8b82aa0200135238e3b5281750c94714439e8ad62176950733ab0f31c5d6ea10

Analysis

max time kernel
120s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2024, 23:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bb58ccf992872bd958c1bf95ec19a4d0N.exe
Size

472KB
MD5

bb58ccf992872bd958c1bf95ec19a4d0
SHA1

701f9352baad83487b5005383f0cd1facb967118
SHA256

8b82aa0200135238e3b5281750c94714439e8ad62176950733ab0f31c5d6ea10
SHA512

22175c47e58669ea5214184deafaa18313b139909b004e690c522aebf5ebd72c64e48217f41465ed72cbd046b917b524ff4dcc4ce9010f824df48a408030beca
SSDEEP

1536:W7ZhA7pApBt+OKOsZKZZSjw4Vc0VcyN7ZhA7pApBt+OKOsZKZZSjw4Vc0Vcy4:6e7Wp0kDSzTzXe7Wp0kDSzTz4

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4033) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
2248	Zombie.exe
4504	_desktop.ini.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	bb58ccf992872bd958c1bf95ec19a4d0N.exe
File created	C:\Windows\SysWOW64\Zombie.exe	bb58ccf992872bd958c1bf95ec19a4d0N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationNative_cor3.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\images\cursors\cursors.properties.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Facet.thmx.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.MemoryMappedFiles.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.Messages.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Primitives.dll.tmp	Zombie.exe
File created	C:\Program Files\CompleteClear.001.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Specialized.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXmlLinq.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsBase.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\fi.pak.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.ZipFile.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libffi.md.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationCore.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.Forms.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Primitives.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-handle-l1-1-0.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Primitives.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\msquic.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsFormsIntegration.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Extensions.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationUI.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemDrawing.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg.exe.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\classes.jsa.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Xaml.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Requests.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\ReachFramework.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jawt.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\tzdb.dat.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\WindowsFormsIntegration.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Sockets.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\D3DCompiler_47_cor3.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\Xusage.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ppd.xrm-ms.tmp	_desktop.ini.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bb58ccf992872bd958c1bf95ec19a4d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_desktop.ini.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 892 wrote to memory of 2248	892	bb58ccf992872bd958c1bf95ec19a4d0N.exe	84
PID 892 wrote to memory of 2248	892	bb58ccf992872bd958c1bf95ec19a4d0N.exe	84
PID 892 wrote to memory of 2248	892	bb58ccf992872bd958c1bf95ec19a4d0N.exe	84
PID 892 wrote to memory of 4504	892	bb58ccf992872bd958c1bf95ec19a4d0N.exe	85
PID 892 wrote to memory of 4504	892	bb58ccf992872bd958c1bf95ec19a4d0N.exe	85
PID 892 wrote to memory of 4504	892	bb58ccf992872bd958c1bf95ec19a4d0N.exe	85

C:\Users\Admin\AppData\Local\Temp\bb58ccf992872bd958c1bf95ec19a4d0N.exe
"C:\Users\Admin\AppData\Local\Temp\bb58ccf992872bd958c1bf95ec19a4d0N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:892
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2248
- C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
  "_desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-355097885-2402257403-2971294179-1000\desktop.ini.tmp

Filesize
236KB

MD5
73cab929f43ff31900ed035ec700d779

SHA1
e3413114a3bf77ea815c11c7c1fd36861d1ae688

SHA256
743011b7f8388054f94ef23a0f7df11ae19cdc0582f7c47949062e1c9d67588d

SHA512
21e6d984059ee81929adba7e240285973e43eb300c2e552258a5224e62ccbb4d47cbfd8759e52382c6a6d916a1181e60252512314d8dd92ec41a5c54271eae42

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
348KB

MD5
ed4b530ac46bd1d0b1cb32fcdbfb50bc

SHA1
f52e4b969f978059b93a7be19b3b140246bf1a10

SHA256
6712594b5ca60c1a8c75bb499c69a6e4b317bdd6775ffe51cc8cf1d6cbdcf3a3

SHA512
ae5fa69ee9176751d7dfe242f531e3c255ef456b69b8acae55e253ef4ebbeb320ec63b560b081fa2acad6c7554c539002673eb98e3ba7072050498c3870b3286

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
335KB

MD5
7a23a790258d73c385c21a6a12c8110d

SHA1
0bfd3650bf3bebf64f4b8e348f04018461abcd63

SHA256
cbc3f157c76eddd7f85a21748fd90fbfe568f8cbf96717ef9e4d6a799012e9f2

SHA512
64be2f59e26ed7c5bec4f46563877d3e05f0d84fd323cae780ddc87c7b1cada8ff3b1a97594888b6042213579c493d1e5e37ad9243a80a3342980e93635e1b27

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
301KB

MD5
2610e630ee45edbe932e6a7008afe2cd

SHA1
f0181426a3caa86d63e7498d8385d3222a7750ec

SHA256
f973814aea7b30411a0bff067456ae9b75f9a5f6a721c531d993152dceb45898

SHA512
f3182428856f3c0ab4a1c46fc7196878ffc5ffec5bdeca5b86844f39b015791f592913795a309e2ae7338ce6b3c0c6d22ae722bc8328c79b4f74d0c2d637f6ec

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
2.0MB

MD5
3caaa57c8e222a601a62b90320ce737d

SHA1
e54e4e6e7099e60588b0f44fe6d2b7315223acd8

SHA256
783720809f44c32f3aeac449e2eaf029578dd97c106842b169ba30a0b651e97b

SHA512
58f446aa83579f8b9bad65d6939d2afa590e57bb75b9f8c409215f9c17e6ad5a600a71490c5c8ba17fc30ac2cfff5c24fcea5f21c2738a949ff60b85151e9c5d

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
780KB

MD5
c0b44b1b95e899cd276c4e783005cf6e

SHA1
59a0aded81aab5c91a421ec63cfc45f090eab7f5

SHA256
4806c85bc6e32d6a55f6f2c340a60ac39172c8ff0e574716570cfdaa9e59acdb

SHA512
3cd2fc0adb1c1d60cd0907daeb61e2629982530060c98601ab09e3b234ba0624fa5054f44baf4e09deec5d52c1d94faa618c6ee2801e9c144806d7dce6f1e763

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
445KB

MD5
c6ac2356b905415983df902ae8119dc2

SHA1
a819c598fc114e382fc7016d8224ef97dea12566

SHA256
c81275cf9253d7c31f29a7fc39402b2682cce3d13c8e0c63a63d50779d9e4b85

SHA512
fe043982f43baa0fdf5cab59a058d5aca0dbb5d62f97d565529c72fa0f10dcf0a0f0a94dd558196958ba9429b79bf8a6c0dea0e72fa8e22bc8017706b9824460

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
1.1MB

MD5
d0e523a57da384995708f92ced277111

SHA1
bbd93ad21fdd14993270f011adf42f72bd01b05d

SHA256
24620531df5ec8c46b8b636bbd153273e968487e014f79c421e87c98048f606b

SHA512
58ac5c0dac04891ecd3efb6cd01ca4cead6d46a4315059a4721e1b6ed79ad93b75bd8072c30d6b4847c947f1170d06477045ff098c646d0d96e3affc181bedea

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
1.1MB

MD5
df2190e370e908b563ae758461ab1bbc

SHA1
c89d118246defc59af09a3bbe1ea42f4e9f3d8fe

SHA256
083c8170346957141864e9d3f0d8ec1954036d124aa88849990db35329fa81d3

SHA512
2650063611c8378698b4469d4b68eca6b7a7f38e9523a0a79851b5dea3d67a8080ec502dcfdc2f6e92cf846c754d45b9e570794cddda2cfde2494207dafb263c

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
920KB

MD5
0bed07ab3f8b385e939477afd384e601

SHA1
1f3fda5ae8a8f4986222a1ab0d51c2c20ce69e1d

SHA256
4710e9cc59c3ebed20c5ce721f5d08ad923c9509e69f142f27472c6ba3d9aecb

SHA512
1cf1f6d5ce0749be6d25bcfb829c619c2d0e42f2221f03a850d2859214a4d91aaff60242a6a8dc38a74e93e3d89488b37d00e97d56d3f64dc93e06d02cc92d9b

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
293KB

MD5
5ee7955134782794d85769c00d43199c

SHA1
fbe93f0dcf59c97cd372c00b581a5a5e8b9d69b2

SHA256
2cd3484e4578ee76a16348c7d73c42e0c14aa17d76c39c3032710982e04a05b8

SHA512
af81fbb62b8bf1e21dce54eaeb89737e2fdb69d442073bf091f616437e07be074ff187ec063c42a0f362ee7451835fcdc23cfd74b36f6930b40865a6abb39f52

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
246KB

MD5
a735ad31dc4bae5add0ec3ab0e2bd9d5

SHA1
6bedae3c89a77c36522ae8effb6a9742c96731b6

SHA256
bc1c3dcf28b398dd0dbf20d25e10d228f07e8d2c7afb4219ed099473a11774d7

SHA512
57cfcc31c8a911ab3cdce0350ca2d76f946e29b480872b40f634d64f9d67ad063962c73c1cc28d6f69181b37a117a90a5f4c2248df00e171d71ccd152430571b

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
248KB

MD5
f6ec315e00fcbce6d735257f6a786857

SHA1
03b7a7e2f34bf689ee533b8071c7c6aca144deaf

SHA256
467c9d4255e8038735ba2d5612c07418f8056374efc1d2b419c229ae6cadde63

SHA512
49e2210bfba1e1289a94a8cb04e0ee027062d2b740eb50f568d69247b816da1ed962b73dbdd5c0e26adf5f7092d03c212967def8890ac36d18c95a061c4c469d

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
241KB

MD5
1ae9f8f681c19daa0007a99af40a1a9e

SHA1
6b23cf7bf470fb21ae1a5e249eb12d4a47ceff45

SHA256
1fb252721b79a9022dc50cf57f6270d6857a890868f0fe6dc9dc988f3ba79df0

SHA512
19d5b5b3c5a3a5898d357e124cafce14a0c0d2daa24b5d766047962663834b324d9c71a6aa600a6b8a579fe1ce76011e557d11529abf7221db1ddf9a34939c32

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
246KB

MD5
6ca94a24350f5b404ce435c6d0d4203d

SHA1
4225aa4b860c2fc81bcd5eafa9cecf0c2d1b2ed8

SHA256
02c688fd9f46d6a5a4ecf8ebc4f6fa01d1d3cd4d37e40655e3732efc166bc529

SHA512
d31b6190686d1985ab35fc410b7243664da96518aa513ef48ad97cb69bb831514bc6010fa2fb7c88f8c27547672107df1d54a95af2f58e64b18f52854b29e4d9

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
247KB

MD5
ffd6d79332c8b58451a0d918347a87c2

SHA1
3453facc3452ccd1d362ec05c192e157bfdc0a48

SHA256
1c67ef3cf3b4a17c866db6ca0f021fd34c4df39c9fb4f1df6d035d1074e6430a

SHA512
8a5ab4c44db4aac06c7a149fb9e516326e041c8e33a609a2dd9cd6fe19dc4aa2e15b8566a1d0d4ed84ba92a21a4ee3f258d238b37ec6e0a9b4aff13eb68f024f

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
241KB

MD5
57fc5d58acfa3c79f0aa6def82973723

SHA1
25ea8333795f4c97227004db599d34a7cc337995

SHA256
2c04994e27c8afc97c9bc2c4dbab9111d0e8083a3ebd55a5cc319f7a3c6d609b

SHA512
412334184765f3d4680af3a86b476db85e0ef9e75b4abd9d38e485576e74bb33b83669373513f94156a478b71aa91382e25a22d2d25b2eec25b5b3e4eda195d9

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
244KB

MD5
9abc7f792c8f6fcfec9c886e1bbe62fa

SHA1
3dd2230d4c90bc643b5f5b40671a14460521da67

SHA256
2ae769bfc03626beb14fccc16ca8b4866b214ed21b06ad31caf741156484d3ed

SHA512
ae5bcd911695c43a8317dadbb6e158ad09df56d42f95a8bb373817e296a83586bb8ce6eeaa675090223c021c69ae4729038d3bfe2bae50e7e19705330bbbacb8

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
246KB

MD5
fd28df9bb0f01c2be912563dd4ebefe3

SHA1
7ecd4627cfe891ccf5e2be898860c8db27f73d97

SHA256
00e9709c7ffd37af08a81f81d85322ace2915161285a4fd49219dee9c125ada3

SHA512
72595dbb4a19d15172e265f851f27649efe83bd0a89aefcb85345c20993e705af41aeff3c6809f0d1c75852da7bbcb1ff6e0acdfa18593f7706e38720b57829b

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
244KB

MD5
9067e868a6ea94d773a031e0b38bcddc

SHA1
8f3591fa24d5db58a4bd337b466a2894131ee80b

SHA256
96bfed1161d9537756a5777f2b768e5921ff1b93b9f73614f4b63811c247f774

SHA512
98cde70e17c38bbc606f874f0d7a1ed90426ee0a161fc418801d1b713b4b9f816a40392af90aef74fd5ce9695500dd256c134c0d43d4784c10bc95a2b9cf9997

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
241KB

MD5
ac7b190478f38efcd8bfaaed8b773ed3

SHA1
8e20f03e3c33dddab49b44e5212a5304c6541fe6

SHA256
d3f5f5cc776799f623e734302d2859d4ff42065eed9b138b2809514f5ce8c2e5

SHA512
9ce764bad10fc52bf8dbbff548a1c19dc19b151a57bc6db1f071909764b8c7b33ecb95fcf9cb846ade859b3069427c5886148204de6df8fc3d9e4238bf940995

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
244KB

MD5
bd2664949b2ae9fe0ef80e734425169f

SHA1
2901b775a7ccc7eaa1b65c34a53be581874e7e7b

SHA256
d1f88ed6d3500df74ff5c7710dc1cbfbdcc36454e7271a924106f834b0446e6f

SHA512
54f424839c5cd9f8a86fecfcf8027f45c5c4d736e17b0ecd394cb84a45ada28c87a74626dd10da87daa8ca0e15438d39329fac9a82b4c38b4c92696422b67178

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
245KB

MD5
0012c6834ea743398c9fdf65e57cabf7

SHA1
e7344aa0799d54249f2fedc471006c6118d7c2fe

SHA256
7c9739b290f0ce1b16f2e595a5620ecf800d269f6002874fc931c45f661f5433

SHA512
cdc2602c97c58359a4d180743f2ca95d51a316479191e0b5f4a08dfea626dfb0407226fa78efd4c964975ed4eb359ad663393fc4839ab42f2bfba1367010e7cd

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
252KB

MD5
015127443fdb3cfc73099cb0994d359c

SHA1
57278efc11e27ca1ff328786e9f35430dd66c021

SHA256
62c754a93a6736a5faf0835cb49b28648bba1f6219fd5ff9dbf074a74fdb69b2

SHA512
516feb2019499f97f5ff3425f7211972e4379c3dd711ce2e0f8c9bbec30614b434bdbcaac129066d00d75de11cf66e9d010b440289dc27601046741974778bab

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
244KB

MD5
d5d8b3d181162fa7aff17cedf6bc4b39

SHA1
9a0c929d16e38a53b6eee8e788d81d18ac322e7c

SHA256
221cd4001357367b61285c2d969d1ba6a6bd0dde30cc69522514c7c901298796

SHA512
8e712f97afc767d16e4a91b9b3c8037e9ea40f8d712ff367d3d8d849764c83d5e5ccd99db571780eda393a89d9a15c0fc36aebe01789852944500e700be0540f

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
241KB

MD5
2fd75ecd0d5ab810aa22c4be1170ad53

SHA1
1a22147814610fd45288612895ff004b80eb46dd

SHA256
9b0c4d7f57d35c7711821306e2e1344040656ea4a492938ca1e8da2a266b8a84

SHA512
d5ebbb91acde5d8168bc03abb70fddd90c6c51a0421d5b56a04054e83838d63dd915638fb5009761c283b3464be943aba0e1b54c216d871f4aba51f2e8bd50a4

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
245KB

MD5
095b0f00db090bdfdb415219abbfd31c

SHA1
a0815365d879fff89991742977ca7a3d495f21f7

SHA256
23358d8e3f6b21ccb9391f693629c252e6171cd5b28239a6298132f527f35dbf

SHA512
c83373829de66ec043be47b240c6384d03d6d40b4df91c620e12db9ded955bc5ef1bb17f753088853c7dafae876930387585bf4e9f17499d8b327ace1a343b73

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
245KB

MD5
b96ecd21d920203565901cdf00d06f51

SHA1
53a680197a31e128f0d8881cc376eecf00c894c3

SHA256
50cea47b824190e0f405406b2e4836eedefb1fe7a0d383b9fc70b0b3e3c087a3

SHA512
a1a7661da25792385f5b4edca0c4fbe732ad1fe1516334022f2f5ccbb3347c1132f8bb2288a63c4753a567063f1e790cd6fad10d29449cc2b32f7b98aa1a87a1

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
249KB

MD5
fb1ad2d442ab1a40930629f199c7548d

SHA1
d13a613d5443033626106fab8216324f594aea76

SHA256
8ca975589c1bb64f39fd906dff6d64fea48d7842d5af33fac378739c48767e1f

SHA512
ed07c906b1eefdf67accbc43e4339e8ae986c4a73c6bf7ec5635d9067226df1286b302f0d371bf9f8ebd5ccde25a2d5620b4d30358c3c18ef0fd567a0ea7b538

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
245KB

MD5
89a454f304af75636789d3b416673127

SHA1
27f0ef9f3079651092257dbf9249c71d7878885b

SHA256
5a44cc03dac48dda68971b14574f86b54c04da36dced495482195d1bd212c06f

SHA512
632f30102aade7641c75ca704600a4e83204589cb1c3c053af0f404a396138adf213a237a7e13702787e68144d64e68fe2604e973967208d0fbb0718742fb316

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
245KB

MD5
00c659e25f324cc4c734fb7393d20472

SHA1
4fb5216b3a059e9007ae2b869b5968fb2da5c936

SHA256
3daf9851a5a30c9ae0b891b28d50f6024f89f678a208b97b54d397f4677c1634

SHA512
05b3882fd52b15bc8a59cf707f03139b16507d09ab1417739b9f0f092be74902db98d5f3c86fd6482e945939198c4c254d985f0887aec270d1e302d9b36109b6

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
243KB

MD5
a9698d7ff0e8da18c0e38f92647e0025

SHA1
2fc3a3600d517b254953b9bb03256b3615984f88

SHA256
e560e12e8be5c8a119c578f1c169a211bf57c5787869a6109d590ccee1a93ba8

SHA512
6aeba19c51c4506021576faf76ed10f06cf173cd9bcc0112f36c519ce3eecacac1e1c430a15d07d34f0ec13350c342acab7abf239ec3a3f4fcea6c86523a597c

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
242KB

MD5
5ae6042c693e6662a2ac5d95e68fdc81

SHA1
666c3a5939915e33df259db4897db8464da47725

SHA256
ba6f8eaa1b48008b2437c6ec7d9f89434826a8ccfc44c06058ab900f9cdd2f82

SHA512
ffce5f6000202eb31639f6b9f7635a79ace179dd534c77bfc76c8dd017d14bf174d16e9c80e441aba619563be3b32c3c906af24ee103ce2c97b03e6d72592b6d

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
244KB

MD5
067e76b3e4106d9e295a2f02852fbc8e

SHA1
90a3a44b9f466e7e39d46c60a3bf90d11afa335f

SHA256
e98a85a3667bb3d5ad3e5e882336aa36654b7c3c33045b00e80f69a1e5aefb61

SHA512
63cfb9f695774bd4ae7ef8c89206ea17897e8cffff1a06ce19b0ea54a6c3ba40a06092a1ddebaf202020549810dfbeb3c7502c0ddaacba94036933ea1d0d4f0f

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
245KB

MD5
8d04a9832ff21e89ca58a32fdb483eb2

SHA1
a0a8309e53c44013050c88971902cafebe94895b

SHA256
204e2a9b7484cfdbdb01ff863754dd19d207165d5b2623af5cde0156da8fe887

SHA512
aa79beabccee7d94524ab984c728d78633c84ff2f85883a35315537b1cfc6573db8b7e83c11b65e581063b6d0043448bbaa7234f655c54b0902b1b613493a7d8

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
236KB

MD5
ee1ed0d456cd98945433c2cf3cae0e81

SHA1
a4658f6b9308fa098806155d158c75859178fb1b

SHA256
b914ffa94a4faa824dd45bc7336433cd044358cfe0b5c86e12f0571b791ab279

SHA512
4d731d404c75a5c709d9c7d50c8f85c708fab9ae42a83f601bfad6b94c584976e63c2e57ff6f3c04a1fa9bc5b52a5e3d04ab859f458f276671924d1ac20fe26a

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
247KB

MD5
652ee6faf63b9560a69a78a1e3e3a83a

SHA1
7caf08d5014e53d7af736213c32bb2aa84a0afb7

SHA256
9f4d9a3af5b80eac2215a4a1992fb1fc0065672732a11cdb6d1d9aa64987b671

SHA512
9f8c563c6701cb2d36b0e100e93c2a1bb64623653afc211d484078b9e374c9f563019c134af5507ded7dad66228694f28ab1d82d8ec0d4670d2adca974e31aa3

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
246KB

MD5
c67cb97138a55709966cb3886264f8ba

SHA1
758063cf6f4253ea46d2cd9bf867cb315380b3e3

SHA256
9cbdaaa9f896b1df8b6bf35ca38ae1a1100cd28368f1143a2c211c3406dbd94a

SHA512
b1133393c587e7f5a17c66524076f83a7818bccd05b350d0d5c6788fea7fcfe6bdef661cb53d39454011838cf6f04ef2c217f02e746823bdb12ec3870c78fe7f

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
245KB

MD5
bab4e5701f360d0fad880b8a8137bcec

SHA1
6cfcb2fdc40997356b4d3344c96434b8f46b306d

SHA256
bd9e45a86557c0d54376b2dd51f0321682141f43f5e7acbf93c78e794e42b556

SHA512
3e0dffe8f06b7aab34102cfc50db54e9c65232673647187d4a2f4124db50aba449d4a2ababd9cb534214329a856da3afcf2a925a86f96d47b7597d640b1fe3bc

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
247KB

MD5
d9b18bd4d4a31f0d5cc278043223b57b

SHA1
cc6fa6671827a8cc806650243588fcb1755a2faf

SHA256
87b24c270bab2efecab664530d37d266266e5cdd6d4857a6f1978d48749562e0

SHA512
0011033857ec72ab2c745f742f95771e4c8d4057edcd25bfa7a92f551a48eac91f438ea517ae9a81e168b5daafa46041007949f0e6a47b744f046c7c1c2967fe

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
253KB

MD5
34d7fe6dfad61d6d246cf9b326b8a18e

SHA1
62e25463c49c53ce1772183b333ea8da28f4e17e

SHA256
126e4e4b356dd372eb481ec781ef70ee49202af863d5b0684a7a557d37a5fb09

SHA512
7f91f3e531370fc5db3153795765e3f97ddb842d687da5c7bc6f9f3dbeee61ddcef436ae5ec36538a77ff14c853d757551a8cb3b462f5cefbb19191732a11dd2

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
244KB

MD5
7f31dd761293ae20c15768f6f4c5c16f

SHA1
5d6c0a894b88287a986f09f13ec0bd1ae8c7e00c

SHA256
d17f81036e4b38dc3fae7ec5e6cd95c77586c6da9e9599353ff7c244ff3d63cb

SHA512
ebdd5ac7744ed846ed233df1f73d1ada87fe72fb39e89e4cffe457767fa11c9f0eb76efdaea6ec80beb9ea34d20cc61d0f11ee334cce4c477c81f3b8ca9ebf34

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
246KB

MD5
e9960882cc8c490fc665112fbb909da8

SHA1
25aadac233e230e815a980cf37de57892fa22e66

SHA256
552eb1aad0e584fd49ac1672d90a463cabac0233d62bbfbff591e9111119a182

SHA512
e6824e1cfaa338e8b2d1a2088574d0c7c1fe9b7ed58ddb876a38fba739376f90cadae2e3c960962cea2ad266412c0e6f9b23fdf6fa675c9e453f37b5139aea21

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
248KB

MD5
a536b0c12d1d12442e1305bd5cd9f98a

SHA1
4428e35109ac3f7af14cf0858e6a6aade0542d48

SHA256
7a01839695c91ffe3e43f23bb2805ed41bdd82c20983674e0c121ad2b9761f42

SHA512
a6de3caa701a9d045530c2217f722f17c4581fee3cea41a27b9cefdf36af9fd1735cbb733a5a65e2e52ce0609be58213fbe309d22eecd3c50ecd1740fa2e29f0

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
242KB

MD5
ff2c83526bb06859b1f0c699a94077a0

SHA1
597f9ac1f4d8625c622fb6bd8abbc22e235dcb5a

SHA256
62142f49010ea2ecc76ddcd0415ba71ef581d93bf8e953396224e97a96b5c20d

SHA512
8fd09999df3cb7af8ad278793df435c7fa48633485a9a88164d20e9d9b362a0db0bae7ed4466f981ffaf2810afcd8addcc87d0d8e5121705a2959d26946deee0

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
243KB

MD5
6d6fb2f9616c3e25a8c1902564d4fd06

SHA1
6f9c62c20084057d27cd10a9697fc3982758e30a

SHA256
3114da1aaa9c20499deb2be990e1ddb1858ea510aa5a41f8b461e25928b60214

SHA512
102a1aa6339f9361fd3125be0fb1c78fb258581a33b75b20c0fc733713038ab1c67dcc39ec10c630a557f0e2e8993dcbc3f940c5d7e0425e926e611864390269

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
245KB

MD5
c5ec0e723811f17c5a77ff9dc373e97a

SHA1
ee0fe33b350b3d7d4a8b724a6da31187224e1dea

SHA256
d86fb6cd328f267366c439fb9757f628e60b5f590c4e26b3aacb043fc4991352

SHA512
21a1bcd24b452c3e73cb13fb119a58a11f7b3ad8a80908f5f73bec0c4ecdcec0cc71a27c3abd96a7acf1e7be91c8be5222c980447ca168b891de8a1afe2ede27

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
241KB

MD5
bd3d4d9004513b077f56fbdf03af7e4d

SHA1
23dd4cb6700699bd037d2fa025d0ffa18edb43d6

SHA256
e1b2d37207946f4a1245c091b128528819eec1a33af4dd75df2c052b27adc67c

SHA512
eaee2fc148fefb47f323472f8aa16cc67f6254afc65e8eeacf4dac28f2d24690cca0961f3f8d72812e40f66dd2bf4a7d58d8aef02d69f63a86817d8a4db20904

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
244KB

MD5
c5a3f310568c08220017834b27eeab4c

SHA1
84554c27670e9672397d608b3061eff3733de28b

SHA256
3ad2d9048b0d8c0d8d20707881dd869b47877f23d9b28016687cd6f902306c5a

SHA512
29b0fe0cb52ac0818802dd85e1b967546d4271d846b4f8767c373cb9035a069944e4b1b7edf757d9e71e781ef22f07364c7f926bf2576e9c05952a686dabee8e

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
256KB

MD5
1ef512a49d2fbde87d47b15fe9a0fb88

SHA1
1cf1b1126847320c1e296c6b673d75ec01165a8e

SHA256
d071031f248b46671a95a6db6acd37d5fe3a1b266d7f72204b9240d4f8e409ef

SHA512
0d541bc3a99a202cb8e95c83fc89e450df903f38344c53e305556c4a7a6f6885452d2d995e7e11b065a437922620cfcd0584e068dcb372e35afd8f3b1193b5a7

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
237KB

MD5
959d70da01b29a4bfc4ac4bdfb29862c

SHA1
80cb5e1da986ecfdd3354d8b12b3a95e1268a61e

SHA256
2ba51907f3a718fb257cfb7452f354fc59d9cd2f6a044c226cdd2668b305cf6b

SHA512
eff2a97d07116e9b3e4d3fac46da2f5c0163b9ad42e0df0013cea6e0043d89c6e7073ecad0b21e7891f3da1a69076b1d7d6f4946bc984b55f3fcf82f3bf39480

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
237KB

MD5
d294db9b0510a45573895914d2d7e4cf

SHA1
802418248693aaf078536ad12487f39d3c710a75

SHA256
ffae7de40d44bc02ab800fe545eae652baa9ca63d9726679978f26a746b65c30

SHA512
aa48c136169d263131244875466707b05ee2675017221edaba088342c94345e626971c415ad8b50b5b4d05059e4a654d967ebbae181f248160b33f85738aab75

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

Filesize
236KB

MD5
800175ee8dbb31c307ec6bfbd70654ca

SHA1
e13b5e3f06a5c38f5e5e73387a472cdbb19ad4c8

SHA256
5caea141c5d945dad3cb14a645eb43659786f2e533922abc3ee212bc5af57492

SHA512
259d4431830738313d99870998babac4ce71f8deec84af0f480cf75f758277e1b6ce54542b0e9596e377a4368644a0475a352fb74a869cb6fc82faf8da802995

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
235KB

MD5
bb2eea54e70561dc5f2e482f77b2533c

SHA1
93612a15f7e69481573deac19e2fa9730bcb8721

SHA256
da1e4a427547f8cae86d6b3b88314ff1f073151658e8fc7c9bbb868d1759fffa

SHA512
1e2db3451b1441526dcbbaac4faf137b98b7915f0036fe747f0f471c904cb666c1d086007ae7de738ae3754c6a1a4dbe56505d38b924bb799e400c8eb750e57d

Download Submit