896f69a1a338b955e871ffc5c4981b7891a2cebe175ea5dd8bbd5a545ba07b08

Analysis

max time kernel
120s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/08/2024, 16:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4fa9efe314320b2cd1954d196d6dfca0N.exe
Size

99KB
MD5

4fa9efe314320b2cd1954d196d6dfca0
SHA1

8a67774e7d0477c7fd9ace60ca981b87a4991652
SHA256

896f69a1a338b955e871ffc5c4981b7891a2cebe175ea5dd8bbd5a545ba07b08
SHA512

75792c83fe0952fe73b1b57950dad531944bff6ff7c5887f45c726eced20e626e3d15a31c37ee765060f193f4dd7ddd64ae6aacfa28550291dccc22264649c55
SSDEEP

768:/7BlpQpARFbhn54fmiy+3BVr54fmiy+3BV6nkS2a7BlpQpARFbhn54fmiy+3BVrk:/7ZQpApmi6nkS2a7ZQpApmi6nkSI

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4802) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
2832	_desktop.ini.exe
2824	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	4fa9efe314320b2cd1954d196d6dfca0N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	4fa9efe314320b2cd1954d196d6dfca0N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-fibers-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsBase.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Pkcs.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\FA000000008.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOHEVI.DLL.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\zipfs.jar.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7.wmv.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Riblet.eftx.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-pl.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.Vectors.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsFormsIntegration.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\ShapeCollector.exe.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationCore.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationProvider.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\DirectWriteForwarder.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\wpfgfx_cor3.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\PYCC.pf.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-pl.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART3.BDR.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\JitV.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\zip.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-environment-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterRegular.ttf.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Interop.MSDASC.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostName.XSL.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.ProtectedData.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_HK.properties.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-pl.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.Common.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\include\jawt.h.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\ReachFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32ww.msi.16.x-none.xml.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Debug.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationUI.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsFormsIntegration.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jdwp.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\mesa3d.md.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\release.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	_desktop.ini.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_desktop.ini.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4fa9efe314320b2cd1954d196d6dfca0N.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4884 wrote to memory of 2832	4884	4fa9efe314320b2cd1954d196d6dfca0N.exe	86
PID 4884 wrote to memory of 2832	4884	4fa9efe314320b2cd1954d196d6dfca0N.exe	86
PID 4884 wrote to memory of 2832	4884	4fa9efe314320b2cd1954d196d6dfca0N.exe	86
PID 4884 wrote to memory of 2824	4884	4fa9efe314320b2cd1954d196d6dfca0N.exe	85
PID 4884 wrote to memory of 2824	4884	4fa9efe314320b2cd1954d196d6dfca0N.exe	85
PID 4884 wrote to memory of 2824	4884	4fa9efe314320b2cd1954d196d6dfca0N.exe	85

C:\Users\Admin\AppData\Local\Temp\4fa9efe314320b2cd1954d196d6dfca0N.exe
"C:\Users\Admin\AppData\Local\Temp\4fa9efe314320b2cd1954d196d6dfca0N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4884
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2824
- C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
  "_desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1194130065-3471212556-1656947724-1000\desktop.ini.exe.tmp

Filesize
99KB

MD5
3aa85ded795345bd4a46a0f3fc4e6136

SHA1
6ef202fe1c6d40d615255dbc370a9572cb04c2ec

SHA256
3685e26c4db42744d02cc4c0724c98880ffbf59b1453ee72d7e660d2f3146cfb

SHA512
ce2fd9f677e8a1d2fc4317b5f084cf45a6da628dbb6abb4ada2de3ebad3bac0cf53636aa49b9b27e23609d2909d6caf897c6fe7918661cee7b8c76172e53e389

Download Submit
C:\$Recycle.Bin\S-1-5-21-1194130065-3471212556-1656947724-1000\desktop.ini.tmp

Filesize
50KB

MD5
42d9e79c01e605120d8e3cc30168eb58

SHA1
d56ad6af725dac1b93fa2ef0b44e31e1501980c0

SHA256
cc93f81af310d08f988baa8162e76c2867f1541ed7b3d80f5c7b2367a4b1873b

SHA512
9805c6117f06b17f6799eb0f097258f480d621a3b0b301cd5763a03bf37a2870605acad4406d513f8dd1edd60e4f55256d141aef38322dbd75f4463e2622a681

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
162KB

MD5
b5b8c763fde4f6bfa78e5c2ce900aca2

SHA1
a5fa26a3d3506f91e8448ebf8b13f3aee02d82ae

SHA256
85b796cbeaaf4fa8ee7ab1a9ed53cdbc65882e04824bc30bc70429580074f26e

SHA512
ec5cb28751f8de15ca94c648ce2ff694b16606157adf817caae3b2112cb27e241670e9390e352e3a2d3a8457f49a55ff42c77f030676fc5098a36bd011bd648b

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
148KB

MD5
a94e6323de3fd7a0510c759e3e0a16cc

SHA1
17439ca76cd84e21aa9d414672acd3ea10000f48

SHA256
0c47480a59db7a72195e46cfea91fcc6f40c790627678145ab85d8a81532f6ae

SHA512
06c267513450668d8033ba5e4d65e05f0779024d7b32bcf7aefd61e965575f4d916afcc969815270e104011017504b9888e1a99362b446683a8d8247bb983375

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
114KB

MD5
cd377e6eef5de9b132705b5cf6be2830

SHA1
e50074f961d0f33a128daab44fee441299e5c7c5

SHA256
d97ee8e49ff91c045bbbc6a3677bdd2e4b920e571eb4cdb9a454aada0361b063

SHA512
9540878c604b990a246c193b3f99815feebdb9f14d397bc56fc813b1f8d9ea4d3108791e74d88395c6cc18f238d2c9f1d4a1d88495f5fbb29af3caa57d7da42a

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
62fb249fab7f532860eaf1e864235a36

SHA1
dfc98a13158465466dc1bd7655df0b2d8643fa5b

SHA256
81be7f2ab9b102ab5a458ab81fc4300a3f562f48617abf07461fef4136a4c3b3

SHA512
738a00075d5bdfcc5df82286ac6d7c39f83cabee710eb6e13cd5d0676b54714c6a8ed150ae705b4318b6874e6b63a33eda61c25cf6cbef0c1fcfbe41c1f790dd

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
593KB

MD5
4d0cd8fba016ed742b5cb46fa59b1bfb

SHA1
378adfc25087a3ff48014cc4097a301e75ee0dda

SHA256
de7e02cb6603d17a6cb1ab4e15e3689c62dc838d7d16c1b9771544cbdcec8450

SHA512
86f55ae728af91e14f932bf98f6c32ed68d27289e2d1a39bbea6f2c3a3c34cb1ac9da6dd0bea49af8a05ec4f97af76e4ca1faba07574c18503e331d4d7746ffd

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
980KB

MD5
bd4abeaf60a4009413abdb91eb5bc8ba

SHA1
59902fb0787de4728a7e2d55da5b9b0553dacf54

SHA256
3670d9029ef492f8bb87b290ed3f22135de3a0d43e7277d9f102e48f85431de3

SHA512
327bd29cd7baa42891e49f9c155318d4e959410ae4db70fd9038aad1de38e91b311fc75733a8f66a88fb1f36bc6ab7dd2af8c4b04edeac8a2641c6647485f5d0

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
733KB

MD5
68a29819f4bdcc1ed02dd2a5b8121bd3

SHA1
4ec6d01fe9e58ab974c23b69f7a1c32dde370c6f

SHA256
915116eada420d9b919f57032a986ba4cced33bab7908732739a7721fae22992

SHA512
3bbf1c58d0c41874f0f959abe985493bcb24d5e748c4ce3fc744e95bc84476f577ef1f0248646dc044af15c8cb85d3f8b8efb481100a402ef06ff66cda6a8bc5

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.exe

Filesize
59KB

MD5
9fe1b80f44b14ca84b535a7bd2fc5782

SHA1
e602a4dbdd6f683bb27be9d981bc1bf9dc86e2fd

SHA256
c4848ea3b071934070039986fbacfed2f08ab63b3661bd11ab91efb373953997

SHA512
96e9838a3e9ca473c20fe56d6efd8acd74704eea62ea5581b8bfd4ef390ff3df82e93ba761a73586d5541de20bfef745b011e05a186185938823caf014ecac97

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.exe

Filesize
57KB

MD5
3d375f2c7ba57c729dfcf6ef96ecd1a7

SHA1
c5b885687582d90b75bf81aa4c9c1b24c6cd9a87

SHA256
6b5e21325b4a6fc1f5602905c9f354870e9d5f889f3325801dd6ba8abf60d4f4

SHA512
660c51f85f6afe8e0fccdeb5840f82abe92bf0a4f3c86d949a842055a41026e8fadd8b3e397b24fc9428ab9061e40d697978b5eae4fdc5c319afdce826ebf7fd

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
55KB

MD5
2f384a8ccd115b2ae64a4f9d12130e78

SHA1
f1c6f7da12c587b612e74c812bf7aac16d60dc5c

SHA256
34d042c189f21254ffadfaf88ce8f1e5800f87f7e1844a9b62209f99d4b3d947

SHA512
eba2d1bea195a099012ba31271bac82eb13b86c31e837b0e8c8db49df42b10ab9acc02cc23d2decad9fa6d4a78508b5a02c7309d41b8eacdfea3e11579c2e8af

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
58KB

MD5
bad49725e37b30a9902aa0cd9d988f6b

SHA1
5f42a0522feb60434563cef792a98e6ac03c8c08

SHA256
d6cf60938abf811a191cec118a06a93e450720300facefca9a5afc4e5d30afc4

SHA512
cf3e2f20aa72ced26aae0e6a79974650b405c311ee5ed0d18e60212051a530ff2a4cb89f69a617c4e4153cd6a965a7404f5cb6fb684e06ae939189d92fd24678

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
54KB

MD5
9586d8493cd5b88b7173b5430291fb29

SHA1
1064972b1eeaee5937db15e9bc3ae2452201c4e5

SHA256
2b7b7ecb50200055308deceeb4d7d9fe20399655d46bca59bf71f01c2f8919ea

SHA512
50b832552310e71614ba455e57b59b58e705df6309df2e5382913aac7d023c512b73ded628a3d52268826b1076ce4c6ca94c84e3cd7cb8880acad8ba4e251e6f

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
58KB

MD5
acb75db0c21bd7da75932a03dcd5f995

SHA1
9debc293cf2fe89d464c1b615ee931dc40efeb05

SHA256
a8b83d786bba373c33d7df644d865b9d35079eb1066f426f77b082054d688346

SHA512
60269ded72766888eb608349e91d2f12f0006243b9aa98923b42c0c7f6096b535cf936d64002e189fe171fd09c83c373b85e0e0515ee82b42dc0c6f8db4560b2

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
54KB

MD5
a78c6ddac8fcd3b39a76ffbbea6f01c3

SHA1
d21f8d7a7d6c817905e4ca958feee4eab9af9ff7

SHA256
be640ed81f1a5c15871ebbcb55ed75519b54c4e91752377dd31a40eca48c95cc

SHA512
1cda915e3517e28c962d7f8ef92d68dc4fff45917e40c0895e7d3a5833edf05b887704e9ae368da9cf709021b0bb33240474782ff52673d9e4f814bdcf60ccf9

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
57KB

MD5
a198568edb7100f678bd7cd4a2707e9a

SHA1
7afd1a52118ca0d1b976755cf31fc960c1bb5ba9

SHA256
6d86803594be8ee3a8179d18ed291741e6cc9cd4c3960354a6db14f578dcd4cc

SHA512
7967b814221f3cffa5cfe6209a190f722461129e742939282d6a71b537d98c0aacdb855a9873788155c887fea12e7578f580004844a03f1026b58027e75cc4ef

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
58KB

MD5
2406ef7b86f6c1db25a3f259666bf4ff

SHA1
b8599d8d1ec9d84b5def64684cef62fa2867e73f

SHA256
d4a6e02775d747db9e9e75eba7a615f51db4b0b71b463244d5360657e6932e63

SHA512
c7e704c5b74749fb7e3930c6e50d40a9ebe265530c0bc729ecc59b1de3a33e07a08b348f1d12f1653fa721cb3b5774237e4b92bfe2ba07fe0119765d12488859

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
16KB

MD5
de59cbbb7aa0a0636af0c6aad443acf1

SHA1
43f63758158c7eacfd8f5376e9b0a976f9878927

SHA256
27000a871672d14dc3847581557ee9ece1627e2e8eafa6821213ccdc56d3b3aa

SHA512
267ce646956a6290dc021f31dc7366201cdbb64b7e7293ef8dc58e120594224370196acf7db2ef16b0315da0990a14f65d082ad67c31e8b3f8abfa1a67df1613

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
56KB

MD5
a95a9dfe1aeb25debbf07a72707c48c6

SHA1
aa208221eec530c7e699840ab35d8fc7118c52a0

SHA256
6fca49961af1e1a84de0c9d1eee92b632ca0b6bc7c77112281e62a3fddbd86e8

SHA512
45383edc0710bc3f7293b30776b76921d2faa9a4a7044fa1dfda10dfafb4cb1364d5dce9ee514449f20ddd8a6417f41d7db380d3831f9d94a6bf82fc12b282b5

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
49KB

MD5
a91d34e93781f6bb40bcf10fe738d451

SHA1
404da804858c118a1c5c10ddb2febc01a15e3046

SHA256
cb91ee595be6dbe3206507c51c477cda717f7e7327383d48a60946ccaad5585e

SHA512
f95806a3515c321569d87bed4dee91ed8bbe86a63f412f5075fd523744796d8c210374d31950f6e62c070de4006822b1b382a3f29130a3c70bdce4c3273802fe

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
49KB

MD5
1cbfa3d229ac91554141cd7d30c8d004

SHA1
9e34916f877fefd22f1162d40738e26acac81cd1

SHA256
c931bde5119754db0028b3a0d139225f097136257d042d789676656b9d7189f0

SHA512
f01f5e3f505866187ab62ff1a3ab7e22265fed769968e194c3268cc7ac063a09d2b7789a4ac8bf266561521f840a0863e58e82dc8cd84d10033afa920a3eeff6

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
67KB

MD5
aea33a1c92a7d7d5e88b0708ded0daa5

SHA1
9cf26175240bbacb027175ca4da2ddfcea6d11af

SHA256
e3099c16fe0df30e00d2d51dd24d012896fb512cd19b79fec0f568ae5f8ed347

SHA512
d809970d0585a9148641d6e3fa00d67e49efbf124d0bbef35f0c61a5cf50913e8349f2c005a3161d1adae5bd4965746daa5d3a7a7e39e874a3d6aab3dda9dc87

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
60KB

MD5
13d9e28ffb75ffa57813a3dc24c6df89

SHA1
b429d11ba67f7cf788f8cbfa39a1b82aa98e6f78

SHA256
d2039ec245dc6cf197631b84290e8ebc561c5f8d2d11a648db41eac58e28f12f

SHA512
67278bcff9e6a7800c74cbee79f92be8ad4404a483e7fa361a40fe18aa2647ad0df8e90764a74b9e479dcbb326bbe770bb93033631643f4417a97d5a48c11de7

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
67KB

MD5
e02dba5e2fac0f7cc040bfcdda668fc2

SHA1
004a5ce8bc49e1dbf43296a1891c14ce14634a98

SHA256
f89f40da6330dabf5be2c2a2ae2361459fae8e5e8d83b63aec1b22f86a59f9d1

SHA512
b5649dce40943353449f475b9223e08c58e4ffdebeeaab69d7966971a47ce295d7698301e41f4fe4ea1318ff4eb2ac1dec7de901bf7b09861f2b6f6cdf3f65cc

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
59KB

MD5
0017daeb826b0326eee6c7c60e1876f8

SHA1
a43c8c2a54959a40fb8ec10c0adb80d2b33678eb

SHA256
7a71792f71b521c223769a53d90369059ae3b6f3e19f9cddb3df5ddf98269782

SHA512
d9400e8356eacddb51b400549ed5c843d2949a56df2b586c1c95ba62a12f34ec6d68cb2fbeb811233577e02db26575f6f350616bfc864b5e6f1fa7dd340f05a6

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
49KB

MD5
23bd2d7b0dc0e49675eaf365a7b0590b

SHA1
e3035f2eb429f5c5d19bc9d758ec021ef50e2781

SHA256
5217a456af157d2ab0020351a1d1e496420df9e741238a439c86a7a2088c47d7

SHA512
d6a064ae09de61d2c4484e7b1b73de1231b2c9056da7f7bed897d8cc617ae90fc45dc5b0ad8357f219ebc75a7cd39abf1cc4dfab8b66edba8cc646956a2e6c04

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
49KB

MD5
9f6c8b091946b2270b774a4a4233eb26

SHA1
1d02d0f4fe6f7b944f934609767a6b9278c80c38

SHA256
d88c912a8ed6bb1858941a1ef578c1f46a393f9fe53ffb6017ec0dcf3c408c42

SHA512
9bfa554660361bd2491e7b2bd60641a5a81073a6a2696645ff2aa4c3eb8b54f609b5376d683ead56f34ca0fc2b1e84a2a192256eb69f77b5f2aa2814788b23f4

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
57KB

MD5
6367ff7ac2da5cd9241a00140ac46a5f

SHA1
5f139fff60b582b8a2d92bade56e5bb2d324c482

SHA256
b2b9df14bbe392aeb47e41662277c7d41791baba0448a7329e3d1fc3329f06ec

SHA512
8f9c743df69edcb2a04f4fbafdfbd112380d4515e1bdd317da53c0a447c914585fa83685abec9240f8773a83f22bb168e2b694fde388ba9b6ce3865c73711069

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
59KB

MD5
f888c1e888269b8a91744155c78633ff

SHA1
4fb6b763667c1480881f727876e6750adfa0d6b7

SHA256
8756aa05b7a560ec89e43031117b312d6f55cd9cc768d84140dd96d7659d56c6

SHA512
5ce471b288fc4891546fdad9d710854729633aff7991ff749ed3e259a2c20fdf25619e8bbfba33ac42d4a1d9f27b7fa9cbbe04941bbc6543a0ba7f4611c181e2

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
59KB

MD5
4b7ba56ae5d50e2afb1df0e4f0a79d7e

SHA1
fff091b141ee1ceded91f429e43a44dccc842a4d

SHA256
d38843732b7cd1470a3e5c2f05907dadcb548006408e948ee242fedb1d9990a7

SHA512
9ff698febd23c8b84eb16bd964d0325d960d35898659b233c47dfba7fd82a829c0692da78fba63578232ff879a19dfc61599e1db973dc8b52c84693576ddaf41

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
61KB

MD5
1783d3c74d667c2a41ab4484fc8722de

SHA1
a34f2696ee08e5750e4e09eecb1c16bbde5e7bcb

SHA256
6897c14d9b4b686597e61895facbda1f68c6c9bce8fe3aa4f3e28f71bf93f6f1

SHA512
0167e3d5348de2deccc62f3b67ce2817fef3dd84de20fcc5f6720f4f8e942b8f842ad59a34d188a4ff309e151873041877902ec9f70e1142ab1506c605ea4519

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
49KB

MD5
5a420e6c29cf0665f79a979b46f87a93

SHA1
ad5d2d1c95465814934f2e9f856aca3974db3162

SHA256
e5da4e8786c5a1d3f86c8c69551e16511d784073fd5cbc902bf08506a41832d5

SHA512
cf33bdb89c0cf2a4e59bb03e246da7a85f9b56aa6d7dbca331efa964ab7cc736b97e48ba610b2971959a3775741372e6adf03994c9bfe3e6b638907abaca3236

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
59KB

MD5
2647ac523133eb2ca46a069af4c76f36

SHA1
07e8efc82706d169be1cde9fe1526a27f28d54b8

SHA256
10c934d31604799212c228b4efcba1be39f1697ea1ed564f18b8e6c654e6c897

SHA512
6563a1803b78dce287b1261cdbb963b46bff112bd94970d845a46ed6382261c43e19e469a6982481abe1393dc6a2992e745debb81894c336d1365b4db9ec3217

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
57KB

MD5
591cfbd14c79ed5a9aa7c5e5a6e4b636

SHA1
bb9a09cd46ffd2f3f40ad3b20e9bdf7d2cfd3991

SHA256
9143e06db602d5cc21089dfb63164e7ff10796da2583cf2b6e39b0d5c5b9e6c7

SHA512
bfde5c377d0a6e393ddec45032bd6bbff01de8f92da3639e11406e50d9c1d32e318a388fdb01c86bc35fac77e37c58c3b5fe4fb8288fa4c498491e8600e2c8d7

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
57KB

MD5
e2c16fe597dbbe373ef404fecef76fc7

SHA1
dc45065a15dd69e3dcd25d926526987feb89e5ae

SHA256
2f5ee1be00fd9c5055c12d755c50e7af8eb4baa11e07c68bf8ba6f1d7f1a3f27

SHA512
7af741ece8a8e9bba8feccd1287d7d8ba943bc996cab4738fb6abeb452bcd9744c61169cd65396ee2b824d5aadf23151bbb7e500a58a15b6403b47a2ce979a69

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
69KB

MD5
c4dffb6ef76364dd27cefa81fdf088ca

SHA1
545b1553680e2df50cd0ef00e28900b471442f5d

SHA256
9e2c2d78e5e7e1859be846f1e00df2d38e9aa360122770bb12684c1d8e4963f7

SHA512
cfe7cf506e096b72f08ce38b9329652b25ca12dd5f306ca97108aaf145d12beba875dc3b4516314905eb23fa908466cf3a8830573370a3c1a15a5d649ca1f838

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
70KB

MD5
9062411124ae5d446259bb1a50dfb58f

SHA1
71a8d097000fb03eadb9799dbcdcc2ce8554d184

SHA256
ce09336c1d191fe449b30817322982ef016b303a3d901c9e1d0cd7793275f58e

SHA512
a8681a23b4418fa0a0d2f8ebfbd960958593eca4ba8bbd5e76c4de17c08099d120e842b84b3e21d0e3fb44549d08a1910912631c3be8dd5ab51dab128f08f1e8

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
55KB

MD5
a346c3c3381e204543cf4e004ebb6d5d

SHA1
118efa0d8b6fa524a252cffdd02f2a59bb0da1f9

SHA256
9db6cc4d864629d09ba72e5945be6903ec982bb0875fd47517c87fc76706f076

SHA512
013702accdb6314832eb408d1331f89f488f46dc5140ef77701ad37d659ab3bf57387b68d0a6eab4072c4b005c006ecdf8da282dd0b9968cca3189cf609418a6

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
59KB

MD5
2b4080c759cabb9ca0691ade532e6cf9

SHA1
e5edaff82b428fdbec1cc75b12cfcb98b00161e7

SHA256
0c2f0210f194aafc228cbfee4133eec5c10e5836fc1bf6427acd62f51912c1a4

SHA512
229a15772eb74486819633514c2198cea47d43a81e5a54df3a5643c52252fc97a006ce5c8cdf0d445c39e477b12d869bd3e0117ac0b0965a2ce6a1e05bb98034

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
49KB

MD5
872629ddc322f31d2fe71db9d6f143b5

SHA1
feedae407c54070aa4ec3154650f0eac702e4cb9

SHA256
78dcc230fb1fc37b14957817183b809e9a831212b2aa37856e9ca678178f1c9d

SHA512
6aa8597ac2bd94fd8aa3217a5d73e3ab370d526a9984fff849b16dda481dcbf899c9aac4774525cc493e80e77e18a9330ba6ff2472d9cc76ac9fa197e5a46189

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
64KB

MD5
42668df6064fc019e234cf6e21c9770e

SHA1
a48dc70c5ad800097a1eb4fdf2bf25fdc3cc5f3e

SHA256
da99f7b66a1dd90b11a2aa032ab7df47a030aa6e0363a76f9d92f8584b1319e6

SHA512
d3af15671852d26afa0206f8231df76f4f518d5eecc62646c0f086cc79f12612a36f8acbec490e174c0e6ebf0ec5a8447ebcc0b2715d5d987788532b0de232a5

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp

Filesize
58KB

MD5
213f5793f8ab0bfede19757f52e60986

SHA1
cae431d627e05086a2ddaa46ba670e5e233c97b8

SHA256
f20a447eda056a030059cd60cba4d2c89ae9085e59d15e4f8c2474503454223a

SHA512
1215272e0c0b441433d6af8842b27c8828e8abd18e714d2b1f6aed209701c7c90782a46c6aa9a7147dbf0389673a8a7a4afa1ce3fa431ad2e4cb82c74887df3c

Download Submit
C:\Program Files\7-Zip\Lang\pt.txt.tmp

Filesize
59KB

MD5
aa9e308fecc12152674559a30eac5bed

SHA1
cd0e3f9f84e7315da186aec4831b20211df44ef5

SHA256
63522836c0cad8fb8e4bc9e03425be35c85f8e1f8992c84664390b2ba1fd9742

SHA512
22665d98d92cbde02be8a7c3b179a08697c0b5c95ba20696ac0c65f250ea91209e45cd8a9196c517bd102e8057ea4955229b80c94c47eedb6b576d1c497354ca

Download Submit
C:\Program Files\7-Zip\Lang\ro.txt.tmp

Filesize
57KB

MD5
cf9267b947723926628c2a5b5134a935

SHA1
b4d8d68c6f8635957f1dc575acfd8a6ec6b3de0b

SHA256
ace3d77fb291dec38ccf3119a090195a20cd30f4b03566a94eca925402400568

SHA512
7d06eff8abf98f9f622bfa63b4a60683481463e0010970e9872397bb2b1a1f046040c4176bc7ba2cf213efe611b20eeed2ff35e0624bb93693fd939a0bf13414

Download Submit
C:\Program Files\7-Zip\Lang\ro.txt.tmp

Filesize
57KB

MD5
ba84d68fb894f21c0bb9cbdc97019682

SHA1
1e18650896858d1b5609099c7d250134db801a43

SHA256
c3ba41a647390766d02c69f4c6782a76e72504eed3bbe773805a666dd8949431

SHA512
25fc66f8d31a07713d26cf90326a279ea5c84929954c1c6862c7b25e09159d77dcad1782cccb3f1001fb08693fd5d77136e0bd2c7045d43ca87de82124d64078

Download Submit
C:\Program Files\7-Zip\Lang\ru.txt.tmp

Filesize
64KB

MD5
e65ad087515f5d0d46152833f243d069

SHA1
4b2401a784357887fe804f024ddb09375d41cdfc

SHA256
9990c01484382339009367ab482684ec8c4591914bf44782af3333a15a17fb90

SHA512
17579780c2287686d5fb468c53cd76c6120f4c3f16db8c4745332c8cbd1ae3a8d17e183de90380ddb5a5ffc58f3f43dba2ed577624e1aa1c897f6f941ac56747

Download Submit
C:\Program Files\7-Zip\Lang\sa.txt.tmp

Filesize
68KB

MD5
013142238928c44c81dbf38a5104ed78

SHA1
f8edb7d1d5b4df843ed8a4cd3cc7ee8f75c46d3a

SHA256
ae9f3b37eb22142888d53da967e8191878878fb8f90e017c6f81e8476f56388f

SHA512
7b581e02d4fb8a7f1647337c0d2a45cd00c6220dff44c65ceb69d6b02fede33ac1e29626fb7a8819a5dd79ae685124cbabaf715dd19ea29b832592638d15b28d

Download Submit
C:\Program Files\7-Zip\Lang\si.txt.tmp

Filesize
68KB

MD5
8ac27967ae12922371b99574cbd7303e

SHA1
3148fb135c2c8ada0393154eb22c8d13b7239d13

SHA256
7e9db0372a600087794ab8afdf3cc8fb08e83b7592929aa5be87d683c1f79d02

SHA512
573985ada1a04e68cf270ee9a64590ed1c4fad3885271638b5f892da45332f6c4444d9aa83f30a02bbe78c41c29cb1adf636aaa0bdb3b1952562506451bcd45b

Download Submit
C:\Program Files\7-Zip\Lang\sk.txt.tmp

Filesize
58KB

MD5
d9f82ec913fdf72512e32cf20703d26e

SHA1
d8e2ae4b8cdde02bb21f82448e6b42fecab4474e

SHA256
f8693bc3c6e746748acf335ee8c133a1ad806c4728724da4c1ea97cebebcb5d3

SHA512
d060e843675823e51337aa7f06c14b713083efcdcb56f5925e38b2efa0ab63c9110cc19a8b60e235c62e0ac8abf0d4f7eee388ed2af47d91b95e614cd59da1a8

Download Submit
C:\Program Files\7-Zip\Lang\sl.txt.tmp

Filesize
58KB

MD5
0342d3dbabfa87ba58ef9dcba1a3cfc7

SHA1
6636ac6cd137967837df9f7d32b6e3fda8297477

SHA256
7ea31fdc8de5a612f3b3024d90a324496ef2dad8df4afc16e41034130a98df7f

SHA512
99c1d0820c8d7e4ef95119888d4493bc360e922b518f81367724c1d4bf985ded6b0e717ae30fd1ca8c5ccd6dc048f95bbc3068b79e79aad441ab5fd91bcd7069

Download Submit
C:\Program Files\7-Zip\Lang\sl.txt.tmp

Filesize
58KB

MD5
22af94af81c5aec3cc4f4e3f46bea427

SHA1
99232a67e91d603ca9c83e6b98c92cb2d3115df1

SHA256
113ba7f18008b599c318da7e2f65f23dd5758b10c6dd5c9d6b57103a71fd92bf

SHA512
4f3a4ab220150ec8dceb01fb960da5affcefc844958e06b8c7ace24c16d2bc3097311db0bebe240b7a16e90bb37270e948b309953eff33eefc44e50839ed65fe

Download Submit
C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp

Filesize
61KB

MD5
23a1c51c77d08c7cefb0509441e852ea

SHA1
cf17a10d1403a4e3f870412cc1e002e1242d81cf

SHA256
9017e9387e4771ca3d0d339daa81e81b64c6ed9ed8b155534a4fc56614bbf009

SHA512
2427fa84dfd39bcb4d94c8cc5eb003ad9bac3f6c83a6a14e809fc003717d8b4afc19ba4503a0896e16399180a33d68f7706784979b76561f6166accd1d85dd94

Download Submit
C:\Program Files\7-Zip\Lang\sv.txt.tmp

Filesize
58KB

MD5
c89e9a7dc5d956f00213047cf17446a7

SHA1
ed7b175ef04fe3e6f1c22eb33f09a55a967fa838

SHA256
2a92b8acf7ea51bb887de29f966d8353f381a461ec59c67f776f43cdad3c77a0

SHA512
6027aa3bef9c60c55c14088d0f2d3463ddae55b3acc5cf63271b9bd311cdcaba5fa8484d3707f4dbbd9a720abdc166aa1aa44a56865f26d6ee976ac16c489db1

Download Submit
C:\Program Files\7-Zip\Lang\sw.txt.tmp

Filesize
57KB

MD5
61ed85aff2a4d642355a1bfdabd524d0

SHA1
7fc4eaac39d4d71691e5a81ec521f061497bd389

SHA256
819b30f38ec2723a6255cebe07cb13a5a2dfa6b56b137838c5ec2bc40b3eb2bd

SHA512
9e9413986ae1a8c39889e133088924f855fa0dff103d5f1c74355eafdd8986ba89825680220af6a85246199990eeae43351d6277562be99ba4532e2e099dfb79

Download Submit
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp

Filesize
67KB

MD5
53803555ab452bb4b8032ab5b87bcbca

SHA1
87e5146c5bd4b3800a8eb0ae77e6a0bf8230adf8

SHA256
7551b7ca1aee40411159b8426295c8698566ab84feef85a8e99fccac3c8d4932

SHA512
6e47ea4418ec12fedcb3c79e93dfc9ebbb2d36da670799223ae32e5678a88d52b5ada0235980567b850ca99e6ff001639b2945ac25604f19254048042c6200dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

Filesize
49KB

MD5
9f5742cfd9d8ba4bb371930d20590d7b

SHA1
b21669abcddccb2e406e629d5f7192810d2932d6

SHA256
e0199c4e4e86a2c74753b9dbaad0786ff9faa56d771fa9539294058b7b4faf28

SHA512
d6a3b16f36884fcb0aa03a2a69d161e881d53324b42060a4e07b7c38527563d3c0a3f292ea2f3d675fff1186bcfb32bebbd66c861a8d89797b8692ccdee9f213

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
49KB

MD5
21f546a1655cb6b25449b181688df3e8

SHA1
239ed0b99a4a13fa1a8a3e6be9b6e9d54a2b79e2

SHA256
327efea838b32602ae7aaa6491e8be879c8fc8159bcc6826a71188e55d0ad273

SHA512
285aa2c32d7e713831c71a7dc270ad40adfe5fbf3feb53e00815a684267c601efa6c6e5f53fd1437d851e735c1aeaafad9c7c4c32ba15cd70082254bfd67379b

Download Submit
memory/2832-14-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4884-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download