346242a93dbe2faee19236b1c444ab5da6dabec9797965785b08ca77b1903606

Analysis

max time kernel
120s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 03:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

346242a93dbe2faee19236b1c444ab5da6dabec9797965785b08ca77b1903606N.exe
Size

125KB
MD5

4d8c17d3eb82e6d9cd7aa0fc574841f0
SHA1

a001f8f5c105bf60f0c62afe4fe7aa451b76d676
SHA256

346242a93dbe2faee19236b1c444ab5da6dabec9797965785b08ca77b1903606
SHA512

d9d528f3d7720bf0d6abd30131bbae428bcb1e4bf43233cf4942b32000512165a455a1eb964a246c4e23ae70972cb721dbb994e54291661dd2e99fec10b7fc60
SSDEEP

1536:W7ZppApAJdkCKPuJdkCKP17ZppApAJdkCKPuJdkCKPl:6pWplpWp3

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4631) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
3288	Zombie.exe
3460	_desktop.ini.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	346242a93dbe2faee19236b1c444ab5da6dabec9797965785b08ca77b1903606N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	346242a93dbe2faee19236b1c444ab5da6dabec9797965785b08ca77b1903606N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.FileSystem.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsBase.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationFramework.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationUI.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.DriveInfo.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.HttpListener.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office-client15.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\OFFICE.DLL.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-localization-l1-2-0.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ReachFramework.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-2-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationUI.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.XLA.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Outlook.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.ReaderWriter.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.HostIntegration.Connectors.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-80.png.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Design.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\SmallLogoBeta.png.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XDocument.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClient.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsBase.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\LogoCanary.png.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstack.exe.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EntityPickerIntl.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\dtplugin\deployJava1.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunjce_provider.jar.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymsb.ttf.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Grace-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Contracts.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.AccessControl.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Input.Manipulations.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-180.png.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	346242a93dbe2faee19236b1c444ab5da6dabec9797965785b08ca77b1903606N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_desktop.ini.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 3288	2652	346242a93dbe2faee19236b1c444ab5da6dabec9797965785b08ca77b1903606N.exe	84
PID 2652 wrote to memory of 3288	2652	346242a93dbe2faee19236b1c444ab5da6dabec9797965785b08ca77b1903606N.exe	84
PID 2652 wrote to memory of 3288	2652	346242a93dbe2faee19236b1c444ab5da6dabec9797965785b08ca77b1903606N.exe	84
PID 2652 wrote to memory of 3460	2652	346242a93dbe2faee19236b1c444ab5da6dabec9797965785b08ca77b1903606N.exe	85
PID 2652 wrote to memory of 3460	2652	346242a93dbe2faee19236b1c444ab5da6dabec9797965785b08ca77b1903606N.exe	85
PID 2652 wrote to memory of 3460	2652	346242a93dbe2faee19236b1c444ab5da6dabec9797965785b08ca77b1903606N.exe	85

C:\Users\Admin\AppData\Local\Temp\346242a93dbe2faee19236b1c444ab5da6dabec9797965785b08ca77b1903606N.exe
"C:\Users\Admin\AppData\Local\Temp\346242a93dbe2faee19236b1c444ab5da6dabec9797965785b08ca77b1903606N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3288
- C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
  "_desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2718105630-359604950-2820636825-1000\desktop.ini.exe.tmp

Filesize
125KB

MD5
4f550cac916e532bf5464c4d04951601

SHA1
016ec73e868ec225fe2d17190727df590d90914d

SHA256
3d29264e415f55056cb6dd426a4c4ffae3564c59fa771cb56020ef1eaaaa643d

SHA512
06f8ecd1f0d8dbd357881285e4a12520846b5c19edcd62efe0e6ccf861362286903c73f8744b60ef690ca8fd5ac5aabd3a3e84318ab6391c755ad60e99929dc3

Download Submit
C:\$Recycle.Bin\S-1-5-21-2718105630-359604950-2820636825-1000\desktop.ini.tmp

Filesize
62KB

MD5
747747d2cfa1f8509c5e5a80fec95de8

SHA1
669a4c4842f514bd53aea71cbcabf742cfc2726e

SHA256
d753b7f9521120ef425746bde41f3852582172a591f41c74b4d7b2a688337500

SHA512
f1dd4b80a50c0320071d6ca49966656eae81f1b6b9fe3bd4b6636dd538fcb4d2b05a7947ece6edc81eaf1608d679a59a972f5164509233546221508fd20ccd8b

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
175KB

MD5
dab54fef52522ff95c5146c1a5cb0d26

SHA1
619e5c0971ff3c2ebc55a75ec3eabf8f701dd423

SHA256
49f7d3e8a9b0f3c865c97949a2efad4b369a89ae6a26aed28f1aedf0c243e89f

SHA512
306b5f56fb2d7d8ca06f022c9ad35a13bdf05462f575300224bf690561ae212472414f48210e998e6eec87d88f1ca314770d5a89b8788a29afcf02c91e9e7546

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
128KB

MD5
a63bbb05da3dfa60191a44b35724c70f

SHA1
35df2ee2e3ffc59bb5b377474425164f3b9110f4

SHA256
ed03c98ba748cc4cfa29dfd3f4ed9f7392df26f64f03283b759a568b4bac2063

SHA512
c72c4f3060a934f83a42c44e8106f31907d4d21bc48085eb06b487dd3f1544dfaf0d9291885c95a972fac620f03515470a5408a0f3519c28e172c64b36768d84

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
128KB

MD5
fcec9e813c3079ca3e4df734353ad3eb

SHA1
63acca6ccf52cd5c61b83f9e104685355998abfa

SHA256
7ae2d2932949341368efe05755e97602bf184731c93883f10808e02686dadca2

SHA512
c8e6fa348945b9de34df32c6a99ab313b2941183069bac68a224a31f47fe93e83b5c7807467b653f898d9bd56ad760ba3f24293c3d45e99d81c8d127f3af0eb2

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
a2e537b0bad26029fed9e910f71c86c9

SHA1
6507130c02f0e614b1e7c3e97d50d3f8b17fc2aa

SHA256
11b9ceffb94019cb0a09f2efc2b973d32d8e3bbd2327680cadf07b9a5d0e32d3

SHA512
e2f1f4a0ee211871b0f696b44ac204a6cb24f80ec8056b6f2a8481c66b31f6af00a3e467aef97b20bea4c9de37ef49560574d7836970a1febb0c26c1aa4a3983

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
607KB

MD5
10cebdf8a6b0d35dafc088674842ab0f

SHA1
d6a0da2a7115ac091584a89c6ada486072dfdb45

SHA256
32d386fa5d159c17669df9f5cf87c5aca65c42ccf469f88f04f2a7b4d2490e85

SHA512
8cf6d41abbd3b5fc056b4a1c60117c5d4188ce70cb535ed240d08757397511e1233e82aee9013214cab730cac9e852ed7c76a8bcb1d508121eab784f0f44d5df

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
272KB

MD5
5bd6489b3626c92156add20430245f0a

SHA1
8c4f9712adae99e7a876ea5b51c20a02514c8a65

SHA256
024c73f6482739982a7b3d33c21613c89d6da2b8b0c6b39ebe8a0ad0ed90808c

SHA512
4b900d2bb124b8fab7e46cdd6180e25605dea3b462ec3537c158bc63c7a7cae459196cb8fddae411f6e0a34e915bd3d76b35c80439a6cc46ba8759891d928938

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
251KB

MD5
d8de4727faf488cf32ff6ff7d40ceb5e

SHA1
b247d8cf47d70d92d9b813256b02e9a3646b3472

SHA256
51c39d3b483bf96462824c225251158f204c0a97886e481fd91706b0b0ba9413

SHA512
6ba90d6aa3a22de552ac1cb4b765ec379b7ab999667d58869d99f8b2a81af4638678d0811be8910671f2aa0f928ea82f43a09d21ab384a1bb1e7e3b41d546776

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
784KB

MD5
5365c9fc39beea31bb352bb436ec132d

SHA1
8ccaf0668b699a3bbc6c295b50e4ebade0db033e

SHA256
78abf0f175651a2565edfca9fbf08c566ce6946d8d2bd256e0f79ea03821f3ee

SHA512
40bb379c4ead5f0009d7faf07b0c58efadc4fa187fe075e38aa763f2ff107a8434dfdc8a2e2244d27aed80438ab3a59644dabd753f30bbe9abf48e25e53ff0f4

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
993KB

MD5
a030f32f1fed538da81e405120fd5447

SHA1
1619e11496c1dd3dc1dae5e544dea1fd5fc8ac82

SHA256
dc80a7fabf92406c5fce3b414c62bebfbca5b16f8ab3055d30392dc3122ae4b5

SHA512
159f79edac2e0e0fcf1cc7ff44f5ca9a4c7c88dd05f1335e7f343b1cb31ab1c85c4aae91d481d13399cb028d3068324df7d78db198d3902ab7eb66de2ca870ff

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
747KB

MD5
0485bf982de180999e7af03df9e9e069

SHA1
e7c3d0174cb11580f96203b0a13635d2c0c77b12

SHA256
74d32a3c0777f8b175f64f4a6962a085596834768a9cc1a9b006c4844bd6db2e

SHA512
344d82c6e2c5d95d7241f3cf6ee28b673075987106f6f80a7e8256c6bd355df0f93f9b6d6253aa7fbc1cd530e32334cb8eb01fa3f6f9d6a54e990185565a9622

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
120KB

MD5
df7dd514a0985d0338958aa62abec33c

SHA1
cac5d85847196c576d2c7bfe7989c9d679ab494d

SHA256
c81b8f56276c714f547e070850a528a6d0b0ac1b2bd5f288d49a2fda3a5473c3

SHA512
a4022f6e3e950bf745d073c50c8178d9b1c82d0595d5593a06916500c94dbd16ab06d61546a0630327a1be07346a2d832b8b1a7385bb7c0028027d068e45e343

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
73KB

MD5
b892b3a0525c355298e4d79c1f1cfb62

SHA1
10fcd200649cbbccad8602c55489c30f1ce9dc2c

SHA256
c6ea1d45e53f94bf584607d2053b6633a798c3ba3e89f790709be5f1f3957631

SHA512
68af238c39afd0801a975eeee703c5ad7ccc595dcdd769d6d0d8498744650f265248f4edba5d9edaf4bc0453375b8d2f271f7a24dcc144f78ac5075edfdab847

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
52KB

MD5
e92128ea101a64d49e41435c1b32a670

SHA1
2b17fa288ab78e75baec0f1a3b68259911152408

SHA256
149be1ae07689ed9c5f15400eeb81bdf19059ea4ce7d9ce9c861a641e83be094

SHA512
51fa3e21bb36ad9e4b1c85fc3f6c9b22e357f6ccd70cdc73ebf9845f842e4bf2badbcba921c12c73e3b26aa8eabdde49568542bcfa3a103bd507a65fc1708c1a

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
70KB

MD5
bf6f8c8d5fc279fb4411684c769fc368

SHA1
3e6c30db6bbe400821deac0d7d52fd2a369ba3ba

SHA256
1e80b3d6808ba21a71c34fd962d2aa07d6eb2112c2cb65f3da92b43beab846e7

SHA512
b524e06e32dc62d7103d9bea7a9ffee8a75c17f1568be205e9eb447330fb81bedd6e6d3dd9d588086ce8e25b3559a66696c5af9397ab64d77fd00f4e71c359f7

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
75KB

MD5
86f11e72c3b3f5f63f4bbbea846441e2

SHA1
d2e4d9d992e6340d8d36d779d9ab3951c02202a7

SHA256
24ca04f8dbf7dbaab35ae76e27aa47b52d1c11748731c422b9ecfedb369d4b16

SHA512
8fc5cddecf527bcb91b9f09dc828c1af68530a529e04075d3572fd43dff30dbc0be239ebcfbee1b8155ba2a6e51834bb027735a2e644f6a8bd60f1bc6d71b02c

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
68KB

MD5
304467e4a133fde3996a04c01f652324

SHA1
79797f28536b8d5794178bf82caa0b25e4e43a94

SHA256
4b31c83f081804d52f1b78e63cb28c4aaa2d78bbea924c261842bd5151ef365c

SHA512
fe5eea81fcf4ada464ed2f99c61891fce1c222465b1f6f8ffcfb0629ede714eb998d901883715f665da2fa3ea691d99309df3325781c52cb900058ae8255b9ab

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
72KB

MD5
1874c7130e0883e7da6cdf7ed706d177

SHA1
a37a1e1615bf12b407a6508b00b6796e0ce02f38

SHA256
5636548386e1867bda5dc0b185def0c30cb02139b61a074e5cd14a9189df1b53

SHA512
593e5eb648cd143e092bd5d73a7e20e06245481853d275add9aed2f50b08d151b68fa01257fff6092c8174bfd135e43084f19f551408fd3c99acfc2c5c1513e0

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
74KB

MD5
015daac8a851f1f1ca2fceeeee97f379

SHA1
a22b4c0f51da5612425a9c86874e776d006a5292

SHA256
28884670e63c495e1f47348b9dbf693748dc3787a48f181c05903bd902b7c6dd

SHA512
c5dd63a7db303960d685ed2667355f32b7b3a596dde7eb3e3bba1eabcdafddea01bc73778f5b75d7be295c3d3aa2f58c518618616e01922dc6c8f9a3be5ec951

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
75KB

MD5
2d4943fb9e081b627fd93bb95690f516

SHA1
f65dd7d240541576a51e57a7e7c7b2ad8454582a

SHA256
ea47c02d7bdf8a334314de168b791bd6f0cd30920d16c040f69fd8693f494cfe

SHA512
30684521697cd37290bed334cbce6291e6d3a4c688395e9c0187ab5215bcbacbc26a88ac00f1e4aca7b464fd283a7313dbe8e5a56c057da55bc4f2d6abdb4d60

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
77KB

MD5
df7b15654c106f45681b49ef621dd824

SHA1
8602a0b3a10fe74395d8c258cc8f458dc3ff0421

SHA256
3b51baf6737c4614eea65c1030363d6e5062cec5bff7030d5fa2719515ac52bd

SHA512
048702e99d859e9cb6a13b9460603a8f13a13e30ca9e444045990dfd7bd7e2ddafdf57925c5f9e3b5192858be5014e4d12c452202ec21e053d6ee667a8048713

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
68KB

MD5
4eb19a1f0ce66f5c852bb92c129c2745

SHA1
f7e45932fe6bf8be7b5b6a4199df597fb7688326

SHA256
959cda367f138a8ed614fcc51ea07722e440ddadf44180f6bea633aecad03684

SHA512
c6b7035e5ed6f0c37876c04b60e39213473e64d9dd6860e306f8e9ae8c3b2b6133a16afe0dad69e1ef02ff1c3afa8e669d8dc064f09f9cb700dc180cf77d6ac3

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
73KB

MD5
d957c619f2397dcd2e686a7bbeec4820

SHA1
b3e798a83d907ed0b682e74466c0f164477a477c

SHA256
0e186f1661a5da147f3b4e132d1562c0244e325e84a2b557e4e7933333469581

SHA512
cec90db846845371154ef9bd559779d323967584cffe497853a796f9fee2a3cc2d104f06c702b8ed59c7c4163f8c4481e717e8907fe4313919314cc62d49e2fd

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
72KB

MD5
ce5052dd0496a0e7f0cab572928a5884

SHA1
390a2003a264325e6ee344862c41bf1d0c17416d

SHA256
1df0f7ee548c99baffb1633c4b9b4f358f81f3d5c464b4ec72dd584f1e1f98f3

SHA512
68cde56f09d6ce7cef5f5d5a505bfe04334b0b5b5d686d3db984f25f6affe245160db7f0d537ec91a5074b8a1fd3bb170822994ae019005bbfb850bed8a341a8

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
68KB

MD5
3f1a934c2c88fa3ab77d4e74f70bcd80

SHA1
10a7ab324b0e05b9c7e3007f7baf5745cf9ed711

SHA256
56d97b0bb66cb86ae223f37116ae815c8b7fed987b62e48e0e5b8be304f54853

SHA512
6371a6a6b5800e7e31b081c66ba6b0f44851797d7078035785ca24448301fb5535d4aec08c3fc704156765681d02d0c616f98d89fda7fc9b033995196be7862e

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
60KB

MD5
943117d5244bb0c222a1b8754c7c6d45

SHA1
8a73cc7cb12e9a385fe783313e1bc941a3fbf382

SHA256
30688fc80373fb98921a13632fe5d0bacb78aa450b5c6333451c47375a99a548

SHA512
9101583bc992645d1edf81a644009f0a752ad5edcf212300a90268e2a44ebc68d07760c891f32d0b6a86337a1e92777c9d8742c2bf232a3bf391c27f73b4d80b

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
71KB

MD5
798bc8d247f217deb826e67d51528b8a

SHA1
a4e0ec8e550b3acef404261a094a83fae257fe6f

SHA256
a87006ef41cd0c4bde58add87d56d327e821b8d928695f3a16d64961c33d34af

SHA512
b24759d75559414a3ee51d7cba8902c674cc9be215a6211c77befe3ccca7eb07c8b3015d06fce888b48c4ad16f0a045b2ba4ff4ef0257c3b3361d98565904f40

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
71KB

MD5
0d6971578d5305474df5740211035ae7

SHA1
f9c514d4c72fc67eab7bfc254a461036acd3f1db

SHA256
91bb6b5f351316037712c4dd5cd88c8f815b78361bf33b1c0b273a04d4aeef05

SHA512
2726b55330180c9502bbe0e8aea0380c48bf4fc710d0687c62aa472a3e76d329cf04339b9088b671ccf4a254dc1c2f874a60fbf1b58bb5b89663f1facb20d332

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
78KB

MD5
af9ebefb8f81d0b30e977d6658174ef8

SHA1
e08f2bd3d7493a73d744bc2c5ee4cbfd10a2fa7c

SHA256
53e4c53e258c074c4282fd33365f715e7e608b262d4607d5d33cac600d61bcdf

SHA512
16fd79b2844766a5c09212d7144091c05b26c412561ac13a8817a8ae5f0f079a97a444ec85673eff997f4a31fe7698b41de48b4f81d1a5e52fece2857226a57b

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
70KB

MD5
003018a7fce015a99e156e00d38d78fd

SHA1
d455d8330ed77e2bf7e4cf4e10b930849226aa67

SHA256
c500ddb357f2a8a50b60b94025728b38bfef381b98bc97a6a718229ab4dd822a

SHA512
cd19c2bc69619ecaa066bfd7ebba100b9ae8337d11603152fe54aefef513a909f8224835a4d3e408f1ade9abef7fe6d47ffdbb28bc305413ece698353c1369cc

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
68KB

MD5
8f80c575860ceecc71cd8d1d59754b6c

SHA1
253830d4bac5b7eb594fb1e31f7b0552fa2d00ff

SHA256
9a92d1191b40f821c8d981291bd3ed2a30fb4b44195aaea840cbb37521960a9a

SHA512
4b5ebed07520a96999903cfb751f78b3eada18c91131632aaa23a5ae99b224f4f563acd98f78cbbea81c858bfd3b3df145c921b578e093201edaeae441474eb1

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
73KB

MD5
3820db0216887e4e09c1da19b1b818f6

SHA1
3c5463dc1a1b4f95745dfa0be85c05a135cc388f

SHA256
3ce39e95a8cf782e323cc6aa244c77120235839b704efea671b3a485d3229e3a

SHA512
84b6b0fc36a37a709181b02b85cf81009f1735933f614f3f5813c909842001fc02b662e1a05d322ff37989ee91e562e373506b77c1972860fbebb0b4f552462a

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
48KB

MD5
76af8a42c0a22ca8bdf87015a48f4d0d

SHA1
308804b37caec02963f3898a31575d594ecea1d0

SHA256
619de5ad20391e553629ff3e0ed2bd8e1d2e4582d0b427886d0a6d7f2a98cb67

SHA512
c012c94793236264c79fc6d7460a04e17dc3a6d2c541ed5f88b3b024589f0566075d70b909e50987b482e2b2aab0dcadb4b1262d75a823e1ec58d97733e8570e

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
70KB

MD5
19f7ccce0608be495e60c3304f37bc74

SHA1
ed7e8ff8d61db2614480652463dcaf198aea85ac

SHA256
22e52c252dc6370f1e13f686aafb1ba2de32729f987858c0e6eb7e8d0852ec5f

SHA512
1fcc3bd252c480c63428039495b1eaf7343858295f68426f912e5a9a57df016558efef97516a53ffa398858b2857a4d50e77b92d0bffd79dd08b744908fba585

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
71KB

MD5
dd4bc4450ef472fa068566119f009c0c

SHA1
6c548f4f60aceddedc3da93a1230c6642eefe3d4

SHA256
dae9d6b6aaaa780832804dcd146a7c59e178f0a30f58e5d37cbd38f16c7af7e4

SHA512
8fb42580b6f702e3c2b18f33d783fa6aa82645f4e2f702578e5258e147d875073dbdaa7fd55fb89852f3e043182a52519cb89bc4df75fad6b67c2391af3fca12

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
70KB

MD5
796256f6c2f2becc39ef2d6e2064e9b9

SHA1
295e3f212c5c57fe64f52247a09de5962e4873e3

SHA256
e25f7cdc000149d980150ca81ad42a9fd4ac9c5256fcc5b0d340d257b3ae9b43

SHA512
73f630d6825b8bf923b8daa9dbd4c0e316f647242e3b1df3393b417a88a1c1d7d1330afd6aa1d6ad7c531191ea40b5b53530d4cb6e352e91629328f926c8ea85

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
76KB

MD5
ce154777cc495dfbc096310f235cc6de

SHA1
6344df1f2b72ca61b7560f9965ac65e932b3aae0

SHA256
2264e69c9535f210ba28b2fd022960b2cdabe34454357ab0ddd9af7ca6f00977

SHA512
74936e6dd57c8a28c701053160de7aa14a01c4d2e332591a4c5c9b61c49ed3f95c67aaa19129ef3c01bc07161bf9383621004cf78767bf4b3c054b53a5185958

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
72KB

MD5
dfb932b9d4ebe7d9ce13bb8d51180baa

SHA1
b86c85a5e3689103025c8c1fcd8b1d31a00a56d0

SHA256
e609b5f5bab28f1d0a80b24c8ffdbed9c959617fe85a4d0918e4ed59b7610533

SHA512
9a0349c50195bc4a222309990878425f261676bdc3e1c1e5f4b0bb9c17255e08a14f70b15fdb8fad12c5bb4090a13a8a1e6c2f3d1b52cf108502f96dfc3d17ec

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
68KB

MD5
f89337d6b7a61ce0722ff6778cab1596

SHA1
dd8a25fa84c923ac601107f09b1560b452454bfa

SHA256
2395d8aed60de9f2461cc672b5ced28d10f00274641b9d18d25c5dc9b9430031

SHA512
7acadf57d1f92c77722d0dcc023ffc3debf352e04c9de5bff695fc09853bc214ad021511c52bd96a75c1f614ed9c26bbf6f1a4116bf3f5ed5ed0ecce381200b6

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
68KB

MD5
56bc0104d5dfa201615f34f697441b26

SHA1
3377e4fddcd4573ae5bac1c3d667749ef22278f7

SHA256
9a05e239cf496b8920cbf05bdd71f14f41e4c53affa94d69ea9ded99670de541

SHA512
177577685696aba562199c024cc67835a883b7c264e856c06cbc9501393e0335a36bee3eab068bd14c2c348fc296cd03badc63549013b0b8eca29230392c23a1

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
71KB

MD5
e6f358b1a7759ab3b5d7b6369fb17f02

SHA1
567dce455d9e2e78bdd13a3ab0be915f993859e1

SHA256
2e0003b0c78645f109ff9062db1a9663f5acd5b2d3b2c16c917fde6a729c01dd

SHA512
ae92d688926935ec6dcddf6e27a1dde0e6e86a2d2ad7112c69a346f128b0d7d3868cfe0cecfe1559e17efa417d39fff4f5f0d37d6112dc257bf695a8c53c764b

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
32KB

MD5
b64ca93f2326a0b98eb9780532ad0ab2

SHA1
39b09561546903d686762ed54b139f000e199a51

SHA256
84085bfca161be4362c667c4352d92220d1f41f7c4bb35eb0431a0b53a8389d1

SHA512
5afadbaf061826a8e14b1636e979d780b2fe6ee616f2e2a627d2a338dbcc018dd3e8e2436f6cd5dec139ce795fae9f4e42e6735684849cd46f8297b2f4bdc82d

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
80KB

MD5
e69d3bb7cb638fbd6009c9fde4289372

SHA1
5f9179f2d16d96d79802a3ef2a955ebd7b2e7271

SHA256
3918908286754b1b0fc68ca7eba43447f4fd8278f6b47dddeef0e5f28bfa3919

SHA512
6834a9f0cac268fa516fe85493ee6bbacd082f50f372a199f8b5c5e36467377f46028f85d93be470671fe722fd6ea8c804616296a856ab8451a9ae279f818590

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
80KB

MD5
8d4b597112489b311dc54352f6cbaa33

SHA1
f8b584a17f432fa3b0038d7d7561a60c883249af

SHA256
8aff1abbd3f3b8273d05ad70ee9ec224b6fbca99ee328884d649dd3ae93d33a5

SHA512
6358ecc4af1576ee09bf4d001f5859c80fb0fb37d7eef8b38c3ce43b3e03ddaa8b2fe65a4bc0da02d56531eac8b04df566e1b2b5cfd7208d2c13b3775e28f35a

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
72KB

MD5
7f0e790785db0025f7604b86f6cc21c3

SHA1
d515fe614d9bc032b528fe7558cf9d2fc60cc4bc

SHA256
df8eabb13fc4f47424abab1f4ada2a2f303246cafad57b5bf3d9dedb2670f307

SHA512
8d166860cb8bac5b9d8fe2aa0975a367210e9d8af6fab0bbc7809bdb3e4023e60ae8f9b5dd0d08368fe2d6ee6979f4f08cc73ff715ec807cb8cc0c18a71bc2b7

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
76KB

MD5
07d4e6590557d9dfb76c8a32eccc972f

SHA1
74fe544ff81763c9ee06a4fffc8a7cd7fd96d406

SHA256
a621c7aaf0ed80b0cfb4d61bf6629c17a7afba5f7dfa3bb116780caa5807fa8e

SHA512
4c684f924b9b79936bdf1e9b14befa3f7c8ffd6c95dc7686ffa98216020c7c2b6b156c93cae711b5c11bc8459b6a214305acbad76d50edac8dd869324d9183be

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
70KB

MD5
a1a552ef2b833ba253c0e656c0c97710

SHA1
36a23ebcc0c0d83bf68063638901cf7dde5b247f

SHA256
607b50cc0e1fd6f9ffb1f0c8aa7aea496ec482cb961c96d8a2334dfd763b9370

SHA512
95f976abab2efd0ec25ac0356d1419568b80afd19b3fd1fff1987ee2bc00105340f0c4c2c8ac06c665383537de67051aa4ed9c3245ed2e08f6155dbe878904f1

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
71KB

MD5
ee7e69ee68cddd0be4050d6c459a71b6

SHA1
ee8b80bf571112761526830e23ebd84c184c0c31

SHA256
bc25948a965c6aa94e5cb7096f02fd7322056e50ab4979378d8e68b677b0ca5b

SHA512
6e784a260547e275253ecf25c40612b3a79f460212fc086f25700ae072fb0bf88b7a25ef5e4e31dcadf3084505dc664c523002fc6c0bc8973d2e5d4aef361ca9

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
74KB

MD5
92ec0ea97d6da0de4a59c1b7f5db0dc0

SHA1
997083a370b5f1efeb1c9f06d58f84d9d7808e5c

SHA256
f88af11d9d92d19f04db397246688eac8ced269aad0612b93b051eb862f33c17

SHA512
8f895129df42950177f88a0a4404ef4ac160258fed91f5572cb51b748e8e635c79374b3386946496c5093f54b5b5f347fa3d13cdf7dd44a1e4fff036f536d350

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
80KB

MD5
e43033f44ce3dba04b857d701996ab9a

SHA1
45353367dfe0a73ac59e5c489c895be2ea3be48f

SHA256
06dee89af4640c293922c8560bc3ef21ad5029f826cea15603ebd1b756540c69

SHA512
9d47936fbd391065455118329a731d3f825441cad586f1f13408a428d73565ecc687708c6a10321eee6fe4d781660a7dcf57c594f7261c8ab709ffb0ba04a555

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
70KB

MD5
013bf9e52a8e9433db52532dd22d39af

SHA1
f2ee98b49768c85647d9009195569fb776b1cf9b

SHA256
83033bd20d6c61b5a283efc732cbccceec4ad83958a4cdf3c5cce69ccf56b87e

SHA512
aac43e44d9489ea703de14da154321295836d083332da3d8d7af6ac05459a89d818a31cd3e1417c826977a4af44e53b071cd805c6b4eaccf86a9b71caa35f6a8

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
73KB

MD5
40c857f0dbfa0a4355c279899318008d

SHA1
0fedb22c54bff606b25888c2f471ced983328510

SHA256
ae19663a681b01ca367c6eb1c105005b1451463a7979949e3a497be5c0cf3ac9

SHA512
98cb5488a6219c4b7b5d59b4d35139a054a85ffa629f73f01f98bcfcca014fc2c987c6a0e6dbad20893b4049b63c6ca3564cc7aa6ff83106acc62ab7038386bc

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
75KB

MD5
125d9c486b2c4cac3702fc1c13670b7d

SHA1
0010876d75f49743e7b6d4157336ac6b28a10582

SHA256
6032653a8660f435d5fc28cf90791f3401a19157240900e7f6b54a3d7f275082

SHA512
224bf4875f5f8c56c82e282e386ff49f8312657aa66b2ce5bda05386e9e195852fc756c996e3e77992eb0aeb5cf006ac0789143c2dc418f24b081810d470a0ed

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
63KB

MD5
ed4b070d4da6a0c781e9ef49bc883b20

SHA1
77d1de6eb63a0414a21a7d8b88272766bb6164cc

SHA256
c319aaf43b8ba0ebbb0be5d4f8fb6d8d5f5d6d0e8b63d26177c164dc7bd54a26

SHA512
c78999d3bbc7f43512fa626f5df61db6db67c2dc25eb1ad47211cc59e110687cd3f9d96b8ca939c93424daee247bc059e4aa91b752104952392b175ce3e2f4b9

Download Submit
C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp

Filesize
69KB

MD5
3f6f2725268e3f3385b3290ce2a1b5e8

SHA1
7679bef4e5d710c8f8e7b590b448e87b261a9df8

SHA256
591c2f5fd89210d517e148d9ef6a3bc23b07edec73956423d68bbaac63781d81

SHA512
43b692bb30cbb639a371d66ebb6546f09269300772de3689993a72e1104a9aa7baca8b5fbe10e2428d8e1782f285e60c0a940bd6a67cdff6da5919c9a536d0db

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

Filesize
63KB

MD5
aa8123cf72a917a53d3503aca239788b

SHA1
f1adbd561bec4b01f790d01d4153088b411a218a

SHA256
265c0c66c707bb5f8c131cbbdfbdac293200442fed0259eaf12339498f2846d7

SHA512
61300f3e0ccb6048b6377ff5c003b3a4d9fec8d9bd50a949b8ac978a237fd4a251f428782c361f8c21fc2c86447634b3d3b2693954cc63fe25cb4cdc9d792776

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
62KB

MD5
db16ba8f284ea41f465f7f0bbd3467ca

SHA1
dbbaab779f40a4065d605ac69951e891835ea26a

SHA256
20bdbabc95cc40a5e14d75cb3ebd614bede2034baea628435c579459768b6a35

SHA512
aa1a247cbe0ec8a8dca7c5138de55d54db88bbc157d3f8b19f4fa8ee8ebadf0bd92207cb69d85f5f81e12931b3fb0d129ae8d1139664b433b0f876eaef319e91

Download Submit