aeaae484ab28e97f96c86fb468f94d477af91da2c2c9b65a15a2cd2d8bf61d17

Analysis

max time kernel
120s
max time network
88s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/08/2024, 00:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

346ec2037d3f9ca9c88cc73b6a0eae30N.exe
Size

162KB
MD5

346ec2037d3f9ca9c88cc73b6a0eae30
SHA1

4c5edbbafd7d02cb7c2c5834468b6d364937099c
SHA256

aeaae484ab28e97f96c86fb468f94d477af91da2c2c9b65a15a2cd2d8bf61d17
SHA512

0ce9cb83c4641e525cf063d4159fc57539cfb438ec01cab1481ae6e403284174e76e506a8a4e9a6149d133044eae7377900dee709e5238cd1e75a0f7ad4c8518
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBK2LUf7XQ17Z9pApQESOHepOHe8G+6H:69WpQE0zUzXE9WpQE0zUzXq

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4640) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
2832	_desktop.ini.exe
3052	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	346ec2037d3f9ca9c88cc73b6a0eae30N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	346ec2037d3f9ca9c88cc73b6a0eae30N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationCore.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Controls.Ribbon.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\dxil.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-pl.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\server\Xusage.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\GFX.DLL.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Primitives.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office15\pkeyconfig-office.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\.version.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Debug.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.IsolatedStorage.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Xaml.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-heap-l1-1-0.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-private-l1-1-0.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsBase.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsFormsIntegration.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xalan.md.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Classic.dotx.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.OpenSsl.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.SystemEvents.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\sw.pak.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsBase.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationProvider.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\af.pak.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-pl.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.V7.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-180.png.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.XDocument.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.Forms.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\eventlog_provider.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Classic.dotx.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.EditorRibbon.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationProvider.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\giflib.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-math-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.dll.tmp	_desktop.ini.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	346ec2037d3f9ca9c88cc73b6a0eae30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_desktop.ini.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2752 wrote to memory of 2832	2752	346ec2037d3f9ca9c88cc73b6a0eae30N.exe	85
PID 2752 wrote to memory of 2832	2752	346ec2037d3f9ca9c88cc73b6a0eae30N.exe	85
PID 2752 wrote to memory of 2832	2752	346ec2037d3f9ca9c88cc73b6a0eae30N.exe	85
PID 2752 wrote to memory of 3052	2752	346ec2037d3f9ca9c88cc73b6a0eae30N.exe	86
PID 2752 wrote to memory of 3052	2752	346ec2037d3f9ca9c88cc73b6a0eae30N.exe	86
PID 2752 wrote to memory of 3052	2752	346ec2037d3f9ca9c88cc73b6a0eae30N.exe	86

C:\Users\Admin\AppData\Local\Temp\346ec2037d3f9ca9c88cc73b6a0eae30N.exe
"C:\Users\Admin\AppData\Local\Temp\346ec2037d3f9ca9c88cc73b6a0eae30N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2752
- C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
  "_desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2832
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1194130065-3471212556-1656947724-1000\desktop.ini.tmp

Filesize
81KB

MD5
e3676999429f849a1456a98b8dcd2bb9

SHA1
c917287571ba2998c950c741728160b7c3849c50

SHA256
90e100a9f38e43ec4103624c515956e6a7225c3590967bf6bac1c5b3faf3d420

SHA512
16b33df8dd6bee0f9fd42d9e1f88a12ca069ab3fd584c97fcb020ef302585544d7d7e55c4b924b480587a5b0f9f2eb79041121f4e1e6cb6aed85fde523359049

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
194KB

MD5
36356413fdc71ab4e792f4337ce9073b

SHA1
b27d8ac7e837896c415db22a1197f5c7e618866a

SHA256
998ca24c2ab80b23a63d1377abc336fd88048728d8e33bc694e994b3a5a40fae

SHA512
7e585ec075855201c7ab0216ff232507af709194dfb2983ccecbe282634c7dbb47c817c6a16bdc1d57b95ad3f14e9472cd5ab752d4d8e3f67e496f9be1975716

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
180KB

MD5
010a30123aeef66fdea6414142b29bae

SHA1
5f444ae7be4683bdbaa06ce1eeb228ba1764ed90

SHA256
1e0070eff16ce7c6f7472be2298fbad20c8de277fc3bf2b2a7ba4e0a8a19cd9d

SHA512
f3b286b8b62078eed451dbbd267a19a723e9ffad600c39bbee40c25be48dd44638995c8c7dbb9fb98f390f008bc2d9d9d0e357ef55481d0b0c28e5931619c381

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
625KB

MD5
906e26601492afbf6b0434ba2fdfa094

SHA1
6e886c663197c57bc9ea3c6642870e2913226d6a

SHA256
c89c51be51fcc6d2fedf92e5d71e4d1182ac815679f3f81db838e9c4b02b88ee

SHA512
d1d6f4883acf148adc1d033d66d5e78e05fff1a0e4c75d429200e5a097a0de2adea1fd79c1ead320411ae4f9beb2397a6b3fe7aab98125d88a63e8897dcb7706

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
291KB

MD5
d5328a600f77e735192273a0e83fefb0

SHA1
4c1aa785d351c61b9e9689170ae33d6e0542024a

SHA256
b40ddcfa28935ebf2de49e0454ded40f9427bf3ecac835bb36018311862673a8

SHA512
2f0baea0a6cafde91db37e4b032b81054bc90ac8af5746b1ccf3af141371c0da1bc1c470dd2304ff16533f4c83b27faa49c471f29e34a23af3d96ecc0789a7a3

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
1012KB

MD5
ef9c019e0da324d2794049a3f2752e0f

SHA1
86d8b07aaf243539b80fa25b4549e39ff14ddba7

SHA256
091513879825ce959d022653ac164d362a82362f8fb572846cb38395833b1090

SHA512
bcf37746bc8bfc6a3aaa1554d2fadede06161d9e783fe58d69b7252067c9b34374fd0469d1e19b72a437c17bb495519e263db5be5b7f2ee28277d88f3822a095

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
765KB

MD5
da06f874cab28c8838dba3b97c6f90f1

SHA1
14d341f90c826ed48843582356b93690bdf68323

SHA256
8a7c00ef1898b8d24fb325508de75e5d79463486b63e3cc7a5075c1b5ca79e66

SHA512
18fd7e3eb5332599ebade0ce41287059732e1ae4682539f7e7b4021bf4a19a1a68c9f239e1f1b11029cdbafa793d6b2f9d3a5b00bd9f4b435ce23464f208911f

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
91KB

MD5
dd8ce61601af5379c72fa3a98a1d4574

SHA1
d6670657fe97b83aa50b7c7757b40caa5fb9f093

SHA256
c7c9ccfda4775f41778c3a2f60a2870d229b6f53d0d2cf62f6c10e6b79e59f67

SHA512
cef472b16ca5024a0a7f628da087e9a54f8ca385037d5b409ff15582236d132a95aa7bfdc1592ebffd28e3f0ecefbd9c2288312caefe1a91813168865e3d5dc8

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
88KB

MD5
b3022450932fb37ba02ab88999b6d968

SHA1
beefefdf7aa00adea08c2555a8852734ace45824

SHA256
3f1a08a98f89388e1286f0734bb57a84dd1b3e4542e3ba4d6da33c6db0088637

SHA512
fce6a09ffefcec114fc25488868f2fab75c81e9cf66eb2e92078fe99e06cf7ca2d7e7e696de50f619413a70a54766a44b821a3dff336e88987c5285a17b45124

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
86KB

MD5
d909527df5e51e87a43c63101d98b31a

SHA1
0dc64a5bd203d064832aa06ad73f6d08a324b0eb

SHA256
6fbb1f543485d7d041cb57aaa74c6ef93e32881dd8919347d13cf740064a41cd

SHA512
9b800d9d6aa59846971e24cfe609df6f03112e6c04c5c53d136951fde56b8e6df0ba9ad4d9c2c08f88e86826a7c9c93b3ddd0d916e891d95befdcfd1c6e01e86

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
92KB

MD5
cf7137b324011f5b65e7f91e7fde44c5

SHA1
ba8170b3a93c71d34cb02210622c6a5e3848c59a

SHA256
73355a6fb6ba7ccaf07dfcb1ada5cff620f8b4a6bdc47661039f0f31dcf8383d

SHA512
af178c059e4331388d60ec2a9abe156ee2b1e64252900e0d672351b419e489c0d27fc93033080ab07d5aa6093f839c92fe986c6503a9e29e7e54c224fcedef90

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
86KB

MD5
f101d4df4139770d916ba4c79767a1d6

SHA1
bc2c6fa2a5629d1b5467616701fccfbc02f18663

SHA256
dfdb3e2d8143f7f21962901420b18a945690aca31e5db3605fa44db68a31f0a8

SHA512
83d143d7b81aaf042c10990cd236ab6c8b990aa69a509450c4983fceded23b15e086d70893d4b8ec6e8c347a3cb63c70c6cc612d5b765bb84a7d5c39bc5038c2

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
90KB

MD5
b7bbf9ecfb110def889f5c2c37330e07

SHA1
0aa3ba9491a0369ec469d1b3f8f45ac3048b7d9c

SHA256
68c29271d3185e9f02bf12d81f595033a9288d0a62cde20a290e2b9a59c32b7a

SHA512
3a21d094b2ced8a4622f7ceb9b0c773345f93e30b9b50d323d7892176233705e59265f4db5f8994759722bcb06e9fae31b534643ac675b7a197c2c2aaf634833

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
81KB

MD5
56ee31f8af570835964d92e769c5f826

SHA1
5a9f0752c1b5ddac4f8680936b905419a85cace3

SHA256
4a8e1f2367f8f4058cccd031f6f9c6bd1afeaac52f83e6ec00d8a5d7b6ac9d60

SHA512
81895e24260e704fd07771585b332c6b943e1e8857fa94a20af1b289bc653134ad202c8eb105347ecbcb3578a25b4689eee1720bf1f77b7e1098bec3b0d9eb56

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
90KB

MD5
b7ba29501491dc818cc74adbc5a45111

SHA1
0be704cb137414a8b2ad735d36c677b3e5104eeb

SHA256
93ea0ea9d7e417bac4e35987a595c6c0082b178c0ee4a6e191974b9f94765f75

SHA512
1ef91c87e286bed4a332320d1e2dd077dd73d11bd1dcf3a1b8664f6fe3b100bf2e2c66f2ea434577eaa53758d724d388c5cc3dc8734ddec078e4d417b2310bb4

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
86KB

MD5
4235d7c3e4ede8ff9b60fb2e4d4aea22

SHA1
e1d1e741ee48d4bc8fd406652776ca513979c77f

SHA256
62554ab0e0540088ea3369b0975e626813f9fd7d4696f561fec0585d2b963da8

SHA512
6fe1dc7c7ffe6c810950260aee79dfa2edef35cbc4fcc94cb0fdcba5c665edcb023b894e89269e28e863cffd189448b40be35179c2c9c99c2591cef26c7172b0

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
89KB

MD5
c5f8f2163822f476f02be9a344c7c4ff

SHA1
4a82856fcb327b8c86e6b412d1b291058d352a5f

SHA256
c9b1bd738835d77eba386c6e03ecf04335de4c96e4deedb9ac7bb505f61d0d85

SHA512
75478e8a47c8c6228f0d9637a4ded6613d92d89cc2928c5edd815f01e0364b5ba8f9302da360ec4dd6a22fbd13f4dcfc5f4155aaf4aef4113fa6ee89df071fd9

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
90KB

MD5
f6cea334e8b215a180356785b1833e95

SHA1
ed483bc82d77b99cac598aa6cc6bf5b9aae9635f

SHA256
2c282c2b2d66f95a71a18cdf858aec54c1f64c7251d15949e97d83853dbd4879

SHA512
0ad80b3334f798d462e18520a2aad13e555ac26ca8ecf4ea40964cab45357370b0defe9aff932cfecfd5a00698f23b96f7e85b86c8ea37bff58328414ec1d5c2

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
97KB

MD5
1f8753dc3defb5284355750be58edc58

SHA1
b64e28c041e93885f013a7cca14c3fd2242e0106

SHA256
655b48669a6b34b5d24456eb51136623e3d401a8ddbecb1537c324e1c6d77ddf

SHA512
82bbc8a26d5fa90a37b541417dc8d2670ed179b4f11708fe3394a4468223d4872b79f84aeb37e41a0d10126a3e5ca2eb545c11d80f5a9bbf6ff49fdd5268ae41

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
89KB

MD5
508e9afd1f13e96029db32ae418399e3

SHA1
fe89e29d14c7b557562321997a15e6dd74c429ea

SHA256
4ac93e1a73cc9dded3e9e3de5b80aca322dc9302c7ca5e27a62d070b26dd2f0c

SHA512
fec6566b908f06a01b8febce0df2c19355d29082a7c2eb7610188266d598a2998c8baaa572d2c4ce05403713e688ab8a6d5b27718eb0ae3d446b5b83ac7c5624

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
90KB

MD5
2167e1d423321a7f56dc8e35cfbab25f

SHA1
d7bbeb94d2dd832c17b434c27fcd8411a98bfa99

SHA256
5485ab1e2933210f18d3d6bafb86f2d085e9c5b429b533c3de7facbc7937f027

SHA512
8aba9f76ce3821a40a79d9858610de408e2b85f5ac892d2272361227db66e53d319f75eb5d7e0e8b6c128a46dfce69037802965c60c1d5013ee69a87228aef92

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
94KB

MD5
4222971e0faf520fcd7ed9cb2f7217f3

SHA1
beeca4f48ec4b643ecef988a8382f5072e607f75

SHA256
e4aee46b8bbbf89310eb15d793f8b49b2ac9430fa9d35f2812467f78822fd0cd

SHA512
b1008d21c660d4faecb427b031b6ad2dab4810dfa8c90592af809fa5cf54c2b66acda0e6fb3c35823ee1325fd8569e8f81442da232366ff48a9c8d62c697be2f

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
90KB

MD5
bd0ac2a2b1c2dc5346b200fd962058ae

SHA1
a0d56ca0fae0293be251c534f72d9b88a25a335c

SHA256
353d4489cc6f9c3689c839fd150d021d0e15ae1f3e34f64185f458168afad381

SHA512
24f1541752d12470f4251e290af8534d7bde62480d0b6e3b99e4d5633ff5e317710261f02e1b96b0059da7d0a51e4bf5388263250836f33778149c8538c718b1

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
88KB

MD5
693af5a1665da037c9fa92e50485c1e7

SHA1
e5dd03dd09a61dddb630dbd390716cccb48084f9

SHA256
6878efad156a53fa905dc9f603801dec12576e55d802b07ef255ea788cdd4b64

SHA512
c4ec325afa7beb7d8552d1f66d95d307232128e0aa0b058fed8fd8c768d1bc13a041fae3aad308a9c66da4779213ef8e523fac3eae7f9a0a8e719910329768ff

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
87KB

MD5
fc290d7b346e889160d1c815e57cf974

SHA1
8f7d1f11dc92485d71358b3576c34ce4be8606e7

SHA256
a0409edb376b41383ef4c5ba730afd64c47f64968fb0bccdbe660ec1bbab6e69

SHA512
5a4b370fa21f1f9e8fd5fd3449e967376338444ed0b447f63b9e19dba604d9f05514037b2c0f34c5f5476998f15724ef4a0cc8126aeda4cd5a39d8555f525990

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
89KB

MD5
c7815cb3f243def2b32301ca2d751abe

SHA1
1aa5b26375a4924b29a3c94c5d423460d68dea48

SHA256
90715ce17b191a53b7a095b26783b9241e66a782a5951b5b6813d0ea514ccfae

SHA512
adfcad513b6d42ef833dad4882fb3ab92c117a4e1be98dc18183fdebd4687df80803da8f1b0e5cddf9bf515737f42c1feefd8baa62125d71ebbc88ccf0f461c3

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
90KB

MD5
2817e9f2fe8da42dc3c35ed4a1d49c71

SHA1
b49c1a000bc940a154d92879ebbb3770b9c5db28

SHA256
8b837a350746e92d89a4de544e449b718eeae83a0bae2b437f790245250c3243

SHA512
ec321acdc3394dc10e0745f26417b68c1b11d19bd5a07b348eca876f07862c72e6f9b58ea4b9dcdddcae7aa7d1bdc057a2d00ebd1e16191425444a88689cb9e3

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
98KB

MD5
f019bac5214add49aac851433e3f6ff0

SHA1
6722fd5562f9f9dd00db52eb490125749666a068

SHA256
82c8d5ee5da2316085350f0c323f99ec989f3a1cf20249536e1752c21c3e3df0

SHA512
4955498332c402024923bef42ca674603a6e6e6a5c90d5d003be6be3d66f2a32b92bbbb213f2c65160f75d30fd79bd2120f53e6061329578e9107dbe1d5d2062

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
99KB

MD5
6383e4f8c3953958de5fbcc1066ca371

SHA1
74feb5534558a9560b8afb9b6b9a23c77a17d609

SHA256
621da828b339b46d51e61344740822c2c5443a6456c1441618bdced1818a2260

SHA512
d1b59e29825c4a3d36bccdf6a4215493a2083816f624de01237d732da4573d3a3fd144e323f2319172a283947b4deaae084fedacc6237def91384e940682db2d

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
89KB

MD5
982348262661818b99b9bed8039d823e

SHA1
d5d94561ccd83815b152406e390987af66b8ebe3

SHA256
03f8e39613fde523b5f8d5cc6da93d3272cf3f7232f0d68385ef087927656d69

SHA512
704971653d91ed04ac35b6296fed103ab9e35c7cd1a309c6505f0780c20e632f08e236deb57810077c16cb085bfab5ce086f365d18e30242e78e160b1a9fb633

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.exe

Filesize
95KB

MD5
68ee53de50450221fe6ce179ccf0bdb6

SHA1
a8ce0de3a21e430ce3e776ce4a92ff1b5f6483ee

SHA256
a789a7aa7b480bc5c5c238a1eb31540178216cd478b2321ceed3af3857200dd7

SHA512
5061fb340b20b1418663c3ff69624b4b3855e656e0657571135cc56b4e83b1c2ea00824412a2eecbcaa85f53ad47b12947d4ab269306172bc48e91cafcc74ff3

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
91KB

MD5
b93c0dc38bab6884b6a1943066fa0abb

SHA1
7d131e1805c209cc9cdff80ddf22fb4c205af387

SHA256
997d6ff5c998760548728ec964590fa95e6752cbf4a1a79048331d72d210da3e

SHA512
50167678a59080efde6885e99c5b9447f7dc032134356557bc8b60248b1b57c0afc71846a81bcd1b27a5d616ddf4ae74142ab7ac34136f0751fa0fee2ffea87e

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
99KB

MD5
c0c831f723eddd2f1ea5241ed7861c22

SHA1
f44df06c532ba962ea1308e7e59508e8eb06ee62

SHA256
83d81248f6aefdc46b554709e3ba766138c71d957ba636dcae19c514782b3196

SHA512
4b0c5df0a7c9ba708e9af385bd05f33b2bddd56584b77eef07dc7dcc499dce9a034d99a1f0146aee8f4cde70b14c0ce69786d33d94fe5a17ddfdbe91adaf87b6

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
91KB

MD5
d0f05767f5f7d3378a7b8ccd27b5b154

SHA1
338e17603b2480d87c695a451801dd37cb59e5db

SHA256
64f779d1204a2c8cb0dc51396e537e9d376c55052c1a28ba2613f08da8d8f14b

SHA512
3db7840ba32dcaf8e631e05ad8d82373e32a0986513b0c2ee09b42fdb0e479217583120a7ec3425908c5ada5b12f8bb96b44300363f8847dc20197614b56e82d

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
93KB

MD5
09d3c07aea7d5a467b150642dae62a28

SHA1
5d3e4d2a7b63fa616f783924e9158b56a56b218f

SHA256
87c308d9d29593081077a843f5f989384696d40f32ace969aef09d3a03543984

SHA512
8a924dba924e56f668b19fe61d7e02c587ba6ecda599a523d9d715d6a04d71604e224057c42a19e02ea471b63743323572a9c4c095019f2f19b2a11119eb7a39

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
93KB

MD5
0210962474cf18721988980de159fc0d

SHA1
8b957b61742f1ffcaa7e699d74ad14359b2ba6e4

SHA256
5b9c360782185a2665717bab0e0e7c151ea594ac0219faead9dae4a76469f5f8

SHA512
d52dd149c93f8526be2e033f4ce48445efa46e3ecb6979c6d72e9376c262e015fb27adfa9a7a3b96edde441c7925d26ef95cc1ce6c84913fceb848cad8ee4baa

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
81KB

MD5
edccb41fe73b77fb7fb7cf14ae566c81

SHA1
29f702737a08cf38cebdbc5b890e9502ba4262d6

SHA256
efa48a7369ec0767de462312898c7b9e85b20948c6ae0b3d8f983cb7933a7cc9

SHA512
f3675377ac193c779f0546dc43446f0b80b30183591140a0573240c64230041c123e98752319910a56047a2359882bfd9b8f1615f8c331c8dc20ec2f4c9b5866

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
90KB

MD5
d7df9ce5f40242dc60a8836ae09cc89d

SHA1
aa5dfe49e7ec6237886581b2a0ff6401a143f679

SHA256
394dac09a05563408fd5fe30be3fa19ac60ecec40e9b7417f2c927d27ff2ead1

SHA512
4f3c4429e090a479db8d289153ff58bd0463e757d3445f03d8d2ce33bc9f51c99bf5d9f249e7ab8ab61ecb56b26f568ea16b9ae0d854a20c29b2df2d1c057fd3

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
86KB

MD5
9d0e06b4536625675b85f0cea7b4c538

SHA1
9a497534ce1391cbc48c70e2fe7e274ddfe8988a

SHA256
e25aac1b3d60191f233b8b893861f0f8f3bcf3d9ffb310c71418b0e17a3086bc

SHA512
61b488e0b0fc069c9f285a705cab133c33f518bdefdbce85d0788754885210efd6496d721239f71ebf13afe3cf5435a2dff130cfe843ff771cc8eafc86a920b3

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
90KB

MD5
4aaee3d1a9628541cbc638480222aac0

SHA1
fc965a46f7db9b63b092e0448931074ff23bd9f1

SHA256
e039e754889885721168f9a67fdf6f6a0def92d588d6421d97ab72fb5c2c52a7

SHA512
2365c69e78fc47d59c18a1806ae06abf6d9c37a27eae1291ac01cef478be8e072d68636d3495085b5b0ecf08b238e5538504310e44572b3e1b38a792c12a5df3

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
89KB

MD5
7a8bf227010dc71b55f4b5e395f15c4f

SHA1
dc3cdc6f704a8fd94e435a267dee484e226854f7

SHA256
c3649da069c4027cc1ac1343118669b23541cd9137166593d15912fac00ee0fa

SHA512
951a8c52ad3211c4e72e9dc5223384eae987dbf133a4b140b59944bc770951ef1cb54d2a05920e884d477cc17b9b81b6216a4418078a08c7a10c9ca23bd4fecc

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
101KB

MD5
f6fb1111b14754f7ddc223ec80f608bc

SHA1
be38f82e4bc23dc27334210f4788e02a251a167e

SHA256
c16e3f7d39d22cfb5bc5114d949ae053e6636cbd44090790013e6db3282403f4

SHA512
8942c611b546d338e5a8642989ed9712eed8f49daa12f9490d45dda9cdb5de1758536f801287ddd9d75e6794c3d123f805bf1a8cca92beb3e7c4997f143e07d1

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
102KB

MD5
1f0dd6f0d3309edff927eda0c7cb384c

SHA1
381c86c61c6d5de7d13cfc701c2b2888a82aa035

SHA256
4447492ff922c57d79184bb196240b9fcda995442d3fe5bd8d62326692822a62

SHA512
2ae203ebdcb8f552ae01c0f5d366706e1de2cba633811f38dc3fdec4e42403a420b680afa0de5836b8959ee61d192e534d77e317955f7ad4bac99aa433d8fc20

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
86KB

MD5
564639fbb2bf01e08482d8af5ede9dd9

SHA1
f598e825d5c36e777a01a35afa8776cf4db6bcdc

SHA256
c661d0bac9518d89a20bdeda0c6894c8f5b446613f5de2e25a685058c14f08db

SHA512
3da8c24b6a3eaa1d4d29246127a1c5541f26183241cc6ed39e3e06a71065e6d673030bac80bb681208af14124e01c2218f9c356e65748713674ab002c10e4b00

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
90KB

MD5
c790d664d0c8ce94c04b0bddddfb1c11

SHA1
2eec5be1a29188aa8b7b9923e77f4639c23779ac

SHA256
f59e35c597323c05c56c80541835529be76c6767174fc2c1203488a38fc80add

SHA512
be0c5d40b0b8f7d76233f26cfd6388a1b6269491e74ffd7d5892c32e6a33fbbc9ba9ad862526e5c7a2b6c9a3d690a94df5cf4828411a86a8f54627c2bec4e73e

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
95KB

MD5
fb01f355883febbff4d06888b2e5e4ed

SHA1
e72b8d47ad879b51af90d18c21a9308552246328

SHA256
9923b20aad033bdd0c7367fa085e1754d9539361145f6b2d73859ebf464ac840

SHA512
5ac3fe1843eee40668c3102f2ed5824acd160fdf99de4ab14b18f1b9069adea7d14795b66a584613fdd8a998c34eb397d2b2525697b50c75324928b934b190d2

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt.tmp

Filesize
91KB

MD5
94314303a5130580dea480394fb5742f

SHA1
dfeb52b77ed2f759d82d0422a38d0703e628db63

SHA256
2827a8f05de377de0ff8b60e97f9bbc6d26caa7b26fdd83886c786bda211bf1b

SHA512
3660fb41f4bf957b712b9ffff085d99cefff3df12dcce27ce55284826fd832c7826b33003d8654a739868280324bade1e941120410c3dfdf410f8e526bb45641

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp

Filesize
90KB

MD5
843cdf65320734ec3cad3d847f30a2be

SHA1
aef015c2c899a2f347fac1bbb0404f02d694f811

SHA256
f01c03cd1426628f8c9590e04934e096d564e1d6f76e7ef7ac20384ed3fa8474

SHA512
45abf3267c4727b8042f573a79b99a6521e5eec04ed03431bf056be12b436002dec9ab369063c904488f993c83162c70d5634cab8b5c68d2b535c20fbe63b7d3

Download Submit
C:\Program Files\7-Zip\Lang\pt.txt.tmp

Filesize
91KB

MD5
6809b98abd706d2f46d1a343b47fe3ab

SHA1
21ed626b3b8b18d89310276a1192575792443c07

SHA256
28a338a57f60b2ea01814ad374141e3dfc47bf762eabfd0b87a17b673665c17e

SHA512
827cc390d22ff2f259c9686e2f6fcb924720d54d7a8f6423329cbbf9549d5df579d2452a4086ce49a21c7d99935c565d6310a6bac7e1dedea66bf9bddcfd086d

Download Submit
C:\Program Files\7-Zip\Lang\ro.txt.tmp

Filesize
88KB

MD5
cfda4393751ae993744eab0840bf6daa

SHA1
be6c874ce9b298d9ca795823d91c9b435857a158

SHA256
b2383ac2956527af779f093f758a9ded7a6d4e803370f41db9c1decc7c6854dc

SHA512
39ef8a9c27c69f332bea9b7e9a9030535bee89475924a92aeaea4f6aa4f182513402c367df1614010941f615d7f57851c5eb37809549ad7267b22ff25601439f

Download Submit
C:\Program Files\7-Zip\Lang\ru.txt.tmp

Filesize
96KB

MD5
46dec75a092672ebfddfb53d5d8eb804

SHA1
5691670a1f77960e85362315f1a9f1d6db678d83

SHA256
55574048d30881470540e19d4b65e139f124b58245ae3decde6f158f843bb381

SHA512
ff631934073df96e8603136aebc080c0a4f056cb9a5497c9bc8b25ce0bdcc85953c9e81444aa1558b497cb4d4144fc2f40cdc2d04b76132af4d7fd5391b101c8

Download Submit
C:\Program Files\7-Zip\Lang\sa.txt.tmp

Filesize
99KB

MD5
574f15f86718033712fc08a7166840c5

SHA1
f8ebc2f2fa9ed27c445eb3a72ef1524c411531f8

SHA256
015d550bfe74d4a0e4b750a9cbfd01d9cf082ef61eef808c2dbc6e93ad002567

SHA512
518b6b8192f660fc7019eae52bb0a4be7c07091543e8930fec92ee175d9789c807dd5798e41b4ea7286a7c9979f4f5460749669399acb532e9770d44db76fdab

Download Submit
C:\Program Files\7-Zip\Lang\si.txt.tmp

Filesize
99KB

MD5
2d98e2ad9be4d6fa7e18dd36b59fee28

SHA1
7be747e376ed3aacbf98f2cf9a316ae786db5636

SHA256
556e0b9dcd75abeb23305551869d2198f09ee7b85161c5feb1501d4cf008e280

SHA512
6ded4df3eaf727e28eae185530b40181b46aaead5d9c776bd332b61d8505083a5d962897088de9b607a0af6092cedd99a0c737e7f4e4d8a0cadf8426cd006a48

Download Submit
C:\Program Files\7-Zip\Lang\sl.txt.tmp

Filesize
90KB

MD5
f7f0a529a6b4abef9deeea9392be70b4

SHA1
1adc355a878c7cafc2eea7a0472aa97f70d59ace

SHA256
4633da98783527301aa613dbd5a2f1ff77856418530376a31ace8cf4b591ebc2

SHA512
d1a547fc2304faf15bb6b392facc23ad7631ac5f3cc4cc97474aba60f8181567dd36148a1e7ce99f5685aac96af6247a74393616d34a2a4675893820283d4769

Download Submit
C:\Program Files\7-Zip\Lang\sq.txt.tmp

Filesize
87KB

MD5
2815666e091aa5194500fdb752b3277f

SHA1
c9d376d7746e48ea3be6f7df9cde231efbad59c6

SHA256
cbda1bdfa941466a29533341049cab0114cc8d44dc0fad5846420edf9409dcb8

SHA512
9aed9bd4a48f537c1dd9e88e7edf49275d48bf07e1dcf0a32d8c2968c0aaf6028b8600df1bcd2ce0b02db6e479e643f0b33db57f9a3316e039db7e38b550b919

Download Submit
C:\Program Files\7-Zip\Lang\sw.txt.tmp

Filesize
89KB

MD5
0b0bb24730eb8a5a532365c31e69169b

SHA1
3bd43a1cd4f176a33456298ba48fa5ae91f3aab2

SHA256
0d3ce89ffe5625f72da5a195daa91807497e55398c4201c78a4194dcc4713b6e

SHA512
7b18b92e9f791bf32d04a6a165867d82cc9dace6e0f144cdb1d9fa331295caa05c830fd0d54d911921dfb0cd6c73488f84811f8d460b3044f3fd764110d95eb9

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul.xrm-ms.tmp

Filesize
90KB

MD5
8cb615a635401ec3ae5b5637d2bee347

SHA1
73c3c6154530f3f2c4f4d22b8081c4e303735c9e

SHA256
51cf6e0ddb60a7831a7eb9dca80b50397a2ee060acbe5180b1c3ceefb6cd8bd9

SHA512
e717ffcad356fb2bb3dca5ab9b335c2b47721dbd04b1388ea09209f252463c0ae59c8a2a501f66561833214e644a85a6140383c40ecbe8b8e6b3ff563e5ba76e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

Filesize
81KB

MD5
f96ac2eabb25663b37ea845cd843e85b

SHA1
0476b213200e18aff8a6e8008dff1292145db500

SHA256
1a0175bb05a99693b5520f690851569b4ca91d0ecd99f921a5879f1221c391c1

SHA512
905d5731348d8c6619228f41b60deb4041a8d6373f48457b4dedf4ba6413923da883edacd0220ea8efc54cd63bc2e29dccf0e5ad3d7f377a68cb3d6e101e507d

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
81KB

MD5
eb27c9dbf4ad6286eb9888e391f31db3

SHA1
a29adff2abf0aa67526a982277668215a38d8be7

SHA256
caab8ee4c9993b500221d692d3312f50ec41f1e1c1487d7737e65a38a83e773d

SHA512
8e4c39cf6d0b34275c0aaef17eefc578da0481f00a21a6ff43168ec53eeaf4fade0c1fc017740c63eb6450dcafde5e87c2f5d6fe23e1279c0141e84a04eaa7d5

Download Submit