2393ccbab07859d4dbaf27845e1d4352170c3a472da8ba11056ae523248ac3b5

Analysis

max time kernel
120s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 07:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d28711f21375f36d439c5df7fa10a10N.exe
Size

92KB
MD5

4d28711f21375f36d439c5df7fa10a10
SHA1

360c45a74fbc0332acf8544ee4d9e4506b8be066
SHA256

2393ccbab07859d4dbaf27845e1d4352170c3a472da8ba11056ae523248ac3b5
SHA512

931c3f74ffad82eeaabd4d6b5db39ec27fc1857b273dbaf295fea28627a1c7a7e66622372f4d0afeffa309c0e7967d91cda39a986719c34bf743e83a160f64d8
SSDEEP

1536:W7ZhA7pApw03vR03vcltdtSsC7ZhA7pApw03vR03vcltdtSsk:6e7WpwYRYUtdtSsGe7WpwYRYUtdtSsk

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4691) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
2920	_desktop.ini.exe
4924	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	4d28711f21375f36d439c5df7fa10a10N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	4d28711f21375f36d439c5df7fa10a10N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-100.png.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Common.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Design.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Xaml.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jpeg.md.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemCore.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSOHEVI.DLL.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Primitives.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Presentation.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ConsumerSub_Bypass30-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow Orange.xml.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\msjet.xsl.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClientSideProviders.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected]	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\classlist.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.ZipFile.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.UnmanagedMemoryStream.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-180.png.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\FOLDER.ICO.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NetworkInformation.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\w2k_lsa_auth.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.HostIntegration.Connectors.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\en\LocalizedStrings.xml.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationProvider.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office15\pidgenx.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ORGCHART.CHM.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Json.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\verify.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as80.xsl.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemCore.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\COPYRIGHT.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic-Palatino Linotype.xml.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\unpack.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Consolas-Verdana.xml.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4d28711f21375f36d439c5df7fa10a10N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_desktop.ini.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1112 wrote to memory of 2920	1112	4d28711f21375f36d439c5df7fa10a10N.exe	86
PID 1112 wrote to memory of 2920	1112	4d28711f21375f36d439c5df7fa10a10N.exe	86
PID 1112 wrote to memory of 2920	1112	4d28711f21375f36d439c5df7fa10a10N.exe	86
PID 1112 wrote to memory of 4924	1112	4d28711f21375f36d439c5df7fa10a10N.exe	87
PID 1112 wrote to memory of 4924	1112	4d28711f21375f36d439c5df7fa10a10N.exe	87
PID 1112 wrote to memory of 4924	1112	4d28711f21375f36d439c5df7fa10a10N.exe	87

C:\Users\Admin\AppData\Local\Temp\4d28711f21375f36d439c5df7fa10a10N.exe
"C:\Users\Admin\AppData\Local\Temp\4d28711f21375f36d439c5df7fa10a10N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1112
- C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
  "_desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2920
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-786284298-625481688-3210388970-1000\desktop.ini.exe

Filesize
46KB

MD5
d367061431564aebc287c70266b52474

SHA1
2a67eb30ac93425fea0dfdc692c8f5b92eeda0d4

SHA256
8cc8b71009449c64870839bba23dc9e309d2eb1a3f9dd772bca2c6d08432bac4

SHA512
003e77ea41e0df7a88dfc09c52d7956cbbbf964fd7a3612b7657583ba6db0015825a578c54e7c0846f346e1a41e171da218a7a15d28e860b1a904ad0fe843c14

Download Submit
C:\$Recycle.Bin\S-1-5-21-786284298-625481688-3210388970-1000\desktop.ini.exe.tmp

Filesize
92KB

MD5
a56cc40d4d9c0a7a5cc04925400cf2e8

SHA1
d93a558fa5decdfbbe8651499dd30add0bd54502

SHA256
afaed2e9702a1c0760200e44b33348e50905df8042228d283c2ec12d559de5c9

SHA512
cdb0657d0dc77a1c688e2f3d796690af5ba930c301edc2402cadfe0a6a17b006986c4d30388631aebf3341d4c0747a86ff05a7ce3f6fc1fd31002c462ce5e9cd

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
158KB

MD5
9ae123fc07cfd2a2145596490fc2050a

SHA1
df99d4b1436724e2465cfcf0882386852a795d91

SHA256
a5d76ea6f2dcc327c8f4a86e1bb986bd0199a6f2260aa74daf4daa178dcbe732

SHA512
0cf8d72cabdc740a15433b76ae056a729f6f60f4bf5dc73a91fc342b4e889ff016e52636504d3d7e10290dda132f2f74a16e31188397a3fad9ba1ff9a56b1b01

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
145KB

MD5
0c62b5a11c1c527437d483b626a7a4d0

SHA1
8b6582a11e47b8f83cb546421c7902cdbfdb09d6

SHA256
b910f05080f8ab13589183af0624f884966aaa3fc0006527c98474bb40a615b0

SHA512
a5a0a4e8f54614cbf72be1bbff3a90c94492736f2864ea4a119f16021bd0349cabf41fa5408ae4ad199defa9cb7a04c6343e426fd3791c559c250d3202e1fec4

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
111KB

MD5
68865042a94587c4543aeb25bfb8eb71

SHA1
4bc99e8f7c4f49a79311e8f4bf8a15d4355f647e

SHA256
a2112db8bb43bd5a46c8f5d07c0734a669995dca3e5ce25ca44a24fec4894e62

SHA512
4c2b9daeceafcd5ebe4fd4adbfafe79e00a4b9faaf6f1dde78f29108ce89f443c858831f2e4899d2a27069b480d15f75c4036e19b9e0d6c1c787d815e58b9239

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
17ba7311a5f1411e0e76149c5080739b

SHA1
83d1c4142c3c20d53ca57e582a0d406cb1c13f9c

SHA256
ef85c7e732d10ad6134414adf431d4894638c6a9433fdcfb9fe039cc1f0ace82

SHA512
a14167a804fc58cc59fb72dc0cf89e761b1fb76497c7dfb66ed610bf520f6083bcde6b31fcc099617b253d0b30f7dab638d43292082eca4da9936a98d0ada2fe

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
590KB

MD5
24334a9aaddb1ff23e8acd0196078f6f

SHA1
0ee4e976ca3a6750fe802bf4572608b3a77f531f

SHA256
8c496d4025c4a0f6aeb177e7474f94b3576ac909703d4940ec4b718232917375

SHA512
53db9f13a02c5f721bb188663f56ce5a4c799bca9293570baec1cb9d6fa082acfd0d269b5741343d02d0fa751c11dc53ac02945774da4ad84409d7eb7724d911

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
234KB

MD5
215c66480fef4df60d44f5b807dd789b

SHA1
1915cc5f39a7c5f09a6df96a8c5b44579bcbddc6

SHA256
8ff65cecf86719ce2fbb2973592f9989ca5e07a334ef7070c87b99235d5bbc48

SHA512
8c5aa08d9bb493810fb28243bb809b9ed9628fbfdd53aa390f29b952f475cef4f217e56bc7aa7556e53be7d012ebff91d4a0ee7e1a8cb582907b25341ca31f90

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
976KB

MD5
c0e6fd24a415a5b619499441371782cc

SHA1
04cbf29ff074971a216920bb3ee92b15dd5f8aed

SHA256
a7fe48f8cdac1500a4cb61cb4fb65ba272636b07152b01360a394de717ab8f1e

SHA512
536385de483b7343deff46bb899f3396f4e45d4ac499171d99070fcbddc58a1d0a9b082c537c6e2d45f3035cf5f41cf22c0702cff626b6073fcb383f86d73055

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
103KB

MD5
853d8c647efddf306d5e4b97f4c559fc

SHA1
9f2307f930b82dcb9f4f2440ca8d0807abf14cb6

SHA256
51f3705bbe85ef668d3ea0e24a90675edbfe88b839bb72d855d7b33d5912a747

SHA512
d15b23f5967837922200f28e2c849f844048dfbd335a7b981a9901d7ff3484db852898bdd398239559daeb9dc834d6169d2777ee30b74c2e50b96d048030fddf

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
55KB

MD5
17cf1d1e422d16ea664e7965634c1b3d

SHA1
069c015bb60316fb945667cbdeba18419e62f758

SHA256
e7255c222104b0eda589adcc052226d2bed6d9571a5edcebd4b349b607821514

SHA512
0cf57e14b7f7126e56652269763f7fd1567c34d068f7622584e85fed71659b241df1ab01bf91902c46dce50646cb226bd47e062f003b33857ffa4111c3370eab

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
57KB

MD5
18432ba5b045c038f2072f61dc59cd15

SHA1
910e0474d879f76a895292c15623ac11e69978c7

SHA256
bb55ddc7754a15650c3e2aa102da35cf0ba58450052ef41a647273a2a0550008

SHA512
806f9e8e250607196546bb49bde9b6649d0fd7c44fb0a0fbf2c90579c843926a0a757d305e6b59935f9606fb3e3c3f9fc4e7b36b0c700700d71fdc17077c143b

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
60KB

MD5
d5f2def195fdaf3db687b87bec5845e1

SHA1
64981305424c2dc21971966b9c91bfbf87cfd54b

SHA256
0a6590a9de7bfe98d37277050b29e3a8c4b374deda2d33a4834d8a4cb3204511

SHA512
c8a746d19f2cd3fc07c5148a7d74d219114059a9c9b9eb950f1096c614e5d89ba1a495bd31d7454490c083f64cc246e8e3766ac312f0cdc6eaeae8445a5cbc4e

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
51KB

MD5
05f74d3e33669eb0b44b50b9991c9529

SHA1
b01ce726176f3c82ab1867ee4ef2c69864756a1d

SHA256
fb0a86e4d7456994bd8b3467d39e37aee8a72d574134aa8016971aa761862bb1

SHA512
ca0c85b02319bf68975233bd83080e2483758cc9416589eedb5fb84b5a9666d479151cdb778938f32191c91add6ec02190b32258711c81eb219f1137bf3a2544

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
56KB

MD5
d755c860d2a4cc749766796979fd4bb6

SHA1
e3df5d3d83c22a7f95bf560a842c2675db2f613a

SHA256
75eb97813221b323b42d925b9335ec36775610d3cfc8ae84c049c43a40ae0228

SHA512
aeea0f3ed3f5b4b848603729b7f8179164b4ae9f73533a19f01eb9708f82ce03c30a48aa68643705fa538e81ccafebefb86cb509795c1abdfda20cb97b965be1

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
51KB

MD5
aab975054a3e79ecc328b07f1d52f6b8

SHA1
b4dd35991b6782f4b082c4b07fa69b83fb61e7a5

SHA256
d107e09871cacff68ba4143545f412b284cb66616eefcd271e8e534a994680b1

SHA512
4ad2ec58e0535d11e9ceeab800836bcd9f210979f269bc08d60a799882753b397b81a577a662a300fb4d06df8af79b8b4566a2a7c4baab935d5dfa881bdda15e

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
62KB

MD5
1c03d5f18a69051b8a3d3d8c06677404

SHA1
c8805b62e1591b5685627e69c8586fe95afe8eec

SHA256
d809dd30daa5c00830a9cc22bb704193ae557f21fe05a96eeeb74645a8eb8534

SHA512
ed778866446d236163038815020006a831c0b0ecec1e76ca09c5727e04e7efa76d4b358e3ff8c8082c11a104f1fb06aa45294a5726341af71e8ec0d784a29d71

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
54KB

MD5
d079c4b71a6bb76098c9f82b4d2e7b99

SHA1
d0e0a78a77dbcb6a9034018404ea40519b42b403

SHA256
10f2a3ee4f5557858795bc88b30d133e3409ce8014e7775d6db3d3cef9df8dd6

SHA512
1719bcc98950e465991c10cf8f4448078cc83258461b681eca78682d89085fedf5b778ed3bfd2ef9bcde18e2f074dc235178a6ff76afeb5b1c68f489a3af765b

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
51KB

MD5
0b73d7585ec0b61ffe3e5a4c8552faee

SHA1
dd723399e9878ab40582a3cdad9152e6a1e949e8

SHA256
8d1ce812dba111a5fd85b5d53f65bc8f730e0928af683f2cf72e7161febff59c

SHA512
386e6b1cc64fe2b4a19a555743f7a52a1379403fadcaf91498262dd5514154f91369b969151edf40185a46c193ba52667801ecf586fd44ec1269fbb2c512a00c

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
52KB

MD5
1d36358965a3a1e38b8561b7c5ee9885

SHA1
7675a0200108c8551d2e0a28150b4446ae9f62e9

SHA256
74c3e350e9683ac9aaec8f5160587bf2e25919f122f6dd7bf7e9d0a36729fce7

SHA512
f039de1d6a4e3591b84e2841a92929f790684ec83a82d66d07e6a45cfd899c82e4059ab655e61b5c15b9f3e9e3b977c782d8b10fe714b7fce68f131c430478e7

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
54KB

MD5
da0e095ccb5eb355e573ac7c87edfd10

SHA1
4abc957f086c9b6a1138ca85ece8cfd0eee3ac22

SHA256
674285855f3de55aa52e219b8c829749ddee5108b18a5f2c02febf37c9977b85

SHA512
c33422fc58d4dba143a56e3c00e64075f55d64b6b576949e66eda91c0dd3b0ee8d7812f0d456d6ae06a9a612df52181b856b2f66c088d29ebafc14a0484f77ac

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
46KB

MD5
deeb5c868adb7f5b40ea97ffd2fd1e63

SHA1
3c0b621202c8bbac601f25fd1c114845d833831a

SHA256
8fe2025f7fcfaed90e39c84bd585b80f1769e610b541aa3e9920ba88ae44c194

SHA512
34426b1bf45ef27d761cce8f822f88fd205e0f0f34769cf4bb44f24607eafbc4f704c26efed4cb125670896726d6c159ee5a2622b382722c36a5f502f732521c

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
59KB

MD5
242832b850816c2a8e9a39e6ca6f9d83

SHA1
547819ddd643881a3fff0fe96a259da8b5c102a2

SHA256
6339be3fd97d1f88427c987c8130d495531d60ab7078b686e1894c24e046e338

SHA512
beb0ee93bc9939190541ea3fb82557b1cfdcb99d290e21688d972f00680df09d102c87d5b166063b0655b1e9e0711bb6ed979009354692321e7320849741ff92

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
53KB

MD5
2c122cdeb0f8aa68def8c09363374085

SHA1
e1e1cf1d4f48f1d8f7472b7fa378611142f4a2ff

SHA256
5c02a130c75116d71a58a5da728d5cc5606517f0617f2f239f913480cce80570

SHA512
91dc1e3a8e038af6f529b1536363efa265bce54ae7f49c2e792582d06b8b7fb877ff0fd6a57efcdafc832a91b0cdf4a50d8c29ac4f66a20127610b506cf5f1b5

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
52KB

MD5
071fcb3593c5fe6007e6a7a0b9347d28

SHA1
75eb9034bb0786260ec3351125ce081d12184881

SHA256
a25c5b7fc6d5859c7d96ce773b7117a1057d2050b555ea07aa895bae679b300a

SHA512
f436cb502d31e30af72b31250e7f10e925c829402b58a4c4a4b9b048f11aeee1209635d80be2c579f961691ed56730e7509c8618ddbff7d446956fffbc5ad10a

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
55KB

MD5
b6140967fc653bf099a2ce348cb685d5

SHA1
5b119f276b2dc124a3594414582d4b41d3a076ed

SHA256
fbbf2b1bfee13391871d851955317d7f0aeecb0d882de38d7b7cb5c8a4acdbf7

SHA512
a7e3d14c882ac13bc6d5db47b2d571676774642ed29f20104f632f6fff54c988c176aafdebf69cebfe4530c8e8521da01aa2ac87997df5a5c621650781d706d3

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
63KB

MD5
68cd8c35363445252321d3f38ce1b82b

SHA1
28f21749c104542691619896888e8e351015ae88

SHA256
05a8a9e789b3a3d1b8a67063f16ea665759ab398e7f635e5633591db401c6c7d

SHA512
2246fb7e1cf03ad1870d3bf6eba124b0213cd69e3c67ef7150c61c1dc50bf9a714bbaa31cae2ee49abff4bed981dc5ce27aa4df468afafea09713253e81f80b0

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
57KB

MD5
1c5c6bd31be7fb5cb7c0ef2cb3b7f22e

SHA1
f9b8ba07de696c5476c24080c1151fa28f2f237d

SHA256
aec4b9ea4303a9c6d4b6a681478c6f028f4affbfd9a2349ffaccfba5dabb105b

SHA512
e32e31b897ad212db0aa0dbfc228d8bd329aebfe17d71e52a47330062ff85fe3c4a74cf4969d84c358bc25c3dda080de0f2a3106fadef5b2c1a0d6fd19da8ce0

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
63KB

MD5
df8f80675b8aa58f8aaca560183e9be9

SHA1
74411bdd34f5ff1da62a0e38b0c65f459f99bd5c

SHA256
ca5b038d22e3d4faf658858a1056b67b73bf9a52655fb71bb0568abaa11108f4

SHA512
7f0f7832c58f03fd0dababc5bfe3f238e53e7d705a5197783bb66f398da0401541aa622e316c4f1a3ab361d7591110da76a47e31425dd0308dfc1943c6a130af

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
54KB

MD5
bb619403918bbefb7fb216030307889a

SHA1
875a211adf67e0c7ae5d9e4c24c784db89326aef

SHA256
e20e7ab54b635a9ab35ce2f43b92e38dae06a5d2a86e014020e567b0b908eade

SHA512
d3296c109313e055ace00cefcba46a4222efe6fbf8d65726b2cc69af7500c9427091361ffaec47da71a5c6ed24ebf1d854d23c318e533baf773b5cf0af878410

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
60KB

MD5
4e71861249d46680867b5563913a4b29

SHA1
68035e0ca90684e95484e471909c76a7261f2bef

SHA256
c66f1dfc6eb19ea331495dfc8e0814c105a00ee7bccff009177956bdabed8c50

SHA512
fc0c464bf4e4e9a91a214abd3538e64d16bbe648eb9c3f630aa7fb8d40ccc30cae727943bd4c7621131160c1cd940255aed426fce2f0d13376e620ed5f33ffda

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
54KB

MD5
3971ac528e1f590b1919d30211c91960

SHA1
0417f6c1a2c056f74f20e68f79daf7d5b6574de2

SHA256
45bc061f6c392092e65d630c2be7eb6b97e3bf5f293e139c7be128445aa0fdac

SHA512
41badfebf09996028df2f5acc91f151466caa91c9471dd868df50c9b67b39b2bea598afd6d10b8e4eadadad2856b9f209bff1c42f81afd3279092674f765f1b8

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
55KB

MD5
d982c5d92384d335a0a1e256ad640c06

SHA1
835cc114d8d5a927f58bf2512193924310974390

SHA256
48b494d4c79613e830fac8cd858e4daa11e23b3b4fe7f37df85922b84296885c

SHA512
8d7959b2721e213aa2edc9eb53dce49c73ab0bb8ef640dff58dcd1c5c0aefd97d9a764114ff3caeb56761b9359a2cf2e28fdddf6d21a07c0577378990a0fca73

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
46KB

MD5
f214b2754f67b9f0feb4d3ecd76a99c8

SHA1
267480af761e47d220cb6e7804cb94c1e61ecd21

SHA256
008ff9c35076193b4ff01eb0b9138f976117c8b2c45a68a743fb37b07a9675ef

SHA512
8a09391620545e7ab9f0fbe779d081b54f2604118b13b45c62a59f89157d526469da67426b57f0545b8e151efdfbf3f63f8b1d6716caf1abb9aa830838b85a48

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
64KB

MD5
4e0326687dc433a1c9f2ccd96920e820

SHA1
20860a4d781795d9ec136963fad2e8741db76cb9

SHA256
2e95e4d85dc5d54438746b85914829510c1bc3aaeb88ba0627ad2a1ddc6ef2de

SHA512
4dfc6d5add96ecc1e24960eb9b9e235ac94c43cd7939a9d85c27ed11df0a7e9bb230f3142c44547eb79f9321cf53b261532432c18c439c64e5365a2d8ed401c9

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
54KB

MD5
2557395577ae4a9aebac1359968a9a54

SHA1
0d3c6d756d825e77f14bea9e7cba4e768783123f

SHA256
a528f8b34f5654dd386269e49ea5b8b5ad47e64c944e9280a3990d4297709a46

SHA512
9f65b68b13eab53e0a1b6c5d0fb157f8a8acf2db74ef205c1d9502f10c123f86d6cd350580186ded394d08c57f893a202d901fe68c7cc75823592cc6079987f1

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
56KB

MD5
8b721389ff5c27074a98d4d69b658364

SHA1
1280402b7e3b0802deeb2a061a4c5e7665a91805

SHA256
5d11a104cc4be71acdb4094c4556163f5088fab9d3c26c4ab9a5baa7a1e1f194

SHA512
57f7889613cdc94ae747cb1c10e1769ce22cea851293f784ca37411b19013e0f83a392ed91c6d3c333ee323cf3240dd7886ee83981ff6890ba22a4f56109b874

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
56KB

MD5
7d7ddf770dbf38281886738f757baf54

SHA1
0650c211e48bb3496ac149a33f62ccc615d74641

SHA256
9c1cf93468e6331f48118d76c3b46c0c13bce8aaedbd3de7b0f6b031fbbc63e5

SHA512
c9613d8241e0d60d3504ba3a9d4ccb987860cbdeece77ccd23876467c85fde85ec8bb17663ccece38ca5f83329973759562900a5fef0110dd94667ce808847fc

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
58KB

MD5
bbfa268a5fd2fde664afccebff2ef2f1

SHA1
0c3a836fae0ede6c9603e547cb2881393e458411

SHA256
a2d575eb725e46d6b11ddceada808a80733d111dfd5356444d6a21f859d59b8d

SHA512
336f25d002d7c8972f6e24fd882be643f90c7064d4f95a417e91940691f81a1800df3e4aaab1606543d2db56390f9ee9e5e522bc1336d4b148dfcd4e33813099

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
55KB

MD5
62c324aee6fb56bc2eaa41a5d2f9ae6c

SHA1
cb234ce73d456ac878637ec2013499686dd2bb11

SHA256
3d341ae6a04599b923731e31de7df05476a0c6493d0d4ad2fb3bc660637473a0

SHA512
e93500fd8c1bd4491ca52c05d979048fd1233e77b7dc898842762e3ee9c5b2b0c613058d74e60ee6ef33b4f763313364c19721f99f387b937762275e8dd17a50

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
46KB

MD5
6aee00764cf4b1bfd07ca8d2ef0da8a3

SHA1
8c891eb122702358bbddd16e77be3290f4fa080c

SHA256
cfd87622572738600839d95753c7635191cacc04b62da1719e652938c210d636

SHA512
bb7cfea7404126cfee3df9b1a286a04d0a48ce7fb80adb29b1a931ac0b122e0cd4abb6512a4e9a022ee7780fd7c52ff06c8c017370fb2a6840fabb9e28a836a4

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
54KB

MD5
97ecdb2f92609d7f1769d04e9c394842

SHA1
17c2e469026896b4995495ff892e2bc40687cdd3

SHA256
1076bfec123fcc5623121f09cb7e3d4e1268dede77fa1d162e7380eb9e3dcf22

SHA512
e9aad67859c87aa3383bab763606b238d499a860204897e488a80e5a6d2fdc812e5c1ea6b337617eda7a84c01709f2bdc159c047cdd9c3dbe5bdf8fa2fab0836

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
54KB

MD5
95609ff5de1779d9f443749daade06a5

SHA1
4a0ef4bad59c63123a1be1a80a09134b8a908c19

SHA256
50357341f02a1ebc5b424422cf687430bd435e775fa04a4d0f9ae38012fe2187

SHA512
b1061c5999bb32cf6c445d34b022df001d7fd16d43a492eeed6f1927a2ef818b687331a7ebf063dc0719f2e94b21ea1b97536168c1997bc0402779042f154de6

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
65KB

MD5
6b55ae0801411e8c11f8526e6431b0ac

SHA1
c7d55dcdd4f932f27ef3e20d0c098a60f1369208

SHA256
5aed4d50e20af1f149bb2d5c2189b91dbfff33546d528119f061399b9d2ccce2

SHA512
bb97e1f26e54959644fbad083787dc5cc538f3b2c5700213f7bb58033f795561b6daa6a9ea5dffbdb692ad9fa9ce523d84d692950020265e20821af544be65f5

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
67KB

MD5
66cf97d723b3047399543f803c95fa8d

SHA1
e5d095e76bc5c697ae93a205bd99057d08f23242

SHA256
377313d37b973df7c3df1ce8006911528c6039ef0899644bb1e36925a063c314

SHA512
2a0fbb7225c5dfdcc19e132ceed303e39ecb7eef4a11b5b0073104185f89b36d726547f8cf5c646e0565cc8064860f263bc0537010063563e17afaeea4653388

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
51KB

MD5
1efe82df69b1eccef75698266d471f04

SHA1
b1b7137758f2c81c757e3d15e95c2439beabd8c8

SHA256
184477da28340a2873aa32f209e97c7f1a634f3f02954c503697bff6cb528b7f

SHA512
ff97071c711757d8230a9c9d8d27fa45dcb9878e4ad1484cb575a50c9fa6e4861b1330ffecc946d98940c6f6545a43fbfc1cf94e902eb813d50a8770e1620d16

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
52KB

MD5
f7ddc513506292010dced9f9d6b39c23

SHA1
c766c42d73f3a32e0258bfc8a7f34a519311da83

SHA256
2995d13b133b2d4f2a3aeece63f7d856e9a88404dfa77ae9de5d074b3c36ac2e

SHA512
e61cd134ad732e868b19c87c5b253e497197ea9043decd49d63c1ae0f5d2e3a7ea8fd65492ab3deba2f07731ee553c388badee203056c34ec82b67ef2e66f60b

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
59KB

MD5
ca47157720f986947148b394d7360126

SHA1
fb21155913c2c90b9b292ff418e95baf5e5fae3c

SHA256
61ff9b919329bf3a47dde37ba15b82f2fc16b008cbdf87ff718aee5e78383f93

SHA512
4e7f6a3ee1b24ba1c330ee4619116247862c14ec64108324190763973862b2e4267eeb156e0aeae7eb506738e6575498a6c5cf7ba6166377f7217e4e7f5866b4

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
55KB

MD5
2aa69a36dcdc4451eb1e882e624b04c8

SHA1
64b5656e3a6ecc18899f06a721693c472325a260

SHA256
ff7647dcd6705095e5ca7fdaf29cb742d7a9a3bc32d2df0306ccea4fa38093b8

SHA512
acf2258015d8f10975d793aa35cf5d69da64724cc95daebeeda1d9cfae1c33d81a69196699009157eb5d4c57b74f11e5f84e8293ea335a0dc37eddb4c60cef0f

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
44KB

MD5
51fa850650064807a1d5de47bf10cbfc

SHA1
79919fc4a6b60654ca06fc4cc65f2231d9f23081

SHA256
ac61d8cfda7d9535a5b27875126d89229e1511a914ed22787aca51e5f5566249

SHA512
f8888553dfe858ea3e371768e5f59009b39860756d17f15968fe5cdfeee2f3b80d249b95a6dbe9844a092af92c6b709ee50f2d8dcf73c07bc023e37cc2b6b581

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
52KB

MD5
62a39f2f71fe40d308cd45c4495e1131

SHA1
50ba45b7d8a5217f6ef73dea121ce3c7e07ff984

SHA256
8b3c24ab5b1dd691460aec662e2cd90465fe08b55e62ac18918de5f7ac545356

SHA512
9c7288143deb11185ef87187152640d62e4e216c5e8ffc069a51c244b58f2f56a3b14ad90b602101b8bc82e62b1d7326525004f66675a992685d414dd78ccf29

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt.tmp

Filesize
55KB

MD5
c4746b3ec15b34a350e4fc4a9fd4c69f

SHA1
9335ccf6966bfeaf50da5957c2927fb6d8f7a689

SHA256
769d200e17ee58692d1c17cef822aea46326e28bfac16488556696fbe6921af2

SHA512
6baa67778f25d66070eaf5c2ba3aab32299a07a17fbbeaa7ed5199842fa69d14fbb3d5b7a9b488682c4b2345666048554eb0770005d9f5f0222e8c2848799903

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp

Filesize
54KB

MD5
f0332642d662b872c5c4dbe507958c73

SHA1
bfb485eba116988a7bb2e1f75a392ad3d01adaf3

SHA256
72d622b3100d14561c03969eb6c828c5ffa27c8d0476c07ddc54c5ba518fc7be

SHA512
051bf8a2c42f06cbc04ae666f67c3ed0bf49e9f145761109c432c4c7f289860699a0097297ad4f9ab3c056eceed570f1b7711740e5282c667c80debb7407ea81

Download Submit
C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

Filesize
55KB

MD5
5ad03a40e829fcffd7a5afbba5b8ad3e

SHA1
b24baef114230c1b786255eaca95fb942980f2a5

SHA256
970870eeaa5431204e84828d86ca4c738786181ecd17344f1c0857a140803c72

SHA512
bae8711b1cf628ae2070cfa355ba6d4e31dff5d1dcb2fd34b15cbdb212cf77341abdd7b47c015e2f9c4ceeb64924a41e67c6447f518669287e735642f2c37782

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md.tmp

Filesize
51KB

MD5
eda7c28633a84b009c93dccadaf5bec1

SHA1
223850acbeb661049cd929188af06161c511d735

SHA256
aff168fd1f2de200247a2736c569298c389d2e6d05928b4dc34bfc74f5076a6b

SHA512
d1875ec347a2047188e95f0d5e9ecec6cd8b0c36d4c8f77f59ce6566cf2a6af79b085137e96628324e35487fcfb6c8c106d96a1704dbf2ed297ba7fec41c0fc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

Filesize
46KB

MD5
f0cdac3f519838861ef6df2b4c70f17f

SHA1
44eef0099ebddfeb0ba9bda502e94ee0ee7c9aa5

SHA256
854d8458e9fca3b5c1304b81b2238793f63cd6ebeb7d2246f5147e174eefb8cb

SHA512
edf3adec380fed2572582c53e78df1bbc3bcefced25ae9076dd849d90e33d2a9ec78f8d866a82ee0094cdca01a1fb09a476446ee43b460372f9b5fd1edc16f65

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
46KB

MD5
cf6885c2ba9a13e68134e00828288d04

SHA1
9584de618d989ebb2fdf064371bae81d47da7b4a

SHA256
0ab1bd89d0b621992334a834233648f668b895c36f303e21506f302b9bdfe9e0

SHA512
a389de2c438a00b5dba2ba5807f1fd3ae953e87b978e19b9ebd46d7dd1483b12719dfeec1d9eb3224984f565b28c272e23283e404a96876bebec53d88ca46f50

Download Submit