4fbd1800e1e05dde745b5482a232d6d05a9c1c46153fbdc4c93344fd4e451b8b

Analysis

max time kernel
119s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18-08-2024 01:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d75f371a513f1a232faa80902a31d10N.exe
Size

87KB
MD5

6d75f371a513f1a232faa80902a31d10
SHA1

15d9685e0d18bf1486cbf4d512552d5d795d6bd9
SHA256

4fbd1800e1e05dde745b5482a232d6d05a9c1c46153fbdc4c93344fd4e451b8b
SHA512

40eb65a0f3729efaccf880390fa4ec6814847fb502dafba18e2215c6d222596a9821b08e5aadbeaf5b8b9c8c482ad7abafc4946fb8df64023e0f044995375589
SSDEEP

768:W7Blp9pARFbhxwWju7Blp9pARFbhxwWji6t:W7Z9pApxwV7Z9pApxw16t

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4825) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
2216	_desktop.ini.exe
3636	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	6d75f371a513f1a232faa80902a31d10N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	6d75f371a513f1a232faa80902a31d10N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationProvider.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\bin\keytool.exe.tmp	_desktop.ini.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ja.pak.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\TYPE.WAV.exe.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Memory.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemDrawing.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\openssl64.dlla.manifest.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\sqmapi.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClientSideProviders.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-pl.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.SystemEvents.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ko.pak.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.Json.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\zh-CN.pak.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.DriveInfo.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\w2k_lsa_auth.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Xaml.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\lcms.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Buffers.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE.HXS.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationProvider.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\bin\serialver.exe.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_company.png.exe.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-pl.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-100.png.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsBase.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Georgia.xml.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\lib\amd64\jvm.cfg.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack_eula.txt.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-180.png.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ko.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	_desktop.ini.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6d75f371a513f1a232faa80902a31d10N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_desktop.ini.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3500 wrote to memory of 2216	3500	6d75f371a513f1a232faa80902a31d10N.exe	84
PID 3500 wrote to memory of 2216	3500	6d75f371a513f1a232faa80902a31d10N.exe	84
PID 3500 wrote to memory of 2216	3500	6d75f371a513f1a232faa80902a31d10N.exe	84
PID 3500 wrote to memory of 3636	3500	6d75f371a513f1a232faa80902a31d10N.exe	85
PID 3500 wrote to memory of 3636	3500	6d75f371a513f1a232faa80902a31d10N.exe	85
PID 3500 wrote to memory of 3636	3500	6d75f371a513f1a232faa80902a31d10N.exe	85

C:\Users\Admin\AppData\Local\Temp\6d75f371a513f1a232faa80902a31d10N.exe
"C:\Users\Admin\AppData\Local\Temp\6d75f371a513f1a232faa80902a31d10N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3500
- C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
  "_desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2216
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2718105630-359604950-2820636825-1000\desktop.ini.exe.tmp

Filesize
87KB

MD5
5638fe72e0ce6902cb71760e40890750

SHA1
91e1dd92753b968279821f4234c67ad43b0e1bed

SHA256
369e498dd9cf6ca7a0ed593d955af666f40016b216d240e36de9b58cc2baef88

SHA512
9cc5193759e646cf650300f1bced71e6452fe658e4e380dacaa732e4a320e332a01bb20d100e441c0619b14777daa12c21cba2df8076558debc176bba2172daf

Download Submit
C:\$Recycle.Bin\S-1-5-21-2718105630-359604950-2820636825-1000\desktop.ini.tmp

Filesize
45KB

MD5
666f6887e32331786d3d666dce9dbabf

SHA1
9106e80e6bf1bc82c7d755eb36a3019b6777e863

SHA256
ff84ca3aed263f54eb5aee1b77adacc77e3c59b365250d08a3d88d5d392fb436

SHA512
4f710eb26ac468247880c3482bde3755193284f256f98adcd0069efe00703bede164c677bb5134d8edc9fc7ec0d34662eb99ca5a1b959609133b0523a5106cbc

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
157KB

MD5
3a3e76d496332f2a03a6f99e6bfe432c

SHA1
fd4e02a854ed51ae531c67a1a357d62d0764c0c4

SHA256
f9a687a3b8280af405470f0f81ca34f1b08653e9f0aa668f19dbf22d6fdae9bc

SHA512
7b916c02d781d70a3c479476003e5a661c820bfc7f390bb41c9e587a012be90549520623d8db8146a44fbad40353a3bc706c6d5ea3757ea0f67b4e41f938d6a5

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
144KB

MD5
3bd02adeb70b6f4b2901e42ce6e5a217

SHA1
514a254bda3bb033747bdae84f201877070e87fb

SHA256
fcb3f4168ea8b9682614e5994633a782b595058c99b45059ac100c768328a274

SHA512
8fdaa7d1b55944eae2b91c3459641f0ded5ccb466fde1f9f99e3688b1b986224e04ec91697328757194a8c962e3d60a831faa8d6fbe3fad05c9086f6d22e2ec4

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
952KB

MD5
8792f0b00cd2b269c45b3bb3f39f5ee4

SHA1
aa15b559b2e4aad364acbefa1f4ed6ecf851a727

SHA256
7938a08f5c64a3fb7f4188ee5e09a8601e20ada2342fd5af3fd7e5f41becb93b

SHA512
06086079cceb37454ac0757c58297c65999338e8e9a153c65eb2c14af41fc51b1ade53fd2197e30a9442d491e12913b3340c4cbbda9d2b8941e3b623bd73e11e

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
e1a56ac9d0c1b6c025d10449db8edba6

SHA1
fd8fc2164c2c13b71d169ba18c8eca3906b1777f

SHA256
23dfb82286796fc882792d7240a95f0ba7c5401b93dff8471928fc300f927662

SHA512
7f665f72117bb5c8738c465da3864638d22a64813ad32a27005bbb9624f4699a2f0379ad48039c10ec9072abe9d382a572a3d77e2afc5c9ae9e4615fe8aa7f85

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
586KB

MD5
67036300a1dbf385f315a468505be5ca

SHA1
77b66c19115e4b4e11f40d45d6d260d692f67f80

SHA256
fe92b311e0d28b46a3e9afcc8be43f8c41e795781ac61fb0dd10253fc9e33169

SHA512
193929286e9518b25d97a17c242e2819f45f0f4407974590ec41609c870e29276ccc4b634bdc098ddb7dba3f1afa03c4cb15e515acee4a2d085bd2a18734b6c9

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
975KB

MD5
b1cd908c75b2fd968bba89f5cfe5bf39

SHA1
0ba489f144db3875e8fd58ec522f7fb32d0c01ec

SHA256
8cc81cbad31d31a4ed8bea5412a9c62c443677e9d54e14dfe1c1a031eb717755

SHA512
7f8591bff69296bd8cd7b10cd83fb5fa134f72977d16afb1173c515d0f3baf993867ea3362119b0649f4e2f7bd3c44cf10d779009add0de6cb327e8fcb8a7653

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
729KB

MD5
abed9723226cfd629f321b4aef2aea45

SHA1
3a1137fa0ada9bc0bd2cad0caad15839857e2a49

SHA256
cf68b89b8ab7291f9a2f09aaa1e7478e8168131d7c021f66d3ca1c612ce23619

SHA512
84e87964fc9343867703650d810ce6274c2c342ea2b828ef0a60822925c728b0c1186f875397ad7ca947e557090809901e52a5ded34188f0b3673393b57fa47b

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
54KB

MD5
d3ef2e1782d61c74841a79d7cd870948

SHA1
4e5aec3147073960c92f2926c220cfa212e71c88

SHA256
4b4df57804dca03993502f81dad2ce9d262f310c99e21f4527b6c9df03697b8b

SHA512
0cf52df9814a693fd4f658c772b905f6b5e64ee166bc1175f8f68f50810d14623e1bebe9820dfd2f6e1f4dacd21afa6278843002ce1f1c019da58b2c1078d72d

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
49KB

MD5
517ca81ec0f82ab6479b8cba2c596dfa

SHA1
69023f911bae0d89d6b3ace66f2cca816df1e542

SHA256
046240b9319a946436f80a284fcfe28d50fe5b149740790c20722a498bd776d6

SHA512
dfbfdda496cb9ad5fe2613db332e392d3f32ed423581c23bdd5ee23753ad784694160b9bf8900f71c957b38013d58af0d6d3b5e21ad5ed708454d894fb14ab21

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
54KB

MD5
f6354094be16a2a2a83bdac56ed84589

SHA1
ea7535c8e6d9df23cbfab542d63e3cb9c606f849

SHA256
54839372bb4695e36a6dcc876e7bb01ef8cb09b2e8724712ac9ce6a100a47d02

SHA512
0529c39fc9ff3e0a4da2e9aaa43e3727f3b339b299f37699b8ea4c23ce7e01a24085c4718557544cd93ec7e63ddbd715e041555b77b5ceeade3468a76c351109

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
47KB

MD5
d83f1b5e86ef7465e2600652e6664df8

SHA1
a667340d788d15cf8b698417679245c110c93043

SHA256
a13a47ec4bab23e3a954af105dbb29fd1039d3b969a705407d1e49c9bb75c648

SHA512
03b4c6444158f6b8fe41c98319e7bdc5ee81291201b59d44e3f1f91888e66cd9d0bc633e1908241cfbc4e20a4e18442828905417da98576f6e48919a94d9c86c

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
56KB

MD5
ef2e114fca51d489fa63726fbb6a3be7

SHA1
ac43e2298a29c9c35affe670382351cf3538ab56

SHA256
8d8692cb9383b5d174c65913b269fac2bcf7230e2ebb7af0703e2714deecc1bc

SHA512
5ecfa330f56458283c2cea62cdc83e8ab305f7f404b3a59b3695f9f89bf7693034f792d1a32f16767e355979c4e8465e4ab2778ec0d35fb8199b8a4703bd154e

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
56KB

MD5
7a0870958a22185da16e665f460a7194

SHA1
ff4b5e3f75836476c5597c3fe81fb71d0c09db89

SHA256
d3c0d9bdb8b3b1250cdeb2afbc2522641e13f19a312f8649deffbc77b03f41b5

SHA512
d8e3fc917a5c26caae316918e974b187f5a15849ad9ab2dcfa9713f44cf226fb49ba67aa004ff72dafa634d8f69c17b74839ebfe2ebb186f93e9d88cd942194b

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
32KB

MD5
9d712e9d392bcf02a7fe14c285a78ca5

SHA1
d46427132820817a8a4755c4f0ef3ba80cd640bf

SHA256
13c3e3a811b4562ebe0510793460d4ef461e7cdaec100983f3198bde627e0772

SHA512
743208f60a3bcebd3c7274b8f28dbb3132973f23e58b57d27d08ab522ab21c4914d8e139c5560ebf60c038214698d9d456be396f62f8bf54bc5b76ca38d15843

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
59KB

MD5
6a28645d18523b736bc03a7c9feb8e19

SHA1
85f8884067e7625ce49c70d9177b5181447fd15b

SHA256
2336e1fe98b26997a99e2cfb6584645a06951eaf6ce6ba75a8df864069240cfb

SHA512
96e1922559f606231743a09fa71eb2fa96cd7352138e4a07ae2ff9f82fc4b8d97e75dd205e44430f00ac838f23472ab29d9a95341fd68a15393a6eed7d479f18

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
50KB

MD5
052af0bacfb60031abc3090bea5a00c3

SHA1
7afef617c5e5ed77527ad30562ce909feb3e83e4

SHA256
a6f200a08cba27edb05c99c2706c52f7bc6695cae59ae30e9aaa6e387ea2b4f1

SHA512
230c733103362577f382cea3b8c09b9cbba18f3ff804e72c85d20d4c47bc1e371deebecb51f36169e30592e8fa83b38fa6ec99ddd704fbfc4e183f03064a3a7a

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
51KB

MD5
4168cfaccf4d64171b762dca2e79b935

SHA1
c799b1e149e020ebe2d80fb399b33409d1681c7b

SHA256
eaa1d56f47ae680d9fe04f80d713737a5c497de5d41ff45055b1515d18f988d8

SHA512
609dbf7eb033af8e968253fd70e17567754394a3c58d14f57b36970740b63571a2120ee0530352593dcf60907e6e44e1e14d5a49d632c76685e80cc4fd398177

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
53KB

MD5
12010f1d1f98dbd840cd934e28f90a3f

SHA1
8034a83c4cf96bbdb4d7d55d457ffd09dbedea32

SHA256
f4935e85534ed6347faad1c203e881983f32f77853c5b2c9e1c272ab810a32eb

SHA512
7dbaec185b6a06609d9986a1a8babdfcab56525308f0d4f80b98fa93209718efc9647b7cb90a08001d3bda5d236754679dd94f827ce283eb2152bed5c9de4d12

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
53KB

MD5
999aca53f56abfba6872cef0256d1cff

SHA1
2ce250c48fb8f4e53f9993afc078da0f77f1b3a3

SHA256
9807b8eb93a4956e8d9487d0b94795aec388dbbbff8eb81ae9b5679352e26ec8

SHA512
12b2843356ea58f58b91964c8f5e9e77965b01c40cbdada56dffdf5dde5afebc433d763ed6f056ea5ca94c6c1f9e91e5a819ab6feff5ee8eb66a5352b913f65c

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
50KB

MD5
cf237727603a67c7c97a62ba28eeff85

SHA1
44fcdc82a6ed86f4596ec902080d78072fdc5282

SHA256
2b4b75d97f503114d76815cf3acbc699b0aa5383a93894d18eee98bb3fd800d1

SHA512
47d437db8ba8ae92f27a8870cea4e331a1fa419e2acb1d5b1be3036a44caf87b0573d2185464f89351040b524f7ac7fd50be6223264f42ec28ac2aa79fd01de2

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
50KB

MD5
508c48c351ab5d88db3724209f6a4346

SHA1
4c78f4d90dfdc18cf047a448b29d5dba0107f3fc

SHA256
c5d06f738e98589c01d8deefa3e1f4009b93ecfc19f7d0fb28f076ff436132b6

SHA512
17e5562d467edd98b7d9508fc54a61980ad590f5022ea37571e52e4583e5dd715ef0b8604c6f8a42e1ccb532ff0f5eab019a19edfdc79ffe3400e4fdf384164b

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
51KB

MD5
d7fe54bc23f6ddc75f172988df87f23e

SHA1
ac836da85df5c7ed11e03a17cd5b4a578ea0f584

SHA256
b52aabeeea6aef5fc5e0206fe9a7a645b3c5893c49421327d9ec095447d6e437

SHA512
f82efd8e5967744de66296f1fcd297404878f4fca66fe97e41c85c5d5d1cd00715900ff10d2b9b0343b1664eaa10321e6f940a34eb500ca14ed013a5dbb8b606

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
52KB

MD5
176052a03987117ecdcf8fe2b6c7577c

SHA1
9434d5ac8d3a5beab28092df2d903e10e3254b72

SHA256
db2dddadd7913be4dbff0b645719c895da4b9345a302424e234b57899cd8b65c

SHA512
ec90b61e6d31d0e47455ee7f1cbdb33ee6981887a938f4fd39f769e5313e0bfb29b1ebb1c710743866e92b80736e3fd677305da32b69f01ffa670501b0adc97c

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
42KB

MD5
5bea7ae36d062cc7462a9059c84b8d4e

SHA1
9e5d0c338886ee9ca12637551d63f8a0c777cfc4

SHA256
7b87bc7ec0efcf2babebfe4156fe530aa3621e68e5b82ed9eb449c8bc8863825

SHA512
103b5cc3f286617dd438f6242ae8cfe3c65a1574d57819bcfb90c8375b22c735e441cc79fc18f68f8ee44c8e102f7877b27972859c89c071025d84e23e9f4768

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
54KB

MD5
a0bf7aac31a5324f6c1d1d6d4d76134c

SHA1
48181a0b2f44db69db89b6d5c8ff515db4e3bfac

SHA256
49de1b589b3c102af81063caa1c1990f1232f5652d6934f0f60cce2ff875ea41

SHA512
cfbb16bf19415ec4f2bcd4312c69195940e0d171d815e4ed41ad22445c80e7babcce5077f4f4047ceb6a8602eef0b6343f504010277186696aa03061fb1775e8

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
52KB

MD5
b992bfaa92fda0354451856f755df9db

SHA1
5d9ed8b564481252e879e0220dbfd79eca0a2ad7

SHA256
e2779a00d30f78d6d936c1e1f3d478512f9f406e43737e9497f9f5e261f6e14c

SHA512
6f5e4d8dc68ac6e3908ecea319249cfd231027d4469ae47f0c0e097dd59f21ae25746c084a43bf395b12e58bbb1baa698f5191365b03c5b7385089c6e0fca4ac

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
58KB

MD5
e0bba4e71ab9b03fb5bd348577bd8f5b

SHA1
4a85f44a28535b28e584fb15f62b30edfe5990d3

SHA256
da016f54d5186eb7f18f824aed63e04cf3ac555c925fb177f203a08b9723f0fc

SHA512
f79db716618caa0c491cc7a25a527e52776fe0f83d406ce114e1fd809ab2b40e991d664f33458e2109341e49644cfe83a37f5439c3757bdd9ea994956e6626bb

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
51KB

MD5
e049197ef9fa12a991850dd9e5b87256

SHA1
2b9f5ee41afda3a2ebcdfa28ac626f0ddafe687b

SHA256
c303a4f35871e9a3b418f9b2a41948facf0ef28c4831418c780a4dcd49862007

SHA512
b770ddbcbfbb589f73c1cd71ea7a7d82abdf49cc4abbe720b22844e0041972f618528318985b28cac121c1ceab8eff15a8af15e0100b66d22fe8d76f9a946e5b

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
52KB

MD5
269f7ebc8f113e4986a0729453508f2f

SHA1
1876811e1b4a1f580230941ef7ce31673e59401f

SHA256
3ba320030f56f5c47b8390a92535cab08a9fb20195a549b68593e58fd797d2cd

SHA512
eb0804a93b98032db091aa416279da8b209271fa02631b1b16ed09739c51d56d93c3b2bc6b61b63e045abc03b9de37aa1916d94beaf7ca9e3b067bac5711670e

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
52KB

MD5
68faf7698b5480f99ab654d7cd9097f4

SHA1
acfc3c386c5290fdca2b74fc5d2b11fd34e30e15

SHA256
7ed526c9501f80a63ccebc5d005d8c09c056a37f7e40a6820047a97ba038bf95

SHA512
5f3d7295e82885b3b84a1568c4c983b26597752750e2e162cf009e23c9a5770f63873b6bf24c63a09188611c492f807df1f27428496d85f1c17352619622a863

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
36KB

MD5
4f58c6f175059e49d195b76f979eb983

SHA1
b315ce98e87618d66df547057e14e4abb7821c4f

SHA256
f555b3dadf573818afcb728e40e5f9c77b7a119c2f755b480b3456ffd8c6463f

SHA512
4d15e1deb58b42d3fd1fdc7a63b4ca33052f097df80510b3bd514a40c8fe0091bb5c167c2dc903f8695cf6874a631ae3532223717ec9d5cb799191d62247a82f

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
53KB

MD5
452e3ec6c1287613bb4938192e1d9a90

SHA1
08f757a66f658851e2f81e7cb4c6d55812fca34e

SHA256
5aafec3616f3dad38fb1ee402c523c6b6568da0c2db37d938cfbdebd3e899f37

SHA512
1744134132e47c7a5e5ca19a23eb9b5c548690d36dfe6898147d8e5396dc9fb53f314fc0a93eb22d069544b06378093cc3a98d904af4d636b25d133d2e52ccb5

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
44KB

MD5
8f81e1948d7c2535a82f1529c20225d4

SHA1
3899c704cd0eae989dfbfae5d2e75a39b7dcd9a3

SHA256
5979508128e0352e32233204dc01af69f2743114a71b2d6db20a567f3f7b2c0f

SHA512
87486e002d51ccd0fc6f37f4bdac07a2f4e1ad364998ca873d8f44818071b9c7441ffeec2e27ee810cf0094efc6a0d1062c29c18b854126d97dfa7974c74970e

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
54KB

MD5
2eae1f634416b87f4e4e8fd4b0b25aa4

SHA1
adeb32f726326ecf9b629c3621b9ee6e813ea713

SHA256
055be9b0a29dac9e551dce6bec598b329d777e01b5b0c2a27abb626e0166abc6

SHA512
97d8537a641b3bc15ccc5bcbef1d10696b835dacca7780408d3ee221dda043695cdde622bddbe45116d3f943258da99ea68949ef1e8011f1b7943e4e744d2f20

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
59KB

MD5
f5200625a871bc006cdf45b88ab9a555

SHA1
f1247f0dbe1b2a775388e3c1c609e955f6dfa5a5

SHA256
eb0f384f774c583580fa15627c7fab8f2494a78e8c18d8dcdc1569cede4858e4

SHA512
274719e8ba87b4e9d90f03c11a8986a1f0a9a1e708bde3aa5dd9ae3cd4c22fee79bf4f5ec881731f8e86897e2407a908faba6113ad22788c685ed1634e3ac7b1

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
62KB

MD5
1ebd651263b231aded679b2e87062f39

SHA1
6723b092191d8c16e47edf8c51aeb1fdccf7b9a7

SHA256
516ea03a7b1b9c2ef5706754a16d8527ddccbf3a8fb832dcb96ebe7eb93e86ea

SHA512
981b4debd0ac484063dce356cde151b39deee91f3247d0127168d96f402079fe89b1c5ee52a01cc298aa44430942e6d2e08491850c465f9867895fe2c27dd63b

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
53KB

MD5
a1f07bbdd3dc1add569c0ff2a08a9cff

SHA1
2aeacaba8f48de92f7a125988f4ac95f70e2c551

SHA256
88e607bcb54716aee6b44490a9d66ad496270447f49360f14ac7923f6a0ee9dc

SHA512
8ec4c4f3eb483b0bfdcff0be5bf9d696785fd5a9dedf53241ba1cca205fab4d9335034708c3f01bead59140b41fd972d2db831849c40e3a71160ec897494a094

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
55KB

MD5
11c386b4e86b042b2063b71a5e893bc6

SHA1
ee44f8e95985afa94b2b2e539b68d06555a2484c

SHA256
ef2f875bc9301a50ab4cc6f9507f68a3aacd0c1e80104181a5159dc9cbbe97ef

SHA512
167c03742eeb2c4a8499a05c672e46c1c1843fe08c1609a34c346eaf8e11d56b8613a79c82a59bf90b577864d91bf13d73c1a0a5f7d23d328d0dcb7ff5397a7a

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
58KB

MD5
23c65bdc46994e902694edca3c82f22c

SHA1
63c9450d2c732c4e1a29dce6fcb8eb93bf103f40

SHA256
298f43dc729b5b9f49c63e916e14b26a65d13f7cc494a35b82f81718f25c4019

SHA512
dd5dfa5f57dbbf01c64956626cc094e84ecd00b441c73b598e24e666c7e25d05fc6c6b57bdcbfa60b4be938f1b82a4cc5d152046ffcfa63f78d34354091744db

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
50KB

MD5
5b5064aacf76ec325f5f7360e594ec98

SHA1
cd3722577c0d15a3ffced0b71c09c180e6e9bcfd

SHA256
217fa19692b4bb6cb648f254c9eb512e930430d80475d7d7deb5923489f467a1

SHA512
5f32ee82b87beb2944a40daf23f687e2848ac48b88d0379d7ee5bb4ee20f6c2f41b9e0470e69ab3d8a4f8b5ba2305bec0aebd77c61dc427210c03e7462f4dcad

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
50KB

MD5
ecd9bc508283c95272897ee5eebca9c0

SHA1
be16b9b223d56fcc571ea946793bdf6878363034

SHA256
023d08ab47d782a7e655c29d5e34046f05106a7850a8380dd2b67e32250a9ecb

SHA512
27ade48a47197f721b5fdd313e716e2a82873154b37d9f7854b66ea73ea14a77d7234d3462c6883194cb6a1eff68f66328e86a1148b316ac8679b15443bcbc7a

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
51KB

MD5
e9a727507e25d19bd79c9d2080a6bc53

SHA1
f9c9f61f60fee2a9dde3b3b47f7a63671272670d

SHA256
d33320bd02d8664afab885107dc104763233e0e1bfcae052f4a9459d1b3c3c30

SHA512
7d0d1b919c9938d608ba63631f7fc8b12e8fa51e8c232e439fb074fb4a6f54b38bc27b52694fc891cb92f75ed9ecca874686b289a7f685a290cbab5346f71459

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
54KB

MD5
bf63df4d2f4dafd134ef54c2d4db15dc

SHA1
c1bccbd13941221d7e3da8fc97aa97f4d48e7a61

SHA256
d5983ed92c1306f3b3bd61fc4b0bf042a189cd24f808941ae2094e2714b104b9

SHA512
c03f1f98bdf7deba2d6c1c3e1de55dad5da123627d27dcc163f9198d538e319d89f70816a0a1e746bad90f4d8d43437d7fed7a7415d33db7939c92f2ded359e1

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
60KB

MD5
c837b3e8e45325b035cafb1f95217012

SHA1
fec6ab7df3507658490401ad196cc2c09e14c77b

SHA256
8ebf331ee5a82aee9a3869f7e96518c055b091752fd42eb5c59e27ac826e7ca9

SHA512
c5f9a4585e4cccdfad0e53b47ef2526c2558ec469c341e2bff0ae47d0739b9c42df576456637f1179c8fc5d655e977ed4712d49aa8340175eac310e3449dcb6c

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
50KB

MD5
3aa50b8ea271bf81750e0b3da20c63bc

SHA1
374cd175b76163f27b948e9170acf6d49aec6a91

SHA256
366a16eb60badc4781f2fe9e618d3b28a37457b95153f340ef434ba1e7d7b6a4

SHA512
6747233e0bb0187eaec8f4eb67b822500989af431d2f854168a1a8e30e89be9260b4157b5cfd54c6ffed607717eb1955e8708def45b1c021638d1dbe53f1a306

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
55KB

MD5
a25e9f8c63094c2d8eac9882440a296a

SHA1
334db5155fed9711a543bbd5df0b19da6dece22d

SHA256
5a45e043ab7bcc2888b9942856d54c9b171ed5ac72fb0a4af564f29493d39b03

SHA512
4f8298f67e57f1bf21b711ddf022d685a637fa86020e828af220726bb717ac4898ff82b6be419173704b9bc39da1cc7f51a0079e96e115e37f54f42286e33103

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
55KB

MD5
2b7d60a5624e2738c3c8507a44b8a75e

SHA1
272c8210ef34f0b88adf5ba5dcc58f77e072df4a

SHA256
166c18313fcb8c01540d0ff18b9cfd7e25ccf78d5c96db4130438557ee33381c

SHA512
72b280887e9b3878e85b5e1671574ca763de3269adf356d35ad164a8d37403229254a7fae298c112f92d7b16f5f1619ded8d15e8e1c2bbe7b891dc1e4a27499c

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
57KB

MD5
820ba44b1c97e6842e7e024fd3246d60

SHA1
33ec84424a278de22ff97db50f861437b14403a4

SHA256
2a32fd94bdd25a210f6ea73b287b97eba6c9bf1cd2e8c497e6787af4e450a92c

SHA512
6f552c8446f4a55922535246e59f2dbdf017fdc05e7b6afd628465ea6d9d4fd5e27ef0c7f7f04fe2f7fe8f4b5dc9a365316ff1786eb0c2c4552521f4019fc8fd

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
50KB

MD5
16a14fb406b957a3738fcc5dbbe06753

SHA1
d3ec5e0783d1020054c9c974740327527017cc22

SHA256
9b810078c0d36b567c78538ca329f15299b51fd142fa32ed5a53a982e37ea522

SHA512
fb83fe64f06862972bc847c42aa61fa0343d55a5f536c0c33808c34dcc73fc3c2dfd520e872f6ac5cce6d49bc68ccfd0adb086ae566406e4c9277ffbdcce9362

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
57KB

MD5
5a7496a6fbfbb5e87ddd5f97a223b6bf

SHA1
b29f77c638ea9a7e1a29bdb2a4640a47047e8dd7

SHA256
15d6e2c141576aa07d1dfbd36704c7b5dd2692ffc534eb22550ea9db0dca3bc0

SHA512
dbd6143bde4a34f616eec51056ce27a4a7c13498f0d4653d642a4b47c875bf651ae70af12407706328409182216206fc5cf5695e64d24207a50639058f2e2929

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
54KB

MD5
631f42141615823a3de01e47936d9bab

SHA1
d09c300466b72cf632240d197ee7a78589e82175

SHA256
b75e2c8fa74ad616d8fd7b7efade2a510bd8433476bfb47d5b0eb737b7fe2bf0

SHA512
c7e7ba6b6c5d9d3144d159ab2ecfe6eb505a9ec086e8f926e4c78623dd09fce66ae85151550f7db191073df22bfced8e481053667796c5c08acbc34e592cc9de

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
47KB

MD5
8cc4d0402a318917254eb615b721defd

SHA1
2bcf8050d6ce374797d86f2b88d494ccaa9843ab

SHA256
5e8c29ee0574fdefd6c22d2df3aaa52c18931d3b8c957c6fe3cec1e63a3ce017

SHA512
8dca7d231639b8021bc3302b80dfffe8a4e53029d6f4c730d4424f7a3874ff749f5b205e2f461e71c763760fd98f58d49f579bbbe5cb1de43c1d27fafbcc84b7

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
47KB

MD5
c3dc8c395c05bea90bcbf484f742287c

SHA1
6a64274c6bdc820578006da5d27cac85759c76c6

SHA256
fb785ebfb448cba621f0bd5c7aa93752842f2ccd29844237928d7694d6d81b31

SHA512
07dc6151f7e9e86b450c45d583dc1472a3f96b37dc652c5b9c1bce485aa287ab307faf2a92a7bf818a8443dcf6693d06fbad799a9cf9d1b6b9ee7ca7ec14844a

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
48KB

MD5
681f30ff5b6cbb95d154d0e236ed2716

SHA1
404bde6d5c5dc7cbb7dd2609d2c51d2ba082e7a0

SHA256
13f1e863af1c055d76c7dcbeaba54b956052fccafca3158d19a1dc2eb42f5f89

SHA512
a12238d5f871763348763274cc0d4d72aa4693eb0193e71ea2eeb40904d6407ab03985695d454f03d1d92284336e608ac92eabde5a3ac7a36596106ce10612e2

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
51KB

MD5
78ab7ca2b924c8d7627392d662e1d3ad

SHA1
6c39469d5020a3ba2fe585225fbd31a3f3aca8e0

SHA256
22d2a8aa77bf50e7cd5b8ebfb9bb46625aacc3895f91fa29e3d65a97ca03e3f8

SHA512
28dbc0a25df1007735e505c7c41a44ac95a338d17c28b4886ce6a3d9640511f199633085517e5d3614834cb0311ad2f551efedcaeef48973a62288be2e0c8ba4

Download Submit
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.dll.tmp

Filesize
59KB

MD5
8c3193a03c69150320112ea0404bba0c

SHA1
adeece550f8eba424380af1711155aa3e0843e74

SHA256
2e47b907b0af28b1acae6cb8a8f577d41a79d7ab8b2b3494ceed1c92f46ff5dc

SHA512
097c8351da0501a172d7dc2570306a6043a95a3f6f4e08b2b9b868e70c6d341ea36d1893cc8c9e68c71bd4e41c482907925717cc6e98288044748ac7ce25a21c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

Filesize
45KB

MD5
36be8f7b91cb4bf96e43031f7f61854a

SHA1
f37b1cc327f9f0187040d123b870ad95a3bda569

SHA256
1b0983ac807363bd786c3f7e3be63557ebf2517e7844251d4ec3e10f24290354

SHA512
ae5968736ceaa2940aedba44580ff1d2a72addf56b50055f60c8300c65c0663dc04077b3799e34a1ad0d0fe1341cf5e00ac7f2eaf18f93db6094f1bfed044bbf

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
42KB

MD5
2bc63277f3ae4c96e995dea374a2e9da

SHA1
966de0fe77b1ed01f34d81f6fcac2ef7c495e753

SHA256
34f9ff41e311465ed1552cdb0b8a2892504b35a4912efa5b329d2f80583d8ddb

SHA512
916c07a4754d3e572bf5fa1e55d75a2251d8c00327e275e44d886e9e153491a2c76f3bab387cd8cf211c27c8b3c8b02d9d2904ec1c000954d557c5feda2dba4b

Download Submit