39540517463d0676455d1d01a60d9addaf28ac139e57e5628b0bf120492a30eb

Analysis

max time kernel
120s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18/08/2024, 16:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1d8db9f8d3852e7ab5f38857d2c1af10N.exe
Size

97KB
MD5

1d8db9f8d3852e7ab5f38857d2c1af10
SHA1

1fdcf0ed861ebe7f94519b16979944513fc8c56f
SHA256

39540517463d0676455d1d01a60d9addaf28ac139e57e5628b0bf120492a30eb
SHA512

3bd1eb4769c2c6a380d607ff7cc756811b46020fcaba1c25a1457fce3c0bd7e43896eb8a54bcb7d4b816be20ebfcbb17c5892af6946b6f6565326db6b89ccbc7
SSDEEP

1536:W7ZhA7pApw03vR03vwnl7ZhA7pApw03vR03vwnM:6e7WpwYRYwnve7WpwYRYwnM

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4687) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
2780	Zombie.exe
3416	_Run Script (x86).lnk.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	1d8db9f8d3852e7ab5f38857d2c1af10N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	1d8db9f8d3852e7ab5f38857d2c1af10N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.Extensions.dll.tmp	_Run Script (x86).lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Contracts.dll.tmp	_Run Script (x86).lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp	_Run Script (x86).lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Xaml.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\nb.pak.tmp	_Run Script (x86).lnk.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\README.txt.tmp	_Run Script (x86).lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-phn.xrm-ms.tmp	_Run Script (x86).lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AugLoop\third-party-notices.txt.tmp	_Run Script (x86).lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\concrt140.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-phn.xrm-ms.tmp	_Run Script (x86).lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ul-oob.xrm-ms.tmp	_Run Script (x86).lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-process-l1-1-0.dll.tmp	_Run Script (x86).lnk.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationUI.resources.dll.tmp	_Run Script (x86).lnk.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RInt.16.msi.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-pl.xrm-ms.tmp	_Run Script (x86).lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.DLL.tmp	_Run Script (x86).lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Metadata.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140.dll.tmp	_Run Script (x86).lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ppd.xrm-ms.tmp	_Run Script (x86).lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Input.Manipulations.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationTypes.dll.tmp	_Run Script (x86).lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TraceSource.dll.tmp	_Run Script (x86).lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRINTL32.DLL.tmp	_Run Script (x86).lnk.exe
File created	C:\Program Files\dotnet\ThirdPartyNotices.txt.tmp	_Run Script (x86).lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\TellMeOneNote.nrr.tmp	_Run Script (x86).lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-processthreads-l1-1-1.dll.tmp	_Run Script (x86).lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOARIA.DLL.tmp	_Run Script (x86).lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.DiaSymReader.Native.amd64.dll.tmp	_Run Script (x86).lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp	_Run Script (x86).lnk.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\libpng.md.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\jdwp.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt.tmp	_Run Script (x86).lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.ZipFile.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Controls.Ribbon.resources.dll.tmp	_Run Script (x86).lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemDrawing.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt.tmp	_Run Script (x86).lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationTypes.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PenImc_cor3.dll.tmp	_Run Script (x86).lnk.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-string-l1-1-0.dll.tmp	_Run Script (x86).lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.config.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\CHART.DLL.tmp	_Run Script (x86).lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\dynalink.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	_Run Script (x86).lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Design.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Xaml.resources.dll.tmp	_Run Script (x86).lnk.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\msvcp140.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONGuide.onepkg.tmp	_Run Script (x86).lnk.exe
File created	C:\Program Files\Java\jre-1.8\bin\policytool.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe.tmp	_Run Script (x86).lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Green.xml.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1d8db9f8d3852e7ab5f38857d2c1af10N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_Run Script (x86).lnk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1160 wrote to memory of 2780	1160	1d8db9f8d3852e7ab5f38857d2c1af10N.exe	86
PID 1160 wrote to memory of 2780	1160	1d8db9f8d3852e7ab5f38857d2c1af10N.exe	86
PID 1160 wrote to memory of 2780	1160	1d8db9f8d3852e7ab5f38857d2c1af10N.exe	86
PID 1160 wrote to memory of 3416	1160	1d8db9f8d3852e7ab5f38857d2c1af10N.exe	87
PID 1160 wrote to memory of 3416	1160	1d8db9f8d3852e7ab5f38857d2c1af10N.exe	87
PID 1160 wrote to memory of 3416	1160	1d8db9f8d3852e7ab5f38857d2c1af10N.exe	87

C:\Users\Admin\AppData\Local\Temp\1d8db9f8d3852e7ab5f38857d2c1af10N.exe
"C:\Users\Admin\AppData\Local\Temp\1d8db9f8d3852e7ab5f38857d2c1af10N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1160
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2780
- C:\Users\Admin\AppData\Local\Temp\_Run Script (x86).lnk.exe
  "_Run Script (x86).lnk.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2718105630-359604950-2820636825-1000\desktop.ini.tmp

Filesize
50KB

MD5
66b2d5abdcf2d0a2be05e6cb56de4e46

SHA1
b461f7230c7da074c55e37c9baeb312ef8e9a3c0

SHA256
2f7d9f545c356763cf808866179e0010e6c4a963698c7e846777a7cdbd4976c6

SHA512
64c5a67fec27a863ced8216bad613fd1ad0176e735a05f57a5f6bb9f6ac387527aed5f951256402acdab4d8611b9416a882197fde5ebf1a307e0ff230d8d81c5

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
162KB

MD5
7fd9f30e5e0a3dc94b24af480d459329

SHA1
1449dc96d660b0e107d7d3b9a00247e186854580

SHA256
0ebf2f99b4294dee3da99e08fbc33078ac0ae3e7163c1d1ad11f9a9d761a1247

SHA512
9f96dae2e168d4560723dffb6b380fd75aaef35f2effcbbea15a3f702b89cd589a00f193bbc9a54bc657c7e10c58581f07ccd5f99d7b0bac44b42ae0030c9dc5

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
148KB

MD5
6acda3f51fcb21f033c5dbf86743b018

SHA1
8fa7b4871c03dd100ef99aebc9b2dd72ecaa795e

SHA256
ad7b07c57d4c6204e3f1acaf211b4b86fcf12b6006fd3723d8679c12c82d3320

SHA512
e5347c84553429359d9e359f8200bee537a7ae7bfaf7ce02c54c7e6c63b212099cbbff9387c721b57894b76a210307512b271b4bbf562ad2c546a93f6f52af1f

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
360KB

MD5
3321151efe4fa09609520326753eeabd

SHA1
81a1c4dff23b054f22ce9911d984c6bff5d4f13f

SHA256
9cf4f3fdc64f99ada7a038e4ab0f0125419aae274a9508381bbf72989c5c2928

SHA512
f1240945d85db77bcb4aa0993bb68ab9330cb2214dd15c518592adf551e4e3c0c8e05e2b2482a7140bc1ba92ecd41e496b20502abe7d02bd863d1df300c71667

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
593KB

MD5
34c448bd89c3114ce09b3fc7ca393e65

SHA1
c9f0c9d790e2689ba7f7425b0ed04d39b2312853

SHA256
af96539d2df2fefccdcab8305e0bc3ac4103b2beaa268e8e44a7f1f31c18d551

SHA512
fc33d3d0cc75960fb1fbe6d07d81d1ae81e3f860f9e41cd661c431335ec2b3deb945dcb33552579ba7c4780da02d90a6966dce3a40d60d803e85ed2343dad343

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
259KB

MD5
65f9e46851fb6acbd03992aeb72afb28

SHA1
b25f0bb7088bf7557465ccd5dc00162beeba6b16

SHA256
49b9b63e31d25aede15b97cf36d96f504498988df70f0deb8c98290ffdc78048

SHA512
f41caff09b991ecaceebfd838d852802f51069639e3e3a3b6a03d2dcae45b20b3160de19e6efdc0f22a55d25e37a484a5a04b718f8f80bb2ac71200cf69ae2fd

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
238KB

MD5
882c3346be2ec4936a19d23b4350c7ec

SHA1
61ba6eafc1067936c77bcbed3c8514cfdbca1a53

SHA256
ed1b7b4e41314497a86c14bb555ec460dca0e5b648bc7ab5c03bddc36951d90f

SHA512
30d68f3c3342c339920cbbd62a31727c8d2a9c639539f478bdaf887df53e5060bae17ee078b4b74d27d348c86df66e600365c30ba9717b2275dbbc7cf03672ee

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
733KB

MD5
db81da68b613d5b7b3d97c011647242f

SHA1
9f679ead48ee10aef74def686230f08956faa8b6

SHA256
da60cedb1dc0c6215a181a3dcdb9976889c98f4bd40ce080b281d57a72d07782

SHA512
ba9b43ba8d2ab73c5fab31ddd14a3aa547e86a049782a6f9e5b14ff4927a9bb6a6de83a81e66fbee8786642058c435173453214a79ae30b02fd6b974a8b9bd01

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
59KB

MD5
da8e425d72936a744764035ea435d6c2

SHA1
6915ae8e40620ca2c6b2c0862be0b4230e675161

SHA256
1bbd5a32233f32068085ab48cede2928c88a6e6bd51419991dc8e49d24e22e33

SHA512
501f6431cfb70eb2d30f31d1bd8ce03287a65237be10719cb0e35fc65e15defd7c452d0141c0662436879dcf84df0c6851921381e45332878810920032cf43fb

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
57KB

MD5
23a9a2ea32e626df7398b2c03813ef7c

SHA1
97d16d527f8e8fcdb5c4189b7c8dd775ab746978

SHA256
2c8ff831f42f7eee1cdcee5bbe31311817b35315fa222f08d791ea11a1af2016

SHA512
7b8725090881e486548f76e3190f9679fbfdee24810765bd6288752639499843710dacc227abfe9cf80edf575f99b3d43719370dc08597a91adab6bcdfa1c36f

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
62KB

MD5
0e2a235837b9fea2e64527144b6681d7

SHA1
c16ffbdddde05754b76d8c09b7d1402edc240b80

SHA256
5a725b38f20c6197aa0de2613a583cd5b44c9a059714530719290d607b8e8e59

SHA512
5b5b6aca4008a4c5c2fffd2dbd7ef4dfbe9d3727ea766f569c24e95d3eba8e4c0aa0182b54f55642c3d2a73323e5290adc8d8bc56ed31beb0320ccfd2d9bbc71

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
54KB

MD5
9a3631b3a8a64a75d143e8536198d090

SHA1
8de144efbc6d6ba634c85a3a186c3e8b62d1d700

SHA256
f33ac21590c66b50d1b287e3196997e25f7ddbb24a4cc792b8701300c5696cd4

SHA512
9e221e63100394cb23aa64b2bce2c92aab780096691592ba7a64b22d39cef80a547282cfe7088976d65cddf467334577e5a9a383444862c6dabf0b3e8f533a5e

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
58KB

MD5
42b1beedc19c63c7b289d4810c6498c0

SHA1
a7e6591fcee41064057aa636f46ff54edebf289f

SHA256
a54e59faeb378d5adcfe9007b4e99edc8263fe5a31a27adfa5c28e7593a96671

SHA512
a394d2736085fa44c2b9605d3fad6a3d0cbb65af9c31d66e5a6aa1246b06a10dae1c83fcbab7e26ed90e986de467d152105d6f682cff36b19f40713b0e3d7994

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
59KB

MD5
9334fff2f96ee793e57992dfe0ae4513

SHA1
26d621f324edb71053b937b3374bc3c7c23c1b0f

SHA256
526e116721890b60e52fcf2a38ccd192ee935999fdb70e9ca9814fcfeb0f89a0

SHA512
b652f7f5149cb5a11f161b823bee86296c8de2ebd420376dc09ee0cfef72a50383dd8baeb6bf04c2c1248f841e95d49da908116226a3a403c0b7c15c4050f93f

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
60KB

MD5
755d681971b271d6f378ded5c61b3b80

SHA1
d3194827fea167f6de2d9e82e6e62598fcd68655

SHA256
c8038dcbb74f15cb3ccdf44635a636651423b01716a431b255549eef4ab6e9a7

SHA512
9578e831b06ba6e302a1b7ae42b7dc797e5e5d4e37948cb89a45a70d870b64a277b5867899e05c11c732b3f120a0c983d7b134181bb2cca9415f38c7298bdde3

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
54KB

MD5
ae397363936caef6ce757b8ef817bb9f

SHA1
518ec528feee8be0423bf534f4a566f22a885bee

SHA256
25217e66d2818e0e5811bbf00da77bf03b61e96cd01131f7567a8ff64df81ca1

SHA512
2ea249310b6da5e0c5459b23564df6b0bd9a7250164144040df223a085caf6db209793da7fa5b4cf83af9b2079407229adb69a77f3add1d55e16b07e41b75367

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
56KB

MD5
7e5b34d31eff8062c2a50d014a8492fa

SHA1
09cd1232cf1eaf61a170194910259d55c9618e81

SHA256
798be8098c0761f603e3bb860e6525f851bea20edd06401e062be2cc866d8002

SHA512
36e7f08e1a41b4693bee2fa2ad1d0f4106d95f014af2b12204c9b0b87c2f7b3018559621c8f123b3ab5c03efd5f04e795c70bb1e4116ed9e1a06f6e27957d6ec

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
58KB

MD5
3b643b2e97f38f3ab0d9daa822ea5e8c

SHA1
13831549485b79e36e31147b37dbf36c5fbf99ed

SHA256
1bf93058c5105bbf84709b9bd9887c92b37438e8490c5ff3bdb5d16e166946d9

SHA512
c8fb2d50f4ce895a1e78dee09abba0ab397dc758c3fafd846a60ff6cf84958bb50703b8539ea15164f5e92bd7f32ac5cff5fadfd271be0352bfd2c9f042da5f7

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
55KB

MD5
32775e8316b035ae5c34017523cdd87a

SHA1
c95adcebeb3e33a8e66e281f1e29b40f86e2568c

SHA256
d9ede30d913a4966199e74572a6d8a754c2440e6b49fecc7643a095ed5678621

SHA512
e6c0c8c7cb86278c472a0141ce041e36f895fc36936c24c5013a1efbc0b7b337b79523624822f6d332d7620b7eba34d1a953b3c8c154f9e8550636c286d87af2

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
64KB

MD5
b55ad8679460cf72925b8a275c6f57a3

SHA1
c31b6e3d21aa6bfb0eee77b0809eabdf167fa6b5

SHA256
871ac308c1a81a158f767041754b10664011958c19ff0a9bf08bdfe08b031510

SHA512
f161b88db02666e4669a4c796e2949c5ca3c7d7e19b7b1808ed9182e860571f3279f7534c7a52ede56595520ef233fac8fb5036496d7d438528cc7afdebc74c6

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
4KB

MD5
e6cb65911f645b425dc2876d54bc36f4

SHA1
a6c3d54fbb02bbd9d7da74bed3559943923b2f66

SHA256
3cf7465ff7f10c9658cb4d6f81458ac23747ad191450b8b311f1d8f674d84a31

SHA512
35d1ced63aa8cd63cd2c3bdb470f7257689b3897da141cb0e208973f22f3b95564d0bde4a494900446abf0560cf96073095fc5e88521df3607f91a2d2069b299

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
57KB

MD5
45de4d34e86088e0700f6d13d881b3de

SHA1
2bddc3255291ad64129c40c02d97b15a3604cc2b

SHA256
e098692c3564d0c7cba1b8c614fd2ecc9f1729727e8d63c05c8ba7a90e0a51d1

SHA512
12019fc36eb0a34bb4208cbe188906a02f7b5de35d5899979b7380de43260d61c9d555dced23ef6dc57938f330a793904cabedb00514abc3e01652eb0b55260f

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
56KB

MD5
093151a51c8e6a27f950ddcd91570c9d

SHA1
75b544c7805d7f4d46e321ccd7e907377b1b4d06

SHA256
3a692393ebf1d551ebfa3b441eb291020ba599bde2d832d33202d05c2d6991cf

SHA512
fcd79ac082b138cfea983e40bfb319123bc89f8806e34170d8f886b990ce0117b3521522000f10a2fde3f40989f05df8165052b9afc45c86438c3aa7e398bdb4

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
58KB

MD5
d57e410b55341cbbdf418e1093603d9d

SHA1
c729da25d21a66111fc044b7945f2ee5963e1d30

SHA256
8deebca7a9c7d9c0cb932883ed5eb3e5e4fd15d4e65c29c5a2d7906170107d55

SHA512
5a64174e3062916e8b5f8868c38f15b03a0d86691e93953c73c702c05cfb996f5249246c7ffe5aa83a046d0f95b83909a685b8c9857bce3e575126639d912c36

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
55KB

MD5
ae263e6e97e4c39a70f5d593594817ff

SHA1
a2b86b8e6a2e20c50c9d523b067c04273821573e

SHA256
284010300b48c2dff8b4bf6fd4adec6bc8a166c6864d698284fd7b7aa24cd6cd

SHA512
68424648e827924e9a85bbf19b475b7ff62680651b10cd52437a2ebde08f38bfe2f25557d147c3d845a467e4fd8f6467a7e930e632aea29e1132211cf6a8bcf7

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
49KB

MD5
fdbfa863fcdbe15e00956b6d20249f2e

SHA1
df7f4c9aa8b9c243ba524df6b987a520f6ec3fed

SHA256
2b80b14353665cdfd697ced01ee727c062d7da3051ba9d9bf6b441ac3110b74c

SHA512
113d9c8674eefbd0c3179c20934af1dc342b88fa6db6734f9620df3517d5c0a3dcfd8e11b734f1d38ca9417182fcce8d1b1acc0b8b592f71fa9adf0b110c52b9

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
56KB

MD5
62088a11888602c6a46f76a7370e7f4d

SHA1
7354c48c5405fee2d7bb9499f001a346f3aafafb

SHA256
cdef88789588256be3dbf9518a7095a28f3365ba6c5de1fd5933d7115e453bbf

SHA512
408809784bec4f7dd62ffdec9203b3d4ffd57fd3cf700b8974c785107899f274612984d4ac1c787d637348ca6cdbf9f4734e80c80ef83ca6c442b81bc46a3c9d

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
57KB

MD5
9396fee952b35ce0dda10713167f601d

SHA1
5b9acbf9807635e50c33e8c3239eb60d94e0f483

SHA256
6f848abad2619a7a3637f94401417cb68387ba9e7a02687cde03a5274f4d3f09

SHA512
c1e118b6da149cd5cc0d99928e1ba8f9358628179bdbb5c79cd2987b873bcfb9daf2102b68f74c89d7f6af0511b00f3353ab9c7d197d1b887d2809ef6927847a

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
57KB

MD5
f7ba6d3e5d6c1b710de799375a17c5eb

SHA1
89299aa716055fc5aa85f067cfc6ca678c57c467

SHA256
b6c54b0f01a467b5b39cdc5ea1173362edfbaf19734600484007fa3dc0aabaf3

SHA512
112139b149f964e8c6ecd64ed7ccd7ee6806aadad4888ccf20125290fd74a54bc11e22a5e9bdf4340a54ea7b2cadc194311fcdd229984acc996b44f85ce211ed

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
56KB

MD5
c89d134532bc8909bcfe3ad06c68d1e5

SHA1
0d09e03f316c3fe9c8c898c5d2566b227f0456ac

SHA256
5709408a7c3e0de77c7f52a0a7644db4359fc34a9fc721d2be519a2dc73448f1

SHA512
9b7af93556a31f27b6bf8be57391048aeed9190733137f76a5395d9fd43ccf5371695d4aa9ded90b2e80b13d932faadeaa878bc48cfc69316885a7ab372394bc

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
57KB

MD5
154f16199564f77d4304f8cbefe882a1

SHA1
2f435bb321a5d49d7477e552542fe705d25bb179

SHA256
3a19fd95721637087fb507c23a5410e2022a0c08d2c47726b42af8468903bcf6

SHA512
ccfef1b672f2c92f0548c6458edd064d029a179654be0d793de828a2697f94ae41c2938b30ce6a76ad5a1e184ddc40a71ce3d2f5301686aaa57db086d48248fb

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
59KB

MD5
2e93157de7ac718a140459e960718c22

SHA1
162da59ce1d27066bf80f8590b77671d0c378f29

SHA256
5e9ea6fd43e985ee910845e66441b351a1a8eeeb8f403f110312ba6b7d6669f4

SHA512
c1958e8d0d04be31c1396a9c101474d1fb26676f35a8b3d34deb3abb76b1f3d94cef4c5d9731dd0b74ae5b36ebf3f7783b79fcaa360e5cf979df396184635fff

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
67KB

MD5
bed0b3e39bb2fcdf06e1df2c1a9e34e5

SHA1
356d82635d61e225988558afa0e1fc6f2cfca07d

SHA256
a5767c539eac308c434722e2a65ee5ea77fc887ace6871d117991a673cc89e92

SHA512
036fe008748db0dd07aa8a27404b0da0137d1e85db66bc631becef05b6df640b514379c5152faa5f55a102d29f206c713c606c7b97a87fd408c805c7f80bfea1

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
67KB

MD5
ebb2374fac8b6ce056c2f7333b0ed31c

SHA1
645df51b57bf495425d178779aafb1c8c3a0e922

SHA256
fbbd0504d492a0ef4273b098315b9bd4f2a7cbdaf1af7e9681f939915a87df04

SHA512
05888d2d20cae001b6e8cec9ade1bd563137592b6824f69f889c690936ff902dd650df51f9ed8a3f1c1cd37a582b4f8995fbb269a22157a47fe2dba0157ff68f

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
59KB

MD5
f732a1d22742015bf2bec21905812a4c

SHA1
d3596ed620745db7534e9617d44d0fe64309aa89

SHA256
2c05d651edcebd9bb0091df80c3ff642648091b8ca6ab0f1525a1df442e29774

SHA512
b7ecc7592f58a2b7076005e301d43b8de96b79e584fa028a801ad74a5e1ef19e4822df815350b515a114d9ca469da50b88962939ac3b3e4fde770fc47ce3a1eb

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
63KB

MD5
f4e45a0ef612d7f489a3578d842a4c01

SHA1
a369d9550187cc0a2b1e7eb808bcfbe90e3aea4e

SHA256
6115ab1b364e9c6f2def8936791d9f43955f5f550636e7f0e8c6602963a02e5e

SHA512
2854ee7f3ae693fc81442d4f9d542aafdda0509bf6c86c36101bc21043f1ad67622a04609ef12fdb0a0702dd4954aa698065445b9a9640fac9df776dfac3bfad

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
58KB

MD5
bbb82c4bda1e018014c13ed82790422c

SHA1
85a54b590a7b543c53df26d971fc8e9ccc3fef33

SHA256
8aa576fa65965ec0154a78568e76981a4358409b5757251b02f94052822c54a4

SHA512
cb2daf07785204ac0146b901b3998aaa005490161e7541d2956781895cae5867370c55d8b669217b33d1a3a9785e4311a5aacd980126ed840b87f807aef25a93

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
59KB

MD5
64778ce812e3672c45f75b9021526386

SHA1
6e03e04d7e0e9185cecd0bda6dd5cb7991df9bf9

SHA256
2f9dc2227223593bf12fc586ed119032e0037b19afbb0222223089193e5dcef8

SHA512
89430ddcc0d213a0eaacd12e4c21722b7e872ee2a569c923a849baa2ac8deb7e286fb5265bb7ab7e505200598b2ae3f5f9570cd3c3db97191f07f78b41ff5bd3

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
47KB

MD5
97380868acf2224448774713d2e4b4d4

SHA1
2dc6428bf4b2f8d7b913e766647ef6922a92aaf5

SHA256
02b1cb0311158e78be44e0d387ee6811f607c98ea883fd6ee978e328e1f1c2c9

SHA512
843fcf0104fba5b5345527bd9d8d329addf5527caf8e9c797fcfc71658c549089262cf872d39ffa8a31fa63e5d54abffda06030e7030b7aff6c2aada6d0cf63b

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
59KB

MD5
3fdff84a0035c40120b939b58af2de21

SHA1
d6f237780b72f2276d60721069b87aa767b63bd4

SHA256
6a8ca03f7dc9f6c508da2273063fc3ce4407b70f73405155a6a9954760eb472a

SHA512
1eb1745fa2d6f8207244fa947ae560f9b44078f95bd7d4fceafded7b75abe990d3c153bc1f5d2295bc141861ecabc54f2dee1514689f9795960b7e7c4165aeda

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
61KB

MD5
7a7fade575664e83da51122f26639125

SHA1
212677b37964aecd830286d8b7491f86cecc0c90

SHA256
337167e811f3c8ffd1fe49c5b99812fbdc8d9dc00a5b8d6fd6377fa2b69388ed

SHA512
46dee571bd4ba7dccb46f15e864a1d7d747e9e6c4a4ba5f9fe69efbe532cec9d8c7b236dd5a736875579f5fa02d123516187189ed4f44567d577eafbb8786af4

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
67KB

MD5
a1811569e41f7d52e5f4fc15e5a7970a

SHA1
f39b809e0f31b9f5748cd6c61373c7e614df1f9b

SHA256
ab7280dd5be42402da44e1adbfdaac6dceb6e008887da0156ece2fa447227d9d

SHA512
b9e9508d9075f62d653a94a81cc4317c845ab9e681baba6086fe4e3ee9744265a9b542429b9d9ba077fcee6d9deb450b557a7e5b7f5a1789513c637c209c7fcf

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
55KB

MD5
cc6a921caf9a4245489f7c165b9b7e1f

SHA1
6f6ef6c939566c1489b3eb4f521b7ff471626c5b

SHA256
fd36f65247e503727b9ba2659c374baf9384a43e9cfc5b8a9869a7c5b509a753

SHA512
e7275d4e7dec20b5d7cb039866b3d934ff8ba9835499e8d648a31c371f54610b4777ee15c5b70991b040c42bfb3688d5e6d6d0c618142a6eca1b1449d1887c42

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
58KB

MD5
007894b5d61c27fa2ac4e4da3e819b02

SHA1
b34aacc84f11e7a64ea6e26e949fa7858aff8459

SHA256
60cdcb06398c0a46da36d3be13261fb354b0a53d0e9e78a58ae9788117335632

SHA512
6cab930bcebffe3cfb66ec75e8a593b3458441e8a15a9998aa6d6a29516b8126fd21b196eb9e9336643f1916473bcd8dc0a945ee4e45c504d437d3773201c6c2

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
57KB

MD5
e0ef7745e9db6417a865ac17ca75bd95

SHA1
5dca8565e7ec5dc630a31df8d08de18b85bb75c5

SHA256
7eb02f65c019c53fdf96f856548a87f103fb780cc70d9074fad0bd111599fb71

SHA512
4e5f7b0bb31761ca9a2cb4f541f9612103d082018dbb074d00dfcd52de7dd597c4c1183c3120416bbde76720511bf339aba37d738a3bb01d133e591b5de7219d

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
61KB

MD5
89de6d3d6115cac41f9d3199ba021552

SHA1
646142a032b52b5472ce3613c01a3f5d3388e988

SHA256
b1c52426dd0391078d258a38c33f2660a194ec18796f910689d2ec30d1b47298

SHA512
643cd6caf96708f67d0e451a9d828522b8e981ccff4a41e70205a4f4c742538823a1cb1546e283eb4cf568e3c1c7443f4ef566722bda3936acd77ef18298c665

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
61KB

MD5
cd31ec43354b599fcc704b5d7c3f9eb2

SHA1
f20b423359d3adfc2a9da6d4c8ec095c74295d04

SHA256
a2578b112a2f4344ff6e7f810dc21f1349d4a93b16fd9b69409fc382a1eb8e21

SHA512
223b24ae88df26d20b7b41f35da86bcea93a3fcd42ddf0ebe3dfd26c3bce326ae7452373ef0998d8a55c8cc03e7636c7dd6070575c484824464c021f26e40314

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
55KB

MD5
7c4c73d70cf97225743fddd03e89f12c

SHA1
736c383265b15707c0d0ab33d8112635b43d2ed2

SHA256
5269d571834bade0b2f04d11208fc5ed8135d8b6b3b54065b8206ddcb84316c7

SHA512
b9978b8ebb109fa5ebbb0316eb3c5cb88c5f54832d934060efd6c565327fe2c48e992494b46ef9e8e5ade9e0bed01d82f8039fa936c5fe78c814cde075744599

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
61KB

MD5
d27ec512d068e94cf6b2af5ccd4dc0de

SHA1
d78c7619ea12edd7c3fe80c6d475cce12b665bbb

SHA256
8880ef03fbd8cfeb7f2548603b65c9b00ce30ef162b9cf4ad023f04dfa06b7d5

SHA512
e7e64341238904deeb6e6c8dc55fc850bee36e443df0e7c52d6f4365eed526edcb24b5200ddb76fe32831272b22248d28c2802d1fa5ce7c544aa12669cc0760d

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
55KB

MD5
527f60e49a557795c71b07b82247ff86

SHA1
6877fc13f4321be4bed825246896030513c0f939

SHA256
cbd7a67696e4200911599c74d5ccf0d6f599e9e0f4a7d7d0ac920083f1c34aff

SHA512
4d6789ffc1e887b60e5454f8879c3794af5b1878b80f1c6e7b398b711e274cac80a775ba9ad061fc1ee58ad7e771d475873d767c530c21ce2b32486644bcf54a

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
55KB

MD5
5734aa060c5f85a3f81668e49485a6d0

SHA1
4670ab64e4e1a7de8a6e1837d2f5c08fc2ddf9db

SHA256
e21fd98b55e300e1617b2adee2516ed9f57735579fe903435271d83fb3933e90

SHA512
22a9e5f8bc43f231e39051ae958296e879373fadce4ae9d765ae28f024c42d656f4a7aefb9a261d4325c39eeeab78459be2fef8f92bea66141e56fe86c3bd1a1

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
58KB

MD5
56be10290a3cefee011841aa74e9d3e1

SHA1
3a214ced982913d9b47c16367a2ea3a0724d1d5c

SHA256
b7e23bfd8352ae8cb2cba75d1cbbf44a46f9e0a201abfa47a79c78083537b7c2

SHA512
ed855b463781e046edf395a96970b99502fd6f846cbd7f3ee1fb63cbce5994b2b96759c65988f563b31b391ace35a6b99a2841924d0919dd9a61d93c5e41c252

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
55KB

MD5
6e1be521cb64c059ff04ee1eeeb136f0

SHA1
71dc3d08398982a45831d5837a4aed4b06959c7d

SHA256
d4a9cda17c3178e83ccd4aa5163520367bbe959fa74dd929e04cfe84b17cf7ab

SHA512
87189129755fbec953b1cd6c2519b572c67c05ebf011d1c96f8e92c278572a69d19bcdd8756914a8494277645ebe565689a87426adec5ad00e656534afb6744b

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
67KB

MD5
82a1f920e74ab2344018c012dcc6e01e

SHA1
71a46a3af6ed6f12f9a56ac6ca0adbc6ed181fe1

SHA256
5adb25570a5b978b840b413f9ecd6c30e71c51320c899236f48617e081ba2d72

SHA512
cf89e82a84fc12206ff369dd0b201c6d2ee82f158cb23090be1e7df7bb170db77caf7121d28f109ebd1b73a9a8189ab3f970e721c5b4dbce9c9b38bc83f09527

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
70KB

MD5
0aa33d1798e48f626624abaaf8f29262

SHA1
f0ab773d4092d2dd0e570be026f667875748a737

SHA256
878440511bc802ee8d302413008feb8f957cde5ac4625939ef432bcdc6085a27

SHA512
45b76c13c885a3dfac069ccbd3cc62bf715c48c50d8f5a7c016cc966107bbd8b73264e396113df9aec73ff924ecb5c13b61a83dcbb4e5cffb9c41e29c3be0b9d

Download Submit
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.dll.tmp

Filesize
63KB

MD5
67c858f40a849e2129dee10bba8e2ccd

SHA1
e4ba0a884ea2e27bb2d1b3dc9bef6bc3fb408edc

SHA256
8b20d886a5c2b894630667b0f0687bd8387156cf0235273e849f1faafaaac50f

SHA512
1bfca6513fddb34fb0f91cbabfae64d4538b89d96a439379eb1ef4050d0da8dd69251c1eb085d3117a381d69240fd0d72f20801796b24e4603c8bea6ec8f4de2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_Run Script (x86).lnk.exe

Filesize
49KB

MD5
57b80e9a6306a74d8f9bd5c8f1abd43c

SHA1
62b9b7b14c22c98bb3f0c5929a837e41ed16fac8

SHA256
d976e1c084eb6081183a38f2ec198c2aeae4fbd9de3f402e623663818d859d95

SHA512
c0375b214a82d67764f55a697424f56a795e79f25ac586cc702cfc9a585c1a439381b254ebda94210841b83242c8783e809dbdceda01979b8f610c8d10b97c22

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
47KB

MD5
60b53144e4d8cf85e0c307cfa21fd06e

SHA1
38587836c36aa480d7b4e651f083448c0b3272fe

SHA256
c5a4ce78b4b0b222abe4db9488b33a3fa6922d3f532e05065ac58f864c38b76b

SHA512
4bb35d2c4b6cb72a94b3a1852d6895c1521e77bfa3e189a52b93ebade20d40efd7cc295e52cb87fa75dfddde2c5914fc52d4333295ab8869cd88b28da92c8f52

Download Submit