0038797c6cea63c9c9b51e1ceb66a849f25c0d1657d360c3274345b20d362b04

Analysis

max time kernel
120s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 16:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0038797c6cea63c9c9b51e1ceb66a849f25c0d1657d360c3274345b20d362b04N.exe
Size

112KB
MD5

931cd7b2f3d575741f4ca0bbd34a2310
SHA1

e24e15d202ab1d051dda2876a3b62cb46c735b6f
SHA256

0038797c6cea63c9c9b51e1ceb66a849f25c0d1657d360c3274345b20d362b04
SHA512

836eb89e5708415543ca3f9faaeaab8237550ddb3e68490ec54a9dd94671cbb5423e64e608a2440a50397a6e3357af82fb8ff45176033c7f54287f7181ee8c72
SSDEEP

3072:6e7WpwYRYxSKSWu0SWube7WpwYRYxSKSWu0SWu+:Rq7axSKSWu0SWuaq7axSKSWu0SWu+

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4675) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
4612	Zombie.exe
4716	_Task Manager.lnk.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	0038797c6cea63c9c9b51e1ceb66a849f25c0d1657d360c3274345b20d362b04N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	0038797c6cea63c9c9b51e1ceb66a849f25c0d1657d360c3274345b20d362b04N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\bin\klist.exe.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\ReachFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Input.Manipulations.resources.dll.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\asm.md.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-80.png.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Metadata.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.en-us.xml.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ppd.xrm-ms.tmp	_Task Manager.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Intrinsics.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsFormsIntegration.resources.dll.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\Internet Explorer\hmmapi.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\COPYRIGHT.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ul-oob.xrm-ms.tmp	_Task Manager.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Primitives.dll.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_sv.properties.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Encoding.dll.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Contracts.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Configuration\ssn_high_group_info.txt.tmp	_Task Manager.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\mip_upe_sdk.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7.wmv.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Xaml.resources.dll.tmp	_Task Manager.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsBase.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\deploy.dll.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MINSBROAMINGPROXY.DLL.tmp	_Task Manager.lnk.exe
File opened for modification	C:\Program Files\Common Files\System\ado\msado28.tlb.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\ReachFramework.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\xerces.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7.wmv.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\GKWord.dll.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GRAPH.EXE.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-180.png.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.ZipFile.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-100.png.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Claims.dll.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Design.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encodings.Web.dll.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Input.Manipulations.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.dll.tmp	_Task Manager.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.Linq.dll.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\ReachFramework.resources.dll.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\Java\jre-1.8\bin\msvcp140_1.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ul-oob.xrm-ms.tmp	_Task Manager.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Memory.dll.tmp	_Task Manager.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationFramework.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Frosted Glass.eftx.tmp	_Task Manager.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\lpklegal.txt.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.tmp	_Task Manager.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.CoreLib.dll.tmp	_Task Manager.lnk.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0038797c6cea63c9c9b51e1ceb66a849f25c0d1657d360c3274345b20d362b04N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_Task Manager.lnk.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3156 wrote to memory of 4612	3156	0038797c6cea63c9c9b51e1ceb66a849f25c0d1657d360c3274345b20d362b04N.exe	82
PID 3156 wrote to memory of 4612	3156	0038797c6cea63c9c9b51e1ceb66a849f25c0d1657d360c3274345b20d362b04N.exe	82
PID 3156 wrote to memory of 4612	3156	0038797c6cea63c9c9b51e1ceb66a849f25c0d1657d360c3274345b20d362b04N.exe	82
PID 3156 wrote to memory of 4716	3156	0038797c6cea63c9c9b51e1ceb66a849f25c0d1657d360c3274345b20d362b04N.exe	83
PID 3156 wrote to memory of 4716	3156	0038797c6cea63c9c9b51e1ceb66a849f25c0d1657d360c3274345b20d362b04N.exe	83
PID 3156 wrote to memory of 4716	3156	0038797c6cea63c9c9b51e1ceb66a849f25c0d1657d360c3274345b20d362b04N.exe	83

C:\Users\Admin\AppData\Local\Temp\0038797c6cea63c9c9b51e1ceb66a849f25c0d1657d360c3274345b20d362b04N.exe
"C:\Users\Admin\AppData\Local\Temp\0038797c6cea63c9c9b51e1ceb66a849f25c0d1657d360c3274345b20d362b04N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3156
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4612
- C:\Users\Admin\AppData\Local\Temp\_Task Manager.lnk.exe
  "_Task Manager.lnk.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1194130065-3471212556-1656947724-1000\desktop.ini.tmp

Filesize
57KB

MD5
5352ea3540274fb34add353db97f6c6b

SHA1
0b2ec13eb48334a65392d42378d85f736e8dd045

SHA256
2c784cca7e96266e1b7ee023a15134c3f1d151534ddda16253e42d5fab553404

SHA512
e40cfb285242861d197a1547266600a290807246fe3d4cafdd14635c936f42be1075a2b1995fb7bf73043082a8c4f7b59c39d6951b3c5b246041ee9870b1bb07

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
167KB

MD5
8b31427997856db851187e862a945b75

SHA1
8f7004ae40244bb0152ef9907b12d36ab4c99e21

SHA256
c7086512059c08addb45f5ccd8ebab0ab0b6f1fb4c4d0619fbbf5844923cf4f0

SHA512
8a5e97b15e806c83e056cecbed277e6ad534f362705bb4298cb1a44d48fd3a50a6039d85c114053f7a0fd65ea579fa5a946f4687f1d25f310dc53405268e436f

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
156KB

MD5
4c3dd2bb41da6bafa31307315a956807

SHA1
7903a8b4bd3a91c24f60a33bb0d32d2d60148b9e

SHA256
ef048d0dc8ccc344913ff5c9f04eeff90a540b22fc2ddcef243dd62b96ed9829

SHA512
8f323abe49df1c7a6cfd3d2be1b2103eb034193c0e5d1cb926ed86cacf94cc41f4846508cd950f023b42ab322495d469ffb014864bdab8c7b9804c9711b3c226

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
46350e2effea601bb87ba8a906d1f13e

SHA1
d881e200d41d8e6a7804073e87170023b95ec8d5

SHA256
f993385e0d02f369b00a40aca205135911fbe25867b64a04cdca246598973d46

SHA512
b78dd8cf9a2c4d6be342d64b0c0321b811e5d17d95c751ec96f77c1a9137cc48dd29987a042756185de84e3d2b9084a07b8622beb248c844622dd40a434daa57

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
266KB

MD5
fe7d04f3585ed619f9f6c64de93aef23

SHA1
412ad25e5dc75377e78861065d50ccbae972d6db

SHA256
1d9a983cfa9b85f1a13ed1e083df4969aa67470739f1901276207f25df29ee93

SHA512
8aab382d53db1b1412ec6bd06ca1b6d4baed179b0782653581fd1acb30e7bb5b764967010405c64d59cd3670393818602bed9fb04e34066ad90cd3163a1d1176

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
245KB

MD5
18a282bd9746f6b10a0b851aa7f57bf4

SHA1
3f3be9b00230f42526123bab39209b245912766a

SHA256
355a5e9f74b1b9a7bcc1bafc473e52e3cd47d01271f504454eef6bf26b20fbfb

SHA512
93504b8bb8ff46fc58dfd30ca6d18d92c66d6c9df757df710fe3b02a9eb23fcbf17f96b48b9a11f739ff3f73a4be70bf559d7589721e99a4e14513f7c2966123

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
987KB

MD5
23e4ba8aaa1d24f5327f52ce22073575

SHA1
4fe7270c9c077bfbeaef977105fa97c286bdaa9c

SHA256
d6e4f2b441398ba227f9b7746e800353dc60667cd7085e2a2337396aae294e46

SHA512
a4a1aa64b79bdcdbb737545ed0fa9086536d36a5446738884b3952cdfc3a9079d9db6bc4a5a0ea95e9282cb191fd936072bd04f01272d48fbebaa7920f8f0845

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
54KB

MD5
942f5c3df2727940fdb4b531aa2ab04c

SHA1
6d67f818a99da5fc3168edf1d9229e78ca437cad

SHA256
a8564a29ea002932a2f2ea26fe82fb7916bda1bb2ae3ff7c96900d32b1d6effe

SHA512
fcf5412326f1f963299bbf7e92cac24711a57025f059771891144f54fc1663b943df285a293d8c78643bb14f0751fad4a151147bcaa170d1cb4164839990f24d

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
114KB

MD5
11f8b9ca2d3322b00b00d73bf1a73734

SHA1
edc1ae4d069497bdaaa11ffeaf3ccfcaf95c4421

SHA256
55d0cd6286338faf278e1e939e0071e52415461b091995a2fecfeec2b5108d74

SHA512
3df63bcca4cf438e3141b687f2c0f4575da7c1d8634dcfab7f768d99f35554d5148110d5501e44f6ac687d6c46c53ceae0f7c96c1995b0e12dabceb14ba7c4e6

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
67KB

MD5
22f4172f2d5f93337bc7e01ecc139280

SHA1
1078136f5dfbe4772e123eddf96484b438976b37

SHA256
0b21284834ef433eb37314e9800e9de2e1c9c05ddf06916acff69cec71552985

SHA512
1f76862cba9d333c4f5814614dbbaed02b2f671e220cea31e02b4d37c8bf0b855ce385b15e27cca9c405ed8b42f2831fb97c9c2ac71f138f23892842e62c8681

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
62KB

MD5
3bfe77e18743000e25977b8dde485547

SHA1
40fe53826554a237d58ac1f3e66c27f3b6836f89

SHA256
cc9d86d344537e40cf14bf348b129057dc311cc17311b6f9bd034536afa5f127

SHA512
8279dd928537dfa726aaa3256e4ff69125e410dd9e00f03d10af7b930a6ab273c21db5cf5c83f047fd380372b98966c3d8249644ca087372fc2a3d99667b996b

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
67KB

MD5
6e5024fc4710e0b823db0a1aed045d4b

SHA1
d7d33366426892e599104c54acac1d6b9186fe06

SHA256
9f4bc284c64b650e9e789ed15dae515b88e383d4fafe897b6ba5510e803be407

SHA512
2c761c1355a7314add1dabf0c1a0db096fb833690ad4a2ce73ec320fc9889fc90f75b30f589ec5c27a7ad89c3211eb5b194be6f935d01393d52740eb27286a64

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
62KB

MD5
21aaa3b94f794697059f06bbbb482e8a

SHA1
9e343fe8349c395b63fb861f33492ce92bcaefb9

SHA256
98652f72afdc738add8f7730251188e6cb7a8e50cf83d80445e8914966f10dcf

SHA512
ba4122d229568409305c47dbba2f5f35ab688935936c66f7da4eb8aed8ca3a41c474944c45b4cbfecb14b29bdf7719da3d5650f113173d8fb22d4dc62425e11c

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
66KB

MD5
0379c986711b05a869279033a504f048

SHA1
3cf234a1176861e4d04021e601e6b31daab3fc8f

SHA256
b1db6ad4d0ac0f2ee65e9e5525434a3ee4914d6a2782606e5bbe535b3a4a3ed4

SHA512
7a6e7b1423866639c60f882fa506f84530e234382d7a4293718f5471f390ebafccbc03ab5f7556f6fa2123817a036398d080d72dcd2f95295cf68b6b029260af

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
68KB

MD5
028219f3fb5f0491807aaa276bebf215

SHA1
cca0fcc3eee2010439b20837013fbca96fb111dd

SHA256
558859f7b30031bbaf304fceb1694b3410a585b8d20cf542dd1d57cdbb02c99b

SHA512
3c80c3e48abd391595f2310d677c29d9eaad6fbf6f36d349320d770b39801772405d6a0afc2e1ad29fef3ab14b0912e8b615c76fca747d112e10e244dd5f24b7

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
68KB

MD5
92db892eec79d7ef7392fda519386505

SHA1
8f75b389a8a82dcd719405dc858701d73365d0ff

SHA256
97fde01478023d2c0f25f89b34dac7552d07dcaf5cb3e6c81e3ecab05d754dfc

SHA512
b36459072801363c005989a4dcec86c7d1f18b516a5a8f60fbc55b534122e36eab2b4676839d7057910d80d222836e3105e7f4bf45223bc961d7e0aad672866e

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
54KB

MD5
6f3b123b8e42d6f04f2b3b53005e4516

SHA1
187f423de01935b4056e4806f055f5f3bf995ee3

SHA256
22d7c0611a63933d56167112ff2de049c0507d98cf6270f3e754ae34449994ae

SHA512
de19f5c423931ba5a3659443b39974884dc96f379d85bc2fde6c1074087eb7a25946b4d4e94bdd7cfb8f3b7ab03d02659a76adc965e97a2afec90fedcd50faca

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
71KB

MD5
cf3cd66476bd369b0c97a246454edddc

SHA1
88f9265828922887ceacf96e02dc59ac3fe60197

SHA256
9e24ef5ca60ec67eb7d35e94a62944a993f6867a3c22677384394373049570ce

SHA512
d1ea0f7d3fac4887b14477fa62d2c0a7a90dc3e1d4264158d3aec5358c4705859d930d32cbe196fe5373ead0662799d1a79e6597929685185f175b484bfd7156

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
62KB

MD5
32adb3cda75cc369b25a81a84be4ba57

SHA1
18ea26ecd27e73105b9a5c9a5e840ae7470d43f6

SHA256
165554452764964eb419a6d926d94389fd311fd1a924c73998381371e1762ef0

SHA512
8823265cba983bdddb19e3ff1cd89c8e4db4fd7aaedaaaa6b21a167665adb8311353821d48b9ed859feeaa691676a4c51ce95207e2ca9479ab90603c512e927c

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
60KB

MD5
659f1e684f95331763aed937d0068967

SHA1
e89b6904cf07046f2a89cbbb317dda9a7d3c492c

SHA256
fc32fc5510ff60aee5d2256f6543489e62abc5d7d1df73640270c10983535d59

SHA512
1d3c4d65093ddc77961d95e586dd6577f6a28daa70f18fbdd391d0452b96684360dd53527417707a104425c179ceb0c532cac8c56b5ea242f09f3dd280005a7d

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
64KB

MD5
b147c9c5c71c072a399cf96cb2cdb63a

SHA1
e1b3a8e7ec8125001aca1a9e3b254f9c9b895720

SHA256
686346bc9bd64bb54e7eb5b81f99eb9756f1cb89e52ec40f1ba63e71a0e65280

SHA512
a9d62dacc887ea070c5c39ce2b829890e5f8b5863c1bd2ed1d5d9d1d2047ac64e75ca23e8148b1c7cb2b259c05c7ad81bd6665493e0494124b11e6410205bdcb

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
73KB

MD5
635847bc645bf044c9b36781cb7a4104

SHA1
995dbf207905343d3719a1dd9d2609a026a35889

SHA256
1a98b5c1f8b7269d7b1a9202e1ca190f57968cb5e3c5f4f08867acb5e7ed81cf

SHA512
ec0ff773b5c25a0fd638362f5aedc1200990d1e77f0fc0d260f406f8a17c8ec401a9fb76b49de0cedea07db08b5b93385d26e25dc3d644b81b17585c9597c726

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
64KB

MD5
b9d5b8e135c4e1cf432afa3191a23178

SHA1
07ec0619cccf59e5018ec3ef581eccea8687e8d3

SHA256
b236917f114140ef2beecfb3e9ddbca646666e841ea1e152447b68227ca2d24f

SHA512
7b3c627c9f5e8627e78a4f34f641acb321828e87684cdd51611f2758717ae25342903182ca85d7bf87174983df2574402efe2cbe12970dc82ce88ad299395698

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
60KB

MD5
0587c54ed3a5e81282d58c03a966aa22

SHA1
974e35ca3285405535b72ac6b491c16e9960e8c3

SHA256
8fc5d07d0871e6ed6c236d48e30160fa6f5b40fd58d2d91df20941a490ff7c71

SHA512
83420d432871150d0014a8ccde55b67dbfaed628d1b3a4b49321e9d0bfb7106a587e54c1ff4a449ab955712e589855eb870b0b762aa55cfd1f146ff7ae92e4e0

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
67KB

MD5
b6f24ceec0eb91a208fa4e0ed0cd6b29

SHA1
5bbb4b75e0d617c5482f6fc26bd336a841448f50

SHA256
4388a841a9cd12493d37d243b6a6c007a378eefb51001ab3f258baf9182aa266

SHA512
680230ba8b4f179734f04fc64de29c05044b3842230a66efd83fd3ad64fc22fed5b36fc24d9768371e41593c2a3bd8a159016e806021f138bd9c90ef3a93c39b

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
64KB

MD5
d9ba53318f561711079856cb8152fa75

SHA1
8717b0ef851306bad4a1e411f4aacb8e6d39b995

SHA256
340b929639fbd9dd75776731506d3814e1a1237782dcfd22d4f7d98d3f0d4c8e

SHA512
2d6c63d2ea3cc8b34bccf1b71d0a42a007012889275534c92cdb617c7ea567bb5a7114e158509b7a1a835b37982476e027f56dd206329403d0979273dabf9342

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
54KB

MD5
746d0e748e0bb7df7fac3b78e86fcc20

SHA1
d02f4fa0c3354b79265c99463104361d828364ae

SHA256
9fb25d5ed5e0cba17e90583cebc119b7cc338ec82e4fe76c8e839603f3878ad5

SHA512
a7694bcdbf260bd836b9a66189a6f26074002703679d227451a3f159c2b6036199f84aa3353e1fa9fcbf03a14ba46b973cb11ece99f09cb06a71e32a8344c7f0

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
66KB

MD5
81dc8a300556478600f3a1d6bcc59929

SHA1
8c37753e421590394da91a4a6df744de5ad3708d

SHA256
2446001dae4b8661249c7f119adc16982607f6bc22251c78ec69aacea74a25cb

SHA512
e838d79c485b412f1b690e222af75643aeeb71914c25954a8fbefec0cc6265e72c6d8d1a6f87fc4ac7e72cbae4818883863c61d61be9f070f1f08623ce9be0d8

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
66KB

MD5
00df47533575948fd1a9925d33b413d8

SHA1
e6007f3f8713d78c2c716068b766701009612161

SHA256
9c8375e887ac5ac300111a136e64e1ce5056471ee3022eea046c4c26c8338ef7

SHA512
fa250a67d87674bfd0319b77105f9b758f1cf9fec15cddb0c80606a0f92c5d79dea8cdc3d786989ada179240c47cf40c4ae83ea1c3c439f1a86ce215f19a0875

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
64KB

MD5
1000d617a3afedc0ab92c8ae757417f7

SHA1
2191c1fe1c0cf9bc8c1fdaf0c08107937def7789

SHA256
7d273b77ef10445201ac39aff2bd3517562ba7b7891b470d36a3b21ce701b10f

SHA512
55335807c264f6e395475977628f676b5b2bcf21c5d3d24a56463e4cd6d8eec76ebc4cc395c9ff9ec84440a157fcb3328b22571d05a779a65b25481a66d2a7e9

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
63KB

MD5
5ffec69ea1c912ca82df0f1f41873968

SHA1
b4583413a87505606ac7a3767728b7e8554bc1cd

SHA256
d42fb64199bd444998d139d37d2264192098684eff9c7c04886b3115c01e13c3

SHA512
4b52faea0ae15547dd80b9eb3c652d9086debb210125040d6cf6e718f26447bfd78f04217d9103d5b043ebf7818537905a739ebe782067d833cca3ada7394684

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
54KB

MD5
729d404ef0cf2c4ac4ee1d4f23c55521

SHA1
8a5ab14a02c82c9f9809c67feac34591f8eebf41

SHA256
26dbdb67c49e06e95411e254b63e45a3295e87dbc553b21678de4b851c9d7319

SHA512
589bca1f6e5593e0fd66d5486bc7803eb1b7fecb006ea578e1cf8a9ef77fb8c7eb3db2e472e95ef027fff729a4b5b7ea4340d4f1582db20df1b1c07b61f2a15d

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
68KB

MD5
ee5306bc122fe050fb3fc2dcf49ce096

SHA1
653a68cdf8f411d6ad3d5a464582df4b4fcc385f

SHA256
a1c7aefc4db6d6d0e9c36756892f23d10c7db407d37da9d6808c9861d36e77ca

SHA512
0a385fe1076110985854754bc38ac01036c0bbfaccb85bd3b96776621d00f7b2a16ac6b0225f41669ec5e7e0aea3f42afda25cd45ac120aef6cc172dd04d6898

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
72KB

MD5
680c0fc28ba24fe53f65b0bccef207de

SHA1
b1dec7ce8fd3a882ced733c9c52f530f47abf632

SHA256
ece8f431dd839f95020f26d5e8bf4ec28d4e9a0b8fbb3be25379187bc8b15123

SHA512
58e20589393eada05e0ac69800b7a3fb7c1892d34e585cb5c380a7e7c8bb71d0770caa59a93c3a40abd2bfc76bb5384e366dafce4cf78a055fda8a4a95c1c0e3

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
63KB

MD5
cef84ab472f9d7381a1ee4f94c0ef6e7

SHA1
d25536b7f3590e17293549f9c4b661df5c58b3d9

SHA256
2ce0a853e009f17bea5ed5ce1afeea9121a4f497662fb317328ac75281cc46e3

SHA512
92894ebb2105cc8dde4f861c5fde81405bbed94367888f93a7071ca7bf0da33414e54e87a5845a7cf4b5e29a5a0e98ab92ea33d3edd58477ae472e2b569b747e

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
56KB

MD5
b523cdde819468dec8b57cb78ebf165c

SHA1
76a978a63dc272f881735de69087908be2515494

SHA256
240c54f8f5d6ebd7167a983182e8dd7204219e45f443235d2a4fcdf871bb2bc7

SHA512
436a15db2e7e9022d10f3d67576b5d7973bb31fe6c256a2f9df16920e08249f3648213b5af7fbee80df5993ef89f876c24f3ba1943d01cf1b54b8ec248c85047

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
68KB

MD5
deacd8a9a806e07b821eabe1777d2ad2

SHA1
279f5e1fa2c2df0aafc75311d43106142af5b924

SHA256
45fdbbbae3c2a1c69ce3a062fb1dc71f5e96a079d4fbbfc3e570726d2a0d7132

SHA512
6161b5d25bfa4c71bae9b5e394f493be2677769a85a105ff10e899d96915d5b59a60419b08cccf8ca9ecc02a82fcf2acff508da30ad01fe695bfef2bc8b59a2e

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
65KB

MD5
3fa782fd487c17deba083ed9348555c9

SHA1
008565581afa3ce24cc99526974e40e4b2d934db

SHA256
a21ac3df600eaffe63a4b79a1517f5d7b77c10290b25fd033dd5092744122b5b

SHA512
f2e4fede0eccf50c4923dd0a45d4ed218bc42a7d0adfd50946ad6245463a1478be5ead85fe345a9f6021de1937abf41b98bc1eb194b143645dc1c3d85df677dc

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
54KB

MD5
032b5002587d2a44333ca5648e85b3b6

SHA1
0ce275dcd5b237f0bc1433ae27435ff999d70017

SHA256
6aeaac468940bf7a3843689f9bfc305c1ca4a803d63919dba38343464d09a33a

SHA512
190395a0bb5479a3adeaa2efa45162604205c2f8087152f0ad33ef9deb6df94e25d39ef4c7a3bcf89bf12ef3ad82d6c8fb17a2e56ddd9a125bcb1f9539d51180

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
63KB

MD5
de6a1a74cca5ffe8ab968a4c02599fb9

SHA1
6ff14edc83640ec250458148623025e37c1fbdcc

SHA256
2e4a8bd955bac73b55f80481e929fabbc0b6ec7d805325cb04f083e4edc89614

SHA512
bf283b1b4ecd4e556a9da2e92a17d485d620122565bcf3ae6dc6de70d5520aec6590b6d6285a08b1134da0d3922547e0cd5ee024d543b8ac8a454a8e1f44e80d

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
64KB

MD5
031fd58cc0e2c4570574dccb5e0827b1

SHA1
3e14e7b8d9a64f22b70e217f8145dd72683966d6

SHA256
0b4cf84ddaf707cb413572501171c649d029532dde22c27b645cf5f915bc5817

SHA512
14a3fe336372909d9973c47c3612c117dc73968fb3254b1717e54c660b47bb5fd52e7e67d0ff2b40bdf15914fb19ea57075ffd8a8e9d30ce15acb8ce37cf0486

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
66KB

MD5
3aaabbd96091e0cbfa6b9197b7ab123e

SHA1
98d6e1c5cd85288177131a46498722944a365757

SHA256
3c5e0e40d1f18ce4e03c7dd657d1108cf63c2adee540ce07130791ede3aae929

SHA512
9c87c90cf0befe2ce97762f2b819bd086cee220176a70bb2401c59a0f1de4f49ab3be01286d434cf1b57a363d6de7b47f2e0872161e1bcd755f9a578511e4a40

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
72KB

MD5
23c311e959a2b3732953f000ef62d7f7

SHA1
1d5340f6e539ddda0a8a3701e97dd2efd99c6ff6

SHA256
4d199622146de4889a912deff59c4cd182ceb2ae82e104bac07ffcf44a7819ef

SHA512
91d57a472c42000b7372a419308e565d401aaf1ddf1c882c012a27d378dd21862f57224d9dab6b6b1d576ba57c1e43658424c48eb1a3d7cfb3caf9d6c3d6bb9c

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
65KB

MD5
373610da7bc7a4194cc51b0786fb0d75

SHA1
6cc22d007c8d4d0816ac67e6a1fe50605585edd6

SHA256
0a1bf6c30e8400ab529beaa54e39ce8d5e77a5f82c0b476fcf4901359361175c

SHA512
e3f31cd9c29c3ed92958a91e06540d6a8a0fc5938598438749afbd0a2c4f5ab8808d55a3f6a849afa324c80a085471a3d00bcc3eb4eec2ad71d491589e44e36a

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
65KB

MD5
abd89eb859c5a5e088da118efe5c1e10

SHA1
6586c1604fa0d543de906185af8e7c909b9655cf

SHA256
3de9bda275023fda837c05483a97b2b043c606c3b083aefd3e09143aaddc5261

SHA512
6fedce0c05b0e7c35a26457d83f29e0be45121bed8e0c4287a4a30a7d367ec644786ce15d42011970ab906e3b9768393184be81d097ed75418fdac2993252981

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
67KB

MD5
2e8d291f7e07ec004adcf52df4a4fdcf

SHA1
9c61377e776b1a37e5b08f286b6f975bba9a0c0f

SHA256
ddbb40b65f528d68f28dd131716797f5f8e536227fada0782b097ace2fa234c7

SHA512
5b86e4451745b9b9b4e5ce3ced1a008bb269df9ab143001106dc225eb370f865c360cfe1456c5490e0c941392139227b2eb08d12589adcbee629e14a5530a7ab

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
69KB

MD5
61dff8d9f2c11d5ed9a326b4f75e3776

SHA1
2c62450ca9d4f6e4aa7a2189d082a1b62c8ef0c4

SHA256
a1c618bae7846eff5b583c410dd6370e39a347c1a2c2340ff7cbea2f36c195dc

SHA512
2a25238f90c6b53805adfeb5be534baf85f29445a4d0b64686e54f612b526de375f0339f2b0851e4a28cfc647dabfca39df1e3e0ab496dec0c70b49deef6cce3

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
54KB

MD5
8c06d25ebcd163d7e376928c0cc998c3

SHA1
1a2477563ba095e931f0b492268357b7a032b4e5

SHA256
a0a859d810818f83dac2a55d46affc23c6d8de56da0af644222d630a313c0649

SHA512
f4eec217c7d812cd425fc2b46adf2b8a508e836b123fc72e79f3716204ebe2813f1c930522db0428782aff4a068b21dc36efecad6c1d84aae5f2722ba33b7028

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
69KB

MD5
f18f9ba2b2e57dbe6afbf0b57d5bbf25

SHA1
9ebd4b3be5867a52be25b561991d8d06a65c8f46

SHA256
15c6e7c4ab780c67b94536b7aadc1be345809be0e2c072e42429090d3dd1a1a6

SHA512
0b7b54334901334f30d095c17540ba4ca860548bf89fdd717433949a6ac122409247eb6e5d8205a6f822a3feb77170c9deb5cf2f4e97f86cf894ea84e02ef9b6

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
62KB

MD5
ad2ac48be469bf146e2de3a4560a6fe8

SHA1
6c27a29a6ff9270b9c30834e4943aeca8734f72b

SHA256
fb9be638d2010800c3b24e1302f1abac5a5bc64a81696de4ada57fae44d8edb3

SHA512
6e5d7acb9f0de96b8c976e7fe5a28c1367472a42fa0f66a2defa201a34d7ab66e83cb1d3b72aafe99532a2e5af81ee79fc83b54358747076652673a8247b8549

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
63KB

MD5
994db4044f97febc78ba5df2df52db54

SHA1
f824f30d59e486966925e67faff2e56ade0aa4af

SHA256
bd50acea77758b9ea64dd01a2412a72f32589a1a7d528857eabea3736a67d304

SHA512
b708133a160b6620a0fc7d7e84ccd4bf181eaf56d781a5f6231ff788e31c7089b61af89dd35039122e1a2c0e850772019507f5d47937e1aae03132844e2b930e

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
63KB

MD5
6ef315a1567274f63eb5a896ae810179

SHA1
8eeda8c53ac65793110d19de153b72dbb52e12ee

SHA256
e5364644c95403af06ba9f73f53bba6c2979debad2bbe82690dfad5aefeed813

SHA512
b7f146d1403e98bcd09d06dd5dba4769d1750dec1cf37ac010d74bea556a02d3b5511be03ca7d5fa3e8acb4b38333da277c46acc8247645c7422c696cde0c8b3

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
76KB

MD5
0f83e0832bde7d23cfb6467679cabad7

SHA1
fef556fab8293f061d06db5a2f8696847f557dd8

SHA256
a1704f6a8b537f9809aa638ff2e08a380cdc7bb62641cd3c23ecaaf366e6bdeb

SHA512
f231ef0bda130b2ed5f7d1aceb39c6b89bc6834499315c19233007811ac128442a31d0dd95551eb4cbe34e7beaae79dfc8f794477dc10338a672de83632fc0d4

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
57KB

MD5
89299f7dc07261985787dbef50554f8a

SHA1
1f390cd760fda63fa27cb63f77d742100ef98553

SHA256
5c447b5e33564300d620667f1b7fce15a28390ea37f8ca3dc8d7562656d4b4bb

SHA512
6663f29f424b27d53c73663baa965e1188241704512315b2a4e45d8de79cbdd3ca615ca14d478f21f9184d62b5dcd2989b430d884c497c87366c24d84f102691

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
57KB

MD5
344518103e8a31cf1a8bc1fd340ac849

SHA1
c275a36a6199bb9943ccfa9ce1bb764e416eca8e

SHA256
6e92be13b3fe2063091496c143c43716172c998e879b5452e607df86186beb37

SHA512
ce660550db999ef8c6870af6058c3f2a83ccb258013fa54dac73a7e160469eff873ad28a079d96bea70ae91bf949660309435a567efab48de0c4fabf31988911

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui.tmp

Filesize
64KB

MD5
0fded9248761f1882a0919d30dfd5d2b

SHA1
613391dcc7dc603ecb081e184848806a3943951b

SHA256
fcde8aab2b5443a42c3fc1e3520cbedbb7d4e89574382f1614c3531f38cc55d1

SHA512
06b64bdfb1e5ec06c91018fcf5018dc822bed89d241abd321185d444f3eb9c0448f5cabf9e5f38e3509ce3d72a6e34d02d72283c0f5b4ddf3f22e0d7d4242cdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_Task Manager.lnk.exe

Filesize
57KB

MD5
7b383d2f1ceec59306f9c061c0d95c4f

SHA1
c4860acd9cb0ba271abb848d0a2cc266b979bdd9

SHA256
7a9d9c8ddd9d694d78fc128b095771bddaefe3d2ce457318944c20239e3321fa

SHA512
5a7f6e4557b4177103f0da0018107f0e15e893f8b8c7a72a6f9fdd4ffedcde343f84e4073d602d846382f6baabb9861df536fa403ce54e5b1c174097cda491d6

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
54KB

MD5
1bacb2fa693d9f6b1f868af2bdbc8490

SHA1
f5021c815ae936b7da3a18ca5a6b205fb212e67a

SHA256
3f1751339198cadc5871ddaff7740afafcb1888287b21c863f1899abf0acaf86

SHA512
effc4047b18e78dbc4946c053cf957e5a52f2b706d0e34ae30bd67f590cd7faf085387d7183fa4f543b8bf7c50096897fd139be16084ef52c7464b8e3a7c8644

Download Submit