c9ab8d297e8f2f019872adcd4d0b518e28d709d7f1f746320de1c94d11651328

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11-08-2024 02:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c9ab8d297e8f2f019872adcd4d0b518e28d709d7f1f746320de1c94d11651328.exe
Size

115KB
MD5

addc7828a829dc5c353789c386d12457
SHA1

5b6308cc1dc1f617979e48f8621764db1f80412f
SHA256

c9ab8d297e8f2f019872adcd4d0b518e28d709d7f1f746320de1c94d11651328
SHA512

a9d8fc5adb22a2ca7c2107123e9a9ae09279d1b46ae53e9bf9ebc6373a7b20a85ac7a53e816e17a69141a4349f2d8ee97d9ce67d34a710b7638962aff7b1040a
SSDEEP

1536:W7ZppApktshJYAJYDVXxX/7ZppApktshJYAJYDVXxXD:6pWpktsUVXxX9pWpktsUVXxXD

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (5169) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
1844	Zombie.exe
4176	_Desktop.ini.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	c9ab8d297e8f2f019872adcd4d0b518e28d709d7f1f746320de1c94d11651328.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	c9ab8d297e8f2f019872adcd4d0b518e28d709d7f1f746320de1c94d11651328.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationCore.resources.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ppd.xrm-ms.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	_Desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XPath.XDocument.dll.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsBase.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationUI.resources.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-phn.xrm-ms.tmp	_Desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\rsod\excelmui.msi.16.en-us.boot.tree.dat.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Numerics.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\QuizShow.potx.tmp	_Desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Xaml.resources.dll.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ul-oob.xrm-ms.tmp	_Desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.ILGeneration.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Controls.Ribbon.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-phn.xrm-ms.tmp	_Desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-180.png.tmp	_Desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sfodbc.did.tmp	_Desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN089.XML.tmp	_Desktop.ini.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Formats.Asn1.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\ReachFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.ProtectedData.dll.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationUI.resources.dll.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsBase.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jp2native.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt.tmp	_Desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Input.Manipulations.resources.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ppd.xrm-ms.tmp	_Desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NL7MODELS000A.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\splash_11-lic.gif.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic-Palatino Linotype.xml.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\rsod\proof.en-us.msi.16.en-us.boot.tree.dat.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	_Desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\dxil.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-pl.xrm-ms.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebHeaderCollection.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClientSideProviders.resources.dll.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\LyncBasic_Eula.txt.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\glass.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\bin\net.dll.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\APPLAUSE.WAV.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OART.DLL.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONWordAddin.dll.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_Desktop.ini.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c9ab8d297e8f2f019872adcd4d0b518e28d709d7f1f746320de1c94d11651328.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 1844	3064	c9ab8d297e8f2f019872adcd4d0b518e28d709d7f1f746320de1c94d11651328.exe	84
PID 3064 wrote to memory of 1844	3064	c9ab8d297e8f2f019872adcd4d0b518e28d709d7f1f746320de1c94d11651328.exe	84
PID 3064 wrote to memory of 1844	3064	c9ab8d297e8f2f019872adcd4d0b518e28d709d7f1f746320de1c94d11651328.exe	84
PID 3064 wrote to memory of 4176	3064	c9ab8d297e8f2f019872adcd4d0b518e28d709d7f1f746320de1c94d11651328.exe	85
PID 3064 wrote to memory of 4176	3064	c9ab8d297e8f2f019872adcd4d0b518e28d709d7f1f746320de1c94d11651328.exe	85
PID 3064 wrote to memory of 4176	3064	c9ab8d297e8f2f019872adcd4d0b518e28d709d7f1f746320de1c94d11651328.exe	85

C:\Users\Admin\AppData\Local\Temp\c9ab8d297e8f2f019872adcd4d0b518e28d709d7f1f746320de1c94d11651328.exe
"C:\Users\Admin\AppData\Local\Temp\c9ab8d297e8f2f019872adcd4d0b518e28d709d7f1f746320de1c94d11651328.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:1844
- C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe
  "_Desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1194130065-3471212556-1656947724-1000\desktop.ini.exe.tmp

Filesize
115KB

MD5
a48f351afedc2b4654c6586cd95fcbdc

SHA1
ed243395d9bffa902fbc9e7f7521b1cafe671706

SHA256
8448e4ae2d40c4bc6e396455c685204f6c536975d7c45aec60dfefc037af9535

SHA512
91ed630600e2e4c9bed31b014ae3576e3bc6a8613afea3d8727995c7de9850a813fc33b7304629625a17dfea7f5f89bd7a719d666436e83b1c6b81c114306efd

Download Submit
C:\$Recycle.Bin\S-1-5-21-1194130065-3471212556-1656947724-1000\desktop.ini.tmp

Filesize
57KB

MD5
744fb493a75f8b41287290ef1796f1e4

SHA1
15e50fa3596cf49e38a0543bdc3c88859c6b3208

SHA256
f774147688e404cbfd176b0c73f854f560b85a4bbbfa6fee33f7a9b2d707e437

SHA512
24c6f04cc242effe2689dc465f0d6261b859d323ae05fb3e5b0db2eb7cef119b3b83aa0e6d3eddaffa4705708aabcd2d29678b98303a72c6448a2b9236d205b2

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
170KB

MD5
619375c7286f5289a5eb9d2c7396b83b

SHA1
ef4727bcd44ddd88fa6e78f440bb17d84382e0f0

SHA256
41e6eeb826aefceaf120660f8a340f7e4c5dac43efad5ed8a391b7714f9471e7

SHA512
0bf9682459da39bbfaeacc454e128102e341f9d5818aba654fc51d79d9f0b0675de0df5b4f2234de11df20903b60d77337d25dbf8bfaf4f86b1e75d5cf27aec5

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
156KB

MD5
57d6621b37fc7845312eba5b0dc01642

SHA1
50ca39196dda00dcc02b1f3459679b2a786c4e45

SHA256
4995823a1b724ae5bf0679fdbfbcb8a68102bc37bd8a12cd1d16c3e1886f6950

SHA512
e6e07404968765c3ef88c8e989f86b913f5ad1905d6f3299d6a0f231071415c354a6e6598678a3ecf820d707ca878408153ecf1acc351f5326d46156f121fa60

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
122KB

MD5
6728c3a49c1cb3155c734e51f10a41e3

SHA1
72d52c02141ca346ced5a74f709f825a9f4ed37a

SHA256
43807b647c789e9684ac24c77e72699735b41dc1f9d1fb090dcf6bea57e446c5

SHA512
f0ea6e9409c699fd508d382eb30e268eef7f3a729652374bd0132cef7f4e51c228353aa95239c1bb855628a02f60adf9b553c3b7ea0878b35717b2ab4e97cc09

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.2MB

MD5
9c5068bc5cffc07a6a5d37c371d9bd7b

SHA1
5cbe2f7d36b1acd52b19ddf4236e4fb1f0b55c31

SHA256
be173f3fd0147822f5e46c215c488a4370bc8ba72f27595ee6e7fc71cb7c9bb9

SHA512
305f9776777e1ebd1f941f85d54b58337c3a83067ded3ee440fd465a2af922bff95f12c7f9438ce55ac48ca267b0e6bc5434dc98f52e849aae1d16e79d1251db

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
089289a4f630cca39a6eb25d4813b70c

SHA1
eb977ed87c11b5bf731f3e355dffa2c6ea95ca63

SHA256
f77687fe7c7759a1a4248d318d3348e5655636ba2ec5c554f39811e0c71e8c1e

SHA512
16d050f754d37b8395e858726eecc4b8719ed09a98e1a8524f1f9de44cafecbab969971445608be7fca2c011a3de81d22011fc88e53dbada8aa86816783739ac

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
602KB

MD5
41d0d1c5a074ea3f752e3e94545db14f

SHA1
99d71b8f5d8451ce82491d134857d2f14040c53e

SHA256
9a1bac59a535850b55187538d4fc1e93acb5bb7c45575398bb9c1275ce2cfabc

SHA512
ad2c134485baced5aafe1847191edf3e8ad64b50be1c4a97ad5417c07077f8de9eadfbee2beb409741a05d56efa6b8f5c992cfb485148211d05857c6ac954988

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
267KB

MD5
69179f726db8ed92aff40b47cc84309c

SHA1
10eeba86f792bda0bd473c4050229dcae5cccbe5

SHA256
e9a4e6ba03f75142816a8a2dc9c303f9e017302a5d718007f5a7af17568d129f

SHA512
31948ff42c4341fc8ef4a08eeb5efc0262dfcd07878e51701b69a51361e2f4c691f15abdb3ba1e4a3f9d31fe52d369490e1296eca3c91f1c90c96dcdeccb0141

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
246KB

MD5
b9e7c530845237cf5d867de1919cae6f

SHA1
0ee34a8a3e33f5b210fad4c8ba7acf9927fbb3d8

SHA256
f475b52e65c62c2020a47b8f3b5885df09e095b2fff9a0c444ca3863cb87e361

SHA512
1988f1615ca067464c272f3f2d4319d5a6adc6f91af6cc4bb23e417d5e3b917ecd4eb6cbfbdfcf07be3d6c4abd059e9e7d0ed1f6312bac1eea6725758d8b61f7

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
988KB

MD5
911b4c30286b6989e917856054387cd0

SHA1
221838ef2f02e79a4f878c73a6c12f27f4e5ee83

SHA256
bd842c96e83aeca91f9e31a9b3b75cc1ca440dc51146572756993606764ebab8

SHA512
8071654e112b7a185309589855a66f0ec20698677b400f31b3763efb3c7d25e3ad1bccc7896d6803296b439b284e938a4d7ecf31712c597a92597e4b53d188df

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
742KB

MD5
a008dfe39edd159ef9561f8db91e66f8

SHA1
1ee8fce97fbeb08f2d1ad85ce90166cfea59d43f

SHA256
dcab7050b6db04b88244089bbd9768c32df6196ff0a79284b59df9292f180762

SHA512
20fb263d1c0cd10fc74e5b3717b0accd80dab2acbf4facb8ad3b5faa5f1e4e54b9727515c5fbc60663b4b15348c236441f939921b9dbfb56f862598c4dfc15b2

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
67KB

MD5
ab0d94d1ed429c411f51cbcd3faa2109

SHA1
74895b81f1a6d186adbc55fd8551b8e5bef81371

SHA256
6c57bb95e18d7c236e68089a6438edfef45ab34efea5420e7390c1dd7980a41f

SHA512
da4ef0eebfef947aad10cfaf013324febb6aedc786c9950663c1933c6939fda46ac555854fd703e5c2b4142b7f31e418ec2daa86ab3a5bcf86ab6a5ab8486cc1

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
70KB

MD5
430953adb7467316520c4fa29c155262

SHA1
22ce27e5adda6c5445049c0509d6063c7bd0015c

SHA256
b3d168554150e8bf93c5c7f4292253cf781b4290d56189437e9f86ee4b42c02c

SHA512
e45ee55324e9b216952e008807e720a80bc83ab9a7a673a49e8492791444c846b348ec0b5f10bf2ecc27b3b8db9c44464eae67cfbe87a3441233a498ac8a6c4e

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
67KB

MD5
2532e8c87d1a737c310bed40bddcad11

SHA1
dd96b59621fb67bfe00e9b5eea50a270e5dc78db

SHA256
a210998806c782cdb742b2bfaa36c40ecbee9f082ad0b8da0e28f8cadab04672

SHA512
83c1467cfd4c71df4faf51523551aa857eaa54d5c095db40f788b0f9fdbb8646c7c2d4c71f16cd5d3419ed885bbbfd8d466d1236dd075f6e0beca3e9143096d5

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
68KB

MD5
c1b071c563fad8e859bdb21a9c6b6db3

SHA1
6fc8fafde3cea5d1108308bee3b24ab50cfe3d46

SHA256
930211381e626f21f465b9632725817c1bd3a873b4df05ba1eaaf4dcc40a1128

SHA512
469649307d9725e95305034ff15fd26d6a6cf6ff09905f8bebfc36b9bc5a5eb134e05fd2ed6d759a8c7e21b5a94e5f06f42730287570017b70a9e1979a3e748d

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
69KB

MD5
a319f5005719e13531632a8302d566c9

SHA1
89e8ec3f7eb1927e9e39a39b04c14fd371a52e7d

SHA256
27a15ed3661371d9da3d70df5ae1b7a6d51120d723ca9079938f4d981e8fa552

SHA512
c7655535a746a64b474a76a9b991a96f32d2e2b0bd6e3d1f735a83492507a517d0da45fcb5d869cc805e4be8875956d80ea3baed815937ef30169963270d6f24

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
70KB

MD5
87553322d0b4ab525cba05b6b6b4aef6

SHA1
7cc3f2d7a817f47a944058ac03c0781046e918a2

SHA256
115eda8ff7de823a2f56e9e5f69a7c9f8ebc873c5512a6d0e39bdbf486876384

SHA512
4a8b40c5e5af7cb39dd9658be52ddc5ad766c655b0476b49b37b85707603aa12e5ed01158d5d1e80f0405772dfb741e980b09d8726d0632aa7343fd4d13d1344

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
72KB

MD5
96570ace317e5b40b6ec2f9176f0d4cb

SHA1
2776bf8b9ca7f6f9cff154f63a0031a2251035c3

SHA256
8ba7d42bd91dcbf144a830dca935ec0e882ccc3dc3b2af40c384d42f59a70d99

SHA512
2113f22ec9ffd6b2d2e5f32c10e38ea071a1482c97e76c0b9d659cfbd42ed0f34ea334e19a129a0fe90cc6a82393b924b27e8237877285c78ba4274ff78c366e

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
62KB

MD5
77d1897d273840b16bc04ff5aaf64602

SHA1
ffb879c9a92853abf0465585fec3cb7f2661e088

SHA256
6c72f98027515614be40df86f12dfe2fd2a4f033149460a2ec7a1e9042b80262

SHA512
599ca08dfe6a84eedf553d7b8e07e991cdb8c249b17fffc9dc47be12969a63a8deb7e948f6571e215f32d0ba1384194985e97ab218566ce350bf26988455943c

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
68KB

MD5
036cf669af55a477e6c8b750af4113a3

SHA1
dc9a4062560aac703997ae6e71a4406604e6cfe1

SHA256
f23b15f0b126375ba3c903e4c5dae1211620f7345a24663810c2eb1320b09439

SHA512
e677ce4991f7e2a5e1ca321ddd48fb70cc9b3bc3429653a39d4758b6f09142b5cb53ccbcc5eec01fd67be86f70129ebbcf9d526b744307dbac33bbf586df7c6d

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
66KB

MD5
f51be659d1a3be3f462423585da42695

SHA1
eec1cea547436050a3da2a53aa22ce1f589a3398

SHA256
83c72131712b5e86472939a2e62ec56e13447f4e0d23acbe9875759e8886c02a

SHA512
ffb5274d5732c4f6fb46a66fe92124b77945b8dee0e5bc59e960827dc25d22b2c58b8c57a61b4d68bd91fe23c4a9d68af92bbb3dfec505b749e5d9b544c58e1a

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
62KB

MD5
ddd6578c0395ceb67fd48f45cd0fd53c

SHA1
89e097f2208b0bd2b40e0d6c6efb17f252c7e00a

SHA256
ea6828139adde9263f3fa2d6e5e1d7f9536d82d603cc18246c6bc1c7ac2bdf1a

SHA512
abb49cad92948f15929c5d872a5b3067f15a30aa52b3cee35fd1011e0d351c44500462155b68a9bbae1fe7ded1f9f641de2ea41129f1e451dffe80da20e4b97b

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
66KB

MD5
e6f7eaab39fdfd5236a0377b47d36c36

SHA1
79fd412565063a4513092271c968a2bea3d01d6c

SHA256
a6bb468dd18dd1b9c5872efd80299db074dbb18d7c174d4583f16b7b3597d1e0

SHA512
8b833fb5e464d68e406fc02cf57622e160326816a3099a6ee09ce153b0c1554386dbb0ce32796d39608b422520b3c5e7d937445713b8d951f2f14ac22caca8a9

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
67KB

MD5
98c8a18bec29898db5352472d5445146

SHA1
5b4cdae5d059df87fbbd57c2a46315a96c6770c6

SHA256
36fbae91d2046334e052e9e3721fd452e6d9969dedeffe31896cb47ad90feef2

SHA512
3ed932f281662e49bc96b5ed259956077491e92950174edb7aa41632b94d5dc08c63d3cd093598e8918f09275b2ce30196435d33792afacfe877f0555d66ef5e

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
74KB

MD5
4e562bda8ff91a5f218a4d733ade93a7

SHA1
aa0a334f14b0bf29c375214452605012ec09645c

SHA256
4f6ee9307ed940a0d18a56b760cefd8376d2783876ded479983fa67ed6cfc22f

SHA512
b9546f0e5945fb5657b2e88c8b9a3e899ad27041df8ce3298aeb95c0e3bfc5c33525c3bfdfeacf319602e2e921fe026747f9884e3cf1d2947e7f1db8b50f51b3

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
65KB

MD5
b9e4b72332dac4a78a46d09c30cfd888

SHA1
a77754812334c72e8da8846f3a3fcb0b28d93fa1

SHA256
95a61a4526086a62a5f6fa80105a6e2ec2b108b5d21b7cc72afeea6c1da0c6fe

SHA512
37d93c11b64491ca0dd364780fe7e04ab162c5a728b0a4609457879842d0d2c71475b7732592a0f4656e3e97db798ff614fc904c56617f38996b7a26f8de75f8

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
66KB

MD5
165e0cb411ca469e13abd23e87237bb5

SHA1
3f499234fcf83a18b6ce8195180d2fd952a4620d

SHA256
d66e89e79d9a0aa43545b3d53407a758e703f10755e03ca94808fa5eb28f080b

SHA512
7a1d608a57181832f76b2d4f238c91e6186c5193e6b8f94d7388d893298248d30323fcbd2a93afd29739ffaac3314c46ea14cfb231a5b94b5a80aa550b8fd403

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
57KB

MD5
263416b5f89141b27878c9bb7fc41df9

SHA1
6bfb98c1b92ffeb9f5c7efd7cabb8dc6b4086fd9

SHA256
95783483555594deb2087f3a271b183302c86e1cfc686cf93b7506f7b1079407

SHA512
1b12b9cb6522da595f5782c56d95bc43d1704164326210249101f41298c62fe1671f90a88547a73b310b97f92c460ebad4a247ef4d742c3de8a73e526a0ec957

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
71KB

MD5
b922e2354a560465926625926d1a601c

SHA1
4614773c1d5ff915a51260520ee2f56703bb0991

SHA256
41c9f6a709e88a9c9779610b13cdebc634ebda46b3741589fed2ea3ec3de8d37

SHA512
61dd344b9caeca12b25af55d506f5054147b607d0ae1f12aa0011f4df72a81c5d951f5108c01874fcbcec217372501d6b8b0d069ae7e6f159c270dfae7c3e4b9

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
66KB

MD5
1777a5040b6353970e9f455d27e818a7

SHA1
4ffb9bfa9cd45ecc59f9ec3ae01d03cb43f870ef

SHA256
beeaf939b8c04f66c4bc63449292aec53ee757af9a6d2ac8549bf3e395f86945

SHA512
d52e1ce51b749870cf7bcbc6dfa0ee8703f4188decdda7cdb703090e0a628fc059e9b1d83fcf29963eaab6ba3cb9c3079289208c2eacfca191bce0a4089b7b61

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
64KB

MD5
9087e5751409a661b58a3b839142201f

SHA1
d34051d2e858fd4615dba7746686e9d1f2cdc48f

SHA256
3afa839dfc2527c141023621424505ba435a7e12f2bd99c8f50636c7bd537799

SHA512
79147dc9f354efa660fad66f71d6444339b4a2b2f4f0b17b715f38caca65aadbabf60eacdc72712a41dc613457bdeb15dc6219ea9554424306ada4280f13d1e9

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
66KB

MD5
9969cc881f8c085e0048cf21e18dba31

SHA1
4c85d35ecf878fa8266c9a303ad3f68cf4f80280

SHA256
4f6160651c128b68219286751967bc999ee11d0864a7ec3403128df6f92de16f

SHA512
6e186952220a960171c431ec0dd345eb1542d6018b6482be580fb78c988de065c2e9ec4adfbdd59a823b70dbb52a610f5793cb5e632e8247ef8ad7fb12227aca

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
67KB

MD5
66c312265f4f504e493899a6dc69b9ee

SHA1
0b739eb7b1d37dd925ddc3cf1cd4a84a56bc0c57

SHA256
46e68d33026083d970238f5cc170e87f4435a338a870d3e131af055f215d0817

SHA512
65b8f34947a43e50a992a08c7d0c05bf18cc723eddc1945ad1bdbbdc8b6e6dcdfab1b944564cb107df9c7ed6e9e8427245fadebe0dd34188b5b00a8ce672e623

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
75KB

MD5
6af9e87fd54026e028aa528db7f44f51

SHA1
70da44fe4ae5dd82fbfc5ec65cf34055dfa06357

SHA256
8e15441f5f430dcb4a8c6860b5707c9bbefe0321ffaebd46d93d3ce08c86f823

SHA512
d6d31862c4614773b4507c0549f52483126e98483dec63c76ae9f108f2c13e3dfbcfaef30285446dadea4d698a81e8563dc7857f0a7092e4a1eb2c8b0c3d1d83

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
75KB

MD5
80780f351f7d522ce37828afaeb66b8d

SHA1
203990507864eb6c10f89422f9e58eb3309f4fe8

SHA256
12f7f153255e37143d964846c8729f0126cf7fcceb8c8c33a8057399cab702ea

SHA512
5657fa53359efcbc343f01c648eac8aaa2f6b66b8bade39205b368924e1d2a203b0e20a9c4fcbdc9884ec66053aed4d55574f2566a6c85a4736cda05999d9bf2

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
67KB

MD5
3960603cd63d85f6aac95855c6da32df

SHA1
3198ffe73e430eb10ef1735d10147b338701870a

SHA256
4ed53592798c1fe8b5566cba376618fc8f5986ef0647117d999b20bc0f6e61e9

SHA512
534536834ab7bd7b0a3d602ea66a9ccb6d278b2c1715a0746c27c7b11ee8586ac3eba45d3354d829de394b61b739d3d887a3c744254fd9e895061556d45ca37d

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
56KB

MD5
a5f96f39d4b0d470b36dbbba3ab2e984

SHA1
9cb1645e89753aa47a22cc66bdf493189da88b83

SHA256
352d916e8f5399b6a70728ec79c870d4e4153e52bc74555d8c151cb55063a93f

SHA512
4cd1f2dd8986481b6bafa0da261f6c5b01821538ee29d98116d7f1941bfd7bc7a65a1afea11a00c91eaf14b21efed570276ff2abe9f68596f2e9ab512309193d

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
66KB

MD5
1a696f833ba61641d128ee3800c349ed

SHA1
fd064078d228ef62a462c0472cc11484a436aa4c

SHA256
b2f5b978ad0437d7d8c608730de2b0fb98f764ef442bb73ec954527b4767f2c8

SHA512
09fda0f393177428edee8ab1029ee3342698cc4bf1e477703d1071ddeff8f9141e0182340d2391fe1f1d52f914fcc01a27115934147f82a91260ef82107fbd40

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
67KB

MD5
0bdb54979b01ac46110ea54b594e48d1

SHA1
f9196c5316d42c7e43ce44694ca0dda0777a65ad

SHA256
c2e9c50227a53b995de08deee73294723b5d852000508f7b463ba71f613eaebf

SHA512
2d3e08e911503319646819b0bf09562ca825815821602375bf58837d3892567e2bcdc25a1da4d0e57d30b48e59b1283bdfe41c062989927ceff891a0be7540e3

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
69KB

MD5
8ccc03b420d607b84458136b2013962a

SHA1
05e64c2afa89b2190346669d05d3da399392738b

SHA256
a59d6237b98834af2475744577c96bf1879fa2a808ddb82fcfe44b504ad9d6b5

SHA512
30ddf21472ff27f19224fddb7788876b630084642bff40e16d862fc158c5561e5fdda46a6ef802cbdaf5520e2a226045257856ab710a14f0d16cb37e51b1a56a

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
75KB

MD5
8d2806708a7801ee589a521e59c900d8

SHA1
637e2b3d2da82e23a26ef5bb9afba6f724f70f78

SHA256
c7d4ba878892684b64d234a7bf63ab28d8a401e8b232eb3823854a6ca2891786

SHA512
f17aef24dc137ba0be71f6b3f1e1799abfcb4c28493d82608734bd1a1d3102e117c5089bd8c571f557c193a122a92acc80681e532d2a950f5fe66b15256bf0e3

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
65KB

MD5
35efdbd69d4a4769b734e4996d744861

SHA1
fceb2ecfccb4d2b643ac8ea8c7814b9c3c4117d3

SHA256
624404129d7c6036085feb1086e6192ef8446c227a8bf0024e573d928c43f5bf

SHA512
3e0ec1ed3635a852943a04253037f40b7c8a1fb29d4527fd2bc9632770eb27f0f3641e45c9f011dae4bbd5d3b77c46a54eba72ec862411881ad07f59d3be797f

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
68KB

MD5
4dd778766cb5d5e7b11915d64b13a7c8

SHA1
6caa14a8015daad3e725d8610ae12f7c798b0a34

SHA256
261d26fd8062e56b86cbf643ea6bc0cefaef987a2b220385ce9958427e774b55

SHA512
35380792edb92160b4ccfc5382ebcf3bc55a2991f95efdb4bd27618c26563e7bdaff5a2281cca65438b28ccbe1dc5f8c89f3c827a5876baca2ffb440a59b7349

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
60KB

MD5
2043bf91b6d126437fa26203ec9c5b04

SHA1
06bfc62e23c99e08b65953bcaaccfb07d632f746

SHA256
da3c0f0d9dcf46e2bc35f6fd24d9826be15de9c663dad10fd21a79e260f228b1

SHA512
32f3f0ebc4341e8b57c35306e49f8f89353cba842eb3fd45e78611f8c89f6cf24c30db4dc94c11929b4f2193a4fdd7beb283004193927840db94cfdbbb89436e

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
63KB

MD5
6190177e49c41b992756e923ce64c4ab

SHA1
edb7888d223af23c44237a56241d7a71cd5565d2

SHA256
b4be2ac80398777c12c32e84ef1a6a38a5aeafe3b45df3e2ea1548b8a7655f8b

SHA512
929beae608858f72b7f9d6a8616011fc1520517195e1a456987378dda0bca140c74705c7d435a331c62639c6cef3d15b63c4f4dfd6c83c5b27704fbb3c5310c2

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
70KB

MD5
82bb5111db83108b19f44a9373eb7615

SHA1
07022d7914a88c57232a1b38e09bf04b80324556

SHA256
489df4d948058f9ded9f0c5c000ba91acc270f8ed4c65812e65fe6f70976e3ec

SHA512
64e2ddbced34d50baacb5b4906be99c510b9fda11d8df40579bdd1b25038c5286552654733c0ef1bc03a71f8a71ee9e5cb1946847cd405e9480d4a2b43c6f642

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
65KB

MD5
1d5e8e1ff3082a430c2b3c4433b8718a

SHA1
b0e137065f7d85966bdc96fb1bef6dffc4eb8897

SHA256
b519d440720e190b378af291cfb1476d69cc8a074e068d4991d668081fbbfb90

SHA512
d638582f542d14ad7589bc919553fdfb8520a1d522f478b3c83ff6e78e70841a3cd7373f435c6560d9e97fc4a6afd776a178678c98eb81f1d72fdb33ac18b2c4

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
66KB

MD5
c5bb70f1866432998cabb24d34fb7527

SHA1
d0056fd98c8fc2b2f640bd3a29e3c7cfefda59d0

SHA256
06c832a503f73b14e0f2ed531da0f372ca9e3b763d4392dbe6d3bc27ebae00f8

SHA512
9390f6404ca729a52d9d82d46c978edf24949d8d74104805b30b26e6e6edf9d8e49956241db096dcd2b7b006acffb758c5f38f43c01be504fae87f979cd51d90

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
62KB

MD5
09ad94fe6300f1da3fee2b1f50191bba

SHA1
ce5bf38af3cad3ff9c1937a522c1103efb67f50f

SHA256
62ac3b0629f41b2802724e34ce5b41d6e7cedb3645e12eddf973ca20a0bd0ada

SHA512
c6b40eb56e4f9599ccaa9918a3af561f912b3811d6b7f851c48c75ad1edf9ea16887d00f4694ffb29f7be0f0c15afca64b83a0ca05723e23a39db374ddec47e5

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
65KB

MD5
6bd7f4595f75c4eeb1080440d3733b58

SHA1
0b08b6344c7df3f57662bbd47adbc009c089ba22

SHA256
11fedb19456286da5afb1d0efdc130f136dd50d0759ff86d44a6dbe41ec56faf

SHA512
318250aec15078e1e7f637a31c084e2b0293eb4d0f16e7187056ac84d0ccffb49a16e035a5b2a687a5bfea2afc1f59eb297ce5d8269e44ac93bf1ac02d1acd57

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
77KB

MD5
23f04c59223f1e824c810fb350dd3d32

SHA1
f32a2d55cea7058f08a4ebe7b99be3749aef6239

SHA256
5eb822466b178d52e5c666655a0daf5c5d73d9bdd01ac96c628e3fab68d81614

SHA512
d59514726b8a563fc6e8993b51d1beda3501154a592ad912cf3d49cd0a2b8742a024602791ddac954a430b8aeb795e468078a7f4aaf25d81cdaa015fe5bf0bda

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
58KB

MD5
c10500bf1f69febb75f7a0e81a4c9247

SHA1
a7af8f6f82eb54643159403b2168b3cf5aaf0c74

SHA256
299cec53c0323a24adcaa7bc090fbc8578a873371f6b484ad7af15c670ce8c37

SHA512
a97ee8206c87e2dce3b08b74fbbc03a62ad66d2e765320ffad3fa37cd6147a68bf660dbf8a2f5d8614ff12b1c5da91c04dc0e732987cc379c72e40b98a5c26f9

Download Submit
C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp

Filesize
64KB

MD5
bc7806258f7e6e44a8d58ae35c61de6a

SHA1
8e9aaae73cdcc27434b734085dbd7b17e546d249

SHA256
234f3cd0bb0434e894e8511e9ea877fafe17b9ea76ca505bfb24468bc9e5fb55

SHA512
d53562c9f200ad1b210b93763675f8a0e74532f3b8e3c4af6b85f812a3fd425f70eb5283ef1eac3a9552a76e39fa3b29bdf53b182fee97084dd58fa505538617

Download Submit
C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe

Filesize
57KB

MD5
9ad5f33243a8b647e9bffac95660d404

SHA1
fea62b29e8bd9541135f7d390d0dbf9c0c6d28aa

SHA256
394f702e59e5cc49af935e6e1f09c5eff67e65216ff9322da300e2027c577e84

SHA512
87202b04fe2b2517dee0c2ba081b7cd472099a405fa123799596cd76fc590da8c9b672a8669c9158ed471971c426ec9841441ef1949aaee686b6bf0858d94976

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
57KB

MD5
b5f359ecc5c4b87dc5ed1735e0aa96d8

SHA1
135f7b85a5f16eaa6dcbfba7e5c493308414bf54

SHA256
93f6b947f18a28fa3b27480cbdda2835fddf6469db08be9a4c83cdfe819f3fbe

SHA512
6b5d2c436d051dc6ebf8e65cf7c73d6a26f85e34215be00292bb3c0e032ca3d0c468aae4bc33b4b2e1f90016a182427ccfcc26bef1252ed922998b6878077723

Download Submit