd255aabb17efbd9399fa8

SHA256
5a29ccab8118aa8c93e74e3b06a64b682b753ac19fbdb22ecc77b8952af53cf2

SHA512
09abde63a0d3ecb597478ae71dcf43767e8214f8b11a311d09061c9d4dd38310ac00ca8e8a14884f898dbca35a70daa163824f97ed47f780aaa9769388923972

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
159KB

MD5
ee836bdb6901efdd4551963acd6da979

SHA1
7e49c77030b22115ce5355e4074085e99c4505d9

SHA256
3282cfe9d3c1c667de010759a9228acc26099cc64eab704ea84b71c840713570

SHA512
6e67e9845baa3ae6bde7973c4133591e6b10e8acf4e99cbad54dce17ae58b620939b57f1c7f2d596c07335cfb835cdee6c28b3fe1866c61962bf4dc40bbd3e39

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
111KB

MD5
946013728f0eeccb85c809911083d1c9

SHA1
565bb3aa5b8fb56a8dd88f4661aa19590acdc820

SHA256
b633a7816eea03ad4d1fd5a196cb56a771895ad3e853b3f7a1d64a58e11efa00

SHA512
d3fef47440233c48843333b067cc71a7248eb4022e8a5dae6d775bf8294b01df9fb45576b1e3d79bf97b104ebfa2b1ec1c213905370241838ee2c628c899a2de

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
fd15ff4017cb88d0f8dd0874e032d5ad

SHA1
f0963cb521df473658e27f9ebdcf0d8c2a3485ac

SHA256
36475c255f98eb9a9c5c94203de6f5aaf02a74eb75df01cb970cffc1cc8c4e81

SHA512
1d02ae2270b83296ff0094f3cd906db199b0db6f08d00739af251316b7e2e3953e36676aba92cc312f75e4bbb4049647e462583b8c7efdd550b3c1d9f9b418d7

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
590KB

MD5
f778951172983598b84b87eac216ff7a

SHA1
22502ce2ee42299ec97553657310e59efb6580ee

SHA256
02e8b4314b004f70d42ffcb67db371b3d138a778e372c51194f757ceca1cb651

SHA512
6b5ac5a22c6bfa503875975675f64eb6f4f84060ae47a8d4210ac75e7dbeece48e3d0bb0650122de4c3b8ef762ecff017e4d01442ef5baf4063055e314f3c4c0

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
256KB

MD5
0dd6d4cf027cbe4974d0051b8a6152b2

SHA1
8c9ea7fdc10884baec3c348472eb75cd7f30dd23

SHA256
8b6f6fbdf667714814af3e12aebd84f868d8bf06fcd6dae371a192a1df9cc50a

SHA512
783f9e8a132a964b101d3d3b1a606c880f9aed3b439106a81ef6a69782317a365924fbd1f485419ec9ed995be24107233a844f5ee45f6fd86f3805ba6986ffbb

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
235KB

MD5
cb9a886387e2066e66e2263104a7120b

SHA1
7e9733e473a70814f0173d0b148e94709139cb50

SHA256
a242fe38d55d1037a8a64a4a6f06cfd90d8002ec64baa03977bbbe7ff1989930

SHA512
ad1b62f53fe5c1b30495a45e399840a8fe6d0b92a84a03d68bb196d62294f9dd7dcd5eeba79ef3d0008d974c282b513542c39b95406e8ba7e50e29a063e97c7d

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
508KB

MD5
b2c10c4a5393004667341503b2322e3f

SHA1
7f843cfa9df24e4425a0b6baf2b44760d2bbf672

SHA256
210055e9c9798a1eaea38462a25a0a88990eb1ccaaaba4e796e82a2a7cc97320

SHA512
4ce07a3f5e2b29971745c0c5d7c2d48e2b5ec7505858565fa089516f516658a9048e26078e908e502d24d72ac1f0af140c67fa84c0878540da039e02fb45be18

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
730KB

MD5
ea9267d16e65d453c7c4118494f5b6b4

SHA1
93dd2bd5f1eb5578731ca7416251fb86daa0f9f6

SHA256
50f56f523dea5a165e5355420c28bda9438550f220ed1aff2ad54e780c69b0b5

SHA512
7d6c0f713b48a1949454d4412699fc14b85f590fe3efcaf6fe759d15240ea2d754614dcdfc6172431eec60ca85683c7b4f9eac4e521e217db693e7e31cd707f0

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
24KB

MD5
d551eaf85a2a644487592870f735601a

SHA1
aada61a37880abccf90f79fe66f2544f8fcf8df2

SHA256
08a946409728461dfeaab92e53e8926d6e0c97bdd40ef494ee76e724cd4d4492

SHA512
ebb61ed06c3722ce98884cb2b4c703d15d24b02ddcea8664beb8db077673dfeef037c6fe79f2904110dc96872b52691d6872eaebe593d28f22c63366e45fca43

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
54KB

MD5
258d8271fc862cfb6adedeab0883f478

SHA1
f7af61effb3f891d076458cc9ae9a136f732163d

SHA256
ce06584e376a5ceb3270e8aab76b786ca6c9f18e771250018538eb4915014d10

SHA512
26b8e34d1a8a1dd356e76bc5bd8b5fc7c1c53aef04ca49cdf1158a42ae14c6f1fc14cb9fa8dc076c29fa315a56212f8f6c3e68018ff24de65f34b3e028f9a8f9

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
59KB

MD5
b392808e7d49d471db2d443ef499b2e9

SHA1
0113a442f2be0f6bfa8501bce204d42d2bf4fcf4

SHA256
119a10e7679a86047b5ffe456e283fb209b11bc3cde248724b04ecd1390cd2d8

SHA512
cf85072bf9bbf24aa49df7f92c40e7a58e1c5e854f6f194572daa6764c071ae25ab6376fd508f4ab8cccb15e0d1639334e2ffd3ab0256a7a8605031aba7effe7

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
56KB

MD5
02cbe9bdeac7a574c3aed19fdef90837

SHA1
cc5e08d9d535118f7c25e2b4caad979104225831

SHA256
1e7fa606ee0a997b7060ea00d2b516367fdc59f6305145c2922ccbf13178e72e

SHA512
69c23dd5720ef1f08845bef6937ea8a547be4efa21389f7cf362ac81c6fe57d9cbe8ee8d16c0d189b11616421cbd21187e7aebcb007819c8384df1b938e30747

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
57KB

MD5
ba973a044fdbecc97ea7728ebcffa395

SHA1
67b1c3f68fd1f5afac059a440031f3b3e0296547

SHA256
22bbfe4aec84ef2dd89c543837b6c62ca1d638fcd8d9ebc7d82978c97b576d44

SHA512
6c87ae45139b2f3ebfaeb751695f9e9e402d2dbce5f5f8074e8db76882fc38c861f24f7a70253d0d829b97a30b7e4e61e1e809355ab2722b22d6d7bce439c1fa

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
61KB

MD5
6b09a48befdebe8239073f15292a1814

SHA1
4684050459ca50a4dfbf64c7930d0bfe1882fcc1

SHA256
f55a7519626bccedc00776b15871dadfd5a98a85d7682d9c9869916eb19ec814

SHA512
d05d3613dc378a0269d8ad860335f1728f6dea49a85f39f83c6494c80b15fd2054d80a7d0c17590c28eb5295a12dd4f379ccfcb808fd66479061b78a45f0e5e1

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
49KB

MD5
7966b47846d079d7287c107994861370

SHA1
92d4607e441de8a77d9adac3688b4ff0e23d8b5a

SHA256
29410bcf0c04002c2947b902b879d79f6c247b590cb7b99f70dc2c3189d95b18

SHA512
6b812be532cd0f4ebb2b1ec8af323eb3537f07c33bcf0ddfc5433b3cd3b015be56f3d7c8d3ce9ecc871def2c3b0cff766bf9a7dd62c28d7e5d8dfab360c3f35f

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
57KB

MD5
5078a01b41ee5d3f0e0c4b5928274067

SHA1
d0b3ed457b1a15348c45b75246b1540465337930

SHA256
6d35633cf62de6a900ed3ca29377e7f15c458ad9deb7b3f224edbb6348a5e3e4

SHA512
ee4c64570a2b553472d492d79938260c8822935d7929d3f0ac16a2ee1840f0fa13b82ae7f8a7fa84237bd9ca4bc3a2cc80c07fbfb15b7ab155b963b149b99008

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
53KB

MD5
03a4839fe53febfec2c0d90b8825e9ea

SHA1
fa768b3286cb5ded61c36f808be8f683b17fd205

SHA256
4fd71deac1be80a991298f255d27666b93fa9ceaae348c2026d02598442b14b7

SHA512
2fe212b2755e14563dc0ce8cc8cab95a97d88e14b5529d72235b864016d8e40c82605f06788b640662c8580800ecd4e7de6a47e1e4a4771796e6e87d2d113847

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
49KB

MD5
3943527551828e2b25dbdb8e9c115bd0

SHA1
e05078296e3cc2490bc7bf05f3373cd127ec00fc

SHA256
e9aa0f574cdc41c40c367f924b4ca94db0a1ec3f9863dad6640f83bce07abbc9

SHA512
d07dcb1ddbe8a0ac83992d036988722d502aa22918000a8b0312fec63899ce2a653f2ff9c7e5fb9af973df62a6e810627d0613c901335f6c7282f2338586d80f

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
63KB

MD5
daee8f8c05ccef3449fc34bfea1e2aeb

SHA1
5f27c6b8e4f3fd22f885f2539fb83e1d15926147

SHA256
37008fbbfb212c807be587c5502a26e7d38333c9ecac9671ca02b0268d70f5af

SHA512
011fbe6dbc6ad22a7de3c5efabd8fbe6fabb95985a866d36c88fa3523f01e1b985ed4d46b6080e737c7ab076b9161a02b9eed6ff16bc7dac34aa7c456ad67324

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
49KB

MD5
0c974d780ae19f68ced948180bdd7150

SHA1
917d36f791010cd329b4257b2e4ab1d0d94be630

SHA256
d7e46f82a8733db017721ca9e08b33595ddb9af9985a0c33184302559fa3932a

SHA512
06ca14977980170ac744d1b72b5112a0d1ce1400ba7dde00843e7257282dc640ac10e4a9745d1de11e9033cb6c08d1689965bee498c7f234596be95e904885a2

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
54KB

MD5
a0355ab8f5d9d893855cd1e089e2b287

SHA1
932791c100a989170bee51be98c8cb57a011f448

SHA256
f32a6e7ac5d0b7a7a7ad10dec80020f1ddfdb920186293091967254031d6ba8b

SHA512
ceb6a217309e9f03bb51ef6cee1436943338b779c77aab605f3671612c0c45ba947eaa48795df6a381bd8721fe162886afe212f7013c379ad517207e71d19a3d

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
51KB

MD5
954daa756ff24e4a0729fb7c680ecf08

SHA1
9efad6fa64f5e2c5b54326636bf06e379ee11268

SHA256
fda107c15c2db5174e78fc0a659edeb608214011eb0edd8bd4dd4d4710fdc401

SHA512
e6c8df7af1565ecec93f86e12ebd15a0a3669cbbb5ec838984d9b5de99d807eb2c0dff1e37567735aa2fb7bd3ab64c04b0c6ffec7b00698ea3b02f4aa8c5746b

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
53KB

MD5
b94edbe672edbba86eb65cd580642ad0

SHA1
028cc5aa9c2d53a01c88236710e21d314e169ad0

SHA256
9775555a2f0a1c1e0be7d8975bbe834a9b474c19149d1ec776a3b275c3cb4d4b

SHA512
7704fa159fbcf57bc79ce84bda603436e28b8250f7656376afd3a9b444f183fb47203c04eab56982c97baf73553f5b5eed8d74d8dcfb3eb074f72ef7fbd72926

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
51KB

MD5
ce35b0fe36fb07905454ae60a4201e1d

SHA1
202f073ebb002550a1436a5d2f74e1df16ce2807

SHA256
f516091daebcfb368e95c1dad731fce36a079cbe7f0c749a3efb5d544c555627

SHA512
8f5c4f387933f8524f2f65f829953567c6885fead525f10dd3c5a23a5939bf9a3716550d87e809b6171a79a9017f18842f2697709e90b327c4a1ff0a72dd37d3

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
53KB

MD5
5f3118ea084bf0f5563f9e8d00d883a2

SHA1
1cb368f36b31c44e3ca3c13b8648cbf8e3a74b50

SHA256
1a7c8adc06af630ac4d4e2cca844d852d4f364e0b141b717905302aaa47a8af2

SHA512
55c70d5f7369c8b4c0fda17f39f20193d8de6b4f46db9dcea160e14b7ce3aabc1723f7fa9e68e82ceff75da14746e961f2130b16bfa37c7bdbfb028a2adafe18

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
54KB

MD5
c8cdb48f90ed1a291835ef7abcbe04d1

SHA1
bcd0d4d58f831ea225946e5b03d010d02d9df58e

SHA256
3e89a33a430b75d18dcdb9bb4835ba9ac7aff50db07dafc0c95d57e0d2e3ff3d

SHA512
85b2f4c9ef6b05f6c5eccf64d9ade0cc3ed44f96a1b38be76984e7e1bb2a6dc8d767fa43404d1e12ae51f46312b9fecedbaf79c8b9076befe74f74ef4e6ec2a4

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
52KB

MD5
2225a62e719cddd5e1d5f1233180779f

SHA1
250ce8ae632c7d9ce76c1d3b005a58f18368c6e0

SHA256
0e39da449940cd414b1ef13fd40ebfd569ba15627aa8b597b61becf5354310d6

SHA512
085bf77d05d860b80a0a549599adc9ddf17bf658247bdd348c5a85184ddd7f7aea372d2ad1b8d410ba0d36a85ec1a9211bd81e353879f5a0b8bc8c0b05d763ae

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
57KB

MD5
98acf46c7dee39b6593169beab417d3f

SHA1
15e9b26e90a095e9ebbb73eb9de9a67377f40163

SHA256
7d8e928c1418d2129ea9ad3e15d78faa5d6cd23278b90be02fa84943b0c51a2f

SHA512
b94cf9436b6821a5686e0ba2d080a582ad699b9e39cc5ec80d3fa618abb45a6a70c58fb0d44f4f321a33c800b9dd449421cecceb2e3f196241bda54245eb7c55

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
52KB

MD5
3d271e06ba4d3501ca5c4829d7e76687

SHA1
6ab134f0d92ffc64e6e6fd9e504445f3b9f748d2

SHA256
452a8b1d5d6032907d6857e3dddb8ebca8aeb8e61094248a660768329283b1a6

SHA512
780ab80461aaef9858f2c5179bf0f455fa94592d8a473fb38216457fe04d52ff76a0874e98537f5678347d3861dc2964b90e651b304168f712a3853c7d2ce3d6

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
54KB

MD5
91326b3681d317f2cd36eacb366e0fd4

SHA1
9cbe6014e514d3c1ca48fcc57a95fb7e26ec3d73

SHA256
c5f98d0f795b5979ac04ae407f57609288330a2ed425cb5ab480cb8f2c94d462

SHA512
3887b5a9362e0752a0f1da695bcd9c6432bab5800e2897954dc81e00d938f07bd20f7ca2e28e6eb5d553fa087dd3d431ee1abe019d91c0d9a203886e405ff42d

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
52KB

MD5
125cb83872e54660206d52104db89f71

SHA1
0f3457eb2281a7b9ab56a3b8d203f06211bec1d2

SHA256
6d97402d8d1198f41cae74f8e2e4c7a96e078275ec0bb90aea1e61cca1c31453

SHA512
ac7a6c32eec225973d67b3076ca6c26a882bdcd76d9e50cd9b3a1de05a5a3bd703efa943ec54845a34d7572c12f8f6625eae71f05560befd10de16ac9fcee923

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
56KB

MD5
7347828e63a89e587afbe23f5e89b6ac

SHA1
808b3c6179efd7aa6808777c873dde503df889ce

SHA256
59562310389e3dea43025a9ef9f74170f64d678679313a68e4a49a576e658b6d

SHA512
6311563ec7ed3c814028c799092e51cbfe73a89ae0c992aba254b002f31b1ef7c157d55f606a1efc41cf7c729d6f9b1301f60310d01d49b8ba36dcefab534603

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
58KB

MD5
cbc12a3222d874fe2e24ff02e2c027a4

SHA1
af347886a4b2d6d1617897105be3d554ffa33b03

SHA256
c7a3fb98305468b23f28903e2b5c90ebf16c9f55f951d98262badb9e8e4f749d

SHA512
bbda788689216967d24b4b4babe35920bbdbf85966f65e339a4a74de146adb77e6d739be6148fecdb98ed14c8481504edbf841e067efc60e1a42c9e5a08a4624

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
58KB

MD5
d89f951e05796bd4dfa5e0d9bfba9dd0

SHA1
3fb1191f8c371c54f87dbd5f5f7ecba0590665d0

SHA256
e5fd9c972ca2c58802acca2d70f1aeeb0a62321365f56a0ea8ec2a48999fd01a

SHA512
d194d33c60eb130ab348fe16570308a2615587106a944fd4a45b8c09d3a1a858abc46249043d60426b221d4ace2d2858999f51aab621c18f5f2ec46c86136ccd

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
52KB

MD5
122610aa92336cec16bb7855aab0b8cf

SHA1
1cb6017774f153a1bac75827fb520d4e3154c637

SHA256
eefa75f7669ec8969075c62e6a9596af0942542b83dd94a85b17a9d93a2aed78

SHA512
9ef0796513f9e4056f2e6f17d52c969929579b5ff8885af725cf42a32f4dd847c32188e3d4aced3176ae9212c29fb567d0ad1a1549055c17e353cc583799e65b

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
58KB

MD5
32ed32cb1ae024081ef1ef68a066cad6

SHA1
3c26c7abaa3a6da307daa727d192b085fd3b713f

SHA256
564ec1d7fe6a796f4982df0e16e51c728333b89781a0fea6ba220ea53a738c88

SHA512
a058003965ebaa998b47d766078597dbee93db79ee84855955207b3b2fad24bbdfd6867d97871e8c4da9070cbdf9469772862620120d1418ccd971504442e230

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
52KB

MD5
32847fc6e77de9b41a27d33334bd16c4

SHA1
92bdb04a4fd9777dc920dc85bd1f164212f1bc09

SHA256
97912b9d560d5538ea41b161a2ab9ea38757c2635fbfe671db53bb6810c983c9

SHA512
c0fad663674f7cd3c9ce51d6b1e3d5f97dd0364cc804ea07c1b490eb97689a2aec5f369e777589223c8f41a122a9094f32023cedf43d0dec3b3a59b65c050dfc

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
53KB

MD5
1ff9b392666bd7fdf7d226e0c7dcdb95

SHA1
d121c5e0c30bbfa04b6c244f3029bfb7951fd110

SHA256
0517f4390b7394531de06603892d17f014fd7d1859d98e3a3b2f7cbee0cfadea

SHA512
7aa1f18ae520f603db56847f0f29b90eb618962646d014b4f1e716e9f6c63afcd3673e52a21bb8cfcf0ca4cb270add4169017b78e8614793045313e9d11b2c60

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
52KB

MD5
cd4cb755210a7c854b599aa3d31156c1

SHA1
5454337e172cf48ae6134b2567a207c52ad19426

SHA256
4881523d35d4f1e9b6cf7fdad27add643c4a1af64da80b3c953df823ab7d1fc4

SHA512
fba650280ee0ce2cae7e1a4c95964540ddb4d1350e3d635d9872f720eb26f44d780d402fec12a13853f88041b95f393cc0848c3a5879cb5781429f63832064a2

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
52KB

MD5
dace8e9e1a9f3aaab9f1bc021085be14

SHA1
ac3993e109101a45aaff36a0a345c004fa98a276

SHA256
9ccc5051b33c0398cbd3223cb2bffac4192d26c2a7ed9f3d4127cea648b670ee

SHA512
defdab53f82b33066b4303ed2b38987c5a56735c62f86ec0ca86d553e9ebbe5404c25aca3e575be9384f28145909414f636a8bd088c1d9d17da1d48d1dbc2c21

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
64KB

MD5
2e9ebdaccdec4a4c796aba6046c89c6a

SHA1
fd93ce2a025fa054264e23a8782990cd3ff34cf1

SHA256
d5b7fc8a9aae125987ffaf1984fad5b45c5ec2f76b744f203b01f2bcfb0aec78

SHA512
85eef4434223a0f951c77aa830c337e695ffab7e388c8679dab093ab680379d63d614119b9bdd888f3a0d8395aa0169901f4dc7a0fa6c8adb960fe73bdaad2b6

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
67KB

MD5
68d54438990140ee704b20302451c2a0

SHA1
56b0aae48dd412b0d728b11fd657fc9e6dd63a2c

SHA256
8a4a935650f946432346e63ac82de9a3864d575394187318bc8933b443b70213

SHA512
6d8f7f7b0617642e5d46ddbd2980eac7d7f7f3c5e9aee974f48dc621452de2f3f16370db3f28b473371b95df92db41bd547c75349f88bd5ff7ce1e948ee97cdc

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
57KB

MD5
3fc35fb42b0161fa39277c18479ef00c

SHA1
a086eb5b693435d145e8b356fa1fcaceacfa9316

SHA256
5bea5c84ab649bb572c3b7f3df476c48731fa047f1a47b94b8532760c5d2059c

SHA512
31705362eb9da4fa9533f199dd46998c5b7aade07f5e3d699fbcf0404e02030768e0e1946fc1fa1bf6b8e193eeb9d990f5432ea25fa17d1fe82ef68f10a60655

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
52KB

MD5
e3e0452a6a9a516500945a6d2c8810f9

SHA1
2ec10697661b9411692413c29c12e927f6f9ff0b

SHA256
38c35ae1a49f2d981936e7693b496b14c11e29313e2efb8f5536a3eadc6ade1f

SHA512
66e95b1a10d70e141f37adb477e9522cc00e4d07019997630d03be0403e8eced0d806935e28769f6c158feefb9a9b69db58186c70e2ecc66793ce6b103044aab

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
59KB

MD5
45f357d12f43829b8769a407761ad7a2

SHA1
862b14f76bd21ff6705937273829cd0f3e8c9bff

SHA256
9608391936aa134af0033d196ecb7b01587506caa76fce4374c75b3ea8bea11b

SHA512
1f166c148313e5ae6d39b9cef0a191e56c4f7007c7dfcb09ecde192294a972fe24ab2902a3deb116493c29f10cc270488863830524097ef70f9d4ec2170bcf46

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
52KB

MD5
b4cba9c8c052d662938b1ee909a8f83a

SHA1
9ad2086c828ffd819fe830320f564f69259120bd

SHA256
cfdd78a9e091f0e249b0b60223c19f18ff2a537a13a2c3476402aa5705c70b97

SHA512
cb9b3558161d113b1275849ad4e6832c922bf82b82e2b6ab773df615b390b1320f902097b67af88e6cf9802e934c0b2607f8cb4ae0c98d0adb5b31e5dbf7ae03

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
60KB

MD5
245f0203fe7d8e92545d6fd0313a39f2

SHA1
ae5301a30e0423ed6cb392dc1fb450048c7ec5da

SHA256
41d93065ed47b89c944103f79d5e270c4a70eb0ac64262f190306d8c6db6d385

SHA512
a2b0ae14da6491c59149e86a1e879d61f17ef4342f339b65a35c2b36ad249572a601d7bdfb76abbd8a8ae626020d53d88b64f6969f3d9078f884379d45712794

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt.tmp

Filesize
56KB

MD5
55a46abd49e8e8bface6718f749e42fe

SHA1
620c4aa484f1fc575aebff7c933b3285fea527b9

SHA256
e7e1a4911007387f184da0245945a76486346cb7ddfdb182f5fd2235974e1bd2

SHA512
c1abe9445842c5199ecef74e3a1e623e00cf7c7c6f7419af814f1cb21c76194f3a028a9ea56294a6e513e920b6ac20eb88c1543ae5f87e8b5c6d491c4a80ed75

Download Submit
C:\Program Files\7-Zip\Lang\pt.txt.tmp

Filesize
56KB

MD5
095052c66e00f11388cb76f69de4e998

SHA1
24d524d304e3f59bba0f3b981b8e3b3da9e86ffe

SHA256
6e252f4350d1b7ab7e3e8409b3371b4baf259936ddf2b242881d2819954557dc

SHA512
11dec3175d8c3384dcfdb4375277738fc3c50628b17571ce6b8b3b8a9ea071d399053d4358dbc8bddf122987e702fa69a3b6e8ae42e8b6403c39d0b0cf3f629f

Download Submit
C:\Program Files\7-Zip\Lang\ro.txt.tmp

Filesize
54KB

MD5
8e14fb4a8acdf162e930dd8e7833ff28

SHA1
f2b2887ae5434c9c6a922e5b90136d08e5faa44f

SHA256
18b67fdc71f884699486a0f19e5c399997f760ee0f658299a51219f3fa985a94

SHA512
ca3cf194d3af08a342d01e7d9b86b01aee6620f1b8399d69d9a2fcfd866bfa9e6a2a14f9bd0c7f3d77a66c4da3190387a61b79b37e9ac296a1e97420b0e10420

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-pl.xrm-ms.tmp

Filesize
57KB

MD5
0a14f445a9bb41b40e68d032ee10c73d

SHA1
cc999e56fc86814ede95fa2f8baee422eacf5be7

SHA256
655f9d1b546b4245999d694b646ed3263578a37cc17c8ba6d5791a333aa0bb7b

SHA512
3f6188fd5becdc785ff5f2fa732419abf91d4e42be3f8bb2dca6f337b13a9ce20915c17c713b951d3af6dab6b787b9dad2f17bfcce03f3341ff7687245da6933

Download Submit
C:\Users\Admin\AppData\Local\Temp\_Snipping Tool.lnk.exe

Filesize
46KB

MD5
b1b8d107cebe341993c528c2cda13fe8

SHA1
15ab6c554723c1227c37699fe2be9e6b5432e03e

SHA256
6b58eec598df42ce19e1915b5173a3068033242f52476c5e92ce4c339d68d059

SHA512
86cf185b12a7773f2d172070ae6c7c7ee248ea3226978c7818a2349e355790bf1a9323598e65b3020eb11b06029c5ff0c350f1f74facca7e525d768d779bcaaf

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
44KB

MD5
a7fb8badf70133b96aea070ceaae48ec

SHA1
58fab14f305ba2b20af29a5f258f4e6f5b5340f1

SHA256
e8cd69bbb890c818f3e1024ddbea9f1694bb7a8580f4deef14b15660710e732f

SHA512
a1a00c64511517ba08f1403646709738975fef865339cfc2a0ff96b08aec091de02e6cc588d67abc1440b184ef520e9a22bad204480431194b106c28e470c7d7

Download Submit