b9ba9945363ac23b08d59a9cc1a1208847a53e826554ec7feb4f012c27755abe

Analysis

max time kernel
119s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10/10/2024, 08:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b9ba9945363ac23b08d59a9cc1a1208847a53e826554ec7feb4f012c27755abeN.exe
Size

93KB
MD5

a530d097310e0e529e4d6d72e58d51a0
SHA1

463c137ee205821a75cc139a7f8e62d726481b53
SHA256

b9ba9945363ac23b08d59a9cc1a1208847a53e826554ec7feb4f012c27755abe
SHA512

f07c4161a3d6cb525689096181cc27f1b9ff2850d7aa17b868bfbe48e70d80500806c79b1b60d10128ce56db26fd79dcb1f84bb9b692c2b0a844b73a9b9898c7
SSDEEP

1536:W7ZppApBULcfpHLcfpyD56Bm7xS7ZppApBULcfpHLcfpyD56Bm7xf:6pWpBwchcwD4mNWpWpBwchcwD4mNf

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4687) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
2584	Zombie.exe
224	_Task Manager.lnk.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	b9ba9945363ac23b08d59a9cc1a1208847a53e826554ec7feb4f012c27755abeN.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	b9ba9945363ac23b08d59a9cc1a1208847a53e826554ec7feb4f012c27755abeN.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ul-oob.xrm-ms.tmp	_Task Manager.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.VisualBasic.Core.dll.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationCore.dll.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jsse.jar.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-utility-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.XDocument.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\EventSource.dll.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Numerics.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jvm.hprof.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationCore.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\WidevineCdm\LICENSE.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\deployJava1.dll.tmp	_Task Manager.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-ms.tmp	_Task Manager.lnk.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	_Task Manager.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Uri.dll.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ppd.xrm-ms.tmp	_Task Manager.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip.tmp	_Task Manager.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ul-oob.xrm-ms.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Buffers.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsFormsIntegration.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsBase.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	_Task Manager.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4.tmp	_Task Manager.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.AccessControl.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Input.Manipulations.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Reader.dll.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.tmp	_Task Manager.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.resources.dll.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul.xrm-ms.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	_Task Manager.lnk.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Dataflow.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-180.png.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Xaml.resources.dll.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ppd.xrm-ms.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ppd.xrm-ms.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlDocument.dll.tmp	_Task Manager.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ul-oob.xrm-ms.tmp	_Task Manager.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationUI.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-pl.xrm-ms.tmp	_Task Manager.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.tlb.tmp	_Task Manager.lnk.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b9ba9945363ac23b08d59a9cc1a1208847a53e826554ec7feb4f012c27755abeN.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_Task Manager.lnk.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 224	2148	b9ba9945363ac23b08d59a9cc1a1208847a53e826554ec7feb4f012c27755abeN.exe	83
PID 2148 wrote to memory of 224	2148	b9ba9945363ac23b08d59a9cc1a1208847a53e826554ec7feb4f012c27755abeN.exe	83
PID 2148 wrote to memory of 224	2148	b9ba9945363ac23b08d59a9cc1a1208847a53e826554ec7feb4f012c27755abeN.exe	83
PID 2148 wrote to memory of 2584	2148	b9ba9945363ac23b08d59a9cc1a1208847a53e826554ec7feb4f012c27755abeN.exe	84
PID 2148 wrote to memory of 2584	2148	b9ba9945363ac23b08d59a9cc1a1208847a53e826554ec7feb4f012c27755abeN.exe	84
PID 2148 wrote to memory of 2584	2148	b9ba9945363ac23b08d59a9cc1a1208847a53e826554ec7feb4f012c27755abeN.exe	84

C:\Users\Admin\AppData\Local\Temp\b9ba9945363ac23b08d59a9cc1a1208847a53e826554ec7feb4f012c27755abeN.exe
"C:\Users\Admin\AppData\Local\Temp\b9ba9945363ac23b08d59a9cc1a1208847a53e826554ec7feb4f012c27755abeN.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Users\Admin\AppData\Local\Temp\_Task Manager.lnk.exe
  "_Task Manager.lnk.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:224
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp

Filesize
48KB

MD5
fe6088bff1d872295f1ab14ed137c05b

SHA1
14fbd62c046735f8c1500db3ab4685f0b6ce6a58

SHA256
3f303459cdaa9113cd178a6dca99557977893c4884f7d4f0f43b4074c9cedf4f

SHA512
1c3208d14fe840565c2869b98397f91245cc1986d87e33d3f667670d1aa033c5427607dbf6261e326524e751d524ae18950cdb1fab6b49cb5d120267e730e725

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
160KB

MD5
35f33f99df22d3c531ed91aee26f8a92

SHA1
33919a8bc78b5dc472367844aff211c58db2b0ab

SHA256
76026b7e4eb8d14fd018d5bd0d6261738f54ccb57b55537e0cac5d92606ef08d

SHA512
6288de4a0e335d1a04b4e848ed110d1336fe5c90d24ef83e85bc8cf1c2d5b342413df4cf23716c87a6a4c9af34435f7de5aad4dcee7a9ba0b3aaf37fb0b8a43d

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
147KB

MD5
1b0160722c263bdfff2676c9077b2820

SHA1
3fa15969a57f563ee9f92a8cf9996a36c64dd4db

SHA256
7c3ca4c9bf3eec2fea86df88acdbff5f449fe7a0ec62166a65775625f75c6645

SHA512
c01e60e8cb00f08bd602d52c589e09220c63f354673ed8b95f394a308bac72237b83e14d59d5892aaf380304659d964f106f909acf0fd761c247418db38bc443

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
113KB

MD5
4de5a9aa50df36014819647a80a86a91

SHA1
1fe5b3d87862d96ed41b938966e93ed47da2e36d

SHA256
d67f0e7b6f9c06cc64cb35d137c14ce0abb93ef2648237365f2a2b30ebd7d79e

SHA512
155a34d6455c87ae73cd6306e5d67f26c4c904247859d97f8296ca9231919642d41548f13e0193e4c83c8b2b05380b26538c5cdb1b978523d2585ddc3b7b38b6

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
fe3251b694b8487ba7df2f52ab320bac

SHA1
528f1aaf3f21b8b004cd1cfae9190056266d6b83

SHA256
9f6f6f88a59a9280d3c2790004f64f41af0c792e0345304fe319b64b18e19c44

SHA512
5b74e08545bcfdd4408df54ace161478913e0ca0995c08a60d5032e07d46edeba3daaf6ef30e8692a2e0182e37657e269b0491f05154d4e73ff5e34ba73c5cda

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
592KB

MD5
d6f92457f0a93d0e61ed6583266f5a91

SHA1
8396c97d1a095c28bd06fba6384d7e06146aa692

SHA256
6f9007eece10f331350c29470aa3737546b3d191e767c69da34379a5c7dd4b13

SHA512
064b1f232514796a17fc9c285ef6ccc6c1502bab12dd3b1e7a6bddb55f137e85568fa3fdff4cc70f75258186d15c5e7f13c396981dbeadb227f21abaa1185d44

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
257KB

MD5
df1c0961c63ea844ee874d004717144f

SHA1
c04b12591d61f8ebb1771b16caf654b8133c7ba8

SHA256
cf53abe2288cba6a47bc78a2f4883c255ceb9cbfb6b17160a1575769d3868431

SHA512
f24f9a47e445b7c931fe6f830a885a6cc0710db31ca02b45e3f534bd430d6fa66bb770648073a220634ae77c64831f605e05d3ae55a3b2a6485501cafa0f702c

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
236KB

MD5
f04cdc5967ad84a08985629eb0c2da96

SHA1
0988a07427955501154e24219c2b93c7ef5d36cf

SHA256
8412b4c4fb136ddb8462e9cbc3f942c08b7b85d4adea9fcba702c9b751cc4303

SHA512
23a5202d232de22d13c989d6c26bb326bf934b60eb31fe1453427e4db7c4bf1156b23344bdbe35a95999102a27eead436d1a3e2c8c1c1205bc65110571529ee1

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
976KB

MD5
800c6c3ce4816166d47955fc0a2f84aa

SHA1
5657330f84eac7e594dce42e93a7b2e16b9f1c10

SHA256
a82e94628ac2aeed0daabe0b35ad1d6cb167e1564f8712ecec429c10ca38611c

SHA512
147a8cc765b0dd2bebcc3c47d4841bdf354b4791f3b0dd02859acfc0495203774ac823277fbaaf299ce9ca55151266334c944b4c7c8a23482823df5aef24a16e

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
978KB

MD5
1be25594145086d680f896a0e980be5e

SHA1
29a1f60415e2399bd51e9b584ce26bca658b59b0

SHA256
1260b93ad28c6000c184433264fd381d23e45ec32fa1da443c14b0a4e383fa8d

SHA512
f9a321741f558c97c541315f2ce2eccfc38ada0ebfdc882bdd05bb5fd77f32f921704bd62bb6563cc52dbefe2e10f9f44fc2f4c1265bc6d8bf588701c754487e

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
729KB

MD5
37ec3bbfe367e7007351e0a8b99eae29

SHA1
a041ba392c4de00ee470ae06081404529e39d484

SHA256
d0766b037dd1018c40a4c28010472a1a675be5d256d09b49e5b500bfbd525fa5

SHA512
c37f4922cbca9d239e8731010524a929ac206cea952bac7a3c5d8010cd3510aeb09be18667034718a0b8bfa47f1f23617cca8078d57a059591ff7f7935e454d9

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
105KB

MD5
9e58ec9b8c2416706e186145a8563834

SHA1
4ab3b20f835aa70dfefb762ccd55b7b04397e34e

SHA256
09e28dea4e8f2f545f44d26e2bebfe28127afda6c1dc7763f24b2827acb608f1

SHA512
041cb3d1a37aff182dfcf258482501eef16fdba61f005306469960a28897caadb6f6c457f474b38fc0754795b7fad735597f259a1770bbdd35b8d4fc9d46fdbe

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
57KB

MD5
c5f91698dca25b1eb0df47596054c396

SHA1
620b54c0c7e5512c6fe9f81a36f73d24f4adad13

SHA256
8c2f4d0af3c37849859869df7c90e9ad8779fd9222c775f4bd68e35dd38101a2

SHA512
228fa3bbc4a0f72a713a12666d25ef44d0bc60d7fb5536c8c86653804e408500d5fdddbc3f2bb33e5b8570209c0d0c6bca7d4306b9fbc7935b40d7f981ee2bc6

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
55KB

MD5
03e89799f65c5d768777d9ce0d1a566e

SHA1
1f9c5f9cd8ae892c6e86324a1ecc7b5f445da987

SHA256
07ffcc86005854e50430382deb5d668abaa00dc78af20c384928278e7b695737

SHA512
f5122f6a1ef5c6bd5adaee965c80f4b60d243ca0eb83f4bb90e2dbc2b5ecfeb61dc46cd2434c316276ae44dbc2ac474c3ceca7083934eeaeee730796f3247c5c

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
51KB

MD5
10989efb2d009f2a0b5fb793fe65a2d2

SHA1
e2d4c934dbbe2072bf0cd496edede9fd986d0325

SHA256
ec926640edddfa7a503aeed8cf55e5a96565528b70f8110f02469a3667c7cd91

SHA512
4ce5e3eecbc68bb6febacb515eaa194159b2e38012c0dd0b94d60fa6b22e85554a7a55a913cb5526bf4dd5a8d73637216a5f79cbb12033dc720be772345741fa

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
59KB

MD5
14be43c5e36ff2241a15dbaf4604aeb1

SHA1
55d5e598a5c4f14362468c5c61501c9758acd5fa

SHA256
3424ae37fe79c9e5c589fd80d8529648f597584ba524f751e08d89e2322430f6

SHA512
9a1c45f0874f27cbf64ecab291bc7b9856826acc558471e4940c9dca73750b2e883fcf54a2a5da23cb99aa1901a3c58f3e54203b2c5fc5ab0918769c8b7e6dac

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
59KB

MD5
4b3b067006c0c1df7d7d7cf681baa505

SHA1
4d2baff10926384b84db78726533494fb6a09055

SHA256
5a7981d00f92f5999763c63513c59f7f8ebc77b9d6876baddba786ec6ae72d83

SHA512
982b9671646dd302b30e782563ac9417e4e7642e13a7a5c2bbf4a63711a4b3596e7bf5789bb819670c4e922c988263414011fc60a056e878f04e04d0839aed42

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
60KB

MD5
1cf3c16778dbcadc1729364121268c4a

SHA1
d5ffaf205bf8615a2675da116ed61fa6cdeb71f8

SHA256
19fd4990412b330ee895af5289508708849a69570ae70af1f4bb21bdc2a43c3c

SHA512
bd64547881e829d79774777b59c798191d1a237e924de9d83c0fc9cb75855f7bfb14eb18302d0b1a77d161def0a96f35c32245a440c28afd851ab031a3da9405

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
62KB

MD5
671ed4cb0b4f425cfbe3108f5835024d

SHA1
22a92403462dedd57ccdeec09ca6d7cb636bb4b5

SHA256
506eced73ee656571616d0846b027625a7edaca1d15d6ad6f98d36448895301a

SHA512
21e7bdb0b39686d2069c6c5537f4178e370a982ecc7df8922cccfaaa05a60c93335543df1c0bdb47ae1d5cee8c77e03318eab4b6c6f3bfd4762ee31bf7e8f4ca

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
53KB

MD5
0237a28db35d0419f4ce6f1a53f9dd0a

SHA1
05193e399c624710411404fea2eb6a651c3df11b

SHA256
3468602576be49e83d19baf5a0e9be2a579342d8a07737cf9f373d7dd752dfc2

SHA512
31b4fe60b2522438199f31e097d3a53eb2dc7ae361a966727cbbbd9ac6c1a84678b0378121eaa8f2c21d8c4f0129e523ac37c6175be7a8894fe277ac0e5eeb74

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
58KB

MD5
14c23035fd049dc0a9435b2be54a9807

SHA1
d5fc2898abc61b82ec81e1b100be23ce7983d107

SHA256
9e3e95f3d5a21b74136ea6684cee01253c4874a29f6ca88a1f9161ef840bd489

SHA512
4bc5dbaee85869f5c8879b3b90cc77fe07c153780d1dfbdffbac16e8bd487f8614e97adda3bb763f13a66cee2c28d6a30cc90eaa06c5355241751e3f11452257

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
50KB

MD5
2bee3cfe9a5f2f169c6a041ee55d17d1

SHA1
64a861269f5eae6011dad29abbbc3799ce408905

SHA256
700a73ac5551bc8c1a7d13e8e03b20f7428088e1826be64adb053bfafd0c63c2

SHA512
628b6947871449b94734c9367b4eb8a1d938074a24ba5c339470da811119a4993f97f915d4214b80f95b9dc9abcd667eba389db66d491d64dddf10ee822748d9

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
54KB

MD5
2845f8707da259a7c4bb8d632ec70cc8

SHA1
0cc30f79d09617c00a2b76609643e03ab19ec1bb

SHA256
6b66d6624e16ad091e8f2c8272639231b5de6761740bb1cecc6d7099de354376

SHA512
ae58ffe1d54650c6e767699c0726de7882cfa77503ac22936f4234a91cad8bb1df3fbc1325160778124ee7287c67540629ca886fdd5678ae01da6173dc875279

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
62KB

MD5
fed75312f56a259aa63f425bbe17d8f2

SHA1
b01ddc0041a2cf65fa917dbb0c0ccca0bac314f2

SHA256
f87c9c9e4b386842bb982b1a13c4488fbb5a15dbd66baff1d2acc564580be389

SHA512
0a5124a5dbe094bbfa5c37dae1827c72ce6f2f394f8701265dab7791ee360b312f1eb10c7afff9dbeb11536b658b30e80ff041fa07a28ff35360287a11fbeb79

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
53KB

MD5
eace3274bb5ada79ca84c17faa79fe6e

SHA1
6f179a8b7e8df4a9df0e811f875a6ab1f29b37cb

SHA256
d3229c6d9de192dcb60592971db15ab175ff0e35812945f45ff4882dde53e8e8

SHA512
4a96eca2a9449df5a35933fe1b924723ee00ad346f9c4beb3a85f9d95ff0022806e84b3ba3978dfc2c95bd9f567a7bdcaea8dbf935f88e8415cb36391441e2c0

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
53KB

MD5
a10c61c83e6f0174e43b4a44ac867aca

SHA1
7477a1f17387369160794d4c521f135ef0b6c1ea

SHA256
140932a62cd4f8f29cd56f65b89b345c86bde21bb6f893df0ed13d95871df99a

SHA512
5738127aa2c7d5462ab134e0a34041fc046d7e945f810f9bce8c4c827aa8f13462094dfa8697b1875f3f8f61f9330d9bc6020d64093054a632ce1fd696ed6497

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
52KB

MD5
4c8e04d226fc1e036074be1d5d03fc86

SHA1
6876ccf972c8f1547537a07e37a181a2046f0d51

SHA256
8f86d366e78dc352821261a24cff946d3fb37dbdaff89992b424d944b4a750d1

SHA512
da868a54589e7ffe4310850453d663b0e3c8cb23e4b9f5b139e94cedc85a62df9ef3f8b1dcbfe22c8b9b81d17da660493b106076eabbacceb62ae105a2274745

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
54KB

MD5
6048c39313a204593dbe159c52d93f94

SHA1
041138bf6e7c20bad6224ffdef630c9b0bcbe330

SHA256
825f9bd9282803e0058370e5b5ab00b31d89737dd4084125fee393b827d57256

SHA512
19431ed553676236eafd271c4b117de9266a36b1ef0f5d9086ff3c4f09bf00737bed35ddfce26e34050112ca632d60973027f2e27296b2a791d32cd4d4064e9a

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
55KB

MD5
0f503322565a8aa794156d33b77a08e2

SHA1
54642b0bef8c5ba1dc517d358eb2ef8743ed447c

SHA256
5b596ed6e5bd8898250d69aa8da87c285113af4fcc9fa03649ba2b42fb559c56

SHA512
bd2a7cdc73a2ed62830d7a90c4f37630a1bd7687a24e26b7cda2a4f36130cfb98cda2503ceea37f466ae1917b3cbe84234b6279b9391374e45977520c974e4d0

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
61KB

MD5
690493ca85e978b47907510cfd5c0e62

SHA1
90588538c563cbf80dcc74fbdeff62934e4ce597

SHA256
6074e34505dae13f755926c95ddcf6b999938ed6e8ced6fd7a2896c2510af3ce

SHA512
d447a1790d167fd9ce6b18b5f9ca9bb212afa2473104f004fc001f1199ce4b7b332765900d6dba616d4e9c2bfd8f647362bf211150601762c6f1ebe0a7b17f6b

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
56KB

MD5
e6d9ad755517cb47edac05c15a9328e9

SHA1
f9c324ebade987e09fbbe8a6051006afb78bfe33

SHA256
ed846a85ebe3930f98f5ce28afd40f2576fe2d84f892b98391b2e6b52fef9d7d

SHA512
9b93e626cb965debb3779a38261dcbd469112e560a5c93c03394f6c57e3610a7ed7879d8c13bd9337fc39b87bcb2a5ca54bbb4c21cf6323e3d85f0d7b5256e4b

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
52KB

MD5
00abf12fb86a3487563965da1d4b8460

SHA1
5b6503d6034e1144145a1e1f6c203111d697d6d2

SHA256
40d1b74d39401c6c167dfb537f51e2ffc7bdd4239fd854b4964ac4ae2d944aec

SHA512
29b018733e89e685b032a84ccc6b666fa1d5ddd6d5b1a52dcecc3a6884b661b2cc1b965f7294135eb134aaa5d914db805420ab010b53b65f8eb9dbe7de468424

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
48KB

MD5
188827fb1583fe6e812c486dde7d307d

SHA1
eb3e7b00450abf842a1a365f1a4681054cdb8154

SHA256
6e784e974d87452c9bf259695f74a6e1e903131bb1838f13d7e26519dba97231

SHA512
193ca5e249a208708ef1efea4bba28b5d376f9792d2a788ee3782355bbb99a57dfae1968068f8820c26aeeb226bff4be31d5f700dd1a021b916eb07765535d85

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
65KB

MD5
634ef18699611e9c6a4e96d886ebcbe8

SHA1
8e3488f3ce19dff90d4ee4b965f1c3fbb8544e64

SHA256
2aa60a079dd8810448d57267bdd18521345867c852c3c960063323c31547b048

SHA512
fd205906e480489a8f03f726c18fe494f93f95b84ecb3943842518e94fe58266a96f29335b559e3f92efe7123a4c98fc82adf9b8d644e882820ca5b1b1faac63

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
65KB

MD5
1fe5729f2bd55e23bf66eeddbd16f15e

SHA1
0c2e5fb5172ecc366410b2bf6e625e23e65ce24f

SHA256
5046be514c0249642115b61caf351acc4ecd4d3af70a6daaa9a20cf396bf0692

SHA512
736913d773bef976f7f535d440c8e8979345d09545f483be9a703e6a2b73a470b5a292e572ddd2730d0e8cd42dbaf19ecaa75cf40f75894bc9c9152df8fa3353

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
65KB

MD5
319a65801e4b7c9b6e338ae725960c81

SHA1
0fd8eef14dde7cd75c9a4f74416c2b78073ec4de

SHA256
228e22b922643adf4c6dc80641885e80ac032dbd8e855d43abdba682aebbdec9

SHA512
ca892e9d1d170ad7bcd1eba48ab2851fd46bd7f0a0095145d319559f10a44fa99c978031ce4ba00716b87bdb1cabe8683f1125514d1e80c1c33904fbdbc8c28e

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
54KB

MD5
c53238d5dccaa7f7789f9c305311d062

SHA1
3daba4fcf92ba8e0b56d5da736a47ee372de5522

SHA256
79ef3bfe6ec0fa2432d0ccb39da759c5027481fb9bc76e97e1cb0b97bab0ba92

SHA512
38305582a92c4eeb6fef3475de86951986194283d82897757e6e1fa839d7be2849d1756fd4d29355f215207230427b78bebfe63c6e9ed9b8335165dc024a98cb

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
59KB

MD5
9677c3adc5bc65f292b2576d0c451bb0

SHA1
8a51198d5595a3032e9cf9de2280988c467228a5

SHA256
1a47f9a8a60bcf268f45fce0188541700f5c641889971df3b264455fb4d63622

SHA512
a4487949c61bf20ef12d1799d0db08a044f88fd25488092842345586849d9d9e63f575fe64e81048565191c091b64d2ef00f796ad7dc54fd84d5f2469a4e7ee8

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
54KB

MD5
ca4b5c6411223d3c8aaf93f791a07f39

SHA1
c9725d792a52b2562d3dbf733b6a9b394c3e53ea

SHA256
319093d1a66b1d2f47cae70a1dedafc2329ebb8fe6fe61e5b95f7875f1339186

SHA512
abd4e667fca5a518f383741c9fa4f54f6f87ca7184136167ae3e35d12f12229182bbac9c70664234645e52f52133e31e255b4545c19f780c4a8ed45708fa4223

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
55KB

MD5
2c37a3c991b9bc5ccd15bc2b9331814f

SHA1
f4b6343ddb116a75b1c9a45a32bb59b87048b612

SHA256
1aec5d9b1cd7d77e8022c9694212dc92c455eba113122c8faeb07cab8f0c8f9f

SHA512
0ab6e81fcf45d94f6ea78a0975d9388d2f20f6dfc2b6d7be6e5a946d2ba371a46c1bab603bb142cc54b2338126693a7783bb26b5404e1a3b6cc30272e60ef0e8

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
54KB

MD5
5ffe90e54bbd4060f88b0b3379a8bf2d

SHA1
5711862c31ee1e2b2518decb076166d118c98802

SHA256
12937382c76509e34559e0e2baeeb0f7635035804890fa62f267639f6b972d4b

SHA512
660520f46e4a75a50919b9d1332da3c067269f7e3eaaad4365027e8fc8dfd21a5dec0f7b586e4a4ee24cb91a6477fa9001a384b4e02cc87490507b6e75b36e87

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
55KB

MD5
334ecd74d6a22a76abd498e62ee50055

SHA1
7d7a8b7802ce41849d63725e6242062895a760e9

SHA256
487548dc8c8e7b4a21ba5209970c84b553b3364da85f409a62cbe21652bdf39c

SHA512
48fd4d258db7ef6e83bd453477884d97de6d512cbf18d8fddcfd782f6889876a883192114de8d239051e71d5d1cf4178d4aa6ba58739b3de918d8456168c8afd

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
57KB

MD5
3a1e4744820048a490984cf2807d6e07

SHA1
ef62d031d0527d9b328a1f6e303c89bd9d6b65b6

SHA256
9c95a169a764ba3e8d85171c62840cd11b02130cd39bd5ec1cef7d92917b2bc5

SHA512
fac2b5e3b6833af87de8d2dd4bc3967779b727e5b8fc2cfc275b2ffbea810e70490b0642e75cafccc86901f63a6e22948d3e57cc4933ca5f0c9245232b7a5a03

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
65KB

MD5
3e3ac8d247fc29cf6ef0cb9c34efc0fa

SHA1
1bbcaa861efd8ac0ef873a13a7c919199e26504a

SHA256
4597a0f9d0383d799d6ddfa65d02396414977fe1f826a768b9cc7b738a2fe6fe

SHA512
2bb5a9066f05332d82a6d85cf26b6ea47d6e4cf9a035d12640a64956d10ec4476b5bf8f36217bd976e99eeedbad3261171a756f68b5193cea768d35da11beeb8

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
56KB

MD5
b6f27a7f6e3abbcab7381a3bc82f10f8

SHA1
da737dba82f3033fd6b8a0cc74535f0a92b6b9c4

SHA256
3925beaedfe9b612757394888c075f9b5e7eb62d7d2b85cb20639d70a831a5df

SHA512
a4556c38364caea1953843fccc8a855780dacb3827af50c977007fded93a70c2dde900a172bbccc503871306dac6515adc26e4cb79e8771b9f60e43a4b9b47a5

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
58KB

MD5
859d61edbb663132b06ffb734f98df85

SHA1
68d91d3d44398f593f9b331c04c02320ff71ea8a

SHA256
90212e55ce55a9e92a478f4785456f9359955278540d1fd32b5f852ac7e33239

SHA512
ef88a83040c958412e1b316774ffb7616a3efa00f2c5a31cbcd1cb49ecd4d9924e67cb38808732bf1fecfd807cd85d88a21743c0bf0f7eda146cf5dfbad76ae4

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
48KB

MD5
d4f556f527fe38e14010824368c6789a

SHA1
d5f7544cc78e743004edf37164f3db50dde16dc7

SHA256
100368dfcb850a3cdda6dea5a28099cfe4637faee2d00344fc0dff68937bc847

SHA512
401af7b391ef6d40ed9ef43f6d5a2bf81cc37ea08a7917159c9223e4b897b430729c8b616586b16f6f651f87efe3f2826a527502439149177574f9f992a09720

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
51KB

MD5
6f8519d962d0bdb161cee49293bcd3c1

SHA1
0b75185886b4698e9d631a0b9201c231f813b642

SHA256
d9063037a037cb1070d98156b6edc6454100ddae212c1ee89d61479a169e9e01

SHA512
9bdda544917ac735987cf150eb00057032b7ae93ee86d7b58afbf18856a96316c538d842eb5f29d2043556230d60ceb617295b32af6e417fd441025f52b849ff

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
56KB

MD5
e1fb6da043a775936935fbe279603902

SHA1
a03fd308529e81618f4080fa51f3283d69e86fac

SHA256
f524174d41cd9da6335eab16c1cde9e5f264349083e91088a6dc4b2264c0bef3

SHA512
88c31bcf423882656ce72db28b7f2f1389123ef5cb396fd6cc5ae07d69f36836c1dd9104e7ed3010b4f01a97cef20119b30deb253c88c5467475aee9ecafccb7

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
69KB

MD5
3937209f7ff50e1beef5d8ca66ce565a

SHA1
22544385b816307ab6770ec4d2809f4fe5740588

SHA256
cb98fdb008d740c1eecdb0ec143b43b9c53437d3f3d347b71512aff391e5bebb

SHA512
6fe966d891a0373c6e6c32183adf551f0df8f84701840bfb955a4f2af2bd3e525dd5b4bdcd64e8a978370246759f2fedefc5f468c890e48a47739d8b8dd4f12c

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
50KB

MD5
65752f9eb3875e1a63158a3c87bda4f5

SHA1
9770c5dc60293fd9aabf950b21127c8fa23f18ea

SHA256
790cc560492b7a5b6817dd23dc3f9d561edca97dd00179b372e3964915561b2a

SHA512
c9615090bbf28090f2eca833cc421d6fe695ca5f080eb93dcf443252ce428fba276f78dff8c1dd9f81aeebce5b2e904d9935845977ef28cbcb628a4cdc2c06ea

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
54KB

MD5
1cad706b60827d8259c9051970f5e16d

SHA1
e821dffcbef1e899d3e62a5c875b4206e6a69228

SHA256
931c7b352cd769211d1decbcf7457285f904cce79461406bc3424432d6089195

SHA512
57a8ec167b0086d4098b62147a49a0b3a39ddda10c1df58a3ef153a430c45a79430190960d89f1cc6320a7263493ec62498a8791e57a4e592e92b975b9a1b928

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
48KB

MD5
b37c123e0168a3ed77e1e0dcd6e267a4

SHA1
f46bfdee6e2edcf8d33f7b8eb6c0fe514654cd70

SHA256
c6f2fdc46f09a9af574621e9f96928a7465dc00cc6339f32ae9324a90ea8930c

SHA512
a682b5411bc3c6653cef8dc7fff720898681a86b3cda3d720acea814f5f927711b5e0c444bfb142f4ff542815bd5a4a9814d9a1204782aed7799260aa43d294e

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
62KB

MD5
85ae452b5d82029aaa89bc04d0c45de5

SHA1
f2c640ac5e882399ebf79fb53f21927f2192c541

SHA256
f1ad84e8cdd1490c106fbaf7c3e08dcb3969ed8ae21b53e88d1aff282f1b2a0c

SHA512
7a1abeec6439ead6dc0efbe06715f61afb562c6d657e962001e4d5aa656cae4c8713b0249bf2adc845296682982006662aff823d8023f27fb884271c7c0571d2

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
48KB

MD5
8d005573475e389ebc9b26bae97fea1e

SHA1
b5405156cab90f1c5735d52d78126d7bcbc843a3

SHA256
8d3e74e2846fe8b7441aa7a49e956a6dbdf6855f15b46bddaa712517e9684b82

SHA512
5c60a4f87b9574f73fe9b015b52eaf043051c9252bc2f27c664455e97bad0289974af00c4078fc902c0e602a11637c5f772ba5c554d638f051a562cbe599fb00

Download Submit
C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp

Filesize
55KB

MD5
d83a65ad3e26a7a4a47ca19f359c99a9

SHA1
571c9dd560b2b6283a019595653a72443ca9a8b6

SHA256
ed0447a9880cb52c252feba9ab4cd57ea8277ea9fc20cbb09a6e505ae4beefc3

SHA512
4a47b60bfd3991b1a61b760db23a22aaf1b351beea822f91e2eeabb67a71ce35891c75c6db872dfaef11524ad5ff5653fc30b98fe1d1d6dc4d223681511ebb08

Download Submit
C:\Users\Admin\AppData\Local\Temp\_Task Manager.lnk.exe

Filesize
48KB

MD5
41cc591eebcdb8b677570f0294151b88

SHA1
8a400283bb2dfa34deae3b4ab3df9a92c8962a8a

SHA256
5ccd3c71d79a0e080429b7243f36c54b65f4c33a40315929641448290cdb3845

SHA512
58cacebc05e8ff961c9e510afaf267d1658d69ddfa479effa5d397f10c238ede25bb7a573d2664116865328612e0eeaf3a74c103c76db8aa07a081b64eeffbad

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
45KB

MD5
e754b0e1aceb4e57e28a76f8cba7a319

SHA1
ae807a9e615d8bdc4d0f826a64e2765579b4d724

SHA256
f6fe98abea4d53a375e26844e2092a678224f5e14aa39b59864cc9fbb38d67c2

SHA512
53c4fd737bbf2e7f6a362f497aa7738c4b677888adb865dbf63d61c8addd54ea6da343fefca5d523aa163aaf24f1326d4f4105b28c300e05fe1438822bdd62cf

Download Submit