7031fe4be47046c6a1245847e71e8a2411c0d1f6ba1ee63df8f4a0dfa2804702

Analysis

max time kernel
120s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 23:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8cda03b4d1cb1d2a941c16390b758530N.exe
Size

87KB
MD5

8cda03b4d1cb1d2a941c16390b758530
SHA1

989f7ec0e725b9621e22816dbfd755506bcc4650
SHA256

7031fe4be47046c6a1245847e71e8a2411c0d1f6ba1ee63df8f4a0dfa2804702
SHA512

b77022e951c969032d4af5e673e860171701920f89c6dec746b80f9f86441699c1987b5ca3e2a49a57e2cfd6919e16e754ce456bf9738f9f6ac3349f212523bb
SSDEEP

1536:W7ZppApyVyjVyfz7z37ZppApyVyjVyfz7zc:6pWpWX1pWpWXc

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4683) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
2712	Zombie.exe
4952	_desktop.ini.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	8cda03b4d1cb1d2a941c16390b758530N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	8cda03b4d1cb1d2a941c16390b758530N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ReachFramework.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Configuration.ConfigurationManager.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MINSBPROXY.DLL.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationUI.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_sv.properties.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8_RTL.mp4.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Design.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jfr.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tools.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClient.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Presentation.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Design.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationFramework.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-conio-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Extensions.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.AccessControl.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Permissions.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\lcms.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ko\msipc.dll.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Grayscale.xml.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHMAIN.DLL.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorrc.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationTypes.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Primitives.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\LICENSE.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.DataSetExtensions.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.Common.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\.version.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.Common.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.PerformanceCounter.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Default.dotx.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\mscss7cm_en.dub.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Primitives.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f14\FA000000014.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.Common.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Excel.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightItalic.ttf.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Inset.eftx.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\javaws.jar.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8cda03b4d1cb1d2a941c16390b758530N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_desktop.ini.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3568 wrote to memory of 2712	3568	8cda03b4d1cb1d2a941c16390b758530N.exe	85
PID 3568 wrote to memory of 2712	3568	8cda03b4d1cb1d2a941c16390b758530N.exe	85
PID 3568 wrote to memory of 2712	3568	8cda03b4d1cb1d2a941c16390b758530N.exe	85
PID 3568 wrote to memory of 4952	3568	8cda03b4d1cb1d2a941c16390b758530N.exe	84
PID 3568 wrote to memory of 4952	3568	8cda03b4d1cb1d2a941c16390b758530N.exe	84
PID 3568 wrote to memory of 4952	3568	8cda03b4d1cb1d2a941c16390b758530N.exe	84

C:\Users\Admin\AppData\Local\Temp\8cda03b4d1cb1d2a941c16390b758530N.exe
"C:\Users\Admin\AppData\Local\Temp\8cda03b4d1cb1d2a941c16390b758530N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3568
- C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
  "_desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4952
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2718105630-359604950-2820636825-1000\desktop.ini.exe.tmp

Filesize
88KB

MD5
89d35b8dbf7626ca00731fc3935e6e1d

SHA1
6ed4a41016ec2fce9ea49780c3718ae0ed94a2fe

SHA256
5d1918a49c48b875144a4bdeb865fb9fd761eb683aacaa5b19bd5505b3934e07

SHA512
f2d79416590984f071930fad563cb26c6e8b0ff1945e8c423cee54e6919253fa7e3ae90b751b57df852ea03069ad6e2a8be3e6b4c07d89bda80c03bfd8750093

Download Submit
C:\$Recycle.Bin\S-1-5-21-2718105630-359604950-2820636825-1000\desktop.ini.tmp

Filesize
44KB

MD5
ea5476df61da331bd49d937735d17b1b

SHA1
0a14e4efca345300752d8ec3228fa282c61b7049

SHA256
9ab6aaf705e1891c5b9671339627bbd464ca9566c15f4e80da9761fbcc4b78ef

SHA512
d6ca4448db15e66993a513c24361110580ee44438df90b243b1e3a82270dded56485acd958e44a6f2ab095664b43149ab26aca58e3e08b65c19d49f282d27129

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
156KB

MD5
e8ab7a47b1c8c04e3506977f078c13ef

SHA1
ed8f442b79e596264add96737115fdbd03c48c3e

SHA256
a604dae90a7e32e5750e119c15e82b76e12c25640003bc4ab61b7aedd164511f

SHA512
f0a340e70a5303edac1a9ce425d93887076b35c5aea415ba2fb1e6078f1109aab7bc48bf4d06a90ffe09e67d204aeb7a63e9b6d4edb854c367de019a4eef838e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
143KB

MD5
03e5f4323d50c5198d559d31c05f37db

SHA1
9e393e0a51355a6b8979be43404b15a4f2ba4abb

SHA256
384db8d875dc8a93466769194c5e78419fe3ab57a57da39a7ea5babb37aa9c53

SHA512
31f2cbfe64809b2bcf7a22d1397cd17ae2fd08cdf594a277187f483d83f2b04fdec1dacdc57749598236aa0db4aa02813e2996bcac83d19d5ab04d4967dac5e5

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
0d15511f455956c0d785a28a77f50d02

SHA1
7a227b2d0db2b0a0abc319d42637cabd77bff187

SHA256
0f54d07acf3e6292c12a0af8f1658630ce542cc0fcf7ceed257d487afc573029

SHA512
3c287039e9a3b29c4b8049ead9a589b4359c4037bd34fa0a7d7c008725d7d0d2affa4e143755d8b2de1f5ac846a121a67dd5a82b276fc2e747dc7308faf9c79d

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
588KB

MD5
b5aea8038620a49bd86751ff2b2d930f

SHA1
cf1f887e9efca42e898b4c72816d9198e2e705c5

SHA256
964f34a6b79e4c52d5d24a6526b059ebcf7e02ef0f2126fe81267823315a5528

SHA512
768676ba02cde17646772a4042daae32cd201c1e46747b52402ada561ffa9c51d2ef77c6b2d8e1804184d0dde10574e3dd2cda4d5acd1fc0ecca88324d62c52e

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
253KB

MD5
d21d6561ed7107c0e2dd46bacc07610d

SHA1
bb4bfe9594e23976a0a0bfc08e41c0c44f527d3a

SHA256
a3c413b1c32b5e6275659839d263d13d1a5f7136cc166af9f53abfecd271d073

SHA512
44649c15efbcbe880bf9ed69765305ddc6f856ef5e1b028275c0f84a55de5ab2c484753c3f93028257c06cf4561918fcf797990d0873f3561f0ebf0774313a96

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
232KB

MD5
e3cce90f98a03125a632cc1ecb373be3

SHA1
6bc21bc0471d5a0bf4f052a9fbcb5206ab788ed2

SHA256
741755f69d4319c9486013dbaceb744e2d53ef7490b6dffae788f2b8350748ab

SHA512
5cbcaa83bd975f49158ace6081c5f61daf8b91c235e05a2fdfcd5963505a158bdb6cd9e681f59cc1c06e16a43c9aebc6afcccff798d815fd640f7cc4fc840efc

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
974KB

MD5
1b931894d3fed7ebd50774e5a5674bd4

SHA1
20206620b47c47ddd807cc15a5f1bc86e76887d4

SHA256
b343bbddb35773e591c7e1656820c0966c78ce9d489af3db661bf2d03a4a6159

SHA512
3920a56334b46723ba84e8396996abc35c05580cd949dafef4dbdb251ee9c472ab4f78b344872a083ec1c60de3e57192721657c2bee5bd2be9fa8dd981c7b5e5

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
974KB

MD5
5758b265e9a0f080a12b1aa00737edc8

SHA1
7329bbe5e46023d1df5eb224fc9c0f73d73dcf09

SHA256
5811155870be5f0e526c967e2e222d875204c9963d28e7b126b00ba823e224c2

SHA512
6cf55bbe51f2f8e10228aa4a48f12d6240ff97fee825a8580e3fafbc19bbf4491fd80228ecb43921f83b17c79a6c96b9a4bbbae419cf68a8b04d0a866eca6109

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
727KB

MD5
70d2ae6c3c8dd12c599be46ab6af73f1

SHA1
d32776469d5a038a4996adc9b2f9c90285c3fb4c

SHA256
92ff15d004e07805e821ed23f47f8488527f5aa94e73362e21d998b67d6669d7

SHA512
fa90adb0414f4090ff52bea54984903a8f4588136988e6fd45076be09f32a21c612d4cdc8a83d1153c99958821924da0b186cd41658d605ecdf602169d3b6958

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
100KB

MD5
0bf1a2f531b2c7e4ec273e3041480949

SHA1
24fcd5a9b4f09eced38f911deec704aa325e29a2

SHA256
d73fb4b07646025eb1f8e6a91daf9cf38e57d623ee72ac7d628e9bf95b8f65df

SHA512
93c5503ab323a7a320f5042deb58ebf6c625c733a334de144bfab075fad36167d207d1bca4ee1ba6c64783069a9528e38ef3444e36b92b1eeae70e5f01cd9343

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
56KB

MD5
359427f38d4fcf6a0516e835ec9aada1

SHA1
b4545ed6387f128c97f0bac8ac5dc036b35679ce

SHA256
8cfca4ff80dda8e63f7653dd3d72585ac48c31041189c4d4ff2f17f1a130a5fd

SHA512
760e8b1b4dc85d8a60e09fd0df846544ba0b1fe7f3d169a5e6d3d2feb709679081474cca632fac30ea3c005f3f4113a2be1e648f1d0fad25ebdcfad5d6e58b2f

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
53KB

MD5
6fe9dfed606b6d4dc3be363f6297516e

SHA1
9f5050f50355aaa012e7aaff3f24518bdc6c912b

SHA256
c5670fa392a6bbf67a1d20ce9584ce67efbc8631fb93e6a10c4ab34befce6844

SHA512
1f1ed923322db65597f4732456d6016547b7942ca67272923e9c03ff0f4e0bba54e7d836d147ca64980c5fbebcd24f05ea9fbef62d3e65ff56d424fe3f388d68

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
55KB

MD5
034f3aa41f833e3e17f998fd84414e9a

SHA1
42ab3fb51c9b5729052abe4142cdad4d1fe39b21

SHA256
009b86a1802f6aaf6cd941624cf48cd9adef3a9c0aa1056261a7e21ecb54eb6c

SHA512
33a8d1ea3c200e0407813730cd4403a56a55c84a40e3e018bf261529118cfca73197c2aa6ab1c26ec03c53123adfddc01b70cf42dd97d427a3a6ea720814d7bc

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
57KB

MD5
323cd0243861f9e1ba555a017f42356b

SHA1
243ae69d9fd4d6c4ec1acfe22e52191eec88ecb7

SHA256
57abd3663ea075243e3ae54888a0b39b3701db1a6dfb47653ed2e6a4ba5c0a4c

SHA512
16ebd69f9ca479a6810783c650029add82c54e12c0d4b1652fdae9b2017ca0acca3ad5498d948a64e1d50260d6ab86c0cb18ab69360554101b49480fc03c6560

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
58KB

MD5
d512518d7d461c2f06e1daeb7df34160

SHA1
09138134d50b71250836b2389b1201ee3063e0ca

SHA256
46a71cd120c76b44d300fa44324d8bf7c60d04cd235da15215f7554d9b12ac1a

SHA512
8ec548f7180d92e30bdb028a40cc82e5a745d1a3ba464de154a37f4b264dc2fcc89406f58d2206125fb3a03c52630dbaa604a8a6051cc01c6edb22778148a14f

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
48KB

MD5
60c0cbfa2b69ecbb0ca7cfaa62be88ab

SHA1
1fe0867127e1d9376ccb5c07c237a6ed7f9ced9b

SHA256
028c3f48e137fc003340df0003b2c631439ff0e8c685a84adfebeffcead7d8e9

SHA512
5c3d9c25668cfe62d3223ad0aabecbc7c1c8fe8272f6b341472d13bcfd4a67afbc004f16d00e0f8ac8f57b6a941223a61123f2d7d5e2d6c6f2e76adb1a1a0f30

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
52KB

MD5
abc687e008a79a0335a0dd1a74f63210

SHA1
afba9a68482938bbeb9ec4732979b54c2f35e251

SHA256
4c6c3fe95004812c0fa9522e3b3114a22085a940d0a65e26ccd6dade5f15c0f9

SHA512
071c500f969358d6196ea2191e1f273fb99123482388e4c14a60741aab4546e8b06519b38a4c04f9f52a0fd4a69f5c80bba2a28f0a10c85157e9c38cb2d1fa69

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
54KB

MD5
52927e3815a1671d774cf90ce26c1633

SHA1
01ff28e0c57352160e56473e503380a1a7335aa9

SHA256
c6cee1ebb63aa9576d8696a701222a7431cd5737346724c5cea475ff8b525e25

SHA512
da75225cadfeae8a99d7591291073ee9935a2a701bbf87985ba4a104f35b186a5d6aa978804d242dbb41be7e89b6eacb21f6aa109a7feb28fdbd55fa84cb7e3a

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
53KB

MD5
11bdf0dbf5274a422044e62448790b60

SHA1
b9184d78d020a13e6affcc32df662ec79e52bffb

SHA256
86aacd437370abbdb5631f755d757e210b8f11bcb4c9f788666d7bc0a9e9540e

SHA512
dd11d0795657a8bc7a16a3f604d68101c280069e1d5608f7986c302893c4747d658819e2475dfaadc2b06b0b04b184ab40b2f8d5a6724b6196c79cafc960db72

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
49KB

MD5
193821948960b02703eea7e75534b798

SHA1
c835dae30ab5ba2f02ba1c9457585f5e6932c386

SHA256
44488802c9e2aaf665a6be47c1263e80871018396a2a8706fb310f8188cdf216

SHA512
0c3eaff139ec0c16e393e1d07f27ded95468386524f5d7c99d720c1f3ad60443d8de944f4628e79c8e442e1abf8462543174dcb39fedd769dea642982666db30

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
52KB

MD5
6b8fb8cef28007267e5a7443de1dfb8e

SHA1
c2b6a755101d0830f2f05b10f59252c7d9c281e9

SHA256
9629887161f8bfcbf5862ae38a2df31ad9317bc43bb847cb327302bfae3216f7

SHA512
55fa9fee619c444710622c51f2cb455bf13bec2204cd108e80b0ec933daea10cddefacf7462f7b3ecf21061faf257c06acdfbaa1d5c60ecd4014ca30f4411075

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
53KB

MD5
864366f896b140f065da75b555f9ad37

SHA1
92f8c6bf8359df7b6325ce25899c37e27a244d23

SHA256
e2202ab28f7f2bc55608f4dfacfc2ae714637b5bf3ad9389f296ef5055800702

SHA512
cf682540ba03204957051c21eb0f64aaa2c6f4ec602f718f76d5dd4a0c1f4cc441cac647d8eb2db498e33d02950bae73c4d4787372312f5268bc14d793bee940

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
51KB

MD5
1fbcef7261563f659dbe7ae893afe2bf

SHA1
47e601c157e03f6aff08b1cd69dddeb786b4fb4d

SHA256
8cccb0c26313d10ec22d783a923c983452e0101b703e951394129f905514707f

SHA512
7851ec2ba00c2e363cd03faeeb06b0930d6f8027a65bc97260d4359b190258013d160e61fb15f92a9dff214750b6b2857ad4168914f7a847415973bf920753c0

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
49KB

MD5
8b2233f68f5e5556f4e3d6b528676b1b

SHA1
9c30236fdcd2d3dba754353bb3094c045a987e7b

SHA256
5d60d415c27c9068f41fae056d4741584b1f8606d52cdc27d2701422a6194be8

SHA512
c77b4f9e4328f6e7e05c8d631cdd956cbd66f227ad5755ccea854da0a2eba18426706f905e7bf1e0c71d8c428cf1b338847c380849cf5776b1e15707fa1963d1

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
53KB

MD5
648a6c6bc1e8bfb4bb2d670f7589041a

SHA1
30b6a17b3af6864896447903f1dda6327d43c5f1

SHA256
8c0e782ba59e929bba1ef96e0b47bed1b48b79ad7fcc53473f748d21c0dd63a4

SHA512
d20a4b23ad0a5ee0f21e739935a714c628cabc3af9c5b2188141cdc4cea383cc2bddbbdb8b8ce78e5e1b598eecff9f2a3718bcd8cb0b60b018164006b373c584

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
50KB

MD5
205fb847d0289b0a25844b7709255143

SHA1
cd983319996a650ff54f2502a165752c1fa9fafb

SHA256
f12dc2d279c364204aa04ce38fc6b69e47a6c11c4ad76e8a69cf454c5c926d37

SHA512
f8f0a1d33961520675a24becf3779a28d118cca4fa861b28f16cea6d57522875cecdd3908af2dedbc31aacd2883dfa11dfd40c4ded038d6ee12798cd5a418a99

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
52KB

MD5
a50cda21ed520f51193b34d2f8622b63

SHA1
65a195163a5bf0025aa773047664e5d8aea27dad

SHA256
536d379b90dfaf6b3c9765f29299c22f8c85fe34071d58922ee878a5b57e160b

SHA512
163ee9178bae6c9b2d2f4acd3b7571d9bd190593440b628b651157c5bf337583fcf198287e622b4837ce93ac8a717b5f39b0b16a65b64c5884e00420abc947e4

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
49KB

MD5
172586bdf320d9e34cc5e3c8d3c5af4c

SHA1
a4f59d7c4ca72ede884141fd151f4958f2ca2d05

SHA256
9f081f1e8e70b4ac012dec348ef2c76ac41a06b27ab988f020d88f527c18aa24

SHA512
d21469ee07bf9320a3dea926d0dd4e5cc556a8752047b239c90fb4c6dea69a54dc8fca422f86ea057283f6d58e3f69349387aa5d63ffc92909dc64d2bb71479e

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
51KB

MD5
e0825eeaeda3eb6f8feb81e705c191e7

SHA1
378a9851635b7af795da795720743a598d3bf095

SHA256
38b1e94a7788b67b2aa56a4be4276a16dbc6361469121253bee9b63289d5bbb9

SHA512
ff28e68738ab7831d5435733d50d5fbae94de70b9f6cb6a82360c2c20a843e81571608c7193db770eb6b23169cbdabdca600a7ca4061b58d208c1fda57a2be9b

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
53KB

MD5
21748df5ac35302c2d0a3c26311d95bb

SHA1
d4a06aa48491932414142568daaf691704b06fd2

SHA256
327370a2175575f7d04fad547b036a308296476016e01ef4412d2ac81232d083

SHA512
d78fad894be0ae88e5a97060628969dd831d202f3f1d7a92b2c9dd0fff6833a27db2a7a3fd13025a76cb0730c6f83454c2ff7f9b34700408b315357d3d832432

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
61KB

MD5
05ea5cda9aa3b6fba7b575158ad4ba33

SHA1
499ee25156d2ea5f873f953e86876cdf4e6ec550

SHA256
ed29dece96634c4dcb7ec487a16262717c873d851c37c4a8ed845ef19763e1eb

SHA512
8670016a8f998baa6d66f520526806ac80fadb3e58076c7931848e5ddb878951f5005c1e460d98806b60f8942676354679139ddbd89cb5359654214a21bac616

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
61KB

MD5
c586848eb5ebb14b110959c456de8723

SHA1
05b650cef61f11da5a9a0d035ef3ac905f27d2bd

SHA256
19e469579562e5f70beac5715ac477cb764f3c7bf0cbecc1f25bfd9d7a9754c4

SHA512
703691576d9a02fcac94f9cbc5b2dfbdfcdf35dff459edce0f9c289e8ae9a2abb7438281ae35cdfeb3390aebb70c67377919b2c294ef88200726d53ce8c06a12

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
52KB

MD5
138221eac69b14639cfbcb752fdfeda6

SHA1
149ce082fcfd4b531e647a1c52081c6b80961298

SHA256
8d33761a05b72cba298362f9f2d7a6c3502238ca9fcd7ef0eef3b309d1945ab3

SHA512
37af16c310ff578918e80077a2f56e73daeccf7ed69b944cc26ccd6b7517703b6c79dbdbc1a4d03efdbc5b2a86f2f92bf60ceb2eff34bb91c7dc5e3545fc8e13

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
53KB

MD5
665b3f11efc030e31ea11abafa5f2cf3

SHA1
169f5ac13bbe5f82f270613ef2c7b8ccaf42818d

SHA256
b73ef3a1d96ff9498d34d342ac01382ae5422e91eabae32a740ff02589ba458a

SHA512
3334d96fd8739c0698b085ceec4e1472b8a2f68ec5eecd48d1d6dd142e8a4297b997b78ff5eabd8fd1d0a454b678679c2db63f79f56b77760588aa26242ad69f

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
57KB

MD5
85a2f61d7a5bacd05a9109da30df1384

SHA1
42ed4fe8633af893e255485adee0bad44d283aee

SHA256
4cb4a67d27cfdf2c342778972b009cf021dcbc3aa60e763a36c61266d4c9d2fc

SHA512
97637dfcf4a5d528a1be245b36f2f66074e0869144a5d4888d313a66233a0bc421aa103a2f44fb5ea0fcd55f0b6ec51302756ce0a6c7c06d56b2d796d62b8f3d

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
52KB

MD5
90f308c536708fdde69f80d545d5faaa

SHA1
37b87feb84bc44774cac941702a32e7241fe85b1

SHA256
5a81beb7797a45395bbac0bfe66fb73959cd9a04ed1f342cda6f2428474c3628

SHA512
1038d7c3ca1892850e94951e5bef7645680a4e09caa323bcea2818b1e2f28518370c9c854a6db5a2b2dfc2c11798a9b5dddb8778489c16a4522953bf4615e7e2

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
53KB

MD5
20e1ca119e7bf1df1059c49c784702f5

SHA1
7dbb7c330e9a538f02b9d1a20613e851819d8fb1

SHA256
5490e916036dcea78b94a345e105e83ee4ac67075efea19fac3275a9e88dce8c

SHA512
0a5876b1d8d7cf2d5a204bda7737b751a3d59935d84f412e55005a3b6c549b0e4bdfdcbf26530b14ce95930faa7ea00f1fe213def224b61e11a671ef6e1b7706

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
54KB

MD5
7f032dcb4126594b91aa1005a6ea7328

SHA1
c8f9b50b25011385caa64674e9382c381649705c

SHA256
95d260cf643ca802c69adc848861be6cdcc553bc742f44c1749eb8a2a118fc16

SHA512
5e8ec6df749660fe3ec19671411014ab9329de7383eabfbc259cecf03fc4bc17b736b656c53ca53e55d786c9d10f75e229b96ac20e1c706c6bcadc410e2f0eb3

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
53KB

MD5
52aefc308178c849e99c4b9de30b4c7b

SHA1
f689a7a504c7957b19e4a2fe6aa36a4ec4130809

SHA256
0a8beb3a20da86ee9051d8d0b787f5b07f14d5e3de47e515ff12aa240e1d3670

SHA512
06dce1248812324fb136b82a9038fb7f52393e72f53403ae69518fa64331a705036cf541286520fbc17ab9ecd9eb0cec55c574038b8c401f51d295618ef2fab7

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
56KB

MD5
c4d8241b24b798309e87c7c629f75140

SHA1
9ee1a966b8a0876aa7bb45c9561ef64f7ab8d8e9

SHA256
89ce1df01464823734b5fcd08c46166aaef08826e8bfe6962ca3af1b583c8941

SHA512
2942af0f7a80c929afbfa02055904bfc739f042f2bc60ede2484f3dfa88d976ea2d579beab342327cd4a744a1aec8718c6fccc463c8f8047eea8616653305bdb

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
56KB

MD5
0cfce69df5db7f15fcce49995f6693ee

SHA1
d70e98806ea948339581267461ef898d2bfc18bd

SHA256
8d2757bda4d636a19beaab76c4afe2e705ae9225eb50d9287e3ba79a672308a6

SHA512
f4974df554e258978ae7608205ab8292b6d1ec52ef2c89ebdcf71139629caec72522b0cb426963b38c6d922e3065e9fd426ab241b05d72ad9e4c4e61fd413f87

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
51KB

MD5
bfcf326c38620c4b3fda83674e015fb7

SHA1
9333fc0d8a5c4d588e24dd3f59af99da715431c9

SHA256
17cfee707a12fee05fb3cb8d2a888c12089935d44105c5e0cec7fdd7521883a7

SHA512
f047362146a2838b826bb1cf21e83dcc5a6718ae9dc74a95473dfe140ebe6404d39713d5b02d376fbe9a214adadd0f1b80b0a4ed0ead458601935bd16f3001df

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
53KB

MD5
365cef5e100966e6d75023f8899aace9

SHA1
cb0738680062c4483ef92150f85ad53afb7e42b5

SHA256
a1a26366acdaab39172cdd37eb9e4ac97d0b720d043ab5b280fdbd8a043401df

SHA512
05a6a400a51478ffac82da7d67ac9446fb35f52603d740b3481d9e3b79447fd59521a052822aa2e0e4e0e7acfe65ab65767aaa7341b007ad32affcdd9e3465b3

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
49KB

MD5
6bb2f378662ac28c418f936660e3c0af

SHA1
189edf45fa7446c7dcf592d9adfd7cd0704610f4

SHA256
33f1155c4f8e406b06a6d23cd68ac0b9110cc2bcfa00eb681a366a63d2d476f6

SHA512
8a21056c8ec27aad794f6a28cc8feff601f2c9ff92a0c207978315884b7697146c338156572f12ad36479319228a3b2ea715a1b7dec7c018e7e5d2d33f2ea456

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
52KB

MD5
df4d0261aa019fcf700a36df12578d07

SHA1
f430c678fc22ed6311ea5894ea55333e26cac23b

SHA256
e8bf8aefb98af7633790a3d09eb66dd02b2ff81e6eea533a382e7140919f5a0d

SHA512
73df1d200351a2f6aeacf2841fb144fcec6fb3032e46a9180d5b4210e84dd8e84861625cbc34cf4626a4d0b386a8ed852796fc56d2ced94ac1bf3bb33fda258c

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
63KB

MD5
9c32625238d984ad344bdb6481a18a86

SHA1
7baec1a7aaba337251abb694c9f12074694b6a30

SHA256
7542b7f6d14812d8ee47c7e3244cf1b02521d48340ae89bac52221afaf5d477f

SHA512
4537c0c70dd9b03a215be8dd77532b263f6c0ee8826847f99744f0743903fbc1187fab01e86f6fc5ea3cec95a38c9b4a613c3e69d67bb870dc354f19e9da9179

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
63KB

MD5
53f60584f71a49e320f913ec7c60e988

SHA1
4a26baf9f66e196aa127da2f8e4ed96fc8945f85

SHA256
323b6faa8eabd62738acee0e5908dad8cb6393f47313eb3a11f9174d858e52cd

SHA512
b4ce5203457a127599a2508467a51761d1467a3f3e6d3ebe5fa786c6a6d67a7e0753bf17ed1dbd44c3ff95b4046393919b675d7eb5599369b17891eca17dfce3

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
65KB

MD5
1149bfff2dff87455b99975e45cc1a62

SHA1
dbca42a4ebf22b31329e75acf64dc8c905fe8c79

SHA256
7a7e4217529dc000345d80b9095aba1e4273601c1af589795e6ea11944830e95

SHA512
12b7cbcced5d0edd3962922f3d9c00597fbec682496b4503e73d1c79cb107423a4631e4f5f4e379fbb4282ac251523be0bf19d6f6442dbf4a018cec133db1382

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
54KB

MD5
d348204e499d4cbe44422783e15bd54a

SHA1
901e218a70bc3aeb1a02500afe6235f0d253336e

SHA256
cfbda60c57920388ddf6f888f4fa7ad2d896cc31f40ccbcd4b07030a75c86d2d

SHA512
da22424951a0998aaf59782e344833c37a693d36c4e5fba077b669eb59abadfe08f0f0223b393595b3fb6fe39336297b38b3d5b3858f2ebc9cf3a66391c43793

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
49KB

MD5
6ba6503a66af06af23ab21c9a1329973

SHA1
f38326ddd630f9974b2ab3f99fe7ae8646c85d3e

SHA256
7c8c3064a30a44da81295fe8d91f6ff30d5ad4db91efee4fda5011c7ed15f055

SHA512
69771a3854804a9df0b866fff6eb893679e099c3a701d2f31481da7acf742c6d9bb4bbb9c67310d5ada4e646245120e78b66402125df57fddf660a18c954917c

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
44KB

MD5
81e2448a593b9a25c53562eb94ebea03

SHA1
28013507c73ac9595827988f5ebe3a6fb2ca5690

SHA256
ec1df089acb7995938a864d553fe07069c8f2799d62c5620c8dad0c300608ab0

SHA512
808617b9da94007d97fb5d5c73d3803baea16d64f8ccf9bc8ca9645433b6fd6345299523db29633ab78835590a71a36ca1772761e78dfe182dd66a42eda26bbc

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
58KB

MD5
566c8061d8c67147538e36a3ecd65989

SHA1
b9bdbf058159b51571edbd518d011270adf2f6de

SHA256
aa51f0fdff56dbbbab86b0ca8195c56e21bd7ed6762bbf917d9cbdc079fa79a9

SHA512
ae375c8c68babe00ecb153524ef599b2e43ae9f9ceded82c7fb20e51b9aba5555f5af9dd76641a73e9c76ca3042a54b899862a2bcb3fea7e051c650f18a0f305

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
58KB

MD5
8105792f0db5fea05afc55463b6c011e

SHA1
c05f738cf39a47dd7fda76ab6dc036610fdf3daa

SHA256
05ec8e5ee5386fb9e6e98637751c284352fb2e870264c456b7d80c43bc8a764f

SHA512
9bb57480109d6afd11e84c20091b6706832d1d2c5021fb57f8a093632c8934e3164a1eec647c40dee1d724da3b1e5479d1fbdbfd142a94e27233330363217a51

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-pl.xrm-ms.tmp

Filesize
55KB

MD5
29874a27a102217093ffac83e0afe7d0

SHA1
9b6c37f0eaaaaa2121fddcdf335246a5808e7584

SHA256
52667cc8b3491db6c3e1f20d4c6691a34ecdf8b40b8c789ce070144b5c59edda

SHA512
bc4634251b83db9d060667e39d538da97662811e09dc13de46920429bff441c46853b874d63422b8f14b2f628da8b7b50a4f5536ec806d254f775fddee04ba45

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

Filesize
43KB

MD5
1fa25c6af5b6787b88031f47ab33b900

SHA1
b8d2fc73bcd25fda714d14dc898a1b130728428c

SHA256
03351b056bb3e9c22a76a45c371e7be867d632e63f1f01c04ae30037f05fb879

SHA512
888e6e7d4b11453c0484e9a8b38282d8c8ae20d27f96ecea0e79f678894bbc5ad228b982cbb8779ed11881156a5f812dde876414da85df8a3144a1fe7766fc27

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
44KB

MD5
440da6afa6e104d13948e4d9116abe17

SHA1
c98c49e10e18061ba93351784aaf4c7596f4cb58

SHA256
3724963ec7d20e2655c74fb5fb3e4f97365db26c4952549dc714406c517c6203

SHA512
8e1672bbb0b1f8abbc05c9730038b7a1c32cd92828e6fb955d0f7b2183250ef75fbd6b297091289a0e98a0434711fcc7d68c29ac9deffc2fbedba2df2f685888

Download Submit