3b0ec7d2de0f9143f286cd9b3aa5be437c399cf3bbb15de152e588f225084f73

Analysis

max time kernel
119s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2024, 22:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e4027ab2db197a947b1d92626ed407a0N.exe
Size

76KB
MD5

e4027ab2db197a947b1d92626ed407a0
SHA1

3af6f9316e7110a8529ff2968fffba64f2a139d6
SHA256

3b0ec7d2de0f9143f286cd9b3aa5be437c399cf3bbb15de152e588f225084f73
SHA512

9df943f928302032b934366b74c56b5fe52990abab745c822818b76d48702b1bd4f8d3dc06e55bbec24ffeb392e8b0b4b43a39de744397988e98e7cff0a3223b
SSDEEP

768:W7BlpppARFbhjbhT1F1i7BlpppARFbhjbhT1F11:W7ZppApBTfM7ZppApBTfD

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4651) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
2288	_desktop.ini.exe
2700	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	e4027ab2db197a947b1d92626ed407a0N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	e4027ab2db197a947b1d92626ed407a0N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.DataAnnotations.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationTypes.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\default_apps\external_extensions.json.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.cpl.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-180.png.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\lpklegal.txt.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Primitives.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsBase.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jdb.exe.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.CodePages.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsFormsIntegration.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ta.pak.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Mail.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2String.XSL.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlSerializer.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\javaws.jar.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ar.pak.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\TrebuchetMs.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome.exe.sig.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\ReachFramework.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\psfontj2d.properties.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Microsoft.Office.PolicyTips.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\123.0.6312.123.manifest.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\prism_common.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-private-l1-1-0.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ValueTuple.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOCR.DLL.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.AccessControl.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationCore.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationCore.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Expressions.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsBase.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Luna.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-80.png.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\tr\msipc.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\ReachFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libffi.md.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_pt_BR.properties.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul.xrm-ms.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e4027ab2db197a947b1d92626ed407a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_desktop.ini.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4212 wrote to memory of 2700	4212	e4027ab2db197a947b1d92626ed407a0N.exe	85
PID 4212 wrote to memory of 2700	4212	e4027ab2db197a947b1d92626ed407a0N.exe	85
PID 4212 wrote to memory of 2700	4212	e4027ab2db197a947b1d92626ed407a0N.exe	85
PID 4212 wrote to memory of 2288	4212	e4027ab2db197a947b1d92626ed407a0N.exe	84
PID 4212 wrote to memory of 2288	4212	e4027ab2db197a947b1d92626ed407a0N.exe	84
PID 4212 wrote to memory of 2288	4212	e4027ab2db197a947b1d92626ed407a0N.exe	84

C:\Users\Admin\AppData\Local\Temp\e4027ab2db197a947b1d92626ed407a0N.exe
"C:\Users\Admin\AppData\Local\Temp\e4027ab2db197a947b1d92626ed407a0N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4212
- C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
  "_desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2288
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-945322488-2060912225-3527527000-1000\desktop.ini.exe

Filesize
38KB

MD5
f2a1b8e18f6c856efa24659c213b87c9

SHA1
bae073efb0b7b99147a08af26182659ad28d5765

SHA256
bf977d70e45a0662905b57c774b0a8ec124f10d041c1a2cde9851e4e2b495979

SHA512
87138a00cae8d51cd73d9334332c8ff41e359cea0698cd0c68c9f3e8aaa3d42adfca491d1550dec16a902e51820d3cbae29570aa4a122a0934b1cdc1aaebc16d

Download Submit
C:\$Recycle.Bin\S-1-5-21-945322488-2060912225-3527527000-1000\desktop.ini.exe.tmp

Filesize
77KB

MD5
372fbfb81a7ae2f8911302b28d98fc24

SHA1
7fbac49aeb866321ac347bad738ea0fed674ce84

SHA256
f903850d6ef1573e23d3636410fa4857905205a4667894c7210afb2868116b67

SHA512
f38794586a48d3a986602f1e7bb21054f735ed27cd72f6921274ef9ae9a66892cc064ff05b48cb2ad96289e75826006baa27df39d2e1103f27b0027560d5d8a0

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
151KB

MD5
7a3fd9633d511d74181b9152b4b438bf

SHA1
a6b29e5462b142a0ca11aae0efbaf8d6eaf317c2

SHA256
927136b8d062b3a381058bf89fc643bfaabe43065d7f896ed9b53c5499ce6ecd

SHA512
f309e8890cac5f44d7918572fa1d60a5a8fc6395ff62f5884ef86063dbd1e2e23e99c4b89a4970493f181905c1792b1731548c1d9e72be49bbed2b61c76ef479

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
137KB

MD5
58eb7d89b081ea55f32cb18691c0f683

SHA1
8f0e83a5108a1f992798e132ad25c44b28ef1f84

SHA256
3f28d0a9ff4509ccc7d1238c4a4cb84770279f6ada493ed8f58c7342e9dddff8

SHA512
2c4a9be957dac873cbf693543c7a00bf51f8cdb5780e4ccabea6caef98191c61d4fa178f5677f7a27f028dd7ed0128eb39065865deee98571859d22b2b0097d3

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
103KB

MD5
77b14483143602cdc44bb067c0de7fa8

SHA1
ea3b78c4bbce017ec3f62a82949354d44444025c

SHA256
1e255bb59c0251eceb8a278dba90c0aeda67e16de44618fb99abe48f4ee2ea6b

SHA512
594b9a7c72fa4933b1ad4c4f0afd07b7876d7cb5d6aa4849b836c76559057cd4e2c1f991ceb9bf1afcf14a2c9209c4029d2537159b2458fc8c4edb1c3407a2fc

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
d5e594a4890505f18c47a51e7408d2bd

SHA1
46213a08034c08f842ade8752b62072daee5a548

SHA256
bfb9569e0dc27e4d497758a48c69e29c18d289764294375bc24d2756bc742124

SHA512
5c5e1168c9a769b29dd9c14fa80b392584b004711203ea828fb789b974c1e404be0556b2f0c98b80c25ec36ed1c8cfba682133d259b66baea07538c531a16a49

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
582KB

MD5
0f2f07b0b12c62791862cbab9dfeb224

SHA1
8188a458183af581c344a9b8b083387ff0e133d5

SHA256
b2ef6da19b36b285d75837fd344f5b9d97a69244febbeb7bd7597e72c494ecf4

SHA512
6f2a085c13bce99a5960a3bbcd664965d93fa45f093316131f11356eba7b647972ad66ed7a729a4545f0d92f54025c232326a3b6be7915102e2e35aef0f01f22

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
968KB

MD5
9df37c9c84912e4e362889d9504b6bb3

SHA1
95924e34bda219272cacfd6c1fbdd20e348f77e8

SHA256
607335cb84791968ea0ff943d44d53368119705e56d351582d8a0872838f088c

SHA512
5cd43a767c7768908c44b1d62221eec0e16f1be58bfb336386ae9af40efa8bea425c8d63fb7097a1fd9ff85a923afba44064b4ffec904aec32ee86e364aa6e6e

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
722KB

MD5
1898831e7094db8853b0345952a676b1

SHA1
2f3a663043e9098b9d3057e8b42d2130ced1245e

SHA256
31462423dd80ee7a9fa73d1fa50d71d55059082e8f1a46e0cb898fd293cce0e6

SHA512
3d8cc8649158736ec0919643bbdd857e954ca6562b76a6fe485bd9daf3cf0f00855afd52094bbbceb72103aa064b7563a85fbf87993b5431bfdd1123be3fcdca

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.exe

Filesize
48KB

MD5
031526c708eb90086eb051b2b1e52fd3

SHA1
7c5470b1ec8c9a99c978ca59ea59c86698183f43

SHA256
d391c1641662589038c076e863ea987ba023094b6d5b71e947c9c28b933bfbc3

SHA512
d6db0a42b96069fe4d82f94119cb0a91db5d2f8195b10b2175eec20b3071330c7325e2b10c1334b5bfef1e4e0607b9b7e1d42e3b9730b04f988137cd1919c5dd

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.exe

Filesize
45KB

MD5
270331c1ac37e86b9339ec43f6b1ee7d

SHA1
3778b0002c55a28c365298347d062b28b303c54c

SHA256
8f5465c5dbeed07a80805bffa61119770ac96b6ed11b8c4525f130cc8fa21659

SHA512
6493fea4f9722db27ed0ef5ed25cc28ae68fc63bae657a9778622615ba51d08049a09b98fa118a9e0ad8581492605c667148eabec7f1803f5a71f6f9a5aef391

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
47KB

MD5
7fedeb49ed54f2e0a3a31df11b73075b

SHA1
96ef43bca1cd00add04baa93e3d85f7507ad60b7

SHA256
333f500938d01583aec3428581342443138160a3199ea6972b4a77df8f48c4a1

SHA512
572badbb56f0a5174576d7881cbc4645e68ab5a0c8aa83744ed6e51813ceacfcbac2afa45d82d10feed9833324f7247a19be6a957ec16c9a577b4abba2b7e550

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
48KB

MD5
32c4779813aea778f15b50f8e9037e01

SHA1
37ddaf4b5c32acb2b8b5f124a0a81d6ba19de07c

SHA256
1b392cf1fe42ab4201135a9efb8f1c2539c77688286d866e430f3a32d010bffa

SHA512
bb47ff8e8f45cc3cabb58a78cbcd836131e67ef8de7f45ca4a897ee9b63bb772dd8e28467ef090f965e056a3c3a86830bba83e4f646604ad6f0ce74936d6a2e9

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
54KB

MD5
9b9e252e87c654668a6de91d6ddb2505

SHA1
ca2f571e638cc1ae298ba207275deba3e3321344

SHA256
627093464b26a0a426450c04ab7fd3c8ab9913220233c069b9378271d80f7d62

SHA512
71c0d0ab3ba5ef6d857db3a8e0d6fe56106b17843f2ee800a6fb72dcab78e554ab953c09fb0349c22eb288a13a64c8fd884a0e604238e84d908dc7efcd0651b2

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
38KB

MD5
e8aa4576aea70eb97b2efe97a72820fc

SHA1
89b306e85a57c1d4d60b31a6838a8208a0aaac7e

SHA256
5ed3cd3cce0d142aec8ee70b87860ec57e5198b538ece64cc30ac81972e064ef

SHA512
7d6b7c709dd3fa40ef2fddad26b8f26a84b7eff61d5bd55a9cc1a87641bd8623ec37b463d91771ded95a097218b7f216b257dc18634546615a9965225cf1e2db

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
48KB

MD5
7d94cbe19d03ab1d3d3b1e2b9b46f3ff

SHA1
9de080a916a3e2761ee1e369c0ef7ea6d0bac983

SHA256
d07d7357fb124e72e7e2dca99e1436b8fc8fb3a7a576cf14cbe4819f936299fe

SHA512
b7246976fa6e70f0b0ceb50d6a507e05e38f8dd7065e676fc6bb4cd3b2b052928da99324f055504ad7155c8d1c06d346007f691ee104a0298eafb49821513d67

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
45KB

MD5
41609b06e5e31080dd974cc905476fa5

SHA1
510edf2fa3bd5417c973207a692122461f45aa2b

SHA256
8297e1a709d975cfa7660291951b6274b8cd47725af9c171ba55df82994c06ff

SHA512
66852c5790230d2c628e1a3d9a1833c569ca6666a05395781e6d0b182e28e2e97d2c251a5bb3986ce71fd9c23d8acae73992a1fb122e5bcff469ebbe2d24fcf1

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
47KB

MD5
de608d53d2142862ea6eedd61fdfeab4

SHA1
660969a20c5f8e6f400981a490a1dc02b757cdd3

SHA256
40df7e0f58d0a125b0e9d91ad2be4db60b94a1ab11aa43fb543ff62b04912a67

SHA512
fb44a90da513cc08fd34f2bd8e4b090019b1db24699e2a5a2f5c91c72859d0ccd994990a1447cbb2df3c3f08c0f528c1e32a7397d7fb22f42239912749918f95

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
45KB

MD5
8cf31083b8707d040f0b135356e07396

SHA1
3be85c6f4142800cc9620fd0c153230efac29b4d

SHA256
5c3c1e27ba56943b8a13cf01638ba9a861535eba04b5944087028b8c8a041cc9

SHA512
fffd7461b748185e5ba0b339ee2eedd1bc7d8cd2952ee8dc76c41023882642ec9c7d8563119639939a9820b53f21ee649b89d6f5b4d800f9d5316c3733e146c0

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
52KB

MD5
844b99143be2890a86ac4958078f0f94

SHA1
e0c2a846687d53db6d84e0d199d0d8d11160334e

SHA256
5ea376da962582cf46c9b5eff4ad0f5f3dc2dae3faabde13693d1ca90ab50346

SHA512
018fef43f7bc99633853f4eabf7380bc0fff396973def63b9f1ba444d0dd958169f7e10941d17468eb2c5a7b646fda670b38943c06077addd5cb37be96bb9683

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
48KB

MD5
8b3d461123dc941797d8f3d9570765b9

SHA1
8673f97563dcfdd14137f50d0a2df32408368662

SHA256
3e314a7647020204e1856ac64d3da8b0e5948daa525d1e8042ce81ebed6ca6ea

SHA512
8fdb55a21e5027c701524d3809d5ffa9a7fb7844b4e0ceba2b8a9fa0c0e87276cb9cdc73c8f1216d7184e7a55fe90adc6fda9f63d10671e8827aad1b9ba317a8

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
46KB

MD5
fb87c22f217534e12f625e8d4ff5a6e1

SHA1
ceb91af5b81eb1b3b4ea6ab3b62a1bb3c8b7debb

SHA256
9c2b31f2e47fee4b8567eaec140e11ae0ebb963db1d92c6321da893a29e1c9cc

SHA512
d0848b7245092cd34a316b1a0dbce10346cbd39d1faf805555180fa58bdcf0274ff5a4471d62581a92ed4a827b0b4769c721fed974fc7e51051f6f1c01c84e99

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
46KB

MD5
50625984757f355d2da1880d2f59f7d9

SHA1
71083739f320e9bd94c3affe7cb58ea95ae3b99c

SHA256
d589699ba4ed4d961e66e91da8e49f2b26bec0fe1365ad6b0d8cb1fa06f8cb98

SHA512
3640dcf05d8b9fb2e3a7056376390792a8ef8b44b112c9c1fc140684e888e4fc1e2f4400b481d8ba96aba8f67e2841661387ae2e01441df4acaaad9ce6be3350

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
38KB

MD5
ea8d28a7bfa44cdb8c65a897c3a5ee13

SHA1
e5b3351bcb60fa69eade37752bb2fedeb58c9fec

SHA256
b27147469915cc96d1e8a94f4932a493f0c4f83ccc6d12375ae5d0087a044ea7

SHA512
66f35a8ec8bc1b62bd7787b21eb135eb67163e81f4e3c66e582ea17899b6c3468da507deddd80b45aa870af8930a551c1fdc676609e06b345ae5704d9e0d239e

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
56KB

MD5
85d64eff57fe48c6a570814553888847

SHA1
bd680a671e23e6635c3d2c8799006a321ce2c059

SHA256
715ae22a9c365ad5f345ee7f96542defe6dfc0f8a4d23a489f6a54c376a68a22

SHA512
6ec50d8b718201019b2e3f412b7e808e1e22e2008f6eb69e6188ef6acf3ab5156ad5be16ddda006bd102a096d82e45106640e46bfc3d228c9d282bc86174e399

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
56KB

MD5
5d621fc2125c91cc60816ab48fd5a52b

SHA1
9fd4081dfce5863eb469ff35addd30b5dce46cc6

SHA256
b0999b534c5c3e182399020f1fb961279d833be9e28c404bef94d607068cc06a

SHA512
aa0e86421cb9f6e93fcee2288a1cc936a95b9a80f597a0350de22ed1867f4f335512e3a10c23632e4efda6f69894c37845355195e661b727b9a7aa60bfc36cbb

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
47KB

MD5
6b3d1279db68353d38264be0760f13c4

SHA1
dc5c0b0f917a63459ac9262a94491f52e65385da

SHA256
935312ccf44d698602e4b3fc387b9e278c3d05269c6ff7c2a4f2ad6e6ad79e6c

SHA512
dfc87b31f5440e69dc4f5bb2fc877bf7c6b99c03d1226f17365f838a39e2e8bf816d2456ac451aac3e75b64a9d0ddbc65f552096947455c02c19ae7a917fb66b

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
48KB

MD5
b273a69c2d8c0dea473a1b5885d9920f

SHA1
e24ac9a8e775f6c2b46b033090e650dbc673adb2

SHA256
a0c4e382a92be1ec89cf8bdebaa216ed7d023f5d6c59c980865e08c7a967dfd8

SHA512
c1046e251e977c2d65544fad21954d3c57a78ceea555f7ec846599c1f5a1e33e4b0cbaf509dbf1704a8aa0541be3dea51c9228f38555249b88bb169e5f083ab9

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
52KB

MD5
33ad25c22fb7e8103ba0a4d6f4af8547

SHA1
782bf71228f0f107f0a934eecb8bf8eb734b7b5a

SHA256
b014fb2a22eedab9aedc5e3e1080d908375c5e6a9daec5189b7a7b366ede1024

SHA512
f332f44d4c45c8490524754a04c7554f943b11cff60210005d3f2d7a4baf059963697407ea04cd9221ac2b8f5a083cef4729cdc02de34c67173ff113dbeb5736

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
47KB

MD5
bba38661d54adc4f270d8ee5864f00f2

SHA1
021928690a1e89e888c46862d67dfc3e784e376b

SHA256
72e472c7aca3ff42b4f7987241c387fbc1a420b179d1f5903ac741784f4a83f4

SHA512
88e102a42fe68a24c59dc63ffc67f512044268badc2555ae49d3fcdff894be7af952b304cdfe43b4c4e7f6dfd0ec52997f7862bb5e8e1b51f6a91a628efd3614

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
46KB

MD5
8fa03895c384de4373b52e577ee13edd

SHA1
faa41472688343e399f25f25677755359bbbe543

SHA256
3c39476495119304996e47db3a9c4e5dee46b8a79df492f927f933e038c2a4d7

SHA512
2b84b364d72fab830e5fc5c19ba9640467262916554c257492c9f7ef976fee739210232e886b90b8304d472c31c90f7ffa16de2b3ddf66d8ff0e9a8b9b613fa4

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
47KB

MD5
00298485e3ab33393b5f2c1f4fd56337

SHA1
4b1c221dfe4a6f7b5d76c1902096534bd79976d2

SHA256
47439788ba68e39a0b9f8bf3f1c2cc16cabf14e0ca83aaf86bb5f491f1e93a30

SHA512
5837069ca04939583f18faaf5bc2af3c1311d81afe6e0a356d71794088311bf6065494766fa906f4532efcf061f77896500fdb186d4269ca85d5db9efa7c8261

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
44KB

MD5
5556745a1f831b4bde0b60f990e97bc5

SHA1
7ae50b040b553aa20cd05e199df70e5826b415a9

SHA256
761eab91b17660169aceba9a3f3ac005365c72a65b81a5c64ce2931243f6ef1c

SHA512
ea5a02adeb0328f5589ac319aa4ba95d5132958d3ab4c251972cebfb0d353b6a9a143175904222396e04693af086b0dc2ce6a18b8c973a48848fceb0262ce002

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
47KB

MD5
3ba92c5cbfbd9693b6ccf04548ee3a2c

SHA1
55e0cecd3a97b927f67b96b9bedf5fc66a227e23

SHA256
e4d452030acc323729c0ff14b0657b1f243ade8838cb371cbae0f69739fd5461

SHA512
48d86fa26cd83bf3c63ef70b2db33e9e378a62ac0d4c29d77bdd8f893db702c75df1ec70c0cd7571901989844269610a5d9fe1a518cc04d3b26a3fbef961dae1

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
49KB

MD5
36c024e7452535aa5390d647467999fa

SHA1
c212003ef221aacc129571275be2ad8b372ea432

SHA256
879692466c788578a45906b6adb41e5998bd701bb91a311f0f74a72b6c5b4c15

SHA512
1502fcfc68835e19ddd97c1a72f24204ec4ade0ca045603461b2c2c238d1d186cf5ffb194347d833ffccee46f3947ff265d3fc45ecf48addfca7bf33a3ffb333

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
50KB

MD5
3642e274e029829fa2f940867132a9bb

SHA1
2359fd7e27f82f9324755a4c4b93d7f9c7cb6f8d

SHA256
9995d53b20331264f9b9f669f852964332b22f1979db79270fb90fee5e1b5d52

SHA512
746876e5572477b98b85a8b19fd3610b6f0698a054fe8104f5cb60c24d8cac3139953481ff1d3ecb60e095928021c1a5cf1d6b673e923f3db22b803f4d001287

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
44KB

MD5
80b7112a39a054bbc771a764d3694fee

SHA1
2865612e9f534db5a3e6bfed6d420fc1aeeb9b21

SHA256
105beed19a265d0d7770fde9845e0ba9905fa0541d82f9a8c7f7e6f8cb013557

SHA512
4cd818167699786aca2fbd52e8f9b52c9c70824212fcc14fd9a99fb3692edbd5c50a1e8bf972cd52bd27f62482c69631b44ba03e31a87f93326026d02939f770

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
50KB

MD5
e5886c30baeef4975e4c35f5227d6638

SHA1
622ecfc07c16f17e8b3bc9a16c6d52afc0a00b72

SHA256
317c213a9a9c51127bc85bb393e992cbaa16ffa6804e5cd20725e2c2a04d0d74

SHA512
c16af42c264c99c27c60caf20a9887d9191a063819fc8fbac5d20b29237a8b018dbfd6f0d8afc4267bd62e48affecb35e1b00d29b1496faf1c91586ecfb965b8

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
45KB

MD5
2b22351d7c5221873c5ec9a7c44cf549

SHA1
f43bfc01f733fabc17ea3c745ab74f511dae7814

SHA256
8b3fd4bf1b9696eb99e2573c771e7e5e46390a14f7a89ec5352fa510ee5ab047

SHA512
03c0da872a81fcdd3692e7e35bb0e71d3bd37f033e8341d1e87118432ae98ea8c4cdb9868ecb5fe2475646d9fb134f503ec35af1bc64d07507f696b4cf21d0d1

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
47KB

MD5
c8ec1e18f1928375905ed997943046d9

SHA1
cb7989834794d9df4530d66846a16a9e5f71f482

SHA256
bc34d1ce3645c8c3e94ce046ac873119efc48903ca3988dd2498a66e9422cd08

SHA512
112a2b4287c373cabd423c785440f1639cf79b28f7ba1eee1bc000080746d153a680898af12d6328acc43da486aa66ed4d8a7c783331be1e0b5eef59a28eef9b

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
57KB

MD5
bfe4073691df0d8bde7955d0a78aecb3

SHA1
60a12b6cefc0c04555f4af61d4b35d1123020514

SHA256
e30f1b9fa78a94f88122a41c622ee75c8d0fb947df5621201148a68a0c24d33c

SHA512
6b718b965d6c84c2ce5c1570892fd38d47530c960e03f11f3b9ea1fb183fe482695124cdbb6ac527cb8e82d521a6b7ef532e8fbec433cadfef5d0a4c2a29765f

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
38KB

MD5
78dd82dd2f928ac4bde9522cc33f8e9d

SHA1
879fc34a726ccdecbfec5a90b002fcb05d2795e5

SHA256
331cdb8fa31961f05c9a8b06f5414f885ed9cb3f44cabbeb58834ad52dd3be83

SHA512
56d12de66eb190dc1773a6d090c70ff139385d5aed904ac02fc36e3b8f739507bda7c77b876a49eb7756119359e92a16d81f19ba98923259297306dbe6074fe7

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
38KB

MD5
ced44911011c6365053643c71215b018

SHA1
5b9402cb217d96fdf6b7f32901e59eb097fc94fb

SHA256
132c99233359de83248d229e390b9f99922479d3bc0b6748903c9f7dbcc3a631

SHA512
17c2ed42cecfe2ce685145f53df25a3ba22a20062c5bfefbc78abb13cb7331a27c1eb4411c517b9979275f9e515048853a6ca579fda17d6a7b7f635bd47f36fd

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
48KB

MD5
976229a9913a671e4d085227be2ff7b5

SHA1
aeba8009bd2f687e50cce1e9674fbb07615b633f

SHA256
e80f64e6bae00c404cb6da18d06442235767a39bb852eeda74b90e6b03e82ea6

SHA512
53d2efef0ae32ea7c19288d939e0f906baef35d7beddaa1fd9624ec6fb8ec34583af51ce94884bca411c41352c91dd2a88269c50a8d2e41e2d55eba11c26a43d

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
44KB

MD5
e90b78c95a4235b6b14b5b300e1c2342

SHA1
d5d0c2f6481817749508a145dc0077194f8d4e1d

SHA256
3e2dde081465365edebbdcbd74d8d39f6a62233504b9d7aa688c616c47ea6174

SHA512
d30b3565b52ee9a49c3c22e6dc79ebfe1b2f5fa42e71e867572dac383fd4f5713cd85bf40685b1eff295f768b4a3ead730f3c861be48f3ba20c40374b73980cd

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp

Filesize
47KB

MD5
02bcadc386940af37c86740cb827c6f4

SHA1
10ec032bf8b2dc0dc233bd8abf9cf54f4c2cfdda

SHA256
3ee7390cc22432737ce6495d11ba4754b2512a51ec0ed097bc3ce1c98e1aa456

SHA512
614ebae07721b462200ec97e69f3712afd82a2d922bdf79036c46dc9679ae88c49e32d8ee31686816cc827b9eb7342eb1089a4d345c6c5777a5551828331af85

Download Submit
C:\Program Files\7-Zip\Lang\sk.txt.tmp

Filesize
47KB

MD5
54cfef750c01eec42bf3ff02fe25f66e

SHA1
80bd85e81742c02d2368ac94cea3aae95d879cfc

SHA256
2d6e989101917f55afc79b93171e39d8bf8530620cb6903989370ed0628b3d05

SHA512
a505690b6644aff361ea05a09c01b23de636dd61325a5f61640e7c793883fb79dac4fe25466db9a7c18fe42ab28d30dd3f2abb48147d6bc059afc194a7413884

Download Submit
C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp

Filesize
50KB

MD5
12648308c8b3c106542c7750debb4fd6

SHA1
e66defae20e3ade206d2943260686c45f7cbd10b

SHA256
2c70e6744ac8d451dfb420421a766ff1b2b179c3425201b49f0f2ecb8f5c2ad2

SHA512
73583a9ff5fb6aefbc2d929cc2a5232fca91753c90a759b3c7cb4fbe3a2d3c5deb0fa0df8ff3c38c3941c74072b10a46e3897c29b9e4b4415ee8c668fbd4ff6e

Download Submit
C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp

Filesize
45KB

MD5
75bc89db05c0d6a81ca5f9788d42e89a

SHA1
a97e4d85756702c9e10b903f26b540f18d6d2a75

SHA256
11b147a8a263010023e10a1497a08a4c7447e5263e060ae661e521889f3f2f0f

SHA512
19ec1148f16f19fceb5e2840649001a45a52dee8f670f9934b7c9dfe3d97b6ed10ef8c1ec763680f7f711f52ebbffe48c01eb21af5c916f6f982bc572890f364

Download Submit
C:\Program Files\7-Zip\Lang\ta.txt.tmp

Filesize
50KB

MD5
429ea8892bcb00abc6cdbf0b2c3e80e7

SHA1
6395a88df46575e82e9af86595fe68e94abe1d56

SHA256
d42572a4eee608d72d5eebfbb4929a4d16d20798f667453e7e0c19286625c15f

SHA512
55fec2415c49502973d888b79b2b28dc82387ba67cc5e857ac7eecce48422148fc2c9fcb903caf5c8d479b456a15d3df151f233f27d7bcafc669afbb31713ef5

Download Submit
C:\Program Files\7-Zip\Lang\tr.txt.tmp

Filesize
38KB

MD5
799918733ecc2dcc23c695f791f34ffe

SHA1
ffe00d2b3a8616a0505da699a5affe39e88d10f1

SHA256
a128faf1e14d7baa78ae3b931ae86368e62e2a463fe862c90521a6799a61db98

SHA512
21e24beefc4dd28fc9c5348d073f889473d8d88058f5b9eafb082f8e6e05c2f05f8d6c3e0735384d49402f6e56ae3d44d23b45d8bf5a110a1e53057534e1431f

Download Submit
C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp

Filesize
53KB

MD5
93e3e92a2ebeee303a508b4e9c278be2

SHA1
284fa35c1551b98f1eb133c52ea65818588a37eb

SHA256
baaff95670e59cc1b295a170d8025df51afec7829723e879aade07d23cda337e

SHA512
7af57e558afecdbee86524991f2101d74025814d3679402a51c113da7bae7ab711d4ad8bd41fc326546ba500fac388a9c99072e5a421e3b124960886b2e963c9

Download Submit
C:\Program Files\7-Zip\Lang\uz.txt.tmp

Filesize
47KB

MD5
5f3889d0ceb9851e7241c8a9f1ba1ebc

SHA1
df5935e3edb187a949a2cb985ffbaaf72961e314

SHA256
68a1133fd5c75205f475dfeea6e38bdbf7030c4a4295dc60836ca198e4ea51ad

SHA512
cc4108cda51c586b974df3f77570011a74615d0470fa8de0f4582266af1a69f19fb94582b8e600c4bcb71d9069d77841d51fa6af8a6f75e672880eed9a982cc2

Download Submit
C:\Program Files\7-Zip\Lang\va.txt.tmp

Filesize
45KB

MD5
31f15d7aac61d1237a2042d2cc912b9f

SHA1
3dea0fdb2806332bca86292d95b6c42f65825b23

SHA256
5fb85e85457599691ed3e1600689f484a00a96be5043b461c2c4e90441266e35

SHA512
2b5b9cb5e1a7613b18e484242b0723dd87274f65905421d033a330e871b4a17d675b0e4baeca2f2eafd755bcf63f6f1ae8f0f13a27fa68b4447cfd772161180f

Download Submit
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.Lightweight.dll.tmp

Filesize
53KB

MD5
0e3cbf226273c96ca9adaf3cf393a64e

SHA1
fd88b0534508fcdf22837b753e540179b026f8bf

SHA256
44cb07094923d428bc252d6bf40698534897b7a89cef347f0d38d9a41cf66c57

SHA512
2cbe0a3e8b38ce673a6683687dfd243ac4941c4cb50a61279f81033eca1faaff4e984d1072508f93deb146966f1ad7cb4b66f0d038a4deb599caf46e9a44a417

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

Filesize
38KB

MD5
e2737c13cc46b77f518fef3f029c40db

SHA1
79a5e6370ab15168ea60332977e787953cc64d2a

SHA256
6c2a99bbfa31d85827d4e0d687f214e4ca5a2a9f3d4291aad63f6a2bcedd76e2

SHA512
3f897cca5e1872624c5b9e546d4b67fd7586756fd2a8082d2c04dd8ae07c0208039143781d7ede48eb5b525b1abb85359c237586ea9593e406828fa40a4507a8

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
38KB

MD5
e3cd6ee11cb0112abc3f56fd374a2793

SHA1
29671f9d10826f8e2a3808b67ea6ccd9d3bb4a08

SHA256
03bf6b0920e439f2d7b679c6c66122446cf50e75097e1aa72f38abf891cde98c

SHA512
b544fdfd8276d82982101ca786cf86c7fbed7cdbb65e60c255d147a52c8dd7287d1e2a7ecf421dfebf2d748c2f9690853b506f40af9be7ed5f342ebc816945a8

Download Submit