f68dc2f924151bd52da148b3ac91b78d6ced5665253557431aebbf248d6b0da1

Analysis

max time kernel
120s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/09/2024, 12:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9ef28d19e1b6ae90fec52cee7a9aefb0N.exe
Size

95KB
MD5

9ef28d19e1b6ae90fec52cee7a9aefb0
SHA1

34186e68b282eb396a36ea0384f63625846ae1cc
SHA256

f68dc2f924151bd52da148b3ac91b78d6ced5665253557431aebbf248d6b0da1
SHA512

091c073945b8469e8acefe85db891a0d6e29b410fcbd2343504184db6393fd954ebaeaabaf83c7852344094cf191528c80c76e2c5d3841262a8812b9b80864e9
SSDEEP

1536:W7ZppApBULcfpHLcfpyDA6swXwA7ZppApBULcfpHLcfpyDA6swXwsWx:6pWpBwchcwD8wXwApWpBwchcwD8wXwT

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4785) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
4284	_desktop.ini.exe
3144	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	9ef28d19e1b6ae90fec52cee7a9aefb0N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	9ef28d19e1b6ae90fec52cee7a9aefb0N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationUI.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationFramework.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART6.BDR.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\msipc.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Input.Manipulations.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\WindowsBase.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.PerformanceCounter.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-pl.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-pl.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.Local.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsBase.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\bin\jjs.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\TrebuchetMs.xml.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\3082\MSO.ACL.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Primitives.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-140.png.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-80.png.exe.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.Local.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Calendars.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationUI.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Xaml.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Ping.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\CT_ROOTS.XML.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.DataSetExtensions.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClient.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationCore.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Xaml.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_WHATSNEW.XML.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9ef28d19e1b6ae90fec52cee7a9aefb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_desktop.ini.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 748 wrote to memory of 3144	748	9ef28d19e1b6ae90fec52cee7a9aefb0N.exe	91
PID 748 wrote to memory of 3144	748	9ef28d19e1b6ae90fec52cee7a9aefb0N.exe	91
PID 748 wrote to memory of 3144	748	9ef28d19e1b6ae90fec52cee7a9aefb0N.exe	91
PID 748 wrote to memory of 4284	748	9ef28d19e1b6ae90fec52cee7a9aefb0N.exe	90
PID 748 wrote to memory of 4284	748	9ef28d19e1b6ae90fec52cee7a9aefb0N.exe	90
PID 748 wrote to memory of 4284	748	9ef28d19e1b6ae90fec52cee7a9aefb0N.exe	90

C:\Users\Admin\AppData\Local\Temp\9ef28d19e1b6ae90fec52cee7a9aefb0N.exe
"C:\Users\Admin\AppData\Local\Temp\9ef28d19e1b6ae90fec52cee7a9aefb0N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:748
- C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
  "_desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4284
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4156,i,9445584274764997943,12714240264001792460,262144 --variations-seed-version --mojo-platform-channel-handle=4032 /prefetch:8
1⤵
PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2170637797-568393320-3232933035-1000\desktop.ini.exe.tmp

Filesize
95KB

MD5
bdcf56691efee3486dcfc4186dee6e16

SHA1
ace809a5f6c2e5e1adbdddb537070dad58bed10f

SHA256
0cafe5553e5381ee3b80773bd57aaf947f0413b6dbd552a3421c529042951123

SHA512
7ea804d903abadaa947e2d0b117d02ae8e281905ff85c1d805df63997604e2e80d64a4f54e3d8202a12f153732815c0159e43acc95c38e608d8c3ce1c3bdffb7

Download Submit
C:\$Recycle.Bin\S-1-5-21-2170637797-568393320-3232933035-1000\desktop.ini.tmp

Filesize
45KB

MD5
328ef60b70ece4da14b2e02ed4a7dc7f

SHA1
6ead770b35a095db6ffc2e13d4b81ea26963db4f

SHA256
f0d7927506c6ac5a797d1f268bea5e837260af6a1a0936da16aea52144888f05

SHA512
84d5070a683405675a5d4493273f800da9351cd1f095b0d51b92787fc4034bc6c503fde13dc3d96a72e99336518297dc59ba1ba0fcb0b82df9b3de5c9a4f234d

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
157KB

MD5
29c66a98cda5dc0703626b510d8bd241

SHA1
0445896d420665eae61ac71637afe97a1cba0a7f

SHA256
9e4e51e90774733459067a997b4b7f58848be64d092058194c5b0090f70246a9

SHA512
50091b68ca89971c38b842c6e475ca1b5f240ae5105a7610cd53c0e2f1e3503342ec8d3afc1eeca81659a09a7ec163399dc9dab03a03a32bc4d5f32b4d83ed5d

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
2c2d4368585ad70c38141c0ee0bd5043

SHA1
b41b8e9476034cb7ee2a8034cda7bde74dc110f7

SHA256
5fa372826dfdde64594123367b7c5a64727a107c03a52312ceee81a7303bfe2d

SHA512
9fab7880afe1d476532d80371cb9df16130aed7c71483d4bf240ff997b711138d8787b22502b0a24284c8d3010f511998dd727171880016754e6131d62ae0aa2

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
594KB

MD5
f7dcd8c55bc451890d87bf67069e39cc

SHA1
76a0afdb3276915b9ceadc39988fcccae877cbc3

SHA256
8ebeec63f19ca27ffe863a3927e9e500c2ad648e176f0faf52ab1edcf6ab9e3b

SHA512
d264ffc5b36620e75c2ed38536516703ec1df310930fd8785c10f73c0b62261d58bdb605fc428349312dc7e7f842bfb94017ec0e911781366b16ada8996545d5

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
260KB

MD5
ccd6d3f61c4042c9b950e6093880ae9b

SHA1
5a0ad92f20a43fbc7fdf8e2b34f5b2f124060a8c

SHA256
0540257ec4494767113a58298eec248149d2bf989b737a8616cf43c18259aea7

SHA512
8a62a5c0838f30e972556765c9c7d907c646d55a460ab128fb9c65e28185f684de4e2b43c5d007a60e4dd1fd57a8da337a85f7b4425ed8dd0f175248ecd33c1c

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
239KB

MD5
348a17334020ce47d84b16b5b6808eeb

SHA1
ac8da2b8199ff72d32a2db60a38b8af48d778c7c

SHA256
18b798a673b132529e7930cbab81334914a128cd3cc9f138d701e38413c328a6

SHA512
fe53c58c9898cd13c7f70b99f0e66ed2f6903838b3c35dc8101b2b186f30f733f7df9a75ae6cf32af9d56709b0a84779b4a8f523294b1532bfb36dced4b01744

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
981KB

MD5
0d7fbd73afe4baadeacb055c7ba52079

SHA1
d26ede833ea43afca90e751eb994dc0a373ceac1

SHA256
974cb96092bca957ee58cfe42b17ee5b80182d21d7fda3b864f260a6c797041b

SHA512
4cc64bbe8820f1f35f31ec026a3d723fd9a9bf4702918638503b9e28356ef892a88b68b61ac2b326e8be712662ecd743d8e11fdf5be1f2b35adddf1764384b7f

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
734KB

MD5
91f50afb57fbaadd45bc6bf3ce2513b4

SHA1
461051cc0431363c568ea1dbf4e3440665a1f4b7

SHA256
53f03203eedb0ffb83fc604cd198b1138801fcd7f487f941083cfaedba306621

SHA512
941a9142efb0123bcb6e443f9fcca5f018ee12bb8e573b73c44be451fd8f67d478afa6bb2e358ef1288e6758015068110687279b9a52400d0827e793f8adb60e

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.exe

Filesize
54KB

MD5
fe932191ec5db5501d89e924393d6cff

SHA1
d75015934266e9ab1cdc688b0a8a87e28aa9b046

SHA256
3729ac1279e3d65f721778a83cff0f4d8a040f1c053bee6e5dc6227682a47631

SHA512
bab25cd52274f6caf34f19ef36aab3249ad5ca6629d534b9edc8e543d26a86f08e4ca4161115981d4708e359e4615271b8466473c2e98a631ee62ef83ce6f0af

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
62KB

MD5
17d0d67a6b69e872301a32e6be11dbcb

SHA1
62055f83fdc135bbd4c37e985549ef24b4fb0718

SHA256
7c2fa35e056f6adac2882067bdbaf9575cb643612c10e2664c235f8639580709

SHA512
abb8f8a73a8f1db678561a12d0c4ceeb500b8153e5b03e4fce0c2a11e9e51b13ba324fe197f2d63016e0cbd99a6f362454c2370ef18cb76282679e8398e3161b

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
63KB

MD5
83b24e50aa9feba4d754f077c3c57ada

SHA1
8be1e23c8967784339c531367d3a3aa9e70f0d7b

SHA256
59361eb826b649efb20e3f134c8f16f2dd5470ed0d975dfe9a0cb418beba7d0a

SHA512
d8fb636087aec6e7255b2ab42c1b8724a8d9ecbf703fe16a9481e9af036bf0ca4c973500da40784ff3943247fe0bff192381882d003bbe91e10286475ee69cc8

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
65KB

MD5
a77678c189fa88d4da8674a39b65468f

SHA1
e20c9f308364eab966732550dbaa5ccc4c9eafef

SHA256
6249c3a821c784abe11a7e43bd18ab4b10f6e730ecdb87b20003fa5f6cde525b

SHA512
5c413d5bcefeb89d57726581d4a7ce3f81b9761be26a4e0ff15c18046b49e9905fc21017e5cbee87fabc801f772837982a8ab57d6bb8d776872cae7486396275

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
55KB

MD5
8c9a1c82204424419b9d65c15edd7b6a

SHA1
acf857e3ccf60234cf99ef2d826c7ac92b08107b

SHA256
1b24c99ad134d61525ca7fe350d13910b7a6759046d487bc8f9398fa0d02c005

SHA512
f0831b8297f423dfdd43d192bd4732f4a6f8e2ac86eab0ed78d07433c35950cdbea481e526da0744d1bf5bcea153c6cad4ae038ffb10a0b5fd9384cd421f3375

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
58KB

MD5
15b09c2ecb54d62120930097aac99bf4

SHA1
1ddd77a2f03f3fb25daeafa89fd04e33951766e4

SHA256
4356714acab0d8e33e949b6c568cfd53f592e0a9d52ff07f4c2e11878b302dd9

SHA512
838f5eab414aad8a7e1f09c9f3ece921ac0b4e2814f574acf06aeb4d63f914c0e87ba046844d8d2f451d83903a00892574fbddc72fe9b541e6e6ab00266e87e7

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
59KB

MD5
1fd718cefaf453b38c929a041180768e

SHA1
c680e5819bce0483ef9f44448f5577eb04eace5c

SHA256
09092acd3c6cca2cb269536a75aac748f48658b82951a8d558fcedaa6cbd2951

SHA512
b1ca9eb5172f1f30a06494d74a473246ea0c39c8eff20c9239db2ed732357b7893dee061c4805792c7f91a4a09b86f8b921e450b596e12b83b1ca9eed3c9daab

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
67KB

MD5
02c76c41a4ddf3ba16ccf342f6d983c4

SHA1
2f7be5000bebd0e7b551980cf2455b445f60bc8e

SHA256
a45e231253682e85a79136b0f8c9949aa79a94f723d6985f161dbe5da2c3bf4e

SHA512
7e6ea36dd3d07b38c25e10048ffe78cc7c101ee08aef4204c3340d83658affd71422000a002496a615da3f32486edc68a5e08529e80d2086e0f968323106ca5e

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
55KB

MD5
2dbd5a543d348d75b3e7c0bc1e6f4d74

SHA1
f4cea3e890d3cd91d69e6943c6999edd50908a59

SHA256
008de99773dbef484b0fafa98fa70678b55eb3bbc873d98645604d5b38873b83

SHA512
c57d177057ee9b62666cf7972890945153b3cf6232746e0f950de36e5dacb6cfb3d2affd174a1fa495df23b58531bbd6d1386c3d683930e2e0a4cdfe674315fb

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
60KB

MD5
25c1919b73e7a4be5bec8198f642ffd3

SHA1
fb94c6cfb30a63f3d06797b1781155e721586052

SHA256
13cc57417ae548a22339af51b162c6d010fd8a427453e6cc4f321a2f4490a163

SHA512
4bc928ebcaf6bc5a1aa67a847d0db8f4477c153267b74a755917a1755a2157d606a8cdc973ad0b7d35c74f3964b3aa58c526a4e1cc26b64ec1d3c0e2e55fd1d4

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
51KB

MD5
c1973caad5ea92f5e8083165ea1d4d96

SHA1
1685a6c0915c5045ec67bd96d52c11d7c0e0aa47

SHA256
cf52a3ba5ec9798480a65067fc5dd0ec28578395bbd5a30e5e01742e16366690

SHA512
e963561c7c0b3888dc8530595e3bdd13ffd5bf0cfffefa8c9618d65f8392bb0ae7b0c484cc3f93f7b194b7f3373de75875df8266ef32426c56091a0b95a3f615

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
53KB

MD5
23afc895218dea73de070e1dd69a9794

SHA1
5097cfbb1c2a314f7f18fe2ad5910a9f8dbb4dca

SHA256
15e8c7f035b2eab7b4c6e13060b00677bf9a26c42f665db0d8863b04ba12aa76

SHA512
7ebe137ac7ad6166e15bdb7f3983ad19f0d53b6e3a0337acc9daf8f4173d8b2bc14591d76d1ad8420cddc51064b1d08dd22e328694995f8a3289d3dcb8c98ecd

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
50KB

MD5
2ad6cecad46a8b7655d89d594596f3fd

SHA1
87166ab6c79ca7f1e26dac6f5ec3b0f61c86a642

SHA256
538d60fa0b152d7b96d0e36f9302d49e53aa54c04e7a32a0c03693b7aadf19e0

SHA512
be388e4eac2046fcd76e3ca2c81d50525e4e6a31673a95f62b0464e240c8e20a0ad42e72ca921fd671c7868942eb9d1e5b9a49897c235ce0a2a6df6700baf436

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
50KB

MD5
3e67a8f2710dae6909102904ee2eca52

SHA1
45b07de77c8904d0deabf2beaaeae85a4fece01e

SHA256
d6d3c2736b5513d75910f1d574a26a528bbae5a75a4049765d460b2ec00501f6

SHA512
027b14cad3ee7d79d431627a86a5ae8fc509df37580cc681e575972b3796bebddf780c72d789999a98d65d0bd46297c894e4c622b441ddaa68fe5d514fdc8c0b

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
57KB

MD5
3559eee9127925537b08f74b5fbe602e

SHA1
9dce492d3322370d664fdbd136b1fa129e9af574

SHA256
a3de49b561515bfff84730bec6de7668b2e371489ca6524818dac123a728026a

SHA512
41fae6aef0f45dcf9011c265ddaa54547f560d3b612831011d482c01c724bd6d416f1b1f7e9614065d3c6e9b9bae611feb1472a5688eccdd5fa2179e6f2c4d76

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
53KB

MD5
1eb933d4f252ae333c1e6fbf627c6374

SHA1
3f6097dded30ff8f93a8999f40f8178704cde7b0

SHA256
03b4affff834903e0b6ec6b2035d603a366e076c368662756531793da477d723

SHA512
53de3476d365ebe611db754be4008b20e05f5e9448e2bd57dbc5e31365d52aab1b34dcc98dd2eb62589785e23b774406ec2abd04c71420c13108fee967a1ed5f

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
54KB

MD5
a8587d33997fc8c5fc364a4ec04679c6

SHA1
6a74cc3b4d35fa26d268456cdf155d262ae47798

SHA256
7159dbec70df65fce83dd4a239876495304c6843341ff181759bf71deb524c45

SHA512
0812ffcd837d343830f28ccd2c573d315fa3756a04d7f20b9c33e30a27220baf0bbacd8b91c2300dcb96fa2d53a81e7eaaf52694d90f906603021e249ecf79a3

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
67KB

MD5
1600d8e406cbc5aa3079810809b3623a

SHA1
0f2f3d819618eb7a27222612d87b1d883e8eda77

SHA256
7783d274bc2c2df128be93794c2f4f628a3ca5cbb2b7a71609e5624cda27b35c

SHA512
ef142f132677b8c6f64db3bcda8ef8ef01fad9e45d23f0e34d749ed0a3dd03cbc60caca6f6be6ffa6f573e62d497e2a7f805f62ab522cfbc468c77286836d9d8

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
56KB

MD5
b7acb456f3b04b5745d2ba43b24fa2da

SHA1
053a32064d42cc4065e52528ceb6c799df80cc1b

SHA256
d47444f166b3e67db624edd43077c459c4f938909a227b3aaabf9e9e4d276504

SHA512
1c148ac650b01a2f3a89c30a26e4e57c859f6e959bc6c68de8a279e272d1b85f802dcad7351a812fb8cb213d79ea01da08dc349f9e79e8c8449267b7cd64814f

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
62KB

MD5
5abfdb151cac23ef826230b2bb006b8d

SHA1
534954139607cbe7b2f5c60126107915a660ded0

SHA256
e3f4105062f13564f28cd59a7f1fa21e2f0179d6df840413499ce2e9a82e62da

SHA512
2dcd9d0b8675d4d8cdac456e68d2b734bb99343480042f02891e73af09ea6ec3e3c552fde46dd34c75e2abe3f48ce8eb091d34de41b73aae5606c036a43b12be

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
53KB

MD5
d228597109d79f3c80f36bc1dc7c7b85

SHA1
5b79d0e38df190920a5a6d4fed28d9e486dba4fe

SHA256
498e94a5a44385648c178c51e24e7da9a32c12e0e46fc1f5733998786e7259fa

SHA512
5fdbcd6d87207efc397b0ec62a8d5266da48883eb97a37df7e9cab0f3a3c8a4802f1531ece5e582c829e815f172afa37322bfb910b995c10db9ce992526d23d6

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
55KB

MD5
f929d7a8056e5eac336150387d25d3a8

SHA1
e97837facf14d5d8678d9a3aa5b621df147cf6d4

SHA256
7e0de617a94cbf8b72ed22f8625bfc8732a35d8e634f816bb1e6209e6a567f33

SHA512
7cc4409f2b1eb0b3af6234af0d7e43489e4deb54b8aa8ba5982b9f54ce3ab55ff1989c8477ac91b30f7d6a8cedd98712e346e2d03f33e78986b48581f77ef41d

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
58KB

MD5
bd11b1f60d1f1afd50536a7bc5287c3d

SHA1
85dbbfe587cc3b600b85d086318726b55e229fec

SHA256
19ac63f7fcc8011f23fb78d2025e11b3e923f30c421bf7ac225361feef2c3c3b

SHA512
4e81d9c68029f653460ef5a2a96fc0416556b9b670f7e2c389a59515770d9dfbb392f9d0e80aefe388e6bab9200c3612e75ab97480e7f16bf56ee667edac5d37

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
59KB

MD5
47a1cf60fc0befc308e081be980eaa5e

SHA1
251208a0d0f0257eaa1cee437beff5ac4623b329

SHA256
4e5aaf74d7f55f33e9c4e873f7018c3c1fdae262f7582fef60ee588126ce2a77

SHA512
24256c2bb5288d6582bdbb2b8bb2a212d9f2959b3917bfb060ae27c1bfe504030dd4533e63c7567e381440cce26df6bcce08d66ef1372eed18803d9de5cfba84

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
54KB

MD5
a0653d2fdc4c01ac88d067045d8d57db

SHA1
b2a50c0e93e73d0df02e31b84ba58f57ae0ce9ca

SHA256
f40801487812a850b21eb7623da453cdb00e49641b10f36f5119c92110462bc2

SHA512
83c5f130d33d3c295ed05291aa06b1c41f6f1a8fd05ae6af00addd7e312fa5389fda6e855ee3d298aef73927e9be2632749c119d963200dd8d91e31c196273a1

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
54KB

MD5
34446e7e8c7740e1b0a24f04b3244cec

SHA1
4d31ed57a3a0b25dc5395a1e4a87ea772ad3fc16

SHA256
42300faefe0c6a531515f1ad1a3574ce04dc0504f71f4ee966fc33ff50c93e93

SHA512
fcd86a15985eb05674992d8f652dc74d0b182eca3931549ca07a12b77e6d7de8d544a4cf94a612749ab529eee56a3f8f2980e750a804e7bc631b19a3ea7e7513

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
57KB

MD5
4d83dd7af0d4a9910912a0d74396382e

SHA1
d1fb14a5bc62ba910472936a4f542500eca856df

SHA256
edb9d5c554cfdf32d22d48e3258c280a2cfeda47042da0466f1670f498d6b983

SHA512
c9f3021564d0e03be97bdb87e55785012baa621040d9750462608a97cf1d73ed20d1f4a280f16df7a68b2b5e5dcede66cb44a8a602f2f8de40d7a81492da8e5d

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
62KB

MD5
9f41ac0eca1b48d412aa8889f21e9349

SHA1
0b890630272e90045ce7fb32310a4d5d47e55b8f

SHA256
dcba955d9bd0871779ada069850e41e2b364119ca3cdc68cc7ab2ac5c75d9a72

SHA512
f0b71c657ceed6ecf3690deed422167c1e83cede3f6d113298342fc0c2a5e49d39d1c6b857d6159066385c45fc8b52f0eea4c2dcc999d375efc9f5a553da0c8a

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
53KB

MD5
e059a28dde79eae1a798fc52abbf195e

SHA1
d00b5af1df1ce902be045a2f83b1d11073e693c3

SHA256
62ec008dc19ab216396cafc857a43a186f6001313d2040c43952e4e052ec70b5

SHA512
187869167e234b0bc6cd660df415a5bb4fa35a45f2522ffb7807043fcb75346e7144bae2ee261b1591408e303cfe8fa0ebb9b4fd1dd8a3440d565c0cfb47860d

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
48KB

MD5
1c196a7ea96cc6f92fe51cd5c49f9b97

SHA1
bb05f1af6d7cb97b73697592d5ffe4a98183851b

SHA256
8b2906cced68312246823011bb267e9663838d5d5a0e208cfbccfd4f0d8deb78

SHA512
e601dafe963ecee4f5782b41e131b4a5917d72ec35fbda39ae96b472a4cef170616bef027c47879f837248da3600396b1ee63a1e39ef832f97bcf7a08c0cac7e

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
62KB

MD5
8904b20e6f8aac99ce2097bb8c553604

SHA1
0e650ceb13d1d7e38ab1d35162d592ef74753e5c

SHA256
1f7b61f66b6c2d010709d83a6b44383e378c9b544a8575a8116265f7efe44dc8

SHA512
2620f53f02fbd9dbe1149119ee4520ee302fbf5f6b6b1115d860e0b1c6475f298515820c971f8fc1292ffa97c97b7bcccea04b07bd2b1473781198dbb044aa9f

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
56KB

MD5
e199da1121481b13d1a06b70a2c07cbc

SHA1
eb8bf4e55fed0fbc59d3ef7b69c2206e552394f1

SHA256
591ff36e1bcc09fe67b326092429941233129849f25376b20120e165eb277e7f

SHA512
f2e1fc67c4773b529603b2f54c3f477d0be7e5e8947644e035a0ad62b416db8a55a9e7b345f342570d725d869752820883539d491bcee4db6584a28db17d720e

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
58KB

MD5
5e0e4a9a0da7695df05c963ba51d2221

SHA1
9f2038fb4e714c349086455dff225b32e0c73d2c

SHA256
4ee3ea1310079b1c9654bf2e14d11d52bb353f4bd24ac6491521d1c3344ce40c

SHA512
269de8fcd64824b7c65676c816d1e9c334f226868abab8eeffee8291374b34716567e13361ce495046910cf3e0656b5d793b03b84e6dd15c4a190c2f47ec0296

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
59KB

MD5
8fe0dd3551b291187a16530577e3e1b1

SHA1
a7794b789cbb7c00321d4dd2274cd3ceeb91374f

SHA256
b5d00e10a5f2923acc05dfe1010bcc77c2d6b2ac4b9105be35f7836f06b9d37e

SHA512
c8a8cda7c6a5975f0139c628bf8902c1ee3bc4a52438a5dfe68067c8e4d4ccedcd1cb565418ad61e9ed473344894b58edcdf052cbf24e0c9574a9f244ba53cbc

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
50KB

MD5
41cb075cb44aab9de9e1cdc42be857b8

SHA1
a671bad65d0cfacf01dc20d3527392da2d749c7e

SHA256
49e6afdcfd3e03cc7805f28b84da671987580853ad8b256f452574d2fb8b0349

SHA512
12d46ac5673b5008f53e16fd548de54e1feeca3037a4b40ba2da92703216ffcb1de7ccbaeed075b3f7f47e7dc76df47c47b88d5653277afbe471085751ddb41d

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
53KB

MD5
5a15a74f4d173e675944b1df17986f87

SHA1
b7bee44672026db2b2d66e0829f6b51f8b9a7027

SHA256
0b977d5133d94d4a84440a751bc4968c55b8464d2d06ab8054dc553870ce1518

SHA512
c9914fedc550fee8c9024f376ef77fa2d898b1a50f01e96500e4fb5ed85d79c5cc8b35a3cec2b804988847722c1a43edac451665b6b73093787f6427a62bcaea

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
61KB

MD5
dc12ec0b594675358d3c7825e85b6467

SHA1
4e091b1000c7942aff7836f6a4cebd1c8ee68d88

SHA256
45b80035bcce3d9302cbdd74244202364d869cd624151464a6d1c917cca37185

SHA512
eef4934a70948e477dcd22da859b690568f2c3dd6bb582a27c9d044756b3bf22554f23f2d816d6e233948c4f123feffc89864ae9371439792afd32b057619c60

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
55KB

MD5
534f9fd1f1eeff1cc9c294a19f02c525

SHA1
f8c780a7b609c7bf79b403837df5152cfd84fa13

SHA256
4dcc75d641a889b049a426ce2995091011ce92ee18ca02f6410a9c345e945236

SHA512
b270c88c44925c976dd42e3788b3c20a3b37f6000a5d412f46dc262bf1a77af7621301830fe98427449710f88d899c189e173211e28558be56786b2b6609c9a2

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
50KB

MD5
8470dc59fcf0a9eda155cc9f54474c1f

SHA1
d9042afb06ee1eb7bdc7e01fd8ec26294c531ae6

SHA256
1ea09a2d6c60ca157fbd7ba6b1cac8fdd10cafd0f7558d6c679c57ef3c7706f4

SHA512
fec78884835f34a50a57b574c7b690f16e8f247d88c4d25e81f768ad4bbb5057f633f599880a55a0ba45493efe83ae062a6c7a5143eac4bfc48383c56416495d

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
56KB

MD5
b22d58115f83949497d86ffdcb975369

SHA1
4210616e2aed01deb0c7e46693a64dd1dddb6cd0

SHA256
b96b6db99de3c05e572dcb223e978e7c0701dae149459ef9bc8b43095724a299

SHA512
1326463f9f2f3f1ef0fc92844db289cb973bbdadc27b85ff2eb815932df029cb28f7c2c9ac645f8977fc8b1fa85f86ecf187c6f17557c0695b950b66f8513632

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
59KB

MD5
81a254812f703670cb844a119b8c3177

SHA1
0eecd360edaaf1de939c8d54bdfc833c8845cc8f

SHA256
7e559b8c498d75326eb1f5d38ff795d936340ef79d9482c08e21a5a717c2119a

SHA512
e39ce35eb8bb9620dfbfa0876953ce14dfdfa876b6ab2690fdd8c6597630bd2aab7a4652eebccd16f0a86b8a21adef5d4d8d10ac93fadfdd1ed4428700979e42

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
56KB

MD5
53291de0c3d3145de5e9f867d100e5fc

SHA1
673f5fcd2b860f2385866f734199dbdda6d1ea25

SHA256
89eb3d5ce45513680e82ad260a5bb75d57c584af124554195fc91718ca1a1ffa

SHA512
9e5f9c0c3782028b36aa3ba4f23da32af9eeec2ceef0c70a8167079ade439868b2f07fd71456a923a908beacca498987e88c66ee1b2960b3a551f479481559eb

Download Submit
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.ThreadPool.dll.tmp

Filesize
66KB

MD5
0c7539fc546eb76d6c016dd2e93cecba

SHA1
45fd28d9ed76ea906eb8a4f314de07ebd6e452bf

SHA256
313d96421db1a555fde3bcd4131a7e424cd578fd93a00dd55711f41ec1ad223c

SHA512
0383ee5d48917104c1428a96402194f542befc9e80d9c39d7d535ce88cb34709530dbe27f6bc93fe1c9aadc4447cdf5f1342c9efd502b8d301db591a2c4e14d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

Filesize
50KB

MD5
b30621ee0acadd10df5a47f82b0aa4d9

SHA1
347dc07877750164a94cf691594c3bf173498912

SHA256
6de9c577aea9c8b9fe547e486b0c0d29ffccdb1669a0aeecde321a1821c924c4

SHA512
8633ca21c9dc0bda66ba9f4e36165707f32a9b9f78babd3a3d43929408eee83bb1a2d8e58be3278f2b01e1b418357c75ca79662fed94e25a00951f1b8dfb26c4

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
45KB

MD5
2eebbdd1ce2bb8398500e21f10b3f1a7

SHA1
d836895c45a84c80422cc6a9e57fb6d6f297a17a

SHA256
180c0a95b02c14a8467c49fdd5543aa4ac5cc93efb082f26e2cfe69c6595f512

SHA512
f115f83696ac9f28e6cf0891e0c6ebc62dea5461d9fba07c23ecf6938025bb8c9d5269d80dfc66640fe4f589cca16e581857b2842b9e187495d28911eefc45ff

Download Submit