228d0bcd9c5cd5cd027412d830247c989540251785104052b42801badf94b406

Analysis

max time kernel
120s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
16/08/2024, 22:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab397cc86d6da851982fe5dbbb4841d0N.exe
Size

203KB
MD5

ab397cc86d6da851982fe5dbbb4841d0
SHA1

52025ad093973adb06293ed95c81c9b2b38da92c
SHA256

228d0bcd9c5cd5cd027412d830247c989540251785104052b42801badf94b406
SHA512

677055ff13b6d2534657750860bd142b6d3ce5c213e780ed911101e3031623245270d34f8c8c64332e31ac54fcc1a6ed745c87a3e345ee2bd5ad9f405f919baa
SSDEEP

6144:PqFF2Ie+efsim2A5sqFF2Ie+efsim2A5P:iFF2+im2iFF2+im2S

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4247) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
3420	_Desktop.ini.exe
3624	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	ab397cc86d6da851982fe5dbbb4841d0N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	ab397cc86d6da851982fe5dbbb4841d0N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\WindowsBase.resources.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClientSideProviders.resources.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\icu.md.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\cmm\LINEAR_RGB.pf.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\fontconfig.bfc.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.Windows.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ppd.xrm-ms.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ppd.xrm-ms.tmp	_Desktop.ini.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\lcms.md.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsBase.dll.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\netstandard.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.ProtectedData.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLTS.DAT.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-debug-l1-1-0.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Primitives.resources.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Formats.Asn1.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Xaml.resources.dll.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationTypes.resources.dll.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\dxil.dll.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TabTip.exe.mui.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Mail.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\ktab.exe.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encodings.Web.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\ReachFramework.resources.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.deps.json.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\lib\jawt.lib.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-pl.xrm-ms.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul-oob.xrm-ms.tmp	_Desktop.ini.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Serialization.dll.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\System\wab32.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Parallel.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\splashscreen.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jp2iexp.dll.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md.tmp	_Desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\va.txt.tmp	_Desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Primitives.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationProvider.resources.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\lib\ct.sym.tmp	_Desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-environment-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationTypes.resources.dll.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ab397cc86d6da851982fe5dbbb4841d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_Desktop.ini.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 3624	2044	ab397cc86d6da851982fe5dbbb4841d0N.exe	85
PID 2044 wrote to memory of 3624	2044	ab397cc86d6da851982fe5dbbb4841d0N.exe	85
PID 2044 wrote to memory of 3624	2044	ab397cc86d6da851982fe5dbbb4841d0N.exe	85
PID 2044 wrote to memory of 3420	2044	ab397cc86d6da851982fe5dbbb4841d0N.exe	84
PID 2044 wrote to memory of 3420	2044	ab397cc86d6da851982fe5dbbb4841d0N.exe	84
PID 2044 wrote to memory of 3420	2044	ab397cc86d6da851982fe5dbbb4841d0N.exe	84

C:\Users\Admin\AppData\Local\Temp\ab397cc86d6da851982fe5dbbb4841d0N.exe
"C:\Users\Admin\AppData\Local\Temp\ab397cc86d6da851982fe5dbbb4841d0N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe
  "_Desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3420
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-523280732-2327480845-3730041215-1000\desktop.ini.exe

Filesize
102KB

MD5
0513a0f33145ad190d1aaa35b989ece5

SHA1
1169da5fdf60473058b29e0544da2c46c9420600

SHA256
884d77c408ceb6e525b885f0e8366cbc56a57f531a6edb4c62f358eb167de5a4

SHA512
9410894e6c022b4ef47ebb0dc2254e2d384d0645c0054ddcd4af6901f28707e7614ba45d596c096e78a6fdf379f42e54a24a6517a615db39f9e5d87954317bd5

Download Submit
C:\$Recycle.Bin\S-1-5-21-523280732-2327480845-3730041215-1000\desktop.ini.exe.tmp

Filesize
203KB

MD5
0ef15d015b539403e0daa1adc50acbcf

SHA1
16119abb0d8247b4ec8152ead3598b65ba9d4de7

SHA256
47c270de2ce36009f70b62ad7e7e6f40f93a39a0f01ad1db9763a2d172d47071

SHA512
e2ecebd6c9bf001e489759a67fd064824dbbcdab9c40c2dfa34c54cde808828a285a4391fd76d4efeae0f173ce7b9387aca6e5ad9991b874812c19f58006c134

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
214KB

MD5
f6f2f79bab3781aa3333815de0f2e6c0

SHA1
89115b18ed87676f1d22f8e289d6f08f65c2b5e9

SHA256
1500cff0cb3f015d7a237583d6829746345e0c0d81122fdc484dc5e897c3fd5a

SHA512
93d681368c19335ef748c3142d05d4f3be798dd1e8f0d27cf549cd6e34deec9faeb2af8bc1ae76d324514296572975f657c26d6652b239330af093d9de4265a1

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
646KB

MD5
29322cc08214c14ba527d5e1bc90bd1e

SHA1
fa60b1245ae33fccfd2bb015a82b378cb3dece05

SHA256
fbc0b239d131ac8834fb578f43e73be0fdc3c6f759ca43261a37b88df1646202

SHA512
5455fba617003eb497c5a0170fcf5f8b286a78a69e90ead945bde527007ff51f0957ef14ebbbfc1b2bba62aa407be2168dd959a343615cc8ea563a653488099b

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
311KB

MD5
0c600ba88271c85d00848c0c29b28aec

SHA1
c59273159394a9bc6c6b0a114e520021e5258d16

SHA256
5f9d8d8dfec3242787c46481291aa0b4f5d22725be06ffb3d594d3aa4dccd9c4

SHA512
1896cb6d868612ff2e3dc86d8acfa205305cdf71890f3c6b6d257fc7834897deb83a9779e70577fc20ae631a9ab253aa0eb4649f4b38316a615fec6dcc62a628

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
290KB

MD5
5c2e7ac60beaeb5139504be842dfebfb

SHA1
9dc8f3bdf13a62bb198481bcb6b04a23f04df85b

SHA256
0061a30f67c141c25357cb7815a671a48a494790710eeb86bf224579667e903a

SHA512
01b9c8541803a5b2e4012e565e0456b5294ff92963ebfcab52467b0366676fc3a140a1d0509895d73b8fabbcca19f8949b07b1346b544c158e579cb735211db9

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
1.0MB

MD5
136d0efbce2ca7010b4de001f43e31b8

SHA1
1beb0d0660e1a31e9f181b1d4d66e0126897929c

SHA256
a505cfec2426b4204de280e239890ca0138780c71ef7649b572690d6c9bf70ed

SHA512
21cc4358f084bdd73f520befd6bef3f737d552bc41c4204dc72e49f33f5e422c14cde412edc48d9f15f1e6084064957c075d44a005add4a7d51a2df323f4ea5a

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
72KB

MD5
aa5dae7648904a36bc7f14acbd8bea0e

SHA1
0f31fb45c6a552beb312ce14a28e25f468d3eb00

SHA256
d268cb8ecd21fb5c926f86d038614c09c04904202bc4b3743c9d00f92ad7ecdc

SHA512
980962162590f94ef61cc0c16a76422f9dd07eacbbd391ca37d87894d83ddd9b93259694a548bc87b2597c4383d94a408683e060c9b0d74493e2d2b6240b992d

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
786KB

MD5
89000ae1bedac6e97d6fdd3b69302a90

SHA1
69c2694b5ac8eb562d736b2aebe2d67b0ddae105

SHA256
959bdf50fa6b811b3bce4b2e94a12cf38b814831d62c7e7934d747e9c18fa1a2

SHA512
2d1208572ca5d6aab245cef6726eea54830cc88dab6a19cb857eb5ec0512cfd051e3c78d96168530e03dabe0e0c7a4ef5650932fd9b5ecb43cc4f1dea140da80

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
159KB

MD5
c2990aab1d926195b0c64f1a43643c4c

SHA1
d1a28e0f6857b90a6a1962323338cc2530a465f6

SHA256
4ba36d29adcc1c301af938fed6b9be317e904f82392c4a655daa6c115926e77d

SHA512
7061b5854c2fc91933a8d1bf77110b7e3b1e6e6074a7a33be771779b886f6141c49676b985fb909841a01bed843ec3265eec1b29d04f5fee63a3d2a02ac8c0e6

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
112KB

MD5
52243e9d3974f664f24c03fe5990f1d5

SHA1
6493d525effbf540bac9be79e5e5bfd8b8fc8e06

SHA256
bce6886b9bdb79b98e731dd681b43825e855995f3fd8d3d28cdb5160465d2fbc

SHA512
06af9542cc5faa90b7da847bf0adda347f8a1eebbb10652dbc20d4f77a28805f0af251d392385fa5dee1e3ad4bccd8a04e40ba940ac04f4a60ef958b1b146985

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
109KB

MD5
2d0c3539407bbe84b8a0590b81afd442

SHA1
1f599ea7f29d8562b2591fcd3536880dd06b939c

SHA256
46d7d9a356017fc60f46f8c2aaee7c81427ac5c0c776b5becc33211b904f99a5

SHA512
d63187829c45ea47dacf2abdd8510aaedc60209536cf64768afc2a38133c3a0dc17b446be413b59ec440946edd74124719cabb4881c1068d0c00b624f494b695

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
114KB

MD5
e07ec166095770641770e04f571b7a8d

SHA1
d8af866542e2357a4c3bd58e4db28adf8e632f8a

SHA256
ba73c158de59252602e2209efc197afe7cd303f765eb9b76762e42706feb6bc7

SHA512
39175de043847f4cd393d397da40aba66522318ac699bb14065a56a407811b040b703d5f726a06e9dbfae667c6c113717ca28d7d6a44c6791145e3d1e99d825f

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
111KB

MD5
3f9365160725ba35e6b7a761040a5709

SHA1
a7c01bcd99f2a3cc7341f45d405f204a28e7fbcd

SHA256
36a3ef6d7b76141a978a4758da5385e429a9d16108e862f838289bd7a8d322e7

SHA512
52161676ce941276a37fc4f3ae4e0a8579561582f0fa83f461c302e9e56683d6787dedd99c6f940834512f75840362d31cd9747376ea396a32fb597842529446

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
113KB

MD5
a717d0e768d5a11ecda19eaa17b799d0

SHA1
801f2a5100a0bdb6f6635e5ff2a8cbb22c1b271b

SHA256
d63b88a4d07631659604e5087e5c2dd5917b1d1eecc0ea8946f8fe5195109056

SHA512
13e91c9ee36ada5a7afc479f381147a61f6fce9f81cd64e26132728f29ee50a45932eb41a46151054bc623c782e56a41f94213a9de21123039ba49e4239dd71d

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
116KB

MD5
f2f71911479ee3a325ae2eba3b4b3b87

SHA1
d5f657ebc72ede630eb3201720bdc076a0eef335

SHA256
39dd8912898522e80c84a5b511be262a4f8fc5fb2f9b8cc0cf18a8977de23b62

SHA512
cb3288aaa93dd6831faa66cfcba1e558cc9a815eb436d06154f8a4444c4bc510fec88aa47c224f0cd7fe81557817b2d18fd5c0853d26df4db493b19dad67e11a

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
110KB

MD5
6113fcc9be70123dd99a7b147883ff4f

SHA1
e1bc46dbab15f78478dba91b2d707bbb94abb4ea

SHA256
3bcbee14248ddb319a523e98a6676420c2a275d8357783708599ab7abdfa6915

SHA512
4a09afd370a5e0918d75b2e6cc24172770b696219cc36491a89667721c5c8d06c8e37b6226a90ef479079c582798eef93de179ec496e999b18db43ae65893f69

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
112KB

MD5
04abe6db6fc7db3f03cadcf22d9f5589

SHA1
9197d723311d99de1a0820b450585daee1f8a281

SHA256
06082c445297c0890590285716284b19b8319db829cb10b9d629d5e21d4bc055

SHA512
c22ac00bebdc0733e87bbfa0e5a6697254bd816b4418f9e8ef0549fd58ff9f647ac934159d39b20d84484f4c977993b10acb618de8909a350ed2287dbe4180ac

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
107KB

MD5
e33d6758c18b4685a4df37727eaea310

SHA1
6feadd8fde763de15d77aa5fb4924f65942be02d

SHA256
be5198396256f0fb7df3349acfcb55f938b89ed550bf3100c2664349d8ea716a

SHA512
d63b5f14cd085e199d5f0550d39ec55953cdbe3b8d22f8081a5f583a50f3dfe39583e302c5da713fe8052ce2ae54588fd83aa7fc222863fc13fbfc62eadc6c1c

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
118KB

MD5
323982fdb36e294c2ca62b35753b0cb7

SHA1
c89bfb7e292f99eb08fa4e8b375386e6c69936e5

SHA256
2a39946be4b819aa217f2a885433354d4dc77bf8d8c5e3d91157e3ae48a55c58

SHA512
f1dfd0e87d9317b688d6621ce3c6f18e6cef3715968c4ed15ea7d0ad2d9bf318620c0ed07fa9ab06d4826e74cd58f725cc931ee75f85f6e74ef6f14b5c4bd604

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
112KB

MD5
4964b30aeb232b40fad43342a7632f3a

SHA1
3640a27ef55de68e69d611443a535c338d6edc5d

SHA256
7689f94a3df5d425153e494c6e181624d4ff11b0ef18441e0f510fbc7c849566

SHA512
2335f65a442ade74218e6b5505a33729ff37936c6e16550200efe0178f3681d895ead3b5393b6b4cdfd075ff958afdac761adaba51b4e55ec7308c38383000c4

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
109KB

MD5
294f17b926b3f44608bfaa04f1f7850b

SHA1
4d19a4631f6c3c59136bb4977eecd1ba8b7e2f57

SHA256
d26afa65bac304ad9d7d0a4d5859ca76f25d0b74c6c5ac4bfdf6839c541fc705

SHA512
a6e203d937d13573e77a8441375c5d9d3e5a97470e1a9a7e6bbbe7e32bb032ce6cd2cc0c2e2bcaf6c5e52df46215b59f1c9db290d105b615409a4e0f3c3d158f

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
110KB

MD5
46e7c1a10e3f4197e747190662db861e

SHA1
ccb60506b58d8fa43d9c40640ec8a3ee05cc47c4

SHA256
9e0a801c52719286d6240a6052ba2a543e83c55c365cf69c8042d7c2adad53ea

SHA512
8b3abdcbbe4fa669b16c4e9b503060598d77e09b485cb572792b78627a0d73b6a89b662b220cf1aacc51b08ec24db5c1dc0e86fa0289b299ee2a829095b8bb41

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
115KB

MD5
0ed067771b04eb45578331d2add5d1fd

SHA1
597af02368d404faab4698227c0457bcf1ba70fd

SHA256
7245a544d60950726878ce98dd4e4576f0ce441a7d314fcca5d1fd27f5e10a0f

SHA512
65cc4b61e5fa18b92c8b58e9dce75af7524679224f3575536e00fb7faf490f904a540763679b6e83f9f00454ec9efdc76cd3f1afbc4a1eefae0680752ea28e7e

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
111KB

MD5
ec013c7e25e3daf87b419521f8fb8e22

SHA1
659f2fdfdb554cdc2e0c8a2f4887d314a70a9e40

SHA256
14944c7e47543938dedf3eb32651ab040d17e1366a983626a34c8434fa4808e9

SHA512
4f4436ee9a81e66d6551fff2e65d73cabb06657e734d0cd00c8dba2fc8355e3187dd9ca4a9259fdb0b77a8669245a8fac1e496a563d0f5fd89a46133caf0bd2b

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
107KB

MD5
803f39325b2c561f00bb526ac939715b

SHA1
e74a0bcad556138d42ac47a3f9055e8c355beeb8

SHA256
3f255b79a2f97fd377f0c5c2b11acd3ad67f2a4afb34fd166e0bc09f2296e6c9

SHA512
0b4b85b636ff2c16a2337055500c188bc8ec39bebd905053e5b82a0ae65238cb6830497e593c61bb277b6f0a466066c1b1b1dae85ae91914eea206cb56a31e04

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
109KB

MD5
a20361971d8932269e8f905e69b06a96

SHA1
bc9c1fa1f23394f6fc8e521a2c63962def51f702

SHA256
98f3dcef9a938f3d9a15dc858fbb432406b391bbd1ee8d7776db9af4101ca520

SHA512
7fdbd54c087c6ac7f3dffa9b920ee84f52bd1b137559a395a718ea5e2b628a130674695182c9f69786b393004a11d1c12f1de39c0a0668be7e032a1d535b3371

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
119KB

MD5
f3dfe52d0c2594c3c199229318b25360

SHA1
5ba327612038d723ed787934c53d5eec6898d0df

SHA256
fe63738ac38e7a515c41c4b7b6cf0e9a932dda158df8135065a0069d85363cb1

SHA512
609013712c42d60cdc295ff801a34135b4bd6ed7b6c4aee693c371795d6c5d753a5e273f4b01060108089a897f61509b33f6a8d851df7a9aae504edbff9e6f69

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
112KB

MD5
0e6048d384f9f939574a55a80833709c

SHA1
4cf6b12937a81ac84c13cab692b3101d1fb390de

SHA256
d5185550d9c855c97f0c6e09f10686e280fda91515f4632e635acf39036cf552

SHA512
fd78d656ca2d6f4b2db9b4d303f39320a3a7c8bde79764dbc7473a9e23a9e8aea0cb7068113041d755d8018b9bbffb3c875cc1cc1f111fbd059753774f0b09ba

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
119KB

MD5
693bee1b26ebff4c9ed2fad5c6c52813

SHA1
38a0d3b541557d0c49dfa8e366618c99813a0bbf

SHA256
43b1a50e4315ce865b248217dc447eb3757a1d9f2b40ddf481ce06f6bf65020f

SHA512
d6842b87ae378323e469617d6d20cce4717a1a10aaa237aead33dac8e6d84148fd0481259e09164f4a84bda2566acf997ccadd88be24511577d39990f3caae61

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
119KB

MD5
5db7a9765342ea7d7c6bc91ba06b0897

SHA1
04a41b92ad8abf76ead252427562c0753287414d

SHA256
2db11230e58e45e1e5be2237f8a570d7672cff010d669092095eab692da5b2c8

SHA512
c349fee357d4fcbb5fedae8cd1bc685e89f02edd15c27e011a3ee082732d81fa3950dddc00b518e518eb338ded2eb5f082b7905acfb6d240a8758ab01d55ade0

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
110KB

MD5
9eeb05a0e4e270d051a5942b433d0fba

SHA1
1e64fadd1abc2a281ebd751c83e2151fe53138dc

SHA256
142fdc85aaa92b68df11a11bde9363d9705768a3acdf17bf3334aefe8faed126

SHA512
add53786950c828c069a116e01d2863c8e43133145d36485710de49079d6787653a43a86bf41ccb7e412042fca6203df8eb2e8a5966a826716518a821f0a011a

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
116KB

MD5
ede7b70c0eb9b30180aa91cbc88fa341

SHA1
acf26e70bfe94d5327587737083c6f8fa9edb863

SHA256
374387afeb520c17d59b48564ece0a34987e4c5e046db7de3ccb876d319f0289

SHA512
491f9f65e3e92e43282257829259d90d6e74a7d220226e55779e8ad5ac0b52e37d091ea0c7021bd1cef87eefb0bb041fa0f7ba7f8cde4568779a324be87fa452

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
110KB

MD5
06618a59dc1732c858e2edf617ead7e9

SHA1
23c7b9c81716e48828ca0833c66e4477605af7cd

SHA256
c56f51942b25a2909cf1040e24a3245879b042cf58440813f55ef78a9b1ccbd1

SHA512
8b463b806cf836439f822d9c33e1eb0fbdd49ce15662a4609545bccb00a715bb46b4448dfa0926c96489d6716b0617dbbd3ebb5bf8925cb59fc7747a296ba8fd

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
110KB

MD5
679fb8abe79d50906b64c6471da919d9

SHA1
fe5f85da0015cb742d1be8c584b5a685d610d0fb

SHA256
859378831fd59b894bcb566bd61efa5cb417f7a51e41422db83818d6c217fcb7

SHA512
05b38a8c757c9c7e6923c893ecd29e6304cbb68c5a695fd191c74fdfa31876da4120cd09572ad6f13ee1f49a6b2373bd735c5bebc69a6aa90d554927048afa84

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
110KB

MD5
b6d49fa0ae5cacb4ca48c554c0c13370

SHA1
cdb4b33d5fc2c44078e0e729e555ab3c8794d68e

SHA256
48bb5806cb3e3b70276023b62f679ea4dbc235a3c757d58b62fa02a725821baf

SHA512
613f5e1c38acce6053af32252bdaec5d083b1736884cc2d18a093d9bcbb554ee52195394678f9bd2245c2881f3a96b0896d3e646c28de9f4b43e7491b15d47d8

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
110KB

MD5
ce11e52b0582f148d11928675fa2fe2a

SHA1
293c29bb85090a32aadbddb001ceca4baf068623

SHA256
fc5d51c0b7083cc14e12e2b1fcd4d7ecf2c5cb61851c0d24784d1c038600ada9

SHA512
c68be60c801334cdb1500c5c07eba35066ae429df548acc7ce6f51d831fe474a72ef059a902297e69d84eeee73a96ec3ed6a2bf4764944a327261de426c39837

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
114KB

MD5
ffd1df435ff73ce6c5b381dd8ba36151

SHA1
25049cc95eb6d1733eb990746a834902639c48cb

SHA256
42b17a6f2b8769ae837afd3af38f976f6fa7890fb688707213a5efc4d2556b16

SHA512
20231614881cd0db082a788ea34db81035b70b6414fd71998b242bcb7147d76956ff76f3efb513a4eb942a8b87781b94b30735dc938541d6fd8253990f21aed6

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
120KB

MD5
0c14a248e0dbfb897adab9855e028f9f

SHA1
a8ae8449e3191b9975b6f846f1c9b7a16b54a9a5

SHA256
e5025e6537bb5b381292714baf1d4ad414e117fd66c0fbd91be9a5a824f98498

SHA512
5e62a184d529464d32a1bb3804ad5e5d006eb6c3bf8e24f35b5c285996bb44dd49d262fff288a61641eccc6d5baeb9f129823e4f1dc573f174285c792fe57e55

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
110KB

MD5
d0755527ee0f29098919da00fcc998aa

SHA1
ef82e69c8d0b72014ab55413e20c451c2ec33e32

SHA256
0e782498320d98e45e33c1fad1a00118f10208db1501337571378fc2729dac7a

SHA512
5f89980d65b3bf9d7aab34c4442c84ee8e2913697d56082ed0f0e5985bb5ab6d07839d228e37bcd69d1a135a45f3e956771271d201bf858afd803e5de3261253

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
112KB

MD5
f904e7a076128cd7b7f1705606e05893

SHA1
372458862f3f4e17e8a26c93cbe6b944c8650f0e

SHA256
e1d7ce8c1178b0bb58c6d8390da621562988d6fe68a2991f4d4b53a33781b48d

SHA512
60d8c58b3243db929309d166b89befc7413ca8396ee4178f2507a006f136e77995b73a58f63e3cc4a62ce50a84b03cbe6c667f21ec73b32bfd64dab9bf785b28

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
114KB

MD5
a0c1c1adaf1bb6f08743ceb78c323681

SHA1
3a56a0d33e9ac8e9d65de1313154ca2b26514903

SHA256
7ff7f7f32c43c5a5799b3dbe6b5a2997f6e602c242dca055948860570331f449

SHA512
d6626cb6403dfd4464f96aaf7b0356211323b98ea6d3f5541f159354504664d2174cb3fb016b29b8341cd2bb1f8cbe5e4841313f152af026ebf2abd98667b1cf

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
113KB

MD5
a14f8a584f988ddab28f6122abfb1f27

SHA1
3693e1d3404001866657ac39ab2b4dc2b1a5e3f0

SHA256
d08ceb8a4599563b38dc095013a61b0b0e8acac302ad4d214bef4af1a270d144

SHA512
7e32d7944dc3099a5e943deaf84cae6b1758f53b89b8c99fc3ce1e987bbb764ad9af423fbff0d1765cbf7a5d58d7337226a29b611a1251eabeb43b75c7bccbd5

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
114KB

MD5
067fc64bd8c60f18fedf4213aa520b05

SHA1
4210f91f53a70f70eff770b7be354a1dcc0e8948

SHA256
c085b982d6487c82f1aa939830bd2c9ace2eaf83328b8bc40cf7857accc4152b

SHA512
a8a894481810f1f93570bf25180994d4c6dcf6188b1daeb3148468ee90b05b8b40a20854bb4a21748eb663d8e12ab85ed9c1fe32959282b7c8b1c27696808e66

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
102KB

MD5
66c3dec55429f9ad718886944752eba5

SHA1
50e000e73f3f0c49a3a3e55f7ef896c64cd31a25

SHA256
31f07f557f94856173fe20a3d8e54b2440f12990f773fc9e912f8257f05a6b30

SHA512
bde2313ecc10ce7ed96c14276954da6ba339108c9dbcefa3629320381989fedc8dfe8486993b6f5389d30875ddf2474b7de35419eb1310e174481ec1701236c6

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
111KB

MD5
d10fde2ff1e51a0e0e891983bc12e1a6

SHA1
870919caf0cfb592951f7445d7fe6441a4294704

SHA256
715802915e8784c8fa5bfbbe8d73177a2a67cd9a0d04346f820d4b417b7ed1d4

SHA512
e71486bbedbee2026bea1a2ceee240631156d6155c25ac1230897134828c0d0af4b6dbf59df3cd7d17227737456405b8672ab470ef2ac1e4c5259f5616f91f62

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
102KB

MD5
1610c89d0dec6641ac994faf83d6e547

SHA1
4e20cbea8049e1842ef5d0e71ff4445d07701760

SHA256
737ccf103bfebd183ca6b31b37b753086e93e025a1a9306a12d583c242af4d5e

SHA512
bd22be195ebc4bfa98e1a89c6002a7cf67c23e4fc1002f43e67682dea90a57b25ae0399cd58f2e9eda3bd2c85f7c93619ef9b0d1cd64a43f8cbf9ca064e6fafa

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
109KB

MD5
14e528e3bd89c84beb960c975e0f6969

SHA1
8b5d22f205e48330efaa5f44bf1f09421d092cbe

SHA256
f5472c977549f256b90577fa3f488bb200885436a3e73bfdf97b460c46a44075

SHA512
925b1a4a8db5032743d62b234ec84cfaf7ec51c95992d55349f1d0053e809daa6b31616c72a9012bdcc1aee5654ad5a546f06f36094dd7f6ec1f7876f89936a2

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
123KB

MD5
b80c0f935ace50ca656e0e58dec4070d

SHA1
098f6c0906eaf418e8fd00e80031f449665202a1

SHA256
ba5cdeeed7af3bb77326ae6c881a8f8256d92c6663e6b0ee24c8fc6cfdf5f961

SHA512
ade2d0ef8d0f3218c86ce3c1d7027b0940445a26723cb5ccf796c633fc6e69ee6d5ccbf6c5b769d9dca1330d759e852e9d9e6798dab2a056841cf07d6b6c0d12

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
112KB

MD5
4d018b3f5d527c34766a8e50e26123f7

SHA1
c7980deade43a6d1875d0618b1b90d7441022a6f

SHA256
53bb3a4c2ea140b5af6f9381e575cde977376eac65ae23d5417bcd31109de570

SHA512
9cbe75501c2a7c91947607ca1a4f25952102358db33effe1d390f7eaa214a5a14dab60d111dd31c07321ae300d7cf1600e45d8bf54fce8eb91c28c24981956bb

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
107KB

MD5
d0ddfc47911f7cd2b548fb3d7ec88f8e

SHA1
ceb879c052dde82dcf5208c5436eae35edc8c13f

SHA256
9bf308b0467ab99d0321b3bb800e28787b7ea011e9a24034b61f53248a652594

SHA512
531e06bd143557228eb8d12d7cba5b36265fd1b51c69b596ba49a78b9bd2bddb9e9e055276ea2f75a79f8f7373e87b893bc6dd9fae82e9ebab9657a6915e620c

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
108KB

MD5
edab665679818b08755ce4458ff51b49

SHA1
4780c49c861ac2aece63e44b4cf7579a0580aff4

SHA256
2c666c832ecde04b28e65359410c81a857dc6d4791c6087d2c21a9661a4fdd25

SHA512
dfc047c4b82438934a8fb2001bb245f64706ac945ed58cd6daf2848c99852748d82435e60e0fc9762cc2344908e60001824a1e577c1e1036c8f214ed5f9bfb2b

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
114KB

MD5
e98ae0014b75b770c2dab2280be24934

SHA1
b1a8583462363e7dc655239ff8ce20f0641bb4bd

SHA256
7c59169e7803d12e61c2a40041aeadf57a326179e7f4e358ba329912d7bbe77d

SHA512
10f2b89381d951e0559663404af60a6696db731a9835902f9c6ca42cd28f441bf8422447a99533b425422301c803c2e10a355ae78884adf9e29ebc390b61f36a

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
111KB

MD5
cbd41f372b8fe4fc45fa4fdc17e03132

SHA1
2af91f7e25167d28152c1f08b0b89de64dfc9ca1

SHA256
ef7d390d58f9675de7940bd7cf1e431011814fda027f30fa8871ca436cd76e7a

SHA512
16af148c1e9bd197e87d2a2cc2ac3371ca3f89f7f5486cf1b538278411c176a8b3b61cf53c7d5171cd88141fa2763a7816bd039b50e3bfffd89af4c49a091dc2

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
102KB

MD5
7d264d5f3bfe22b6c53e9744a4a78f08

SHA1
9e8c2ee95e9e1ab9886f009f1692a61f86daea7e

SHA256
d1e634b2beef0b1834b5a960f7682f7a6410d8ffadd2c22c9e8562ff75e51715

SHA512
604706e0d08d4a6280d230f5cba798d763082094e23a0730dab4b875a912de7fd0da2c6c5444cc33ce2353b24e9a323133d2e603025ada29e1830f9cd7f2f493

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp

Filesize
113KB

MD5
33b5d39690026f9f6f6956ae54ec22e5

SHA1
9dd489ef33cab31d83c80d95c4f9a665457bc600

SHA256
431e583690229349e6d4f9fe51dd5230baf9a309f5719492227b63997bc692f1

SHA512
174e5ed052035e2adb2a4989e36bbe0a1842e8961be71c87e177d1a962ae82a3a6ddef74100dcf77ca69f60ff0dd12d67c68064f070d860f36f41ba394d5a7ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe

Filesize
102KB

MD5
c9ed3b912a0b2a87a1cc7f81b5b95b11

SHA1
6412828690bd1b494c0108dd844cb08b5e3e3e28

SHA256
edc9e7812eb4b33924b41224d10280cef4bd95152257d620bafec91e20dc8e41

SHA512
ad1defa97779e1db60d2264789866f36aef7c2b3bf0363ab10576b4d92f6bb4f19d17405e558fbe3848e7ae1aab14d76e2a71442b629894efcc952e21ec5c212

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
101KB

MD5
5b6c1215c9ac33565efe216a909c2c82

SHA1
146f436ab296b2afc95ad2d62970003dc0709964

SHA256
44d4b1e96ff84a9d7472eedb89f4cc320b3f078349e16ac9338f0a72a09ab471

SHA512
1a552410a8ecab8fafe2df0aff79a32a950df352b5996021cbdcde118f6e4def4a400fbd69917bd8e82ccd06417367076fccaeb2df59282a636d11fde8c39907

Download Submit