6488fee0ac2170dc063991f552dbdad1e3eaba52647bb4d5388f32dd77879e03

Analysis

max time kernel
150s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25-08-2024 22:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6488fee0ac2170dc063991f552dbdad1e3eaba52647bb4d5388f32dd77879e03.exe
Size

102KB
MD5

3793e5d21dea92e4b62913b948326f8b
SHA1

8bb200593f4f555a6ae91ce4d408d1f73d1835fb
SHA256

6488fee0ac2170dc063991f552dbdad1e3eaba52647bb4d5388f32dd77879e03
SHA512

291d403dd8ee8f67bacb4971e26a815f968bc07deb5f02fadb44a56f128837cd63432b4ef8efb480933e497e85da1c9bc8c00080c0cc123386487a3b2f903f91
SSDEEP

1536:W7ZppApBULcfpHLcfpyDORfRk7ZppApBULcfpHLcfpyDORfRW:6pWpBwchcwDORfRkpWpBwchcwDORfRW

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (5227) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
4312	Zombie.exe
5036	_desktop.ini.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	6488fee0ac2170dc063991f552dbdad1e3eaba52647bb4d5388f32dd77879e03.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	6488fee0ac2170dc063991f552dbdad1e3eaba52647bb4d5388f32dd77879e03.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.CodePages.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_ja.properties.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Json.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\STSLISTI.DLL.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\hu\msipc.dll.mui.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Buffers.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClient.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.DirectoryServices.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsBase.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-timezone-l1-1-0.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Metadata.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Design.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3102-0000-1000-0000000FF1CE.xml.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-pl.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Wordcnvr.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\rsod\proofing.msi.16.en-us.boot.tree.dat.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-profile-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationTypes.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PDFREFLOW.EXE.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ConsumerSub_Bypass30-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMXB.TTF.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\OriginResume.Dotx.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Primitives.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8_RTL.mp4.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOHEVI.DLL.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PowerPointInterProviderRanker.bin.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryResume.dotx.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\BUSINESS.ONE.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostTitle.XSL.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8en.dub.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Writer.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationProvider.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ProviderShared.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Contracts.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jpeg.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\Built-In Building Blocks.dotx.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.tmp	_desktop.ini.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6488fee0ac2170dc063991f552dbdad1e3eaba52647bb4d5388f32dd77879e03.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_desktop.ini.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4956 wrote to memory of 4312	4956	6488fee0ac2170dc063991f552dbdad1e3eaba52647bb4d5388f32dd77879e03.exe	86
PID 4956 wrote to memory of 4312	4956	6488fee0ac2170dc063991f552dbdad1e3eaba52647bb4d5388f32dd77879e03.exe	86
PID 4956 wrote to memory of 4312	4956	6488fee0ac2170dc063991f552dbdad1e3eaba52647bb4d5388f32dd77879e03.exe	86
PID 4956 wrote to memory of 5036	4956	6488fee0ac2170dc063991f552dbdad1e3eaba52647bb4d5388f32dd77879e03.exe	87
PID 4956 wrote to memory of 5036	4956	6488fee0ac2170dc063991f552dbdad1e3eaba52647bb4d5388f32dd77879e03.exe	87
PID 4956 wrote to memory of 5036	4956	6488fee0ac2170dc063991f552dbdad1e3eaba52647bb4d5388f32dd77879e03.exe	87

C:\Users\Admin\AppData\Local\Temp\6488fee0ac2170dc063991f552dbdad1e3eaba52647bb4d5388f32dd77879e03.exe
"C:\Users\Admin\AppData\Local\Temp\6488fee0ac2170dc063991f552dbdad1e3eaba52647bb4d5388f32dd77879e03.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4956
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4312
- C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
  "_desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:5036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2392887640-1187051047-2909758433-1000\desktop.ini.exe.tmp

Filesize
102KB

MD5
d659275a9fccb15d6a802e5ba30284e5

SHA1
360525a9ed8eda262a24fc287c60ad61478f9eb8

SHA256
5ebe79bf58fb3776b5b98ab70f3c0a1321403b959e6abffbbb8dca1ee3700f55

SHA512
e83ac572f10b956e775d8c98a4f31a345fd6277356348289a770464b745ff8033ee3add0ba27179cb7b2700d8c6edeab2733b32165e9fc3ca8af3c2e1709e0c7

Download Submit
C:\$Recycle.Bin\S-1-5-21-2392887640-1187051047-2909758433-1000\desktop.ini.tmp

Filesize
51KB

MD5
56f95340e1cf4e21bfa3af0b3084eb58

SHA1
0ae13144c2b25d7919a76d7dbae0528db72d4e46

SHA256
22ec813475b3e00769199560da35f729354a321d7f3927e04103f3ecd58dd6ee

SHA512
806a0b0613e3eebd7d0f53425d60b5111a1207b3f7080441df466864f5e42a46382c541817a8f4bce9871eb7ab01c04be2cf4d26ff0ab07430ce43d3c3dba0a7

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
163KB

MD5
2871e79ec3eee3743fb14ce98acfab84

SHA1
22e23c6ee37a4096119371678bb94ed7875943ae

SHA256
9d0d6b645762ffa9c413e54ee62358768d2a88b645d6171e505b28df3ba513eb

SHA512
db3ae41abb836e97eae0a69cba75afa1118614ba561677933b58a3d405830d1ac6af84d64eebc39c332e32581c9e7d1726ed99a8a35ff51aa50a3c712f96d61a

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
149KB

MD5
80b9dde601c6f6add3069874176a822b

SHA1
f790f3a5bc1aba28b8bc86a077b1cdba3a88f38d

SHA256
029dd2e3550e283e28e8d4567cfc148cbba138e3278730bc76304491cea7bc40

SHA512
2d48d056290289bb84d090c8357b560ff35d925ad78dfc377bca035c4d30728b6bf84956f9623ba8dce7272a2a4eb2327234289973c764b0475a9e4017d635fa

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
ce49a1c2101d866509fb286882c3d2fc

SHA1
9f33bfc9233f82c32b5a7344e5dd21e369768eb4

SHA256
7041424bc4e1e1125fd7e870c303207058569e7c35681049a7d1b050934c2281

SHA512
dcc0e8aa0dc32c930199224696ad7c63c30d33bf8c636cf1ce4e755ce739044a8c898eff1d11240ae76099828b42685a9b5ce3eabb58aed22e7ca4e8e636cd6d

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
595KB

MD5
e9a3a7b8d8133ed9605d83717257de43

SHA1
99b907df57614ab743dd7336f763c94afd76dcfd

SHA256
835015ddc47d6ba7e9808042c0876a83ec3fde6ba23be97d1b5ca340a0cc7865

SHA512
197f9520f8365a31313577f820c0a8c6a28944487d8154f5941d093bc32252441c3e2762885a07ef22884921b52bc7e477cd2c030506da00c187f8feedb395e8

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
981KB

MD5
00b0b14745a562248ef91a4e746f5dca

SHA1
fabfd93504f33a415cbe9355943f52ed7e76a471

SHA256
60bc8e75bffbf8c9866abe1b54f91ed1013ade9c16730c98affb9ddb052ae343

SHA512
1f90ca4c4d5bbd1c5e9fb7e3fafcb9777906c36f82321cfe43a58a3f6570a376425ad9ed1f3e6c54bb51f28b44a30f0ddc319e3408c898397e3e231da46349d4

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
735KB

MD5
3071929af6591e3f35974c67552648bb

SHA1
76bc93ea25bce5ee80723d72387de89ac65c0e8b

SHA256
c7bef220a04330975ea832847bd9286b0bb7585191bb0cb2b227f75785858263

SHA512
3d686ef2f867d414e93d150fbefc0f2cf86b29a63985da1880653f084b940402c5b92ab5cb5cce216e065c7db9c5120c2c3b146c8d41eb2ef2ddda87790aef73

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
61KB

MD5
b2fd4e36d2d8ca2e287a0b8d7a3c4adc

SHA1
2527affffa89d79e7aaa7760bf60313a49bb1f69

SHA256
5d47e610323504bbd7ccb2dc7f9d31aca21b4cda54fbb0def2a08ff824cd5a00

SHA512
b7ff5c5a38851796bc6d0c7622d588643ebd8557da6e4a97c6f0e3e3d003867876ed69bbef7d7f55bf7df25c1c2403f670edf418f19f01e376ce08425d3327b3

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
58KB

MD5
9dcbccac63bf9710a511bfa7a0ee8c0d

SHA1
e192587f5a9823cf8b9a8605232699600c70080b

SHA256
3bb6939e8b4e56f5439b91a2c15b58f21fa9cc28230ad4d731f21f02713eff35

SHA512
c611062bfab27f34401b387ce6f1d1b77ad4e794266ddb58a00e5cdea25eeb1558338a5762cd1ed7ca69352da9bebdc39765fb7b816e83dec80eb567c71b393b

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
58KB

MD5
a8f57374249a7a69b5573ed7455d426e

SHA1
bdf8539d23620ab60c9f299acf7dbf1190eed289

SHA256
9786f02f4ab52c05ca998f5b2250a56f704b58aa3409cb555f4186df7f9a2b75

SHA512
df2ef13e2fbb4a35d86f125e8e5df6d8d6cc1999e1579dc2ab970f96d9185a817ef092de25f297271e07836361fb17c97fd3ce2220bc4341db13d98064af4269

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
56KB

MD5
5ebabb2c123559c9ae485a7a52670a96

SHA1
d9b24613f40b3edd9514d0d5a2d143097c9decf6

SHA256
57751e5e9bf6f30457e886c69c7b594bafb9d7553495f8c579eefec81dc7535f

SHA512
15fde9b57b55aca643585a211b011fed8869a00f2981a2eaf66ae15a49da1376ce1431c114b7e7ed72c12a6a60f5a3642ce5d23d852eaab53017cf725cf43a71

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
66KB

MD5
dfae380831430f5a6ef7aa8129fc2507

SHA1
5d323c048cc01fe12166a087fe0ab26b15260d2e

SHA256
6759b8e698aac1db2fc57471068b223afd5b2a60086c60591a2a66961d756ad1

SHA512
3a2626f21a48a618c89345e7a5420fb998980aa74f97b673f29f910dae927bc38648e8635eb533e2260caf43f921092f6bbf26753085715adc73b840c47b0a7b

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
60KB

MD5
8de1fe8db85f32437295292a63f5ebbd

SHA1
f06e28628cf8ef5fed7d05a10a2c8a32d93bd9d3

SHA256
c5f519a152d96f35358822e3803aae9733cc0090a5f283757222777e1cb38fd7

SHA512
8d6a7875acbc2bff8d47a10c6a124eb2c4bdefe3a0d8c449bb1b3c70ce10b0a8ee10838ac553b02c7694b30395ac0f2fc8ca48b97f145545ae360d110a513e07

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
62KB

MD5
51a1f0e67689520fa6e737c850650890

SHA1
4c83049d66f8a613f3cb549bd175832049c1b5e2

SHA256
3d582132f8e1ca3d2c9cd823ec2aa655d0caaab864b26d0550b3acf0044c5905

SHA512
9800c09be462ca8379115b72b23e053d0fe137be36e515cdeff7967d1356257b4931c63a39c297ad8b74fb4a21eb3858a355f08f9fa97a5998787a017971c309

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
60KB

MD5
46c8de9fc9c7477e2c3928f926f73ba8

SHA1
d07b6c42ddfecb46e4add416a54f2d0c2aefb4dd

SHA256
8303fb8fa9d67262d795e77c526990f854a542b4fb425203a4fde149ecb815b4

SHA512
36de6d00a0ba8ba376d740dd5ceeff3b659cfa720f5edd9b3d222edad91ab778e493f4f87f373a2cd176c6b511a1b6448426fa0301e28dc770651f6b1323f545

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
59KB

MD5
9e57b85ff7f9cd972373371fffdd618f

SHA1
465cafbb88a9630841aff3149b773259b98d1621

SHA256
7ade8c0c338e4aa9b646f78c8e4c70c7b70279d983d383f79cbb58c79500bf68

SHA512
5b87df24669d68e45d970be1da22965f1c3e602828d4e14d31b607c23108371141c56123b56dc143e1dd153714aac77c82b9fe5e8061f46cc21c2b1f2b769728

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
60KB

MD5
570c0954635b23595cf7cd3cd8b33677

SHA1
526ca6721666467bef4ef930662b708aaa008221

SHA256
b80b303117e873df4bd7106e2a34d6060be3e68d0243d90310fb44334aea6b18

SHA512
083a12b842cac164132b9ae33727b245aa983c9b14f8fd2ca70c0a00350722946a445562168da6a394be59cb8e72ecb74ccb133a0358dec5eacceaf6ad71c83e

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
67KB

MD5
ccddc0c65be7dd576649ea4f236e4342

SHA1
458007918c5a2ec590429e247eb0fd0b405d939c

SHA256
cfe40f5b522a684f8fca9e96cf6ac6ffa85f3db445fa6e0f0ffab863aa962034

SHA512
9a35ce893bbbab97fe6e6ce3c93acd7455905ae5ad3832d2cae8127a69066b15259696b99ef25ee128c741043e8009516239961477f41480396faed542866489

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
59KB

MD5
e661f661f60ee10289824d5f92dd71cc

SHA1
187d24e55fdb145c3c5dc3127f04d6ccaf815286

SHA256
950b905d0e79d4451507b04de23d5f629f8da55006fa28e666ab80052a1af090

SHA512
4f1c913916de725020d56c55b1fc7b30cad4d3cd9f818c0e2a72e02fa3b8ebc0f8e4faab4433a1ed625e079c124326287ca547be436741b3ba3f9344f237de2c

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
61KB

MD5
fc0de5a976a92aa63c2bf6f4c1d85cbb

SHA1
34d8bdf4e771c47942b9663ec34e3af3d2cca22d

SHA256
ac91baed462ef03868eb83a2f57fc88aaff01e24e1d4eacab839b2dcf1bef9b9

SHA512
5bc0185a96b8a7dbe055db57052f04f521d5dbb00af592440d0f0ce35715b94d28a57fb6e7c18dabbd48aa4d923470ea601d3d06ad2e2243bca8d0073a906b97

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
57KB

MD5
4ecc97ce022680ad334e7fbe85d942e3

SHA1
ec6f6f70ced1cd81150d6af37fc3931c0dba8df9

SHA256
8e9b28c2383fe17b5d6b68f58eaeb5759f309570cfd3de445680e9183675d406

SHA512
97977f4d40ff409db693d38369c9c980595f454a5c516e1b87b52f457a718acfddd8b1a6af8956181dea1049365cc0e00332a80769ed88c47d5bb4aa7034334e

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
60KB

MD5
44eaa0de7118eea67065c14186ab932a

SHA1
e8754e17f3d07093490619682c071a537f291bb8

SHA256
9e06382b91992db1bf5802806db5c565c9766c9e0b247bf198f3c162cb9aac79

SHA512
d8cf91b42b5984f0a0f4c73b1e720aa4c96984727469aa9367285af82c94c123585b10d9bbe2d30392fb3bb634104d4af8316a68d084e1a9831d003d48e82eb0

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
50KB

MD5
0d4bf29a8eb20eabe7666d60f5c0cf3a

SHA1
9bbf50e467a4854b7c37b569d140c2b212ca0ed0

SHA256
7b1d875e4f473b92d51635666a93a886bcaa975575dde1a56cb2ef82cb2c0689

SHA512
90bb332c67ddc6fa8b426b0401c0227dbeabf263416ae9eaeb0aec5be733cc92733fa794f98749b725999115f712ed69a6de498f5aa9b34d76a75cd1acb53c64

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
59KB

MD5
364c2af52d2a07051ba04b901449e081

SHA1
297401ae871cf321568bb35638b77bed26d442b4

SHA256
4871166829568ed6f21554b09d181f1e2a84d5d147184a1a2b570f0e388a1e89

SHA512
f19078f9f11296b327c1f1a928f5a9cb15517d84aaae1ff04b5312b913957b39f614125839f780b8ad88af388a6f8c168004fc5c406e34c4d34421db2de1d23d

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
60KB

MD5
76e2687ca35f40cd0e11f86bcef12818

SHA1
4c4ff841dd1891b47d3d7bc285d5a8718f3f0458

SHA256
0010a8a8fa4dd67219ca849c1e310292a012698d6623f40b2a5f61207dd09b41

SHA512
b4f8222900b809247961eae450ac3e59a03d6f6b61331400d4d1243b5dc5f943d18d7406d9f0b8b8f1c0d5740e95953b217f361254c9be0b3fc64fb9873e19c4

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
59KB

MD5
203d15d0068a647977360881593b8e17

SHA1
15283996baee78c6d3d29f4d656fa2a8c3510312

SHA256
2f6a027b3a125106c18978a07316f77b8bcd6ee088dd1051f90a517b6d3353e5

SHA512
82e826286c68fac28b2c5c878c1ba53a834fa93981e8420c966acbeab5ba1d0b9971b2551fd44cf38fa94c1de236cd86dc3dfa9793ea61ccbb87f51f5ddf0278

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
60KB

MD5
99588ae5878977c8a2a359c9778f3aa4

SHA1
102054b65736f4b17aff0ebab8f82f52a53a2b21

SHA256
b60326fcf8adeb05fc01a7db3f1e9e853dad017ac35cb517da29b8a69f446425

SHA512
a918880f3955ee8173e1e2e88a27b5ae072ecb8b58ade87a87d8ce45b56d1d1bde6ee08f124e974cc47f7a19283c9c19f042a8df251418213f0bd3781fde69f2

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
62KB

MD5
360407dde8cfb0465bccda1ed6df069d

SHA1
19621377b2813786c7690d1715cf0bb07f41c901

SHA256
247d1f30acf348ec04ab00de1bb93200bc3aee90f13634e9164a492c15783abf

SHA512
118c6f845d8014850c46f46562f7abf0bf686c0f91acf9df59c5d802a3c876621e79769a9011a70d98d8f872b3b8e80f7d3a57d58be662cebe1c46250e66c4bd

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
68KB

MD5
5373d42e755077787641cd7b9ab22653

SHA1
771c949959fcf4ab0f7d899201ce661496baad4f

SHA256
ec813d3adc0bc5a20b1c9571f72c1b270da4ba1bedcfe5c1cd5f0572da7ef8e5

SHA512
8c7121c9a2123bc2df499ca2e5f08698c2572515886910d2e909dbb5d2c57957eb6eb3bdc8aa01d0014d43d62a59cbf99b6d9885038bfd079e5b5a25f77400e3

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
59KB

MD5
d9127b8c85a7101f33971fb8eb0935a2

SHA1
2ce24e69bcc5c8c916e814ac3ead18729d01fa17

SHA256
e9cd4a9619ff03564c77d609dd2ce1018043ccfe9cd8c578a7f2fcffafd45be8

SHA512
b1a783e91decaed1ed58a3f3c726aaa31fcaa94e9dd77fb0e81d8edef9e829629d642a462befdca480819e5f2a82bb162ff4f16d02c2dab26a59c55bd0c29fc1

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
64KB

MD5
6166ed357bb9d1cccfada26b823dc529

SHA1
aacdcd9bf4ec05b73999374cb3920e43d2c47f5d

SHA256
d242249b48cdeafdd30edcbbee123b014899b128508fdee302ec2884b5ef9803

SHA512
9a3ad9fcc3e90fe6074bda3a8d635c0980136519b8d846b8cfbf397be35aa348e862a2689cfa6dace65b086f356794790f329b5801332b45d9d1b42e9b2b5135

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
59KB

MD5
e5e1a00d6dd378c6b36d6a891456b8ba

SHA1
172b33d6b39d95bf43a44018cbaeb135aadd1ba2

SHA256
73bd1df5595aa21a3a2b270bee53201727efb17d098fa6c005b382916d1149ca

SHA512
0a65d4358bdfe77e9787f35bd2342d3d941f32d36fbe8bbc158d2c16d632ae48e1e270285d14f2a3ff2a5b4d3c9aa1bc0235445a515cf85acb9bb2858f0e4d9e

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
60KB

MD5
74f88c436054b6d2b809b70e8a8277ce

SHA1
f4425cfa8626ffadf69c252dc38d6a15c9f87cf1

SHA256
2cbe7adc95b0eb1ae59296e2e21fb4d72373876035a94efb678eb666899b88be

SHA512
4edafdf44b2cd0ae0ad83fdba679893336835249a4855943f87ab37c50c409bab9d1a50183bb88d7139cd5748584b3f5e5902360f732ef60c511c8e61304d147

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
69KB

MD5
9e8522dabf8172a6d2aabcb995859ea2

SHA1
709178f47fb7a7a9a2ec9db8f592ffe3c6ef8f61

SHA256
6b52d0a925ae3a7deb818fab87e36d13e061e16d292ec8512fc06766912a4123

SHA512
2f1bff8a6a722b5666a2f17e809b6bb6d2c64adfdc784975f5f354ba9e02fb4a826c6fd363121d4d4f5fbb7019b03e45f2102399725a0315337adf7d5c45edb5

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
59KB

MD5
9379a5e60192aaefe7cb0d4e31230def

SHA1
af801af3402b10571056411308dc4002efb3a5d5

SHA256
28aba1bcb983e6ad17f543ded55dca9b91cb3721c65fa697ff22a65ff4f42886

SHA512
d68866f249c4d2f3e400406f6322658fd1433dfe9202b280315677aa06060a915f4aa13f73238c97e60bdc82ce85e05f6e2d51c6ca5f24ff05a2830d9578507e

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
60KB

MD5
a0dc77b1bca3c561d57cc27e0b430f09

SHA1
155481f309ce6fec473f64b3cb06ac751f1bea58

SHA256
c1eaef0149aa3bfb2dc86efea10b8718d18da836f26509ca6ee549dd969326fa

SHA512
4c84ba9fedaca5e6aa83c21905420902d15c0deddb0c8c468867929f661b30878238d08b6c9a12cc8fcaa9661170d2b331489c8023e36838d0e82dc8e83dab54

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
56KB

MD5
5760b0808d05682e3a8e43b9e42f30f4

SHA1
2a546d95ff0542e4b8b09056b19fc4bd60478271

SHA256
fac20ad6e0c00da955bd549bfa243b905542320ad1cc79c4ec969377d7377963

SHA512
0a313b49d6f2591ab453b2a9478f94b3e663029df6ad46efc8c0c041ac0d05024a81c3820ec113f231fd99b6e837278e7c6c527409c4b83cd7216466557d0247

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
63KB

MD5
4d876190bf2c25f2431583531364dcc7

SHA1
8c636e963dcc866936a4da8d55a26c07c2376129

SHA256
189e858b478e28e94329a67b155065fe24d213ecf40ecfc6abd0931220a9bf9b

SHA512
69e37fd7344671dd8b534922ec4b8d174c81f8f7a30708f7dbf4f57c40136b2651ce2d02d95bf20ba162a74cc500c5a6d6d7a6e536d83db9708260e554f85ecd

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
58KB

MD5
f0f95946e72c9ecc5291389e896cd303

SHA1
42aec8b7e5b873a4eebcf24a60fe7c82dcd70285

SHA256
73a43f2630764d13abede19cc442afaad0fa25522eb14f2e8ed49b5a8b8ff13b

SHA512
987066e070986eadfc8e0dccad5aaba33b3ee5da343423f2661b46145320ee42f2e38355fd6d441af13ad487b71f5935fab086d676f7db6e7f798b7341cd9f51

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
60KB

MD5
37eccaadde560fea3a6cfed25aaadb1d

SHA1
7939c3213a50541329ff81e94efb1a3be4f6b23c

SHA256
c5d6708a95573b974006ac2aeab2d637b42ab8ff6aec0db1a4091453f217b2e1

SHA512
fa083f814dfc2ccf146d290b7ad7fdcd99dc0c9f4e3a0678dff552885f185dbb6c0ad8615686d1cebad0162384f0f712dd6347d19a2cdfd2fe757b36c110da60

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
59KB

MD5
ff148ed7feb0c5bfc0023483cc7cebb2

SHA1
07110df21dc25012d5919766044b591cd6c2d95d

SHA256
617d6eeb00a3a0adb2c79724acc14b9d6d151aeec456028af997ddcc94574fa6

SHA512
e034ca53a360e552e79492246d463f4d61f50d572c0a8d5cc3b6555bca3222788c0fb2285d6861185eabed1100f3d7741b819332a322bd65547a6f254eda6a16

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
59KB

MD5
8ca6555eec08ccd24bb5b3941ca2954a

SHA1
8aabe16f40ceb7c00b7757f4a80c4f8433775dd1

SHA256
1b9fa2d31a616959da51668238d2871a0abc8e7e0c6da8d9be73618415ca34f3

SHA512
340e8698284e10e0a9f6d7c34e348b72ec7c037cf751ad7922d27c618935df94b68537e22a0c40a9ee85d745827615d01fdf16b33e8cd02986ffb92960888620

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
59KB

MD5
98960b445a581438a1442d922fdfb168

SHA1
887513b2a16573f9260e6e203d2e344be04461dc

SHA256
ea2629e5a01ce6985a88a2b5b8d3dffe846a66816426b42d191ac3375f323096

SHA512
488320a48873adf6669f98a1ba5d3aece37c00c366eece934997054390870cddb7a8560ae62cc32f98886d8ca6f80e856dd4ba9ccfce7a4f0b9e2879a4ad402c

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
51KB

MD5
200d36a8a0bd13b20ea6239d53271202

SHA1
46af2e924e911d3c64fc7015e7fcfcc15d8b1be5

SHA256
df87d6fab9c586963c8c54de9fd2eb1480ab363bb36c7e1bc178d671d73a1bef

SHA512
bc123f179e097ad2aa77eb6a4d148f60638ebc9f59b278455102d4957c7634abbb6214715a7ec704f9bb1634a0c1685a8db3edfaf8340cbc371e9de3675dbf77

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
72KB

MD5
6d23c41e55985272a0626ebdfa0a4894

SHA1
b74316875c9793d8aa176531a9814b7dee1c9c0f

SHA256
d42137cea65c816e1c007dfe27a832045612b8def22705950e0f94877634945c

SHA512
e5b3a3b7b2ed6262324f4c11d8d4be6d6dd1862e09f6da9dc0689514374efa378e000e719d52f66af7e0d0992a0e01c22007a052a757c2a4348be8f84c436f96

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
56KB

MD5
0bc616296dbd70f580ca6aa35984a87b

SHA1
abc1df05b36ea0ca7cff1c60e300696a362a293b

SHA256
7f3692df44e3f8530818d1ac387f052c14568fb526dded0a1c5e38ef568fb011

SHA512
19742b59bf27d0043415d267f3abf3aa53fa48ce8df6fbca9b465fe00251fb66d638f2c759eb635ff1096d1ec6a79f54ee2aa890e848a3b31ad1c19644be30e4

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
57KB

MD5
31e45aebab387e03d5b0f367ddbb6a96

SHA1
fa0ff77d8a7bb4358497461b5c9982dd1f0f9eee

SHA256
a93ffd056b614825be73cdd92de8da446e25f48475e917ad50d89c864d7d2921

SHA512
ff5a7a8c9b3eeb141db0ac5a50f854fb6bc16ae20bdace57b5414d3491df80759ec7cc047dda3e9bbe1bc48d493866073249e09d1a56b60e63f7af3d59d2d170

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
50KB

MD5
816e02bd9d82d258e513a3f991b05025

SHA1
2cceea3c6d102a7dd908e50beb559186e78faadc

SHA256
e89e72ca03d78f0c2cdec8aa42074fc2714d6e1cba23b4c068b12be2f1af0e11

SHA512
d5d86838cde715e8722783b04a0a09e4717bb98e88056c572a2cfd3bb4b1b60d705199353a444ebbc9f76bdad4a0b659953d9cb6093de1106ac25a3cb07a9154

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
65KB

MD5
0838911d504bdf67f3c0b2372c4e614e

SHA1
08cc1041d14f54461d99b7fa4fe38700290959df

SHA256
9348a3090f648607911304aebca34d6f71fd30f81a86c66f85d42139d4441d0c

SHA512
d46e79eb9a804afd0fd3173d4b07eefa6bd50d0162b448fc85865b6174fa2c0134fe450e835dc0515b92494143aa0a83fce5206b5fead64279d8ceb7eb1eb913

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt.tmp

Filesize
60KB

MD5
89f4138f0ab24f348f83bde5e9029bbf

SHA1
711c5dec40ced5aeba18af9d4a870de701ba75db

SHA256
03879695ecbd26c544d58171cd02e1227b9dff1c4b7e729641f1522a503bed16

SHA512
33d5d3f38eb32afcbe079f995ec18b60166aafd76f14ea423fe2e8b32bc49c369fbb9946021174071faf4fdcd9a5d573d30841dac4613589e793c746e00412f0

Download Submit
C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

Filesize
51KB

MD5
7d2e17d048f544c9a63661c1c4dae74f

SHA1
427602d34fe02ae695bcd6f76ca2b5d9bb98d3b5

SHA256
e10165c990e9b91cad6a4d45fe12815ed3de55291c2b565b047e1df13c3e343b

SHA512
40d61caebb6f9e13a69b10c1ea7cdad48cb7f86a9912de75c67aee9aba9c192631c34184cd8bd18ffcced0c69fe4f8cdaf97c06f7bbe9ccc149569c49cc651bc

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ul-oob.xrm-ms.tmp

Filesize
62KB

MD5
b54ad6c43835341c77a66a209cac1c01

SHA1
f312fa44e8f534f058466594e6551425ed77c23f

SHA256
0195070dd4dd2d4324a12e55140f4ed7f95b7961b5a84fdd0c361473a86c0325

SHA512
982efb8bb5e4620d87ce70bd766c9eb1665912cc1cf13f967c5c662e427eeb7a193fd21cebeef8bf877882fdc954a9555e032ac97913a193633a76f5555e3ff0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

Filesize
51KB

MD5
4f2668d5d1218c114ec788bedaf7e08f

SHA1
e080b6e1ddd4052b3a579f1c1fa52931d0b2ec21

SHA256
0fbe1d9fd3a5088e01838ca7b9a4a268ebe58dc662a47cb6955d70822e1ee4cb

SHA512
60566c7a3561ba12d8b6c940519c767047bdea9aa77a717f1a2fb3a876186e950101f7b9a8f77819fba5695ed70f45713c0b36eada3305d199c533695f82deef

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
50KB

MD5
3c308eb5590f6b1b50f614dfd01ba60a

SHA1
f4fa16102bdfffc361f043652c8948f698c3af1d

SHA256
ecf6ca5823caee80370cf6b7aa64878b1164bfe352d448d53432ee1f2b1f2c97

SHA512
18cabfbf36dc3a63c0f280fa13d5590cbc0c156b3a537ba272c5a560d9a364874869686977ac259c2f82624d4d0b8c4e8b55f70d3e96ede1c52ee16a5770dd93

Download Submit