5533ca1ff3418778340749ce0e364682e9c03380dc7cf5c75f506bef974cfa96

Analysis

max time kernel
150s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 22:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0021888967fe80483f2890201d27b2e0N.exe
Size

82KB
MD5

0021888967fe80483f2890201d27b2e0
SHA1

d27065e85588dab8989ff1502e3124b7facc388b
SHA256

5533ca1ff3418778340749ce0e364682e9c03380dc7cf5c75f506bef974cfa96
SHA512

ba87fb4d06ad84b42da027fa850642e68bc3be47a87ddd026725bc462d16091954704cf0a8f9cf0484b921e335d96aebac5c7440dc94c1f24d53b4f3c4baaea4
SSDEEP

1536:W7ZhA7pApM21LOA1LOA7ZhA7pApM21LOA1LOZ6Yh44eFZIXHFJV+6Yh44eFZIXH3:6e7WpMgLOiLOAe7WpMgLOiLOu

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (5245) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
2744	_desktop.ini.exe
3752	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	0021888967fe80483f2890201d27b2e0N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	0021888967fe80483f2890201d27b2e0N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\wpfgfx_cor3.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsFormsIntegration.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.VisualC.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\index.win32.bundle.map.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\deploy\messages_de.properties.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OsfTaskengine.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IVY.DLL.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\cacerts.pem.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelGlyph.16.White.png.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.XDocument.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Xaml.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.AeroLite.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-bridge-office.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Grace-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL081.XML.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\UCRTBASE.DLL.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationProvider.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationUI.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemData.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dcpr.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.DispatchProxy.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Xaml.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\openssl64.dlla.manifest.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Controls.Ribbon.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\servertool.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Design.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\ext\jaccess.jar.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsFormsIntegration.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\jawt_md.h.exe.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\lcms.md.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Resources.Extensions.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond-TrebuchetMs.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.DispatchProxy.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.runtimeconfig.json.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1036\MSO.ACL.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet.xml.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0021888967fe80483f2890201d27b2e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_desktop.ini.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 456 wrote to memory of 2744	456	0021888967fe80483f2890201d27b2e0N.exe	85
PID 456 wrote to memory of 2744	456	0021888967fe80483f2890201d27b2e0N.exe	85
PID 456 wrote to memory of 2744	456	0021888967fe80483f2890201d27b2e0N.exe	85
PID 456 wrote to memory of 3752	456	0021888967fe80483f2890201d27b2e0N.exe	84
PID 456 wrote to memory of 3752	456	0021888967fe80483f2890201d27b2e0N.exe	84
PID 456 wrote to memory of 3752	456	0021888967fe80483f2890201d27b2e0N.exe	84

C:\Users\Admin\AppData\Local\Temp\0021888967fe80483f2890201d27b2e0N.exe
"C:\Users\Admin\AppData\Local\Temp\0021888967fe80483f2890201d27b2e0N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:456
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3752
- C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
  "_desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2392887640-1187051047-2909758433-1000\desktop.ini.exe.tmp

Filesize
82KB

MD5
c9e292404b1d2d6f5e9f9c6ebacb3af2

SHA1
8b65efadb2e88d3e5e7272ee47802eb3c6f1c057

SHA256
c301b9139cab286a0b32d8b55bbcd5b23d07e733a2f2c2ce644a3d0b543fb43b

SHA512
3ff75e13d37e17510037d7d1e6b86c78879631f1ed93f60a51aa198ae2b4f33e9b27e7678d1adb87d83ae7d0f3a39db61f86920365e82839eb01c96469546410

Download Submit
C:\$Recycle.Bin\S-1-5-21-2392887640-1187051047-2909758433-1000\desktop.ini.tmp

Filesize
44KB

MD5
26e6e71121c41ccd4bcd03a1f6fb9844

SHA1
710cae68363dfadcbd5d2d342942039c5b6256bd

SHA256
0d4c7022894bc4a32640cecef637a5bdbe146cfc5b6536a5c665d8d5415c1085

SHA512
e2be1caad8b0a57862c6073a6d7901c241a57c09fa19e66688350605bb0b44f5d66e9c5752c9e1ee5d9a2f0e2494891a673d4fb82506dd01803f7f90f34cd4f3

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
156KB

MD5
716c0cd18732de923c6a840d529242d7

SHA1
29122da599f1a480c3787ef0ad34a49c7a2c2ae5

SHA256
8be5ac8f86927f3d9782c0fe93e3a9cfc8f77d1a4f66d2912ed65a1e019f88b1

SHA512
db2a823e7357a1e6326aca3500d16a71198e654190b2b9e4ac4c103a20e0de267438fe022c215d8fc0690bf2e7c6b8001329c6178888144a70c77f72c1347976

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
428KB

MD5
071f1248bd39df9cd68fed736656bc7c

SHA1
eec21375e3bc4d6e7681c2643896563ba70a0332

SHA256
5ebf9cd731735938de25cb1a0167aa08437f0e202017e1b9df25ef77b2f8cd1a

SHA512
560df663ef3f7f53734b507847e259e2b2877e921b6b0a7a4fdaa0b332e62cb1fe33cf563a4cdbc997aa1b202ccff20203136d4df0c11c8c64fd3422a5c7b73e

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
587KB

MD5
b907dae58b45e4f6178c8b90b4492368

SHA1
ddfbcd3a330054e5fdda1e8f22bd93b4e81f6dfc

SHA256
77c5853572245b8bd3f7e0e01d8218d68cd9df957a8957501d49b82f9f02080f

SHA512
03acc80113449ce6458291fce36d4c8ef2fd0b7f666ab5f6db1d29cae12b10c052b1e5f235e8392614dba554ecd3f594761f5b845a21ee6a3b91dd9f76de871d

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
64KB

MD5
968e20cc7fc0431d69df32c6f8cf0ea3

SHA1
47c63a256827baec2addbc8974039e6a6398a8bd

SHA256
7e16cb8ac3a04cb2ee1e3e1156358e2d7bc5cff3e184ac61bd3d0175d95b85ee

SHA512
994c065783728f1ffb49d1b7ebd0f0f9317ea3873520dc5850a1b79026d09e4b33b9cd3fa864d6be8d699e6cd0af92250be95c58e635962bca474c43bb3817d5

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
727KB

MD5
5378a66c082815c033642ee4c9c2b8e8

SHA1
ce74e59fff04ce2ba74c848945c9775cfce00fad

SHA256
28a304c0dae7a23806ae3a073e685cf5508c8d7ab4ae1b3e7e2bc2a990f96f4d

SHA512
5150a7ce3510f87ebd42a8a9f2a51f9b38863e231f714ad94e17c15fda2eb5ff642d500aa0666e45f636d28bc0a3e3005d706b039604f8708b6ddef7b558dab7

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
53KB

MD5
d29c25782f81535f93584d23c187ee01

SHA1
e9423e3842ed49e808d085bea6e08a64f7f79345

SHA256
d32e0418f5b13cb4f931773c29cc7fd06e43c50d4e61204e3a20ea31b135eece

SHA512
2bb99085ef066c05f7c8aca6f9e42749d1b096d6a84520592969ea984a6f34e93f8a7cafd3e5f5ecb53c4fece809344d9bd82af3fee9a17321a435153895246d

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
56KB

MD5
c68bf42994c63b65eb69aa43dbfcc7ea

SHA1
83683b4f2d61d21142f540903178f64dc5ab9d74

SHA256
97ecfc5a89af10683ee56be299c862c4623ac6359485ecb9c532d551c3750c3e

SHA512
2b79cc589a92504b0531fdd399a30d5b617555789220d7737440703037abeece0ed8e283bc7f63172b35a399faa147d0712edea519e1fb2b15e7e99530e26fb2

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
43KB

MD5
160a5cfdd5127c58646311fe0a97387d

SHA1
eecb36dc484f0382928dd861e19453a5a6763ca7

SHA256
1962778849a89acd89cc1bdddacb832a7eff9c63ddcf92450cf92f6442fd9954

SHA512
7bdb2adbb1755c43112f87ddb92ddc59afbccf19426e116bd85907082463242858ab4ebb65af22fdb860012962b1295c0c4c45d5c0b905e78bf6129a60a07b2e

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
47KB

MD5
4b67777bd38d5f983b2fed2979b1aeb1

SHA1
e519119751caf0466c85849257eb73b5bfe1910f

SHA256
7283331e862ff89568dab615e175b74975eb6bfd77cc51f66e56ecc2ce223704

SHA512
4164932aec95f0418325b0db8be6e453986f946ce57394055d45c72b86e60f2cedc8d0f9d76259bd50878cd0c75afb6e7535fd312e31df719536ba393aff5fac

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
49KB

MD5
3c9bc0f3a742a6d89861f540cc81cbfb

SHA1
f9bb2c9fd0f0134a3502d17d73db385c8241e209

SHA256
4d9c3db93e192c729471e5259078e3a6943fba7d5ff9a68cff5fd05a35fba3f9

SHA512
0121658870ee3c1e6bdd6e0f38313d49559eab991c380153f69b5f1cf66e236dd9beb23d3848900e5185738556eb3dc931afe43f14bc1343e8e4b5f52865bd35

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
50KB

MD5
f039f46745be9e354afa523cb08c30e3

SHA1
185e705452f8f84f34783f730cbd3c86c354369e

SHA256
baf7c8a078c50870ebfb787956b4aec5f61892a3f9aa61b4e11c6fe0487dd893

SHA512
ad1b653fd96a48e0bd35dc00455e91ca7c3f6041e613bb88d1cce7038bec720458ed25bba6accce53f8e965c8e71b7e25660162351c66cea47436e708b411915

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
51KB

MD5
71361cc0d8083b4d3899b304c1d34fbe

SHA1
4e17badae200913a20d84c6e527b8abde191b9fd

SHA256
a23b2f3375572bb38308236fc7bd3615900c5d1180037551f51eb3844a4c50e1

SHA512
86a2906f2d15dbfc0adc11f83e40e993ff971e8a7e0491f4a6e5061f06dcfda8fc31b4b69955a9d5d46a7c3aa9a89314fa570bb365726a810d8dbdcc3a6b623a

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
53KB

MD5
d2ec8b23903229d832f7c884d6f5c483

SHA1
4670ce95f32575105169aafaa450bc141316a875

SHA256
623414c5f1f1306969f1e55b2907055b2b1641cbda6ba7d1ccf1f04f956761a8

SHA512
4843cbb9100c50f0804f38d580d4841d6107377cc326023a20c43af56d692a6dfdaf6b6770f187bb598c67548b720d734dac834087c46d3ba016740d30cb0f6c

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
52KB

MD5
cd73266559f8e230358abe0d4b013b87

SHA1
ee37d98d04a099f91c1e9b0f648e55cd891397a4

SHA256
952efbe9d6cdd669fa6bfcdd0f7fb73ffef07568ee2e61068725872e0e0d24c0

SHA512
eb5538ae8b48a0c9c6c1d8e2c6252b61baba972a51c07c972f130fe360ad87e6ccaf9774409c0818ed42858c7d95a07f644944ed50cd11e0a1d3cdac391f1bac

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
54KB

MD5
e8a99f4d05052feb254a9f2b1837334a

SHA1
0ab2a2459d8e68bc51851e1705c6f9a4ac00eca2

SHA256
08f1df5e08a8470c0d1856ecbd56b88d52ebf80368cd29ada8c7b63b48ebe330

SHA512
00c734afcb9c6ddcca10e17359933d335fe7b1f370550405dd42e1bfa2533823ccead2816802aa4c0048898f10e38bc5bf322ddeaee300c997613d065f95f185

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
52KB

MD5
dae49bdd49b1c0a2251834744878b61f

SHA1
71d01da3a70093928c3b9a4b9c2dffc793fc353e

SHA256
112915165134d9d2287c5851cb5a3abc32fa584b96d137a45524253676019737

SHA512
d7ca6de23e186aaad6cddbf53d30604ef1a3677af49d52bb12c4b15360e69f2fd6c7c0a2b8dee7e112bdf1e250fc0a15f8e60e75ae84e7f2d314e0592da1843c

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
49KB

MD5
217f93427fd511aa8f987822ec3a786b

SHA1
63b44c28939cdb285cc29d0723057a0e9aa0be93

SHA256
0d12706cb5d27d1f596b2a140fc58db6cd6c3b57e1bc3a34244ed369d91a1b7e

SHA512
c40af682cafa5a31039d74bf9c5229c98cdb199ecf0b867e36b864684b0341b87f24a6a78abe6bd48761aa5fd471ec2069fa847ad4506337a24be8edfeb8a550

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
52KB

MD5
0d82da69d3f8542afff1703dafb0b8d1

SHA1
8b80638535d4755925e187445e900e82363b9e36

SHA256
180cf554778f7d608a192c961a2d5ef0d75e0aae0c14ad946c4fabe022973339

SHA512
c6d12201ef303257046602a8123ab3355c4f9c669257db3d6cc63499b13b1234beccf889ba5387afc3b4da84e3535380523af5aaca4270724adc28351edb7eee

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
53KB

MD5
766bab604dafd132630b10dbcedad38b

SHA1
1d7674133d6562e337841c4d02c943341cd8b199

SHA256
67865ebf72fbb1119e5592bb47566fbe8360463e1916a63dd08935ee6498d2f4

SHA512
180c57a01f6b0e70e2ef609153a79c9401532fdb3d711b72304f558dc4ebf699d23630d5a9424189c1005e2bafbe566b3c4be711b26a95cb656ae4d25eed3219

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
60KB

MD5
f3d4641d24b22a32814c4f4781c8c00d

SHA1
52770984299b3db9f43b71f6ca18df9ec5f53a5b

SHA256
de1fc6b7b927ab396fb8b42f57565fe724214c399f9230d40af3c4374a6cd072

SHA512
011f65443481889713b6eaebc12c3c31100d63da965179584310da862c501ceaa45f00cf81ebeaed1b091b3ccb10a82f79e1c22f0fac21ab07d58094f891fc63

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
51KB

MD5
369a0469f246554f164cd0e61b1b3f64

SHA1
abf23f33b18204c7fc33ae84cdbc77538ffe457a

SHA256
81d55854761295b75b1e882c9014a91d66a0cf54144c95d854dbfd9fac8f08c9

SHA512
dd404d3bd90d7d2572ab293fffa4ef5f468c4abb1cb6ec2c46a8a40b8f6538242d754855d7ef95dd743519444d3b3a2aa8b29343f7973bd1d69a2ba116bd0692

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
53KB

MD5
4b3e64c276caa1053fc03a35b85b11f4

SHA1
2364a62cd247e63267e1115569b6fc1ccd94260f

SHA256
a41897636fb83b464973d381794d8c6c0df96dbcf74d5c34454d90c3d3401040

SHA512
46e8b69cf22240e0e7f66932bea5dce87504cb13283b01a079154641dc598a2d6d6115da17c1b8b79d6f4a00f21b34c52e07a6b05c6af7e2b5b5dfe843079e1f

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
50KB

MD5
f9cf6d74f698e7c219d34f69b1a137a9

SHA1
8163f01bc5a3d32470bf8ad9819f80c0037f45a4

SHA256
1be5766981f8f47c440f87cf9e46542c8d333404d780bc0cd5bd051e31287610

SHA512
6c76d5120b79e34cd0ed0459aae4bbc8883914dce987d4e1380641477feb426736d6733ee6bb431299851fa7d79605a4ac7070bceb25b13266f4f57864b7091b

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
47KB

MD5
7bd93244e76d71d77e039e0e02bb15ec

SHA1
e55723045649cf351881981da7b4878e1edd9ad4

SHA256
84a4d7bcf3bdc9f1ede81f0be13e4aa7623f0def1013899944ffc014b7ef2adc

SHA512
689f73b55e40138a222b6ed80fb7610966ccb121f8e5c2db79626c4b84f588f0adde560fb88804cdc96184f6ec5b5dcac1373bd71cdc7f0bf297a1f0df11cb6f

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
48KB

MD5
bac8b033c84b7cf504a7ee10abd85afa

SHA1
c5ba302dc6092a4e29682ce1e2f448b0719d333c

SHA256
2edaa7c0ed68b13c240820e0b8b090a017077af5eea83a1908fed2cd2bf78e40

SHA512
73d6133a8ec75234197886e2275c5e135e2ddef23c5cdd158271751bd85942d82467431035fe478d463c7f6fa1a94117836f01c798c911d2574d315cd53ffedc

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
51KB

MD5
b9dbbdd4b526b28b481849d491537b43

SHA1
395fb0af018a16017f0087c626cedd27e36f4521

SHA256
ec1b8f5be133a0f82384a6a7ed4ea5caf30c52ff243294709cd83e7304b6ea71

SHA512
aeab71133be7a2da6030ce1d730c5882906a0903d50e10f13cfc0c1dfa54561ad827d8ba6989b9151fdc2a43a6ef65b2b9b770431744d6ee098ee3581a6acae5

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
50KB

MD5
4e3be530b97ddcc916d57dad21ee12bf

SHA1
927712ecae0201ab526ca5048890e57a09592d1e

SHA256
32efbd379954b0b2df3c89359fa5c17fa3b5ea93efbe0be8895b05659858e703

SHA512
3379dd6ca7b0e2d4fddb4ac81984f0c9f3addcf438228f73204d7f5261fd5af98351fa0b2b2e44ec8a140bbbd49e886c1dc6a8a9849fff746c44c895dcc5fdb8

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
46KB

MD5
07d5ee2f24f8e18e93f47cb47ca33397

SHA1
682f74c23d8a26ef2f2ea17abd39a11c85a05838

SHA256
a5c52714f0edce508026196791e97cb64b08e9135d72dedeb46f2052cba49e3b

SHA512
ef32554cd927f8c90212d1b4abe371cae26a93fe960b0dd972532b0cf035f233acd179285001f409bf66c835300830242008e54fdb8a659482029b3d35213a6b

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
43KB

MD5
6ad1c35bc4ff8ea0f4e3adbae2a0eaa1

SHA1
1a2188a2f81b00d117b7adefb412e8665ddc4d45

SHA256
ded04bbf5808fd225cca670ab23394a4d1f25b9d990b07d4af4a7c18d51cce37

SHA512
b771087f586702749dd14a59749329fff7a8cc0ddd7bd7ef4f1db1c38921454c3dc6a103e7a5e7e4e12e1f536a710cb26747c6f02e94f2ead6ee39eab4e9cd24

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
49KB

MD5
6eff1a843704da45ae167c99e6d66226

SHA1
25689a362ca7ed5cecac54aff57b6392ffe91ed0

SHA256
90710cea0905e08c6c86e806f2c509a53cd3ad80a45f05625f5ca9a4d9b7c9a8

SHA512
f96c7bef2d01ef28e6aed777d0339ff8bd9aee55fb049e7dfdfcf191f55a2b51a247ac4b871674b0143c14cba38357831a9c57a6771a9ff113b836a2a2066b0a

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
55KB

MD5
6eb30a47fa8600bf4dfa3217b72b4d3a

SHA1
3c8ff5ed9c147a514acf45a86ab68ef9e17be660

SHA256
5f54c06a8d3ff980eef69f2416fea9db010efb8c46a5ecc04cd38d55d3d76645

SHA512
03a1043f75f34207c51de573b7635cb69584b1b856e2be45627b73272dbef60e89eabc00529631dbd5c15ee8febeb655f26896584f364391c051209ec044e46f

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
46KB

MD5
56353f93f1cbd4bd34da968bcd44e752

SHA1
b211e4bc9aa3d5771107cbed43122011721bfe93

SHA256
10e5810e72ddee0e3755ce1581247a5d30619be3279eada879f38cb3225c3d95

SHA512
34443173237ab3e24a993942f7031e41f93cf61b96eef403e067ed6cc7c7818f9aa01572245baca2836a85c952c3efb9569bf50ccce827a59d3482aff65c7318

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
48KB

MD5
df9d1e4426ea8c1788c4d40816dcd934

SHA1
b9eb78926f9eaf0bd8a84b2b1de3ae2edf17b726

SHA256
98db5aedbed4dc776c5a8b1843a6bc1c440f429a2c6bdf30b254645eeb69c044

SHA512
d1df99a407176bbc73d248497eda2d0821038b506cb4333ce72a5914978f71c8920faf996c893479950d7bdba1609400435999de03958f20f585307901e30c64

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
57KB

MD5
08e53dab50b57cbc4621cf3018753002

SHA1
e62e0797df595fcd5333b20e1fe0c3047862189f

SHA256
394698f75a4d12a27a274b41755df7fc5cae44e64e3e320e126446dd2f34452e

SHA512
ec7b2485d2f02c73c5bb95993205f599b85b87399588d79391920589b2b848caa43f02bfb53b707d8bc3e592f9e2bd36723b10744977bc38c667a5ffac9c9e43

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
46KB

MD5
d693130b21cb2150ebfc285553fdfabb

SHA1
be2cdf9b24bdeae049594ee215871fb04b09dc00

SHA256
caaa967c2fd630259f17e7ff671c3cbeeceb583440cbf53251fefaf516fa9477

SHA512
4858edfee7730bc7fc27cb7f1c034ca2979aacd2aeb9a65a2b57dca6a3e44a5521910609e2080b6e4288c88c42b3a8a190cdfc66b2b78cc191ca27dc603f6642

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
43KB

MD5
27f1b4d13edead22b4ac1184addabf36

SHA1
b96747c48c29b803aeddb82419bb54c703d1e926

SHA256
fcbb95a43a226f4af6d2ad9aa596607d44158797249049c9d8cbe69e826f4208

SHA512
facf562226a795008830384ae1dd36184c896f90f1130936b21895fa544674e700fbc1bede35cb7976a1f041d5cfee9621ed1f2cf1f47d6b32b497abe2404a69

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
52KB

MD5
4709001d3f454dbdf377cda0cbfc400d

SHA1
bfe5a1138477ebd71e34dbf7333ea8c8b0712dc2

SHA256
24be1beff9456728cbd868f4ee320219e82f1c60fe29189b4f7f9e30941fd516

SHA512
1e4a5a48e124ffa549fe3b81c075cd79a46e2466b6458812c6245653d6e998e289d45660d23caec8e4d9ff70cb1dbf42347de155554371f96e32772119c73680

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
51KB

MD5
937fdffef61d5edd50096f3169fd69dc

SHA1
8e578b381f46f52c13f2c88b98e14b89e66349ff

SHA256
cf8d82ed2d2cb5a68d6b6cff07c1d0c96bdceab5e4a19d5bd1a690f5bfdd7ae3

SHA512
de2f654c9f4f95cba329ccabc84a9d1294064af1376b7b81f4cc15798309f675be2cc6f1d97a0bba13396c6a1b1b6bfc6fdf130567c34883380b1b811481b68e

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
46KB

MD5
2e1b895d8d4b256c102223fd778cbe05

SHA1
3faa1fbdc8847a30cc172ff1245ae9d631c721a3

SHA256
54482536843ff6d0c06091b99bb6743b27631d4d78e7668d0384a5d2f13f562c

SHA512
d16c77a72fcf03cb00b8e7cc79b2585ec7ece0c9e3cf9e0bf8f8da5f3640111b2d4f66daff57f39dbec08fb1de5ad6fd000f52131d6998182e6dc14e12ed1247

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
48KB

MD5
2fc8b76d6d6ab7906ed8559aba761826

SHA1
ae2501590edf72b21e0e2bfd5d33c859bafdb079

SHA256
423f5352d3c2dbee17386b05114597ac466be5b796e3accbdec85713525dcde8

SHA512
36f25329ce96d711697c9c86673300c8f9a70c32826866593eef3864e06a85f55ae40bf549c3e423a62ff72873da59b42c1482579ecc513965950f7add4e2390

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
48KB

MD5
39964709eab6f1d37a9113f395dfc386

SHA1
dacf8bb1b778240540bef41d63d5b2b0de90719c

SHA256
2fb4eb371afbc058a430342be6e0d56e783d6519e0a2c4f907e76977b5fa6a77

SHA512
bb2450829c361aa1d2fb9772304ed05038a19272d63e60a249f7fa2df4c7eabc0f06422958ac555a9a14441737f9c61c44aa6d5fbe95b6e11f9301249f0fdddc

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
50KB

MD5
9e878b9722cfc8818aea48ddcd29d3b8

SHA1
bdcb01992b9e5ffb7b739517df2c62f982527d70

SHA256
895c305b8e247ad78f1b9e86df999b263a189c99c1a09343314d170e477cb92f

SHA512
72feb0f738e558ff6f77964b1c0f0a22b21bcb9f704bd26237e66ccf4dd4b90d6385eb25c8680ed4480fc31d0ba893cdb788c5be1aa9907249b676c6ab46ccb5

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
49KB

MD5
88158724786e756e312ce6e04fa5f725

SHA1
12fe518beede5078f3a7402c81eb02a8444321db

SHA256
592c742e63f8880c078fe8a50ca9c048d31fdbaa056c99c028379fe8ee691954

SHA512
dd8211305e3b9c8f8131591f91332dcf3446ec5a8275813fb4386d35ed35fa8b69cd2e9a33e47109694671b47f5ba07c6600cb549ef2638dcee290a1ec8107f0

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
56KB

MD5
d51162cb18548370fa2189162e748841

SHA1
8894816e89d7dacbad887acd9a32cf5aa37ac240

SHA256
97e1757b44d5baee3f58869663f73f37591b07f4231aefa3e24c948ec7278102

SHA512
feb7e069035f4e4726741f0e1798b70234bb25d0d381434eb208a67a2fc84e9fd107dca8b261fa8b3858ad59681416aeb6f3f7f9f66b21f224c7fd12bd690f33

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
47KB

MD5
864200142ed68b51df7254959fa53878

SHA1
3fdc49107033f655b0d4ed4de52e0572cb9d0da6

SHA256
b6667c2f83a2f7e5b605123f382b712ea2b764442a6d95a4ee74d1a004ef8df4

SHA512
bb1a8f847e43d40b5aa3b3a9f88e838929bca48e63e13b2baa82d4d8d468a8151f82180bf21836868f90e6115bd469461107513b02db9cce8c3c6c725fffe9dc

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
49KB

MD5
966abe4661cfd286d6d1d6ec5b4cecfe

SHA1
235dc1d33478bf0cc728d3ce73d4df6b85c770ef

SHA256
b3e9965bc39fb8a9dcb0436310d0d8698e66e5ea84ced07f71759a872907c28f

SHA512
4b0f27a0ba67026f984b2d76672272280b71eab16bfd22333113a1a73277b47e13becc637cf2c4ffb32b0bc7386cccf8d34fd2df8dfc2efaa0f3873cd5b09705

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
46KB

MD5
816e95127982a85826347ded58fdb925

SHA1
c5f12107457d989327c667e94b6b47454f7ecd26

SHA256
d5117db6bf906eca989247438574f59be4f86fd61e2ec0b4d3cf168af1141c11

SHA512
0042a719d558fd3671c91b99126d97b50683c1f4038c374253c03cdc9afdf4b74a0ec28a3dee9591de54f350a15b6ed82d7bed9abea0973c50fd7320221db555

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
63KB

MD5
2ca75b8add75ae28faec6bdb224143a3

SHA1
36f8959ae0fd5d7e24054121d0946c46ea866662

SHA256
71d8af54816699b3b859c0390c83856da3272178ce25f80d554e540045430784

SHA512
f4a6c6bfd7df116568553de99044b4f8c148ffb6b59cff01a16dac2fdc917b8cdedf4cef305160467b40fdafddbef6ec5e72d74d8549e6f9b14e380addd12402

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
43KB

MD5
054ccca8566f786120e73b7c109f2be2

SHA1
3411d38e7dc1e956033cd4d4da6b3193b15fe594

SHA256
b5b0f7dd80978a5349960a27fb2d3c9766ece6c08f269381781c88b120d117c6

SHA512
ca1c0d2c03d00e68a22184ceb9a11552c50164bcc5132ff7b09b105e74874ec81deafcd1356b7bfe15286d616f23a7efb3057c6db207998424b1bdc7471f2b18

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
44KB

MD5
3fd2788919fafcbe77fe27fe80c869a0

SHA1
bc9f0e8afb51a6821919e5388e8cc25f76a90d68

SHA256
663a7a5ff562f20e0500a32539da9f41c5434353f9fe5deebd4fb6ece00caaa6

SHA512
7ddd09546f1dfa0f29f306bfe6e247a7f5a812c40784c18326e589d8a00e535a51c31eb5906da59f6f305981084f33ffcf5ea35217dc6ea81de31e1941d95cf2

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
51KB

MD5
3e834c60888db1a7fbe17b8e4c941147

SHA1
7503c15fafc287118276860b7f53ea2c2b204e76

SHA256
609a08400f3873a046578c5c289bd91d636378eaf6704e0a602ff8529b91e770

SHA512
0b9daabddc89dc3bd616dc93a68dbb6eca666117a1a1784d8e92659f17f3701b5c4263b17be0bcb444996ae0b0d984f7dcf8723d9901090dcae387519b5fa693

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
52KB

MD5
f108c1ace531ff4dfd4e5c9e91745e7d

SHA1
5051660ab2d55f36df98ea956e59b0fca73c3ad3

SHA256
db2c52193d91b7c8c093ad1f117e0244fb6010c3f9960b35e9cd1693537c3f48

SHA512
bffad6bea5db9defeb40edc31bbeac643a3e10b288c79f65fe968c40e4f5b8ce1ec9520d861f2b4cec145c10df0f2aff58ca624ce0baa6621a9398258bb3e557

Download Submit
C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

Filesize
43KB

MD5
b4bab70a0d2a593e4768c78ea08ccda6

SHA1
5338abdceebeadfdeb9f4fc2af0947dbed39e7e5

SHA256
72529e259b51984a24936a4c830b6c292ca62f0318533119ceb0d6c98355270a

SHA512
4464e61b21f3eff727871ebc0f0eec31aa580c47a8e50eefa509d36739fb37874424477afdd92727cfab51791bd1be8b899dc1e7af9210b193568057015e6ce3

Download Submit
C:\Program Files\7-Zip\Lang\pt.txt.tmp

Filesize
48KB

MD5
d1dd6d8fb41d68b3309c2198b59ef314

SHA1
007d20899b3567a1931b88c9d0218f9c54040d9f

SHA256
db510396709565fa4e73fb03fc242ee306152c8aaf3e6b302338a1e2ca664dba

SHA512
61315cad796576c259469bbe8b89cde03bbf5428116ec1f7b12b0be19e96ffbd3471b24c022226cde22772cd302ba7bcbaea72898d5e9e57ff004ae4391df3a6

Download Submit
C:\Program Files\7-Zip\Lang\ru.txt.tmp

Filesize
53KB

MD5
0d885f45fd4b4afb5fa109e55343a521

SHA1
7129002c677cea6ef54361b8a0a487a02a576741

SHA256
06250542163c913169f814308a68264dce1c83b80d6f28f80e64d9d97b08cf4f

SHA512
85f305950dd17476cd8bf612ed136e41a3ac501a1f6732f94398e5f8a84d8e238dc96ca0255619710bc44e8a020b47fb41c5212d5f327662436e2121e073cace

Download Submit
C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp

Filesize
55KB

MD5
1dcbc27ca303187b6f475d218429ca00

SHA1
2b4ac1ea9068f2645d8d56bbff4b3705344f4754

SHA256
4fbced8cf708be169c86a5bbc5a0e3dfa6882692e0ea05136995c8ead4cc7658

SHA512
d55a12257b5eda4117005514c56c77dceb909e97974e7bd74b28a26ab66f02ec943d6a68baa498d51f41c9533980a66f07756c3596587fc9037943b403674d32

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

Filesize
43KB

MD5
51ce73b2357c8855a84005b0b61a93e2

SHA1
81cc53da0dcf35831f47c32bdfc4c1d27324179c

SHA256
864663785823d960dc07da6f6f5caa58ecb41a10db090a5b151893ba87cc5071

SHA512
2e74e22a1e740883115dd7e52b04d8bb299b06ff68fb6bebe508359c6a09fcb2b33273e443faf85b3c049edd3480041a34958c928bab5043902c328d94810c12

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
38KB

MD5
2ff9a2f735aa7f9515f61c3db56edcd9

SHA1
39691988635d4a67f50516198518440802d81752

SHA256
d22ff8ab923737dfefe99127dc4c5148b4b3d88e69909aba1785388ba53adf0a

SHA512
f006f3929a283d435a5377c8722da0bf8d08d78901ea617b8ceb9c70985e0adc9b35e56f5c128cbf37b6a620fda0ab9a9324bd8525640c7cd9670a75bab8fd5c

Download Submit