4516ccb0b8eab8918ebe09e9b8f49797c99aeef0e1d19b4ac57ab8e76bf6b610

Analysis

max time kernel
119s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18/08/2024, 23:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20e18d6566585466578d00dd3091adf0N.exe
Size

91KB
MD5

20e18d6566585466578d00dd3091adf0
SHA1

311f83fd1438e4778a5919fe09c32069126c4da8
SHA256

4516ccb0b8eab8918ebe09e9b8f49797c99aeef0e1d19b4ac57ab8e76bf6b610
SHA512

77661bf2603075058684cdd822b517d8067ef8bc9d83d7d922a0a8a90e7fed56132e17601da0bd3cf13c978b9c6c17135c011a414c37624fbe9e8dc95bd94309
SSDEEP

1536:W7ZppApBULcfpHLcfpyDoAW7ZppApBULcfpHLcfpyDoAi:6pWpBwchcwDgpWpBwchcwDM

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4659) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
3804	_desktop.ini.exe
3964	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	20e18d6566585466578d00dd3091adf0N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	20e18d6566585466578d00dd3091adf0N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsBase.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationFramework.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Native.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsBase.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\bin\keytool.exe.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_TW.properties.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-pl.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sv\msipc.dll.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClient.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cryptix.md.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_CN.properties.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Writer.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\javaws.exe.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\offsym.ttf.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlDocument.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-pl.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\jfxrt.jar.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_es.properties.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.deps.json.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationCore.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ONINTL.DLL.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.UnmanagedMemoryStream.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-180.png.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\SUCTION.WAV.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\npjp2.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\resource.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Security.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Luna.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\bin\sspi_bridge.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordbi.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.RegularExpressions.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\da.pak.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\tracedefinition130.xml.tmp	_desktop.ini.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	20e18d6566585466578d00dd3091adf0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_desktop.ini.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1476 wrote to memory of 3964	1476	20e18d6566585466578d00dd3091adf0N.exe	91
PID 1476 wrote to memory of 3804	1476	20e18d6566585466578d00dd3091adf0N.exe	92
PID 1476 wrote to memory of 3804	1476	20e18d6566585466578d00dd3091adf0N.exe	92
PID 1476 wrote to memory of 3804	1476	20e18d6566585466578d00dd3091adf0N.exe	92
PID 1476 wrote to memory of 3964	1476	20e18d6566585466578d00dd3091adf0N.exe	91
PID 1476 wrote to memory of 3964	1476	20e18d6566585466578d00dd3091adf0N.exe	91

C:\Users\Admin\AppData\Local\Temp\20e18d6566585466578d00dd3091adf0N.exe
"C:\Users\Admin\AppData\Local\Temp\20e18d6566585466578d00dd3091adf0N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1476
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3964
- C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
  "_desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4388,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=3892 /prefetch:8
1⤵
PID:4304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2170637797-568393320-3232933035-1000\desktop.ini.tmp

Filesize
47KB

MD5
b7570e7b9cc15f0d43db025c9e40be81

SHA1
4e33ab45c491729a02ca285b33e975ed69be084f

SHA256
2bdcd7d76a5cae639b18ea393a542fb32836bf232cc9d9a547d559e5fb554342

SHA512
c234ec52b44879912f07ce0d92ee0f3332e4238390c80d43a8643095b376057c05b60887763e5d4a946854ff9e8526b2b6e8c580ad4d7bd562cacdb66d230d3e

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
159KB

MD5
38783e66ef55eda5577b55831aab6e36

SHA1
57877426fb07f7ec69607be22c08c89768d3b4ea

SHA256
20fa92a7e4f5bb6176b525153a9de6a21276984ac1de3c3bb88f8c6e99c486ab

SHA512
c2cae815c2ce2692479dfdaacda9234aae317ee63fd6ec6fe468adca28fa01339dbfb632a5409ba3986f6ed1e4545a7c75aff18bc02eae6f0a1fa863a47ac080

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
146KB

MD5
6aea1b27c23cbeb968b23fa6912ca9b0

SHA1
e9afa9d94dc03401de374b9c95d781e531362ae2

SHA256
31345b8322825f64245762f8b55bbd8fafee767dc421b095d2b8c461ca9b35b1

SHA512
38fe71612f15562fd52621a42a55cffd522ee21d73a013383abb78ca5afa4ed194cd3bac012c1ee6e29aa279661d977fed83c2dd537cdec588681cfa0a7ba84b

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
112KB

MD5
39403674d802f0756b41c83372a5759e

SHA1
3afd1320b7ca86340936a4c0e7f2378df410740b

SHA256
ee3d0b5b4b97a4a602ee4c7164de676a2c7bb27a4e4cd04db2babe0d3b08cbaf

SHA512
2a74bcb7e7cb9dc0fdedc28b9151a44ded757f8219e8a62593f44e8b13f545f5d5f7bf908db2a82f7e89cd0053ff8a2d145c868a31cbe806216f089281350433

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
509cbea402dac6756b942625a061c0ac

SHA1
1b2d3c3f319c63ebc894c494c84d11f953b504e1

SHA256
758cd174a557229c9113b81233655f446b9cc8e22c942e148a6de78cd9cc98e1

SHA512
4349f34676b3773c73e54ce0fca277b1e0f0c90a604523407f7b878822a49f99462571e87ebbc19fc757e4e0bdcda127552f7df489e401962a30a840bde2c21c

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
591KB

MD5
3e8b417c4074069d13c451672464cc9a

SHA1
11a826102922476330e8b05e220812d209999cf0

SHA256
390e8fed21599ed14998da7100f521b66c1d1b8f827f8c004159e2ade69d94a4

SHA512
6f5ce16169d72f538cf74db53617807b66934c7cadab89f0a0e929622e6f627f02178079c810098f7b14417e7e9de4af2a2f2894ddf73eced3295e73e07f400b

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
235KB

MD5
a47936f0ef649b0e5e4ed1be78a01de4

SHA1
9c25ff3da28a7412bd5378ea7e42e05eaa031383

SHA256
8fec7c76ad85e0f0fceac5023b6198b25855cc61e39771a4bab2256fdb8a1e21

SHA512
b0a4f6f51c859d46701449f18d7a6bf75d8e585a1c6c2a6e79bc6bdfefb9eb347a72e391902dabaa639a711157443a2dfce10f9937709aaa88fcaecf3d66a38f

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
731KB

MD5
4bb2ec6dd555a9c47b5d12d234b03e7e

SHA1
e328e824953bdc6c025300eaf7bbfbe42aa3547b

SHA256
1049c2c4774b3f22368e1787bb510bf4a94152da9f8218971f24bd8373f506de

SHA512
5c8875d98bf8fe0b11cc2691067403e1f29e4ef2563970d9a341706cb6057f1ef2b7a06cf511f36ceb55cc50337c0cf0378412189a52eb1980680aa42f98448f

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
103KB

MD5
02d8536a44efdfd2671c1c71a46cd6ef

SHA1
3d178a5ec4ef61138471a5e44b92b22117cce726

SHA256
78be66c72bca94d8a54a384099abf490e039cd73213e85553b608198440fde67

SHA512
62685274fd4076418eb865cd05f67b58c0f00c6f11f1b337a1d22469fc8092eb43ad81e983a4c3976c3f14a9ba3fee2ce6325b33940fe17eeb626c83ec648d91

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
56KB

MD5
27180dacb99d7d7e8eff12a55873e634

SHA1
4480ed52e4e5db38a5d9d51882750a9ad2427f30

SHA256
6528fb1894f06be8456a37569c27ef11a2de4ef1c78a7c53c7f4b1d12f43554f

SHA512
794402e9b2fcd453f9350b15b3cfcb0402d8781dafe83ca34c0f98bba663bcb26386647bb66b73fcc923d94e254d0aabad90a8b40fc88d59eef6b44b0d5429a4

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
54KB

MD5
334df09e7e956cb432dbbc349b5b4843

SHA1
d9b8342721a15ab2fd69b220ba09f44396a0c2d6

SHA256
bc9f7750a95acd53c2c1a143b1d53f9d5654acb901c8ae8049d9d53e009fcb62

SHA512
2a317d6ca8607a9c253e9a14fc2127ffb8a374ee943536f3c01513e89d0e1c7373b9c31ee9d2af16916de66a6ff1ee5ad57a6de1c6a4ecc1246e071fe8ca70b4

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
59KB

MD5
617b08d3ad7abc6802101f9bfad218af

SHA1
35ee97846539dcb127b4364c6724c8afa3d1bb62

SHA256
86a8d5abf960aea006bf3ef21c881396485ef79c6a0453b53371300f1a41a9a6

SHA512
289f7291bedc49765c524d154df639e371bbf2ae3ce91a824928e67880fc0d67d32a86a33f31070ab056f680dbb75d24cf1be83ccbe754287b2a8fd2b04c3281

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
56KB

MD5
91c5e296b980e04924c73016f2375917

SHA1
6800c6c7b43345888e9a10403a540e70f0ce9969

SHA256
151a113c21f064b92930d4b26c08faca9968f06c5e2af9f762b3aebcd58fb021

SHA512
a08202c556ec3d450d9add3b012dcecbc88af0f9a44adcbc93df629616d6b20344a96fd2bc9f0ea06e49f55d1c98b2ce278fdd9cde66a68945a7903ae3ef0ab1

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
58KB

MD5
a903d2bbda2dec4cc72182414c9f4f4d

SHA1
6c296a1d5874ddf12e73c5fe633e836f7dd6211e

SHA256
59414ca8c6b87bf3cc7f765af1d57d0faacfd117de09cf18648c1e87ace00a13

SHA512
c2abbfb387f08157b7bf1d00ad6098c8f1cd74b5fb947a8870643372674267e3f7391477a21edee13be4ee79037fb7c2da76a1fc5e6864f2f988c59000f66a73

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
59KB

MD5
064f470c1906b8cba03c2b2604ebeda6

SHA1
037146ba0b1180212553a168d64cbb95d74d3c00

SHA256
07b6af454b6f17201e34ef9eeba67301e276767c55011f8dec9a97244c0c9cc6

SHA512
5b3f8c8ec393252621b17aa6e8e1edd362a3c0d5c03521f3f80c53af73534f3c5369edafa8d801af826f3418057734a94f05b3d9e6813990fa7fa21a7863d5ab

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
61KB

MD5
08dbbaa46ee7e93d5334cb43ef4949c0

SHA1
552f2d428a3d96b5373525bc85961ec6f0fe5a0d

SHA256
12f91d2afba803508b077f75b2b065d20928f2aa06186507fa44f0b1fe114b89

SHA512
6b4407601af8d64ed6c049758bd67cf05c5daced96916886c0d23c196952d40c9067e4a328a5f9b9b0df9e3d39c86b813dbd8926f71496393c3ede2017067c5c

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
52KB

MD5
9848f33b583c9b15ca0ea5a4536a3bc0

SHA1
e704c25b656408d97a70df7a32a28eef1cd5bede

SHA256
6acd2d910c9c8e14be88e0168059236525b2b054e1057e3d102aa0d58be7763c

SHA512
81f8df21adaa3a60e997c193a00a8568a2eef8ac3364459188920de03254c19561827ad879de042eeb7d1e04a73bffbfddb80dc9b441ce8979dcd5e0a72e44d4

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
56KB

MD5
27e2d0edda888fa42edc21b6a2a90d1f

SHA1
ecc7ffe3729c6303c7346cdc79f11af2e8ce13b1

SHA256
ba66f312fb7b495abefbf3425b9bc4325d3d1fde0d61cfc744d543e42b4c1e99

SHA512
b545c116c2746b30943ce6b1032aed3c0f27166553804fe19358156317ececca47fbc210d2c201dbbff8993b7cc9dd6d19b7b16e5e5a7fc290428b3ad3ce31a9

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
53KB

MD5
f9173e6aca92df6e7d8e73afdf6634d2

SHA1
9504f9b7590b35384e01aea875957c2bea1cc6e1

SHA256
6ec5d4bc0f0951c5138ff3cd28bedc4b0addce5ede30384cfd36522691692181

SHA512
521601d534e1a384eb7f08490560d9e1d8e5d9e5ebe942dc51d560428c53a8cad88c874053a3f23cf61950ffe565e2df561485fe7e2ab366d42bfcacee9b04c3

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
60KB

MD5
a4fa8ffa0118f494709ffce8e1ad9358

SHA1
c05bc0dea628ba84c74342f68b909853a076701c

SHA256
802f8222ec076d7a9b0c050975369a7dc10917bad2d3f28018a56df9df4db786

SHA512
43328ac98cb480b7a4e2641f3ea7b5b323fff2e163e7d673a74ae855ecc4a4b651a40b96e3f4a5642a71a6fe42731f9d0cef88404b7b257f2d904c7f542eda19

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
55KB

MD5
c6d07d35aee35c3f064ce66b1c0cab50

SHA1
0d706ff163f2f1fd3ac01b29938afd27a1d23fd9

SHA256
e4fc5be1dab55514172df6f0d04ec455d31228ca846b13ea859a24ee05c3dcc8

SHA512
821914bc8a456b2044f78d012c4a9fd5cea688fff61a0b2e06c9d70e45ee0b651d5ebdaa3a76f81b03b3ae920a90fd3fbbcf12183cb393a97788830c24af7bb4

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
53KB

MD5
5961e51841b93d430e9bff1d5c7e737d

SHA1
91fbb5f256526d74bea792576274cfdd115f45be

SHA256
2304109d46ecac71fd2e9400611e03743c35fb87c25c28b2ac2fdcf37846918f

SHA512
5afac05414e3888f386a467abd6289ed0d80060c90e5c73c8dac4862cd3ee5a8eb4c565e469e7f2587c60ef2a944aad191d9ca0b8b5d0ef28115cc5f30a1e256

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
64KB

MD5
2c85415f9feba8d8f6fc7b4b57e9d8b3

SHA1
91480229e39569a2189a75ec04c6910708246108

SHA256
1df710488868ce16036e9d028d791e12a6caacfd88495bd318b4175e9c9c93cc

SHA512
e10395db839a27da515ded8e4cbc453bf2995dcbe7e87993a70141ff9e49b83242466be842671d39b503f0a2f8d2df1981e4846aa92cb3cd7223afe596c0b418

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
58KB

MD5
e9bf47c5bf8de94c03ee167387aa8486

SHA1
fa5d2f69933f16364447a4417ccbcde884e98fed

SHA256
fde8b2112ab5a829818a14be274a93fdecbafee031fb21621c86d2cb359d2a64

SHA512
81edaae6a9b5d1afd5022b717353039e855e11640c490922be0bbbe9e877b835e694913afbf50caecf884007a930efcc729a796045f5306009e91943f07962ba

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
61KB

MD5
a48f165ee8acc1255a385b725120d6ca

SHA1
f3db2c9fe63c3ac69ae9043a5e56297f1ea4622c

SHA256
004ed8f2b438c0b1a62ef9eda30f7d1a56acad7412e1257a4dfa00baaad63f60

SHA512
fa9c8b8a0b77026691d2c49acec05b2e658920ab3b6a772392aa921da8f0b8df15460d088ade8a91ecfcb4a1a4b68d804c9c71770bdf3efeb3fc63959c398b50

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
52KB

MD5
7752da8dfc44736456ea354f89fc8cb6

SHA1
f6948c92a059b7e10028080c8c44f03d95209863

SHA256
1586af9c9f363d360ab4e5143fdee3ec17c829df3a15eb10091a1f0e6538a50b

SHA512
1719627319fee9d193c14421d69d4066badf5916d01269e1ded5601a991d1bc37ed5f47578bfcf9a69dba94597cc51412f697a7d12b4cc7c8b0e289361dec92c

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
56KB

MD5
69947b90f374bc428ea74714de334488

SHA1
a413a8cdaa76ebfaa218e6579b41ef8583ea620a

SHA256
38e9d77d03d2cc49421e5639219668c9835cf7584a5366121b64317f3f2ff3ac

SHA512
d03e8df74353369c32b730d88f26a5c4e28d30bd482c5d8a32d22c328d5966276d3b4cadb42934fb29e53a5dfcb67973ec6003b0acb31ae8b97f6c991828ca18

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
60KB

MD5
f8f04a70b464954c2c79294a895acde8

SHA1
6b99cfa42fd948c00d7a8671edae17134c4a7ea9

SHA256
c34ce20b6f5b109ae60c559c26463c344658186557ccc73e6893d975fd40e38e

SHA512
95b697b85d489faa784a4bb040cd13462576d140b3abd7cd2ee514264cce29d6fd8b1ce18b4f627c55976f782b9c7d1edf5088057312b244c555036868a809be

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
55KB

MD5
48031ad797fa4f2646ff0910b1878422

SHA1
60f3f0389f0c6e546da5ee2014bde47639dcc099

SHA256
635baedacde62aa85f9cd2b0d1e8cdb2e52a995642cf986e789f069766d62635

SHA512
bf537b9b3d520f1512a2d7781000ea05af53c4a937cec418e568ce45b8c21e3e65bdb0e515eca38696978ac5ce566fce897812fd266ef5451d057eeab1aba9b4

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
53KB

MD5
b3b9839d78b1aac71e266064b46767ee

SHA1
9a45e5533c3a32bc17e1d57215c4cabedb960995

SHA256
039896a41ce7f1a05af87b8910dd4f47fd18b7f93ebafc8c1ef5f1676df51747

SHA512
a3c23cf075cfe5dd5633c279465917b5a0c55fb9c2d51665db1eb4461035807e21b673b923319584aab1652ad9f930bc0a8e8174ec86b905c95b43cf0809e1bc

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
64KB

MD5
b90cd7386786c83e25fff3a541986438

SHA1
bb50721a86c7251ff25c3338cd1870c6358c97e6

SHA256
003ed049497477ee7422a68b307cae0a00d7a77860a91d23de3f1e33e7fc7098

SHA512
8a30ca55ba8af6074563a5f44e33acb3fd5fc9cf5a514ec23bf49c2f5e77cd86cc8ab46c8762107112e2b40f7b11c036134989aa98c8d7510b75347f48c1e357

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
49KB

MD5
fe19f1c5497946f559d723581421676f

SHA1
7f2dc45d4b01a91c84866f0479ec44e5c1402cd6

SHA256
6dc81b45e92906e6978e4014b65cdbe8f5cd64e627dab9e2a186881790464b41

SHA512
c680f6d5c2314a4011636c78ccc3e2196ebc7a0551c5a46303dc54ebdf9b7f2b893864c5d15333870402f3af6babe7ddadc17d5b12543cda8ece0231e48af80e

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
56KB

MD5
598cebe920c593299b253a4c07f8998d

SHA1
2e371c7cc8d719bd6646a6cce1dad125d44b846e

SHA256
2f6c0bbb1e31708f073a77a7da82896d2eb0d1c4bd3906a7342fa02c15578e35

SHA512
ab9e349bc4d6e5c864ff198a3323a4b45bd389e3862b5b99a64bdeddd95ba1cb78c5528c32cdd8d1c268e03303727b1cbffa289184fc1a7be8203034fa0de9b6

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
55KB

MD5
9524db61c43a4bbed2d21de25d0c6090

SHA1
8328e43232d7414fe103f2ffb12f57162e2ff3a3

SHA256
9828dfc35e436f4265776a9e6f2caa62a06ada6a1a37539e3f8b683a0e63501b

SHA512
c4ca2c8e07f653e2993ff58066878bcbc2e77100dc4ba85ddad7d8cea80d0b407d7dfa7c3cbd257fb13c4faf98501ec1102548d1b5366b62756719e6757a46e5

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
63KB

MD5
74782461d5f5001214e93e02ea1cc291

SHA1
203884ba8627d42039fe1c1a1bebd048699d99e7

SHA256
7fdc7f6fec833fca470054787e91f9706ab5dc6353d980a1304469c05de6774d

SHA512
a963e612a1e637b9e6c49c0e58d9fbdc90e79a9ce60cce988a95a2bd7eb528b5be36b3ac3ebedc9761664ae2a1bae26f95bcaa027b993a1a43ca6f7e902b9c40

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
65KB

MD5
ff0e8ecfd6da4ee013134cfed65c13d8

SHA1
1c7fa7e6d0edb0d8a7f5599065d2012f1722adb4

SHA256
f32c27f5c57d8afbe7ab65a6f7eb90433fbaca217fae01ae0b8aa7ba769a1928

SHA512
a97ee5dd00f5687d3e6027383833d7192705e4269c45f00f7bd434686720fc2cdef4183bf6672bcaa2ea9a6e9d11ff53ec39109bca93c66eed7399787d3108b2

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
54KB

MD5
912373dc0511059f94ba454c44011c3e

SHA1
d1eef84a4596d90f649dce9fac5e963aff89fbd9

SHA256
54e4a3b292c094b77dbf278cfb8430d07509dac6f95ff14c1e7ca59c940a5b09

SHA512
a7a7bdd1b2333478818e27980ace60d377334ec7890000301b2b5f7e2534547806dd14383eb9fc87739fcfe7eaf079aa66d8ed8925b5824f4261d3f4ad3bb717

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
49KB

MD5
e405fea9b593e986642b7db7c008f086

SHA1
ccd1d1d1b8dffcef55db6b62bc978803b6d8590f

SHA256
d05b06c3106b12ded363afbbc626fb0e92ef08b4a43aed2f8569f35adad15307

SHA512
e32a61f81186ef14ecb1e2ef5520cca1f717feaf005ef6428908fac9a23968806a5320dedc47e99796e9b0569c1efe86d62ce37f3becff7df662190da9286e4a

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
52KB

MD5
618027259692f11850e1c4e780779b8f

SHA1
cd23d47bdb2d720738ec25f3e400089dfc2cb2c9

SHA256
70e0d7b8fe7757e29aaddc3dd78d7512b9278424afb1ac53d715530aa209b0b9

SHA512
c0b142f39dab695706e3479df46ed2aaa008299bf651344254bc5558f9d06f06766348b588a9fd49101af50de2a52927c979db292240aca1e901d4c65291bbbf

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
61KB

MD5
393d1ee1772bc3aac544a5ce98eeb958

SHA1
a0a6cdba44784727e5c69105ce90b77f57cf62c1

SHA256
bef00079d533d133e5e1bf46464b06a206eb5bc3bad1bffc79bdde03bbc2e43e

SHA512
80e15c54acbb1798a4d7ef0a4ffd4cf490a01ea5e160aa82a58aedbb34eb652d35a2a6061d928bee53e0ba59868cf144343cd2793f57f3452d24353e11d454c7

Download Submit
C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

Filesize
56KB

MD5
698eda9d5a5935070e81f7e5995c87c8

SHA1
9edba6b66ae40e3dda9cca80f70f1de0d3570596

SHA256
2189b7ccc09572a69e4a3a9b6e1964d3c9fc4e987e364c5c0e1d61323160e84e

SHA512
bda4cc3aac7e34c1279c236f8c83c5b55bc6affb12855f5e6012d343c2bd4c1c80bf65b2b174364157b3325407f208578d2d218faaa92397a676ea780beb0ed3

Download Submit
C:\Program Files\7-Zip\Lang\sa.txt.tmp

Filesize
65KB

MD5
2d7641d1f36c25ecf5ff658d71588efd

SHA1
26c2a8653d9af025bf587b96eda92c29be8eb1d2

SHA256
558a13724d2c0189ae02e664aef360dc24e50715331c99c8044a35bf376bcfc7

SHA512
700969acf983648687f0b6709f21a8c3f5a67eb69e91f70a64c13f793e597d956528ff2b92e282d97b89db70d9b692e2c88b8e12ea2aa8587cda4c3ed408fd2a

Download Submit
C:\Program Files\7-Zip\Lang\sa.txt.tmp

Filesize
65KB

MD5
5d0fbe1a26499a55a541136a3a06c744

SHA1
1a2ed8f36dbc83221562bcbc5dd07c80f2f88a18

SHA256
d1b773776f03f47a45a586d590d963dd1ead1831edda0d66fb6938ff21f7c4cc

SHA512
75a66a08cd40293e75ae6b5c598cb71031be14bbbb37a5cf3c62f7e716c5ccaad5fe2d8009e7c7d0d954c52b9c700bcd1ab0cf18c2a8777c1d0fa02cd2cff4ab

Download Submit
C:\Program Files\7-Zip\Lang\si.txt.tmp

Filesize
63KB

MD5
799a4e3aa8586fc447c8fdb4fdc99e77

SHA1
9cff2acab52bc3792ff122d8fb303615814e1856

SHA256
c07f9c5533125816bf71ce7f897a43e5e42a4ccd4412b5508929988d1dba9767

SHA512
9c73b42be73e09e748ae96448ab0e081d63ede7d6ea581510231bf8f8a7481463af86e012938dfd64950bbad647e783fc9e1d3b33baabece82b37b73ec57bb4e

Download Submit
C:\Program Files\7-Zip\Lang\sq.txt.tmp

Filesize
50KB

MD5
0091a40f47a994049fcd8016a2903a43

SHA1
3e79f4e3d2117ec7490ebd45f516855ac3fb3d97

SHA256
12623f7f289c69d9249541371f864d69cd0c3601a1875aea0ed4c4af69c67fca

SHA512
d60e678ce40ca698d8ba97a2005a3fd8c985b5a6b62a94313413ec77229145b9403f77519d9f1138ee7bb7386de85b2c359a1d1f393daf2f5f9de272cfd9e6db

Download Submit
C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp

Filesize
44KB

MD5
88947d5a76365b58d6401693a52f5bb3

SHA1
19cffb530475f236f8a53c13b34213713d65fe19

SHA256
3361f936c2bfcce53b8d6089cf9d5533d7152a0b1d6e5df6498ed42f2b3a9eca

SHA512
b7b53a1effc10b14e4123f82e7d0e9f2ed25c88f18cb15a71b127fa69c5140d065d109721e019a540de287d903986516741bfb1fbff252eef021787f5b254dbb

Download Submit
C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp

Filesize
51KB

MD5
dfe21ddd7c79e13543d7764bf5077497

SHA1
6a5c885b3b292aa9d568a8ded0dc0b1a1ffa917d

SHA256
0bc076e7ec877a795df11a6034bf92bb9d2ea4fd2bec12f64926145bbe2f622d

SHA512
9bfe540ce4e7f1e1fdce4d4f2e5124e440ddec24c7f74fea3da305587a22739d0b991502d081e198a509bfd08926ba23a29db6f0b205420bd27883f0998cfe37

Download Submit
C:\Program Files\7-Zip\Lang\ta.txt.tmp

Filesize
59KB

MD5
fad991a94f66a9ed7bc943083f1bcb0e

SHA1
6b456915140660cce5eb1a8e7bddcaf61665a1db

SHA256
10cc623575602e2ad3848554c319e96d903c48c440f082a370585b852325f26d

SHA512
41963b243041de4a46d092716e1397217a00a11940814bfd80ee5895bbb9f95e4a00dc4cb12866418ede0998b6daf6215cb2710149bd44ffb2c6bd1c7a28c86a

Download Submit
C:\Program Files\7-Zip\Lang\tg.txt.tmp

Filesize
61KB

MD5
e585ba77822b233181d6057fa97bb273

SHA1
d8a1050931a9ca36f3ae0725969eb44ed9ce4e1e

SHA256
c56b12318729649bcd39c4e96743153881c1070dd6302dbbe109d03327051721

SHA512
841e1c4a5bdc95a758674a43d66627e95fc86811603d61d99569fd9dc7e3bdff40a7ba3d6fbac58be69a26ec055a861faee97a9ee180081142764dc20dc834c2

Download Submit
C:\Program Files\7-Zip\Lang\tk.txt.tmp

Filesize
56KB

MD5
bc46560d250a7bc57787fa4fd7d32256

SHA1
1ac0c50578237dcb6e9e87e8b314683862be18e1

SHA256
54b368f3ba06616877bc6df3877efa3b7709cc38d61e0ec65eae323262d57344

SHA512
83ed1ccceba4356251e8a3058ce6bb0764a1c257a1991b0713fb2fb59ba83c9a79e5b821958833323641cc53bd7e95ed42a4a3f515a2329031026e1851dc82f3

Download Submit
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.runtimeconfig.json.tmp

Filesize
47KB

MD5
fed3ac38a27321c3c8ae2bb7c7f37a19

SHA1
1729c89c42ca1008d15a9aa9fb281b38395e6c81

SHA256
cf5a1bd6804e350076d29eee7136602b8578bd140ace1dc18e2b8a60c25d0ea6

SHA512
9f9e8a7ae5e71b2c8c288a75b32e88a1a0f4dc97cc9ff6693b84dfc0f0b717b2525dad998d110708b7893a81431e1b024e5e1082040ae0e75a1780e0b99bcd42

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

Filesize
46KB

MD5
5c05dc6d3439aa2b91ff9c8fd5f76a35

SHA1
29650a5db03ff43ec57853aaff9947e035ee95e5

SHA256
8b5de633c65bc2333445c8138b1f309477fb37f6095cbc355fa7b8a6f1355095

SHA512
04e283e1d37981f83289b5d71b0b669b33e6d06d4fc884e2574744dab14543362172325357dc1cefd0b8e227b0d834bfd43381306f88b7aa42cb5880b339dbb4

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
44KB

MD5
ff2e829d004e38574eacac716958977d

SHA1
21c91e3b116ad0c45a77dd7b168d7f22f882a906

SHA256
402bd5d97a8cce62532d51b2701d5a6f7bcf6c17a4f83d8f04f92491cbbcf6a6

SHA512
bcab21e338bd1456c0de134d5b2b318b7eac3668affb6680d250b7145bddf29c886cbb9a227d25d8eec498fee08d9a5d41255ea5d7bbea367b6d34203785b9d8

Download Submit