71253b2021fdc04021e6e312100aa84bfbed66010f2b244166a95253c6363fc8

Analysis

max time kernel
120s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/09/2024, 01:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

21474ba48260d99a812e2a527b7f8d20N.exe
Size

89KB
MD5

21474ba48260d99a812e2a527b7f8d20
SHA1

d22027a89e19109129fc90e2bb0e0f5a02b815a1
SHA256

71253b2021fdc04021e6e312100aa84bfbed66010f2b244166a95253c6363fc8
SHA512

4caf2667aefd71af9022d81c2d4b35c958770068a04ad20f50a09bfeb5d023447b690890611353dfd73924015d5431c648c1c85d5a8c5ff4fd058361c96c05cc
SSDEEP

768:/7BlpQpARFbhS101C7BlpQpARFbhS101w:/7ZQpApq7ZQpApo

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4683) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
4636	Zombie.exe
2592	_desktop.ini.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	21474ba48260d99a812e2a527b7f8d20N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	21474ba48260d99a812e2a527b7f8d20N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_HK.properties.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\bin\msvcp140.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\resource.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-synch-l1-2-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_WHATSNEW.XML.exe.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.StackTrace.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationUI.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\directshow.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\hijrah-config-umalqura.properties.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Thread.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClient.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\it.pak.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\sawindbg.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_F_COL.HXK.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Xml.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\sunec.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-pl.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSIPC\eu\msipc.dll.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\hi\msipc.dll.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationProvider.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\security\java.security.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostName.XSL.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-180.png.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsBase.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\pack200.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XDocument.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsBase.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Native.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\te.pak.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\gstreamer.md.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\WindowsFormsIntegration.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GR8GALRY.GRA.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.HttpListener.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationTypes.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Specialized.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationTypes.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrjit.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Handles.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	21474ba48260d99a812e2a527b7f8d20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_desktop.ini.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 632 wrote to memory of 4636	632	21474ba48260d99a812e2a527b7f8d20N.exe	83
PID 632 wrote to memory of 4636	632	21474ba48260d99a812e2a527b7f8d20N.exe	83
PID 632 wrote to memory of 4636	632	21474ba48260d99a812e2a527b7f8d20N.exe	83
PID 632 wrote to memory of 2592	632	21474ba48260d99a812e2a527b7f8d20N.exe	84
PID 632 wrote to memory of 2592	632	21474ba48260d99a812e2a527b7f8d20N.exe	84
PID 632 wrote to memory of 2592	632	21474ba48260d99a812e2a527b7f8d20N.exe	84

C:\Users\Admin\AppData\Local\Temp\21474ba48260d99a812e2a527b7f8d20N.exe
"C:\Users\Admin\AppData\Local\Temp\21474ba48260d99a812e2a527b7f8d20N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:632
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4636
- C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
  "_desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1194130065-3471212556-1656947724-1000\desktop.ini.tmp

Filesize
45KB

MD5
3f2f0f4f617bc4959a64475c4cba0c6b

SHA1
6765009491ae4546025bf689229e288aba853347

SHA256
c7ab7b4dd6c3217ca5fee5cb6cec8b34b1a3d67925130a9dfd163ea267d7eefd

SHA512
d39b920f4d2a6434e7b0b63cd73500c5e771901d5a11c05afc35464c0d3d33900d0552e43d6cc048c58f4a2728f2f7443f3d48863d0403d9b3858134e8398d8e

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
157KB

MD5
c03a42bd7e25b9f177056e76c4469131

SHA1
208941445cf4478603c5c6e75608380f4aa7194f

SHA256
045bcadefc05a20b57e48a468ad005f79a78605cd5c08ad7f0b714bad661878f

SHA512
c31fae5cf1d1932b7e152573c1fd9ca8e8f7fc04711f269f4c24ed26f78166a86b3e8edb0357450fc6f41eaea44e996112056cd0698d0b27b994b1ffad1ba253

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
b9ee4a39481bfa5c884cdbd155dfeadc

SHA1
acfb397303a12aa2ed4038a61e52fcb129314571

SHA256
ea67c1b0d13b6a81546667796ae40a2b6ed518ff23641a181827e38f88b3f58f

SHA512
853b1bae938d90ece4acd3a27fb081744960932b1a6534a263329cecf36a2b5f7630b9b3a83f9f913a9f76352f797116349f099806dd5d0d13bdd76fb7098917

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
589KB

MD5
9001c8bd47a83189bc87f630480dc0e8

SHA1
ec53542940ab53a057f07be5e8acd5693664067e

SHA256
43294357334be08c339da1a9e59ff9ea23b17e4ef5626d7ec05edef8e71c696c

SHA512
f3742cd1e1cbc58a4e308e0f14582130e5fa2eae0d703bf966a1e107e9ada0f69b75a775ed15ebf5f1cf1c12dd42a43a657e8251bcd7d165b18a48f38a2ffef8

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
253KB

MD5
ea52e71bcbd22b1a731885828cceb41c

SHA1
8e37bcf95bb4b3757049f81cd4f7dd5d5dc1a65a

SHA256
61929cd395ac5cd7f9452645af5aed22174161ebb66da6151e01f7350f8f9c41

SHA512
12d44972ec3aa3154854712c27980e1421a46d909ec2cfc10ec79ab20d33f03edbc2e14de17cac0dede04e2e69fb8c42ac2828aed3658381adcc42bd98135b05

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
233KB

MD5
c24c385cc47298ca62b1a4cfefe358ce

SHA1
7180ed1dac2ec93af5f958575fc633869bfe24c3

SHA256
c9bbd7a86d2e513802e70e1faa5a3cc991ec2040b2905ecfd766420a8c22b6fc

SHA512
6deb2629546c28766a96c7d5d5774e8562d5327ba09a3ab346f61f30784867834f322bf5e88d8b9436da13a15698cd8760a6f4caf9f8698188f060299b378a6f

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
975KB

MD5
074e9d4c3781e24505d8678de37ff5c3

SHA1
f7ca3a25df88aa80475550b5276cea810141aa71

SHA256
1287251a9de0f2456b2c09d7ae3e94d4c2651baba4bf0d23654b2fbc0e16dd0b

SHA512
9a6498608ea159e085a688d8c8d6f2bbc3ec6957f9ee7a364b571cafc302039791dea26edbd953e14614a71539c83bf2af504263f7a86b7618448cfd25ef6396

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
102KB

MD5
5369e1a4e81eece4ac3de0a669c46b84

SHA1
ecb767bc8705498e873850dcf571976247a0fdf5

SHA256
ec5a9332c7d1b171db5adf1f86e045c4249309f4c6adcf8473ccdcbf471c5aa2

SHA512
c78a7e0e231e3e2493c57bee31507153a883e182df3f4ba68a1f67cff41e34fc5200b1da92b7976e1309c8a1cad33e7f789157e9f187d9bd688234b488f1ea9c

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
55KB

MD5
57752f0d4f0f49d483da2b486196abc5

SHA1
369935e8eb8a9b3e11ef75188e837af2e89c1350

SHA256
7dc22f8d83f6b2225f64a78a05e4a7c038646e72a9392c1153ecca0a2e6ba69f

SHA512
e5f6e60ed95da443273c6a8fe253065586b161709272b035455363f0296d7b42208897bb0371ea7a8b0bf301d96be8b2faa09556afafccd31e0055b701672679

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
52KB

MD5
dc2e776d2192a51986daae4c6b47ff01

SHA1
58ec9a800eb6e92d6c1719898783af3a9db298b1

SHA256
3bb6124821daa354ead6fd135a5f5b5fa79d7d3a0f476c83a2e94a2a9493e72f

SHA512
3f4db92e299d6a43c495232d77ff876e8d7cbae0a600a523259a15a07148ff7ad63b08dcf0be53ab684e49c7c62238771da96576d589972a962f91be534d581f

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
50KB

MD5
a78784dabac9ebd18c1b92801454a298

SHA1
212446d9eabb339f9287fabec0a638f64bd5beaf

SHA256
f940f2aeb2da8beaf64ff665a13e8676daf4cf1196dbbb9afd0a64f4b06ecf3d

SHA512
0dac9bbc90137761fda074163ae30093199b475ea76078c88fbb1f4bb1a5b02884b5a648de0b3355cfa8d86e02828272b6d1aca65c34aaac22dd977c7659f35d

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
54KB

MD5
a5ad89161b060ece70e1bb1cd7a18652

SHA1
fa09a520b2c5ea76671f09fcd740ccce61258964

SHA256
a2ac2b224c6b036d738dd105af29330435fefd64d7b61a8847a968605400b771

SHA512
70b8924a69c01ca0b083d952dd887d298e6498f73891708083617570a3b42124f68839ba92ea20fd224ea5b5fc719e7112bc4cc67a39163ff9069b7e0ce2d37a

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
50KB

MD5
f0ac37289e1afc23814aeaa59a648f5a

SHA1
0a6e938adea12d279221dc2a20ae2cbc7d50750f

SHA256
608becb0238436f8606cd9f23e4662cb0028896e35648697e5c15c8e473babf7

SHA512
754527ab4b107fde39551a488734b9d609e1a390ffdd9e0e86f47c47b2790fa003126afb57920f3239628e9691385928592a8bb6db9df9deba6eabc6de84f887

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
54KB

MD5
9694065d138ec2d717e5ec6ae05b4821

SHA1
a42f91fe48cb243046c22687634e3f85b8c1db00

SHA256
3fc3dc639fb5a850f86d2f9c9866bd68b051688f1896462780b019b7ef74f9b8

SHA512
d6420becd8dc1f24137e9589bba8a3d3fec2dfcbc35ab66f7167d71c61e6e7a5e87112b48da87d78ec6cdfc91608686c3245c3eda72ceadcdf9dff482318f73f

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
61KB

MD5
310d8f6abf894ad48d5e717b1323685f

SHA1
3ac69beb30099561dede0ded7ed84748f24fbe07

SHA256
aba9d4c204c2adb55d388a101440546dc56e4082a8c304b00e467edffeb61803

SHA512
0a7434d3231f7deaa048b15a22d0701043fcf849ca51b1892a93ad1058ffe91d987860c92a4ede055c96344cce8c962ea143dd3e68f779ea8b9087004bb20145

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
51KB

MD5
5fec7c848e8377fae6bc276367d07b42

SHA1
cd2396663487281dbe3047f4898608b0dd774e62

SHA256
c14aecdc41579303d8d43c2cc86f436a52e69440074460f24df5fb3d77c6867b

SHA512
93bd49bc37c597b8faa0a6dee3ac2c76a27ec94504cbb9e65c733e55eedea9dc5ea7dcafd26deb47216147cb7a991fbab72d08003bbccf3aa097d163f70efb8c

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
50KB

MD5
2fbda89d39aa38492914c3621945b345

SHA1
12012a1d0b78c80fbeea70fe84c407fe1cfa5813

SHA256
d344176ef481c036753443b9dca403cf44b2e7e5aecf011c99692f6908e97e4a

SHA512
b8f35443cddfdb5433833b467b5893c7109dcec9b1106175f5960dec8070492f35b088c499381d1ab4daa111375eec77aef06ecd635bd0529e36b4b8609eb328

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
53KB

MD5
fa35f7e5be849131ec38d0160137e862

SHA1
22c60c5d17973926ae434c69c474f57b2523a7f5

SHA256
37176894d69fe0e49a61537e2a8414e525c52800ec0858e74baf148183c267a7

SHA512
1d5fa413bb745fa7ebf166e95ab3355547f4426fb6aca32e83274bbeca64502af09e8a647f724daf1e75246df91d50a2968117667636925149e4ad6bf0536c07

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
44KB

MD5
914792647154e24d9f806d601157f2b2

SHA1
36040a6124a6b183d60feaad06a2b12a0e60d405

SHA256
ea991858a9736e45aad2de9c999f0110eb1c18cb710f53d09f11c152429cd186

SHA512
a0178cbe4daee649c92018391c319cdcb624d20ed7de0554641bd7d0ee8e3c6f2f82db4f35cc69eff7cad4527a5980c90ed842ff0ea2efc735a65069073057ba

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
54KB

MD5
79cf0afc388fe4188616d9294108a153

SHA1
040db3eaa49154296f6b7447701e1a614d0a0d7e

SHA256
d39dad794d86a721da335003de3de4c417db30d14abff3b7e88df3b2b572d1f6

SHA512
8aef0acfb88393585b910cf7cb9615f04b3994aa22e064e85ba062696e9ec92bdf0690f5d981a7bd94d45eeac62a096007f74b4d6cc300f81f8d63c78b6ee235

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
54KB

MD5
55e9f83e0e92ddf3ba17ed9ab4197dda

SHA1
a3061eca5e036f54f2b32267ad1f927b758640cc

SHA256
bfd174346d4f5134e1efaca744caaeff231f976b6347e59d61640e343b058c01

SHA512
19921ca8398d384528fc03a832da7ce6757abbeb9215ebf90d78749f4b3cf84546cd8c7f8ad2f8a124be3594432bec6d7cdf0dcfd6258f5348dd60a91945250c

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
51KB

MD5
65353c028a7476d0802abd21daca04b1

SHA1
320f3fb56126bf414ebdca5bba476cb02f13f626

SHA256
69932a3c1262fb652e82de02c6e08648c9f23b32876cdb424a68fc4402c94df3

SHA512
9cfb4bd29ac65ec20cf5ab2d50254af7565174a45ae68676aa9a6bd0417c7472080efd67cbb5bebc6451dc41ccebaa8c55039b3c664123acd30de9bbc1a67dc9

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
54KB

MD5
e76a7bea0e41480d1aea9b68d629808f

SHA1
c5a0812f097f1e93cba15737d33523848326f2fc

SHA256
51989ec997d2e207b54c81273a321909a98c82fbe1071ea562be8d43333d0fda

SHA512
7b33d8f4f3411dc661999e09452aed80fd7e7edfd5367ef0701d6df5c1dbf91144378ccb827b32f7e7e097cd74f3e9418ed450b6989731a758b95e6425770de2

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
62KB

MD5
e7fa118d3226cfd92f4660f1514e29d6

SHA1
65d5c7b5cefb3d6000e9fee93dbcc9d522625102

SHA256
d6935a622bd9270ee3d0fa3d7c887a420e9b2332259776a4931681d6d5e9aae5

SHA512
3f45bc72818eb692f8bf055a51f87852a8c49dda85fd0b1dda385d51d78beb215976198263d63907b0f2b0a68a2bfd30d9d030f7db584d6f0659b822d3e989d2

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
62KB

MD5
7fd337bb6429741ac828b07b7b07284d

SHA1
0237d664928a87c51101eec1fc2a2f3ece56fa93

SHA256
9e051a5c829bc1a54a45831fd499b4d5c7d97591572d8e7dabda7700b1cc02bc

SHA512
7628e6d3d2d4ee4b80b2fbc6d73be74c5717d64152f2e950dfc56d51ee2fab8ca912e9477357c26f0eed8ae151362496a0c6e409d5437dcb2932b7208c1b30c2

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
54KB

MD5
74205c2edad642ea53441a7f71f823a5

SHA1
213b84b5243759fdab4234143335e74755331e08

SHA256
b7f40c33b13eb3491fcac87739907e643d8927b92e4073d811d4d9d7b7cbdeba

SHA512
897dbfd0c6580ef06905320c7adb6c9ffa0c94c7ca3c5c86a3e7a3b88a68688b9492060d0d055d40b9a579a2da3df500793058649da6cbd8c1884213c9edeb35

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
52KB

MD5
de5ad533b6516fa7aa33d131ddb4a7b3

SHA1
e068d515d595c9dc509fc679559628fd6d9f5ec9

SHA256
d3f74ce0e8946016175b80088e72f9888a88b90a937fefccaee79ff18f0661ae

SHA512
4503c081d921b66a60dcd8bf7a2e90621a0e958a71f9bd1b11cdaf0ff6e31c4cc61718eedf2d4b90b3fceddd745db1ffdf596c1d6fd070a3515605d4c0285655

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
53KB

MD5
5a5910cabba9c408261a0bd9fb635490

SHA1
acef8f43f12df2b67cf35642d3f0659ed5ac4abb

SHA256
2e664c218c4f1678f607970b3461d69d12a0625f9f2e993721e91e589d28d74a

SHA512
ebba20582b1cf706495007e89e0c0c6d378dffe0287703a0d0f63e8d9dceafd661e1524ceedbbac147057946271d006735ebe363cd1e8e38d7751d1e03bbf245

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
45KB

MD5
750f4af41b0dd436eb4672817fcf576d

SHA1
340e8e5fc2944568dd79cc08386142498e0ab680

SHA256
bddcb2c1422fb81429756de3cc8698de56032a382396e7eeda3604d1914f1daf

SHA512
fe4cd1727130f1e323e4885719ca1599be7f40684e8327140a8182ffc5e3828e8ee011a1331827b632becdff85ea13c4616a77bf11b703ea4ea18c78e7011a17

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
55KB

MD5
96c15134e0472c1b3ad315ad9aaf0e75

SHA1
a5daa062331936c6b06970c1640f1b3db304d027

SHA256
5f8f2cd398636741fde2b032b4e2ee7719bd6c7424e9251db7172de2a4bd60e7

SHA512
326ab9641d1037ce6d7db4e6db05f82d1eb03448c3b3c51dfc6353774aa85464b3659355ac75e3eab18844f21522fc22e7bc5ec280616e29eeae066457349ae7

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
45KB

MD5
4d2a6c5d383d47127ffe6f001081b3f9

SHA1
565d62621117f7fb445c12ea51c1dd0aca13c2d2

SHA256
5f68e649b030ff12cc812980279f7baf2e9c59b16a7eacb84f492747f5bacf9e

SHA512
14eabac097966caf223779142facb217e1d7c3000cc2605e19197ce74f8fa90f80f1d75ab282eb4e1edcac0acfbb0288dd4189732c1851deee547750a29d35a9

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
54KB

MD5
775fbd9b968a4d45af060344a35f9331

SHA1
4f46878b264c9e858ff02f870d3e95b068a78307

SHA256
32412b6c80ee006b1c20a74ff1fd16ae0dcbfaf41284c3514b634c011729c9fe

SHA512
58b2b4c98033a26c82470cffa315873a7848051a2e74d2bc9699412a238084663d8339bd44f37832392e35050f0699799310bff1e7dddc90af491b3d659c82d6

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
56KB

MD5
0d23842d13442e00444642923a49f754

SHA1
631f5b2dbbf6838606421de0359272a4d9293957

SHA256
1c232c058afca13a29e080f7b7572b468f976787085187f75ac5b4ddeca70616

SHA512
12bec9906733c6b0c0cb740b17e038d912fe89921953d978c63ce1e5b372979ea86d4f8bbc740730f21a0c80bd7fe1fa6563bf14fedc2eea712c52102ba2c8c7

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
49KB

MD5
a80184468dd36506b45097fe30d98ebe

SHA1
2ce20fa7670a758eca29303eff33cfe894a99d70

SHA256
395cf92ce7a0327ee7cbe313edac755c56e6500e3adb533439a55d3f1782f446

SHA512
a16acdae208b47982cde740545aec0c3395f46f53e3d70dac27ba05641a73d78c805f52d2be2ceaa69e60b9cd57ae436e67d06ab4e9ece43263e8dd9f767efdc

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
49KB

MD5
2de6a8504a5ceefeacef641373fed919

SHA1
fb71e01b5b7ade336fabd3741d18693fd750a117

SHA256
ad627422fc9168bde310284ed0133fbc42ea231e7f04ca8a90eda0b1d4dca656

SHA512
97437ccd86702c80f92028e436c94390b2870590c7e7664e4b65a7e0838d5583126cee977f9ff48cb275ce575785d63db5758a46adc03c95483e45ea8802785b

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
52KB

MD5
7e7a8830e62ce69a1533559acc07dee7

SHA1
84d95e6f08240e841eef698d0e12448aca3e2087

SHA256
dd44b39810b196035674feda8ab4d558d0f936b73c87254f3008c57773a637e5

SHA512
36a77e484ecde1767678770a5b078678cf0c7be0ddaca069be57342b10954bfceec7cc75e68634b1e79b418101ad66adb739281ba04f966e8e48d7c0393e7fb0

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
50KB

MD5
ea38022b5b8c5d474351bf446367c554

SHA1
408188bccedcd6228a04cb615dafb7396f328fde

SHA256
68f8c90e43c1984f616e611dd744e73a36136b9fd91bb340ab94d5cef073665d

SHA512
aed11e3d8037126a4ab5c0e6c43c76df1b150077f1522d912c41d913763c06fe939661b3bbe03c4355b311de76c8e7f5663ad2f55a550e84110237c202ac1f4e

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
64KB

MD5
92ccab90fbcb812aa81cfbf97f92be30

SHA1
0b05cfa1a4deffbe6b56f96916d099323ce08cee

SHA256
c12f763eeb2e236385d5fe4393a13826072a921ae5817cf0675b30529d96b95b

SHA512
f2f4b0079998944b1b2ad5791b0f78326f8ada53c4475dc27b20e55119938aaef5c87cee4cbf71c92cef4e8118663f2c6b968fa32917e5deb6e0a65ee1b2222b

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
55KB

MD5
c061bfbb259457770087d767f49f31f9

SHA1
2fc44fcc90acb998fc4fbe55731971e01735b6ea

SHA256
192961928cef6ffa295ff4f3220badf7f15b26246736262fe25f43ef87d3967c

SHA512
641cd3f7fc588e50e2563e6178d9cbf56d596ba5bb210930f3d7867207af1a7f7bbcd33931d1c84d474455118a02b0a47c70b33b8222fd02a14ace41ba30c67d

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
50KB

MD5
5e101b37533e1597462c24a81415aac7

SHA1
9788ae3205659b5b06d1b530c0145a0e70575c13

SHA256
a60e695a070562d3959c9c3770f3e504f07b607b1fc100b5d556d85b8c1abf8a

SHA512
a065a4bf3dd0a3cb17ef56cd06ba9c8362900dcfd2f6ecc60777602a3bf123ba1da0e54f1425fb763fbf6f2f4534189da67d4bae7188cfc9dfd2f6fc738a7396

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
58KB

MD5
daf36e7eeb9772b6795f8fb1c046ebde

SHA1
57637734dfd4d8ba71acecac96474a1e488b0324

SHA256
367b15999f63c111070f0f63983513343434fac4fe0e715d7a6544d30dc848ed

SHA512
aaf1f56ce70b2f424ab838feda81e4d29ee765c258b7373c59a4e46a5e938d267e6c2bd769f9a22bd32b8b36616e06a2fb7ac5403a0bbdcc399f31a10de7ca7f

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
54KB

MD5
62da5b27c15478c4486e1c32b55bc64f

SHA1
966db095c1f052db6b2911761db406a9193d13ae

SHA256
2aa72be6ee6963716c2abc92d3eef7050f4e6299efcb4a07f1c0770097494d70

SHA512
a14eece331ce9a3af27ea5580fc7898d233c9de73d36fbae081bff9f4ed2ed1a86955df04f199898e9d93d92c3e361ef60587c22ddea46d87318f3e965d0b7b6

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
44KB

MD5
6c891c7206621f1d47b466dcd8c6ffe3

SHA1
c4a16ecd947488b50dc8591bcb2aa15b1b7ab0c0

SHA256
75501a542f9ec46727942e9628053f59cf4e437308a2ab5490bc953ea426e26e

SHA512
fe1d476058167174e585715c8c100b41187206b73e3d5435afe5a46a0e7fabc19ba414a20372d65d8d3756766d759ba483221752369a9dc7f9af25430415cdb6

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
59KB

MD5
2c19513bcc75a986939c2b16e13315fb

SHA1
25d2539dbaf4542cc56da51ac963180b6ed6f00b

SHA256
575cbfac73dd4f6dd3336335041ca4fefc2f7b1c2d2d1a20d258d245bca0a83e

SHA512
4c0f91a7fdce72636b955430b83ce8cd8ba6d7ed3835c65e7172032909de8317d94b0627b7a2a6dde559a3b6913981b3b988252adb0e76f19059daf0cbf66bd5

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt.tmp

Filesize
53KB

MD5
c37899292c5637475d8af87d0acbb3ec

SHA1
831789d0e3a9d2201fdb9fd6fca620181de4e717

SHA256
fdb2dac7943f56567eef5ac988416dda89a0ee9c44de4ac761f1a07ac2a30825

SHA512
7f598792190e76f6b8258b1032655c3311b51d533c711f3a706ad7fe5deb293b19441412b656ce8fde88d6305626c757fb23e3f0eda8a957fb227f7bf8156315

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp

Filesize
52KB

MD5
f900555b757f3bca701fcbd76aad1b29

SHA1
05be0925bdc6725a1fd74656da4a61ca7138eae5

SHA256
287bb6242694682afb5c09493a9dc303502d33ac4ba6fe272b75f9ee8bb130f2

SHA512
6eba9d896c540d94fadd43c4ee06b0ee6f96e46b08fc7d1427b9b157b21a96df97b47b599aa2469f2fd13d36b118d2b0289b05a4557cf412cb05f9ca1cd29b46

Download Submit
C:\Program Files\7-Zip\Lang\pt.txt.tmp

Filesize
53KB

MD5
9a77a2b9e46f57c9eff7a1430859e6a9

SHA1
06635762e4cda3d46b4d3f7d896ba8957d4dc8be

SHA256
f8868e048cacf0278f15364e04ba6e2a3c5c8892ceef73de4a3bb00e5090ae65

SHA512
8f27aeece9a9e0933e25f67a0d1a58430d8b8ffd55f4e61fabf9c81939a4b5edb4a9c57d0570b9b0efdbc40dc78a936d845215ad3fe728a99a6ec2ebb9cd063f

Download Submit
C:\Program Files\7-Zip\Lang\ro.txt.tmp

Filesize
51KB

MD5
40896983750acb709d4d141081b1687f

SHA1
030d8907d20e550410de9d0e3c701956b18c0ebe

SHA256
6781f96d3a93345e48a8150bac51956c07e267c3cfdcac73bd3097a7a7c80294

SHA512
9a856dabc77e8b673dd4a7e6feea09dd8387bf091956691602a21129c851c34d1f45edee8f22b26cf135777ddcbdd5b90b6b4099c0eb8f9627441fe63f1f0cf1

Download Submit
C:\Program Files\7-Zip\Lang\ru.txt.tmp

Filesize
59KB

MD5
56830b098e3d58a335a050ec0cb8b6f9

SHA1
b99010493dc14ca3a894584e4f01b13fadead848

SHA256
60a1f378f28f1e61777445d3f9c38c4e2c6070203b128760d7fddb171c941904

SHA512
8d85978678d9f32646393966842943db41a51fd1a176470ea50c3ad7939cd8497f19b7cb55e0ee430c2216df65b1a49f0f194b525cf0e69073318ad61cf7fc07

Download Submit
C:\Program Files\7-Zip\Lang\si.txt.tmp

Filesize
64KB

MD5
0ad74affbbbd9ca6c1c6d7fe84390aec

SHA1
0d78316b18a37385c01d4a8f3d8961140403e216

SHA256
58cfc06f8709f46ff293944b056ff1efaaef6fcdc6646f36e34ea96eb5980047

SHA512
a6b64d8a9f0e812c599a31fdf1f4ec7c554cde986c3e33ce37da4a60658e7d9df9e0a99effba6e3851c32ae5ecd260e374775a2050b04dcc0f6001360656ea2d

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
45KB

MD5
ac21348bb14fe719418859cb947c4ec5

SHA1
a5db07ced806a71c4ac6a5d526fdb6d0971203db

SHA256
87e04bce58f009aecb80f55a3cebc232bef6cd4ef1b02b47eaeb020c8b131ac6

SHA512
6a5ec9dfd9ae2579ad495471de5103fa5208bd42e46359c9f45fa17610cae945544a825612e84234a84fda9df34b861840d4aeaedd611c29e9627cc2547cb199

Download Submit
C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp

Filesize
53KB

MD5
4024c9c471b4e296d2e409879b123aee

SHA1
131395e9e4ac470eb278f7bc4e0ccdc0e99b4379

SHA256
5a3fe97b1c61016d61249318f519d920388284c7dd1506961bb90099f19d75c3

SHA512
5ff4389885a64acab92d14ac7942cb684025bcc28ae9c1572927accc7c332e8de45a3d3da4c00d159e63aa34ec50fd04ed9684367c71d349ee29ad70c84df42a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

Filesize
45KB

MD5
b4229549696ed180ef0cb764e16993ac

SHA1
7bf6a975c74d4c95f4695829b6efd5a3a676852b

SHA256
0b81eb666b9528ef6a08fbda29b0fb9f8a4380c497437add4107fa4dfdd6fbe7

SHA512
b026aa38c8a625e83e25d231b51862666cf0835fd55c8217670cd2c890fedb4cfd55219e2a4f4f00fc10e6f8aef2116b658fbf221af350278bc89467951609be

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
44KB

MD5
e813b519425efa523a00e3fd2f8831e5

SHA1
323dfee720cd2bcb4beb6774fef682a9edd35c5e

SHA256
434575ed24042e71563079b8e654b7be99fd8015ecfc07390852487cd5651a9b

SHA512
19dccc2f5e3faba36499ac8ee18d1022839cf9901ba20b6b9b253d85e873bf36f70cdfb4f4f1393ef4e0b1da8896de916e24f75ac1e8e4bc73fa597d71f5a87c

Download Submit
memory/632-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4636-16-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download