1c471ce9572ee965619d1d3c5d0b8087a538b8042398a503d4315426ca41ea61

Analysis

max time kernel
120s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/09/2024, 10:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

60ffdaec409a808345932d5fdf5e1140N.exe
Size

160KB
MD5

60ffdaec409a808345932d5fdf5e1140
SHA1

4f61b9c5fca1956d683569974c244b519816e36f
SHA256

1c471ce9572ee965619d1d3c5d0b8087a538b8042398a503d4315426ca41ea61
SHA512

5ab31f12d9b15356e45b75b35791a65fe6727cfd219e55c52f33362f55a0759e545cb1422a8c636a9f8608dff58ddee5fa46466e4575ed0e7b32f0e8b9315455
SSDEEP

1536:W7ZNLpApCZrt8PWGoPWGANdN+hEwHwDvZvapBpYYpSZSh7ZNLpApCZrt8PWGoPW7:6NLWpCZIzjwHwmNLWpCZIzjwHwr

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4573) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
1984	Zombie.exe
5044	_Desktop.ini.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	60ffdaec409a808345932d5fdf5e1140N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	60ffdaec409a808345932d5fdf5e1140N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-pl.xrm-ms.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.DataSetExtensions.dll.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.FileVersionInfo.dll.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.Messages.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Client\msvcp140.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.PerformanceCounter.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Design.resources.dll.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-pl.xrm-ms.tmp	_Desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Default.dotx.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.SPClient.Interfaces.DLL.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\jfxswt.jar.tmp	_Desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-oob.xrm-ms.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jjs.exe.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Interceptor.tlb.tmp	_Desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-handle-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Primitives.resources.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.IO.Packaging.dll.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebProxy.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cldr.md.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\glib.md.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-phn.xrm-ms.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationClient.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\meta-index.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Ion Boardroom.thmx.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-80.png.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.Design.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.tmp	_Desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Requests.dll.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ul-oob.xrm-ms.tmp	_Desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG.HXS.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Controls.Ribbon.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\deploy\splash_11-lic.gif.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ppd.xrm-ms.tmp	_Desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-180.png.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\server\jvm.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Primitives.resources.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Aero2.dll.tmp	Zombie.exe
File created	C:\Program Files\Internet Explorer\es-ES\ieinstal.exe.mui.exe.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\splashscreen.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-pl.xrm-ms.tmp	_Desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-pl.xrm-ms.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationUI.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelTellMeOnnxModel.bin.tmp	_Desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.Pkcs.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_Desktop.ini.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	60ffdaec409a808345932d5fdf5e1140N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 1984	2016	60ffdaec409a808345932d5fdf5e1140N.exe	83
PID 2016 wrote to memory of 1984	2016	60ffdaec409a808345932d5fdf5e1140N.exe	83
PID 2016 wrote to memory of 1984	2016	60ffdaec409a808345932d5fdf5e1140N.exe	83
PID 2016 wrote to memory of 5044	2016	60ffdaec409a808345932d5fdf5e1140N.exe	84
PID 2016 wrote to memory of 5044	2016	60ffdaec409a808345932d5fdf5e1140N.exe	84
PID 2016 wrote to memory of 5044	2016	60ffdaec409a808345932d5fdf5e1140N.exe	84

C:\Users\Admin\AppData\Local\Temp\60ffdaec409a808345932d5fdf5e1140N.exe
"C:\Users\Admin\AppData\Local\Temp\60ffdaec409a808345932d5fdf5e1140N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:1984
- C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe
  "_Desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:5044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-355097885-2402257403-2971294179-1000\desktop.ini.exe

Filesize
80KB

MD5
63d34919fced218db691bf3920fd2f12

SHA1
ae5d2cac868f1e2c97820a092dc44e2e932e2d0e

SHA256
b4669bcb4eeb70d2407431d0490094d944afc748bed77eccb1c30d57288945de

SHA512
cc1a8f3c98bdc9d8534114faff87ec314879f2d12558586547a7b76b0a48526a274041ecd4516efff6d9dec881f48de974fee658cfea38d582d4fb3b829935d6

Download Submit
C:\$Recycle.Bin\S-1-5-21-355097885-2402257403-2971294179-1000\desktop.ini.exe.tmp

Filesize
160KB

MD5
5ad7f534a0ac3ff546c62e5ddcb30b03

SHA1
1faf856ed7a98f75413109a994353c6f6b867b07

SHA256
18142f0e37f4583dfa65f9e12681b066461a2b1c8d6457ced04caf180e70b59d

SHA512
5acf79cd8b2793ba3ab4f2d45dbad50a8c6d0623d6a5143cb8c4ce8df581a0a79cc727aa6f849a174a6fd40b4f5528cde3071c2f5f0880b3b11e17a5dbd60b70

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
192KB

MD5
4a1680ae4dffddf3b9dd348029920869

SHA1
92473f9b3714286f32dd83488d4c8ed48b8bb57d

SHA256
e9c4ea32d36eef4f1a3d3f93803efebb02c278a16a02c52b97f8f66c1174698a

SHA512
f89145de275d9b224deeabee100dbb294d1ffe763b12cff6954fed3f972223a67c7e2e70d0568f53c99602f99f93b8659ab29a048ab5137db224066eb1fad9eb

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.2MB

MD5
eb9136762f6cbf96b7088b8ab1d91805

SHA1
37d15cc1120b8164d7d2e0ac8097361d4e5748df

SHA256
6d89e1483b148622065eb71fae66cd4986f0599028d9304fd1310022a0b352a7

SHA512
6975c27abc1cc7131d5486d7cefff90ba34d23b9a8307be13d83ae8b9c6384317c07072066fae192243bfedcc958092c3ecd4bbc8426e6cf1d533dade9c34696

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
be6dac6a7e86e2799b94b946ef7e34a6

SHA1
5f3e0fdc798c321514d754629450118ea11d561e

SHA256
947f756a405c4439d24d8013ab37260656123fa740f698abf7eb3bfa9c91b317

SHA512
7074be55051d088448c4b7a3ec1469a966d6a214bcc03b5a7df857c5a5a943dc498dcc059a99f86d9a75f83b05dc84164abf474112e63728e709733c79c45043

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
624KB

MD5
8bc5962564b0f88489c45a5e89ba67cb

SHA1
d915abe59be45b0285b2da12eac6d0265ab73680

SHA256
c8449e21b164b0848a51a95e6cb5361bcd299e391510300969f553ae3c176ea0

SHA512
80e4d22cc60c2f841d7950399f94299191deef6ac3b36e474ab69eed1273326a0a3fb90f6f72c8bf173de7630f4f6e4ee64e92e659764aa307d7b5a0d02452fe

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
289KB

MD5
e8cd0533ae1b1831e71044cf6eba394f

SHA1
7ee2d43fca1adcd9690acc4bb335947795cb07a6

SHA256
deff137f36cc76bcbff527f069302ca5faae54ffdcaa07e1efe06680776d31da

SHA512
718aea105b6081b240cc8624f17c43e1e984cd7e8c469a15b06ba147fcbd2baec25288a8f456d2da773f144fd85ceb62813724a037056848edee80e7080c9a91

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
268KB

MD5
19d8e26980870a74326715e6e281da71

SHA1
41e7d59c7da5501ca2ca68dc7d5cd769e4c24ebf

SHA256
0fb2cc7b3f8e88a50a6a2116436d7d17cb0db0545ed037b5be2596d3fd94aa9c

SHA512
db64ad8dbd940482ecae54afec75f0d468e7b7890166707d9ac6f94f85d6af5eae63de5bbdc787b44a8884df8518da329ea316ee857073b90ad9adbec8710f4f

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
8KB

MD5
b70d64abed5a12100dcba4fead027392

SHA1
0db41829607b74bdeff914507fd6c1434f7f8455

SHA256
8273304bbffe3122f8b2b81ec8b93112057f7b0a0ea47684a7c850a9cb119b43

SHA512
cee26943b379eadfa3d00651c8721d4ea0998060377a6fe9ac277c2630e9c4054e97af0071ed498c178751046c49515e3dd6ecacd4e8dcb371e824b45494692a

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
764KB

MD5
641015ab64c8e5df05afda4450573a08

SHA1
2a7e9397471ff8517d57e6e072eb8b798937c1fa

SHA256
9297b44855375e30754a91f485f463414e563c5baf5411a4a9475d6759e2c440

SHA512
fd0b28caa724a8c70756e8996dc683a14d317fc145039c09b131a713f6c91263ee14520395866414a3af0e093ba2ac7ecf0a8147651e4c008d8c743b881806c6

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
89KB

MD5
8c25c35445f4145cd6a65aef5db304e1

SHA1
670b685b32942fcb73123e5fbace697e7def47ad

SHA256
b5da2cddaf94d2384ec5cf2001c634780c61199566ec9338c3c38db4370371c1

SHA512
02567032e03f67b8b0ba031223dcc3c239198e905116b6d161df9c6f49a7e220c8e2481df92420a84f72707dc28a9fee926322b4a85295a59ffcc7858d4e369f

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
92KB

MD5
d4802975144e1c03617c1f01587cd833

SHA1
1e3bb660f3d0f5fe526c70f73fe5c22735b08f2d

SHA256
b6cd5d577528cfb42cd37d035751050b8be650000594c9bcbe0e3a9014909abd

SHA512
c6a34486f7f53c44a890b37dd52b9b8884ea159927c6bfcb34ee98ab7e5353447cb8578549628c5b6120ea4c8d23af5dac93130d29dcc37153e4baa04c9e973a

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
89KB

MD5
c1c3fceca9ed67d2de23e71d180e4c72

SHA1
e1843c6f5293144ca80518fda623dbe351c1386d

SHA256
adcbb5d5f3c8ade1693ac395a1a02717ba6a9cac9465e51adee9ee19c3661d2d

SHA512
790a99d65223a925ddf558555433d12d4a0252bed0fae7615e4abe7f640780da08d212c040875707e62311185b526e3e8a46cccb696995f357f4d3195edb299c

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
91KB

MD5
4748e89dd44f2bcc95bb7eba27abe003

SHA1
9a727e28dd386d4d040f708a6dfa237342902e05

SHA256
d43d99b4d2dc94068702e73417166c550f1d44d19bb19b5e8506e062b2a372cf

SHA512
7d941460f2dd7699d8c47115cf5d8a94a74f9d3cb5d929b099df64a37528a40dda1fd4832222edce0d8ad4daa6ec1e1f37e0fa44018a30060b1113fd089ee475

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
91KB

MD5
cc55adb6618cb5f903e2d56a592eb352

SHA1
392460e5e9508ad1e1575e2c1a9ab43b600f608e

SHA256
724db2c7146fbddfdd7163d997c2a58371b8347251ace5193a2ca32340d691f7

SHA512
6e34d11976cdcc6597120d9d4492d825173567801268135062bb55c52a89af6b8bef935c7792f6275392abb2a396bb37f2ccd3a3e280cfaf0f0cf24dc79a58f3

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
93KB

MD5
93321359f26aefde83ded3d579c48c87

SHA1
e08d1cc4cb78fe396b2d6ce5b2003187b4023107

SHA256
1ca627864d4c91c7829a199823c32eda2d0e41585f5662de38af5aea9d01c9e9

SHA512
92abd4521180f2f9787e72b5f96cc614fe0e458a0b35a3ddd9e37f03a3fa850218f7d8fff3818c84a7b3e1ad7836267b39cbe41b373ba1d03c59446f8ce8fc61

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
95KB

MD5
6dcebbb2285545e1ded35c3b87582b38

SHA1
cf12e9aed7170a1ac10a3c5e5db2ffce4106554a

SHA256
4c5ba430635f9c9e90f8c0b3b170854373b668b3bee23a2889d94b8b3e2efc41

SHA512
f26f55bfc24f997a8316c576cb79f7547060474f221e97adc4566c4749b7174437afd0abfb985bea3ea8e339de52a2a83c1fa92ae5c72be538c6ef885884c7c1

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
85KB

MD5
f7814eb0fe76836f2dd09e51d15a2142

SHA1
9329791112e37678add71262777a12241431e823

SHA256
cd47ce8556d4b1a4290ccd10e2d7b7db278c0a9c53a472c05376b6af2888749d

SHA512
1b8b4695ac6b55147be65762fb8a7248e44b49ff9fdeaec755087f62c5f1ba6c699494ae23d464c177991353f3c6652782af892060aa8ce974dfc00c7aa4d4b9

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
89KB

MD5
ec50c79843ab2bb965057e34b7f7b7f0

SHA1
17701e31c8133008acc4dd6cefb47e4fb92591b1

SHA256
50224d4cb5ea130807294f522039247e319fcf77570ae116cdf81de84df46260

SHA512
e7889520e9127e727a34087f1975fe3f78c33e7acfcb7e0bdce681230cca93b24c4215a4545fab57f50d8c1fad7bd227714f7822c0e7ef6abef1820e869adbdc

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
85KB

MD5
db823f624ff43c9443f522a3152fe80c

SHA1
8f2a2a9400505b6d31f94876e9d3511852a00ee9

SHA256
cda45a559bc7966a929da8a3054fc07c9f94978fea79bc82f9eda7a884862858

SHA512
aa4db9c740f7b2ec8fc9e89013965e77504501abe1ffea360bce283aa9d5b718e5ec66dcd2329dc48b0aceafe2abed6588b0b538a12f8a3b62030d3301aaf1c8

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
88KB

MD5
16c33dbf0486b9361c5a8d74d5fe67fb

SHA1
0ea4a04903ab2ef79482598bec75a99bf32661f0

SHA256
74929614be92e4b9195134c50fe607f45538b502d043bc1a11c77d7953d7eac4

SHA512
3d38dba19308453c2faa0b2d5ae27522e2562d2b4e111ac4e0a58eeb70990ce496b9eaf370636a7aa35bd68e7f13748bbc25ede9ec1c79ca2b1678a992e0f87a

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
89KB

MD5
4d2dbe06c28579453e4df0c737ee9660

SHA1
0d4aabdd4f8d2ba2f78e260918a41d9af3464cbe

SHA256
388847780c96ca582e18aea0159ee235714b50edd019d9aa6679cd0471ff49c7

SHA512
7a1e366a363f5128d59f75c1b70dd237ddd42dba2216fbe0d8c9b9e393c6ac1a35d8945b02b73dd7177691e05db648bbaa3a5de0d86a468526bfd275aca3bf91

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
96KB

MD5
cd6f5beb405467297ac9099e9f4454ee

SHA1
41706949ebeea90b994378b194d91666b9f8f6e1

SHA256
350fef49c98d632e992e36e427ef5608772e8b431007b9dde7f32c29578941cd

SHA512
b1bc753f861656006cc77b32dfc9790385be618c71da6da9e625cb6a3928eaad1d79d0d302af55b544d823fbf4ea293a17356b83effb1c06c79cf1e0e502f38e

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
90KB

MD5
49ac5e07073988ca2fd6d5b0e536798d

SHA1
643c936f6ec8ee1e8f2060c6a0eaf74278a3e7f9

SHA256
801bd1a3c4189c2a75d9eda6c9bf809a84861a7ad76bc21cfdb85de7c9edb3f5

SHA512
3f92f78963413942c37d79c5c629fcfb5ecd6a32bbe0bfb28f65b247eee9d493fade62add9decfec92771e9efd429a9995fa5b68b89a7ecc9db46e60ac8c3b37

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
80KB

MD5
e6a93352b1352a88259437bbbbde2533

SHA1
d4952064f37cc537d14f406b1c76cae165ab13c3

SHA256
524b65d8c86f87e98031cd043c5c65124942fb996c3d523aed98140c9230e8bd

SHA512
e2360b18181ded36cae24c3d40de4328a63c5acab5f6b196156dc3fa378c35e610110cbde845a9c7d8071cda4eeb1e3bb6d503c144155f09d2e51cc5e3c834eb

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
87KB

MD5
93556fb6f81d8f53c6db6b613c98a665

SHA1
32a3bd09b67a6f7c4d7cdcf12efd02fc312d04ef

SHA256
e35a9fa72a8a3ced89ba3e8fbb7933301710c17441de481099dd4ce1ad64c5fd

SHA512
75c329342bbf015585d44e7d0d3b772f8fc9db416d2acc68521e90ea019fad0a6a6af89a736d65bd82d65d0a8cba1ff84873cf7c91167e7c2bafef4b36066ff6

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
93KB

MD5
a77bd26a89deb2abb42512b859df80e5

SHA1
10413a86b8a44544318a04601bc207c04465a2dc

SHA256
c8e171c23fba13db05f671a8c4de7b761e25b5c9e98f389b430c1a74970d215c

SHA512
d02bbc3c1289d2c5cb8f8d0d04806ef2e2df53c9b63bc7b0b7f806d19cee5ff57748176fde5cbc5d009fd22305f30851ce3939e216f8ba6642b443bd37311409

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
89KB

MD5
7c87eda0aba54e96ed639ec6573ecd82

SHA1
f17c788b956fd5c7a3e11c250088c865b4d7cab2

SHA256
bd7dcde417a98fb533afd73daee8956ea03bf3251e4f1244981a724eb5ce35d9

SHA512
1d58f3226e3eb8216a011df0baafefe73469141168fc7e3bc6e38d0411549e4b8fb1d3dce9ed672f4c6c8f6eaf58b17af188339e7391bad641b8ddc82adaa2e8

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
90KB

MD5
998c195cfb359c2bb4d6fe7e36ea3f9a

SHA1
c38a6a7969b1379b205f4ce3d75672b20eec6cab

SHA256
0d79af19050cfc886b98188bb020deb2f6b668e5bc9b7ef0e0fd1f82ee1b704a

SHA512
cc012eb4604902418dbbb0b2aae4b9ae13232f4cc2188f22e7d734c8799c121e4a358e00397c86c1f9c5a1a6de14a1e9d7977e9fd8dbb43906c3cb0a6c52f58e

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
87KB

MD5
663573a5eec7bcaa002ce0d57557056d

SHA1
a7e61f346614778b9c9ac7b5c6971413c530b602

SHA256
7fee2dda288af3b4ab5d9a8b4f8f84479593f3471bdb308432336cdaf5bd2c04

SHA512
632925d62c7400054a64bdbbca8b79f676d71f6b8fe0208e6cd76d880623ac5fb816471426d793e15b2a60ac84e93eec16f53d39e035719dc231424c9ba362bd

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
80KB

MD5
f8d1eb0b5e0f4dd7fb42c5d669c047ae

SHA1
32fabca0bcd284b186ab8ac03693b8dc6f10d4b6

SHA256
29870640331d5b62a2ae5bab0a9db1550a5d53381def2f54fea2ba662fef7198

SHA512
69eba4d82f1506542590750ea032f82a036e9fcc91c3639f5282c00ae88972762a84248d186ca644a13c6e235cce6518009c649b6d5622ac68f87b750966b7ad

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
80KB

MD5
581260d6e7799a4eb896b4002d1cca24

SHA1
304630a1e03e05d954b7e9203449939bf301569e

SHA256
042d2e7f1c465916bc991b5aea19b019935f8316fd973121d52562fec81209c0

SHA512
dd750771fa5d75e16e883ca43b406cb9e9a5fb120291547717434ddfa8ee86aa9c12be6b57bb61d35be42e63b794df632224b7a71ad68f5ff22c6a5f6cc0ac41

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
91KB

MD5
ee175229b5961795b62d3ecb56182960

SHA1
83b680df620baf2c8981928e6cf32e73ba03bd82

SHA256
32bdb73df9570b31cf72d233707c84c0b9a075cf5859b7a54a1959af3c39bfec

SHA512
9b8f406aa5b98ece5170a9111d1981f2b3602ac1c4c785e8a89ef32be392979e0a92a0c015a755482ff5984002545c1037a472500032306c07cd21d2458ddbdf

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
88KB

MD5
dcd31e29a0725d535b369d4941532efd

SHA1
f4f07bbb5922b338381c3554e33aa6a83fdb813c

SHA256
39d7c004e3b7dcbaf5f038347d75d0f7e78514ced5fda86e7fee987180047bc4

SHA512
bf8d393a784a31c18d20b62ce5f265c36c3a099deae52b0da4a69db7d74b4a2b8a26acca31ff5245cdc4ea0bd5da3c0f949b2167830bd7eeaf4c7c13c904b6e7

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
89KB

MD5
a66f0c818d6df6ac361d716b58bd04b8

SHA1
98011a6ffb42fb3d843ea10f9a6b428039655606

SHA256
e32e06fd4f6543c89da751cf364170d82aba21bc09b6646208b931b12da01d33

SHA512
e49e91c4cdd0a953bf85d1bbfc84dc562818ca0d21c51b7b5d6aad795024e309e18452e721cc103ac7219f48990a7d020e731fb4263c0138313a94787b825041

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
93KB

MD5
b32e8568cf5e832c2197e3fc30302d63

SHA1
65b89b45f4079b70e0bc8a6f52485cce7ad34ae0

SHA256
f446c73afecc5755ff7d31190bcf5c4c133f65c5ee15401e35e9483bd9a56e27

SHA512
9116834e667d16b827495e4f3890e82776347cda64e0d95c37a0ce54a5fd6efb282fb5f48c83e66e26ef4c2e033160dfc0d168f50cfeb6a7edbf8214ce54cc1c

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
80KB

MD5
e6848150efc19e384e22c77f698579c0

SHA1
88036822a142e4f1bcc02d664a3335381067ab7d

SHA256
72a9ad9f41ec2fea5222952418b2d0c875bb972e225efdea95a6a98dbf1dc135

SHA512
b6d6fdb730ed99c483ded09a01410f92c6558457cccb31cb84d84c291332d0b5ef983c4454b308ad41d3c88412ed48993b14243ae55465976f71f3fe7becc3d3

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
90KB

MD5
5a7f83b26203da1b78121dc871d4ebb3

SHA1
da682990cc0735d6ceb2d764e9d7e641f7c34cf6

SHA256
72b99349225cb4958afd7ad7f0c21ede3c1282c226b6115a400ce27632b768ea

SHA512
bfe7d1204ae27449e88535cc250108a64810e8e4c0f99020f11dfb6c4929dafdb8279cafbc2dd69c2d92980f34c757a70fa0b12805d1e14b1b74d2407f417040

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
88KB

MD5
1dd4d6c2731b3b0613a39e2034e10530

SHA1
e768ceb66d4c7e1bdba6a16aaea8a8d878cd0a75

SHA256
bc4bcba2d7e668aa3d060c4988e6bd360a2d11a8ee80154096f52e436cfb4111

SHA512
12dc89d9fd836017150a3eeb398f06a6e65ebeb184247f77c49beb1fdb9bca75dd4b6c0a24dacfc6356edcc59622c38d015af553d7d109ee4f649304426ede9a

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
88KB

MD5
cb64d72a6232bb6469074f25fc52d170

SHA1
471b15e7c9092b0177d25f1d93a1f59f349cda05

SHA256
988865e9bda7dea60454ff139b93ecab5ca2d2e2915e829e10f3e075cf49ee62

SHA512
76c112e3e5eb6211f77e4f6c96c3cd835f1c020c837f92e93785a4413490fc7ca9b6c9a920b0aa1dd7ab2882de1617011eacbff36b5aa7ef52bc718e2d8e856d

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
90KB

MD5
501d23d75f5becce0c825c75be54b728

SHA1
99edc71bc8295370aa003e63bae8d73b29ed8297

SHA256
cad19df8bb56ce9d57d9da268444262df49fdb22fbd2b24e37205dcebc7f8046

SHA512
5190c9504fd3d5365e1820cbdb2423978cd17314cec46d02f5f3bff5487c1ea592d65c824efcc78924df2f8239199229cf13beb18a90d757b7e4fa0184d366b8

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
80KB

MD5
79139758d32bf8af0412fe218bc4f4fc

SHA1
4471b7e6a5fe849d8b37c41a4114dda22e014936

SHA256
882c125f16ef36468b64aa5088de82e17295f70b5cfc1a4e5c6667182bae8687

SHA512
5b20662634de7ba0f07041e3e784a32c91a43537fb8efedfd6d437f1608134f052e0dfbde48d659533f01b90421ec9f262e506c02c71f2192d538605c4f25068

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
92KB

MD5
130d284fb1f3748a66b36c17fc8f289a

SHA1
97a3a7110374e374b24702217830caf9ffe1dda5

SHA256
1dbe83d22c712b24c4d189bda4567252c4316cc5ecffa2d83913a4dad13d8747

SHA512
47b7d0e48433ef22a348f6ece4b0b94857ac3da66aa97ab3c1e0d62f531086079088ff183effb1e4ee613d423fa6853ffea611f92134bc1a5f5d1e7478f64fc6

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
85KB

MD5
7fb61ee3b5bf576485368a1ed87d4d2c

SHA1
189b293c08adff5c6ff673fdf4aada9b0eebb088

SHA256
7758dde2a2a766e22a4e19602d9c810e87b0b8aa877d7481a7f984cd862c34e0

SHA512
f5c46e5fc0a3e16c687565005e8f87feaaf949fa33f1970b63790b630bccf15ed5b731c3c5a995380086861d2332fed4ce6cd367e7eb6d33a6129785df663a1d

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
88KB

MD5
ad54e5a1760fb77970b9690c0ec2e3db

SHA1
ffecfa0f6422b1908752b4ce94ab8785d6c280b1

SHA256
610cf7934834960190c7792e72bc7ac132b0b22c7ea94e633a0e5bd18392d76d

SHA512
36089bbd6275a7aa4e5a821644c200f6caf4a1f1ed69a08d81acbaf9b4003ca9fdb6a04e56b02e5ba7d94669d8aac3e5b0ebd0f4a897b19b1d0dd3d98b76a976

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
88KB

MD5
f1bdf0a569488f5db98bd2b20267bef3

SHA1
9c1ea201d5004c56a3c65fff1bc31da99ea3bcf3

SHA256
2d56b87269725fbcbfe840a04c6e5f43c8518c1a0fac43d3633d57b71231cbf5

SHA512
077050ee7485ab1d883303b6a5ccbb12e1242a40e3bae55dec55e7847da4efcd5f9af46984ca3356195435342a6d74e62f3960806a0d9511c5b7f29152d10338

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
99KB

MD5
079972a507d725f49cf590c286bdf934

SHA1
aba30f70484a76bb0750b486ae88aae322d3f7c0

SHA256
89b747d01125e1a43d4b130b2310373241a71cfd5b2bedaf4dd2db539b6ec1a5

SHA512
bfc6e861dc89e9c8db8f30a6a8dcbd9359c741c093bdd8aab1a3e928580f4e8b374b246cd254c12b714a4d56185eea13c63e1b87a7a7b370e2aa58f29cdc00f7

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
101KB

MD5
75595ca7b5676f4b82f2666d61f9bad0

SHA1
989a4ba435916263702beb55e014bd63c3dc5d1b

SHA256
4b96512f7b18a96c810c47433de5c70979326bb26085a8080b598b992f1a96a9

SHA512
a6b7848dcf8c18275d7de5f93266ba51c1ba814325ee79118aabaed53fa6274dc16dcb428a4913110a39aae7266d183de784e8b115e1f3fd397d228757a4cc79

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
85KB

MD5
f17936a395b309153a49c2b2e40e4fd2

SHA1
071393c0bd3417fdab403458a3017ede6a9d4221

SHA256
f446f37799e4fddb870c3e15d426a1a436f0be4573ba8a4d88d3647a53d4193a

SHA512
f43b346dd75335ea15d5d8172c4baab5c6c672a11d8f455eede24480997020dbef9553805aacd21b806e7fb0322e2ce4dcd6f4c7db42e23c600ba6c5bf5f7fd1

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
93KB

MD5
97aaa44fed5756cd898b03b85d5612d9

SHA1
7c9fc9ce08de868a8c6b7b4a3eb990f45c60542b

SHA256
d324b21d5f86bb8d92048500285cb2bb9cdd3cf64a18d3bfb93fcd46d2a59200

SHA512
181ce5f4f6d29d4d1778100c6c1b012ae0d2798b97ee447d2b3bcea943fca55d7d1159be14e3152ac412c2b8c76ea6d9229d622a4d329d26016f4a4c959031e0

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
89KB

MD5
c595b0aa63daf88aa96a9863ad58a2c8

SHA1
9d2f28c6670161597a846e08a0a5ba4b52f65e0a

SHA256
b6ceef3712b802b905c07054f3902856bec4e55c76453dcbc3ee841524a9410a

SHA512
9262e5b57743c904ae6e80af7b186f70a5794d20748caa913cdac201747e8236e659246dd9ac45d4b7dabf820bf8b612730aa4b62c0cc33c883b9655b12ac54f

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
85KB

MD5
4fcf5da845bb6e3fba01133933183129

SHA1
a7057bd8580eef57da36033444273530607885dc

SHA256
42754b81543049e6143eb0b25943ded288233ab5f5ea7a484f352eeae30a2746

SHA512
ecdd734eecfd4bf4fecaad692cb93e0617e7f85172ae456541162700196d02af59c6bb717bc57204236d6813596dfda3e0f360fcd9ea458417ac19c6ee12cde5

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt.tmp

Filesize
89KB

MD5
1d0aa681ea0f3b85221102fca70dd0a3

SHA1
ad7f4cdd96b661ee8986f4d8c801e902f88c9f9a

SHA256
e9553002848d9f6c3a67a3368fbcbaba514d4d15366716c8d9445117e312d132

SHA512
505b323f954aaefc8b818bc4a06bf8f2c5e6aa6a69372d062e99f8aee958420ba836991eb75d4c327320426043bfbfa19035f7d4a4222a9dbe4d5fd434668d52

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
81KB

MD5
31add5f093606a6161ec4ff1f4f21e18

SHA1
a978945f8ce7e96716e9787ffb3daea3f2a949e6

SHA256
50ea80a16bc07314363ed86837f1dd4854691249de66703952963058231870d3

SHA512
4999443241c8ec410d647b5ba47d9903f76fd1e9e1380d9339fd95066d4481aad19f4db32c44160cb36a3bf4091d7009ce4dedd266bb235b2ab01006b50c38a4

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul.xrm-ms.tmp

Filesize
89KB

MD5
8be8dc509966ee3172d95f8f39a86874

SHA1
ed3f09e39f970ee3970d7c1834a2de4e683c1c5e

SHA256
3585c3a32f8cc267efbdfe16adfa28a846ee7a2971f3aed631f3a150d1f90738

SHA512
9a13e762b8dc6b8e4520e2dc447a8efe782d74f04f49728f8f2d63afb6032ff58f6f0547978635fa126db462a5275fb7bff37a7c689819b9c2e0a2ec844741d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe

Filesize
80KB

MD5
450cc4b6d8ca03746b3d3670a9caa738

SHA1
17a961a460f8d3c5c6be441cddc6ab110ee24c0c

SHA256
df61d04e192d48aaec60e3c8a688712b6f3bfd410cf90c8cb3b8e4c7258d66e8

SHA512
5f9ff1c75d1d2c808373ab3470641845e44b7df5f2d1945058ddd5a0cc25f9464b27724e6cc76857cdafda139192cee113efe74c895a7085e745913002e370c7

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
79KB

MD5
8dbe7a12908c47d568fe0dc9fe62c479

SHA1
093508f4264f5bf21c9dcf685465e444c7f14046

SHA256
7684e693b157a1f44c893a533b37bc1c331c6acf2bd6135773d5cdd445de61c4

SHA512
77db574778ffcfec0e71f8b26ee5a8d9663e3e32f9344be81cf1f2a8e3cf24d2ce6a00f2eca2fb30306cdcad7a5c1409f8206994d553040ff8d6bf9d80bb61bd

Download Submit