fb8b903380c7dbc7c11b25635789b86008cf63e2c67b3f5d3bbedbb4ec63371a

Analysis

max time kernel
120s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/09/2024, 13:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e13018e7bb701ac140f872bd7b8728a0N.exe
Size

69KB
MD5

e13018e7bb701ac140f872bd7b8728a0
SHA1

2d47c0622d5fafe28a82cf456495efa1bdd601fa
SHA256

fb8b903380c7dbc7c11b25635789b86008cf63e2c67b3f5d3bbedbb4ec63371a
SHA512

4faa03c93f2ba9fcdd393e3ba1eb536d3e7f7daf84b04783dcaaa1b52d04d6a3a09199db21c4002dde88d6060abb3bfb58f139c4bec7e762af89d16e34899bf0
SSDEEP

1536:CTW7JJZENTNyoKIKMWTW7JJZENTNyoKIKM0w3:htE5KIKutE5KIKjw3

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (4655) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
736	Zombie.exe
4124	_desktop.ini.exe

UPX packed file 55 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3252-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x0009000000023488-5.dat	upx
behavioral2/files/0x00080000000234e5-8.dat	upx
behavioral2/files/0x00070000000234e6-13.dat	upx
behavioral2/files/0x000200000001e55d-17.dat	upx
behavioral2/files/0x000400000002291b-18.dat	upx
behavioral2/files/0x00080000000234e6-25.dat	upx
behavioral2/files/0x00070000000234e7-26.dat	upx
behavioral2/files/0x00030000000229a9-30.dat	upx
behavioral2/files/0x00030000000229aa-34.dat	upx
behavioral2/files/0x00030000000229ab-38.dat	upx
behavioral2/files/0x00030000000229ac-44.dat	upx
behavioral2/files/0x00030000000229ad-45.dat	upx
behavioral2/files/0x001300000002291c-53.dat	upx
behavioral2/files/0x00030000000229ae-50.dat	upx
behavioral2/files/0x001400000002291c-57.dat	upx
behavioral2/files/0x0003000000022945-81.dat	upx
behavioral2/files/0x0003000000022946-84.dat	upx
behavioral2/files/0x0004000000022945-88.dat	upx
behavioral2/files/0x0004000000022946-93.dat	upx
behavioral2/files/0x0005000000022946-100.dat	upx
behavioral2/files/0x0004000000022948-104.dat	upx
behavioral2/files/0x0005000000022948-110.dat	upx
behavioral2/files/0x000300000002294a-114.dat	upx
behavioral2/files/0x0006000000022948-119.dat	upx
behavioral2/files/0x0007000000022948-122.dat	upx
behavioral2/files/0x0008000000022948-126.dat	upx
behavioral2/files/0x000400000002294a-130.dat	upx
behavioral2/files/0x0009000000022948-134.dat	upx
behavioral2/files/0x000a000000022948-140.dat	upx
behavioral2/files/0x000300000002294b-144.dat	upx
behavioral2/files/0x000b000000022948-148.dat	upx
behavioral2/files/0x000400000002294d-162.dat	upx
behavioral2/files/0x0003000000022951-168.dat	upx
behavioral2/files/0x0003000000022956-185.dat	upx
behavioral2/files/0x0003000000022957-186.dat	upx
behavioral2/files/0x0004000000022957-194.dat	upx
behavioral2/files/0x0004000000022958-198.dat	upx
behavioral2/files/0x0005000000022957-202.dat	upx
behavioral2/files/0x0006000000022957-210.dat	upx
behavioral2/files/0x000300000002295b-215.dat	upx
behavioral2/files/0x000300000002295c-218.dat	upx
behavioral2/files/0x000400000002295b-222.dat	upx
behavioral2/files/0x000300000002295d-226.dat	upx
behavioral2/files/0x000500000002295b-231.dat	upx
behavioral2/files/0x000400000002295e-240.dat	upx
behavioral2/files/0x000500000002295e-247.dat	upx
behavioral2/files/0x000300000002295f-249.dat	upx
behavioral2/files/0x0003000000022960-252.dat	upx
behavioral2/files/0x000400000002295f-256.dat	upx
behavioral2/files/0x0004000000022960-260.dat	upx
behavioral2/files/0x0003000000022966-275.dat	upx
behavioral2/files/0x000300000002296a-282.dat	upx
behavioral2/memory/3252-914-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x00790000000215c7-1018.dat	upx

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	e13018e7bb701ac140f872bd7b8728a0N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	e13018e7bb701ac140f872bd7b8728a0N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ko\msipc.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.SystemEvents.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\EXPLODE.WAV.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-localization-l1-2-0.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\ReachFramework.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ru.pak.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CSS7DATA0009.DLL.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Grace-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.V7.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\notification_helper.exe.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-stdio-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\netstandard.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationCore.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationCore.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\dnsns.jar.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-180.png.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-180.png.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorlib.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero2.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\glass.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-pl.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as90.xsl.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7cm_fr.dub.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Parallel.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationFramework.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationCore.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsBase.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\asm.md.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Native.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.manifest.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\zip.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-180.png.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordbi.dll.tmp	_desktop.ini.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e13018e7bb701ac140f872bd7b8728a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_desktop.ini.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3252 wrote to memory of 736	3252	e13018e7bb701ac140f872bd7b8728a0N.exe	83
PID 3252 wrote to memory of 736	3252	e13018e7bb701ac140f872bd7b8728a0N.exe	83
PID 3252 wrote to memory of 736	3252	e13018e7bb701ac140f872bd7b8728a0N.exe	83
PID 3252 wrote to memory of 4124	3252	e13018e7bb701ac140f872bd7b8728a0N.exe	84
PID 3252 wrote to memory of 4124	3252	e13018e7bb701ac140f872bd7b8728a0N.exe	84
PID 3252 wrote to memory of 4124	3252	e13018e7bb701ac140f872bd7b8728a0N.exe	84

C:\Users\Admin\AppData\Local\Temp\e13018e7bb701ac140f872bd7b8728a0N.exe
"C:\Users\Admin\AppData\Local\Temp\e13018e7bb701ac140f872bd7b8728a0N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3252
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:736
- C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
  "_desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1302416131-1437503476-2806442725-1000\desktop.ini.tmp

Filesize
36KB

MD5
3027935a1203c9dd506f59b5d1e175be

SHA1
f35712876998ce35f96e02f6bf9254ba6d3876b0

SHA256
5c46865d13862d516364272c179dfd476385481f7430c296e8c9eae02ed3b637

SHA512
19db4141179c2d44e962dcb15baf6509e118fbaf6219e3846b469e96685c357879c7ad6915b71b16a4e4c6a4f081257fc713864f39c2163d77932200d2ded3b3

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
148KB

MD5
9cd9476bc1aab4493002b19957319fa6

SHA1
f405e068d3e4606ef334cc7ef84f7e872edc7d64

SHA256
6245539d74ac54d659168eb04972a75acc3545cbb5dd599b352135d1ee594750

SHA512
7cf5d7c68b90f2d8b6f6aa9f17ded85b3bebf38172dfe90bba3756f53369b09612510d6b9bba842f4abba48ce7e79f88d6dfb1598a8e4a7d6e69bbce2a3adb69

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
135KB

MD5
d6eda7cf5d14bd9c54a1cbb86d05cc74

SHA1
ad05f98881c7bffa12bb560df22d9d522e4af832

SHA256
21aca15969eb12ee79cad706e08df696904cc7e042a2f8071c88f29a7b9e7f3e

SHA512
a241b54dcdc9e2bcceb2984e4d6c26e319c271507dfef3a2273c744031f052e6c6c74b2069f9eadcfd5c8b6dd54fab546067fad169a53fefffc1617a12a69818

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
101KB

MD5
ceebdb10162288ac4a2740326b7d53e3

SHA1
1f4a4a77bade24dbb5c738b8fe3987385acbe96a

SHA256
90c767e8a5fb510a4ab5ba2a6c3db77e5ec9ea0acddecc8fffac1076d69d048c

SHA512
007ff004667f9cc79954a7785d7e90e008faca51996de00e09703de058fda5bb103d5f23dad8c7273709239cadcecbf5d6f3306953abbfdbfd6550f9c4617368

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
49a918484218a59885030e29ac2fca11

SHA1
542a2d43ec282e3def6731baa6f4bf5b41451113

SHA256
9e5bbf5edb18e97949fb120604ff116902b78588517a3ce598a1bdf69980f5a6

SHA512
45a22ae4676b63c36e2b77287bd09b38cdc41ca01a982922881f4c092f7f2a4df19cc8f16d078a9abbb7fa1d46210076b150478f85b1ff99ca0118dc977bc422

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
580KB

MD5
cb09bca470f18433e6f3e4c5d619ef1d

SHA1
0870b20bc055bb67222b343716de5cb78d9afd41

SHA256
116a5f020233b5b9bc9053c639d31f46263e5969ae4e3bb8a0335843de077863

SHA512
00ade978b4b6877266df2ef6bcecb5a918c25cb18f1524b9fd31407ae75438f1ef0471ab17a3c482bebfd560549ea97b22b02f5bea48e429b5ecaf912661aa38

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
245KB

MD5
954705b253f2bbe4733f759e36227083

SHA1
4485874c8634e54f6eb37a1eae37e031c33ae1c8

SHA256
56be61bf676647f3a97fdad24c0210445356e1d0623edec618cc6b46ab5c9009

SHA512
2bbcd30756d192bd23103e64ef042cbe102f0c116f39fa06aeee3af05b782d1a18828a2bb17db71b740a52bf2775eb17c96867f331aa1548796ab63098cfbfa1

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
224KB

MD5
0c75f7f6c6fa005b4d1f28e2b34addc3

SHA1
97c0dd75f1939c06fcb8013045a3270c32231348

SHA256
036374a5c39aeab20c8e252aceb9187daabc51fd7b0d5fa8aa948c9abbd9d3dc

SHA512
d76b05837a61a05daafbe2537e46cdd46470c20d801dfb0e19f909a4deb5ca0e6c8bfe4a652e31c11fa5a2967d63d5c6bd5920c942433e25d17463d1dc42d900

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
966KB

MD5
2d19ccc2664cdf07b4a1653578eb944e

SHA1
10b7fe3ad1a8b3610b800cbcb2c62a8dfab10f12

SHA256
a5245477af2229c5d3bd655c5f497bd4ff5452f3025129aebfb6e45609a1dbbc

SHA512
1d92f039c2967ba9cee8986cba499d97f3e277843ed177beab2604945ba476e30b6527da5c3ace6724758c9488500b7d34c0c8ce9d161e58dae72bd00bed29c1

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
720KB

MD5
9c1ed1e8692c6f09fd6ce060310950f3

SHA1
79286cb985cfad62f9582beadba6a5d444c3fd1f

SHA256
70306ba05a46c635b69416fd90aecdf9fe8e44e4545e7d87637cce22ebda63f5

SHA512
2104b618521d861a4223c76ced3d7a3dc6bde9967b8ac2d43ee3a4bc868c2aeda547924cacb56e7025e29884216d075074e3f6c7caf249923a19ec5ffd592b4f

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
90KB

MD5
0f6080dce02f90c557aab9f9ed462ddf

SHA1
e331eaaee469b32f11d00b444f2bd329f2cb0b9c

SHA256
1d90d80e3738c8eda3bf290931ad65ee4b01a7705ac841fc57fda7a89d1e0895

SHA512
642844821088f6429935941ebc5c55f7decc82cb7dd7a3385eb169d2e137249def1829b48621ee216460e4251ca3a82ed6a14e05ffe25c8ff804eca608f51828

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
46KB

MD5
83f8aad23f071161afbd8663a2ce9bbb

SHA1
ee6f3e43e859153f24f906d609cb87f4820c9020

SHA256
bb4e185d3ce571b073f60c90c421819d747bdd9d3a394bb60ce0dee37c2b2b00

SHA512
f1ecdff89752ffa45dbf0f9c5ca58f4fdb0afdb8d693bd068af6bf124fc22e412e32e4f1e34343933c455517b321b21eb587cd7553ebddcdc5c014211b44c385

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
36KB

MD5
97b0c7ed098f2844c5f3c8287f26d88e

SHA1
d87119d53589e4e973a51da39a75782878ac1748

SHA256
d20d6502d6c3983adcbeab73adb3529057aae9bb7c3ddbab8f0ced11b6623c4c

SHA512
a8b6bed37de6eb924f78d9644d299172dfd2e2b7f21642bbeb9980c3a213484778161d2a0239b74b2c6b473019a7f7e1464cce8a1128ce127113d3f303a26a1d

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
48KB

MD5
0719fe246a97796006f78eaa2449e833

SHA1
7add1f9370b01bc92c65599216b2bfe6ba961013

SHA256
3bad9f0212ed6990dc5dda7c87a1d43524214ac5a6d74bc5155eecf65e6c0547

SHA512
8955a4dc3feb36bf7396c109c929e26ab030c95e364d9f36cada4eeb5e76663185d41790aa932569c960d9f1a4b015f3261524d6ccf5c907b4d8340cb6a9c3d8

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
41KB

MD5
3738c67539e86e0b8d5fd7617041325f

SHA1
114fb33db5a381358508f6ccf1d46d0f7473fcc7

SHA256
91397026e83d97cdd9c4b9978163d0fb6ea92d083da77a675c003cdff5ebfcb5

SHA512
bc445d31da56b49ea870b96409688de6601fba36cf020948b68eab5d046e15f841b28140a6614dea4c824118c420d254b9494afc56c662622942fcdbdcb7439f

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
36KB

MD5
240fb3d202bba7d38b4ddd2a8b3dfeb0

SHA1
1bab27ffeefc162c314c9cc0bfc380b12678fefd

SHA256
fb8e5b6db6b890ae94777a5865db4a498ada3a566e0fb0014b6da368089e953d

SHA512
87954c7fc7f2506216241d7f62ad5c8a96be6358ebe0c435d37c23f3a30e1bffeb0573b3eb8c4fcb5ab04b5ecff7e83017d3144151a7c71a82a5992d814554fb

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
45KB

MD5
fe65a4f89a359551303f91162ff19a70

SHA1
6b599d3a5bb85f2577fc080e2856fb68186a1815

SHA256
cd9525bc877d1f8a270b5852bfd15a85f03d0129c49841e4e5dae7d3168724d1

SHA512
a5507de1bd5c15d0f14f73f8b39ecd068b677bdc0560fe176499437b5b7c59ba2fdd93282f026d32ed7da4a1a1a5a276077a92b9147a745b203b99f711444b8c

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
41KB

MD5
c8f9901510d3aaf7d6887547317cc248

SHA1
08357c7ba658bcb5c6a627c0a3adee5eafdecf5d

SHA256
5b1c28daed95dd2800b65a6ceee1f1d24c394a6b1a276e96898648e22df1a409

SHA512
0447e04278977a8c951e8caf2529ab0cf80cb8080f5ab72122d1c037526f1cca0795c8b6a4e7473ec3e7191d50814bc03503bf4d31166629d1fa70fbd20bb7fd

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
45KB

MD5
8dbe70039959f80d1c6efa714dd3ceb3

SHA1
37f8c5cb6cd5e0c76f027904bee301aff6f3cc36

SHA256
6ed6ff1996f80f6b0a35910fc7052e43236606dddf933c8e4aa44c582f4d1c1a

SHA512
4445ddda3aa59b86cf867711261b8b8e6702e1f8dac0125446092cf5e8d1bd29f578d112d45866111ffb6461e36ca1707b86d03887f591af8069222542ffcf06

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
50KB

MD5
8a001b6bcde80b4126d74fa0c4d19438

SHA1
b831c4928c61a46cbd570eb6f01f13d0fcda68da

SHA256
9c9be90e65d23490ac46fe1e18d1c2afb6500ff2711463dc130703116a8a5744

SHA512
1f2821ca3998190667bfdf0d01bd02afaa200f13ff51453d178e2c13dbbb3241612fc143d761a93fb29999d88654ec8063fa959613229763e1e91fc474d60d52

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
36KB

MD5
bda88ac2f9b7ac4326e2746cee2f7fa0

SHA1
5613655653fe597aeb7cbe6ac72428e05c687bf7

SHA256
ae11379eb5bf9e71ea659e2e532a5a27beb76f62819ae58c7039bcc9e1db6d8c

SHA512
942f213837e23546b7aa4eb532a6c45b2be6f09c33df1fafddf50fd8dd96bfd90e5070ee509c7dd36be28ed3e7149a8d4a3496228be39e60cc2a4c979e48b5b0

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
38KB

MD5
7942723bd1b6f6a101bf30cdfcfd0e8e

SHA1
9d98cf66a5f7f5043d9bc5939b088af951194986

SHA256
51153844095d8957a0c3ed6a375d6f49bc38002365d3dc6446e0de3c1411ba06

SHA512
d15e640c5c03c3e2b26ed2bc13a0746290a433504ce0e5bbaebc5b336c3906fa65130da42147e18c8a5f5be5b95f484f31a8891018a1f120745601a82f712a5e

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
43KB

MD5
7c5ed21306c7496b83997c32072f6ebb

SHA1
a679bb560f6ef278ea12b1b9cad892c9810e3082

SHA256
103b479605940d67d2f3f4152a064b2fb02c41c46777fa1f2276ed879c5680ae

SHA512
65cdce5afbcaeac860028ef51244c7aa24d1dfce28ab0edc061b3117ba8f7005641c28185ec0090da35411820ff16397958ae9c6fce0761f7a8f02f04519ca9e

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
40KB

MD5
4094f225e32ff627e8e669b616ffe605

SHA1
28dc50a5dad750c4ae18220f898f5774b3f4bd93

SHA256
73c9ce56ca7a704e94c70c531ccc471a4da7a560fa7260fbc52f086dc4637e1b

SHA512
3b476c7e90842768d397fc69a1f91fe0cd6bc1f3b69499905e913182f80352033224a93ef382718d0d27d76c04713db051f56ca3f321be9a4fe6ed0a374e2d85

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
42KB

MD5
4ba155027763cc66facf7f64bb1f738a

SHA1
5ee1828084ae1888c1c308e13c3827855c6a1008

SHA256
eabfc958c51c873897e054038ec1db3a4249ae063103d4786420bba1e1abd546

SHA512
54d370af930e5f9e7753dee4019ff1955001c15d3239392bf11a6be7d89fee13e200da72451e401ae86b3d2e908fd826d7ef100fe0754eac110217ae79b0181d

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
46KB

MD5
5a7ebb0b71eb526b2acc0bc86485387f

SHA1
dc9be648b176070316851d04aa986e7c275de1e3

SHA256
28f25f9ec4a2043d0a4ff8aaa3dba0bd2a6fcb7332fd6361bf3c5991a87240e8

SHA512
6e327c3a87f06a89962cb78fcb9e0ea71d90e62cc6e3b0bce38db8a5755a8ca619b55a8a243c30c61328f4efd27a988c957dba7b31f4aef558545dc16980ce0d

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
45KB

MD5
dc028f2ddff324bf4c827c9a15ce8c3c

SHA1
2a814392dee4593ee57a0b0337ef975d32fb742c

SHA256
7eb8267f09cfbc5787e8e1f2b78d5b6188565f82e51ac84412786873901b4a6d

SHA512
c3dde0f216a48f8e7d0400f31c4f0a2c990ef96bf48eb7b0417d4524091fff05359fe3fe84122671fe03c4ec725e55ee4449ea22801911c583068dbb6a9e470b

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
45KB

MD5
0148a2004d538648d72204dfb5d9fcc1

SHA1
2fb07ab4ae80b488ca749acfa442476b3350afa7

SHA256
39e933005f38a80164048a70f9d2bcc2d4a10e46119391f2ee36a7a11cf51686

SHA512
330b2e1d06e9fdcad515d982dd36b79df81384bd8f07943899e4ee6993845869f581e7131bbcdc3ee687f838ca45ad88ce536b758815dbf7734bf55cfe0c9668

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
53KB

MD5
5d3b60576c4c822d41793434105d572c

SHA1
d8d9c005de260cbefd4f790a92a12adadf19067b

SHA256
0fa4dadf37b9209d172c1ae4699b65c351858ef91ac54e46786d10eb16c6e7f5

SHA512
2e033bd518cb8503cd10a5498358c4879c56304614f4b52ba53c69333ff070e06ce99bfcad8a3d726c21f1df5147756d1ed8cf76055d529335009ab7fe9935b0

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
53KB

MD5
f9d222f65a07ff0415ff989b03e88ad4

SHA1
d5796d86980275684be5d4a9fefcc3597e98fb1c

SHA256
beabb2e460b8316caedfe9bdcf905007dbac44571416efa577eec54065296427

SHA512
90ed893c69c402a20590dc69b53a3106bd82bbec0971c9aa2db3c3d83da2ab549e51ccce4258bc423a42cf2e06ffb3546c16d0271caff2637defcf6a52a8244e

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
44KB

MD5
a2e2a5fc51c41c5b527a44aa35301b90

SHA1
16c9d59aef7987487e65a2b18d69282cb902999d

SHA256
fa6b19490303dbb0f72dc8b284f1bde95cc9eba874f1152c90666f8591bb99d4

SHA512
18f92b156f7fe62b41cfd2ba4ea2a9ea6ff95fbe7ee0914d0219e1e4e4f03d2197cf49aa410edb2786dc758d119f7e6a479e1c408996df99a742f81f7adc039b

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
45KB

MD5
5bf77042a9181b9c93f60e072c98c591

SHA1
7c7315e4db44ed4f756d34bdf92342fa3a9a671c

SHA256
4867cb7496b02ba095f1c018de4b67ee1481282910928d83aefc9b4c15be0df2

SHA512
045c05fe1d10aefef85075270543079e55a1c90a7fd298289ba308e6e8ffcea957be6e018e025cb9f4e6db4f2961da3791f54380356597e6b5ca00ae79c528c7

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
54KB

MD5
1f7995ae1e64896e811dc741c0601b5d

SHA1
4597776155ffef0b39e73f559b0856f5ce3aa6ac

SHA256
d77a93441feb02eb029e330288e2442ab7d400fa1ebf839035ae798a3ca55022

SHA512
07cde69263a666522fd7b52533e9096ae0bf062c1549fd120721b9bc27603906356cfe6fdadf052a5f2ccb347f5535a9ff5d6371e4957088ac4744ae6787cc1d

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
44KB

MD5
9dcdecde2335968cc0e1a5a84bf37c7a

SHA1
983d90633e5c8fb49a6143e61350126e69fd495e

SHA256
118a364c7bc9bc08ad9dfc607f87b1be7dd9defd2bae9090626a7df93146dc23

SHA512
f93d4cb1923b00517545f665b5420814da334a504f33ab8f292fc05688eb96febd8f7f3aecbc4b803c6e195fb5ab54d03d13095716899d9ed28011d9dfb82ef9

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
44KB

MD5
4966e6d6b2896b3592f365127161442d

SHA1
c21816cb237a8fdfbed65425fd5e43431cf69e22

SHA256
8ed2b99cf7e2d119825501d00c95365880d7825fb42ff17b8e3849c20bbd9ee2

SHA512
3fb7ca2c6d2bc62b627e077bebf878241eda43c236aba4a9dc99b5fdbc1180eab993442007a0373bacda3f0b7febea51c62b8f791505a3c8374c8a3c0a0d55ed

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
48KB

MD5
9c9eaa1a32733134c7abd010e8230ae3

SHA1
77afb9b220e5133eef9d450ed5e211e841fcfa02

SHA256
6dc8d9817586d85dc999044ce31e8660fd6f9602d67ec249d2dcdab809cdaae5

SHA512
ff3bc02c01d10fb550b0494c189342fc5d67079027c00978b2da4229e567752074d37466111b0ce7de6bb6a13d20e1dfbfbe760dde1cec242ec91015c184b69b

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
33KB

MD5
f59ab96841df545c2e85314530c8cdd6

SHA1
39606ee300180296d1bd11d29b98e664aa60e213

SHA256
ef72b13f99cf8291974b855ead5b61ee40cd6e6517e751ba63db3bda1c685434

SHA512
5d1a5a1666f6202fe3eb3fd0f51098a94a0e271c9d94968fd7fb7fd0cd0c612dea67a742785ebefa14cef8e62bc1b5da555d9b837f3be22ad014cca4eb808862

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
48KB

MD5
08307da92fef4f03933dadd80e958e60

SHA1
d82dc7427446123e51b0cc3c6b3a66dcf55e72b6

SHA256
fcade5d02bc8cfef95700c2a439a5af227a10d835c6559566be9b45efae38f89

SHA512
1fa5e27c6741ca4a7eb29ab7d54fb3e3772c9e08ec971dde4ca96745d30c5e7c1d956f2364d25a6dc771a050b22c2dd204f8231d3d0104799cc49e32bb46f830

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
43KB

MD5
c6c1a11baed735d8e624eaf88d620bfd

SHA1
08a358d6aa8e1759ee61e8f71967ad502865e756

SHA256
e2fdcdee4e008bc940d3f5811d3a2f774c048dc47598c293e162a57b1c96c05e

SHA512
6c23224d9d5ed18c869d31bfed61595e71813eb8110ebee3677faede65835353c6a0acaeecee0c924ef592f74fd632d768967c020950b7453a80645e9edc359e

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
45KB

MD5
3f7857c1de487ca58558f68c0750d674

SHA1
b05a377530fccaed67425e8c1dbc08cd8f969ab4

SHA256
1dfe04232eb25e77b20d952c4e3a57e4609e0f825195a9adb8259e1ef845ad84

SHA512
c3b06ef8dd430bd3ae881b1313ac2081bda66f5b3f235fe86ff96634f3f4c16da66b148cf4694bc15789a3e5a12231ef96b90b87e885e79796da3b2a33d02fab

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
33KB

MD5
274b2b01ac34648e278497b4dc4f3f8e

SHA1
ce78e345f1e357f009ec0bbf711890fe78b181c1

SHA256
7ebec2dd731f9f048c2d0e735c4e49bd252e336510b41d03d0d3f52622fab918

SHA512
638b80e1cbea016a04de2dfcdd0c0674a7e5c2f24f1c25559853797247f8f4137c8d616fcfc1ef91bee61e40b3507d383a9704a4d45d55771747a020eebce022

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
55KB

MD5
017acf988a6481fb4ae76a4398ff951e

SHA1
d8188ababf0f8966d3df8ec5a65fb416155eae27

SHA256
5d4c3ca0fef9c60236d0c012451410e002b037512b8f3f5f2a400f745a6bc8b5

SHA512
1deaec6e355569c03aaea482c54b1971e56e2534b6a4c9600e2289f27c6d386919e59e39677cb69018662a20ee48524d7dc8c1da7b55aea5d450f23b10244a73

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
57KB

MD5
8d74cfa48eef90861724b8cbf6f5cf33

SHA1
2480772c8626f6af87381a183cc7ba831c626b64

SHA256
6e6aca28e570c10a676743d59721bab22c7ee9f913f9e4f0f7940156d20254cc

SHA512
747425ee9853a97a09112969672d79ba7da94dc579be2255d633dbd510e40430690a39b72c1e61bee6056875950bba5f605c12460624a7cbc5982a2d5b0ce49c

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
46KB

MD5
1d270a04c63b817a4e8fe66df14f4a35

SHA1
593d1c49077d98f648fb1ccc4132db8a6225f50a

SHA256
a52674f4f4bb15511601bfa24cb413aa5c75915f0ea413ed6daadecb85681eaf

SHA512
ec0f8074e7b5033d5b0e57c150b01dd88949f7b541efeae421df6f54cd6acb7f125c0f5be9e3de9b07944f8506b20e57a2a3b28365d88cfb4d084c495ea7c821

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
41KB

MD5
ac4b5beecb1dfb50511706038a861561

SHA1
c6f8e13792eca2ffd66c5bd8c029b8994d550d7c

SHA256
589b6fc8309474d08a846c366fe39943bb88166f636f5714d2ea95c500b3c358

SHA512
7548de4b59ba3af45f829baf659952fc73295241f8cda1a6b4d1add2d371cb65dba897584ff22413e4590f74b2853623acaabc4d800052bb746c10e75040feba

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
42KB

MD5
131dc83dfbfc7c092a06d8761d25e836

SHA1
1d0dc86170b55bc6864a7cb1f31d26ffb3985d37

SHA256
89509c0e9f73e306624f2faca7a9d03347fad8d580d450e9d6c3f0f5012e354e

SHA512
e66790ae5cb7353e8bc414f8ca7fd34185ae62c2d6d34552699760c3f679d33960c849bfaeb4d58cbc8c18ca17c7e6354b67e2fd9ed9f3f3e6d11dd7acc2c1ab

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
46KB

MD5
9758d12aebe48e74e50e8122eed59f9c

SHA1
537e38a3cf15514a8444bfa11b626dbe13512027

SHA256
5cc1f7cc10c102ec76836fcf40ae412b1c74304e0082708f7bc4a445b9c8e806

SHA512
e75b11e9d53fcea57e671b36e8abf7d45587c17a9d3db1018fae3cd3b7f5852137baa684e8e026a07f93b880548d789bc6677e6fac196fa8efd02db2c673695d

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt.tmp

Filesize
45KB

MD5
9cb85eee3f424dadb127b49f8e6be14c

SHA1
646b4b017ea848809191987383479f5b8f2f0c28

SHA256
f58d0caf2bd2fe98019e8ff57c132800b7417ae3ce0d828373aa19c243cf208b

SHA512
ec722fff20ee0f49f589bee413ffc0d98c7c959d55a5821876d6a35b35bc6d3951c9a4b8058c2990e2e7b955efc3ceca9b14bdc9f63a040c1df8ce0350a7f44b

Download Submit
C:\Program Files\7-Zip\Lang\ro.txt.tmp

Filesize
43KB

MD5
cf2fdd3eba2d59c898ddde5b33617167

SHA1
7c8f476c7f3901a4949cdf8d34bd555b167c46a8

SHA256
1d19da9e3cc5f4e2af58898820b1a18af14c92fee7507514654e2a694ffe8571

SHA512
92c7d026b8b0db53474c08a1c773afbf0e475fc5749b89be11f611b56c4bcd052a1c3152f1bdf4a92797e042ebc401fa9578e28b4c35077bc0ed3004fed153a3

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
36KB

MD5
cefdfe9361ca9b35540f7aca323808bc

SHA1
2223abb4b9903145dc8b4a438835e07a04910a10

SHA256
6a6a7f8eab6058dae726afc2441dad7e665661e20b1f3d477ed3f3a4961e8108

SHA512
876d206261dee2905a5fd03002689b94b69bd82d90902683fc84b131d4f4f6a691ad3a9d9b0ceb61815f1f3dae6510a476fb9b582e8a6044bc8e68f107fa2560

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp

Filesize
41KB

MD5
8cd32111743cc3a25014493bc48d8325

SHA1
34591639b8b0500a53345d7f398b6f88bf00b480

SHA256
d74ca1e2acef4d672c67271f8565dc6d77278c3d0df151d75f65e9edc0ca677a

SHA512
361b9b5f3e238e3ed9ba9ff9067d7eeb7afbaadd4e531197db0d94cef164c7a5bff341bb15668d98e90d30e07eae61e5e58b63e89cf33ac51cdea0ac5b334627

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

Filesize
36KB

MD5
f80b4c7f580bbde32118e9b2051b7db4

SHA1
3d8ebd66ba0f9e16cea017104936e7d860ac7375

SHA256
0fc0b5f108cfe44376281e12b10654f2db3111bf9b6456d461a5c258f7070ca4

SHA512
843c115adc5670b9347e5f7c6690d4b0be0019ed8c024855424586a2305f1632292c01e061e11897fcff70f42cbb60bef14611a60127d267980bf8d46bf6fa74

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
33KB

MD5
fe8c5e709d63d370c925a6259afe9cd7

SHA1
b46badac8df7180d9b4102def4a436ccf0472836

SHA256
0a62ee216534c0ef04361c427db38cee621af15a1f31d9884c870cd796c1a4b4

SHA512
c68ec073385ae47a95b013c8e828a8d239c6dae5e1dc609e9d5be69ee1596553d9b7bc7be57473a1baef43259ed2e6205e8829c40192bbe1de4bd23a224bede9

Download Submit
memory/3252-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3252-914-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download