462e5d86f0191616e930a8cc907c86f81aa4aaa3b1999aa43d02a160bbde8dd2

Analysis

max time kernel
120s
max time network
78s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/08/2024, 05:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8fe8de948caf99d15eca1f8b8dd9f850N.exe
Size

83KB
MD5

8fe8de948caf99d15eca1f8b8dd9f850
SHA1

bf67f4c5570c1e173c03572c087b671088dfa82f
SHA256

462e5d86f0191616e930a8cc907c86f81aa4aaa3b1999aa43d02a160bbde8dd2
SHA512

2b4dc84dba90344bc0526d3cec5e0e888370fdfffc00efef3a11aec811233cbd8b2efe1b5a407f46b7647a00255048ff60ca2f6caff44d01b9b3d6a3f60bfbc6
SSDEEP

1536:W7ZhA7pApw03vR03v67ZhA7pApw03vR03vNfmK/fmK0:6e7WpwYRY+e7WpwYRYu

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4714) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
1332	Zombie.exe
1440	_WERF10D.tmp.WERInternalMetadata.xml.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	8fe8de948caf99d15eca1f8b8dd9f850N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	8fe8de948caf99d15eca1f8b8dd9f850N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationFramework.resources.dll.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\lcms.md.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul.xrm-ms.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.HttpUtility.dll.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\hijrah-config-umalqura.properties.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\sspi_bridge.dll.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\cs.pak.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ul-oob.xrm-ms.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsFormsIntegration.resources.dll.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\localedata.jar.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul-oob.xrm-ms.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoianetutil.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.MemoryMappedFiles.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.Messages.dll.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File opened for modification	C:\Program Files\Internet Explorer\hmmapi.dll.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ValueTuple.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationUI.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngdatatype.md.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-oob.xrm-ms.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ppd.xrm-ms.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-80.png.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Channels.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationCore.resources.dll.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\jfxrt.jar.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ul-oob.xrm-ms.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSIPC\msipc.dll.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Watcher.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\release.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClientSideProviders.resources.dll.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationCore.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-bridge-office.xrm-ms.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Calendars.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_F_COL.HXK.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ul-oob.xrm-ms.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	_WERF10D.tmp.WERInternalMetadata.xml.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8fe8de948caf99d15eca1f8b8dd9f850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_WERF10D.tmp.WERInternalMetadata.xml.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 1332	2280	8fe8de948caf99d15eca1f8b8dd9f850N.exe	89
PID 2280 wrote to memory of 1332	2280	8fe8de948caf99d15eca1f8b8dd9f850N.exe	89
PID 2280 wrote to memory of 1332	2280	8fe8de948caf99d15eca1f8b8dd9f850N.exe	89
PID 2280 wrote to memory of 1440	2280	8fe8de948caf99d15eca1f8b8dd9f850N.exe	88
PID 2280 wrote to memory of 1440	2280	8fe8de948caf99d15eca1f8b8dd9f850N.exe	88
PID 2280 wrote to memory of 1440	2280	8fe8de948caf99d15eca1f8b8dd9f850N.exe	88

C:\Users\Admin\AppData\Local\Temp\8fe8de948caf99d15eca1f8b8dd9f850N.exe
"C:\Users\Admin\AppData\Local\Temp\8fe8de948caf99d15eca1f8b8dd9f850N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Users\Admin\AppData\Local\Temp\_WERF10D.tmp.WERInternalMetadata.xml.exe
  "_WERF10D.tmp.WERInternalMetadata.xml.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:1440
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:1332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2718105630-359604950-2820636825-1000\desktop.ini.tmp

Filesize
39KB

MD5
f628589ceb4030b2abebbf9f8c38c878

SHA1
30463d1c33898bc734b18fdd1f1643d4b6cfbcf0

SHA256
0af14894228e37fc5181ac8f354843036b5db6de3c3a4ad854e14ae67edaa9f0

SHA512
aeb7f45f74326fe781e66e7e52354c6d7945409e3084526bf35d59bf72cd70508cfcb5b1d99b958f3dd07abe552810eea0aeff2108b52eb43ee6bb045101754f

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
157KB

MD5
d33e5e3d13f392c7f82a24609d9ba9e2

SHA1
ee34fe0140d10f316da003ca5d2686b6911296e2

SHA256
0d6615d8a93b2f65cbcf818779535adb301f70d3e3863ad7cfda1cf68c13ec6e

SHA512
04c949e512529b174af05e935b587d63c4bf821c5b0ddd1709c9d02f12f7ab1cdef072021ab1b0be33705a9453fd7d15cf5d5caaefddb7ccc7ae07f4fe38eb0d

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
760KB

MD5
9e3ddf50d4f8ef17b25c2d74c8e753c8

SHA1
eb137ac0adafc085bd8edbbc7f8af337a520ee22

SHA256
c07220d65ed857e045ea0ade6f86a465469e97460a45512c787e6542fd8c53dd

SHA512
c8661b385197a5e8e8d8018804006b65a99911588992bb26857dd7f46bc00f0043c8d1c7628018a127f839986d799c3e25bc39ba71245782f66804620f29d357

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
582KB

MD5
3e307b22898230d06ebca6d3a1efda82

SHA1
2839c3eb4dc61fbc330eafc3ee25fef76db691b6

SHA256
94388f972b620984437681f41cfc4108a65df87bb049c411dd63564df8e00f9d

SHA512
3a5fc06a4aa4162672d831a32251f45b10ccde1c3025a74d1b992b9c1a69b73e094a2c70b350b2d4bb46ed561b2b2b3a253512ad435807925b4a1971e171114e

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
254KB

MD5
64f44c1f04053c66df6f565eaca3fbc0

SHA1
7a5e04a1257fbb349359b44b9eb27957549e48e5

SHA256
4943e3e8bb3fea17241260a249730706302a3ff1be904f495daa852b8aac5378

SHA512
198e39fcc0503963a3c137a9e3d965e048ca3d99509f0d5cd4ff27f3ba940b8b5f453aa649718dc2834969d58a054b66db526b1e738925cdf0f2255fac4ab269

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
233KB

MD5
7c948d5132271aeb9f439f4940c9aee4

SHA1
58f7fcc3a6801c83e20be9744b986cd2a2ec38b7

SHA256
077dc759b58e367362f4ab1a5efc07751058934b1d360cc6cc4be2d1a87fd041

SHA512
47423a50b43bf5662e2d30202ff5317fe89cf067b445e28d859096fe576c4579c5b897bad7d678ce938a191cc2eebeabd496910f54021aa3b26591466fc4ad86

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
472KB

MD5
42cd4a75ec5c47fcfcfb5699b890c5df

SHA1
7d9b535bd314e6a0135de69d650b6aca8d64f1cf

SHA256
81728b72bfc2680b4e427b5ea9bc6360f81ec85e7d9529c29141b3a283fe492c

SHA512
cfb28a089ef8e211eecd67e88dd9fe2af527a21da085ec1d2ad2756f609f37501693fb414f419ff1abe1811ee193a9b79d5f6ff69976afa03f9aec3152d026d5

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
975KB

MD5
c22a76e37151f42aa10a95de601f86d6

SHA1
4f44a0f37ea07bd22e1bccddc63f51049474f931

SHA256
7a70dad733d67507207f87b6ced878a70f965ddf656288603d443fcddfd3bd6c

SHA512
6e66b09ef9aca3058ee1fb6272017c05453d50044f5ec4f0ef07598cb3465f8246671705f58b8e01381a07aadd00de90d7efa44c78b8fb81fc7fc90fe08ad428

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
456KB

MD5
0ae426bd1894fb583c7af6084ea1dac8

SHA1
1378d9b8dfbf160d8d3aad37a51967b89c92be9f

SHA256
2661b5cba271febc958432ff27a1d3c747c810cf8f96c623758aacf6bdcfa4dd

SHA512
f64f548f0706fd74b69319c8c1db30c327a24636eb4a36ef4e68ce1f8dda319631e09319aa09ded17ee52f6193cb7f65005ab3b1e2c257b39fa9345d2c75db9f

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
52KB

MD5
33c75333c80841a8aaf1fc4e326f8e23

SHA1
edefd4fe7b50dc896305dd1eec95ece7116ac690

SHA256
6f8c29165d1f6710b939685762ca06120d8ae9940fabd8cf6eb54f35f96dfaf5

SHA512
2f6616d6843e3c15193d3bbd936d939c3e77782e7e8349129f2fe5bd9bc6c20fdf3f7f789cffb7119b968543033d0361bc32cec4bae0d09e2ac2185cde89cae1

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
57KB

MD5
9acd5741247b36fd8f44d9195862791c

SHA1
5f163121821ef37b6616dddc0a21b91fc35cd963

SHA256
79639b8a7ce0ca9dc7b33f9813ba081aab17e8f8e841287a1566d95f1a096445

SHA512
15d1898d753506b0799341201ee2bdac8e2eb94301cc6f22cd96960c73d73a36198cd962a30c29402326482dc9ccb754082f267c48c7bbad2dafa3a3de649de8

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
55KB

MD5
e9df7138d6cfc669b18b5cfc51a32d1d

SHA1
4d152b09a0a5ad4348f0d1e9514d9ae26f14a8d5

SHA256
53e062f7b47e75c0ce294754e82832065313d0a6313a4015d1b2ba944aa60fa5

SHA512
5678e2f21cdab3e738c314df7a6a65876e0e924dd1157d50222cf4238ef321a41f0be57f5898f590fb9bbfa7a59995751531c8789b27863ac002e82a8db9f455

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
50KB

MD5
9f489ef34592311ca7dd84a528a79575

SHA1
58325072cd9db0a348b7189f95f618046ed702c1

SHA256
f542df4f2e8e64d543b5ecbac2af6fc2869e93956455492adc693650646c5baa

SHA512
90d54cbe28299debad31d0eb44abf7db857e8f468d744e9b86c17b028982c8164d5cdda34b46ad496b225f40b77f02679fb11685da805b0f77441a6951f3a2bd

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
51KB

MD5
988e137e44dc7b27e4d6a4f78d18f65e

SHA1
564ae25966addfd81d129831a126082c8c7a5caf

SHA256
b993750cd07f6916bc0bd8c52512b4a3ac29f24a46a034114087593473c79f96

SHA512
b13f2e08e47a168be701d162764a4be081a60cd2b7512ebc756c7002d3dc82ba01380bc492e3c8e0bf24fd6dd26e087a088d9e993a56350469e368b67fc424f3

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
59KB

MD5
1a1e04555ebbb554a5c001f6afbeaa95

SHA1
de10342fa5c5490f95ceee246a5003832f589bfd

SHA256
be979057ebd97766c7337d51cce3c1c8e6c6561148a4de8a70f60f7c02a32a22

SHA512
16eb6d00a26ad7ee4b8878b731a22ccb70169ff27c3a2e393949ddf6ca7ae4b085316866065f2f8c235c68c029263ba9f5b2920ade3e3c3b79086408e148ac29

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
44KB

MD5
44469c85ff521f89f436742039961b6d

SHA1
589bc7dea21207f203c5af1d53bb072100550dcd

SHA256
a0e67f8fe475eb7e417a2cb6cf4bfbc7f114a479dfe1ea5eaa4af53c51bc17ba

SHA512
4333a5508f0fba17ca4b3623323b02e77db69a0168df63592a1bf10f61028cd5e900d5e493a424f754cf61b8ac47d53652a9cdaa9c2027c1878584c9b69525ed

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
47KB

MD5
f9c6ad6a0d40d46d5a3a1136c72f498a

SHA1
8fda4dba4bc0a391290c0469cf4726806e62459d

SHA256
2d0fde9597a9269be0be932f14137d99833552c0a94f0d431cb5f860af106b7d

SHA512
f0cca4acb299c70e236567314f2ec61c1c33a39626d5558573a42f91f17dd40c6a67014a64933430777137606cb418f575c0ea4617f5318c95c7636219c0e2d8

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
55KB

MD5
e6a21ad541928cbca68008c3edcb1095

SHA1
a4f0bfab7345f392c1a1214524e460d3306ac0ab

SHA256
6f9f8f35e3bef4d1919a27fb96419f39bc919df6b36f3d62fc008e4abba5409d

SHA512
24b2dddcfe9af7456b58150b714a17636227083b43a4d1f1b9da3789607b8a21ccd8a7ce7c655b68e575642577dbbbc23772c18c6d4c6afddd4a745848655de9

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
53KB

MD5
8c5f70f789d7d00e47f409e99e5127d4

SHA1
33f778f87b55e71231e9ab6e933979caa2fbc981

SHA256
3724c13b854f05299b430756536e48c258ea47bc3da302eb26985930f7f53bfa

SHA512
4f774980fe6bbed6872d3023603bd38a79b74a0857d4ccde971d6d03354c0a7e661829dff4bb02e2be6e01f075a45c2703c57d45e1128c0ae766ffc3cb01f05b

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
50KB

MD5
e470e0268f3b984c0964b31cadbd16af

SHA1
3cff0265edf70181a0e0e9132c14603d2cd6d320

SHA256
9778ef623c89bd5dac4c3ccda1367725b921814577d3eb633a9a7274baa8b337

SHA512
e8d6d68af2982ddb1449e81d90259202fc14cebae582a40ad5c4644a3035dfaf706337de4fb70c93d8cbacf631ac4e82669c938ba250aeed3c33644d69c1c9fc

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
61KB

MD5
7169d238977874e7c301c2d72a394b06

SHA1
bb0ac937bf25eb5d7848c0cb1c5aae54ad1db0ea

SHA256
981b1a2752609a218389474b36ffceb7d302209f30b318a7fc56973a0204e297

SHA512
0f272979f3d7ed835cae24bb6294e9b04a330afd9c5a1646e4d3292fb4d7c4ebb4017c621e21d05d6e395cfddcfd5d0cef3952e29b0e3ace301a882525528f74

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
54KB

MD5
6631c158ca6f043bf2789c66c8d9cef6

SHA1
4d2eabe808cfad95412c5173a4caa34e40acc8b9

SHA256
1d368af4d3b0cf261f4fdab051e7ebe8030f21c3e00258ddc4d6a164684e01be

SHA512
ef22257cbd3e04acd339af587ba671244d29b7bb7865b4abc8a83e8d9519e21c550b4e3b623ce87baf64e87218c9e580539c7b9ccf7347151323837581d18a64

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
45KB

MD5
a7d797b21503bb21f0c5df64b7fbd150

SHA1
19ea53205c1bb776ca68d1ec3b97f6ac64b509dd

SHA256
8d5a6beff164986b90f3310179d9cd6dedf6260134a5e18b0fd69a6db1947a47

SHA512
4bb8209bd348593473053c8bf9c148cab6eb59b35dcb6c48806714ba30c47fa2fa1d4149dc9204b5b590612ee0f645e499e4733a87e569ddd44da1f0f915722e

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
45KB

MD5
421a3bdbbf5b63f3ad2c17fdc3c26afc

SHA1
a282aeeeef0cc6abd7a6a9fce9158845cdfa3596

SHA256
1b8eb4d6ee478fe74b2000d17b8cf9bb22c9a6f00bd38138f75a4d3c23dc4e1d

SHA512
59630104d364f052d27919955c37682bc0e2c76db9ce203d154df6bc22d177fa74d5c8e272e2a869c32d6d691bbd5f0314a856b47b422714b826642dcd9b5076

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
52KB

MD5
cc802e30a221e7ebde49f50dc008dd17

SHA1
124492f85efbf1ca95db96878443f859e6faab5d

SHA256
1386c81330684fba8b07c3807702e4f8305b35991da8292f6f575dcdeb070ae3

SHA512
cec1fd1cf4265dac0d2187bf877d231a6d1bef75f4b7d080ebbaab166a4c12dcf7a8bccbb9923a97b45a9936a9c366ede1053f37012c5b034dd01e803448e922

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
46KB

MD5
b38e4b18d742f316a7b1a55d48dc90ef

SHA1
caceec8318b631248fb8be2ee32eb1f11132d1a6

SHA256
ea8634d078f138467a5198588a60ad7d0d5c183a86211df31e7206e4e9909543

SHA512
dec98ea4b2b3a2de28622868653d1214447a11375a012feb84e7885524c94562a9e37b6062262c34040dac014ba60b5a52cbd0dc0278f063a7149056d930eef3

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
48KB

MD5
9fbdc528d7a77518f1b9ea2b7fa577ac

SHA1
3b650725151077a6175c8e4b990a22041307fc4e

SHA256
969307616e5141b8e129a8c2828588456b085ef94357f05fd65b2b280f9bc61b

SHA512
bed799e8f9c7c4d0e3a22f2a6346b93bf9e4fc30a8713262fac6eadcc156287f040d4db540b0a4446dcfa647dafc89f72be69f027549ec492117b4ede77b723f

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
56KB

MD5
bec0dbaf30e075a32476afe1b9541d9b

SHA1
32377ef71d63457768de30f61b91cd9db746ac24

SHA256
e3cef6c82ec5cfdee361f2a2e56080ac9b81e47e279e4866dff0c8f314e269fd

SHA512
4f826f97e52b23c34756917d24a5bbdec9b614e30fd6d2e8f55737795a7de8656b39eab5c3fc74bd5c546c07a781dd499a17ce0b21c3d4b43890d10392288e93

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
50KB

MD5
08266c65096750258798976a1c44d351

SHA1
7553019c915d9865264957c884079acc2982e75d

SHA256
602af1a0ec666578596daac9c2ff31a980f31a15fed540234f8ef0948a96343f

SHA512
4adee94c0ca039fc54dfd04bcf2a813ed6adaa59f23792051a5e850163b511421e9f520fbede60ddc08be65cf679073711e37f5c5ef7c55ca6e27f241c01052a

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
62KB

MD5
dc8dbdf97874f05e251a17b5ca974a45

SHA1
f1f8a1c505b4ec2d8422ce89480edc977f5b4b37

SHA256
98b2f26b5cab0e97d21b014393df094de5b6b308b2f6b47ce97e0fc239864fdb

SHA512
f592094e7011cd36938b4e6355288337cb68045951111610aaa44628faea617c53ee801c37df6a483d444db71e9ad4fef53b136b71ba4eae1278610e804e3eda

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
62KB

MD5
d9fe7efb306924cae74bdf6dee1bde1e

SHA1
d3705b58a3dda5c8a488d6d7f6a21189222573de

SHA256
66c748071e531452d5e353fd467898d307ce8f10e202520d0d0186eebbb74efb

SHA512
295a25e64c8ae7785e3783b5736c2b477534bdd4504aee3455a7e5a248c8a704e1a1cccc4bd9d189313b594a1bce578f4db40b5abbb0290c57fe792445c498d9

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
44KB

MD5
4a31cceb0ead78ef42f2452d509b1e8d

SHA1
ea8e95fdfd49b9fac399838bc01d482c88cde4b0

SHA256
c1d11d6d02ad2d40b4227d169df92eff6f9dae122c02b8c22ac0e3f8b20e5219

SHA512
766c5e8d7a263cb940664da5184403c730ada2fe6e2536d0e36341f60cbd0c8626161104eddc12eff1d4c21ed162cfccdae665d8a460f05da245f7db2fe2a8a2

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
54KB

MD5
b6df5d8954e09c000605101c6d3d400f

SHA1
c2660d3a4c25c5060ed40207e033bdf1d43aef9f

SHA256
9a0f2c49853524035ae30597dfa0c14e36ea9defbc72dc26b40c6277b355c6f8

SHA512
26594621f1e2a9da1aa5cf628cee8dd3d757ddd1d1c211dfea09cf484c109baaa2b97e6a0951879746884794d3d8c2ca0becdabf694fce3d7dbe3c1d87712f1d

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
47KB

MD5
d48cd10fff88f301413c704eff8844bb

SHA1
97543a3b3f2d438901f617153e3104807e919689

SHA256
baa338fd3a9149a6a678379b98c7d5d218784f6e03f27906633d060c17756caf

SHA512
462ced6f6fcb64119c012861f5f318785c1b42aefb9355c67e68bab0fc6a3895aeb2508be583bc838d72e315429e495bbe882d3bdfe8543fdb2dffca885a8e06

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
54KB

MD5
0a4946f48d6c24d43eb760220b4e961e

SHA1
b195fec14fdd45c5795e77b10d926d24a0d9b437

SHA256
51546123e5b1bd9ae82236e8f8f55cee2d5fc307824ab0329fb11599d73d97c5

SHA512
ce5b3e8928e979cae6ac116cec6fd31f87195f587e4795d846fca4a7a0857bbc7a2b1ae84ce22ff857c520234477f244ab7eb59e19f8a2aa6ad88b7db618275a

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
44KB

MD5
2cc8d59c82ffca26c5bf0ea70b1594fb

SHA1
7a7ecc039920502312843bf7c09989065fe39ab4

SHA256
096e3e2551d449b781cf1b9d205be680ed30eab8d20ff44573517b9937c2934b

SHA512
12cd1df801e202177e60aa6c7b19f4e392ccb3a57fa7579b491091bb231240bda25dbc93eeeb34968650a7590eee1c20d9752bee1ebaff4558677d188b33fa6b

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
54KB

MD5
f347ca1971be621fab7821fb29373bb9

SHA1
226334c8497c8a1d02bfe1a53bdc327906cf51c0

SHA256
39e30833e6be398de52daa6f5bb02d135a2df3bd6876c6edde5ae398f509b127

SHA512
8dc85efe4fc767b3d819900729d9b1522cc223bc3dae74ae02daedcf53d1883f3249552ed10e6ddcaa99c9f4035e37aab38f233a97fcd064d4d2412c571465f9

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
50KB

MD5
1f0dd363328f5c95fa1ce85a2e8bb395

SHA1
d117208e185a752bdedf2192aa06a5ae374c338c

SHA256
805ed804de02f1caac64cb08fc3f965cc2a3b67986bf69938001ee44963ac46d

SHA512
ea5d4bcfecb6d78faffda9a76a3b0759a9142be02430ca8f01f35154eb6dc4787a514d23b42c75b4d03d9dd8eb1385ff031bf76932ecd847d0649d227413121c

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
62KB

MD5
927aa88966c4008c00e87116207722ce

SHA1
159cc0605e2871988fea42d44021f2494a26023b

SHA256
724d32a8629ff4735fa492d9020544c6c3a906c2279ce817ff0445a9febb499d

SHA512
c5be1c0fa17877d6f67011a863e7e9a00eb444c923d3883fed08d2e8dcb0ac6564ff5c8ebb46ab5449c210e15dd6524e00607126f9c58f91c8782ec5f4654eaf

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
52KB

MD5
84cb4bbf8fd3a9bc8bb71b0bf308e7a4

SHA1
bb5047726769c01d68d870e025c9a98dc1af07cd

SHA256
6718c17e25bc92e4d1614ff210a3356cb66a5279f267e803c65070f4f4a1d922

SHA512
17c4785b0c20db685f7a03092e95ad38a76a02025ea7cc9317ec5a221a225bb461978a86855d36a1307e018a03deb2fbc12c9511f66e5210f33530a2b0d567fd

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
54KB

MD5
c766ce3799caf01b6844269efa736795

SHA1
c64fee43570a3e60614f6aad2f2a776bfabd099a

SHA256
8cc639951dd26a4ae674b0d0ba19bc38df8330f71859e1a57d5aeb020cc2ad75

SHA512
31345c0ffe5c6e80eb9955c6ded1de346b130c57d6fde52054d1f0ae66628a4842a49807d0ee5dca61ea6a44ebf922420068cf5ab02a9b77cc228abdb38a06e9

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
56KB

MD5
d925f91279c197e251195ad2daf2b845

SHA1
bdfa34eb3fe42b53ebb59c4b53090945fc3c3a4d

SHA256
e3f46f0e863176edfc982a24bac7fb294e22b88861291d13cc615cdef26f38b2

SHA512
8b8dcedeb727bbf11e373944c26c59a38ff9061c3c1f714c07df212c401e206e6449c84da2497ec6853440659a30e2b64c6691ca3a4a2dec368eab08bdf116a5

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
50KB

MD5
b1ddea7e9f09cf7d38b3755c8598ebf8

SHA1
100c4221ccfc321cff3668cb37f050ad498275e5

SHA256
c8b13864d72e4f070d0fe337a322c23608bb3a0e9e5536d65d789aa94b3b335e

SHA512
51cde3ac0c702922a23a0e13b2cd391dab9e99e4fe3ca60b79bc28d9bc5b2ff5648f7a06f7805dd2e07d3135dfd1664469028a78175ab9e7e9001d361fce2416

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
54KB

MD5
d97ec9e9bb116c5fe4702eedd1556b09

SHA1
b41d995dce6c89d253d905399de86d9e137c8ef1

SHA256
7b16be204fc36d701bfdf779df5af5b63454b8587d7061db17a6bcde17d26cb4

SHA512
374bd3de89ec4777f89e499cdb77160b1cb5eb8379f239eda70e959b414a96dc17e48fb3056cf3cdd0d7dd116ca97b10c0ac5b5aadda596aa094b0ad073bee0f

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
50KB

MD5
f42c77f7daaad849acfbe9eb2613411c

SHA1
618fff22897e45da91cb13bbe9c7cd5db4bbad2a

SHA256
6fc83c4aa76edd33266b40a8413708b405fb4de122d251efa2ea5081fcb962dc

SHA512
fe563fc34b9fa25cc4b810352016424d90f94e7e9b1992b5693b51d3d8a212077498aa16c94bacb303a92724694e0274cd4e8baf83cceeacaa587d61784a802f

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
47KB

MD5
9d21e6fa5ee58d00909ea0daa126a957

SHA1
7ba4a3724c1c9479d76a686f8d3fcac0c00ce7d3

SHA256
29d36847d9469804180db36bff49e3324a00c28c8da83bb95fbbfc9f99077b22

SHA512
8b3a0d274ff5357c8fc5afc3fd8abdc1aeb3ad0cbe4902cf44a2b9b74e3e7549db043591888e934e82ddeebb9cf7f92a13185711ce49017be46f86cf89b8ed98

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
53KB

MD5
0f0d305f3d49435026b848b84440a307

SHA1
1ad4b40bc59cc8774f3fc377158c36d33bd0b4cf

SHA256
f56beaff9bd1b37cd48de6fd3ceb6699dccba308466ef1047af7dfc16d538282

SHA512
476e1cc5e85c76d01066646bc63e24fc5d30c722f2f0fb7b703fdb6ee52e979a7cfea2508af66000e06df994b7ff3068d9d6f3e3cd608d91b00473f29b2cdfd3

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
64KB

MD5
6d61adb7347ea5b0f80b74aeed8d00ed

SHA1
75f754f9d14b91da2df8a3a2f104e08389bedf41

SHA256
0d9e5d6f9d7c6d0b450405451e1ca05867aac264ebe5dc05919e50ab8e058d2b

SHA512
ddbfefa103b877b9c8eaa4ae0eced3e53db10f5e13307000c0e9d55f3dff61da911a85cfe128988a208ceb58299fcaa62c37676c40a5fe6039441892a336f0f8

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
65KB

MD5
79244436ba4c51208eeab7c964670e34

SHA1
5d862fbad5736a0d416d4a174468f7ad030d8512

SHA256
d1be88916186c20fa583ede4ab5a1a91d5dc18d3423c1f504b8c41a474ae9fe0

SHA512
4b14f40c42761f5242b83fdc333ee86cf4fdcb4853e2fd3ffcf908649f35bb92e025ff10ef938b1abc6c48c19fdfab4ea3eb52e7325dff52c07dfcc5b7b6b3ed

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
55KB

MD5
40c2e7c00f0d27b0a21373b9954f73d3

SHA1
ccb2bbd0c9bea38fe6c076482c18f093c56354f9

SHA256
4a5021c71c3e3c1f7312c7fba7e37af3c34bca35a4097d0406347c8bcc2272b1

SHA512
1ddff818097798177798dda92f264953136efbf5093828c5f20ad6c019c67633c7cbb42a269ace30ab6cfe8c1586760d7a83e5a7b22795f04cf8f460f4d34694

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
52KB

MD5
59035ba7b1fbbc5022fad3744c9e6244

SHA1
3685b23c29f9f0665034b8a1fda623ceb27328b7

SHA256
7d632d2da8830d015000fded4a94879555253ee13a5e0dcf22d18e2b4f9b8db1

SHA512
4fd0d175413d83416fd682de6154ae25cc54c5121cc1f9cbe8aa9f11253d36efd542fcecaf8a1e75e1f702322b6032013a0806711a676f425fcef9df68b53b1b

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
44KB

MD5
096e6e79acddde785dd96cd36ba18087

SHA1
b5ee40d6be05f67a210a414a0c60484c671a0f9d

SHA256
d9c1ed7ceafb830854de3432f0dce64f097562683870c4fc21f36bd06712d6fa

SHA512
c64a6d379bf03cd244505512de082924268d70e320bdac0fec613ed0e8b721a7793aa3c62b0d337394fdf2f1cbfb258e213182c9f50b9a86ca1832b3425cd736

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp

Filesize
47KB

MD5
59756622689bb23f01788354a857fcad

SHA1
ebd1182f2eebe05b4377b83481321451672ae0ab

SHA256
bfa504f1df9a755a84eae34bbb77826fc9c29c793790f93f72ace10f9b340f89

SHA512
675106717866ecb4521df0b297e1cdc8827a0b940577f2488a9219ec0c27fa48d72dae8652d67642df1d5e160b058d686c94a2dfd54152f7fac5566d0bc3cccc

Download Submit
C:\Program Files\7-Zip\Lang\ro.txt.tmp

Filesize
52KB

MD5
07e284485bf805237c261fd4d8ccc7f9

SHA1
1c74fc29e64877e1d293a219e1fb47023a866e23

SHA256
d8620e8f64c5eb1f40c98abaf737353841fe92fca2d7b8de71c0bca5c14cd5ac

SHA512
540b5f6781f1ca4a971abff4986afbcebbd5a76a463999d2a0693931d52a2152a7e1dd8be4c8fb04f963540893db2858cdaf28fe0c9844bacbae8a88515b0c68

Download Submit
C:\Program Files\7-Zip\Lang\ru.txt.tmp

Filesize
59KB

MD5
31f399fe4e47ba821ad03a3fe6a20a50

SHA1
c468b8b2339200244b18a60a9a5ba0e305a8e184

SHA256
584e5ed03159fda438dcda02e9a33bef2bbf38d5f5086aea27b73efbbbefa6ad

SHA512
0ee361943982db556863bb9e6a6b1f281daee7fecd1f15716a6b2aae76e0edaf5be9bc668c2c07aa91a05f0c3cf030e4d959dc36edc4d2144703e1606987d3f9

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.tmp

Filesize
55KB

MD5
4563f4d3e679eab8e4e7fae12be66c11

SHA1
7a53f9adf0b270f0f4fd4d03aa1e68c2b255dd51

SHA256
b891ed95370372db8be8b145f82178f14f316b39b5e24edc92a7c45fb814e62d

SHA512
18c627dcbcf26e03e2170b9dc57e82b34c1d1e728b44d972fa5a1f9b43ec6c6a10a777ba95ae7d1294a05b335a1401212acdc2e58c21e195e53b8000211dbaeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_WERF10D.tmp.WERInternalMetadata.xml.exe

Filesize
44KB

MD5
f0456bd2b027e5291fdb595af7088b95

SHA1
b51454662d5ebec4012492eaeb52cf8020fe1556

SHA256
b110d30ee8427bce63d0084514b6323a28cf07e9e9d2feedbac14c5ad97b4c38

SHA512
5fce253c67c445e0bd5c446ba4f260f2f05237b612379249271fde29abbcbdd6c6f458a0e844f1a5e765f7260cd59812f1c31e2008299f8f037e982cedca0e45

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
38KB

MD5
adf0e1fc661a06c95db6ff5b90a33f96

SHA1
8b3fbdb5845c0791af966381ec29a510fe769e27

SHA256
22a0dbfc703c0c39720aeb139eb85a140091cd31e15bfdc872baec957e002a89

SHA512
2354eb3661a6e1d0c9003a0651242900831b8eea086724116ac371ec9c7131372e83dd1ecce49937ba7143cb62216af1bfaecb2ca67de327218f566140c1f53e

Download Submit