ee00f01df47992c6ab5d7e7242eee66869bc6c4943c2551ad742979ff464d5ea

Analysis

max time kernel
120s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
26/08/2024, 06:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b2766c05a62f5f0b9b0db41239f3570N.exe
Size

164KB
MD5

7b2766c05a62f5f0b9b0db41239f3570
SHA1

1b30bcf50b857f82b1efbefd7c83b9985b5f0521
SHA256

ee00f01df47992c6ab5d7e7242eee66869bc6c4943c2551ad742979ff464d5ea
SHA512

fd0d25448a18c5f97cebd22f9dd495a7d26c16af59c3770b6254baeb585ee81551dba728e0dd05b3a2589ad60dbf6194b36e344e233cc1ca303850f4e5dfb9c3
SSDEEP

1536:W7ZhA7dAZ1++PJHJXA/OsIZfzc3/Q8zxwT75T71fxRfxi7ZhA7dAZ1++PJHJXA/3:6e76mQSohf7fQe76mQSohf7fi

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4653) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
3400	_desktop.ini.exe
4404	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	7b2766c05a62f5f0b9b0db41239f3570N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	7b2766c05a62f5f0b9b0db41239f3570N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-pl.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-180.png.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Accessibility.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Internet Explorer\uk-UA\ieinstal.exe.mui.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\unicode.md.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-pl.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.Local.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Aero.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\msvcp140.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_upe_sdk.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Primitives.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.NonGeneric.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL.HXS.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Xaml.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\klist.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\sunjce_provider.jar.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-stdio-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.FileVersionInfo.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Design.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.NonGeneric.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Design.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCONTROL.DLL.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-140.png.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationProvider.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemDrawing.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ExcelNaiveBayesCommandRanker.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_F_COL.HXK.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.cpl.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-180.png.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.tlb.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Xml.Linq.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlDocument.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Content.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.AnalysisServices.AdomdClientUI.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-80.png.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CHART.DLL.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-80.png.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsBase.resources.dll.tmp	_desktop.ini.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7b2766c05a62f5f0b9b0db41239f3570N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_desktop.ini.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 212 wrote to memory of 3400	212	7b2766c05a62f5f0b9b0db41239f3570N.exe	85
PID 212 wrote to memory of 3400	212	7b2766c05a62f5f0b9b0db41239f3570N.exe	85
PID 212 wrote to memory of 3400	212	7b2766c05a62f5f0b9b0db41239f3570N.exe	85
PID 212 wrote to memory of 4404	212	7b2766c05a62f5f0b9b0db41239f3570N.exe	86
PID 212 wrote to memory of 4404	212	7b2766c05a62f5f0b9b0db41239f3570N.exe	86
PID 212 wrote to memory of 4404	212	7b2766c05a62f5f0b9b0db41239f3570N.exe	86

C:\Users\Admin\AppData\Local\Temp\7b2766c05a62f5f0b9b0db41239f3570N.exe
"C:\Users\Admin\AppData\Local\Temp\7b2766c05a62f5f0b9b0db41239f3570N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:212
- C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
  "_desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3400
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-945322488-2060912225-3527527000-1000\desktop.ini.exe.tmp

Filesize
164KB

MD5
c7c822c58eea638ec87a2a0ec7b7866a

SHA1
4192b4803291d61664595c7b129b10ff170bd293

SHA256
3331fb824a5be68cb4d806c8146498f53d2661ee47dbbf5137e05d9d33cc26c1

SHA512
23dcbb27b3d7769fe1ec4b5ab34e3584f6f6587dd4bee93a67fd42674a19e27de5d97e1816a5e98a7640ea77c74c19ee3125e851813dff1cc762024f1d1c6a0c

Download Submit
C:\$Recycle.Bin\S-1-5-21-945322488-2060912225-3527527000-1000\desktop.ini.tmp

Filesize
81KB

MD5
39ac1ade3add623d323b74a70aa21804

SHA1
873a71ada1f88fe6860c3839759a2546522dc389

SHA256
90a9b145fcda266a9ce401d4439795ac3cbb73a70a9d3fb4c38454b7f890d45c

SHA512
4d5b68df48f87e8cca950183c0cd24087f37f0b731b27322855f044ad42210ed7ea792f519664a0db7d217e049e6eb4e8a04a831afe24ec8950fa0557a76a263

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
193KB

MD5
106b47cf7bd46dd46bdefd8a9548c7c5

SHA1
a4955e442d4f05c67630f3debb4058d69cf74782

SHA256
63d17077c2b147bd0f7711eedfe93c925b9c01b32b0fef14c1bcaaea826e8d99

SHA512
22c5ebf247cd3295565bba5db047aa86965e75c796a989761a68eb3373333a284716db5da63fd722e2e213055aba1acb0d53a900d7aeec40d1fbfad4c435a8f9

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
180KB

MD5
ea5f0b6c4b0c0978d3305064ab98c748

SHA1
2c3705a28d416fccf4fa0cd2bbc1e493b631de19

SHA256
f736603f5aee373d510be966645633985ede0b9f4ba19c4bd04e51d57063d52e

SHA512
69093f34bc27069b7bcad2b9fa6e8846f45c2c2da0e56219ab4669fc59b3352646de426ccda370e2a69061f37a8ff6a4514dd28357e1703557263b68a4cf1aa6

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
89eaa7355782710b899076149bb1c9fc

SHA1
1030a28ba013e5b5f9ae81d98862c5aab3dfdb92

SHA256
ac8b8a20c017d205f4f84ff955dec6720b2c39b5ec95139fbe96b32518aa8a51

SHA512
38ac03c2b644af635c0f801c8211a7f01aa840bd35272a14f44e59740b38112d9572b5e0a65db5b9a32582650b55d0fb8f4d8ee26ae711a5f6133cabf692c23a

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
627KB

MD5
317b38b46ea32d8e86994b81e663ce9a

SHA1
c14a62919888c642dd69a8c907d0829de65f5637

SHA256
9124e4030508fec217ab8db980ff7bf1f471e8b5b9b83fc058fccb65ec90f387

SHA512
ed1f2929e56f8d7fb491b021c03b57b11d63c4180f6ebcc1f11707e156c4a301c6e18f77f1103933a3b1852108d8c46e7fd06525d33b53036d6db70d92c69b2b

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
84KB

MD5
7d99dc369713d7e2e4ef972f81c3483c

SHA1
c3cbc9aab8eccb6276744bb5f107424a094953f5

SHA256
1a9dfdb2aaad62a937bd5184c642b4a3022040d65fbe5d2ee595e3995f5177fb

SHA512
22ea4c1c3e35432b5a2605f0b18ab93003cc00684a302517beb3c0e5ce9ffd9f78805f63b2ff62f4d000d3e037e0d87ddbe3bd5d894a6b541311e57c57d4553b

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
292KB

MD5
9bc0e8e2f004606bfe3c770edb9384cd

SHA1
f94a826f4c3a31cad142d95866137000280842b7

SHA256
f5502c952b0c5bc02b633eb390482cd53d9801a9bcd65d27e687cdea9ad02aaf

SHA512
99d1206828e5729ea7fccd90076d0bb8571a0a57a9b44377e916ef31bc456ef3e5b7ef5981a5b1086cb3ec10563d09c97432f4ef396fc977221e315471a9824f

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
271KB

MD5
aa7c52256a0a118aec5a62746439a389

SHA1
703c4098e95d3e717a21d3686431370209044237

SHA256
f337bc54fdc8f6e13dbcd2160b35f4def8a393a84dd6ad37066caa37957d9878

SHA512
83319f73d5a328190095dc5aab411da9c5d31c5ea701cb508bb06479215a0389ffa68dbd6f84df6db40122ac391b3a283d44356e3e68ac57bad1ec0da62de2b2

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
1013KB

MD5
1fb0dc7651e01cde1e9575ff325d3fa4

SHA1
4b9472fad88beb4d36a0bae5e419d53090a4b0ac

SHA256
3e9dfa1ac7b1ba7c0e8fd1bafb6d1b240706d9f099af7a0917f65f58745dd020

SHA512
d773a634f8414a12211cc10c6be8527930ea1978086d9d3970d291f87138d8e57bc8a8bf41cb679065372b3821532e022b4d6a165c78bf030b6b8fa1cd407027

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
767KB

MD5
7cb760b235e93ec47a762d96e4ec7cc5

SHA1
16f32379e3bff57f886f22e0f23bd999ffbccf5c

SHA256
931c723feff002eaec9bc57ad83a0e2e9aba2a547b33c8aa69aca7d41384297f

SHA512
c99d0eb8edb426ce4ba97f28ead3921d898a33a2f18ef3ac38e846616663c5a0d592bfc400bce3006c86732fe15eb66b6be9d6c0745060d9c79cecf7249cfbc8

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
138KB

MD5
346fb5ae95d479929e5b29c1f2add0f3

SHA1
eabed9bea3e4c4b539e5ffcb6ee72a2d660d9cc7

SHA256
b2629efb7f75e06b0510370b53c6ca5e5ea295122626b53feb82372998fc2f83

SHA512
14eb3875e1c8b63e81fc465a4a2a6c2ea350559d12dfa94cafde5647b107c259e9b164dd5bed632b2ba3eee87bcde9678567308109536d513168be1fb9e6ade2

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
88KB

MD5
9d9b2a756c4237ef0a86361d7fa686c1

SHA1
0561a3a2d1a4874ddb896843481e844ce2f07fe4

SHA256
26ece952146355a481a6f25b22aa7f52cda5e433f661b31d60396936b9fd9da2

SHA512
ae297f11b60f92952761adfc7f8846736916695263e3da7e0f9bb93db16f3f4054fa446a17d377655217a597f36d1740fd595ef44d3d70299d5f30cc2aba19ef

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
88KB

MD5
897f75754c1598a25a834aee679e85b8

SHA1
438752ccf12b06343a124e4bf5e1dd3a0591e376

SHA256
fc84e77941ccaa92bfde74ec9a1198397d652b8cb5fab390980bee6be75286ab

SHA512
0a4bb2bef0622ec95a9bef94772949fb255393617cf7a24fcc4ba95a6aca7d47921b13eac06cc76e6648b20c27b5f36444a7f4252d46b39c844f1db8159681f5

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
92KB

MD5
dee73e991a3f58ade794ad4149d63d20

SHA1
5c17d9cd22357a2ccd6ec2d1ddbaf02b4a0bff65

SHA256
33d39d7ca6d718b7988586a3d4de7298b1d3338db6ed884a8a0efce9f51f8b1b

SHA512
1c3ad8496a5efb660ad688836ea863e9d194388d9dff5b7928065112df0e8bfabb8e0023ba22533256bbf567d92a35b1faed7f968a0190f5bdea8d5d40e480d6

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
92KB

MD5
45503ca4c2e1356b1d838aff7d4f98c2

SHA1
a8779ca518da6bd07a780c96a051bb3710b0b422

SHA256
7bcc54909fdb1a3ca03bfbef14ced874deb689c8a2474d1121eab6e4f1589196

SHA512
abd274af87aa320ce9044eaadb2ee49591b2d6d5acb7aa05e19763bed2cf69d6f051de068885898da4111f4c3a93458a61d136590e3f7e178858fcce042fa893

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
98KB

MD5
b4db0c32bd9bdd711cb7a818df4066b4

SHA1
e9d229a5e5c38d164ef85db9a72d94f5146bc1a1

SHA256
95d36a7d884df757427d05d2121d529893de85d5203578d8acaf96623449479e

SHA512
32f3b38f3ac01a420e108a92512812f9ab5e5f5bb74858ac6efe32aae27b69ac2ea63c4982ce492ff05479e7a2e82d01e30ca8b9d41d6391d791e382fd5bdabb

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
88KB

MD5
bd36de076b3fb7dbf0cecac172d9c758

SHA1
ba2e27fba49be2743e6238c24f1e3101785cf0c3

SHA256
39680ea9077116307db9b09880340fbe732d2e6abc2c7bfbeae2151908b9374b

SHA512
62a6f277affbe12bd0406203ba857601e04bbab4cf82b1582d1cf22b601d4c501b7c722ceb29ff067aa562e3d29c4c0a1a46ef4d5684df442acc8719c7a27a1b

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
94KB

MD5
26b1a40ea920fd2673ef1b4ccfabd676

SHA1
448072dbe74cfbff5de6d917728c7f5446be54e5

SHA256
a8e12122d1129006c1870ebb8fd6f7e410289cc6b4931581dd22cc6d8ce81f30

SHA512
ea7dc0272318e0590e2a2e4636f68cb9ca988cc580bfab45ab28acd5af772d43a03c796bf4d90abf214ea03bc1e01c9bffc4f854e521a075c8882719a4736b76

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
92KB

MD5
33801b5346ba2a5e2bb79604a73428c5

SHA1
1c2ef52cc63990b152fe9ea3411ae1ce977fc7c2

SHA256
b7ae70fbb5a0482ff2735c5e3a25cbf85228bfa7a9cb0b80ec241af75efa34aa

SHA512
5f2c929b2e47c73df519ccbc701e48a4de0b83a92e6f101697cdf58382695994dc82d5ac927e74a81209b33dfef716d8e10bce9dcb9fc403d80b247ca16ba3b8

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
88KB

MD5
30e5da2b292fddab8ade367f2b1889dc

SHA1
3ad59c8a5fad8681ad880eaffc4ce8a5246da3f8

SHA256
bbfe42b299fd5c3ad6ca4ca7d3cb79ddc3e0951e9a85d80bffbc183bf7a4c521

SHA512
ba0d8096654cd4490a98fd82a523d6a148130186330ef0706578f3da6a61707390355da0aab233eace4bd82f7de15e9d40cd4d1356da8d08d1488c541c23b48e

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
91KB

MD5
613724a41bd2cc4b8d99a4bffdc36381

SHA1
65179d1883f01fcb73a23a2e8c0e70d113f24dc9

SHA256
b17c2fc6b71d00ac2721e5202ab44a3afb7f9b7446355ed791a45a763e5bee1f

SHA512
e920669d39946635f52e03f0c2c59f71a2fd9df520b71538df06c82c197a1ca65e82af312193776228e1713889377045ece1ba1897a12630b31f4c16fe19e724

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
92KB

MD5
33b956ae326c05baec0a2cddc5f475aa

SHA1
0878c5257ebaa4fbd1f4e7104c5c4469feab5d98

SHA256
19012b9d06e60d53cae199438a9704404e0f982ff6435c68b7bb07ee23572304

SHA512
ee2e5fe2187a47f1ca899e0b189dab6fae0b8c6a966045bd1f88d0fa544b57eb574c1209b3c8115290512b74dfb081a3b9a337abe05e12ef2686348b9bee213c

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
97KB

MD5
6d6b65bc9578920bd15815bf16e4be22

SHA1
f3955df38ef33de66c179a01daabae2956e87072

SHA256
bfa091250cdafeb9d2ff041c68e503e3523b5377f0408b46d8e484d6c5e1c5d6

SHA512
8a61c8e1bd3237470b7ff66a6fb773ec021d36855740eb7bd976bc22320e2ef9575a0f924b68f3afbe1f371158f6ad68db32c3422ea828925fc932751c59206c

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
91KB

MD5
cbb6528a6455862373d0ceb0954c19c3

SHA1
2e97620e37045542ec37baa1f4c409340abf46c4

SHA256
923020514b4186b3702715c5fd64aa5a1ec2f57447bd3ce41ff6075c0a9361f8

SHA512
e43f3a56700b2b2afb0d471ad0e2afbd0cffa8e8988c80f6356ae6cf59b7c8270c2415921d209b78b8eff042445bc2718b6680733151a6fc0796c385019edb88

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
88KB

MD5
f5deccb8e1e5f36355c680a2fcc84b96

SHA1
b368ec7b8d473cd35a8caceb98bfab9b3680882c

SHA256
06d9affb8c19f6fbead0428641947de8b323f98e7ce531a9a64f389e57251238

SHA512
e97294556b2974a2f25b417d29beb98f1424058018b58c87474481883c02f2a4964ea879742d82fb1005d1db797309b74fc765b57a36072475f9216f845d4d41

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
93KB

MD5
c836fa95a14d60b652a45a70b217edcb

SHA1
ffe3de62d7d6ff47e1f10c0f21adcb4ad9775113

SHA256
5e807800a380c51aa829e69bdbfa1c211a115ed7ce8f56551f7c2094466d2f1a

SHA512
956444e0787dd95ca1c9eee845c42ec54c21efc9a30f2860d302f4ef30fa0679ab82e46ee41e88f098fff005dd6e3a7756b8056486deebfc35dd7a252c477197

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
90KB

MD5
5b91494ab08efaff5116e47611d0ab4a

SHA1
11f4d399c155dc27d53e058f4c58cfec26dfecfc

SHA256
fd41f5d6b75627b6c2bdb930d29a760b481ac90d6dd7c9eb9e1d421b9c94c295

SHA512
48399a52bb786c8a01049d7bf4cc9a2a65a413c11d6bc0d3712b62bc80052fddd776208ab97523eb67ab49959bfff784aaed04fd6e8bca4a369a99bc56f09d70

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
94KB

MD5
2c3cdcde335891cda08683971ae0a70f

SHA1
f771df9b90d5c2594f1c2efefef6181c4553b10d

SHA256
0d3689825ea3aa8be556b5d1a3689b6d83422d33bff427b7615d26f163d6192e

SHA512
48ae2e4f0bc6ad06a8d9430209d28542dd33344458ac62a744c152078e84cb51d73d5fb6bc817b3a41179d815391564b3cf8ee49a9377a1cd4a91a89b4ef79c0

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
81KB

MD5
a9afd91b3d62868621a4763e539c0f5a

SHA1
1ed4a9fd547aa6383e1432df93f3c4e047eb2d2b

SHA256
d751e0535a2f4913f1d9335ed13233a6ff95067f4cfd91ac0f2a81c7113fe94b

SHA512
467d0cd5394497aff691a4ef166fbadb3fc318e9361fc962632ceca37172909a562cdb56a9d381180cc80ccbedf0c93eee13aae67a64c99bb101ff52e8825885

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
91KB

MD5
87d67bef38e462159aeb008621267560

SHA1
c261881ec2075c1c2f2ad959a9e82d4e97580279

SHA256
ebe928bd31e315dc7c2e7d7129b8242427c7bff7764bd635650a115aa2dee5c8

SHA512
23f7f47146b353e3fa662a318e0026cab182eb0865d3e4324c6d2cb5ed9ce07122b1c994fcd47da8df97843ee5c57159ae4ce1a3ff690afeb46379aec8651fbe

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
90KB

MD5
6ac8e8a66590a233a72337e81686b014

SHA1
9a38d3f9835f37336e9125b956e5cc62d2728fb7

SHA256
9f5fbf2cbcbd0ac840ae46ba4df9f44ac6109c52747613b42fe98c1b88b6876a

SHA512
b9f2a2279247f8e37f10c0465b00e7de0e3ac4bc58c9cb21ef327935b0fd9155a11b7323e39d2205627b742629f19d0fbd1d2c23175c460a492fe67a1a9ed4e0

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
98KB

MD5
f796beaf14bff2e117ec2eefaa8ad45e

SHA1
cc922ea1f0cde576b1ccee11d353daf70d54ea60

SHA256
bc4a6d6c2a8acbb57ec7ac940faef088716a0b53fc535b837ba4ca25b8153688

SHA512
54400e12801a6c261e689e3e5e2d15392e1afef9561101c5d062ce2c90838ea9f85addf222b4fe4f7f4fcd3e082c743c4c64429169e4b1accbadf0c8e69ec570

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
92KB

MD5
30a6681ec1a3de4e011eae3aaf146cc1

SHA1
61ac9266bcbc69f9415f80fb4b56d55010c244d2

SHA256
f0ab7cd138cd8a07d3665f0ead121e9e9a9fd160a86495c80e992b52f3944dae

SHA512
f8cd5039994b03f18a0745c89eaa3c691b05490309c24e77d4e420ea698e0b272d98e43c52508a0714c2fd922a791489549d6d7f80e7120d5e062bb4cb76b854

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
98KB

MD5
c2dedefb494829a9b5cea7c13d40752a

SHA1
0121e6790f9776940ab415a6bbf661502ec44067

SHA256
72ff86a63d349997789225e3c1e3081ec26d60ddc98f477cd27585ca3669c6f5

SHA512
170af80ae2f0bf7967b26bd4a1c01c9fd0915eb230daec49eafe34f063027a04573a37630b80b94c375c6a366d98ddd03920c768dabfdcbf860fa5043130d713

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
89KB

MD5
7da2156c4cda8bad764e87519cfb8704

SHA1
51a3705dd394f2cb5e27b2dd79f268fca3df176c

SHA256
31b997e19bddccd059199628925132f2dacea4b3f08cfa5730816aa2c3576daa

SHA512
2df89a8a025b75104dd8e88b4e31188bae924e912c75069cbb0c6629d0a046d9a3e280fdbec259fa1a234a61315e4bc8fcd02c437d2cd3fc6d670cb30ad8b9c7

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
91KB

MD5
3806ac9e8df89e71221755572c2bf133

SHA1
374300ec197e9a89bf7573863020b8f5ac5515fb

SHA256
61f2098f904e36d8f3272b9b1e977ddaabadf4d3407f2174159d5df5e535ef5a

SHA512
ddcf5a2b2039977bd074ba113622f0bc5e65b915664a8a01fa1375959240f5d5709e8cd897339aee5b36c3c90556af7f889a14c8bd832fd000183af4f749099a

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
93KB

MD5
bddfac3b091d4bc81da3969e51bc6d47

SHA1
c4a808e899865c7e692f808a9a73cc5ef5bddd9d

SHA256
0e357602ccffe86494a52c6936893a005a6ac2b6f1dfe58babaafd4b450bc0e2

SHA512
6aea283dfed8974ca03da638eab7def80574dfb8debe15590c875c2d663bb5fc4e81bc3b48b1496e974826a6cae7993e851766610f0e21a830ef916acce7b169

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
89KB

MD5
030c61bd1a1ca30cd86da96c90a855bb

SHA1
847d5d85a74a4616751243875a10329f701c390f

SHA256
215b234300190e6b11f4c6ca2f88dbe4f1f39bad0ac6da2f090f069a06c8b516

SHA512
1e663440b7e469cc7cb20f015a411af04ce5e4c5639b3edbb58bcdeef9095f36908906adb247fe6af4e58f603379fe98aeb6275bdd4fb4fd996a191c782238ff

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
93KB

MD5
b1ed226672c8049de4b50c3f6e033e73

SHA1
12c793527b3a34e1344464593294df5a6aec0073

SHA256
374e9cc29749e48f1b141aca257c2847a21b2761fcc28f0f2c78fea484708802

SHA512
f9dbe66239232ecfab856a7823cbdc3e8fe439698916f52bb2fdbda4198f37e6935420d5e2554924ebf2e025acfcd8e15029cc515d0bbc9a10a80ce073bd961d

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
99KB

MD5
8fe5a6a6cccbe39e253da5f1aba0d00c

SHA1
50fc7b72f681f8e9c8468eaf13dfb62e40a43c52

SHA256
05123ab048bef70e2a32e297223405e82869672fb6668d7f913d1edb3af7f30e

SHA512
57226a234b9279a09867524471e52de077336ceb8ef03ca94cbf3e7ade058d23a1d96b21dee0b7c8f9473640b4b28cd7421c2e15b3df95632f9d6d27a6fa23bb

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
89KB

MD5
882d7782a55b0369f1e0457eeb8d4aaa

SHA1
50a78f892080875ef8c7a881d4e764a759379e49

SHA256
e3b8391eb3fa1f2c72cd58a0fe6f65b43ec126459249fc9f1fc9b5d933c9d466

SHA512
28c29b7839f351f0ca420cf78fa4237e025ac2c3634859df7cdd53d087225c78862a8015a93415828df150316735b5e9727f4b65fbe2713e4e02330c9b9a31ce

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
91KB

MD5
54305c2414855fd1b34a36a7a6336a23

SHA1
cc4dc2c583b6df31f0009c760fc8856691a9fa3a

SHA256
a1128fe4934f411bd0bb69493fa92134f56d44928144da9aed17f648c8e83a71

SHA512
69c75db568db1d8c0313ef75e015140c53e41c875d5eb5a5a9336465874c89228d70fc8daeb6b77cda75c0b5018177e607de4da407a5e61052b61769915729ae

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
93KB

MD5
4dd6e308b6f1f23296b623377410fdfa

SHA1
d82685eaec2cbd1bf637f68fd78ee7742943acf7

SHA256
eaa66351da0a03672a4105a75e881f9aee5bb4073f33ba4e62403d88db12b953

SHA512
7542fa91fb35c3e498dd7f215691e236d29da1839886bde3db1631db45e48ffd763cd71251061c5fe0fc86bcd449d308d84465a7755ad42d03225a54dc1308cc

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
95KB

MD5
3352713fed486a8b3d0703d5cc3bdfb2

SHA1
3b862775eada1613b3836a8cd88371ba4d906224

SHA256
31e9c4aef8f64faff2adaafde86b1d3ba76b5e70e0928cb6690cdb9ca2ddfd4e

SHA512
a54fb5c63bc2b960e1020a17db0e07bd075311f913f66b369d539327f566f9c86fba2c5bd12a274b3bb697d24c4368756e85ab3cd4e0ff75ba3e95bb1097c516

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
88KB

MD5
25691371c430632f4cbc99a1a1459b2b

SHA1
a5b1a44243d3ea4aaf35a28dc2de375fa806da15

SHA256
c87eb3726ac474960d8a05fd690225fd64b7860c49645c683e022430654d31a4

SHA512
30071948cd481c852390c3f733bde3d4b69f07de255306f230b25b39a66e5da058bb39673d10215bcc7890dc2a9818c270481f204cd0d003321cebb4309c1808

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
95KB

MD5
612810ce277b83eb74322e15af235034

SHA1
67363a0f2a4fcd232ab97bfecad85b702d8c48e2

SHA256
d4ceab9e03d9e8fb626ed9858862921d5b1cc961bc7ccdbfd2c6f9433ef61aa3

SHA512
ca6aff22f7421acbec88f10b6087e9f09f94af68c914971c1ea5d54124a6816b31f82059326e659f9ff6f5744ad3d7bed0727b3cbf8245f4d14918523e8f8dcf

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
92KB

MD5
081b1d66e75deb9a561d1f1c98e2af3e

SHA1
94f9f196118eb98dc0130cec5e3c558e559cfaac

SHA256
c27eca7e61501d68b86f38e781e8364e46685060cc8e93d4a8c4677f7ac207dc

SHA512
01c52e07ab3e6d346edd0c4ec5f5b9b2ce3a0cf3dfce3b880af98fd792f143eeb376956c4023834ba12b73b723b76a3556522d556194617bb45c5df0a879dfe7

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
89KB

MD5
5ea031f00d954a66c6344859d63ab692

SHA1
fd491867ab06675f2b467c6bd4b8a90e400bca69

SHA256
75efbf24c9118e0dfb83e98018ab0001c838b4acff0f041b322866ff91cf2b60

SHA512
85b893d589b0cf1d8459965f5598db7d9e0dc7dfc31f9a97323a2948638015d6bdef85ab668c74596c33ff5e073c4feb399117d267bef6349470c3624d74f063

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
91KB

MD5
db083ac17d2f39f232377fdbae08efce

SHA1
84b4b6f5ec510d92ec705bfabdabe1a6a903601a

SHA256
1b95ac71bcfdd030ecde2a79ccb9c471146c8d470f163f4a1ce123b9bb9cafba

SHA512
c0fded23fa24b68fd66dd033592ac209339193c386493404cb53ddbb7d45f80bb8b0c647acb567d94660832714656f17a8b0e7a5044105417eb1a2ed515a6440

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
103KB

MD5
c801135277a27c5f75afa685abf2ea1c

SHA1
8cfada53202296881837fb08a422907442f08c1f

SHA256
1384a58be21d994b1d9e78e6b24fdfce1eb504819503f83af22335c3369f679e

SHA512
ebf0986d3ed61ce1b6c3664063fcc28bf75dcb1d930776a39e338ff33349d3241cdb952aedfe13580813e1bc0cd768c5eeed5e81e0cef38cbdbff0bcb10d1790

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
83KB

MD5
3919d63031ea23093fca8b27a6a6042c

SHA1
fb4d50df375f5f5abc2ec75a1180199345b5eed4

SHA256
c5e0238637b9311d2d900034b85fd2ccd2a8aed91a1aef6e787f352507600540

SHA512
61126b31ec6940031060f67d0fe174ec6b06d6226088ccc55663ab1a28d35d714ff921e6ab230a4472713bedd72e92352265117c5b3d3bb9acc34be539832960

Download Submit
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationProvider.resources.dll.tmp

Filesize
96KB

MD5
d63b2160df82237b8d72bf8c25377e97

SHA1
7e59374c142f7ff0965a2c1300d9bf5f7bf20858

SHA256
b81b94efd10528310d14fff08cf531f2efaad6da34721912cbcc6fbb1b5802b7

SHA512
018c2ee3a3432be1aa772748da6df2400fe438701f3799df2aceb3564a95f426e4f3a65e4c5b8e19c18d8229fd60c721521da127f4a099f091cad62574b28cfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

Filesize
81KB

MD5
cfccb6a621ff451df737dc2cc7bbecb4

SHA1
cd78b0b50de31757ea8c479316ce493c7b631ea1

SHA256
e2fbdbb78f9e9fcc18fd2d7a2f5f353bb0148871e84b019d9d4951a1afee7008

SHA512
8a13cd0f25ec3b0665e0aa6f3c745c2da58291e298de654fe4016d9f7b93bb7a8286610776cc82069612166e667e446c8b2c9059c963dc8b097c8f98a9142cae

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
83KB

MD5
8a86151e51b394211d5b2119f5e1e5da

SHA1
4c59c077c93267e22d667119612acdaf29f39b39

SHA256
882197f5dce385834d5b2768a214b835871b29b1eee6cc245ce72f461546e53e

SHA512
4791f7a9184f649e3bac1284c46c1cfca23b3fad9f1d9bf459b81eb4ddbad9bbf08777ed0bef0b02ec47d2c2277edd7603f2c3b49d53afb787c0a53fd6ea5586

Download Submit