bf140f636dedabdee1a4bac2e85b529bcbb44e7c57de7bd10261a949629f74a0

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13-09-2024 01:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf140f636dedabdee1a4bac2e85b529bcbb44e7c57de7bd10261a949629f74a0.exe
Size

86KB
MD5

3e4e27c765cff58a375c2d89f6ba51dc
SHA1

34693ec211327080a177689c747c090aad6dcbfa
SHA256

bf140f636dedabdee1a4bac2e85b529bcbb44e7c57de7bd10261a949629f74a0
SHA512

bda1941c5c8a147b7b51665be2271b02b68e6e74af22a9f2bce1eace3d0197f18c47750990c62237fdb663d39c2fbce95d6e9c7aec5a260c19f93488e5b712e1
SSDEEP

1536:W7ZhA7pApM21LOA1LOl6vSccyk27ZhA7pApM21LOA1LOl6vSccykwy:6e7WpMgLOiLO2SccGe7WpMgLOiLO2ScO

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (5172) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
2968	_desktop.ini.exe
4288	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	bf140f636dedabdee1a4bac2e85b529bcbb44e7c57de7bd10261a949629f74a0.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	bf140f636dedabdee1a4bac2e85b529bcbb44e7c57de7bd10261a949629f74a0.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Permissions.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngcc.md.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\bin\fontmanager.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TellMeExcel.nrr.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.FileSystem.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\lib\javafx-mx.jar.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\jsse.jar.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Violet.xml.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationUI.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationTypes.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\LyncVDI_Eula.txt.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-pl.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationUI.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\ReachFramework.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLEX.DAT.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Wordconv.exe.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsBase.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ExcelCombinedFloatieModel.bin.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Overlapped.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\GFX.DLL.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\eula.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\zlib.md.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsBase.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Xaml.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-pl.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\openssl64.dlla.manifest.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewCommentRTL.White.png.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cryptix.md.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\JavaAccessBridge-64.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationCore.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\java.security.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART11.BDR.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-BA\msipc.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bf140f636dedabdee1a4bac2e85b529bcbb44e7c57de7bd10261a949629f74a0.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_desktop.ini.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1072 wrote to memory of 2968	1072	bf140f636dedabdee1a4bac2e85b529bcbb44e7c57de7bd10261a949629f74a0.exe	84
PID 1072 wrote to memory of 2968	1072	bf140f636dedabdee1a4bac2e85b529bcbb44e7c57de7bd10261a949629f74a0.exe	84
PID 1072 wrote to memory of 2968	1072	bf140f636dedabdee1a4bac2e85b529bcbb44e7c57de7bd10261a949629f74a0.exe	84
PID 1072 wrote to memory of 4288	1072	bf140f636dedabdee1a4bac2e85b529bcbb44e7c57de7bd10261a949629f74a0.exe	83
PID 1072 wrote to memory of 4288	1072	bf140f636dedabdee1a4bac2e85b529bcbb44e7c57de7bd10261a949629f74a0.exe	83
PID 1072 wrote to memory of 4288	1072	bf140f636dedabdee1a4bac2e85b529bcbb44e7c57de7bd10261a949629f74a0.exe	83

C:\Users\Admin\AppData\Local\Temp\bf140f636dedabdee1a4bac2e85b529bcbb44e7c57de7bd10261a949629f74a0.exe
"C:\Users\Admin\AppData\Local\Temp\bf140f636dedabdee1a4bac2e85b529bcbb44e7c57de7bd10261a949629f74a0.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1072
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4288
- C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
  "_desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-656926755-4116854191-210765258-1000\desktop.ini.exe.tmp

Filesize
86KB

MD5
886a461de910e07a620ee059825d9b3d

SHA1
631573327c41c997b5d2f5140143516a39c4f920

SHA256
0be101329a0a118d9aa8194d733cd354605b8e05225c9ac2d01796dd7a2a8501

SHA512
a01ff9386f069a88169067a278e0aa053755e08746f056c23d7bd99d6ce79b340826f6780d785c28fe455893addcb82b313d7520a51624254d36a0e489fec0a7

Download Submit
C:\$Recycle.Bin\S-1-5-21-656926755-4116854191-210765258-1000\desktop.ini.tmp

Filesize
43KB

MD5
cd457dd6852f22453248e3a811586b0c

SHA1
ce9790116c5bb9c7a5558427229b596e093706c8

SHA256
057ae42f59ce8a0708553687b2e35cbf5f06186f95ed4350e3a4e76cefd5af6b

SHA512
94344878dac7f088c10bad2ce43b1e0a7b7e15f55a2b47bab7fde9db14de754826577f06899dbebd7e30c34b70f13b5187fb89de1485dc5203b45518b4c87953

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
155KB

MD5
c1bd25ea41fbf73ad4741304bb6474d2

SHA1
f93338e065633c24e5d6c4187539e30bd8fabd0f

SHA256
5bc6f2a059a7057256dbb322ea3ff3389c5a0b5dbb5294464724e32ba9134fe8

SHA512
cfc6c58632452de69dce8faf63815a3033b93886291ecf378ef75c471e774949e060e0164749931b6676547e8da212368b9f88e3dbbd3ffa234fbdaf882ea8d3

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
142KB

MD5
a3d6b29f45c6f08bce77211cb3becec7

SHA1
2f5ef4aa99ee1fcf41df012ac6a6e20e97de8b4b

SHA256
60280232e7ed472da2507f8db28471efec425fefa1e522d5a26d4870828e068d

SHA512
ac110af5d4b300a84c4283235392b12d8f5ca964fe501d3944e72f021f933b71d539d159882bb35574900899aa5ac4311cdd20827a131ce81e21864e31310987

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
108KB

MD5
24e7bcc85992204335e2af4b798a7daa

SHA1
1a148c254d85f258b70a13f6cc66e716cb9fdfa1

SHA256
f433ae9a0ce45ba9fcfe53d893f41c15705c49adcbd504a9a6c972f7cbc71d8a

SHA512
c82ea1443bf76c6d3bff4a978d31a4015d9036b1fae68d02ced14c0ccc659445829c415d425c688fdb9fe7979b0b27ddf87a9ada4a84331bb4458883827d7f84

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.4MB

MD5
8b111e1dac57b9aaadf278ab3d77b72a

SHA1
5ed0c370bde368ba7d47707df5be540e64583d6f

SHA256
e79d0937b92d919a8bf1a17e5b156d250206bc98083776bb21247ee7a1424ab1

SHA512
3766e0f9f17de49f4a4a1a04541515ea18346cc0d3833b56f140f9d4d2fce4efd768378427e73f232b36b29e056ec4cc3edfe4de77cf285f6a2784eadb9d8df3

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
587KB

MD5
87d8ec061937fbc55b5158028b793720

SHA1
0f3f73bcb97366d0aabdceddc5a4b0edfd67a9b5

SHA256
7e4985bd9d4cd52d07a9f7d3d97f8e42bce0a3243536982267071b515e82986a

SHA512
2a4a2ed8b03817b20331cac82f1c27b2ece56998c8a07ed4efc3e54ae27cfa37a56b09f9414650c36180cdd632a2e152e9eaa932602a3cd213d0bf9bcaa384f3

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
252KB

MD5
100a414dc4fdbe0e6fababfdfe96b11c

SHA1
160e6a7dac6fbc0999722594b75629b1ff5aa9ee

SHA256
b18bcf207c6fb81c1de2c451c3acf9ba1a3ce7d6edec3b8ac16aac8b79193e78

SHA512
7f9e16515301df3baa7025d7e5b05136fb24a90b1da1900ca4f35f87b9a8263ea24edaac124b8b50284f22028649881bf70e92a475a23fdfb2d94d236b6b9f4c

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
48KB

MD5
9b44bb0ffbf3da4b7bd1126235287909

SHA1
6af2d2b522944bf4ba027fd41ec8dec14fea546e

SHA256
11cb0538616b2b24a09b70996a84057d0c33b4d151d2de09543750fcb0789b85

SHA512
e5cc36994759dfa0378bc758324d66150aeeed0f7ef2dde829a8f22b2daf9edf44a1f3c7140824d1a44e1ed7c00db18149b6726e9892962d1a200802b42bda33

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
973KB

MD5
55881a8a8b2842d6ae01b8e45204ac5e

SHA1
aa242277a004eb4e37a38bbce2952e76ce3593c1

SHA256
02e160ee6e1f5bad73b3a5a7ef6b1f49d55bf264c5f14c727ee5ae23771f037c

SHA512
8a37afec98e7269f3f9dd47aa7b51fb0cbfe8cf8a884ec2ef8f2b791449621699fb539f5fea9d50538162cdb3fea3365b5a1cf5579ee56be3f1d1730a385bf83

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
528KB

MD5
47e7316248e3a0b55e60a3b5b68cfab6

SHA1
2b02ebab0ec83dbbf6156c4c6d3aa925341ec6b1

SHA256
b6c8e5eb2afc626e2189aaa7b18e589cb0be2c8e5de721b085501ac4c3f4bec3

SHA512
45b78fe916c0b45da1636120ff9b00214e97f8c7af87e8e542d89f9fc72ac6fc8233f79f2df85d406c62f6a479b362ea49485252b63151694bfb0dada094791a

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
99KB

MD5
9895abbe35a6d4b94c156cd9bdb95e1d

SHA1
c4f3b1d8b5e0284b000bcae37f994c101987d1ef

SHA256
93c4559beb428df70414a2c53721780981cbfc77cfce0719ed162911bf8f520d

SHA512
d076a118087bd71729a89276e2cd599ba726eaff9e2b1f717560ed533fe602df6596e79e89a9cba5efc1eadb3b9acc11da6484b9f48b43392a1d5c3bffd6fa53

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
53KB

MD5
401fc48e65fed3123091d72fa637c7d3

SHA1
48360a0a45324bc2345c18e504a18f7529408f30

SHA256
1dc55cb9311742f87a64b959634c50940e583e11bd6fe97beafa9e906a527e39

SHA512
70947b98872bbf5d65021fb2ce44c366a46a0a7e9a8868d25b6164fdd8310cc003c405925ccd73f102c700e677a65ebb9f340b26d51207b1edeac89f35d32d06

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
50KB

MD5
131b9e04c7747d6dc5861e9e8cc96d2e

SHA1
8107e0587c06ae35e0866e64241be9b76c2aea22

SHA256
caf54f8e36d0aee71f95462232020d86be8807347759129076904081525df300

SHA512
66eb3886cc7252f950aa351d6bd70a59a8a4cd7fae87972b3c813d334d2e453e09b2c536cfdf604f13a534c784796de49236ee1d82962423dc77f8ae3641e5b0

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
55KB

MD5
773efb9ed8c0de769321c3b1993c6caa

SHA1
196e226e9e7ae7f6dbe3535628cc18f078670d83

SHA256
c426ce08278365d91c5f273464325193017bbd1b067f0c28f6c85c1f323ba3f5

SHA512
89d3ac9632055f395039fd923f0c70dbaaa4d17b89856d89a7f5a661b2cabab7bb37b77b14b97f9e6095214b56091157cd3efcf4286ee32b03beed3a29d4b1fa

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
53KB

MD5
74ec6491a41d8b5c8ea950543368ab13

SHA1
fce69f441fc412433b5207f5becd425d51ca98c8

SHA256
447ff817f2660da700b7e8e66213ff72812830e4925a9665bea0214452ab9ad5

SHA512
3804aa26cf66157c723b7e58f14f6c208bbe650b709ff404e0cd6144523bdd83e11d3fb394abf1a1a2852891d5463b7876f6afa9bf15e89e19d33d39feae1fdc

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
54KB

MD5
57c85a12ccb011d15de037f9ba1743e2

SHA1
22a035cdc54a69c209de331d49e56d1d65d5d93d

SHA256
131386b1857c2dcdfbedc278b10f258455d3b309c7d0abb9fce158c19640c312

SHA512
418c6a0a8a9b4e9c08f6efceece19b0d3d8bf85ecc5d9c0f0f074145c2c523526abab0630919e53e4d449a0f7ab669c6902c41ed4aa5e9c2244b27ca97a30fef

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
57KB

MD5
8ffc671ad68d30d2ee7d08a4faebe6e2

SHA1
ded51ebf81968e5eebe9daf071081d292c6a7142

SHA256
85b3a48e5635ec6472ba203b7cce9ada0ce5694e9cf02f3fca31283ae8d3d79c

SHA512
4fd102e316c8120dd5c7ec122c85cb9239b3d670457b029d15c44d3a473bc88010d5a771bb6bb77fae846d16ec6180e11949a8e118e9a9728acbae9bd31cc422

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
48KB

MD5
6a52883cd83406e959436321dd800436

SHA1
4032cd7679ecec71e46f1998531c0f717be6d7e4

SHA256
599346ddf0a43080ebf684e8bbf1991db743e3eb3ba1943009a5e2bc6597e309

SHA512
d7c596680574e48d0df12972a5fb69ffe1d2bde82608636b7ad2b946c02b8e540730eb663e05511c56fd1d237f4a1708f62b25eceb486da38d9f568ffa65e1ef

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
51KB

MD5
040997f8e2dd797bd160b5d6d0c07904

SHA1
e024b2923e8f310180e85bc864509ad54f69bb5b

SHA256
9364d64fbe8e7e1367df5532960e932d365553610ea9a951b4175cb429081f31

SHA512
8db84a9a10e684cb8d66150eb2760987e1d02b55af44054aa42edcc4b41bfbd6c7f3acac5708b275c192ace0702e731971d4a03644ce3ff70063a655e256ba89

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
51KB

MD5
11c678e9c58abd7e5517b67d02d7d069

SHA1
8a22b2a4c61d272fb200ee4f3e6374c60631a7b5

SHA256
61b867497e3a39ec1631f9b1fac21bff412c00161539124c942510f009635c83

SHA512
2dd0976f7435c91d11a77fa27e1386b24fdd09d8363a5f3ed512ead14b3696b518ee3fe7463d2783864a30ee189002fbe9dd67bb4214dbe927b93faa3380da97

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
51KB

MD5
68e09511027cb04e37c80deb9f82acd0

SHA1
e0aaa9f0ff76d47c9fe38a29a73052accc56a883

SHA256
0f702d3c7ef67d2a54c73a13e2fec03aef7edd0e4f37e8dc7649a1c0529d2540

SHA512
d930a5517a10831967253589e415a90952ab084ba3942285e50ef7634caaed5e4452a4c86e2a8d5e2a761eaca15d41e7b0b97528c76368c0d44c85f59551dbf8

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
50KB

MD5
3deaf933171a3440134631e587f5d0f2

SHA1
d1de32937f6a5add09ae0e381fe7c8f55f6a6447

SHA256
d1c9d3c9fa8a628382069bebcd93132ae2d1ff4f52b2768b8b029fe57892dd92

SHA512
d4c7208dcfc0ea5c318a6c3d12889b31c65e628cd9c06fcd6351f6710ea2e741681ad19d1a95e697793f3c9c24dea5d86bf4d76be83f4e69bcacb1b1442c124b

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
53KB

MD5
b801be547ff70ecb5b66085305bff9f3

SHA1
ba79b70218f11449739b552af0a080667d31b912

SHA256
9b7ad1ad0f5eb1593d1424b9c1f8f0a9f6c84977b3f8036ce233a82d68e0872f

SHA512
bdd7ae13277d6e0c7602fa80cc7b2f7dc301077f13e97695bc0eba182c16f064de6114deca7a0a72f4a024f034a1682e82d0a8b1733ebdcc42e565562f5356fb

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
50KB

MD5
9320fa3a41c86154cbe90dd516b5bdfc

SHA1
9715c968e77a6964f5daa0a93809836cc187b620

SHA256
7d813f2d2477e7466e35ef6d38e50bc2387aaeee0ace0605d818d5abb4a330a3

SHA512
2e290868f63b5c9e2f6e7423a6ac4dc30312cb62c60fdf7b5e5bcc981941095f563a0035bb7dc83ae7dc3cecca2ded22645fe16ba1f0941eb95af6fc70d37d0b

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
42KB

MD5
b8f331712c2b4d0113de294a05c46d99

SHA1
fdcecc42121d9a34ff585b5900abffdf6f544090

SHA256
c02cc1f7ae56d79389c374f8c1b67e4fb01cf2f8d6b7ac5861b953a3daa07229

SHA512
b614bb820753a3bec67949726507ba667ee4c1c2370a63ebcb08ca5b3f036d1ec7543a7213139c6caae5995ca703830c8ac2615ee4236f3aab3f096918db772d

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
52KB

MD5
7d75ef1ccdf5bdb1b987b01a03e609e8

SHA1
8442cac907c0027498344dd09551748e2e7f0eff

SHA256
6d6555c202af1808a7fab2466199d537518d9cfa879ae921e135e31ee54874b0

SHA512
42607f6300512a6292267034733534e09a8b2bce0ab20475a82d81b275bed390cb5dc6c5e9627af1c4ce0c401f8a677cfe890f82791e8a597f83458a7320ee9b

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
50KB

MD5
5ed6be8f9ccf423f9882882ac71ac4f5

SHA1
324d0c31fdfdd3e7412316097086c1341eba1dbb

SHA256
4ccccb422bc0060c4098a1de6d3e8c0836fca88c42e57bea47a6363bebd1eb88

SHA512
ff5958a4f7c2eb0b633b9b29899def18856989128924ad37b5beec7f1ec0be1b9d3bd90bf6db9eabe19a1ac7597d03efc801bcad116a4e38104ca6b4455b08be

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
43KB

MD5
6d0fa23ca6c00e131f5dafac1248cafd

SHA1
3ed6e6a1ce4a2818c1789eec287ea5576f117dec

SHA256
5cb7c2e3e920f7c6e77205e77ef77a5d5c1e1d97d17cec829add9c6fd29d2ea3

SHA512
74881567ca88dfd76bd92cc4a986f1362606cc2457ea9436e3138f873eb86d6fafc75d19b56d3d2db4792a3e44321d45fa54bfa56589797e746e8525e8be6793

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
52KB

MD5
4f0d7c25b0d2955c509a5315551f6678

SHA1
46606703d4cdf30399b85017b63716ee5b87c2c2

SHA256
e3ede54e872cbd042630edb399ab83dee133bd5c5d4a852e23b9936d23bc4934

SHA512
301145247c922c4ff47387eee453b1933840b6385e62e56d5a677de160ec14ab6ca7de63e09caeb84e82871fc95a8b150f90efedd60f8a9a4ce31d0663918420

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
60KB

MD5
6c9e18d9af0dd8998e2fae6c81a8d9db

SHA1
12ca970b993c827b704ac4064c47c63576256096

SHA256
f9d3298ed4e1fc8904b1a4aae3b7adb83859d5effc4928475b1f8752850aec5b

SHA512
35333859c842a58550dd5b62e26ef8551cf9e345d43e8df4352f5ed7256e68a74580f0bacefd6a1bd88d8d48f66b949c291795298ae759663b1f9b2be510d688

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
51KB

MD5
833702d870e5c23973dd3fb5a317d3fb

SHA1
314e1b792df88a05322441a2e0c2fe4a2365581b

SHA256
9842a2249386e924c1b301c934460646f876fdd32a4ebf938d07b05e4805ff51

SHA512
d8fd446b9aaf7dbd303b44d2350be9daa8b97daf6586a60d630b010a4c561ef7cb31b84626d6585d0b3dbabd9876e6c5b622196b6f8643c1bda3e251a53a7d5c

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
53KB

MD5
38821fcf0ee23db8e44638dd68ad3386

SHA1
128da5ff63205a712d8d4f40be296c2c9a017ff5

SHA256
1107842cdb6988cb3c81d1073720188b4583b1fde2ba17e60b9d2cb36df4f61f

SHA512
80d76b4646316728db19decc5db5ffd7df101827a9169d936860a86d3691ea2012e7c093a17329652d068c8c16b929e16022f009bd3f93f34ae40dbfb5911abc

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
52KB

MD5
1c4bc495b92815535200e4b04ae999a6

SHA1
13a5779f1cc480d366054d67b13be4169c5d926c

SHA256
175a1d95ed7047c71e6977507accf7bdca661d4e27cc19e7c3da93f29f90c6a4

SHA512
2d082f0b9c81c8c2a4d5711dcc8a82787f293f6e5c76ddb910cd0fa3ba046613596a63cc158e8008f4777c9fd3023546640f870edff7900cd69dc9642ca9e0ce

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
51KB

MD5
f84e9d21b8b0f28da4472b14f12bff96

SHA1
781ef1fbac9412632ba06b27ae24f9273083c527

SHA256
c76144d1d0eb8b14c7121fa74d30a32755e339ade7998130ebff707dd8337749

SHA512
2fdc34bcaee85c35f9d63cbf65fd221ea7c96de7274e31e336f968ba7468d9bea622cedc4644ece5fe96e99fde9af6fd91a6ff7a68befe496a58b49fcb664284

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
52KB

MD5
d42ef0afc4d5c57db13a666538ac82ef

SHA1
afaecf91708884fa3b3fbe3634d203bc04c5fc02

SHA256
57ac4cd8b0673e1d02b8e57dc27fc27a323e6b404b315603ef8f3d9d358272cb

SHA512
5f9486b05870371a64411d716bc920dc83c4ed1574cf2ccc37a2b489258cf4177e849cb1a85209b6d649f509d201e2025b330579db36b64a9c9b140cef528e19

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
55KB

MD5
9599dc773e88ebf855a9b28ccc132671

SHA1
de7efca1d1f1ebafb852e87f5f10db9b607ac70f

SHA256
ecc6945e6e9bfddb9f3402af596f84f923777c9ddb7c8f302741d0d563666d73

SHA512
c021e9e8fb368c400d88d903b4f4386bf497cf7baea3286673af8c7c1e932afbdb0081bd48a84623d4c91751be32373368b0bbb16b272940503d77f3cae669cb

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
60KB

MD5
39d1e526f7f18ee8b2d70954f4c81375

SHA1
2bbf7b4ce8e69ed7f9ad210fa215ab01717d94d2

SHA256
f6fb6f9fbc8bdb55f1338c5a86843a78ceb574b1f4c6238cd1c01f24e0724352

SHA512
e1634b66a7459a336ed01d2cfeec1ede2fa7a89765c2bd4ab4ff3226cf9e8c3165e570bc8a77c9afc4dfd4e79680bbc6e8af48340132c6284b1016fe39b8a207

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
51KB

MD5
89e3f0236ef0473cc4ad38898c171d43

SHA1
9f926ecec826d27505b9226ec5df687844f6b7f5

SHA256
5a48b884dd1b97ebb90b1094611978547e86997ad4339d05b806753a076ad9fa

SHA512
9cc4a51c01b71e11f3b842dc3b4ce1918659c790df854934d6a5712d461c2420088080dbd26249c8b9b8a9ee886f152cd756dc39bec720f310eed4233eb67537

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
53KB

MD5
04d24da99cdc57a21da1b8e2a48a8a1b

SHA1
058fa019e96a6cf1c093edd82f3af6ac87654692

SHA256
33ccc3cff7b6c76ba59301c3cf4915020f24c68ecf4c7b287831520c8bb86c68

SHA512
83d21a8293fdd0e6ecc1b74add35305594f31a283ff562b421a4fa5bbcf0bb387c2b043e44916d29bae2058173730832d0f65bba420ee74484bcd8f1520aafa6

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
53KB

MD5
498bdcbc7c6649c04a205dbc51e11e7c

SHA1
9f340164ec68d860ee744441b50bb44816ea0a24

SHA256
f2bb4d250f16c80f5fc95a5c0b4d165a519ff567f229eb43a14e83a8d2a282a6

SHA512
abac730bfc94fd99bd9dd051433511905d8db9d9ed4fc37a318bf54ddc942110bfa7408b77cb2d1637573619c3cd3ffe141aa212dce85849667282aa88d9f568

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
55KB

MD5
8a6ecfbcde1eb0fdab8d682b8fb9c36e

SHA1
babb7d20be772fc24fc70aa74d109cc5137ad3cd

SHA256
ae5864c41b76389ccef14f7ca85c565f141ae12cc2789bc410b5f67e059c8d04

SHA512
257c356071c31e3a88b6fe84fe67eddd541ff95a7be73de7fe0a0cf60592661b2b50fdc21c22a966297dafad1c969fd09fba1ccd08d1ddb54f1ce79c176948ba

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
42KB

MD5
48a98439d2794244b4516cae1e9ad9e9

SHA1
79e2fd495d037e924676d3335c8da89feb4a9d98

SHA256
e192c30d506565c9b9d9bd5e6bc51a6d83ff2f6327dfdb1903a5104da1d9b58e

SHA512
a586ff6a57575f9480c3725dd3414930ea46dd2ba881da1e5ed52790a8b3ccf1b33c3b1d2c9537f80ea578029951a1c295231c13827b91c57436cad4429d3947

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
55KB

MD5
b6246dca966ecded40ea05bb7407be3f

SHA1
e622d4c9d5972cbc40f1ebf74426f469a9293d13

SHA256
e23d9b0aacb42348b4d0e1db5544ecb99f63ffeb9717241b7b3030d6c6b620c7

SHA512
2c79de8cc321a3c94424fde08621443be147c16832eaa2996240f5002afdaa174923e67157f4bd5d14743e12cf6cbaa2c9519927dbfcbe38e045eadbdd610964

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
48KB

MD5
a7af8b4fdc68dee48f311f2f36a07c7e

SHA1
a06a4b0479aad80e2a113a03034c9255a97cce0d

SHA256
b672731c5f4d47edfb445cb9e36d8df47ef932b7a0d818b2a63dc38b3aefaed1

SHA512
b5e2a688a0da61225c8a7ca1704015fba706329c0dbb2406d05f3927f2dd2f03859a50c307f47fd16ee199b72019fc123a52c8f0b4d569fd83d08c6dbd869ce8

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
52KB

MD5
921f492dd8a43319daf1342cb51b050e

SHA1
91ffb81cd65eb72f1e0c3f61768297a1de146bbd

SHA256
2d527e3ae94a71793bd62b7d1a0234fa35b60cfff595332c29774579f02a6a9e

SHA512
71d20bd080670ceeae3ae9bea1f5da8b2a2a13a062e61d2e38da105c32eb08cf378c657f6af0aaa3d351a66a8d9d507759e8f92cccfba8ed5a5c72a1501b300d

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
48KB

MD5
2e131039306fd7ae21f8f447953803be

SHA1
e1c5689db14544632d656823959f557136849370

SHA256
6c26c945cc8e855ed93151672acdf737928460c6b3e480da64f769cd59eeb818

SHA512
ed9a7785b20933b0301b2f3f9331d75c4c94fd1e0cb4733c8c3b429606ae0a352cb02ec84fffb60946a0a862d3f99164d24e1ec1689034b480c24e074592a882

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
51KB

MD5
d2f9b2b686a7b991df9d16ac17263270

SHA1
9c1f58c72e7f7fd0ad468c59411ea28b8a82bb03

SHA256
79372a28071a8c3278f375bccf3793d1793f8bc98044672ef4ad0693b70b59b6

SHA512
188f3943e28d58eec7a035070952ab6fd9271dd2c48ca723ef6a075dbf591cc1fb1f7f965983150a322eca4dc01d24e627daf485f1525504d4ec27814095ebec

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
51KB

MD5
27ff8be67296a2f4d492e410f88832ff

SHA1
814a7bf81f38fe5bcdacc539efc6061c0cbf5771

SHA256
55902f8685ea16b928e1012d687e8a5f3845f4030b6bae622d5086b85b140e59

SHA512
280f369ecc4388fed45b1d641ce3cc7cc9a47bc82af5dfc4a2804afb15e520038848140548dc43df4661858770f0a33686f0e29fb03035748cc93e94b8af3bf2

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
63KB

MD5
87034fcab32fafc92cedc380dd6a1928

SHA1
4d231a458535883c383fe74b26073edb455c2668

SHA256
6eccf5c0f1239c2edff1216f121bd20243db815447a1708a39cffb6e704f312d

SHA512
dfe425312eccf503ed631df7f8e5c9c4bcee895c571121143b26b4174a9f15fd73fb552671ded7c23dda4ef1bea100d07641c61a3ba3240008ffb50431f3d803

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
43KB

MD5
3b26c3f852fac9d4ceb03085880697a2

SHA1
5a4e6e1be9547ef5b46f7c3eb4de6dc1fe7b407b

SHA256
42f2ecffb04b2bb8f40bfbc321ddf8ac3c887dcebd1e4c055cb9673e67190bbf

SHA512
664f77c6fb9f3d9d90b3dacb569e52ed48d2e44ab471756cc13f38794be3c8d5ecfcc79108853a134b89b883b1b993ef3316c19e063c9fd4fe54b93d73173f1d

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
56KB

MD5
752b1c742b82c86b2701f5c455aa5567

SHA1
27fd244ef5f3f9c95087a0aad9a812250e892c10

SHA256
c65e4fae1ab5d3668e020f4d44b5c44c27a7c62aeb057f3abaf612985e750a61

SHA512
6f91a6382e07a04a8540099c745363952461a100847111be36aaeb907a080317686b13a696c0dc8e604ec80f12da77fb387895fb378bc96cc7a5256b0f5e9690

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
52KB

MD5
25fa0eeeb1e81504b6d4c9a0907c5a88

SHA1
9b9be2bc5d578520a87807f27eb00b6f140ff2e7

SHA256
96f9c0ad2e824d26d13e79236c0fda5900317fb75028a813c0f4588f77fbd755

SHA512
8bdc113360a04dcd10e20e8849463f57451f1f90a025356bc2df33dfb9ff04c5f9c003e53e7a4d41207656f363bf22ade830d529433e17ab8b236253ae0f62a2

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
49KB

MD5
fda402707eb263f0635a814ec9e78cb4

SHA1
2d85bdfb67e9871f0b74333b01db46aa6a3d611c

SHA256
3cbd3398fdb55e5e13cecf1d27f0dc424bcc3823f3c2f724e398feea9fdbac34

SHA512
1e8f7b25de6954c940e85596ad46e5a128be92e3b3334b541c210ba92224930c5397f1d602a5b74c5f03b1c007869987eb3dd8ad4032d474a472af8fc4a669b0

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
57KB

MD5
5cfb1a67025e86674d0dfa9faea6d339

SHA1
ffec30fb358974ee367e054a953a9956ebc848d8

SHA256
1be40871621aab5a6841c83e8f137d8c4e55ba1c0f7892c93f2deb8261313c4a

SHA512
d73492d1867c7839b35664b8ec0da9f529aadeb6d1b104159ab7eeb58383c74a3ab2dcf9d2b88679dc7ef98ea5c2b9f0b8d58ac9a01a92e2fce4b92f95a06e9c

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.tmp

Filesize
52KB

MD5
6499ca6cc417cdc37467ea9bf919923d

SHA1
eb526014ef0edd0149659caf907b0bafda227aeb

SHA256
92fcb4453c493140e9725b748420ee5696dcd39fa556f5556f2d63291907c5d8

SHA512
1e0dde117bae8c8285e546cb2a7ea847dbe726487bad7353aa43341e4cbc5fd7fd80ebfa8c9a5514f3807972f68464e8a4ef862cf18faa85edde90d2a845b524

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

Filesize
43KB

MD5
d10dbd25d18fe199a3d0546ee5f65068

SHA1
16f7156934867da91daafb13ed76b81b75646211

SHA256
8b9ed4ee3c99687fa130db8d1dce2c57c767fb0662102a96b0f526ff7462836e

SHA512
5492020aee8e05af9368cc9791b4c4a200e2f043553dc3b13a4ebc49030434f12d9672ac41f99fc2abe04522b52db5ee096b36c5fad19928f04bd761f76907cb

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
42KB

MD5
ddc283f39a7312679d38aa6f55f787b2

SHA1
57c915d0483a8a7b422672cb00be8167e3b9d5f2

SHA256
c8439e45a5878b634e5f970cdc7cada3d5aed3722505ff936064140d37b0787e

SHA512
a8debd2196aef19df98c4d55accdc11fed63c22bffa097c4aba033d9c48c67b96cada2fbb4ee37f8bb9f2a82db7cda3cd1e5e6929a96199e22b6bcb369f493e7

Download Submit