e87a957393e7e95bd4353ac398c02fe44f653db0257dcd124c1ac409e86cace5

Analysis

max time kernel
120s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 10:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c90ce68e44fd87c84b88706a6a77c730N.exe
Size

85KB
MD5

c90ce68e44fd87c84b88706a6a77c730
SHA1

3c9d6981f234ad201a70d3f17e485cc0b9928783
SHA256

e87a957393e7e95bd4353ac398c02fe44f653db0257dcd124c1ac409e86cace5
SHA512

5f2d5e00cd5949a691da5f67bd06f52aa4dd1131016e71b347a0a82f97e99aabaa82c63f27982d6d61d82ef7acba1d21ded2931c376c1b7fbae9dde23fcd04b5
SSDEEP

768:W7Blp9pARFbhxwWjJ7Blp9pARFbhxwWjq:W7Z9pApxw67Z9pApxwj

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4679) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
5064	Zombie.exe
212	_desktop.ini.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	c90ce68e44fd87c84b88706a6a77c730N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	c90ce68e44fd87c84b88706a6a77c730N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-80.png.tmp	_desktop.ini.exe
File created	C:\Program Files\ConvertDisable.ogg.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationProvider.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-pl.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.manifest.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbInterop.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-100.png.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.Vectors.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClient.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Internet Explorer\uk-UA\ieinstal.exe.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorrc.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.EventBasedAsync.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\ReachFramework.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Xml.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-180.png.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Uri.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\en-US.pak.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile_large.png.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorrc.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Primitives.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-xstate-l2-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART15.BDR.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\pt-PT.pak.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_CN.properties.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryDashboard.xltx.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Royale.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER32.DLL.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\WindowsBase.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsound.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClientSideProviders.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\cldr.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\management\jmxremote.password.template.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ppd.xrm-ms.tmp	_desktop.ini.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c90ce68e44fd87c84b88706a6a77c730N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_desktop.ini.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3964 wrote to memory of 5064	3964	c90ce68e44fd87c84b88706a6a77c730N.exe	84
PID 3964 wrote to memory of 5064	3964	c90ce68e44fd87c84b88706a6a77c730N.exe	84
PID 3964 wrote to memory of 5064	3964	c90ce68e44fd87c84b88706a6a77c730N.exe	84
PID 3964 wrote to memory of 212	3964	c90ce68e44fd87c84b88706a6a77c730N.exe	85
PID 3964 wrote to memory of 212	3964	c90ce68e44fd87c84b88706a6a77c730N.exe	85
PID 3964 wrote to memory of 212	3964	c90ce68e44fd87c84b88706a6a77c730N.exe	85

C:\Users\Admin\AppData\Local\Temp\c90ce68e44fd87c84b88706a6a77c730N.exe
"C:\Users\Admin\AppData\Local\Temp\c90ce68e44fd87c84b88706a6a77c730N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3964
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:5064
- C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
  "_desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-786284298-625481688-3210388970-1000\desktop.ini.tmp

Filesize
42KB

MD5
cffddb84e1693732fcc51ce61a2d28ee

SHA1
a8127747154718bac6188e56aae937316d49344d

SHA256
4267c02201723ea0cfd08ec9eafbd97a8b6fe49eeab75df208d69dc5111121df

SHA512
4c31d78c75136ad2f7348b3fec88ee31e5e6081a2f81d95586d787bf908db84fbdb117f02d4e0599fc387ae100b9731181293990d8311f01bdd7d9ad390387ce

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
154KB

MD5
147f0684d229c1ce0d4591d464dbac81

SHA1
3a93f49c561a58052565a4276468e9b18188090e

SHA256
b5f5e5bac59a12bb2b1aafa4baee7621121d81ce22fb373b6197840e9df41fbe

SHA512
07b956fb08b3d4eaa93ab327844bd90643320df17dc55b6d917fe5f1d44783aaa379295ac192f3ba8c2eaf0286276bdbe6ccde2b3b44f821df87e14c680372e9

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
108KB

MD5
7d3893e4f18fd117f24bd43095d30ecd

SHA1
b5996b356331591c1a88671c06cb9854277474a0

SHA256
ef72a252c7d584cca016c474660b72d7f9887d68edd2459e746e7294349100b4

SHA512
0a8a457cd9e7636e1926ae926707a41fdb441d401dbb8de147334dd7a3153c8b2938b2336dadfe64c7264457985731368569eea47ae186c1f15d10c920470653

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
928KB

MD5
4f876082a2ebd189e989ce4e5b653672

SHA1
cfb201261b0b781bf082c72538ceea29b4b87f41

SHA256
fc5f31a657e8f7bf16da8286fd440679db5a761643fd073a2bd89527c4d3b9fd

SHA512
46e78c878a87ca195f1c55da88d63b231d9ccb05d139e638a72a2e0e615a91d35b9c59584e1c364f84db0cd7d4e0ccef20aaa1ad0193041ea6ad73027ecc98f1

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
5625c336e03eb81430aae6f98cf12866

SHA1
5456e6d181cb37c669051736e09d7a885ea65829

SHA256
22edd83640cd7e15788b1eae1f0953d728ac4f064d30fac263e400d8b03dac4b

SHA512
c1a3d3b20b43cbebe264e3bdc588d502f710e4222dbad94e957f172049aec33890b7f2169f220d9b595d65c7dcb849498fe8a75410bdd799153ebaf32fa7c73b

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
587KB

MD5
b038d744d6f122e0f21b381bf8dd4956

SHA1
6d4daaedc1d805cfacaa6b55b4aff94372a9c7a6

SHA256
196492abd06de4eb0fdbc307408c3bfa1920b7d7b0c40261299ca3a0947fcd3b

SHA512
7892aebd1406b1ad53afe911541a8d066bf0ba90f70d4d8b417fbae6a9edd0ad8138bc73cdf5dcb60654b406d8722076f1cf43651e435bfd4ebe1aee6c53b639

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
974KB

MD5
bdeab0546c5ab7f2f06eb9aa20a05e9a

SHA1
a3173d859fdfa6ff8753d7b0c678171d34151885

SHA256
a57d51cede45246aa110d2dbe95658c52cf04d60e995742f82c0c185c50bd499

SHA512
8ed410cfaf87cfdc39696323ad8fec5b21c54fc3913d7a94f588d66a47207a1ac61f283b98eb1bb9c03b9c716dd73886d6b6c18e2c9a87ed9e0564ff10f6d2ef

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
727KB

MD5
e22c4b8a8a2dc63c357c9d4ea019c309

SHA1
c949781cddb9255d5e42e6ded6b38c02b9a63e30

SHA256
44df60c051a4e81d73f5fdf8c5708a3a6910f1445f62291a23896d318f89b85e

SHA512
0ab13d2596130da2a30968ee6bc6dd6fba545311b1f6e11d65ffec03fcb7ca29e80431b044e52ea890cd8838e72a0c8a6115bd704ae2cb21b505b1cc67e2175c

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
53KB

MD5
8d833d997314a864c0583bc973910a10

SHA1
6b183a6a6624d3bc7d26af10a8fbcf3bef810e4f

SHA256
9e0806450d6a1cc364e62c0597b238b4ac9dba25226789451b83bf153db50feb

SHA512
1f9e4243741c38ac7cf338a1ecb7b97e8b58f02eb065c11fd4dd99f7d3c514127ce92fecb8f7fe75c9c8676437a5d2ebf189340d317f6f09c52bc6afd543fe55

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
49KB

MD5
4cf6d56d4e9112573adbc46035d6e73e

SHA1
59f3986fcfb7f28ab9d8effcb29607d53a2569c9

SHA256
48716886c25333e284145fe892b851d0dc52df4afc81e475e2f7745c42a4e755

SHA512
fd1708b86d847f756274c7794b46de91fb2bc4a10f0d2cae1386d9675895998e5f2e5d965fa012b28b48e8efa576ebbf6c6c22e079eb841922979daaaad9ffd0

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
56KB

MD5
000c7a53feb40246067115c18605203e

SHA1
2aa79b216f61e0a6adbbb8681ac28d3f00d25864

SHA256
2ca0f1fb1b32eadb649c6b54d58a896412ff17ffde541b78849857e96bc5acf5

SHA512
3143a3a812e574561fb8b780b10b5fec6f85d5eb978e26c3e3f7e883dd1a5b62698a13a5d62c9853bc1c3da675ee9f984230ee3ad5f691a1e60717687106a6d0

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
42KB

MD5
bcb36c62b08096f632834dc1bd2c5bd7

SHA1
acafd4b3381359378e258d780b4cae1d5c6a14cc

SHA256
06abd3288f30b7d3dc2d155cac8b772920db45788bf37d8c50f43331b9ab25fd

SHA512
df8ec737185b985b7e1867931e056185b8a4a640561e9a10d53029a8182492a8397d644602a04d08f0531962a7238fd6adbfba208a9f49242687fe440d09a9a8

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
52KB

MD5
102e9cefd9799bf57c660e12a46e910b

SHA1
391098aab09b82785063532b59c8f4a072025223

SHA256
14436a0778066dd87fc760fac9c18034d24eadb77353496df70696828064001a

SHA512
8603d86af597334a63253e16f46b892d66296c14c6db3c8b7f6ac17d76585d64abfcd117d7d3b3a162137ab5a5d077c66b7f11d87af27eaa925fcbd7762b5d1a

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
56KB

MD5
5f04845e877debb224c8bbf94826d91a

SHA1
f0bbaa0dd7c8933dc745c1a53abf38ccc9960807

SHA256
172325cc249b2f725aa178a9b746187eb306b5517852a129e67b2b5441242414

SHA512
a32539b478e7f39e679313e423c42e1e5bcc2e40d801aa4b2571cba337aae664cc058df7d109679dac78eefa3b7cc2b6651f7293e8a1dd570ceb91cbefc67e33

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
58KB

MD5
5bcba0a51242ba77bf6f966994ef70f0

SHA1
1c3167004c9f7507681765f96e5a392a26433ac3

SHA256
79338b486ef1412aa98827a8e19846adf8cc4dcaf67d180b483acc75330eaeb4

SHA512
f88e433922662b5eb0d7de342fb4a8ea0ff97501a3f6a6772b3368f9402ed7fce213f295b5870e9288c192a07358104be408c798e32fc1f7e0ff01f134cc52f8

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
48KB

MD5
542c18f6f89aba20c8e802bdc933ac81

SHA1
dd70d8fba42037311b9c88c894ed58a197d3cf61

SHA256
68b1e3ec7e0241ad0e130236fcdcdbd2ea92d5c4cc0cb4812d527a63ec8d99d6

SHA512
858c80949fa2cae6c4638d9df34fcf453103d9c83c8d603c094d65de04aea8cafa603ea88d82d19aafd70656b97c12706f74f997d47f37a10acb1825c4dfe021

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
52KB

MD5
4a4a2d2c106fbb68b2715204c51bdcb1

SHA1
9ec9b103dd01a978058c934fd1618c87259d1c23

SHA256
b9ac09f030e982852a75498c2ca82736c0efc8816d1f3598047a8c98902d50aa

SHA512
edfa31dc9aa4405d21fabed0876acac45a300c7f08ad8fa3552c83492553cabf57ee00a57484021148cf8c5fb4bdd358389d104995bba478512cccf08f486217

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
51KB

MD5
d414063091a3c2f5bbb0d50fc64bdd3a

SHA1
60fdc4ed565a392a541afd2e666dbe328ef4f1fc

SHA256
5e42b11369341a7d488a185a38381b3e781626ed1255b39d5dd7ce900f25d296

SHA512
80518f6ea9fc13b08a6c80127cc4ed0e137f9165db1c305c70845de55d3aee93f2f14a449c21ecd6027c212f7779fbbbfcfb73a0549df1c2cd6a18c95f8b4576

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
53KB

MD5
4aa41936d36debea281c2e572c71acab

SHA1
800755633da6ff3df680af791901be4a3e7d70d0

SHA256
4fa14a02c0179c829dcd698b1afa4b388b71c2236ef954241b8dc8f6b75d35f1

SHA512
b1e4033363ce3abd4f070ae608f6a89dcd0c2247733ee6c96c0e16cab8ece0d261a34635f57e72e16e3810e907ecf975526864d78c674aced60a99b43ed18550

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
51KB

MD5
064c593c216b099ad2171707cd379881

SHA1
20e8a0746af719183c92eaabc36f1c1baab19a9c

SHA256
5172750d4c324a61d17854eee1f522ce58a327bb23fe5b5cccf691cc42e87e32

SHA512
d7eaf3667a80e238815964da37d3ce1ba7abe8371ca323f0ae714fa58d5175738ce0a6fb22cc33375600e36b84447c4fdfb23605348063eaf7aa77af244d87f0

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
57KB

MD5
800465674a33fc92869fe31bf2e7e7b5

SHA1
1cd1c2c0f805e00be0ab66a6969aca29e344f4d3

SHA256
19c8ab350dd47e28c90a3958ac79ed5fcf0f2aec74ef9a7961579833eb0e6bf1

SHA512
d9e53b71e4462b85792c7976f0816164e0760be738de9e7cc9a7b9e3e60321f2587b78b55ed887201d3e6ecbd934341faaa2a1d6af9c71c839b37e33647bd8e9

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
53KB

MD5
481864c5c49dc0505f89bbcbcc6118d9

SHA1
8b1764cdcdbd26cdf654a3201365d8e89732a7ec

SHA256
dbdf9bb325da80d9ebc4bfd5d8cf2b38ebbe46c0c73ffe70acf62decb521190e

SHA512
b28cd0928875536c65a8099372d58aecd2400925f0b7f7b2b58a88631e98b3d596cfabb96f8655c423a49fb212378f10fbb646f3d369b4410c247cdffb21abbf

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
50KB

MD5
385bfa089aa0ccd1d0f04d675f50bb2a

SHA1
79e899ef5e8e1b0b6cd86cfeeaf4de93ef2bf07b

SHA256
12f694f032bd6485b1493d73a6f666468194599d4a72ae82b6e2307aec4bbb3b

SHA512
dd2ae499e46fb98858fb5dbbaa5f88576e27bfc8320be48a24f9539860524410df7329049902df1db529e64046f4cc0ab251d2c6caafe5e90f3ff1079a285a35

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
53KB

MD5
a8448387545a012f9aaf4caa611c740a

SHA1
3038ee73ed19a9e71e5d81dbd5b4414c3782b690

SHA256
a6cbbbf0f78bbc0d4bf8a5a400f70eab7057127b4eb490b24a696a329581a743

SHA512
3863b7db2243d704b804ed09283cdf3701dab55e591479ff53c820dad1e7e8080e5ad227483c025f99eb57ecc7e73bab16083c441f946a06e236795c6bed6aa5

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
55KB

MD5
231eb2c70892cf6b6105a1ad0dcc89c8

SHA1
30ccea97d26e98a5c6a8ccda9db8502c1d4a4b90

SHA256
97d1a4f27bcda69e7cd6971a1f8e3c0e1a9846f969acab872368891cb9a6a687

SHA512
92e2a4c4c9977dec4033f3a41c838ba368fccf82ae0107a5670209da70526ebdc72d318feb74c3308777f1edce816a1877c96b8817ffa0ede343b9f349f782d5

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
61KB

MD5
a30bc100bc6f6001dc37b1c7e7197b5a

SHA1
cf7b5712d2e209cf964032c399f58d50662ab943

SHA256
dfc80643878aec96287b46378baa4c3e7de256e3cd1aea0ca027c682653d2802

SHA512
b96c79df1c88cbdebe9e96c3f2183793a8feeb208d329292728fac24185475317c4ad13031e813068caf5ccab71a7e679a7b9b432397b1c3d9b59a331d8db63e

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
51KB

MD5
f39fc647a67739f841e655b30e112213

SHA1
12eefaff4f99310cb49e730ac6fffa422cc89c33

SHA256
a6a2693a3e66346f472944e0855036e5743ec941b3a68b8effc4b6745970e383

SHA512
7d8dcb54b01828b826e8d88facd68464af635cace33b3a8347f31276f9c11ba3d830c2f310bd9b18296bcc69e98d8d5d4f947a5bad23b9dacd811a3cdbfe75db

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
54KB

MD5
adaa5d0914ace32271e8245722fd37c6

SHA1
8e221cecd67cf2687d655e13a506d217fcb356e1

SHA256
bffc6a132bc3b2056c57848b4a419f6390d2dddd11fda763069e61005579b5e0

SHA512
1fe7c5b71406ac94b9bf9490407d259e70a3303b284debb08d13f3ca435809843eba87217fb790e1a0d2b44889c14eceb565d75ecf4046862f7aa192ded2bf47

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
53KB

MD5
a05774a5f307cdf4b82db67a6066a88b

SHA1
f63ed3c90bccdf79e5cb904f86da2ce651be4e36

SHA256
112c829cc36729061913266521ca89438e8356d2af6d24d113587c014a7bda2c

SHA512
660fc428e1392123ae84dd21958150bd779fe98d97e352efe9486621e2d620f0c576e6abe9d18c211e172f65363781af39ddc1f025dc6a74c345aa8c0969d9a5

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
49KB

MD5
45f234f6d0ea10b2c5467dbe6818ec80

SHA1
c2417647ecd6d3adef1b6bd090926d03685985f5

SHA256
ac31a4d6c21ddbb6a224e2b4b443ce6aff562ad392019a701a7cbba1d94b4095

SHA512
7d52e6838fce7d3d71122b41b2c8c0169d359f61dacb284f59ca7abce3283b2f2dc92088e1a195e3ba15f2fa0d3daa9ac0456e18953aecb5174c830d4a959946

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
54KB

MD5
6875a19390c1fd90010db30a8fcef007

SHA1
ed75dab8d8d29b871128312efc1752ddfd3a8f83

SHA256
cea51c61e9afdca93273d8bed014f3e18b9d35b170cc8c6cb2c990acf2c43408

SHA512
d8334532be70a4cb3568d2d310732865cfff72b1edfb75acc145bad92590f7736c240370c93264ad79f5c8534edf861df455416bd50a57411295ab22a7058954

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
50KB

MD5
ce4b98abf4b346c106736c7f57c6175d

SHA1
4de473c1e112ce8ff846417332705b05d1daf2bd

SHA256
b7730a23f04a6cec7dfec15d0a0bc48af435c2348bce9fabd2eb4d1675320aa7

SHA512
ba4367cb16b58aa5927dbc2e20b133f576c6b64d829ec624ac3c98ff0d254255e12c825e9cde1261a10388e912974d94ce9f18e1abe4dc5cda1d47b2a9b21203

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
48KB

MD5
a7e1c67899241e8144a70985d381f28d

SHA1
3d23eae4e21672760abd908c827f2b2eafa4c18e

SHA256
9c83b5bc4d9e65227f3ba91264860a0a082dbd8eaa09fd80c3d7b0eaffdff80d

SHA512
fa8830a4fb5a2d813c22d1345cc4ccfe2e8bff34a52e063fb9de697838772e2cc69ccaaf8e9ac41d50508ca3a6a51463d373c4315db6b23e43c546f5f0fb5de5

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
52KB

MD5
637ba7336f45cdd9173a688c0d64036a

SHA1
85a00788c81a099896802ba104181208f2e25c08

SHA256
b3a5530eb44995712f17171e84aa89d404c49225c15bd93f1015311ea2ad8d7e

SHA512
1c3b9e7a7fd399a7bae2eb046c513532b7d91c405d6d292e8942fc3507fa3a6d433f96572fcc5c8fa4a145129d061ef6b7ed6fbe2e03205801715553e901138b

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
62KB

MD5
0b42bcb3c62b7efc1de5a1c4dc6d6a61

SHA1
372330fc139ea98f4a02e96a3c9954f7d640ebcc

SHA256
ba6ef880aa3e2fd26ada8b1e5dff0f878f40d993e708ff60f09c2c98213ad153

SHA512
49acbae0a5b0d3a5cde7d12d21d1124349d86ead506a110864b6d8ecd51377e4676323e17e71231198bbf8d6ca6def72e27e6423c2975bf6f3764a69fd9da2ee

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
54KB

MD5
f09ce1deec0c71f931790f0b818554ea

SHA1
e769031e43be93939d8b49f84e73005593251049

SHA256
7933223e7a41e70b45a4a075edad271f96080750d4f7ccd28577a495f1244c2f

SHA512
6a01a14db93dbb52ba23e178c897c5b6812637579f49c824934bdbcb00fb61db2100e19fbb3eb880d121a79c47b2b60e10031d77cd530f93016ef4cc8d4cbbe7

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
49KB

MD5
d744a090661d67d2207d7d4342c00947

SHA1
74bc6a316219fee3a940d05892fb92373774f198

SHA256
69ba838ad8089f89441ae0d0a7597218542fce122081dc71133c9f4f6ca5e6d8

SHA512
c353128a9d9ce963719266b10ca086f9ac3074dcd10390a5dba7ce70eaa39e78ef8d2b35a96114a8d3b057fb247537112caa719bac7f87f5eff38f42241d46fe

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
56KB

MD5
d2b226ac842c3eff058ed65e20ca0afc

SHA1
7336f45d68aaf5c0036f57f211d06c3199433212

SHA256
89e74c42fb6921914fa4e1ef775e07a28c47b7a1da7596fef3276ff489e007fe

SHA512
580b2d34b5f7d871895e5989670c6345550edbe4ba13dbc6ba64a31c778a453cb76daad361b8942625b0e507ecbc5068ce56c00a22b9ebfc4a3558cf2d5615cc

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
51KB

MD5
f0807f302887b2b548ca0d84cdcbf81a

SHA1
f2cdbc2ef0a5a62c0b93231457543dd204ff470c

SHA256
029ff3db402f9ac43a4f1ed45bddbdccc3ecda4dc23eaeb9b8284355551faea0

SHA512
2b7587691d262862d0212483b3e89facef66c640a8d0c0450d0e2a39a1bc1e1586d9aa7954b22aca88b761a540a09f737b94c89b3c462f7c1383dbc601c9da09

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
48KB

MD5
c95e2c32a08f2e472ea4ef326d49b6db

SHA1
4f30e236fcad87189b3de9d12f306b17b44f22b7

SHA256
56c4b41079a5d23b335b01f6adf3c08c5a2f273bc41235d9d1d850c9b32374b3

SHA512
cfe5db7b33ba83c1275033668193c9bf93f5164e970387d8fe3c7a285cc46c53f8fd00a7843b95b604af87ed13d4af6c2f985e529231df4b1d17ea1721ecb805

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
56KB

MD5
26473fd7f36102403f7f9131e4d35a12

SHA1
eb03c1a0fed0c60c5b0c1f66501dc430832e2ac1

SHA256
713a349a58783e79db1bed9a76ea355d1957935e5f04300d76b35d2116beafd4

SHA512
001c295199a104019298996acd0a957c4aa5b4e94f177b5c686e5262843b8a4ddb64837693e810b4bf0c4e84cd2a3117395e3280c67667b416438f2e8051e100

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt.tmp

Filesize
51KB

MD5
38680c19501647124b66e1f4000c8ece

SHA1
c8425a62a6ea7871841133f05a9a2b275e1130e1

SHA256
cd1df71a824ac49104b1bd3ddab6eccc14809371855003b1bd12215f7e0dc112

SHA512
b5ce6b7178105666e63137a2bbb5166cc773e7cdfc9540944dd4b1f0487f53d3a1560496b3e957b2da06c140bf2c42a71657cb8e3114b800b5be3739d641c935

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp

Filesize
51KB

MD5
4e8c64e3ad677f5d2038d49312f2755a

SHA1
9d16eca0cc705229656800df402a9379e604c45e

SHA256
46e6db597801b14ff5bea74a965f7ffdddd6358b214c0e58f9da65618cf50cdb

SHA512
49786f0339da7871946dd161eaea6a43d7f9e869ea7a780f3a41ba7375635e3bb9dfc4e6835c75dd98ad535623b9d8b27cc14161b61c17c85641c521bf6099c3

Download Submit
C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

Filesize
53KB

MD5
6964b4a204fa37dad0764291ead63061

SHA1
82970c8053819231b7c86e35db2383dbeeb5d914

SHA256
861423bacc4f1a582bf1581a8805d9bd5561d0bff5e0c68e3e39771467dc3cae

SHA512
d0ca0a16f32f3953f6156a69ff947970a0c702be9215d0671530d856086844b073d0b48dce954c7b1085f6e90469bed93e246e64b6734f7bbbac9ecca07910c5

Download Submit
C:\Program Files\7-Zip\Lang\pt.txt.tmp

Filesize
53KB

MD5
8cea2d0c3ee7a00cb233b42e9cf3028c

SHA1
e0e5ad0ff93d3bc906a0d3cf4590b4d903c2ecb4

SHA256
0a07619e7c13ac7a1f06783ce02f7c722fdf5e7eecd5bcba785b15ae735fba1f

SHA512
3c2eefb92e2099a846d90e66d3a85def26a5b2e889770fbae7d1e284c90744d6de110dd6db219b86865639f620b0a7936d9dd11988974605da8060e90f74cfc9

Download Submit
C:\Program Files\7-Zip\Lang\ro.txt.tmp

Filesize
50KB

MD5
4dfcebaaa967ca8a003ddde5467c67fc

SHA1
888b447310d9c38f7953f509e17f563127c30e8b

SHA256
a9be18afcf0f738d7c3f4332c73f87348dc6128d3a35d78d4dab0346fe88ff23

SHA512
88f9c3a244afe559ba0dbe452e4e7a0b43bf153b23b6a2994d960cdd662f6335456bb4a439dda053a7759b77d420476e8ffa2d64eb326ddf3455b60c0bcf5d5d

Download Submit
C:\Program Files\7-Zip\Lang\sa.txt.tmp

Filesize
62KB

MD5
fc1e8139ea7fc5e142420ccd8261ef5e

SHA1
dfa306fdaa17d53a9f670c57aa647123afb06a41

SHA256
eb530875a945cbb9498b46c0f2ad58303afad884c83bbd8ca3e1213bb62ebf78

SHA512
2fbbf2af88fa73611fc21408e15ddca45fb50d258a099062b42359eb0f718c8b150a37e49f1af8cfa923a82eb35f30cf40f2858a40867e0573ab69af3764cfc2

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
43KB

MD5
310279f07b53253d3741731c1f1f9a0c

SHA1
23c2c6cf7fd2efcc198291a620ab5f6e77183f81

SHA256
f5bfb4c4f8e8d9a15892e864e24952f869d211507336266647ccf5de3a844759

SHA512
b2a749aa4e2d4bc5fc76a1a48683c3254cc5f7a756f68820d57b4ac420037e6cef88ef8dc0ae3405450a4305562e17f63dbf1c33a23716add28235736cf206a1

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-handle-l1-1-0.dll.tmp

Filesize
53KB

MD5
f14733cbc4a64e162e4fa4e43736ddff

SHA1
1c351d331c51fe4390062d6848fc138bf301c09e

SHA256
d1f48f12cdb94b354fe920a3136611add8385b6ac63174682a63bc7a17d3522f

SHA512
a5d0f8849287a6b60d57acfebe3c8698b7e7b8e4229d1d3a41dae9b8582bf062052eae0fc95040709f8b772728a08557bd20c7e4617bbfa9e9faec41c6a9157f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

Filesize
43KB

MD5
9719e9862ce745c7311bc5b5e45572ca

SHA1
339cb97dfb80c707fee5ce1978c470efaae36cb5

SHA256
a7225b97e002605a4d60f6fd9ccf7001da434660e778f26d83f26f1b752a34f3

SHA512
5c2287074649e46ddb6e5ffaa4ecde8ea7d626d96b8e6dfd37a7792b6d9bad9249590cd16f3ec5415f7e169574b327430097035792df732972676bec7e323054

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
42KB

MD5
2bc63277f3ae4c96e995dea374a2e9da

SHA1
966de0fe77b1ed01f34d81f6fcac2ef7c495e753

SHA256
34f9ff41e311465ed1552cdb0b8a2892504b35a4912efa5b329d2f80583d8ddb

SHA512
916c07a4754d3e572bf5fa1e55d75a2251d8c00327e275e44d886e9e153491a2c76f3bab387cd8cf211c27c8b3c8b02d9d2904ec1c000954d557c5feda2dba4b

Download Submit