2acf1d5a0609c2459446e8f8bd8312587b645c07484090cffac3ed4c6a1193ec

Analysis

max time kernel
150s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-08-2024 13:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

05269738c33e79f7aee25c24b724e980N.exe
Size

124KB
MD5

05269738c33e79f7aee25c24b724e980
SHA1

7740f65a57bceebdb7e52ce66fc3491fd4fb2856
SHA256

2acf1d5a0609c2459446e8f8bd8312587b645c07484090cffac3ed4c6a1193ec
SHA512

04a15dc585472fdd6c891cddc26d2f07f68427034be37d8ad2d7fe4cb9c498aaeff711fc8aaec9366ddcdf1c519f1f7a29b9532774ead5e5ab2c54c71a062293
SSDEEP

3072:62ssWpcU7lK1lKgkn2ssWpcU7lK1lKgk3:MVyU7lK1lKjVyU7lK1lKX

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (5088) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
3236	_desktop.ini.exe
3744	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	05269738c33e79f7aee25c24b724e980N.exe
File created	C:\Windows\SysWOW64\Zombie.exe	05269738c33e79f7aee25c24b724e980N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\bin\npt.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\personaspybridge.js.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.SecureString.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Xaml.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\ext\jfxrt.jar.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Quic.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN103.XML.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-pl.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-140.png.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Loader.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\flavormap.properties.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationUI.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.IO.Packaging.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\localedata.jar.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-heap-l1-1-0.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Csp.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Input.Manipulations.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\de.pak.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Violet.xml.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG.HXS.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.Common.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\libEGL.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.MDXQueryGenerator.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.DataContractSerialization.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN111.XML.tmp	Zombie.exe
File created	C:\Program Files\dotnet\host\fxr\8.0.2\hostfxr.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationFramework.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-140.png.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART7.BDR.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.DataSetExtensions.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationCore.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+Connect to New Data Source.odc.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\gstreamer-lite.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-file-l1-2-0.dll.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	05269738c33e79f7aee25c24b724e980N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_desktop.ini.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 3236	2648	05269738c33e79f7aee25c24b724e980N.exe	87
PID 2648 wrote to memory of 3236	2648	05269738c33e79f7aee25c24b724e980N.exe	87
PID 2648 wrote to memory of 3236	2648	05269738c33e79f7aee25c24b724e980N.exe	87
PID 2648 wrote to memory of 3744	2648	05269738c33e79f7aee25c24b724e980N.exe	88
PID 2648 wrote to memory of 3744	2648	05269738c33e79f7aee25c24b724e980N.exe	88
PID 2648 wrote to memory of 3744	2648	05269738c33e79f7aee25c24b724e980N.exe	88

C:\Users\Admin\AppData\Local\Temp\05269738c33e79f7aee25c24b724e980N.exe
"C:\Users\Admin\AppData\Local\Temp\05269738c33e79f7aee25c24b724e980N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
  "_desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3236
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-355097885-2402257403-2971294179-1000\desktop.ini.exe.tmp

Filesize
125KB

MD5
47e7c490cc4afcff9b17ff10e0e59e9c

SHA1
be5e1b0244d5579250624a8af1d9cd8a51ed5913

SHA256
f104045103e83a001fad792f1af3dd557c34e344dad486a56e83c6d86ede47a3

SHA512
d45f00df4c81d9a8e10e13f846549314cd81e1e959b8de91778ca36ee31cb4796c66b8010ac1d451ad5ef4c0daef6db6b73b6908960c442bd9a3acafc6e44a33

Download Submit
C:\$Recycle.Bin\S-1-5-21-355097885-2402257403-2971294179-1000\desktop.ini.tmp

Filesize
63KB

MD5
c78e814c289fe650d34fa050e9584b9f

SHA1
932aebd9944af226ee8109fe0552c8340e8d9d13

SHA256
faef2d1efd54974d103c7bf648a1279e6e0c97088b31ca3d88ec168e6d062c21

SHA512
797ab5d8e537e87a079986c66fe09de5eb1b01617a7bc87f24b72e36ef0fa9817368ab2a209a3e4184b2e08e61b4d5aef65463118431cd2376bd51b472335d6c

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
175KB

MD5
928a2f8e1ea9e1c6457f4a0fdab9925d

SHA1
0a3a82bd6bc0d2c6c12f788bb82d6ea167295a80

SHA256
ee0aae7b8316a7f47c4085b64dd0d8a3e1d359600c6039da0dabf2aea3c2a7f1

SHA512
c1cf7b93bff255aa12648736b6533e4e5bcbf847d4ca5cdb89ca91fc3a9b89c9b3bac3933b55dc9e123990c437847c215d1db81298fe4e1362a510471a42919e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
161KB

MD5
75c8c0653095315cb0aeda6269bb512f

SHA1
21c90a6dda18fcb2b9a952d92f660ec98b8ce463

SHA256
caccf1c9e6c7b8cc52faee9250712e3c945cfb7c86f25c96abae2a52ee155158

SHA512
7ce26276d39c05aec2cbaf4be3e6d63b466e0ed101cff114a17cbe20c87494601e4d39d153ca8be15eb47da4f90748e7848d26cdba0d4b85695d7cb793c073a4

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
41bc14f8f7763a152421c4d616a35df9

SHA1
d290d3dbf0713bbcd93259c28dce015f0bd4f403

SHA256
30873fce4fc271870c1c24ea80e9fb6bba343fc8f4390d4f1a5bae2f36e7bfa0

SHA512
443f5465d9a07989dde0052dfb0e52877dffe46345a6db38f1632d9857cce36bf2c3c6f2d533f2c5d4fcb71106dc558d2f7026c1a068bf774422cf35085ae56a

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
606KB

MD5
7444cef14fe3493b7f1b964141440b18

SHA1
dd82ec80a8a533690c4c0b784ebe234735615af0

SHA256
6bbfbc800ca20b2703efe0ea30713d25b2d3d8b590ede052ec159ccf4b41af42

SHA512
95fa3411100e90491f898067c537302eceb9bab4970a002e62d3e8ac181364180174f4ae4c495ca9d03159f789497e86dd6d6d431aa5ab764d8f08a673dfe38b

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
272KB

MD5
8290666dcb12d27fc1091a4d4042a9c7

SHA1
217ef5a4c344cc1bd6ee2e896d76f17bbfd2ccdf

SHA256
2affb5bc89e1c4b5373149d58cee93e9a3c056ae0b62d7c976a57a67e6ad88b6

SHA512
61f72c3b2cebeb8c7027421bbd3efcd214cb0c8353d4586306518e98c721ab331e714267a17f43ad0899b48d6775a8bc43606752421e9ffab3dc57514fb32202

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
251KB

MD5
8ec57c8ca05a04feaeb9836ff166c44d

SHA1
7858ad76e74c83f087d66bedee072355fa5a8144

SHA256
db51781861b1601465526a94f72ee9b9e44c0b7f3eed344071dfcdc581d8533d

SHA512
3b1eea147f168b3e95cbd9cc06c33ef3066750d1bececc825acba095646a915ad3fe4de7eef5424769119b99bb360c3b19514d26ba15fe6f33e25fa84a5a31b9

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
872KB

MD5
773c0c36b4ded4afae3232c690a5ba65

SHA1
4b0486e64142b6cd1739acfba7ff7d351321cb1d

SHA256
510bd090639b4d5a7af04444bade9e4d578e81d1e009d17db1d185ae107fd0ad

SHA512
58a85427682cd0d3f791f76544099fd6b9ebb6ee7e64d613585d36de63e47f2dcb8c616f89cbe6340a2e6f7785dc66604692ee37202f6ea57f0827bbfe7aacee

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
993KB

MD5
d153ad6bf94e713e89d232f285fcf642

SHA1
f238f7b0bda88ec29074690027b0c2e545a69147

SHA256
51f23621ee343acd750a791104ca245d238d5a4bf5b2173dafd8bb75c0dabe00

SHA512
77327d7b183156ac49af107603ea35c257695bed03a1ba523dc495019d83e22e2290318f83df38333f0223448a619b5bbb8c92bc997d6c13743038332ead6fe1

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
746KB

MD5
7b5444e16045d871691fc6ebeb31bccf

SHA1
8a20e78d4f63951db6a275ca34c1eba613cf955f

SHA256
cc94642342881df95ceb13a606031277d67a055979ab30ad4b45191979851e17

SHA512
c311eea808098de53ecbeae1326372c45ab2e5e490444447d9d37287aebc318ea10c2b4026df40abb15e84faac9b69352051ca9f2a83192fdf129b6970322ae6

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
119KB

MD5
68b9de799fd8a051d7eecf0b5d152284

SHA1
3d6ee37b2ca8a029169f64b56c2db28bfa7f9303

SHA256
f11c7abbf453e9856624b5735e4b179f8d40009cf40be16fee1379ea20d9c862

SHA512
7fc3601920eee7b12238bf0bd8f871e05b6d335eecbc460bde72022b5efa8eb023ebc94ff925e822203e8ff5db3a52597b0ddf53793e8c3705ac9071ba61dac5

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
72KB

MD5
b019b13e905b04af3748e78f22aa2e3a

SHA1
1abbfcb6fe8b81936b32652d3cff28c10833f6e3

SHA256
2e7bc8761149198d2587a9f16541e3da063f12145ba7ba9af350690779d57b0a

SHA512
df08577ab3f99b903821efc23a9ea995bd2e3f51ef98704da1cce7b5627eb5266863a5b284c277e6dec7cf1f39518750cc6ea3fae811bc86a4892a498ea1e125

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
70KB

MD5
6f61374579ab4f3bee1da1fb1ed7e865

SHA1
abefba2a1870037439622de62dd0065d1b4ed840

SHA256
7e04e3fec2c3393be668bf3afb37dae6cbe2a5c1b3718a6a8316697bcf1fb446

SHA512
0f437294de14d64c9410c23f2fd53f8445337528698a7fcdae93d9d2310dcc1b141181e397745248339826195df903f12486f9c8962ea27673bbc1adfc65aa6c

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
75KB

MD5
3bd07920d56c2eaf81df5bd3a518f5cc

SHA1
8213e11b51b7ac485afc32d5e51b4c2d54fccba2

SHA256
deaa9af3f66efb9b2980cf5ac45601a4ee58cd46e8bc1acdc9d782622804ae52

SHA512
14acfe6d717abed3785e24ae00ecf2ed4ad48f68d3907377baece22980fd4038aed3037d780b9e6c0c3fce6d79d0fff66529fd608346636cdb95fc8028c89930

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
68KB

MD5
7ed407632177e7a9aef8dcf5ac223d81

SHA1
a67e08926d1a1527f17271680a0187b9c117b45b

SHA256
5df1ad77ad866ceb1d90bf4789ed8bbe07791fb83817058847bdf702b8c75ef7

SHA512
0738cd02d5acc6574f507e71cbfe46d82c29b2b41a78d18b9f483cc1c6549fe5d980453ca2351738f12608972cb15e3dc725cdadfd89410f0c10eaec87a0d4f2

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
73KB

MD5
aa5405ac0fafec8decd558e3cd88a2bf

SHA1
804e6686bdb1976f711c00ca19f504eb29f867f7

SHA256
a27969645b4e314db61ef6102a699e17be71c5055d6443fbb3d3cc03ef6e9a2c

SHA512
821803a4caba2f062d0056e3b3a063ffdf5556356c90e8c755c68a8dfeb93699fe359b0d4650540c1dd005603195b239be729f3ed7c773c41aa5c4213a6df4b8

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
75KB

MD5
0735427d812bfbd9e4955748b91f0aba

SHA1
64359289514c904ea7ade0279a72c0029b3b929f

SHA256
a8c4af5fe1a4a7f104acd84ab830a0319aa3f9a69bbc29c88048e5720373e5a5

SHA512
6b71b79dd298e25007bd9282bcf57821157684ff59f28bebb47cae258147ad4fad87b01d2433915c3e5973c76d3437f9ad0252c77d5c0ca7e8d17d94b8ffb075

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
77KB

MD5
11bf91fc80b4c8ef0fec87eea3e976a3

SHA1
4b0e9182fd44f2d03eeb2587299dd8160eb97a5c

SHA256
86054b4778cf43a79402b20db9050a5050876c88c0e926db6503ac0a6d954dc7

SHA512
89b3fa9956c7a568ebf5fd2168215c5c67780c2f972ffff2b60184a07492279312af1d1645569d27b9c7089da66667c70cc656c90719a1358bb012d8244792a2

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
68KB

MD5
8b7544d87ced85212d40ad3bbabfbc31

SHA1
fc23559fd826cc59458339458e1b0c910c4f2840

SHA256
5f67701c1d6c600fda2e9703bf59c8cafb0eeee7a329b07d2def026cd3119ccc

SHA512
4861d9985e775242cf154e8b944f936bd0af8236da1642723e486a781a275880285da67a97a6fb42bcffd28af3945e88752bc79cca3360782ebcb406b38911a0

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
71KB

MD5
0abdc5cde464e59be0c8d0ee4147a670

SHA1
8d41b55f95a1638610d1a1408718321481f6a8b2

SHA256
ceec05738b1f3456a7655b2d021ca0a261bf56b58459c7c591b54cd7d782d172

SHA512
755037255f6f712a0891fa1ffc0eafed31f2ffa1a19557bd97d8d847a2157fb1f3759dcf118844ea8e54c403b2cb5bf190d2a54a3761001c950139caa0debac3

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
73KB

MD5
c347f41b35a3d159284be91989cd716e

SHA1
d9277dc3c7b2571e9744440a398c35331f212f35

SHA256
0190a01c98bd0de330e9cfae7d73d37f4c3f48f1e0c16960b3776bc84631c093

SHA512
4e405ad5a21f7c34797cfd79cd26991ef2c3e7bfb68de77f2f5f7d9679b7dbf0736c86c653880ad19fb8166298432de04d9cdf9b2343415152c2bda12c9357e1

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
71KB

MD5
26152b89e595a98b759d86011eafebf4

SHA1
eb5246abe6832b8fcc1d8fa579d4adac6a4adf3e

SHA256
e9f397d94eb5838aea0d002c15a1efb00daf3d20e34cb7c5c97a175f9f94a135

SHA512
42357fb8ccf1804003acc564055797d5d91ea85e6036f6edb5ed81c1dc26105faa207f0d17924e23b6f188cad704868643ef4c99e00b8743d26f0593533286b5

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
70KB

MD5
8ffb19ab1fcb193c17800d52b7c908ad

SHA1
f89a0bf77f0ec9bafa28da7eae01d856a625d95d

SHA256
c877008215d9f910360eb074bed7ffea5e78e9b8df76dcf07d7a76e84c8ecefa

SHA512
53fca68384eab77d806a7ebcd38cb592f5103aa94ec90235fd82259968c23438af78837787a20d8de1fbe749490563fe56c74a1c92d631dd54836e2771f5db7e

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
79KB

MD5
aa0b60a4677f10c7275f66e9441b64fb

SHA1
d1f16ad7d38679ac5fd42a6ff1daef6ba295546e

SHA256
b9bc7399e274559bd75a70a37912f997b28d41a26fe2fdca231cd05fb44d0a61

SHA512
ee6a58eb539ff07371b94a305e04a67e9b1ea82bde83283b11deb08d4b5d2324c31629cc8d8fe8b445d3a9bd97f940adea88fe9c1cdac7a0b9e20c4e0b82917a

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
70KB

MD5
f73194b178c26bf25a6d2a2675993330

SHA1
516f2299db457fb16ebcb8eef78bd89791069c01

SHA256
3cfd91fec8df09d5403108ae9c1f4d375459544c92d98bb78a10cbf20510a9fc

SHA512
ee9be753e74895c7dfc08333060e4dd4b6b4c86a06342b9112c353073f8804833c803e71bf341b8f286f4624a8bc3b54003ddcf09e6fee320542b85d1b6aeeb3

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
67KB

MD5
af2cad26b0d3d62cc3815ccb937ffc2d

SHA1
fe8272f0d0afd1a45a3bb9e4d21d86bca08562c9

SHA256
030e50bd7a613b022c4483b7044fbcea0c9342b638947f351399ce23a91cd781

SHA512
1938853cb8a527531c2d121374c9cd06746303b3f13970631f488366d296d21942ea1eb233c567df7f51adb2ac2244d97177e9bc4bef433942f97d27ed46678c

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
69KB

MD5
99a3eef8801a2ecaecb8b858edcf9b72

SHA1
f261b56f5a89c2679b929105d411dfd750208009

SHA256
9569b0fa10211761ab8b010ac781e0e1bb5052dd1ca2f36aeb9ee4eaeaaf7189

SHA512
f78d74287012c73d2439c5b30cf65720166c55cc123e1f1228aea0380d66370ac5d4bd245dd4b5e8510052fd44e59aabe34ae5c94d0e4fa58f718e1857862b68

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
71KB

MD5
8cc2464af018ced2397c4eaee56d7b64

SHA1
034e57649f61e16d556f62d4c045c5113e4c31d8

SHA256
b3d4c4b940d3cb46a68e48cfa5b38263aed354a593aab258b4907efdb1fc04a4

SHA512
627cd0c77d429bb23ec51b990817c4041a593d01bd2517b7e4e735de8d77ec87a723a9ddbd7428bedce1be24914497eab6df20e9d55edbfb1921de6b61c16df7

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
70KB

MD5
5be99ec2836347784042cd60d3869e01

SHA1
ace75d1e2bfbe0810ee700988ee45a1a00c8f73f

SHA256
862c4471876c352f68e93c5dc798ccaae59301fe82a0d48cc9675384d86e362d

SHA512
02e2fd61017c8924f7bf0bd81ba08cff40fb4c1b84317bd7be7cf5f25db10c49233b5a2b8de36d202ded7f72d7296e8a814599343d3a3208d00389c9eb6d952d

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
76KB

MD5
fb622aab1f38b38f4ac59f8017150619

SHA1
597a84167d49ffabedeb6279486c2c96e8a91c30

SHA256
d9cebb4c25ad27eccd01a2642a5843bd95e2be5adc2dbc578bd81323746a694d

SHA512
52087d903ab4d5e71f74490a6e50667ece3cf5fab3aec96c8f934896b27b31b3f7d13cfb6887793051cf253a5957b0220c66a2a10572712b3c7a71534e607d0a

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
69KB

MD5
93eb520842b698a03b970b18f9856835

SHA1
0e2e2366078c34e1b13be2cc0f4947e91b5a1711

SHA256
c45cf7bebda79bf53593d707b7b5c5e8563c048e5be2fb5a6323fa30553ceb70

SHA512
dab9008295061a1d3b5ba8365754b17139ee82bccf443af41f8616bc7de91d9b151bb612e52c365d1b7b2d1828833db94f533c40ff9b572e6e6f4bcd3edf0899

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
68KB

MD5
da401317374d25c396dddb62e05d897e

SHA1
c9e7481563c2223a207534ab43b2c51ebded2c19

SHA256
864ecfa9cbfcc0c49e1a81816caa3c6d38bd1fd5045fc4be90f90b9214db5e1d

SHA512
87b4510af14a895bd3992af7ed743d043dca6f3880b76635f7828088245348c48f42495f1de25fd18175da0e2a40e826449ba04fd2c018534347fcf85471b835

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
70KB

MD5
ba3bede40b8cb8aebffe10949a6f05c9

SHA1
b367e96cb9930f7278127c635edd48594e154dcd

SHA256
08af50c61d078358a0958aba3bcd7bcb06f7558b9cadbba8133ee8d84cae040d

SHA512
f991c1ba7a730fe3156725dbf0b2c0180234d2e813f9dc4bd76aef7da9b37184975ebdff15e2f4fde831483b84095c1d29df82eb114157b954cfca3d5453af3b

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
79KB

MD5
a962f40da317b9e210c7f3a3a4698423

SHA1
09c345da930934e9233b7e0cfe0f846bcb08752b

SHA256
fe0ebffd745f39f6b9660a88acadd4a611c4500f7b011dd42d2443f7cedb87f1

SHA512
3a9b3466fa3c6187dea22074fca2e083688e2906fc4c33970177b0fabf6b2b9f312a8d10cd8985e47c539b4c0e56f1958cc47735619c8dd28ad024112e91f538

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
60KB

MD5
d045f0d90471830741c29f5ad64c8cc9

SHA1
ea35fb0e2d8a81af4d4612c11572c2e9afe567dd

SHA256
cbde799dee2247ad97ec11b51b72e75091daf47b05c753aa8daa08de7f883e41

SHA512
65add27d33f4fd301e19d009546f0298d7d2e8f84f5494df1ef21e6046637da18c0d66bc9fd8cfa69aeb310ab055d9c71e49ce929a0677ba269697f061926443

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
73KB

MD5
88c3c5baf247b35355eb238852d3da41

SHA1
d0b55a51d9d32f91244e48b65d4ac0d007c41fa2

SHA256
8e1102f290b3304700b391a6b59c60413b08c698275e0c1f5ac7613d9a8413a2

SHA512
6ffa29de52687c9d68a4b7cf7224df8a6bcc01faa58929bb526134ef4723c26234080d2d17b99f8ff9bec63a3fe4ed68e1063217df1535604138bf90930be0e1

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
79KB

MD5
a3c625c17e613692552e9a8f00a6bde9

SHA1
cbad033eb9b667482a6d1deddffbb6444317041a

SHA256
181659eb4e933543470bccb5643b39f84dbb4c0e0428b66c88f1feb8d018bd9e

SHA512
f184dcedcaf95cf4ca463589ac96cd9f7228b2eec71c1eba54948a8107fe66d9e8865cd9494dd491cb9fea8eeb3725e0cca5e1c8188a6ca301108ef24d2e2d71

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
70KB

MD5
c8486cfcc1a91a766f4b2521602e91f2

SHA1
5f945612219ed29690718a1b58a499620dab1229

SHA256
9e5a3b3a2566a05b802559bc8944a65a636a1ca4e89786ffb1f380c1cc271dad

SHA512
90841ce6af0a095e215fef0c51c29b9633fb36774abd86c810e16f43c33d373ef63c52f555dcb9e16b939be54f570fe245718821249f956bc1ff263cd944d35f

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
71KB

MD5
a9fd78d9bfaf4e5ba658b7f8b2ebe702

SHA1
370f527f7406bc1d2435c787b481cb7d9d8121a2

SHA256
f329179f74fe39bc5efecf298d97d155c533ab6ef18f548f4cdfc4d2ee4f86a0

SHA512
8679476bde0922e32eaa47d820ce0ec52b45035011ca5b35f781d9c803b083fa0801d4a5e2e72dee0806353cc6cc0324838aa2925ac47ec412f523f12a5d09d3

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
72KB

MD5
d8e4d5b07cc159fbfc2c4ddc56692e3a

SHA1
ee0e3d63ac4ecfa3ceb7272108db3c5690120123

SHA256
bc8c0f1a0d474dbcfbc6436059361857b57389a8114d428745d65ffd40e81e6f

SHA512
7cd27fc3307c10f0be10870938dbe9de521dfb9924b335dafc1bc9fb0314302b962181f53e857f299d1249ed471f571c6df51c81ab3974f8cc159adb8c422ef8

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
71KB

MD5
95c8e1d3fc012fb2aa43b028cfde1c32

SHA1
0971748e9d3e9fc57e5a6934afa08b4d1042a805

SHA256
91d5bb346ab197edbe8810726685ec7cac47b207c1b85d1f6d65f56ca253fb2b

SHA512
96e84659145140c28a2ec53001917e9341b66a99df681a65bae11b084cfac4d658060a49294bcef4438282c74ce415e6cb1c2e989b0c8578069ff3d8e9586199

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
72KB

MD5
4860b3959b3548e0f933aa2a560f697f

SHA1
0441399e7e8af7029238b3d49aa7a540cade3dff

SHA256
8c50cc69aebc5c23b4f55a1decb18b3765edf95f2d141e67891653c2db906c56

SHA512
f603a72b794aa151e9eb789faea2c33c4692668b378a4f435bf9752cb5374b5ce57de9a31eb0297cb848acdf9fd1f2c4adfcac1578b92fb6c6bcbce8e05927e3

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
72KB

MD5
f0699d1ec25e7b311ca01e2b99f9890c

SHA1
1476f422b2a3deac8eab3f50843b352508edb1bb

SHA256
690933f79986a4e3cbda70975bf47d17401663b7031e9856f5b17ff2bbf4488a

SHA512
0dd28182a3c99feae13f181e95a93e9f455e338d2c9caba06d5a42a1ff484f115fb62a17e52714bd7d97de66741ce2cf60737a20411ca8fc1ed7298ab4e16301

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
74KB

MD5
ba2eb35c9caab22a938df64a9b041b2f

SHA1
a615d97ca832302adc8ef66642f5c70cd8eed4bc

SHA256
e0c82b2a5abd1d94a04213787a7c699a1a1fff3cff6a822571a99b83ffc755ff

SHA512
c8d4ff4df582e6337e7f978e40e1b7ad084b16c505cbb2fa34daf490a83b9d7e6c75132522bb990c4d986c41fff73046fa8da21a3f707e7bb8a5b2ef0a34f417

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
64KB

MD5
f7b185d14a583f38dd3a416874eb322d

SHA1
2983f666b7a7004de66da159b1e26c6788af69d0

SHA256
f41786edc24bd8100e4f72b2d2b0f07bef65473b1889fd2eedb6e33544cb3d76

SHA512
2ff8c3279f1caa5b87a8f79a49198e63c07ca26c6e4bf0e7b8df1ab116f09b0c033a44c8268f48449286312c9bbdae4a76019e831b742cc67f17a1bac5cbc57b

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
80KB

MD5
13ee4579753560f49c21b9b4c9c6caa9

SHA1
4119ca7b11f917ca3adb1314d16dea6c645ab30b

SHA256
a2f927dc291d14c21b98abb281f4d6811526e5bdc27194374152db288d3c9afe

SHA512
5d736f31ff43ac708b5d6a7de1f9d980d93b8a4576592f6e7eeda633af554daa82a1a08e324face312568b1e71d4a48024a323035c83b0003e71347f7f90dc23

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
70KB

MD5
14d13a946ff5844e5177a839981ad71d

SHA1
a66d784c9234fa60b8809472ce11c6fd8fde3888

SHA256
e4c2bf3488b5cd9a2e664edb050994f66c88579ea78f50d8c1962f91a847d135

SHA512
01299b25713bb76f67dcb17469628855f61340fa12dbc922d4e73cc271a85f917edca1f15a941d324b69190350a00e0f027063b7b3c2690ba052c0f3d79416c5

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
70KB

MD5
be38f36f3777c23923a80fd36421b1f8

SHA1
3f2646df39363955dd677c04cad3ef268a4db4a6

SHA256
54acc6300830c2fc3d350b083dff07527d26487400bd193603fd03f2802100f4

SHA512
316b7c2bb2e257bf7d81d2623ed77af159f41abc937a2cc47fd0286b550ad5865dbcd1595931a6c526a5171a8b63fc87d14f843971ea9e73ec03b2607fe337c6

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
73KB

MD5
1445bdbe1e1ea2835e0a835f9de23a7c

SHA1
2a2c01e65fedecc3189436ad31cb24a682007a5a

SHA256
1cdd917dccb531ab8c2eac35b0e508acdb383cedc54d7864ebda4f3b1505951f

SHA512
ea2501f399a1ced0f9985e544bb48f9087e8d71028e987c82fe01979cc74a44066934d5bac523bc23157193ad9f726600918d8dd83b858a02bb43494641bcd4c

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
72KB

MD5
daadad62a98a18e449c58a6fd3003343

SHA1
1af0077806939c06f2393f094e1d71f40c541689

SHA256
5c1f7198b91d879777139b3aed2a5d4c51bbcd422561c396095f53099422e883

SHA512
1b1babb57060af870938f773b6a03d4af57219354b657b8f3f9acce035539e90a6366e68f10712113354d2011476b2fe1fb9c49deb725061741994d8680d63ae

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
62KB

MD5
afa738a02eedbc1f0154cdf075aad534

SHA1
fb2a552581aaa2a5db3043af8dae73b762a244d8

SHA256
e7702a5e655011003dd2adc3d99349b4f86ed107f18197819bafdb3a49ed34b2

SHA512
e90cfd5ed62e6ff5930188ae8dbd1943637944c4888700bf96c27e77061de19becca30bddd29f335e9f3f44c7e469836c91c8a6dac0566302fd24ac9f72988fc

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
70KB

MD5
dc4cbf34e82179a2520251f2b16648e2

SHA1
4dfcca3690b0953a7382ae06881caf5aaf75f6f2

SHA256
7a9665c7e450549c499eae8e1af9153ec51ab5c168e9b6599ecab8ce423f2f57

SHA512
9bf82c57b90efee8885389370ad6b4a84465165f4ce731041c6a89ab4a221d3dc751aa8cf09539bf8626ef7f494f8186fdfac49af527f851177d9e66fa0aa0b8

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
63KB

MD5
685c27ead6d80c61525f8faa947eac10

SHA1
8da06b963f8da5e6bc356ca1980401abedc2330a

SHA256
fad6ecbd31c27f7c225276aed53d4d1f58ca1532c59b866d56bec3a5cba004c9

SHA512
2aa60e6805e9fec46476b52bd179db49b6e078cceda1164f607f3438ce1c0781a5aa349aa243971a9d1c748f4df452c9f657eabc10e5b3a6befb5748c636f4a2

Download Submit
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Cambria.xml.tmp

Filesize
69KB

MD5
dfd46efe5609f0d0d5e6b0584224e563

SHA1
155033084b5b773d7a3836999f37d1acc0b1518c

SHA256
7660102216b3fce2f3f0342ca5c86c484d1b23471e894bde259ef2a0e3e095aa

SHA512
8ef9cd3dc660e306927375ab1bbfaa1cbf0c69e7200e73686ff3751d6243f6efcf3a4ad15b83451dc71e9ed39ced32e1f4b54fc079b3a23d3ff296d085bb0f07

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

Filesize
62KB

MD5
fc1cd191bb8e0ca5ca844d347aea1e68

SHA1
90d194846895f312cf99f456286e696ba86a5e11

SHA256
4e5bdc8f3cb500e53933abf7d20fc8c05364a4f6d68e4c289e0a9b3615d7746b

SHA512
b244b71c7c3a8db8cade0d47f679d57957b8ba0c58d93f8089aef8c3fb6f36c30bb352fca58d356157c374356169b08ec48f19bea4385db154e45d9cbdbbd6c6

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
62KB

MD5
698fd387c3808846cd80781068bf759e

SHA1
e08e3e169cc32bf54bef8acc8703049e3eeea71b

SHA256
97148aa345b5be8d86faf3979d76233dde3362e24fee3026dd5e5fda4c542605

SHA512
3054204f45e40ef6de09efe804eb9b59dbfaa330a40cf883e4b9af65d89db6ec83c78b7ebef72bcaf81248c358c7affac988a18c596edbb95ce2bae7ecb4f6bf

Download Submit