ab39dcd40d136af0a3c00151415908b16d13a8124eb5db3b7d0b5a20afad3069

Analysis

max time kernel
120s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 12:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

091105ff75c575c9e299b31aeeaf87b0N.exe
Size

195KB
MD5

091105ff75c575c9e299b31aeeaf87b0
SHA1

26dde30255b4e9bf1dcf1a571e5527a487bf7b04
SHA256

ab39dcd40d136af0a3c00151415908b16d13a8124eb5db3b7d0b5a20afad3069
SHA512

b98557a521ccbceeb1c497fa6ed45ed3e4cbc2db8b703c8adfb41c63571f15385bed3ba6d32ba46111ddcdc04823e1d2ede885b10ce0be91989b425814ae043c
SSDEEP

6144:RqKvb0CYJ973e+eKZ/BYqKvb0CYJ973e+eKZ/B1:vvbxYX7Z/BkvbxYX7Z/B1

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4134) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
808	Zombie.exe
888	_desktop.ini.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	091105ff75c575c9e299b31aeeaf87b0N.exe
File created	C:\Windows\SysWOW64\Zombie.exe	091105ff75c575c9e299b31aeeaf87b0N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationProvider.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationCore.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\AppXManifest.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Annotations.dll.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\vk_swiftshader.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Dataflow.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Cambria.xml.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Sockets.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Design.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationClient.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\security\public_suffix_list.dat.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ospintl.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Core.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\hostpolicy.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Encoding.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Grayscale.xml.exe.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\host\fxr\8.0.2\hostfxr.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.AppContext.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ValueTuple.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Timer.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClient.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ReachFramework.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT.xml.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\hostpolicy.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Design.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.StackTrace.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationTypes.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\jaccess.jar.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-pl.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXC.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipRes.dll.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationTypes.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-pl.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Thread.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsBase.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-pl.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-pl.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\bin\javaw.exe.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	091105ff75c575c9e299b31aeeaf87b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_desktop.ini.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3092 wrote to memory of 808	3092	091105ff75c575c9e299b31aeeaf87b0N.exe	85
PID 3092 wrote to memory of 808	3092	091105ff75c575c9e299b31aeeaf87b0N.exe	85
PID 3092 wrote to memory of 808	3092	091105ff75c575c9e299b31aeeaf87b0N.exe	85
PID 3092 wrote to memory of 888	3092	091105ff75c575c9e299b31aeeaf87b0N.exe	84
PID 3092 wrote to memory of 888	3092	091105ff75c575c9e299b31aeeaf87b0N.exe	84
PID 3092 wrote to memory of 888	3092	091105ff75c575c9e299b31aeeaf87b0N.exe	84

C:\Users\Admin\AppData\Local\Temp\091105ff75c575c9e299b31aeeaf87b0N.exe
"C:\Users\Admin\AppData\Local\Temp\091105ff75c575c9e299b31aeeaf87b0N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3092
- C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
  "_desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:888
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-384068567-2943195810-3631207890-1000\desktop.ini.tmp

Filesize
99KB

MD5
5c76a4f30174b453da2a087f1caed757

SHA1
3a3ce8941bb3831045a925cd683905273c96baca

SHA256
90f8323cb7643491d7fa4da2e9365226778a75d5ac858c6656bc37d8c4baeef5

SHA512
3220fce29e3d32c4f641467bc5d1aed4d1ba0bf0cbf08c0a3f2e8516fc70cfcace1aeed8e2bf77fe7882c809f7bbde7edb6050b9d7ea4c2941048e1f9b298064

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
212KB

MD5
828c650ec624857023bf8e019b3c1b6a

SHA1
b91d8276a508b6011235f16ac5f996a0b286d37c

SHA256
c1aae5931374f79d2038f42cb12faf2c40db376e6db208a9ed46e65abc388f2e

SHA512
5593b6e80b091c7bb56273b89749c11e380140dde177534082defa7494d31e2d2c8bc5c64b902dfa51f492c500df24c09b65b196b1d97321406e5e6acc5528b6

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
198KB

MD5
3e6b8357389e88357e738c859c2d55e3

SHA1
d2ad2d60a20ad3689f72b73cfd1613e5f25609b9

SHA256
e6f459639b2fc1aaa7a74930df3d53a50fb878e29bc6cfde21febae5398f2b49

SHA512
4aa3858ea0bdb8960cae6f149cd4dca90db5fe93e2ff5d3613d2834b949dd0c9539b272a923ad2ab0a71b9fded6eb5fa87982d948340c4febba41b870698185f

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.9MB

MD5
142d343f119c798dee6cb1062014a9a3

SHA1
9e6f5f27059ce7c5112b68a083386c09d76b45bb

SHA256
e65a2dec7173eb79e8b3375e23004c23401584d41f1ca53b03d2cb64170ec693

SHA512
56e2a1d9ac2a432edb0bc7c9f0160103a24949a67dfcd9cc200a5e959ccf9792b580a108d5fae73a8a00201315359c9feeb9e00355ce30b8c324c0d7f4827960

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
643KB

MD5
55cc530d47f7c963ca2f64c7918a5340

SHA1
726bf395f63de0dc70bc1e446cef44664495fbc9

SHA256
01e778f3d5fa958c044e2e99677c404d199673a3e518c9d9eb13cf7ed59bda6d

SHA512
a2fcbe2697e713bc478f9c56da3acde75809c235e0289d45bf7ac338767657eb7f47b1f431806ecbcee1a56533f7cdc533e37b03ca0c7a85c3efdd2aac4df7af

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
309KB

MD5
338168d6545378c8d3af257178872d0b

SHA1
4efd5d1eb432441f91bb799750261952b81c10fb

SHA256
b560b49ae206fb3bf2287c321c589ed188ef024eac825cf8cc4e8fb97fbec45d

SHA512
d2dd2e3f2578a3fe7a970b2152da541ed3a62fc288ea0eaeaaa35000b2e73ea38ddf09b10d567d1c6b32a59aadcab5d9d6e359fb5420c6f953e54aa8736616fe

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
284KB

MD5
5be163567ed4a47ef1dd9446edf1c8c4

SHA1
f2d77312b11424f9c71e664a6b378445e0985ccf

SHA256
f2ddc512771953f3f260ac1e5e2578c13c5a89818a0578f889f67b8f16e1e833

SHA512
aff5659c6dcb0af393916b4fad1081264876dc15832a57c035e14e7ba0dd62c6cb7dbc939a68e1a06aff3640d0c0d0ce74f8ba12d5016a1facc0ea563b75fecd

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
1.0MB

MD5
6c9be7a619919632dad6d0c5a62bbee7

SHA1
0e4120286b2ca478dcda44dd3b73b751c72ae0f3

SHA256
a35932d991d205c586081ea41f3406490335ed331ed5e1e31b31ea7a05176d62

SHA512
b738c7b8345da61cc6061b36c745a7056388d41d7e36e32b924a67b3d6ecec31faff39b7beaf2125b0c3b7e5e37be6b98a548c234be63501277cb2160c92fd86

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
153KB

MD5
843217db3c01db16b8b87422f7857d6f

SHA1
9b3d4877bf471d87d24737ac0082b9eed41c2174

SHA256
fddb6c3d679501c248ff76c956e9e820dec3b9bb2759c2ec1eede3023684b82e

SHA512
910f5371c675189bce18fd5451b41c6675154e5f453bba2f0ad781c0e6c03a9d1a8094cf897ea8ec1a54509d986bb24f52196b081ed9e0c7bc10bd0b45cb1f5f

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
109KB

MD5
1e730dbc92d013df94667bc18bc89a79

SHA1
1e3a7a2b47242a96f867b4d6a2ba7bb082ae96ce

SHA256
6b131385e843dca9c321b2b767187f8cdc788fdbbd56aebd337e182fdc75af66

SHA512
6d4551192f1bac0ee23fd6dde66773cf404c503a7f2a635630a4d4239aa075784771bb94271050ae2e7df54300845224f6cca77e81c097e5aa687d22a0ea9026

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
103KB

MD5
3592d3488559faa35b64291fca043320

SHA1
49cf39bd537fa525d85c22959001ccb0c0b12521

SHA256
d6b88da35de1b90c3b45e252a530e9a3ba6a2ed50c10396620afc175fbd0a8c7

SHA512
7ad678b0211b8242fb2abde8d5e489e4cca1773ffbd122f66c091b7cb2aace8ce70db668e4f1ae81cbee1fba3ba6f76e98182b2112c7ec87a061913dcd0adc02

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
110KB

MD5
681a85378e41e5f96929e0e671c708af

SHA1
300480b698c3fac1ee183074b66ab68d91a6722a

SHA256
15901de3c4202406f0b0533d5a5885c6cafbde6e5a35b2897bde48bc3217458a

SHA512
62a8138b107ace1a4d0336493da709243a56e5e1550fb9e9e5200df7152797c52ecdf74a35885e9c86a8124d30a76769c56e3a8a9f5c63ac8206d6d8850ddc83

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
111KB

MD5
906a5fdc3f168fd6b965b6e8e4949e38

SHA1
ad89957d2fb388e97ac91e735338f3dc29f03095

SHA256
2626e9693506741bf6be88b4e7180831b71aef8d8108101df97f8f83d6ebc511

SHA512
7ff396525bdcb09fe0c9198f62babe74dd142d4f9bea45796f2dd61457a45d438a34e9ce5ba9c622d75560066e0bf6a06f9a60e8791dc06f59e1d86e114cc289

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
109KB

MD5
f1c6c753007b55f85b5204e4eec600f5

SHA1
c7a51c14c63888d200f2472f8c9312a0b8894c06

SHA256
9087f142862a22d3a4ca0102571fb2c1607afc8b4d9e780b695fedd30eee339d

SHA512
3f5a4c1f6186fa18eb62ee5a0b26ca008cdec9f703fa30cec7af3ae316684a4c03eb2bff26e8c9b49b3d6064089bc0b73e3204901143a67d5cfadd3a3d6513b8

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
111KB

MD5
2cdd991f7d8465f23ea9e418793c82ed

SHA1
0b230ad14c52c66621b1c801469eb71db84dfd6a

SHA256
d0d115435ddc691c8adb9cb1a025d5b9fc3acb0982e1844d117ada9b6ea78f38

SHA512
a4ac3b1437c84661ed031ca638dc314f9cafa0c5743cd6a349898090bb384d261415dcac074cd18249f25e5da48fd0124516a91c62f537ca868461cc2e71393f

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
99KB

MD5
5095baf361efdc0d8c147b175e37e4a7

SHA1
e68d273b04aa39c1cea1961f7ab3be01cfe4324e

SHA256
1d4343d16b4b28c88d9645bc22bd0f26e4a1e54a8c67b2cbb119e1414034bef3

SHA512
8161a4cc66b32dba6744d0be298ac7e214b96d861e8dc09710ea98ef0519d569358f9147e47f9e4d3e59ca4a375b3d4d324efc1ef6724e1570a2defbadd6d6eb

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
105KB

MD5
c44d703c59cdf61b5c6c1642d66a15c0

SHA1
cdcbfd2e9f5e226ba1117774e5f0e0fcdffc23ae

SHA256
66f80e259fa8c09821e7481bfbd82cf6e2ab28dfae896d3b51922965e95c9df0

SHA512
7b3da9c0061cf31ac75f06111841f2034694dc60c52adf590075a9f158e9fd7213be3777a56c0bd0fdd022b0ad84cd41a5d2d7441cd92df0dfc834224f26857a

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
99KB

MD5
248e23efa237052e93f79481a54dbfba

SHA1
a5d81fddcda11cba463984acec3fcc701964c6eb

SHA256
591a3455a321a73afb812c34cd0040a04fe483feb297a154b1817d0ab23bb7cb

SHA512
c01213c06b8d9a790a70327ddb0b67c7dd1642695f1f1c388f7668bd72dadc68c99588087d845e196385c023e6e3522ac05de4b1ba28ac87c4e5a2f12350d98c

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
107KB

MD5
d9fc7c031c4704a26c5e062a34a24f40

SHA1
eb4d3e364c89be4e76c4cac4954ab697252bf079

SHA256
db80d48263156138c1619ec949a276f5532ba411cee36beef316cf7a5cc86e03

SHA512
ddedf1ea05134a449eeb5322ad66b7cf2192f61bb6230a387de0e45c39e051d5052ffa08b355096a7aa8c348bf5c741cc87a44e27c8fbf50b08f5cedbc5b19f4

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
108KB

MD5
81e8f0559f220129f667375701c2ebf1

SHA1
9033921ca77be1659474bea2428498061121d62a

SHA256
c902f831be193dbba010d123d9cf61ad5158d00c6e787b1557f0fb7c1ee29fa9

SHA512
b84a951893d8f9b8aa659367ff0fc3128536da75c4d5a6b2d6e3d2c17a2f4ad955b605d8b82118a849a17300226e00dcec853a3ab2c22fc3a32badf6ca6d85ca

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
116KB

MD5
4554f60db2ddbae8404a32234552632d

SHA1
daa9df79bbf2d162855fccfec9c0f31d4d3be0af

SHA256
0d182e2ee95205167400aecc9f66313d51d2711e791363377c1d4a33870fe65c

SHA512
c84d382486ad66efc05430dc198dd43db5a336da0da69c75cfb34d8c9ad23ad00e006f512f064cf94f5b4d4ee46efa5c923287da4b3117522ddb833eed3299bb

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
104KB

MD5
d9150ac49d36e74062634b78a49e9912

SHA1
1ab8a409789eea8a5878f67b7b6c4acd82d96a56

SHA256
f67244e99cfee385c618a50851ff3eae5f79a2ef3c7d2a794e926a05dc0fabe9

SHA512
66e04f810c928166dce8e40fbacff97e40279270eefd30b4bb6c483efa7454f85feaf4a417445b39424cb74770040601af52713ea5cb60dfffcdb3a46c266bc3

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
109KB

MD5
33b7adbfb7eafec7ac30108e815803cd

SHA1
5f7e7f502fe5b72424d5e8626aef6dcffdb15681

SHA256
13fef1e6d2243584312a703e8fdeae6eff47872fc476810ae235aec63564cf79

SHA512
49d628cbbd129d1ab4fccea37738535553ca1e1a22138d8b550bcfd0bb9d37aadb52ce7990400cb006fb63dcb395a018740f464ac9bee5f30b89af83fdd668a9

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
103KB

MD5
9532a8601b7f7017b4614ef545cf7342

SHA1
d9826d206151c89869449cac980b70402c716122

SHA256
87d5fefc1fff476304640ad5a9c57b55ec52c7788a61f784fc35e5cd29780532

SHA512
0c9635febd560a69ef6145d5e8189370e61fbaedad10ed65519ca900b9d092562028ef432c2083040301ac8c18b72aa90c0c08576db005f030397618ffc5a36d

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
105KB

MD5
5a1f1604e823d8b05c5342f3067b11d5

SHA1
7e77240e59764549724f8584b00ed498e3abc17b

SHA256
c044addd680e1becd2b3e726bf6b20b544a346478f2c1264bd101c810a3553b2

SHA512
c3c36e6f58f18fa551f6343990549ff2428d6f5fd595c3e6dd28541226c24ca225d42b0f5aa13177732d657e841989df45545592eac6fb3b6fd041b415c7f4cb

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
103KB

MD5
818c3e11844067725a572bcd345aea4c

SHA1
787a47d4719b970ce2f2d8786021ce9633b9b763

SHA256
2aa0e276f69d69cf0f4d1a15837571fb6bcca3da043348210f70b4a38839bc99

SHA512
f20f55f4abdd86bf1418be575c3ddf35ee3a2fb5369a76d7445efd4d5bc5a9fbed79c63bc5430e4abed116910066fd8789f6889f1327fa5e33f9b088fe1fc34c

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
109KB

MD5
d13ccfe95b879f5147c22d068e38f073

SHA1
0897f4200349c388819fe2881db71f971792ad88

SHA256
47f28699962fdf6ba4893b66f68f7ca2310ce8ebafd831398f97fcce88238b2f

SHA512
baaa962108cf1b2045e4f7c0e3998274ebf7c02a59c696d78552e309c4e6049acc19b9932993a44e89b33d4e4a4e1b8846b8cf2ede6522a41c5df4c3d5d1a8c7

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
108KB

MD5
e91ced39a142c8ae9b91084fb8f1d82b

SHA1
d08062abc81f8172c7c77d3f72c46ed92881933c

SHA256
347b8fa4e9fb107ba039702493dbc7ffc35558efdf118a7bc5bcba1f4ebd96cc

SHA512
99d4ce7f56f5b4784b02c89c59c04465653c629e5f823fa605b46c5ff6fccc283e4ba757dce3dd9fb58ce51b55cf327422d1c0b0dfa793c8d97de782ab6d1239

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
106KB

MD5
b50cde77d0ab1a723585e0870e6809f8

SHA1
8c26a33f850e6f3af66656311f1fc4dfd96a3bdc

SHA256
efcc446c40f513591b2ef8c2e6115ce513314989331dd4a14515576d35121ded

SHA512
0b8fc999d2a10316c0ed198c504701dc5a65132999ffe29f5fd7e942884879bdbd8effeb2a317db1b88711889e4c5191b45cb3d063103d11086847f0f316dc6f

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
103KB

MD5
a2cfabcab2fd28b973dbf2aafc3b0fb4

SHA1
c6ff87e182eedbee7ef1f53ee889cc48c139a2be

SHA256
bdc5da9e09d72ad5abfb680dcd15a3737c9b1fc2b703f5e8f089d10f4577e67e

SHA512
e613732d294411a6769d8bbb400e960be28588c272c30e3c8602b22381be5f79ebeaf5e3d8ea70ca67735f7fb03daa1db84bec03fc8d507174d84994721ad095

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
116KB

MD5
6150697ea36ec62ce957e0749dd99f52

SHA1
3c2aca4540929c5997b573d87677ef4f544fc503

SHA256
bd08a3f349a50347431f1d8d78e24ab89c30fbc922bfd615f5327b8feefe4ef7

SHA512
535d14bce4d08677b896537df0fe877423fc2897754d7fb7bd4ef65df8085ba7df39e28970946ab67e29436e573dc0e652bc95928d8985fe3aec2315c507093c

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
104KB

MD5
b6b97d778da7d31344956bedacf0430b

SHA1
a45b4bbc07f7c712fe36de0a3f65cb34d357dfe8

SHA256
863376fbe29cfd64f343a17150cf35ece620eeb5d0974d7a223e93982b271b52

SHA512
5bddf4422f1bf0f073793917e9c1be0a36c478964f466a35372a368afccfe62e7f3c873e208e6812e2cc3cf0d03289b77b57e1c9ff32a9347fb2e1207aab7526

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
109KB

MD5
7bfd4e2d30b752d7e6dbb6ef2bae8b08

SHA1
50c43683b0318e402dd6cb0c0127b0f540ff2514

SHA256
ec0ba2e81a30088b45a8cc04b9ec261a6b5962e81744381145e3c454fcc61bff

SHA512
02c6eeaf2929a43c812de9b98b71cee519063dc136e949b07f153483574436ee313d0b386fd47cb91e8dae95036177abdd09aea943c43d9599e17c34be707618

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
110KB

MD5
031d3be90716c2f78dfe08d4196b4894

SHA1
0916f0d4d304b92d9a268d06c027a0fb17a147ed

SHA256
b06b684cf01b06e766f27370ee7d70f204fc5d8ebfc7f78cd17b11dcf8cd2032

SHA512
60f03a66d27eff963d3bfecbf2bad2f3ec9e1804346f9db4d38f0a62796d40ecbdfb9192fe9758222561bb5ccd318d246264b8207031aab4e04b75a34e7b837a

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
104KB

MD5
d361f4e9446529a41bcaf507c239d1ce

SHA1
bc6becea289bc642244c393a153185b68dc6bc1a

SHA256
c4f08aba2013f2b2edc34df9dfe6c96c8af388084d7e3c2cfddbc423e40ee67f

SHA512
fefdf0eed9cfb613a07c3f1948eb17a30768fe547c093c682d34fe1c454d642e04c9902556a188e683af72c94c3cad84a06a6ecfeff62c5c13eda4b93a510c18

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
105KB

MD5
dfed7e139f11fee3259f73a28131ae71

SHA1
c6c9673b29f70dd22464b46c6118c1edc5a7cf15

SHA256
966b68711e52af933803210b9e2b54e61f8f1ec5ce7582f122c2e6f48b5a22bd

SHA512
f3dcf3e4afbae33e7b16365c303ce31f2377da5e9b1add3e7ed3f4a4fced75b9fa72f34e45a2255a98a3f8a8e76571d110d906c0930449d2f0a0a94b1a99559f

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
117KB

MD5
159fe8595f1dbeb3b066664f7dd3c595

SHA1
bb95999adf41c75aa17c587b8a2fa0db4a8d037c

SHA256
e4dfcf5c567059902540f813e96ec9d7ecb9942ddd6bf80bcdc312f8adede01b

SHA512
eb7a6966637801b470ee2a9bfb1f0e3eecfc68d6bba8a07af8aaa0c5f537f33260fa80efd658477e59ae3b547484384ae2bdebed833b51bbcd808f59913be099

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
107KB

MD5
6ad8c173384c3348fff46f359be8879f

SHA1
f0546c4b728051091b17749050f3814a855069df

SHA256
96ec12c91ce625165833e92a1064a70de7437d3190b10671a79b969ecf176782

SHA512
10ffa1b679bee3a227555ac1e97b8573dab3b071c45ecf14d0aaa785c59b23a21f1662c3204339955d9d63cacbf2e89883efb49a6b7692994aea46fb7627306f

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
110KB

MD5
db64f15822b2a6d8810077dfaa2e8383

SHA1
d67792b060ecbebfa143ea2f6da77fa6a9f1432c

SHA256
7dc479fbc4d842d315667bb84291df78885bfb480a227b971392b2e8d95e77db

SHA512
2bcdf1e276e0aef03ba811ebfd9eda373b8d9e057066fe89a0856198c73848ca68a6542613b6f57237524e7f8c2af4333e8700e24aa85cbc751829b59bea2a40

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
106KB

MD5
237a506d5963071fd951e0510426e6f9

SHA1
dc1a2ec573586d6aa4e5398d188f9d61e7d98bd3

SHA256
8a7bb3a5fd911109ba065438e60feb595d4c4fea2a0f3f4fbd952767085b0955

SHA512
0ad8d3efc52fdc6182bb1198b31c4eb88c4f23269f7c073d6ee29fec790b1aa4727fcf6fd9d7ecef66ac224131ce309e01cac39aee7f6ba4f36e272aea853e53

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
108KB

MD5
4263669d607f312a9e4888efb0e53aaa

SHA1
cb6d280b60d06b50c59db22b6c44d34b58918d8d

SHA256
d14df75438a6978c07f1f11600a781e255624c6ab687aff1891cc710d9ca0574

SHA512
f5ca30693f3302699de1c80d5f48f1594840fe5870f5d7554afa2e6b2d71ca6ffa75c5c0db8d14d0bd1109a667ea194ce1c74461b9de877466f129b0e43973ab

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
102KB

MD5
52ae0a71b8b46e67e57427958871b010

SHA1
ac7f9b99ba085054c2cf07b0d89c3cfdf3a88c98

SHA256
d3f7feb6dab4b95b915ace247c1dc20c1d5e5860057da5f2afcd99b9de76d0f6

SHA512
bfb09fcdf6a8cdaf7ed762d7c75d993cda701063e669666e1f74ed62045abfdce24ecc4d326a002d194659f0ca5cc9790db2ba69811536f49d2143924e876c90

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
104KB

MD5
f023da0449fa6bdbe6b88c3badb1361b

SHA1
997adfb5c80cb25e00b2fb76f289b644a01e2d47

SHA256
efdb699bddef4b2370c38f47ade1fcebd1234ca0cd89f7ef3addcac86a59c61c

SHA512
777bd58cbb89dfb5d9a464fc3dcd410ae94d2cca45915a71593cbce833fb02f6bf0b3adb28e5acd7c8c87e563ea440f68460b5879459c361f7f60091cf0d03d4

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
101KB

MD5
aa41ddfe48ce91e45e31e2f1cc24a0d6

SHA1
7cbc26b69c9e8fd0d4c6246c4abfece1673543ed

SHA256
2ef35216c982113a54cfc349f52cfc2a7ee6929a03e7a4159b790eece0f19c18

SHA512
f454d7a06497cb0c3bdbf7c2bba9b89a931d26ecb40efcf48be016511c1e91383dca22eda5dce4354931288f366a8b7a99fbf17b097d05f49eb3801eb70570fd

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
104KB

MD5
71bb36737430941b4b5d3e5e12045b40

SHA1
373291069512839b8da5eb582c920055bf3b368f

SHA256
0a56e7f6bd1482b81e9c365d3462b09daadee11ef18c555988d6299c2a53b833

SHA512
34d276e14665c5396efe04354969a6faf09977d992da88d9892124412f2eeea786c7737f32999630180cd500c8d3ff6e3da00f628f9410f54ed74761d1a446cf

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
104KB

MD5
466c0289e0a062736bf7f0cca5315615

SHA1
f79c26ac7ce51d400e3e9571b52bb1947f41f345

SHA256
8058f8b03d6e76a266fbb7854af182a6cadaeaaa3493ebbb3d250da01f434820

SHA512
3bf32bef2e07297848685b2000fd00961225c4ea7ab8a264e8153ba47060c2c2ce53273722fdca7392b02b04cfc7d1aa9ccdbf2769e4822f855f2af0a667a32c

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
116KB

MD5
2bdec66677a330a530c8711c22710290

SHA1
3c903ae9d6175f56e49b5e3c4a99eafa029cbe9a

SHA256
e0abd206eb8f0ffa7068dfb5e8c439fa0e1d28c556a6a7a40b59eb704b02df16

SHA512
0f608a9ac9307e56d0a113d44d0f0626be82b68874bb2ba85b32f878adf5e0b00e948ab42b46e9843f253c4aef1cd12bb892541afc85bc7cdba0fc84e3ecd8cb

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
117KB

MD5
d0af164e114cb98e37498772651c9b50

SHA1
4375246da3162020939088b6a0eb8c99b94e3ba3

SHA256
af3bad4536923070f8d1fb64f7ff4970a397cf3712cc05a74b862a6067075758

SHA512
6e2febbfe69b24c1b91ff07c5d483761790798d50c906d1a9c377ad719685ffa6d75a9b8ed4204e164f2e5db476aca4178ba68df82ee7ccd7b4498cffd8fb025

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
106KB

MD5
d9c9335a445bdc17e7f9bffaccfe0439

SHA1
edc254139e64c5589aceead45ec6713b47e10617

SHA256
872f803ce7d8ecfa6e9c1227c55a5de46e73f62e5f0bc772708e49c9cd903023

SHA512
02faf10cc9cdef3f1fd331accaa6c17bc9ca0e00e2c29d024681171585700c49c42402c42e8a80dc98727a42759e53bf444079efd6517c10a30be91e6af61e13

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
101KB

MD5
3185217f617565f82908b6623f82c44b

SHA1
dd7900e57254dc53f88670710ab35c716a4acbd9

SHA256
f496ccf38845f4bc7201e2c76343303f28009cd742ac035e1f577194842b91dd

SHA512
8f8aea6806bd3801b014f2b591a2368756140b9b35ee7e85c971dcad0842a8fd6e0d538e9e74e6c503a2c3e899f88796e76d22814e5acb5f43886670921c046c

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
102KB

MD5
769dc44f6a1b3881240e4125c4342d57

SHA1
cfc5eeee599599994b076f4a892158dcb2b39070

SHA256
92d914d79daa10f4fe7724a59dcb15afa266aae81d6aa756969556604fd56bef

SHA512
f455b6d578afd4dac2d9ff524f8f6db0c2617407dcadc1c3887a92fcb19358af9e280c3ad898ff4fadcaa0254625ecef0a9732523fdbea0e238b995015312c0d

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
109KB

MD5
97e1cc493dbc50c7b5086d988c4283e1

SHA1
fd2b8173dc6bad5a63a9054485ca7dab420bd3da

SHA256
828df8b7ce2c5765dd43081e09342a84bdd2cb334c3e45a200634dc7b5ee3486

SHA512
081e4d1d27268d5ab7d17eb46fbaae23f8ebde302b72ee802423cd25087278a028e2dffa0d4d1219cf86c67535f48fba8337dd86ba844c685347da8b26fc0a84

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt.tmp

Filesize
109KB

MD5
153a7209e43e984dbe2214fec98dffb3

SHA1
6efcd1e19ce92962fa7662fb41527c83b1bbd84b

SHA256
a97507c1b7c6bfba399033d89d7cd28247e9dd24a8d8e6828bed28d15dc814b0

SHA512
9830f4738cef4ea9dc053323db80b322f62276442d60d8a76c3e45a94b259aeff238f09e7e5d2f59147ae8a74d8a5cf993cd7dccaf4d6aa652d058b6b28f623f

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp

Filesize
104KB

MD5
9cbb31d6b86e2f3e008cf67de2c39518

SHA1
0a99ed7ce291d75cfdda2c8598bd9cd068f0548d

SHA256
a33a9b8d434e4e914cc9581089131b0610d3ff14b1f2227c0aa15460dcd8bd6c

SHA512
77d66d6d935328d787c0537a45dd1be6018b1a4996df4da6240665884eea9224b5a453bc3611d26201165b55c409afb0049c860cf21206516e2dcaaae2741db4

Download Submit
C:\Program Files\7-Zip\Lang\pt.txt.tmp

Filesize
109KB

MD5
4185471bec27d9a314774318dd7f7876

SHA1
916ec9f8a9a2e2cf3ddda773739d2df03261b927

SHA256
501623ae99852d6352df1bfd8a9901edd3feae1368d887ca8db0c553070a20f8

SHA512
44479257bdb4f388cda782f67ebc11136c445b6489cd757ee9d459b7116f084a6547774c757f0968143ae0eba2607c2b63bfcabe854e266d764bcc7001b90053

Download Submit
C:\Program Files\7-Zip\Lang\ro.txt.tmp

Filesize
103KB

MD5
064da9c28e36bb496d39520818bd449b

SHA1
09371552a57f2521dc03ad7523bf048a224e0e02

SHA256
ecd8f43919374acba0a25ab12b0a0810aaecde5ae01ad468d7be264ef596c2d5

SHA512
099747b04516787e00025ba76bee3d873cfb43dc6ca5d2eb634767e91eba1b9937e584553b86fcb53b9fa297d20d9fafbdf015a643ec07de15fe91ab6a1b9613

Download Submit
C:\Program Files\7-Zip\Lang\ru.txt.tmp

Filesize
114KB

MD5
2d62bd3560c0e4c137a65566aa680085

SHA1
dffc865f542605192a854b9a9361e00e198f7cb4

SHA256
0f1d08652343ffd06dcfeb03cc111d3a1327769f6f1c0edab5213231ff0c4f94

SHA512
506bfb54d37dab5ad29c5c1586efd61268ffac411448418262d8054e1b85590ab8f2a68d6799011bfb512124dc98b7fb3016702db214b722344c829fc27f5276

Download Submit
C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp

Filesize
105KB

MD5
50babc2342dd931aadacab292274082d

SHA1
7555a6f8fb99e1c1ffafa9918fe192093cde7621

SHA256
4e8a7eed85c444169fc59ff0d8bd85eebcd0852ae50a4d589bec1be93cf5af35

SHA512
ab0ac07a7d788ddc07c4cc4f0d1827ef0cafe33f58ee3064acb1625c3dd591df0608514e6948f68c3dfb35d3a56f0f64323195a0794e4e1f29f741a8ae9c1846

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

Filesize
96KB

MD5
03ece3e6805020872ef3f96e1320d462

SHA1
f8eb4fa8e7d59a228ebb032588ef09c0e6887da6

SHA256
c8253adf857f4bf9518583ab3c2e0cb001ba1d8d0e40b57d6fcdf00149c5bfea

SHA512
06af4430b09fb39ed09e149faf4e855002699ec1036456b4853c6d286366b9741386b64540a1fe6e15f5f0f7214afb307ef825eee92fdeaed54dc32bca4b7b5b

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
99KB

MD5
d01aead4141b5df4953b7f02b2abebd9

SHA1
ead88d66572219006d955558461a4e830feff1e8

SHA256
62ebe4586eb9bfc738604a0c2e4083722ecd83cc2374119dfa66f29be5d2af37

SHA512
00c72882dee32d1fba9e03b05e0a00354ed2cdc287fe001da7cdd387c2503a15aa7991aea6e1d20e934e1a377e113f10926b7b627d9ca9164a5ee90d2c5b87c8

Download Submit