274b4e6bb38c9d22b978573f67125290cedad254ba0626f9591d603b372c2136

Analysis

max time kernel
119s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18-08-2024 22:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4a26996d30838edf73267a106ad5caa0N.exe
Size

87KB
MD5

4a26996d30838edf73267a106ad5caa0
SHA1

fd97c2bf76c7ed71f116e2f6331d00fcce823b17
SHA256

274b4e6bb38c9d22b978573f67125290cedad254ba0626f9591d603b372c2136
SHA512

f76a3a87eaa634ece9125254daefa2377d49a8eb2ec723a6bb808d07e1d51941c292a9164a73bc76f86abaa358a680e25e9b25284e3414168da7076aad460886
SSDEEP

768:W7BlphA7pARFbhOm0CAbLg+sVTgTH7BlphA7pARFbhOm0CAbLg+sM:W7ZhA7pApH1+sVUj7ZhA7pApH1+sM

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4689) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
4760	_desktop.ini.exe
4692	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	4a26996d30838edf73267a106ad5caa0N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	4a26996d30838edf73267a106ad5caa0N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-convert-l1-1-0.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationCore.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Permissions.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Marquee.xml.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Registry.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationUI.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\vi.pak.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-180.png.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationCore.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Initialization.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSZIP.DIC.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Primitives.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\centered.dotx.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\gu.pak.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\javafx.properties.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\management.properties.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Wisp.thmx.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Immutable.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsFormsIntegration.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected]	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.tlb.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLPROXY.DLL.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Specialized.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Security.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Controls.Ribbon.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationProvider.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\deploy\[email protected]	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Controls.Ribbon.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbInterop.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSIPC\no\msipc.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Aero2.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-pl.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-pl.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome.dll.sig.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.SapBwProvider.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ppd.xrm-ms.tmp	_desktop.ini.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a26996d30838edf73267a106ad5caa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_desktop.ini.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 384 wrote to memory of 4692	384	4a26996d30838edf73267a106ad5caa0N.exe	84
PID 384 wrote to memory of 4692	384	4a26996d30838edf73267a106ad5caa0N.exe	84
PID 384 wrote to memory of 4692	384	4a26996d30838edf73267a106ad5caa0N.exe	84
PID 384 wrote to memory of 4760	384	4a26996d30838edf73267a106ad5caa0N.exe	85
PID 384 wrote to memory of 4760	384	4a26996d30838edf73267a106ad5caa0N.exe	85
PID 384 wrote to memory of 4760	384	4a26996d30838edf73267a106ad5caa0N.exe	85

C:\Users\Admin\AppData\Local\Temp\4a26996d30838edf73267a106ad5caa0N.exe
"C:\Users\Admin\AppData\Local\Temp\4a26996d30838edf73267a106ad5caa0N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:384
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4692
- C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
  "_desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-945322488-2060912225-3527527000-1000\desktop.ini.tmp

Filesize
46KB

MD5
d42c9bceafc1307c125ea5e82fc26434

SHA1
691f02fe355df14330bfff69f86b1bb1295d9d3e

SHA256
632aa8d2d33a1e4778b360464514bcab1cb2ce78449041052e653c7e8c8681b0

SHA512
720f65f21ab2d9d4a8d8755e744108c860edb0c5928915879953f1ddfb9f6ca55c9bee272fc63f47877a83a8667d4b8c5b131ddb15c37c0e6ac67243815874ac

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
154KB

MD5
b79fee36a3fcf1e933120c7ad9a46c97

SHA1
b2e0cc9c34b89a8f177f6b244cfcdf1f3b18c1ae

SHA256
245a192b8212561e3224f3816267824e8b0adb2122175cd602bb2060e4ea5f8f

SHA512
03d4a3c3df0b413491ce37b19b36106bbd0d69c670d3329e8f8880938954841e214ac7959acc9072974b0b2ec6c98f1a8668bbd2c916ba331d2a34503909bce0

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
110KB

MD5
b1efe694241739c44d8ad0660c5b7227

SHA1
6a3b0c73a333f1e7fcb4b74e67f095d5eae951ad

SHA256
3fd80b3e9f7c8d40cfb54c941b8834d876286f77ced3f38bfbc50320221696f9

SHA512
14cbf95cce96114dd7855e874139391ebf60901a8e805871c192e1ef06d44040216f0f006ecbd1ede2a90f9f989e01d96a4de1007b7644889596d20f9b5df640

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
ff356679f26ae3313943b13f2aa5fe4b

SHA1
841b7557475c8da9b18811f5d4599d55571aee0c

SHA256
9a5d8cd3ec2da7794a62ebacbe6da59e6d3c309e38377a242d3083f14fee9b1e

SHA512
b6e2849b02743ba32a90b2c04524d300c6365bae06bda4c19c911715c6d900d9f945a32910d5557b6a7fe33e3d64daed839a4b2a28ce824ff7517659493d62b8

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
589KB

MD5
91f4d1bf57cceb543d6770a05fe45a45

SHA1
0ab77ea3444621de18364eae1a33e3a78f311bf5

SHA256
661937840b1cbff77a36a354297b225b1d992032c4a4b1d3b53ce49f20d932e7

SHA512
10e5fcf8c9ce24346839d42eb62cea71a38f8ec926594fe1c8249b30155aae8e445a56fb5d466dc43d1206c00cf32371d37b48b31c9b56f6b617840010fbdc75

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
255KB

MD5
145c9a012d99cd0e504c6792c191611b

SHA1
3c3f08ca8b816f010f879e6aa22124bf040bf4bb

SHA256
3a0354cb869082a6da0180430b7c1a6c62176c58a4430a4c98e6c4e19ada6123

SHA512
4e0c3cc219d7df89c521c0992bdec2b0c3e0320a2a12fb0ede0437db735a59d2701773874dc6ef3e47cebfa9c845f7aa481f1f7b5619781f94b7be83e6b710ba

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
234KB

MD5
a71b6366f466564228445ac7d73caf02

SHA1
885bd72e708895a62ad95d000b35650297e15cb4

SHA256
6971dec82ce280db06945e0b792128a74fc387f67740629a17c363eeb1722c96

SHA512
263128686837faac375b713c6285be59fd0bdf15f38ea6b5316dec469e82f8475d9d1a1bb35e5c2ed6705c71a431dd5b22073a175cc4c1cc73911e23a69d7dc5

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
976KB

MD5
63d734942b4f152e1ca78dcf55428740

SHA1
dd550bab44cd73f8811983987bcf9ae2b7af8c5b

SHA256
b4416b5e4511c9bf97b84c3a6738ec79596edb9c04101d7e0bb1e799850d7d4f

SHA512
904e04f0bf1de4c30cf0aa309d17abbe81656e39af972ba0ceb3d73e9f4baf82250cfb9a21e9f61e98cb8f4bb805c0834cbbab42d476702979216d67404a7049

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
729KB

MD5
e870f90279c6323694482aeca8481e04

SHA1
6daa38315ccb65e7806325a9a3714c7461a17266

SHA256
7148e6ff1de0a3f8c777fa201ebfba56e02d78848ef9b3efb86a2407843e3c4d

SHA512
abded7fbf80be241a9c5853830ba8b35a27631142b6e68f6293e97a04937a4cc12ab2bf7e997567ff63e83919d9e5ba695f0addd8876017700ea291612ef76dd

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
102KB

MD5
4c87d1b1385121a61a182744b463ed61

SHA1
12e3c87236c0542164d3bd812c1c3a38fea27d1c

SHA256
862ed3739fa63d1e688a9b8ce552163f2f4beb3c2a4052bb774460074824ee74

SHA512
47ee21cbb4026c785b7c369c03b94276ac3bda10a59cbfe6f06208aec99d472d554eb815b9ce967e363e1092ee2af1740c4b5a5839ccde449a75b10c130afa49

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
55KB

MD5
c73a0c8eac0854ca3bc1739bf410c687

SHA1
a3f6000601d8c6e2b616b389e6b5703c2a57112e

SHA256
2b389baa500108fbe71649c76974a0e29bdab136f59fb9774b89636130bdcb7e

SHA512
c6bdacc0913a99c97b7f2674a8bf6b3fd3096d4a258da774fad3482326ce2c9465654681c132f78a62f963f6830de4885cac3171be1d819608a60351340c453e

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
53KB

MD5
28688c2e744c9121a7d6586cb546f774

SHA1
f0f615ddc6cdcaf8cf88c72167d76f455cdd4d91

SHA256
cefb3c9f4eec3e2303c522fb04013a71cf030aeb8ecc49c43672adc38c6553c1

SHA512
15b612085e8565ed258db6250d3b4b7237d2a0119d1165175a5abe4a89d19c062ce04ce5255ae190f4a0acb300f6917c3c4f6134e2658b67d092f552d6054c1e

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
58KB

MD5
6e7df61d3e15dc7525ddf28f16acf564

SHA1
891869d8ba71838e6801910356f8c08afc5f7338

SHA256
b8481f1f978008a68bbba914535c1c6dfb462e812c6daa59038c5852078b6abe

SHA512
8687b50e318b848180ee61698362bd26af0991c0511013222d1d54281ac1e9d7ea7db956cfed49c8f2a206e9059ddbfbee36b93973a9acb0eb523a3aab0195c6

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
55KB

MD5
3ffc7c904d2c36759a600037b858336e

SHA1
18318238e0cb344249cd6604f2d761a8c3a23b35

SHA256
e3195947f6393b87c685de4229ac22dbbe4948d3dc40dace02c9527855339463

SHA512
14f63389a2953556bff093727b9b481aa5b4eb27cf380ecdfefc50eb68006cb0b93c968c59184e01213ab6dafbff6f304d2926dd30bcbec45427e9af0221439d

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
52KB

MD5
047554560b0a4cfe4e90ec90cd6b092e

SHA1
cdf1494d2bb9628e496ee672a69055fad655e8db

SHA256
adac4d07682e1f3c23a9e17a5feae28ad2da5ca6499f629054559e9f6a3aa620

SHA512
1335d94b10c1a755c3f5082052f76074174100f874370094575d6b6751200848f2fd73c3e112af69503028c7a714cff441a435e43ea3927dca47e677df3e9b40

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
45KB

MD5
ba7c1a628a348e0105f75dd4a3cd5c83

SHA1
b0c8a34d844401a4330af8c47dabb97fe0089814

SHA256
880fbf9a448cf7dfeba760cc87a67538fea929ad8a17bb9036df9f31526177d9

SHA512
1c374776c8dabad8ed9b57b3a932d230750b7b9781119e086e8598a3438c1145ce5c071ee471d030b3efce671a740ee7099bcdb831d97152ad403be5922622fa

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
54KB

MD5
175c98c6e20967e8f41394d2fe5d74c8

SHA1
b0b82b294a8a57ce1c3a707ef5c67f90bb2bb864

SHA256
737bd5b4872cd250fdbbb21618a6e5de471e253065b21b46f7e46795b73d97bc

SHA512
41c264db3944e2cc71b5ff819ad24a710bc9d7f0332cb04ab90d952354db3a8278a0a1d1272fbec1cf94b9abca3e40d540f140858d459f0c3fb57657ed8cc7bd

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
60KB

MD5
cad882170a5158dd3f292bd44953f707

SHA1
a522ed459c1a26af25315990d80c8147bd24aa29

SHA256
83716c66e41685f7f5a05124c76da02658f352de64e252d8c6d3b72a6d160319

SHA512
6514126cb88d340e5ba2819350c19dc696de9f07be29b48d4e3ac0ebb155874ca9127eb64b6f3ecdd05e3ba8e126042407d15ace45b1742f10710c44788aee11

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
51KB

MD5
22f31f383f99d7bdbf8bc8d62ef93ec3

SHA1
8cda59dd0854840ea825421b79cefced4677b3c9

SHA256
310f03215b22a174c27e3bce47c60e7e7bffb3da7d522cf8a16fca4a18640d66

SHA512
0fea704acd0937f5e2af680b57f15e066503050d77a63bd0f78f8eac7d65787db5a0863490defc24e0d3a346286a1ee634252d12028b168f5f797b3e5f4d44af

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
54KB

MD5
c804bffa19b5e5a304ba9423cfd0f7f3

SHA1
d587911b70b98b07ca065cd2e7d1570b2a96f5f7

SHA256
d2b32702d7038c43bb2312ec903f81c6a813aa64705f16b87f6f8f55b6638515

SHA512
623eab496db2f71b3b3a8b498bdf1c51eb8cb6d0529f0bc4f85906bb372bfa9c1174a1e558a24704504cf288363a4227de5464a49b6e6de9cb494f150308f28c

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
50KB

MD5
47ee1af7d1deccf131f8e0595fef3b6a

SHA1
b064f4d5d08a7544c3c175e7fedc7e2c99fb722e

SHA256
2317c78b9cce5e0983b57228387411e15123a7e0af9d520201b47e14ab2a5062

SHA512
e66c016a29afac214cdee0bf73fbe1870b48459717d13bb03663253d771f31a344069f0b878fd8e7c8cd5cee3663953825b6861fa50865a582d7d46d5b02d61d

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
54KB

MD5
4031687cada0d2eaaa163fc9758eaf0f

SHA1
442e8dcb2869df56a520454f8eaa44c6013a46f4

SHA256
fa22d39c95c0c1a0deb5257022269b253c0b6fa7bc5d2be4bdef9fb5b264b93b

SHA512
61c26accb67bb529b94dbb0958eb380bcbd9517fd1717dc0dcae3e401395b6076f1f4487759d813d3395be622bfa6dda7a4bac1a4bd76eac9c5852f2d1127b3f

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
55KB

MD5
fc1d0321d7eaafde866523c9cb273d6a

SHA1
605d7a4122e71597a3c5700f8fce6455b456a0f9

SHA256
98be67c6d73725f7dd5893b911178519e846f2be59753b7cf64a9f84eee103d5

SHA512
c60677f183fb7935e266aa05da2fdac78e93eea6c326ea662527448032eeb9603879be3e69615de6e03453dce8700c583f9a7d8f038fcdd8f9ca23fba18a08cb

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
51KB

MD5
efc54365ed4dc5b570a8e26f8983dbf6

SHA1
263ea72b3a77c820456a9b3ff98d8abea98e2f7b

SHA256
04e234ea92cc32ae3dadd345d46cd6a78d5086b7e01b3a05a8ca8f4fdf2de616

SHA512
e585fb9c0a513d556190a10da257fec75b65496b0aa4292e290748a2df0f603cfba992f905d860b68c1f593d02a83b3cf87d4c243b6a7f31fc7a30014188c43d

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
55KB

MD5
dba1450cb87a4bf94c0e16988f223234

SHA1
5fd13872cf08d8ed7b19da273af182104c9c2397

SHA256
beddd22027d7a4cd6c3b03fb9c499da474d81bcde76e584de5167b9c449315ff

SHA512
460c0beed6ac5744f2eda578aee52ec38be3c96d373d098647b4a6a8d1839024c7d3e8701b183bf12e2b79af9819b422eff84d99d22c9a11bcde8f758515df54

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
52KB

MD5
4329cdacd71ae356ed8f3810cda66b7c

SHA1
5b3defc068b933501a9ff67d7d9204474955c3c6

SHA256
0cbccac6ccb203c8bd255236046b97c8ad2d59a5a999ec9c1d6b2f301571b6b6

SHA512
03d8961c4ef3ee6f14447b1f868ebf54f037aa5269870d8367e38c8047aa99130654c642d92cbca1c0e753b1a8c34c9623ad5b9b5ef593958739998c50fcdc42

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
53KB

MD5
b4a92a03ca7c6d54c80e19572149f3b2

SHA1
ea1967e7870d70b5eb02971ac1b45038780cecec

SHA256
ef2c3d6477d3b3ccbe8ed58201b00d9e8835aa8614963bac291918dad98ff9a6

SHA512
cdfb7973beb3addf792801c3cc63e319f06a72db602b7d8c2e9bfcfece8c67b844fe34469484094e9bd8acec2c4329d37fb3869f1e89b59d080715aaf7d2e87b

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
45KB

MD5
193cef30d6e4bfc8527ad148d66eda32

SHA1
e733092671887e95e95f9b1dfa4dcb5f5327ed64

SHA256
9a5e8ad73564e107074e1c89a4a7116bf79e4161e76f86debdf77959c153a8ca

SHA512
2d975651cb94f1c0d4d7604eed34797636ae48694211a3a8fec4c09518f95176af3c15d0a38b98fbbf124f545e8d89213e0fa2d017555054e18c39a66ea0add9

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
50KB

MD5
32d3c4b1c4d06b5ec68b40ba0ef58e87

SHA1
cc50c59f0bedd42288b036892fe3bc8a337a15ad

SHA256
8a89e0fb3c5f51ae6c3420f1460627fe3b34a75706a22f434f25a9cfc980048e

SHA512
db78b3a7640f2b512740aefa8f9e74519e9bfd14b6c0542246fd9fb4d44a8c5cca87799c55f4e4e546f31d7982a76a86f513891a23c5c3e10d5e7dd34e708534

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
49KB

MD5
7bbd59591faadd0369ffd938c62737e1

SHA1
79aaf0bd1d57992d87dfe5226ea429e2ea96387d

SHA256
94d8ad6669a5a5574b84e8f859ff485515650b7a7314c92397725a4a0d286966

SHA512
3117b3978672949773276b5629ba69328899c832c49eab61c10b3ad1ef97ef0a078539ea9cd7f0e723497df217ea7685a9e4577bfddcc8970e5baca0236d9f2f

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
54KB

MD5
f65a1e2b66214398ac6e18051901f07d

SHA1
1ca3ae096f78ff9cfddce798584604114f4e7c89

SHA256
07bda3d6546a1f16d7c331e14932750c1ca8c87ea38f9727c8dbcba0f55a72c2

SHA512
8478442626b4bb16bf5a5707af0995d8d05b05337fe26502c6a48060b1032682e255f8b7fbb7f937585307bafaa13b399c7ca307935d80b2c7485f6618b8ecb9

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
57KB

MD5
77d2c8a2936e73fa39ca2e8b05662522

SHA1
8cb7675d0a774cf3c651e1456ecf1e449722c0d4

SHA256
a4be223f1dcaccc6b30b5af70f9aa32b8cbf0ccf6a69173e606717e87e2c07b4

SHA512
4d19402061b228d49856de2cb36c7dfc625f525294130b473d7535e6a57b13300147e63a76fe14d384fe43db414a78e01284b5b1082bbd379f0104a27daae0be

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
59KB

MD5
988c07a3b838eb3af65e7d403b8a343d

SHA1
02d8dc446fb8d48ea4362e2ec073b9e0217345e8

SHA256
010b5c20716057e9d7ce00111fa432dae56a69472f9e6d2c8c3b917d87e4538f

SHA512
8c989368e5a8dc3ec32731cc70c272bef9e99ceb9db8e28eac4968594a7bee7b66035ffecdd571860549deb979039fe825995f14db4781756bde1822f34c78fb

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
55KB

MD5
a8057415ddba4f1deeac1fd6607d80c4

SHA1
cd19a6c859f2ad98c2022b2cf8f13a51b331375d

SHA256
4c252ee5fbf264163893d61ba92381b6049e64e2f72442ecd85c0edfe8610139

SHA512
bc8f3372f9914b2f239dd88268734089a0fae6ad3620cd6903e6fff318060d86b1b7d2bc1c1b1fa23e0c6a94aa40e456468a66c56302a72a8fedfaddc53d5bb0

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
59KB

MD5
1e9bf65b8762ab1b133bae4847670daa

SHA1
7094869b98d903e1729551a13f9a0a8a92982ebf

SHA256
6d579427917f96a91f3db6f7700e61c7bec72fa8286f21532ecff03e7920368b

SHA512
98b617407a9a288b245c5c56ad4ac8fd6d94ca815ded17f3e8fd423c4cb61eae8d4013f799008f3f8049537113a97ecc091f857f5935a06f2bb52fe9f8e47bb2

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
54KB

MD5
70a04dcff444b15bc832e6a1f99607d3

SHA1
d84aaf8376fa525ff3e6ae91d807a80a8a2750fb

SHA256
c0455f055eec575583347118d549f7e67fb0a60e2437873bce66bad98e477bed

SHA512
974adab770fa2b0ab4a0c4e4a76d1e3ade33f28c3a699248762c3697d0e18b43f068e3d6eea52c9209a2815f4a78cf929843619ee67b0b1181581c0bd236d28b

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
51KB

MD5
e3bbacf6d5dfc9e4821a43a1c3d62cc0

SHA1
2c6cfbf92c5427d7b7d6eac5d660316a172d2f3a

SHA256
9fcc3ce6512a58adce895d6ea0622541f5c10015f803899cd0177d52c44d5101

SHA512
de9d734489a4fe05155c1896b92fc68a6e2cdcb91eb5a5b0fe3600e3e1e6231ca89818c37c17ba6e1d9fd32c8232e5c64a41ac021bf52e69f97d1f67871cd579

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
57KB

MD5
c3455af179d6fad6bc016f02063eb510

SHA1
7da437a0badbfbba878d1b4bf693c76f642ef25b

SHA256
09b1767e7c8b119a9b0be6a79f06feafec9c495c8ee657dd5e00abb2793b6b9f

SHA512
d932aa5a527f63a2dbf0854e67a1c73aa25f7ef66ca5f84e672c096fe1f25cc14124780e959ab28c2af182662faf25454f9ef856bd956fb770d770d068272d15

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
63KB

MD5
add6deee7626f5761984742f41f251a2

SHA1
77321b19b49a0bb6db527c1157694819e7c07f8a

SHA256
173b090a9f14874ec89828da10a6a1b5690c4f7c8d7a2a2277d9cddd7631569f

SHA512
cf11a09a420069cc0545ac4925eb5635cf0edf5ddde7add0e8bc8776a9cc8bc5917007abea97c0b832995c2bc58ba5efecafe62f47a8c02b37f6edbe70053482

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
53KB

MD5
6d5fd770fed4f7b3a0a0333fbb8f3dc0

SHA1
f78d00446de2294349c2696e16d375133a3ae8af

SHA256
b4607c26e4a4740a291feab19e5ba805d2cb46774f8497984b1479e010648a8a

SHA512
1eea7bdb2af96d973da6580c87d35fb5f37d825508eac0ca4227b74df72e5f4b3eca0c8bca28c001ea6a8dd49d648fc33e7a0139e4efeeb8eae005229c4efc68

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
54KB

MD5
11d22de49eafd5ec6b1bb5c52ef89b3e

SHA1
97be2e851e9f4c4cb7a710b36f62a4f55aa0c905

SHA256
b2bf74aac716e7bc48e6ea4191c356e37e0764b958c5a67e7cb0490afd9fb563

SHA512
7ca5c703482d141786d566257a6f98c65627240c6ba2fc1d558b60f9f8b6d1bb9c155d22bfc6f35e2715580cafbf7eb2336575baf7cff85c2873d156a35464bf

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
57KB

MD5
8346c82c732857e20cd9caadc6a0a9bb

SHA1
c20cb664809718f3cb2fbbc16d9dbfd2f61e4a17

SHA256
fdc32b8c7a687e317b107b63eadb1b8380f9b9baa34e6e594bb4ae6f158ad39c

SHA512
0739b3d7b8ecb544bdbef520b6ec3dba2baa44af9082383dc2e231d502dee217a75782b75d0ee1cafa1ca460de375e5896f494333cf1107a08c5b4b185b93e47

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
45KB

MD5
c1d58f2edcad93c8c107bacdb3a70c22

SHA1
8296633f44a6b27e642321dcfd5157e60eae04a3

SHA256
ca92433df16b0595dccd2157cf72c6cd906914916f943e0623630a9d44681933

SHA512
f2047c9253832d7e094894f48c6793982376f1b5591126b5229f419786695ac30c7fe578be965c39cae9bb34e0ab2ad9f6b449273ba47c02080e08a5d54471c4

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
54KB

MD5
df35633123eeaa3c4d6a3084d57e2451

SHA1
55d8a84cadeca691bd7f9d766a44ebcdbd8a49a9

SHA256
d6137f96e8c620e5803364b0eae076e09fd696d99eb7dcb35dd1483b6675bf7a

SHA512
bde49fdda9cfc03959fb903e9cecfd871194dfe3718b6af6be6cf763c2fa62608bab5462f01d929b1edc1bdf40627dd2229f91527f740a8e5802ba565f203d0a

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
44KB

MD5
24bcd14cc4ef44219f461943075f5f3a

SHA1
cdcf966c68258eae334779a86e1cb2212df3d04b

SHA256
e9fcc23134fec7191d1aa49d08af3911e51fd91698b51a5d4572d48dfcb45182

SHA512
9036fcc2a5352c5f399a2d4354716db8bbd4ce04dc48d7e0d550da4e774b131eacd183a13b289d09fe9daa6a58a148ac0a69cecfe5f3b502dfc56f8f0399794a

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
51KB

MD5
11eda6eee01d5cefc818601e34d63737

SHA1
9f81d7f13408d799f5e37b07065bfc9ac4689766

SHA256
afad302ea3dbfed8d7f191305f9d1c037c11c0a687bd8a05d101d25fc1710808

SHA512
de076ff0ef3bb0a8317cd93c8eb6409f32b035f6a686080996221a07125569115f83496dd0af11f1cccfaa704bf33f3135dfd4f7175d285cc08e2de3bec09b67

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
54KB

MD5
a486e74ad53638d233b88b54cb28134b

SHA1
7b723b39b4ac8ad9b93b47b97992e78667d71cc5

SHA256
047c2490e744327ca878862b3890cef97907ef49d5450acb922fea5e9957f595

SHA512
670d49f5bdb163969d397b60431401f6f31d41e84696ad75c83729683cca5e8d741a0d1e2040947078cf970a5a95761f90d3c5398c42b2ecc2caa14336ae364b

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
65KB

MD5
5a8447e9f5d0e11389122ed4e746a5c1

SHA1
ecc28b56cd70f7b0b6ad85f4a7a6562fd6618cc0

SHA256
dd07c3780c374838713cd97772e55b379f04c5e27313ef83981684b2988fba64

SHA512
88959db13849dff46e3cb61082725263ad3059c9416fe82b614234bb1ed8217817b38f4a9ef59c52ec08baa6c7ed6131a4c0626b0e8aeef01aa63a01ea30ea1c

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
66KB

MD5
c729d5f2d6c890fcdbac4fab0ed24cb9

SHA1
6d65e00f11757676f2b04455993da89ed17921b6

SHA256
70944b9d795712250011eba1d705a0bc50c1f6c3adbd2507385c5f5524554879

SHA512
9468229dc4bb0dbfa4c196e0194bca3bbc45a19f19089ea8e34b11413a40d97e54217d66b6164d8b95c8cc074d7f47fcf7583040e87ad702fa79d3271cbbb033

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
50KB

MD5
7e99a808e6af9e9409e2e7a7d8a3bf55

SHA1
efdfa6b4ee3867689b735accafaf1277ece18f2c

SHA256
02567f0fa981f8f2a420b059ba2e57761d6368379259e867b7f71982cd832cf9

SHA512
6f674c3d1fc2fd2123da793ce2356cc5d08f254899553b7b16d27f79e457f37fc731a239404ce3932e2fa53bbd9d65236e4585ea73d0a7931c9d4215eae369d2

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
59KB

MD5
a55b36224b2f764bc77b8c87e4f1474d

SHA1
76809caa9d47f4b1cfd8bb54c5af56bebf21b05d

SHA256
f887a4f24f59f6741a44dfe2657f6b379abb00a02c5fa6b68bc81681caab660b

SHA512
c5cf3eafab521baa1f0e69dc4c9f964285eb343cfecea86b2d4560bd9ba1dcd72cd4a62bf906902e7bc915452e75a80e24b295bcd63a5b316fc38027dda65de5

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
55KB

MD5
ac531fbc8d2e3c9a6e7f962d1a1b7abc

SHA1
aa0109aac1c744bf8c37e0549dabf641fdafad68

SHA256
9c7d9a677aeac2d59b156cb7b1a8bae3e079795f07de579fdaa9c0a3bbe01a66

SHA512
30b39931a6e70956e48d927a9327caa08dfdcc99c09876139444cd878dd8a58e50b75631042854ffb4f60910037f91b547870605045d90669cf4302a95225199

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
55KB

MD5
fb710c48fd6093e0954e6ebdd6ebb430

SHA1
f4172073ae625f931d50fe1d359137de4ff262ed

SHA256
0573d0765889de06f4cb10644e780b25e0fafcba165bff28899e9c531865eb8b

SHA512
47743b589ad58fb58beb2be56fdb1b55dd6d96bf1125d05a42a19051fc613d8d2351a0c126cc7f1c1da0d2e3b4df7872efe04b4fb1f9bdd99817ce6c23fa9742

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
56KB

MD5
5dc8a8421e919266215a46fe51c7eac5

SHA1
efd9a83ad46e995bbedfd1353aa00e8b8eb4a297

SHA256
a6bccb43a4f812c83f0f5e086414de88678c8fbd44913069639231e009554b1d

SHA512
1e1817a9aa3e4a94df420a2875978c6d1fefe1774873c0a92dde70262bb0c5fa60a5470c88c42471d4c817e9dba08408ee964daeeb101b4eab708033f1a06514

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
46KB

MD5
3f1e550de0ae08522cbff57bf2ae9c39

SHA1
8b33e1bd2e395665f3b1b6ba44cf7df029dea33f

SHA256
ce7861e16214b53981cf3414e86bd75b93cadce326de055eba610496cbed082c

SHA512
b94b9696f093a2f5ab3a466780534d6291e6f0aea938e23dafb0b25941f6b6c8764238767e6d92d3dc8a1aab6991d06f1f5ece8311cfe773f01a62a4a83f8525

Download Submit
C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp

Filesize
47KB

MD5
58ad40650989ce1a7ff0045297742157

SHA1
5d5f58429b02fe77b78c95928ef353f402dda01d

SHA256
65f8e54d951d2096a532186a02b724764a383b046596b7fe9df693a5a19aa729

SHA512
3c4168d1688ff41d702c9f12645eba404e3af2306909f732b5dd123b7633b1292ada1a513413552a0d25f38597c58cc85d1f2b4b843e25d74ac121ca9dcc8de5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

Filesize
41KB

MD5
5fe1b34d608a1408a90902e603bd0e85

SHA1
30a03f6b3fb0db698afafbe5cbe53667ee6ab80b

SHA256
b847acafec0ae60b52fa2070241064197534523b374391ee9170908941e70c7a

SHA512
5b9def6416fc2f6050e9d477818fa4ebb7e955d150218c89cf5df192178a8d79ff4614cd00abc85d3ea7ad72b9039c5f64c73699f7f60727d37e9cdb5b829978

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
45KB

MD5
d7af73eb99922ef24f22d579dbd94b6b

SHA1
7fa513e4e9f82b73d7e24d806d827c2bae9d7212

SHA256
4759795495b8e5ce3138af73dfd6d798693cf604b3eefdb6e0f46f5f8a1a9914

SHA512
47c3ae1ba301bc8098b8a5c4c44a38f5aa4489541aa890a7e3c0101cdb07044d515678a71feac50c2b148725abc095fd015cda6161d32c96ca4e2ad3ae6c4f16

Download Submit