098de35777c61fc42f2bfc58d3e546c9f3950dfa60e3bd0c3332aae0ad3481b1

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
27/07/2024, 18:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

098de35777c61fc42f2bfc58d3e546c9f3950dfa60e3bd0c3332aae0ad3481b1.exe
Size

137KB
MD5

393cf3f4f3d37c75f2b5954e0010b698
SHA1

ff9b4975e132711464dcb4eeec5a05829d787aff
SHA256

098de35777c61fc42f2bfc58d3e546c9f3950dfa60e3bd0c3332aae0ad3481b1
SHA512

d3c237d686553334dc1b6be241b5fccd35c68002a2f66b5ff58748085a500018023db221eadbe78d435f41b60613f39931c021dcc3b1418ccf9f80a7b41d8c86
SSDEEP

1536:W7Z+pApfGQ3y3RWvfmRfm9sKsSd5GTf7Z+pApfGQ3y3RWvfmRfm9sKsSd5GTi:6+WpDfmRfmh2Td+WpDfmRfmh2Ti

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (1509) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
2004	_desktop.ini.exe
1152	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	098de35777c61fc42f2bfc58d3e546c9f3950dfa60e3bd0c3332aae0ad3481b1.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	098de35777c61fc42f2bfc58d3e546c9f3950dfa60e3bd0c3332aae0ad3481b1.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.Extensions.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Claims.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Controls.Ribbon.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Design.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-convert-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebClient.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.Linq.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.Local.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-math-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.Unsafe.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Resources.Extensions.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Concurrent.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Encoding.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\ReachFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Design.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.Lightweight.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ReachFramework.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Content.xml.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClient.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-private-l1-1-0.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationCore.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Design.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationFramework.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\ReachFramework.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationCore.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-1-0.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationTypes.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-time-l1-1-0.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NameResolution.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Core.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Brotli.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.DataAnnotations.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.CSharp.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.Windows.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Xaml.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\ReachFramework.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.Json.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.DataContractSerialization.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationCore.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.TextWriterTraceListener.dll.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_desktop.ini.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	098de35777c61fc42f2bfc58d3e546c9f3950dfa60e3bd0c3332aae0ad3481b1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4672 wrote to memory of 2004	4672	098de35777c61fc42f2bfc58d3e546c9f3950dfa60e3bd0c3332aae0ad3481b1.exe	87
PID 4672 wrote to memory of 2004	4672	098de35777c61fc42f2bfc58d3e546c9f3950dfa60e3bd0c3332aae0ad3481b1.exe	87
PID 4672 wrote to memory of 2004	4672	098de35777c61fc42f2bfc58d3e546c9f3950dfa60e3bd0c3332aae0ad3481b1.exe	87
PID 4672 wrote to memory of 1152	4672	098de35777c61fc42f2bfc58d3e546c9f3950dfa60e3bd0c3332aae0ad3481b1.exe	88
PID 4672 wrote to memory of 1152	4672	098de35777c61fc42f2bfc58d3e546c9f3950dfa60e3bd0c3332aae0ad3481b1.exe	88
PID 4672 wrote to memory of 1152	4672	098de35777c61fc42f2bfc58d3e546c9f3950dfa60e3bd0c3332aae0ad3481b1.exe	88

C:\Users\Admin\AppData\Local\Temp\098de35777c61fc42f2bfc58d3e546c9f3950dfa60e3bd0c3332aae0ad3481b1.exe
"C:\Users\Admin\AppData\Local\Temp\098de35777c61fc42f2bfc58d3e546c9f3950dfa60e3bd0c3332aae0ad3481b1.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4672
- C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
  "_desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2004
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:1152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1750093773-264148664-1320403265-1000\desktop.ini.tmp

Filesize
68KB

MD5
7c76305956223210050a65847a27892f

SHA1
6f7ff7f9ad37b61b0481894a67a152ffc4389cd3

SHA256
9224e0de7af99cbb6689e5869a94720b574c59e16545478c0eba6669d59e6f09

SHA512
cfca2f2077cca36876e48a1e90e8a469b9aa66f8150ecbe60fe81aaaacb4cd07210be48f0071fbab01c54c700f60a92341ff789016c9bc6da2b2965ff452f47c

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
181KB

MD5
ecdda104a9b8c333fa50ebdb99b7e966

SHA1
1c266480f8cf93a3c62c2b6c0608b1fcffc42f09

SHA256
7a4ecc45e314c230a1659ab16947a0436bd0aca0cb68400341bca0ab5bca60ca

SHA512
4f0f75e736f0549cf66c0d4c1b2f8e5c4915b4e3fd5e53d2221395a95a4326b5e9bd5d4cf080f825a2afee6115d9bf9dc27f4ab035b29f6dd0223ad381679c9e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
167KB

MD5
dace939d69d00b5b21a09d6cdbb81da4

SHA1
88cacc587695b1632df95f704774716c6c443f5d

SHA256
21d4ca58ea0883080089c5062007fead2797ef20f61a5a2daa6f15875a353d40

SHA512
8664f2b6ef32c58777fcb573de2ceedbc19435db2c0c25772edf7f365147010649059000695820b0ecf6fbc070a7cb29729c4201546468132a9541259ba4625e

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
133KB

MD5
7f61cbe07c8873cae6db703a5fa3658c

SHA1
fec23ed00318b10fa7c99da714089f809444b21d

SHA256
f10ce9631b0ea77589be52013e22067c555cdbb335847c3f451977de09dce7df

SHA512
21a996b3992a267b9780ab8252235263ba8afd0c215524f163d422571db13349647f1e541dbb64a378d69f4f88ed5bcab634650ca3fbe94eeed4990fdc24d472

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
612KB

MD5
05537430f344635560f311ade7ac6343

SHA1
686f13b19053b24c003585c5375233d102d2ccc6

SHA256
c1c356fde815dfad2dad9a97a05387ed77cb6a0b902a6f7c666ab86f2decbc73

SHA512
3c2b69589af23e8b7b3fd484c253936f6b89bb19807bfc5705ed02980dd660a59131b4908a18eb9947c8da3e557fa162aafd9c6805aa903e36b22dcd09df0e2d

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
277KB

MD5
04065d28b168f754eec9033a4feef55a

SHA1
9ce6357df84c6b07e0bd08e529e41f7e7222f516

SHA256
f78aa82e2dfad3a64b71e49a46222d98fbc30672948b93b3a9dbabaa213aa439

SHA512
99aab180414b3b2dd463b0f352356657667bb3da6e464379d776136d51251e69d4d9678193e02dcf7760860626eea8829975cc116cf79ee3affddfb20e78bbd6

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
278KB

MD5
91affed22d5d879ef5d880defb29b9b7

SHA1
f6d086cd532b0154245af66bfa3e7d5fe0424005

SHA256
d07cbdab372e503f4006e84122f19b40b000fde9161c35f848e3d6e923d1f9b7

SHA512
b4e00224d6d6198c5906064154036135c2d229f2ae5f4d57f1e7ee2d62e63876bb958a8921eb1030a8bf0423b0b4442a4e540ea1cda673b74ef1720fe54bf9e1

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
257KB

MD5
7a88ad548514de7e4df1377b2cec0ddd

SHA1
7f25a6feb13f00de8e3302a7cad66483c0fac10e

SHA256
f71b195cb738a6825e2135ac01c879031ac2de4e7959c9e87d1240010c363697

SHA512
15c755335db90523c2876a0ab4eeb710a5984773f1380bbd97e93cbf29a75be6989396a242987ea157d03ee463361a1a5681c68d3f07c8dfa5236cc4e2a0a5ee

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
999KB

MD5
1f937cbc13d0546161fe92bec2b2281c

SHA1
fbcc4782e6781ac73b262df95ba1fda7ebffc5f4

SHA256
0093a678e07e643e7060d0a315b43f2357b3eabad6c02d7103c24a1757bbaab6

SHA512
8a71c481bf247844b676050b6711d9106126572989e5816baa43c5cf237ba8fdd6c0cb5d94c57ef4153140de70cb910ae310e0df6537afa54d434916d59e0b30

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
752KB

MD5
c0361d55f2e6632f609eb7498732b9c2

SHA1
4a4010803f5dbdb5bddad0043856cb81ccb9a76d

SHA256
bf1af5cb634a623b52b116f5fbcf77f3e17a1e8a735b49802799389b81130b10

SHA512
415180d2f7ddefdda611ee16bfb366c85ce6a147b0309fde3c65b204db3f5260cbad2c174ec53ca85bc25b94c1728e7850e6c48bfe3ce428d7c2716e45a8a1bf

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
78KB

MD5
e0de864f8e43442831105ae08dbee635

SHA1
9a89fc051c5922b211d4dd61a4d20b9922e3cfc2

SHA256
432f0cafd9d7615a5c7e24720b6207cf4d66e4c554e320df8b1ae04bd3e1fc04

SHA512
5875daedec309c33e5aa172da3f1abf9cb361b0440c2b250aaa236848864cbc435ed1325ae72060a686fe746fc0d0519eaf57188d5ec34dd653808073d8ad3e5

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
77KB

MD5
7432130380b7d75d62854bb8ffe2a27a

SHA1
bd05c79434c293dc2228b6ff0fedb1ca43ffbb08

SHA256
97015884a01d0cf4e5de8fbff9430e7b8be76bf75d9e390db62afb8482ce6fc9

SHA512
94694854d717a63abaf9937bfb0282451a382b3b6c686a9b0b8edd13b27a6f5f26054404c6cb4302f41448fd90bd71e35752f144b2330c099afc8d7ef31dbe98

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
79KB

MD5
c0c2406bb21e44ce9cc43b723ac8a9ea

SHA1
ebb494668670b0328b632a5d2393e59a7706b2a2

SHA256
62e32580be0011e959a4a1f3f26028dbcfaaa1a1ab35d80721f75e9f08591cd5

SHA512
1c38a17ca4f152e4bf373c6ef4e24227d171b953dc5ac43000b1b26aae4b30aedb1ef9e08eb150c4a06c365a2439430972b92acd255c90122f23eaddc72d67c5

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
81KB

MD5
d7bd67a934c55ac127831f0d4eff6c4d

SHA1
76f8a1a80e24853338cfa694be98bf11bfd0b413

SHA256
62c127f27576fa5e13f487e85aaeb37ba3dd2040bfecd8548848d8c33ea21b0f

SHA512
adae3f4732ac3a8566c70a8a175a63da20aaeff1500a9c2dce64082ed25a9b736a9618cd0e9a4036d79f929ca2247e653b7272ceed0f7dd165f8e3929c7468ec

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
83KB

MD5
73fc032d6f6fe96dc7d697180695f1e0

SHA1
ba1917f6d0118c2f55b447c38437258bc50fe189

SHA256
89d76bf8442ac0e69830c06aca9ebf01c7377be8aebdb1327e3939f0c7cd4e1b

SHA512
9ebc71ae898774b023d50396f82caf6f02078f44cff0b0901ad4a8291e98a5655255704a531b7e567a1c54c24a2a9667e1037a5c102139d94c40609ed107e459

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
77KB

MD5
9f1ecb5e6c3b9870b2d8f895ea610a11

SHA1
c3bebebe440424313be005f841b990865594e959

SHA256
efed561a4ab1a3f4d459941c24b4d3021134bbf5db5d43d17781e24af973d949

SHA512
8c40d53e2a946870a0d42e5898423f6302dd9b36eb813c6a6876177b67e3ae5e6028e254a6dcf231e79b07d5bce17036411a7946becb0adabccbadbb74c17a28

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
76KB

MD5
70e75ad1cecb6af36d6eb17098506744

SHA1
0ec47b486a22fb4cc759dd46295337cfe9f073b0

SHA256
5e3dc2ba7605eeed02a9f392c0d9eb5c92e204d5ff6c0bcaa930ed37126a7672

SHA512
fab477a1b57d467127aa14ebe77148f281a9d36f9e629bfae2e1fe1d1046a4cae36442462b29138d8fb73878bb976d39c75021062a7012bcb6343204e309257b

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
77KB

MD5
c565161ff0efef00d82ca02a39e087d8

SHA1
4025f1c8e9e51101600089372c1f33e085395ad0

SHA256
065e93d868ae1553329ced141014a229a9778c1ddab4e1953fd497c7599e6dde

SHA512
95191e10bdb2e66dd672939f6acfc2dd981c4fd9fa53700a7335bf5294261173d1de8fcedbef4ad5c3541be977479e62e22e664fd304b8cc890aa3c025507335

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
85KB

MD5
3d4d0662ce1de619dd4aa70dd8826c83

SHA1
44650601a83c9b8957dd4d984fe8a7bc4f6e1c7e

SHA256
3ccbb6ea5165e929e15f81163e12426ac692f9f70978d842acb364f67279fb27

SHA512
ab33271f44706aa6aa1c8d66235f89ee3a3980353e034f09fc3199b5522eecc8d13b21595d2be1c5a3924486467bf194b115aa69d2a21f1c6c78034196f39a72

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
76KB

MD5
85bc4ec5619da3be09f7516632d6e690

SHA1
aa6764fcd351b398cae7afdfa910a3de6df7f212

SHA256
9653dde5c6b9be3b6e4ff39afeb55d81d39e26338b19aad160e6a109a7f9fa50

SHA512
6874e0a5643c38d4adbefa9deb74b2fbaea02e7059d67f0c25ac87b99c01dd471b642b9a8a9c43a7ce4d71160a8ed4ab5d411079bd2f6198ace307e3096a9295

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
77KB

MD5
bce0bdae09cd6d150a5d21e7f8dafac2

SHA1
23733d4d1e606fbb22f5fa57b9ddf77b3ce288d8

SHA256
9efff5787045f6d0db9c753488cd4d3a696f5d0cd3cdb99689a68e3df4640ef9

SHA512
7fe78e5a6300dbf7537c0c236fef3494156862cd530e389f62876224d164d5ada9dfd8ec86e692f5b52a2709c3ad692e8d5cb16a3a4de01ac6601293a004c879

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
76KB

MD5
40dfc1d87982ab4dccf9f7c21be1617d

SHA1
dcbd2a0ff2eb5c8bcc4e4eb8c0f51b7d9215952e

SHA256
30a48c68fae9dfa6b08e0e3b03cac13355f20906018c263f0287a74be2930fcc

SHA512
8593fc934d23fd7a6557801d6505f8b87df579eec27e4cf7172942e24f085de3c5fb2f61ee4d0381103de0a13c432df570ab23c5296841392c077b696890cc7a

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
81KB

MD5
d1423f3b6a834c0a13a11910f75baa15

SHA1
074bbbd12f3560c0198ed655606235e60d11fec0

SHA256
6d6f56eb0387c498ea12e0220f42e84a2a924247a7a47a29c2759bcda3169245

SHA512
107c226124914429eba6975da8e3ac47ea5999eb66254cca9faabfaa7fa7b00786c6290c1890fb6d621704787252a3207e52126d906b60066ee95ceabf99a510

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
77KB

MD5
e5c56ca7e32e194a763a138e48942a66

SHA1
83a456a5bf1c21a793dbc29761efd1b5cd8cf778

SHA256
6ee35552bc33671af9295031024f349dc8cd818498c016ce1a27db34246e71ea

SHA512
67940c6a7e5f5981c06f5a658d22ce5993cb1e830f1c8080226c360ccfff2fa9f8b7dcfea3ce82e49125f91b31b07528df3d03e387a1b010242f26e10f90c806

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
85KB

MD5
a7aa49f035cee8acb7cf1d007a2dc869

SHA1
6ec6311733b01aaba7990ad1da1c1f9dadb56ed2

SHA256
f6896813a710a51a6326ff86805cf79c099a02211d1ad86073fb60b375aa7edf

SHA512
64695f6e400162690f384beaabedf73270ea296c817a5de1fb07f1a36c145aba4a90a99ad13dcd06f8f2d94ea2f775a862861b5a3e4f77a8c6145b50641eae03

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
79KB

MD5
3638694411a518497f98dcc7f3e3a602

SHA1
367e52f8cb7f021965d284ddf3b9bf81417f040e

SHA256
6c85b9178fb45fe40cb7c193ceb0e6e55283a11052c3bb971aaf8bba16d4b9bc

SHA512
39a2330d756abddf1ef9f4b6f6a3738b2d5075f4ac4059f84616c7d20d4bcb74a7dc078d276d6603e80e3f3fda3755dbb89cf12681b60179adb2c5fdf92d7611

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
86KB

MD5
326031722834f4f91109cdd567049931

SHA1
1fcff245ff6e5891ba7141b7c408d50dd3011983

SHA256
0988cb998c9ca26dcafff4a97be2aa405373a0afa13995f6d6f5cc8c7c841bc7

SHA512
f0d5c3ff377e6fa057357a9c60b2a061968b28506636bd0ce19885cb60b22a4464bd362f508f36752241ced55ba093c1071ad79f0e86bceabe9036469989a870

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
78KB

MD5
c738fbeb583b0ec1a153bde06576de2b

SHA1
f1f7804a43e1a89bd1aff567428b54640eb39a76

SHA256
b3f47765265d175b97e128805a1a4247b2f539cd078bc4cf06550a20174c3b29

SHA512
d5d20f6ed9550eac858f51be279482bf120132fcc19b5e2cdb2be387582a1e0b05ef3fbc3ae1bf22c2f8872ee12f6336bc8e3dc20b8dd716f55a320a483a5245

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
77KB

MD5
5fa0751d844bf96a41bdc3a62c9b4c7e

SHA1
d216f8c05fb572589167e5c6823a89e6899cb53d

SHA256
3de370db2278b837e54bfa1faac9147360ab222fecba2cf0d7128d7c255d866b

SHA512
3ca1bf3fdf97711eff43bcb6b6d446327e49194fd6140fb03034e77a53e74d1f532fb9b1ca78e26bca20824408374f6feac5394d069c60ca1dc78e2f130213b0

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
77KB

MD5
015a875251bd173cf271c1f4f71a020d

SHA1
bf756c7134e7889fde6f8cbdbf2a0f11846a6a14

SHA256
4175e703ddb4e35bde859e551adcb31547f35d71956076db99f87c44e8e22a03

SHA512
7b04b2db7a01783fce39018fcce70f89fa4290d3ee13f50eb5616c8f9938f0aa61e0a068840cac7f424ab9c2dd55742b488423262e8e9d4c28a0e56562c87f46

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
80KB

MD5
cd3748c335a7026d4f83d1e86e8e0822

SHA1
66af676ad0d4cc8dc369b8fffee6840a75e22e42

SHA256
e1fa7f684a3db339e12eeaf0d91c1eee47051e300a29e68d63af5493c08e78e9

SHA512
74b25d878bbabf3ec91e01ca483b878fa20572c7e9c1db9863ee9e8649c2fa6b36a989faffd9f9401efa0885a3755abdda0f36579902bfbc531cd76e72a03cbf

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
86KB

MD5
f695ee6f67a536b9bb056d63366315fe

SHA1
da768b15e85b5701a4472c873eaca704896049de

SHA256
547e865fe623974b27a068c8655e586d32b0809c05a8d2484131c8b819ce3d1b

SHA512
819d1e5e90f61163bb89536bfe839d7ca8ccb158975e123ce5b31bd12fc4106c063e36b7d8ab518565452d7ff70c06023a6aac3bd158b40fa9d9c45b316c9b47

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
76KB

MD5
3d6f5aeec72982e2318d057750d05d71

SHA1
6fc836922e724b6567c8bc966abf437a127f8a49

SHA256
655444ca9acd35ed4a0455dbd8c5b31e9d507ec0bbdcdfbda977761c5c8ceda9

SHA512
1def79df49d748275609b126f43cd0cb016b1bc71ba3fd6c9d649e4b5847c78a02937d68a6cd9bd4ff2e17e43f08c9d8fdea5ff965afa24fa8ae491287f445a0

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
79KB

MD5
e040d23e5cf9b9a32e8aa35d146653f1

SHA1
a62e310e5f3f1b13f72b2161e8761494f85e4f66

SHA256
1323c03e11e40a7c31e0fda8f934fbe60f1229d39926b8553d0b4037186e1f7c

SHA512
0a3d05153c80b8134d29f952dcdb35c1b46ea90e671d13c5c25492ed2396edc1e63b1e9743e18ec25e019eefba689cfc210e9ac0ce81d015bac527c2764d74ff

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
80KB

MD5
0ea66b541790d4fe8da16b1eee9f13a5

SHA1
edc7c7d1f7423b17d51078e8f2fa255a225c1b11

SHA256
064cbe81dac6b91383d7dcec99c5bd2bd9a3295b1d7cd93fc619d44022f33deb

SHA512
f7d16d076765b2d735f2faae6d113785aae441a50cdeaf81232a4d1da55c0bbff4d8f5c85d630a727aa82ceaac217d0b5ff5243e10261b3b05949b866ae2133b

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
80KB

MD5
f281d006ea0f1658a8c961044d7de207

SHA1
4ac5cf0a5e88e30bb3affbc7e9fb83454e53fa80

SHA256
d480c3801b47bf69b550196a73200e33917afbb76b69f121794e07b587b1b83e

SHA512
d3c33154c451c8fd00193525a8ecad1926fdeb9d10fe7fd2e186ccbe8eafc8268d408a80092ac8d8f0c395a35fa2564aa65b69f029db0b4ce2782cbc015b2c32

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
76KB

MD5
02c2f8e9f0e124c7f0d0beadfad5bb85

SHA1
53a14abaed2e82b313a90173681fcb0dbf3dec4b

SHA256
02f1ee8601ea224146bead1d4c71d541d36699d8f299eb23b50ac79c3a42a5b7

SHA512
db0774371eb8d6e4af1331109b7df54626590b7fe0288e24fd823abbab9c3250a5a8f3fd6baf45b6787db1fdda2d688c43f948b336a895e351346ef60a061def

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
73KB

MD5
33ef159e93d48325383cb7e77c0e6b8b

SHA1
84bc4fa9f34ce7224eef74abd207d49837395092

SHA256
be86c4f62a06a9f76ccf97b2aea8ac43bc75a6cf697120d04d4c20b5cc3309e0

SHA512
3e42c9f5700bb3a31e98baa667516d9ed3b7d5c0656457dadbb6743580419ff84bdc2f9de99e0119eac92cf642e5cc844f3c581bf37dacd81a19916833dc1f98

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
77KB

MD5
09ce1fcbd77d6a901230231e2e477ebd

SHA1
260a2153042302a5fd3e5b64d69a814fb6a58b01

SHA256
0b72f196bcb6f9a5e8ca4ec782cd90b7c3aeb054801bfadf27078c50b090bf92

SHA512
60f54a955d3a70094ef66b10e40e6858dc5abbba430ba1e80489146c41f650290d2f8b9478112e397d338ebc85473473e3037f4b62bf89780356498806a0ba04

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
76KB

MD5
f54c882f1718687b37615a12aefed03d

SHA1
c9d94968a69a3562e23805f879a9fdb18408d2a0

SHA256
f50170f98c406719ef799e71a5e9a6b896fe616d27c86b008bdfc7c1ef46d79e

SHA512
fc22d40dd0dc1524dbca95aa1b2b64f6894649fd81de79eda91222b5df41b173043af1d5ee5903b02d65401aad5bdd6eb05a5c2480a2700b5bb3e7d92c40c815

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
88KB

MD5
4d18bf730d01b92f9cd9ed21fb529822

SHA1
40c2d439d6d7fdf5a4f0b2809dcae6e9648e3528

SHA256
5a244dfc6e53a2cf899894ab68405a0461a48539f482a1a97b0342ce77a6d789

SHA512
5fad8df48db21e33b06177e9f18751afc26beb27b3edf62473017f37b215f1046897b24f3036816b3bf43f5d2799c2edca143e175f99c3d0f63729808d5ca741

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
89KB

MD5
46fdf231bb7d1007e4dd6cfcfff50659

SHA1
fc36cba4ffcac3c4bfad6c88b52b444b03da0182

SHA256
3266ca4adb667f153cc4c97d558915c7ba62ac87a0fffd1d56c111024a1cc3ef

SHA512
1f95114dbf1100c770f44538d7948df6e6b48226622d91d03d12058bc4e219daab639e07785e7bd70d22f61c58647508076ec7775d8711bed74b1c101490d767

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
79KB

MD5
c9d0fb62c919c55794403fad07c6d56b

SHA1
eddadb4e0bff2e1469d0844cf9b10dd779e74536

SHA256
9d26ffba6fa82b67de6e8c2947c058c2d593acc7712d3808e41192d1a48d44f3

SHA512
fab396d35f3fb58c45606001b2d3ea4d0c36d907788aa3a00aa829b326fa39644222e132c20239c9ca83d4596561d3288d4cc352d336d30e74d09b91bf528879

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
69KB

MD5
af982d0acde06710123b4756c8be20d7

SHA1
c43da45c05329f4ebea40f874d66bee53b62b0ef

SHA256
6b5797838c5c795a15a03c059d0ff8d221cc86d20c50750c2f1f5623c51ac333

SHA512
f4bdfcb055627057370bf38226b2483a0a92dc240c0cd4980f823d611436647ec9db0cea64d5790d80d765ce21f42218417c74f257d53d14691e9c376a3c3574

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

Filesize
68KB

MD5
2b6718b8617b98589e12122cb5895a42

SHA1
186599338ae2d658e2ef1994b32e1db6a317858c

SHA256
12bf486926cce935bc00a599acda3907380a48a7d4bea7ae2f362cdf5db3f87f

SHA512
2ac5886954ad2535eb552fc5c5f43bb1b86db17a1dd57db8b5202b0e65d4b044b1617bae9a579503c519ca3234ede1022c896c77250e18e8c254db7d1402e302

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
68KB

MD5
9315d26546e39ba5c3014d4c21921980

SHA1
b14b8c4383cef8e8f35dc5054f1f7b8fed658165

SHA256
a2e7c9fff16bf1b3183f04bf72a25bd8f3262ead70581b63ff57aecb704b0dd8

SHA512
627e21b50f806389508bb80160e5286dc4c0e3599caeca758399eb8594bd4983774dc3666b218cb4265953f56c8b6a73425bd1a953fa8132ded5f9e69e7d491c

Download Submit