9bc0d7af7108a6ca4069ce3774ccfab3b7ddd5f435d4106b85b4f6a06de0f28c

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 01:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9bc0d7af7108a6ca4069ce3774ccfab3b7ddd5f435d4106b85b4f6a06de0f28c.exe
Size

161KB
MD5

0a7050f4d7c4c91f943bade2538bcc70
SHA1

e2c5a03ad6e93e5180a21747125b418f4fdf809e
SHA256

9bc0d7af7108a6ca4069ce3774ccfab3b7ddd5f435d4106b85b4f6a06de0f28c
SHA512

d14b557e249307a0c099426c7c03755914e7113ae320b37c39d24b7c91478f246c2a640fe1876b68fc8739c1959b2456acc6fd5575bbdcb62b2e8a4a0730ed2c
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBq:PqFF2Ie+e1qL1qFF2Ie+e1qLf

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5046) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Executes dropped EXE 2 IoCs

Processes:

Zombie.exe_desktop.ini.exe

pid process

1156 Zombie.exe
656 _desktop.ini.exe

pid	process
1156	Zombie.exe
656	_desktop.ini.exe

Drops file in System32 directory 2 IoCs

Processes:

9bc0d7af7108a6ca4069ce3774ccfab3b7ddd5f435d4106b85b4f6a06de0f28c.exe

description	ioc	process
File created	C:\Windows\SysWOW64\Zombie.exe	9bc0d7af7108a6ca4069ce3774ccfab3b7ddd5f435d4106b85b4f6a06de0f28c.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	9bc0d7af7108a6ca4069ce3774ccfab3b7ddd5f435d4106b85b4f6a06de0f28c.exe

Drops file in Program Files directory 64 IoCs

Processes:

Zombie.exe_desktop.ini.exe

description	ioc	process
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.SapClient.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\SQLENGINEMESSAGES.XML.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-pl.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.CodePages.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\wpfgfx_cor3.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\US_export_policy.jar.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Inset.eftx.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-80.png.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Primitives.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\ReachFramework.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Controls.Ribbon.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-80.png.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClient.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ur.pak.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\AdHocReportingExcelClient.dll.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_K_COL.HXK.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MEDIA\COIN.WAV.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\OFFSYMSB.TTF.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.Forms.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Xaml.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\javaws.policy.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.NonGeneric.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\accessibility.properties.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\index.win32.bundle.map.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.ProtectedData.dll.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\bg.pak.tmp	_desktop.ini.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\nl.pak.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.reportviewer.winforms.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemData.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\lcms.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.UnmanagedMemoryStream.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINDATAPROVIDER.DLL.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.deps.json.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_WHATSNEW.XML.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\DocumentFormat.OpenXml.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Common.dll.tmp	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

9bc0d7af7108a6ca4069ce3774ccfab3b7ddd5f435d4106b85b4f6a06de0f28c.exe

description	pid	process	target process
PID 3228 wrote to memory of 1156	3228	9bc0d7af7108a6ca4069ce3774ccfab3b7ddd5f435d4106b85b4f6a06de0f28c.exe	Zombie.exe
PID 3228 wrote to memory of 1156	3228	9bc0d7af7108a6ca4069ce3774ccfab3b7ddd5f435d4106b85b4f6a06de0f28c.exe	Zombie.exe
PID 3228 wrote to memory of 1156	3228	9bc0d7af7108a6ca4069ce3774ccfab3b7ddd5f435d4106b85b4f6a06de0f28c.exe	Zombie.exe
PID 3228 wrote to memory of 656	3228	9bc0d7af7108a6ca4069ce3774ccfab3b7ddd5f435d4106b85b4f6a06de0f28c.exe	_desktop.ini.exe
PID 3228 wrote to memory of 656	3228	9bc0d7af7108a6ca4069ce3774ccfab3b7ddd5f435d4106b85b4f6a06de0f28c.exe	_desktop.ini.exe
PID 3228 wrote to memory of 656	3228	9bc0d7af7108a6ca4069ce3774ccfab3b7ddd5f435d4106b85b4f6a06de0f28c.exe	_desktop.ini.exe

C:\Users\Admin\AppData\Local\Temp\9bc0d7af7108a6ca4069ce3774ccfab3b7ddd5f435d4106b85b4f6a06de0f28c.exe
"C:\Users\Admin\AppData\Local\Temp\9bc0d7af7108a6ca4069ce3774ccfab3b7ddd5f435d4106b85b4f6a06de0f28c.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3228

C:\Windows\SysWOW64\Zombie.exe
"C:\Windows\system32\Zombie.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1156

C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
"_desktop.ini.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.exe.tmp
Filesize
161KB

MD5
eaec84731715b3a5c15bc5dee640770b

SHA1
f4baa48c71477c7606f6d4f901e013b92fb99d75

SHA256
8c81b53168a4b7aea7f3a7121d5a767032758bc00ed54c2ddfacad27f07ddec1

SHA512
df9cd92ae14365f0c8d7660532fccb8805e65b1d742511eb7c361fad72434791852cf11f6d0600a396aa617207a8587dc6a2aea0104fff17871898fd609af883

Download Submit
C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp
Filesize
81KB

MD5
67021767f557efe2e01df7c7d277e945

SHA1
5092387329b83499b15d4a7d790aa0b0b1116753

SHA256
249ce099fe13c0bf45f40190d34d7ac44d2eaad257d729f5a47dbdfb821618b4

SHA512
a0e45ace7ee3b7ed3cadae5d7c21549cbc76e9f3ad2e69b2105ffc5823423a20988c42bf39839a9fcdda3bf19f759e52e29450d214a1df116d55d6cf2703347c

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe
Filesize
193KB

MD5
4ce145460be75abd301a009f2be26e2a

SHA1
ace80b81f4f30e48034f873db1bbef19db758c56

SHA256
9b8fcbd17f9ad832cff85204be44a4635c9267c9b154c0ecbba6e4469fde783f

SHA512
ea857908240924cffa4ffea38e67255d98a2180e51e8b12dbf3dc19f4876a8874884bd3b213692bc772e8f12a85022975499db3536cd2944efd507c81f595a87

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe
Filesize
180KB

MD5
a08d3ec2f5e5d87084aaa6f750c70572

SHA1
d346e8e281f10dfaf569d282f8e2ec93822defbf

SHA256
dd4929521dc9d10c9bcf5e18d5e42591e8de3faefad375c1efd927de8c178eb9

SHA512
480f6becd5aa4aa4ad38547909b115749d00ee0353b7793538c1eb9b6af6aa28900081475f2491bad1967956a9b14916e55044f53dd17d149aaf05debea0c580

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp
Filesize
1.8MB

MD5
7307e30b29f306c70b25992ef73590c9

SHA1
f0a298e8543d7645109cef3eab7964589295d83c

SHA256
f88cd6535d0b3f04139dd77a9703259c947bd91bbbb8614180e8287c35b89fb3

SHA512
4bec510ed1080e54a2d63846e42713febbef8c0dc5ba723c3ea2cdc36f81d8df9f754357efc79f8fb06d92ba626a35ddce5e26ee779dd82a7c39b9bd549b5f18

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp
Filesize
1.8MB

MD5
f55d9533870ab20f03a7699ecdbaf9a1

SHA1
0625acd51a0f20a67d954092c5a2eab6225d5167

SHA256
362cd9ed89408011a8b07a239ccb5423d6f890a57ca17a89ff640c19d73bb113

SHA512
1e91ae896552f21574acbf5b871e3315852fa17aca1889aafc03b25a91f5b583278218d447602d6d82ee361c9bfb337473cf91919942b252975f008b62b21d60

Download Submit
C:\Program Files\7-Zip\7z.exe
Filesize
624KB

MD5
a64aa2a19f5e448e1777258377e7003b

SHA1
3f33b4268d543837f1860a112d04952d39f94b8c

SHA256
4b55c932880f2a3661268d35207b60fd4f5cafdebe521f3210c5299465fc2d90

SHA512
0de235a95757970aca59141e474f89b2dba0459e3a93270e493002b9f502c3185f4140f027fe679449a43090fb62d8d334351119f579b608b9b83a85de01aa16

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp
Filesize
290KB

MD5
62c780be1bf37bb964613412d43548d2

SHA1
ea1499ade7f351e9352662c017e2965408b616f6

SHA256
6460f9a45d55b1bf3f05c924bec0f6e2d37f32717f3701e6b13ea63179d43db7

SHA512
e4df6f2ab584ea51c3137bdf5088047ef3fc134ecb5e997709fcff8d2458285fa61cb43ac0564a828b8943f805d8beada82cf06ad3c47164ce6370c465ea322e

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp
Filesize
269KB

MD5
fc0763e0ba506a7a075b2561344aeecd

SHA1
3b74957d84ee178c1c4b3ab183939f117d7f4040

SHA256
e5b618fd6acad28f47f683297ea337162a8200214e059404add39f51e87b2c1c

SHA512
c680e29418adfadae0fd0684ee7f81e200666cc81825df1c8c9bfa0ab059829107decd9cb98bc78e4776b1b788152cc86c211e8ed46382e47e0ee50ae2074ca4

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp
Filesize
1011KB

MD5
c2c3ac2aca9d884bb9912f58fbe785e4

SHA1
ddad772ffde61d033958fe0fde56ec617134e13a

SHA256
5da1276211dc59d8f1142e4f0421c26abffda648ef0ad26fa342ee6fd41f0bf6

SHA512
128a38f0c418c3c2f3799fcbb387ed8409f9c6dec81df97a00d08da9984ed035cf2090b614dd5b0791c33cd04dd433f399d7862da4589150ccbe2485eb726ab9

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp
Filesize
764KB

MD5
4d652b61987fd153b363e5f88ba72858

SHA1
138a06a81549e7d3f1fda612414f633643ff8980

SHA256
c8af8dcbccb72a382dd57d35b0b84f8b6f46f9e2206890b9f42aa74c3aea8979

SHA512
9b9a30d14c84d942f48cc4c59be62e0a41cf13dcb2161d1ea13105bafdaa4394cbfd6ea700012960d16239f217708e9b271899c597632499eebef2161fedd211

Download Submit
C:\Program Files\7-Zip\History.txt.tmp
Filesize
137KB

MD5
17ad0ffb1295a294f9f18cbcb154c3d8

SHA1
74d5475fafde09913c9bedef40382c6e7379dfb0

SHA256
b8022d7fa8ad41ae04184524062ab71ad11a2a243dc0c5e7d75e6593353552ec

SHA512
bb82c45c38c400eb9c1b36d127d1a4dceca77f3a287436c427c0d1f1ef9c0d0466ec7cc0e6bc03af7ce89d8e19ee009135e7b4d87e64cc828387837cc68329f3

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp
Filesize
87KB

MD5
305498063f1164ce7c3460655291e0a0

SHA1
a0fd23881255c0f248114d12b4cde6af5138f420

SHA256
9bfc95223bfedc3f40ed0e5b6944eed932214ba918317439ff3ee8d05a1019a7

SHA512
09401ccf4160758f4c082de12bdc25bee8d567e2c54444c4d0be5490799b44e65c42c394f897b3fb455d78e06a4e84205df7a470b3ac26f4c9512b004a83e05a

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp
Filesize
85KB

MD5
9e72620cdc65b92c97b6e4f96d330658

SHA1
76d19b83c45fb32f3e933abdc5248d374d324371

SHA256
09dafbc8ab754282b1000fbc139b0f10df1787bf460b7df0c3f120e3928fe0c0

SHA512
4a150ff9823cf7b0b3b67df36fbba259510bf8e2c656567eefa2fb2e0cc47822f7172ae4e25bb08a50433bc311c823e01607a0f5f026b7ac5a9854a9de595401

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp
Filesize
90KB

MD5
10639ccc877996f64929eaf69f93f37b

SHA1
3ce2616d18856a3ff926e647a79031bad2e5dd0c

SHA256
ba95cb14dd3a6d2c600bc132dac3994d0c893fc20970666b261cf5da39c075e8

SHA512
9af3fb62f2f674368ea1be5dd17517605f871030badc93cd7017fb55eed10cfdbb3f1b8f1345295c181945ac190fa83cbd1ed0bbaad8c96ca93147047b7ef895

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp
Filesize
92KB

MD5
41fbb3c4c269458dcaaae3d257b33dd0

SHA1
0a2cf239cbdb0b7dd93c43381785a2ed50424d1d

SHA256
9c89358aac737409fff6f4b282fb83f376ef1082778c433f2475b679f7b9323b

SHA512
4da0c52e854cb059962e97e5d004bf9bc59c88c02684eb9194ba43410ab178a5a001403f9edf369bc0dd99999a9d05d1094178fc39e3f3a859feae2cf3191d5c

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp
Filesize
80KB

MD5
a4a9481368d12d1c6f48f5139fd5f37f

SHA1
36ca6cdf658a92c86bfb68b4380c9bbdf68a3aa7

SHA256
708a12bb25803a58e8eac2e7e70fd30b040ea2691c2b6d67fc9f9704e5b9a8b3

SHA512
72586dc323cf84748798af80c5e7de1530195852632aa509d06a774a7214c470d8518e57e5c0543e45927420879b76a89b1965f7d07399a588bdcd20187ad28c

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp
Filesize
94KB

MD5
f10d03bd1385c6c3332a777644a1f255

SHA1
b10e52d0c2b46d51a36ae04f005e845a6dea5c33

SHA256
640bf04bc795af196a81a31b17aa21cc51db35495ec2c06e88bc35b8ee5d1175

SHA512
227f95d9399d07b2f0360be6ffddd380ac88f4c8631213c996d129e862d4c4b957360c0427e3d8c74bc9eedc06753b42725206cad4073d863b5f504d86ceb8d7

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp
Filesize
86KB

MD5
6f62898fccafc6d3041fd2b736219bb5

SHA1
6f04d00b8bce3c096e3c6f50d2cb4add6535576d

SHA256
c69d9f32581fbdce60913446682acf38dcb2c65aa3c74340a715f9b849e26ecb

SHA512
08179418bf52850b8d57a1d25c8ffc177380ac7df4a5abed138dcc7888c72bef3ad5a070822862ee9101ab6e3eac509b82eae487ed1ad6018b766abef22f7913

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp
Filesize
91KB

MD5
7c1e2019a1885911bc855df844edfb76

SHA1
8d6c39c40362e2fb3174ffa040932cff791e9bfd

SHA256
e43716a0ad2ff29dc719f764d4862086ca4cf3a2032182480b9b2bf1fb7310f6

SHA512
0a6a647f9c7e8fd0c32d7ef923db8d7b3283b0271ecbea03f694d5d182d2ac196484bd826c653d811eb7f813dd073709e7eb9a547504a645498339d8a5bf90bc

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp
Filesize
89KB

MD5
e3f3235d63fce207a80f29cfa92cd7b7

SHA1
fb2b3e53f121b65f2bfc72541968ab851d735ae3

SHA256
b662ae65d6d3b565a2ce96f134acdbfbd041471df97d3965f2573e77b773be59

SHA512
7826375061b72c2ff28910ec58d6bcd187e7eadc38b5cc0ce718a8026fa71685219b9758d1a5358c234f569d27cbeb8559b65dd4d9c25ed3ff50d6ca1a21fa2f

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp
Filesize
97KB

MD5
6dd74d9b2cd6569c9c20f40f38f56d1f

SHA1
6b1053f8733dabbbc0d2d8d88012f6407746dc7e

SHA256
96dc8beb0d334a10a89afb72bf34a7510c3d3659c88d40c14d935d6d9d80bbd4

SHA512
ccbedf108f22e29739633bfef023b7f6b60424473e072911520901835da2cf9bb1b8f30c20f64e209d46ebd6226dccc8d5ea4840fd9e84677842b10f1e018488

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp
Filesize
86KB

MD5
1ffea2357a79d4e83409e21a0481d073

SHA1
a1016a9c1cbaf12089f6570d93f4fdaf6db11ff4

SHA256
5101bc87d9ca2382fbdca83ff723e7d3488cf6da56ad0b9fceb6d9bf1a5cd5af

SHA512
cde6799929ca1420872c9bcbe329bc9337bf6ec8be4ab55e418c375dee2748bfe94b40f90145b7cf62fc084e63a0d0a6f88b0e0f5ada13a46f9d798bd569b28e

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp
Filesize
88KB

MD5
6100f917a22edf39f0aa71e6bb1f0ede

SHA1
2c42e05e68fee7bac056d4869ac341231dd7c569

SHA256
7fd429674459362230405ba1942693740557175a91903bfddcbcec6a0b0f92ba

SHA512
7a71e30d8c58f8361baf4c759c754a7afa659453796594fd1d319f50c233b849c3f06d850740e4d819930e2deb1819c90cff4fbafe6e21fa87ee1f52c8183b41

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp
Filesize
89KB

MD5
e9a41b7748af60b2ee0d36cd50ce033d

SHA1
433b32d7d29af420a4fb69b424170d5a813e8f6b

SHA256
30f2bec1783dab378ff0a27ca2712866cf84e6d2e64144d0328ba7dafcbe9b9e

SHA512
06d5f93f0a4b55aa1b8fe0f85a3770f628623162c71929d424b18da24378abbe56149d40daf938f4b45db918c8b52d28b3a07189299911d4568bb326c4976a56

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp
Filesize
94KB

MD5
6da1ae5a46dab96159909dafbc0c0d1a

SHA1
6b0c78a7060153d6a23cc5a17966bc101cdbdac0

SHA256
8183580f8356f7433b0cd1da8529c1997ebdf9e7b4f9c2f2e065c374f73ca3b9

SHA512
7d34f05b45acee6aaeed7d5c7d65fda8318e8facaad809c6c6123c090fc7a359b941e1571e7cf3641fc72f1b35e1c001fb44b03286f9317997767f57cbafa555

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp
Filesize
90KB

MD5
2a699f7ef1bc217622a5d711e018b57c

SHA1
eb3364e724ca8ad77a8037a6d561a84dd6129a53

SHA256
f296b78d2b38c5da948f35d091511f5cb739d627d26b0d954d83f51ffc7e84f4

SHA512
dc64d416fcd009ad293466ec51fb78b4dfadfa812fcf04734cc2cd5dd0a0489606008c5733420f5a72cf164419dce9634f79940a14a3126adacdc8234892c05f

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp
Filesize
87KB

MD5
7835bbf3b03885e7ca312fd23ca7d3bf

SHA1
42e1c8f09c78e6de8b16bf704d3829e65dedf4f0

SHA256
e0102bb475a63d2995d5d132c74e8c736366371a27906fd3d73b7d9dcf50cbcb

SHA512
9cfae794453ff179edee0c3690d1875a3ec00ea1bdedd2d75ddfcef04b8bb8a87c7585716000e18c6ee0e99fe826163dab974af4c2bc98449cc2e8571479acb7

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp
Filesize
89KB

MD5
4236adb88d2c017e21ae719253ee641e

SHA1
b68c3d14fd13a2e4f40995585d4bd079b2bc8289

SHA256
9f59bc159e13e17dc2827a6da5c3b62c4ed7a87d6388523faf0eea6482812c96

SHA512
5adad77ca0cf458cebeb31e4223511c90fee22c47fe068abe5710e4cc28573a9bb4c835dd715c3b3a2f8b36ca5b396077c5cf9ebb44e7404e50851c67d0981d5

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp
Filesize
89KB

MD5
65e4502a968b1772c974e24aa795fefb

SHA1
1c2e7da9d1fef4e94469c3498ff9cf6e5011a03f

SHA256
112c29521c346aae2af0fcbbe361623fffd727be804bc12dfa50e1d8a67fd655

SHA512
139b4760cbc5bab753f6f6df11117ab46193814c74a1b937e9355bc4c10008c02a454394dcf33cedabc602725673979f4cb7e67e28c524e62a6722058d92fcdd

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp
Filesize
91KB

MD5
b0717591a63625e79b74767d8c9b62fe

SHA1
e067d8549567823169d5e185fee6b303560c0003

SHA256
ad1b911af679625c189e7b899400f1da867da01bda91b3bd348da34506c96b13

SHA512
3f4388fc5d573d714763b8e992de37c35aa6bae7a4dcba55b57f4fa3304c6489983a675e6a782da65f0348fb20809a663858091fc628174f061cbfd77b7b208e

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp
Filesize
95KB

MD5
65a95b6791cff7c5408c1c65c615ac93

SHA1
6117ccbee54a7ed9b99cf7d92bce05fd2fb83755

SHA256
cc302d3da9aa58e55eb5d4336db34f58c3ee48dea5fcebecf0f4e0406ccc9775

SHA512
00d269638c0ca6ba32e986b5b09d630239b2712987eacd844ab3a9b7e8d68d6bb3909e7b16ebfda93df82e93431b423923307669de894116f8f2844782adf107

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp
Filesize
89KB

MD5
dbed71f4c43f2238951a06679866d90c

SHA1
9459e7526f05d9ded4adec620bda15fe4cfe6b82

SHA256
82b58dcee76782edd513c6507f61b4da941d58980e10c530114335fc16bcd5be

SHA512
a50fb8d10c29591599ce54b80d5c05c20fd15625b4bce6550fd9ee3eebbe937ab93f1aec043d8189b5facc9b9043f4cb73b0aa1d86c37c18bdea53b0ed7ac50b

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp
Filesize
89KB

MD5
bd280da7332591e71eb6c5fc0b8b8f39

SHA1
8fa8ed029698f325460486c2841f51f6760ac3c0

SHA256
f3eb17486e181dde00e7c04d63317020b9c2d45ef57184e465b1986f387146bd

SHA512
a8bba5806442a8366310a4b8f2a3ac8227ccc2a6f05004707ff0837bfa0eb4e043659f5b5c00d90aeff8fae766005146993eadd05dd87c2843837c1459b93da6

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp
Filesize
91KB

MD5
ca2b593dcd8e6be7f8b56e2dfb2ffab8

SHA1
a2285983e3832fe44e0932bacfa245c214f7a495

SHA256
3ba6afddd3e7cb1c198ed4f979961ce82ba4eb7057349d9b9672f3ad43ba624d

SHA512
3c3efbf7fc2ce33a1b3b5ce7c0fdb0861253748d68614c8c796fc054a6c22ce9ea454b3a22f583e839b84699f11b038de19caee30b9bdae3026b97a560bb0f1a

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp
Filesize
97KB

MD5
67a22e21885b514497f40846f9f96d24

SHA1
d336866ce6eb359351d3826bc08f2b8ca0547e03

SHA256
6e3a82d072b3f9e1a02be4a0c2bf7e52c5aed65be4c79ecf50da596c2e704708

SHA512
820fe56e139a84d173062f7920db11b90347bc8d6f2afe05217ac6aec1b4aac881a1ece6259b0c352d36e0d430ad8674780e5c7057f47036f323ed97c3250fee

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp
Filesize
91KB

MD5
9e3ff993f12a11cadb5ef7cd05bff86c

SHA1
e048ed77b6b2ed31e075c9c2ce729165ac15bda7

SHA256
9fecee31c6a51cc6c8c3a58129bab6d8fb9d1e194ce7336d228a32dda36b3533

SHA512
855518e82f879dcbbfbc8d85c3ae09a0d63d916a46e94aa323e5cd4278fe1afd6869349fba0370c0152806ca8d37c955d116464937b6385420a8745256c4f4ce

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp
Filesize
92KB

MD5
b43cb507f4226c707c8b868e0a0a4a93

SHA1
40a67e5866293f6b61a6fdf292dcc61b4cdea8ea

SHA256
186e99f73831e98ff7f7f7fbef7e55fc924abb4651a93e9125bed9aefdeb0b41

SHA512
4d1bd95995e8cf11c577de43b7417947723dcc3347b603a18f78babec989ce96c00073ee82f48f94f5e4004a8f9432086308caba7b9e62bdc40e5ce58d0317b6

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp
Filesize
86KB

MD5
8b3027514010e9e8082bdd7d732efcca

SHA1
a3fc56ad3953f9ab67aaaf67badf2340fcd0b2c1

SHA256
82a097ba1d95a7329dd00bbafdf9bc1a1d978e498585fd25c59e9585e52be890

SHA512
9f34a91779fe7d196de1dabef736b930e09cd0112a0012c338a51ebbbaf1c3e8802ed057972362d560a59a96cd9b05d9a3bb870803e9c18eefead8ac986a9db1

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp
Filesize
93KB

MD5
ea54e4daa58d057c575d05b6d6387921

SHA1
9c2f3884af0589c6e6e4efa30e774349e89e981b

SHA256
6e734806d5668a08e2b1603e336474bbf1c7ccd48330a6c087e831c48b590dd3

SHA512
097ed8c5af253eeb7539a2b23868cfcb331cb68268a69547090f615f6adf3c7637f62ed2f7b7db9b0425fc269f9332cd9acbf772ac4721f8c5bd2359a1eed1af

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp
Filesize
88KB

MD5
240dd66f198dd7b17837e0824efa20da

SHA1
21c78d4334d0eeac1fe40d51def13b61ca2285b6

SHA256
fac9a5b3d23cae008f01dbb12f5fe9e4ccaba5a5088467e327da724d6bcf6f21

SHA512
86b1097cd8dc7c8e0d2ba92d1914cdbe631867b4dc3c1a6a46b2d9fe2e890adcf7f4ff9b78ec99c78d85fb7e7420c8d6431bfc17df6ba4c4f1df46d6703b9569

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp
Filesize
80KB

MD5
a5e990e2b5eb6f4bc77f5f3aacf29ea4

SHA1
dcee492f08e48aadd0dadca8bc90c65ec25069cf

SHA256
684e814fa2ca10ddbd05b162d69197299f0746897c7ed51a7f8681de0ac114a3

SHA512
1bd16997fa0d4ac905f4e59faaafb96378a264a78d2524bd5d02021f101f269b70c04a213c887af8e58f5b67d05f43672c5ff4866108a244ee2cc314f495b3b5

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp
Filesize
88KB

MD5
2aa2905a45b78b489f13a618b540ff30

SHA1
a2dc26b3d3b395ee3c570383b34e995a2fa3860b

SHA256
c9eac14aa7a8aaf1305c61a0e81dc7b918059ff5338699c7c144879ed6b1646d

SHA512
50395079fb27ea444433bef7a9524b76d10a2179464286beabb22d247ea93e3d262f6b163c4575fe5886fd7535e069e43daa9edd0fe2536d6f1c960da3aeaf22

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp
Filesize
100KB

MD5
8cf3c1dcaea37d08a1363f0d69f193ab

SHA1
063b21cb36841ff2b2e76cc5d1fd88fce1e4e041

SHA256
6f6dde41ce140f9dbbd1c0a2b65fb74bfcb9f20dd6651eeb592c60de3b0aba50

SHA512
4e93c32590bb09634efdbb41a3af816154a20d79c9ae3ac5f943ee340e3192108a04c20bc328c241e8153d1336c149e1fed16477ee7bd17097617b6bc39d63d1

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp
Filesize
102KB

MD5
bd688d848bf7493d1101ae891498e242

SHA1
87e9827ed8988e51febd67003ab5437e4b08760a

SHA256
d9758c1f868d4d4b9745ba32cc4bbd1962376f64fea435c20453b6619068dc7d

SHA512
3e84d85e409c5ba9a26d65dc52a31c69815e829dece585e47dc5cf1eff519364aafd384b3d40740a8d979bd3af04d4ab393f50f2b6d743b23167241ad14e91cc

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp
Filesize
91KB

MD5
3c8add6414ace5050226f1fc073fda02

SHA1
3020d8774e1974bab30eda86a1f01cd667a2efa6

SHA256
2aca54a44effe42fb9d834822fce972a4f42f89784685aa3ba7589f514b33fbd

SHA512
d90f5a4f786ef7724b3dbe61ba9679a69c00faa150f19a6e6b5f65c66b540cd828d46dca879b0028d96dcb28085195751f47adab764e2ecbf92410f3f190a346

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp
Filesize
80KB

MD5
9b798fddc3b3c9d110e9f14bea5e4b69

SHA1
60759a431c00b41f149fd02532d8b573a3150242

SHA256
25cb9ade10cb8643e38d2816dfb062944d3014bc56f5ed616bec7e6e56901b38

SHA512
c55f0364ce506556d81324168c71df4d787cc04b32fef38b7aae5eb72cdbf6b957370a114c5b2c5faeff4e72160504b9dd2d792276eaa1eb2cbd5becb1cf78da

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp
Filesize
80KB

MD5
63a47265fbff85be883d657d33a88c8f

SHA1
153705545e5da8070cab3ed08b1c79e4289c0e56

SHA256
532ce029167b958ae71abbaba92ead39d0e25a2fda4a9b88dfe5c010860896c2

SHA512
94420e78edf7945e30ab7082fa42ca7f5566880b7991c1f6e12a1114924fe362ccd3289a1ea36805c28fb99d69405dd8010ba755e8105026a7979034f1f3103a

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp
Filesize
85KB

MD5
21af0e3c5189cd19d7c672f4277b87a2

SHA1
773c2183a4155ed700b62990f6a59d105ad1f82d

SHA256
62ad92cf2a4c386e799ceb02b9543bd8de3c17e02c5c5193fbfcfe901b878558

SHA512
29584f2d9755b2d694ccdabab9cffeec9f6f9437d3478387edd1bcbe102e1c52c7b6644b6135baabe1065eb029ac36946edd512ef634dbe0f8de22be2a03fff7

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp
Filesize
94KB

MD5
e51cddfe625293e67b9374703188f6f8

SHA1
c9b35d164d1c95e36edd77465870bb67ae21db09

SHA256
ca277d301675fe881e0b64a7a21e1f96ec09849d027eb812d2720e6215d30fcc

SHA512
1d8ba1f5d4c6a631058f44b61f08e5453add890e7f6332cddbfcbf37b9f3f35688cc49790dbcadaebb7df1520289328527528311b004caeef0de5c548b7755cf

Download Submit
C:\Program Files\7-Zip\Lang\pt.txt.tmp
Filesize
89KB

MD5
4da9996201c446bc4984413bd7daf2ac

SHA1
431a06d35554bf2d8068e6797c73f04f5e102d4f

SHA256
c57412daa290d686ad8feb6c602b892244b4acbfa3a6bd43e6017fad72f5388e

SHA512
d1df9320df9572db424d1acc3fd4ac3726eb5376595a3245eadc3421d98542fd8a7a4f9c4ee8a851edb0b19b884648c45e2713566d83d93d9f9eb8a7f347f7a3

Download Submit
C:\Program Files\7-Zip\Lang\sa.txt.tmp
Filesize
100KB

MD5
f3f4a531489d1af9fc77e714de4d6a33

SHA1
3a98d600d313cbe42d69e361f71f5bf9ad42463c

SHA256
8a4b3fa0d8f3d11652424f964a3bdd8b7807ef0194913245ce88577894d1de19

SHA512
902844c81e94f98d9eee0be35d58f389d4edf652d71e75c9900f661a29428be265d7ef4c3d11f29daa357bcf87af4528af8eccf167be62a1591b2a752b1d6905

Download Submit
C:\Program Files\7-Zip\Lang\sa.txt.tmp
Filesize
100KB

MD5
adadec3ee8453b0e1badf01dfb67e3c9

SHA1
176fb65d5de5e9943d8eee25a0b9a044995ee1ca

SHA256
1d1776602888631dab1c74d1e2da7181ecac0b82ef1af7eb558c05260e42facc

SHA512
855ac49a0cc3c27315d76ef7ca5511b87c932925c105a71ef9a970aa8e0e995dfa2eb91d2cce044290c5050735c2ec31908761cfa74099413d223f979503d819

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp
Filesize
81KB

MD5
ddda7b61dcdf3c9108a0fe9cfb1c1a43

SHA1
43dc929aee3d09fdbf66c9597315f85c3a88e015

SHA256
67f6b4050f4a1772669c9529a516b6ebd13f38b57859dbdbbaec895b637e1f95

SHA512
023baffa2286a1d2edb542f98dee413c2d23f72003657d6b8ab061e2c060f0d88896bad8d0ae87f6bba8a939b6eea174344f723e8a520696763fe6a3b84116d9

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\currency.data.tmp
Filesize
89KB

MD5
5895c7f0dba89c59c5519e8d94010cbd

SHA1
456e9c908cc67227f10358683bb984b7da90d375

SHA256
b0ac4eaedb98e0a720fe46498cbbb39de48da1ca35ac770facfd36e9e527384a

SHA512
26ff86e98d767ca18ad1c7539e0276bb6f9fce30e1b32681b1347f007fedd2d20508015ec2955734d8c781317696a030af02ddb5544bf1ab683904d87a66ddea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
Filesize
81KB

MD5
32a88fa5eb352bca9ca9975041b59de2

SHA1
831302ce8c32d9f584fda2046843bad58e6969fa

SHA256
e62aac64eba96249ffe9cbb08b2d80f235636483521fc06480343f29104cf3ad

SHA512
9643681775ace27a4bb5acecaeb37fcbeadabdac0d7d6161b0d6ce343ae7b4ce1163a0ab767229f9a361dc779e06917589f88fea178bcf25ce98d59522097b5e

Download Submit
C:\Windows\SysWOW64\Zombie.exe
Filesize
80KB

MD5
a3a627e45d41e05393aa8a18ef81808b

SHA1
e04eab845c469edb5a2da0278a32c7854d30f9e2

SHA256
4a601d18bc8e79c8351bac2e008bbf9fbebb4296c0b4fc87053514fb057fe36f

SHA512
3c60d3c566e136c2d594c2f6347dcdc32493cf69888d99c552594ed9617130a81298a604deb75e69a90432bce98804799a71039b6f3943bcaad85b969f3724ed

Download Submit