346242a93dbe2faee19236b1c444ab5da6dabec9797965785b08ca77b1903606

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 08:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

346242a93dbe2faee19236b1c444ab5da6dabec9797965785b08ca77b1903606N.exe
Size

125KB
MD5

4d8c17d3eb82e6d9cd7aa0fc574841f0
SHA1

a001f8f5c105bf60f0c62afe4fe7aa451b76d676
SHA256

346242a93dbe2faee19236b1c444ab5da6dabec9797965785b08ca77b1903606
SHA512

d9d528f3d7720bf0d6abd30131bbae428bcb1e4bf43233cf4942b32000512165a455a1eb964a246c4e23ae70972cb721dbb994e54291661dd2e99fec10b7fc60
SSDEEP

1536:W7ZppApAJdkCKPuJdkCKP17ZppApAJdkCKPuJdkCKPl:6pWplpWp3

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (5138) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
4236	_desktop.ini.exe
3292	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	346242a93dbe2faee19236b1c444ab5da6dabec9797965785b08ca77b1903606N.exe
File created	C:\Windows\SysWOW64\Zombie.exe	346242a93dbe2faee19236b1c444ab5da6dabec9797965785b08ca77b1903606N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationProvider.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_telemetry.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-BA\msipc.dll.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer2019_eula.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Principal.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationTypes.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationCore.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClient.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoetwres.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorrc.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationUI.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\jvm.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue II.xml.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\Client2019_eula.txt.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MsoAriaCApiWrapper.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE.tmp	_desktop.ini.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClientSideProviders.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\Office16\OSPP.HTM.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL095.XML.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\rsod\proof.es-es.msi.16.es-es.tree.dat.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Claims.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\WindowsBase.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GRAPH.ICO.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClient.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwcapitalized.dotx.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSPECTRE.DLL.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\BloodPressureTracker.xltx.tmp	_desktop.ini.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\resources.pak.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\prism_d3d.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\msquic.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.HttpListener.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Input.Manipulations.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.COMMON.DLL.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\ReportingServicesNativeClient.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	346242a93dbe2faee19236b1c444ab5da6dabec9797965785b08ca77b1903606N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_desktop.ini.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1068 wrote to memory of 4236	1068	346242a93dbe2faee19236b1c444ab5da6dabec9797965785b08ca77b1903606N.exe	82
PID 1068 wrote to memory of 4236	1068	346242a93dbe2faee19236b1c444ab5da6dabec9797965785b08ca77b1903606N.exe	82
PID 1068 wrote to memory of 4236	1068	346242a93dbe2faee19236b1c444ab5da6dabec9797965785b08ca77b1903606N.exe	82
PID 1068 wrote to memory of 3292	1068	346242a93dbe2faee19236b1c444ab5da6dabec9797965785b08ca77b1903606N.exe	83
PID 1068 wrote to memory of 3292	1068	346242a93dbe2faee19236b1c444ab5da6dabec9797965785b08ca77b1903606N.exe	83
PID 1068 wrote to memory of 3292	1068	346242a93dbe2faee19236b1c444ab5da6dabec9797965785b08ca77b1903606N.exe	83

C:\Users\Admin\AppData\Local\Temp\346242a93dbe2faee19236b1c444ab5da6dabec9797965785b08ca77b1903606N.exe
"C:\Users\Admin\AppData\Local\Temp\346242a93dbe2faee19236b1c444ab5da6dabec9797965785b08ca77b1903606N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1068
- C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
  "_desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4236
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1194130065-3471212556-1656947724-1000\desktop.ini.exe.tmp

Filesize
125KB

MD5
0cab3c7f2163ac05460c6a41469f0781

SHA1
2e0c24da7a0ae927984d79955315f1676f542d0e

SHA256
c82d55baa7fd0670a9ba3509c448072fd8d0c760e5924a816ac3374a9650bdb2

SHA512
8e99782f0c8cba40c4fda28fb2514576aed0ba60d838557ebca6e174834860453ca26354c2bbb04c7293aabe9834a9e1d45e883d27cedab93c6db2f0ada26445

Download Submit
C:\$Recycle.Bin\S-1-5-21-1194130065-3471212556-1656947724-1000\desktop.ini.tmp

Filesize
63KB

MD5
7996b5c995cdde12d713403176a57ae6

SHA1
0889f180bb270225c32d60aa37cbe4208c5f2a68

SHA256
686b74084067bec5a1f01bf0f159903f00fb7c7bc41da6bc2d153e59e8c95664

SHA512
c997e28ece8a85d4686563b0d02fd605f55e4756599061051c9e48258bc927f33915a703389194ebe747398c8fd0c377546250bf3ba983d28204d90503f8eb49

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
175KB

MD5
d719bf5f8768b8b6fde0528dbac0915c

SHA1
57083da11caef039e26e1f1db74d481fcc3a05d7

SHA256
ccfe4c5fecf30f1bc43bf604b1bcd2c29873742d0ce726a55f9146a71cc81c86

SHA512
5343616dd764067f698ea06be004842f761e9e9d980838f101831fd10a5885641b3ff80c297819366229ecb44a85a0d14cb3228e8d08cdf17b47d7d1a8dd816c

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
162KB

MD5
87898e6f7e73879dd39d26f37b4a479c

SHA1
83596e8241c086eb728311a68dacd5ab91ed7698

SHA256
d3524b696286cfe61ad71c78dca443b5e2b3309374e22d2d348802d06178db5d

SHA512
4082b309b3af5397edcf7e644de3041e666563697c2e870a68a376f5c8f21cbc6c89a9b5a5288d53aa3db79464e00b78e33906163ed803460745b8be8a322692

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
18d5d6cbc8704a5429ca3da0a14a4bd5

SHA1
9b2a17f9be728924f83c367d7edadddd9c834719

SHA256
c61a2c87ae286ff11d9833e23518f0d2eb37379f9563634f27681b99f7049c1e

SHA512
4eb1ddaec516a331118010452fd6c5983f821ec716cf2639953cfcffc04c2fb7b185cf9aea5df205e4027b400f533b408df17dd9391592807c88ded9aecdd4af

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
607KB

MD5
e91cd6ae880b82eacaadf1955dbff965

SHA1
605e759f3da3d58fd564ed9d6b659bee22aa490a

SHA256
1af859a2e6b2447403e2b8edbcb73ed012d310cb367c7787b03b6325af499844

SHA512
35cbcf478e51979e4aae62283e5c3e74ece97f1594e7b50084933aa3d3b3cb59aedf87788486c3afad578acc514988f03d1cee6f6a7cd1df48a4a55721178cd8

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
993KB

MD5
f84db1ddc50257b24495e8688ccade27

SHA1
e90369d4535f18b92204e41f0c58aaf9f51f91cb

SHA256
cfb32800f10eea9427a125b447b3d2b109619c28b4cc09618f658ea6a50cd610

SHA512
2f6c87fcf190c694bf8df36371e346c800fdb79a1e8c40af7615204fe32a3bc11b8c99e42067e091745bee6b727c455d94ffb2631c1ca7d96b55e5440f2dd855

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
747KB

MD5
ceada985fcc97292ad271c66b65117af

SHA1
9e27e03b88e214947fcfb72fffc29177396c188c

SHA256
89a24dffbbfff36f3664b31d1ffd90ddecaea119da442e8c43e916ef3d8ced97

SHA512
55719ea7da9fc080507b80e821fa17b9b573bfb7e3a67bcc67772f543f5f1ac2d251ea0421ad5c6cdfcfd3539d42a1ab217ca1f29dd1d61ff1ef77289c2d4668

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
120KB

MD5
685f9afa9b3742b8acab1d09d6dd7fe2

SHA1
994f412f97080921044c6536b7f60130ee4363f7

SHA256
03653457a75ee611230c25c0f85f5493e957167f37b650643b804c06461b5ab6

SHA512
8e114e93ed1f2132ca9a15ef377911594d75c595757a0c878fc7974cfa6a7ae756365b1d6a2ee9631c87e63a0ac393879ea0f622afea3a60eb2690f4045ca004

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.exe

Filesize
73KB

MD5
5dae57bf8876add489d9a8b268c13ce2

SHA1
97979184e6423224213dd3f540b406098b3c7f74

SHA256
d5471c8e7076da455cbdcadaa9d23eaa74ce9e5f033ecafcb1aab477d8cff2f3

SHA512
8f25d06ecbed1fa91cac4c4860be00f05be21a52d838f1fcbaf55fb4da23967f6ef03e84e45e64ecdc745310a4f85d647d27d644931ff16fd4d57215fc3280fa

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.exe

Filesize
70KB

MD5
39487bdc247ee4d8047f838643ba4608

SHA1
2bb3650cd2d3993ea0e18270ab90bbbb66994438

SHA256
0dbb774afb1296ddeade60f6608b5c082ce7292feda3f76ea448866a9d160e6e

SHA512
2e6b91e0fea4f0e375899a33cab1f90ba34f53d47c252eab3fda83835d64e496c54fe4788d3b515e6c42be1731f1f0616f15689f08ed5c4f1616a11bafef16f6

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
74KB

MD5
0ee85ad192db51fb59aad3b367745c4a

SHA1
b11540886153b99a30c97cf0917b970f5c11f38a

SHA256
67869030716b9d4d6c7952c2c713b4e0ee0ea85c6aad41013e33d83e11c92bdc

SHA512
ad2180065ea3fb2c671237268ebd29052dadc996eb93d2b7c0f722818fd23e57fd765d50c9b133938dddb6ceeb8a48918922b3993d2b981e9a45e4a2a294bfbf

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
75KB

MD5
f36f700e5f85e81a55e5b851429616b7

SHA1
bc70f8e04c0435d05d5327a77fee588928dbf7a2

SHA256
832874a71e3a71dff4594fcced6977c27e93886a7c9424d377095cbcc52efcd3

SHA512
19bb6d565fab8cab07eac73c34c110f880be70a15c7fcf84d67e9de43d4177cb1d4bee150f6e36fd2e00338def43e0c939772bf252f767f12ae69962fd554f59

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
77KB

MD5
a436c6f86aa2684ff5a4e5d85d42cfac

SHA1
dbc6b318084e52ab9a95c6ee91bea2fbfbc503cc

SHA256
bff3761e58a7bc8f7ac68784ba946995a543eefe580577f7d48bf93a7d571d5f

SHA512
56cf63f51f84283b39038baefe3ec06abbe6ae5c2333bf7f65fa33c8938d1b6d929aa4bbf7726213a0da05dfd5206ca7aae273247312692fd178b2d4be0f4c77

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
62KB

MD5
786b81a1ef86524f32af44a4fa49c4d6

SHA1
02a20dfc9f96b5391a301ac5e7c17e5baf11bdf2

SHA256
f259755ece74a106ef89c3b3674e6d9a4c80329095ea2513ba5b89df0eeb69d0

SHA512
9ff87f72cf2c42564c68da752b5602dca7f280551233f4c16751d3552b1f2f5dbb3f26c566c0a971953b691422445a1b9c0db55d32dc21e3b7706ad7a9b06e57

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
73KB

MD5
bbe7febbe811a2b6de52965332f05406

SHA1
160f62a786be4da8e286ae6afe790c743c40c8e6

SHA256
feae220fb4284f6bc05aa9f585d2316557622f1d3123e6169c09c13b1c434a61

SHA512
b5e3da759faa9b51265e63e8cabcbe73977447e73652a2feed7ccc49d7a7a4ca48d9070aa12c7acc3a1ddfa6d2d1cbbf4bd65a644327b19283c0acbadce9830d

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
72KB

MD5
15c4775c6c8190d43bffd9ba21712418

SHA1
d78f85aca897a6019f1fd1d987c1823442e1c686

SHA256
3cfed154bf4eaa11d12db760568c54381788630bcf5dc9f183a4438fe802dce8

SHA512
47a7e9aaa56947cb6f761c3873494b814129d9184f69c664c33e58337872e04ecfafd9f28bae2985a37e244dcd64cb581aa8579d2293df179ab4eb068d236fe5

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
79KB

MD5
978e3774962234e9e1301b44590fe033

SHA1
32acc805191c88dbf4362caee2b1fad80f7accfd

SHA256
dfa62037b657faac842d8553194246162f2beb618adac72309911019beaf1b1c

SHA512
e3f3e7c95b3443a2d1fb37ab8b3a580bbcd98c482f5f0a47a6f2d06c31ad957c68831379f749f69790fcd3f0d130ec810bec5f912711dd0a3abe67ce58f5720e

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
70KB

MD5
d77ca76aa069be2b6c5dfec7f61ddfb7

SHA1
919ad4506d459793e5b1903c564278b22bfc9d81

SHA256
0ce0ef1335c7895a60db72269ec5ccc7f3e9e1df057a2643fb1663bbf6fa74d1

SHA512
ab544d4e073ce24b3e3c04e14ad66c3053079611a93b316c249be1c4ef4b06ab121350712473cc21e528de2f5333a06434f484baf2085ef49633bb88aadd7667

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
68KB

MD5
43a9a86b9add47772ab41f7b7578e585

SHA1
59dcd7752aea74e5198541f4c8300b4bc0fec208

SHA256
07caa0d95853c113c702139348a260252f699cb2aab8514fd6a79197e763938d

SHA512
589b487e45e1aa0394e683e548fa6573c93f3b8d306bd5e5b904c9880ccae6cabd69deccdcccb472521cab71d13adeccdfd571d360b26e113627c6b883a169ed

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
73KB

MD5
e94e4c94d2bc968f2ebcffb0f64cfa24

SHA1
221b819aa608d6c6484b5063d6140474a785492f

SHA256
4ea9c935f12e87b3d976b62e9e4c1780c42b31931fca90b8dccd6c6708b9ecc1

SHA512
7f0928d509a3cbd01a7d7009dbfc4c6b75cf6624d756a71cf915b113f0d3710512e918e1e253653c9bb4fedec3d41b6098d4f749a3ceaddb2db3a995dcad1926

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
71KB

MD5
8b24d06004ffbf3e9a930af9cf2bce86

SHA1
0760d67780cabbeeee6f9607cafab7b725f6b678

SHA256
5da10699914007362377fd12319947ef28a5babc17606300a42554a862a4593c

SHA512
82d920702b44ebc8b6b2429311a6b3a50c16b748d0f14eff5e07af9814734fefa8f8c4b2404b739c35bc48fec4d8b8d08462d26cce50ea6aa81353ce7b88fb37

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
76KB

MD5
0714306d643280a50e2e8739f516a914

SHA1
4da8e277ffa18f15d589fd022185b3abeb13907d

SHA256
92751a98e6793dd3bae5ba6a30f162f6396f18d695413a468f638ddc87b0e483

SHA512
091effa9565317bbbb77fe6ca1c5a39ea744753440e05e230c211514718e524bba5c2e2587d09863ec85aca541a737d3516746822b71dd7ff2006ce4274832f6

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
72KB

MD5
b83c10576fbee46a5e50d2989dd8e077

SHA1
72ca40e56caab7f6ef6fd69e20b7ab1f0ae53cba

SHA256
f1f4ffb1dd4a6343de3f808ce34885a753084f0ab5414e141b05009b454ef3d9

SHA512
ed631eaefe6efc8bd4e12184d6b8c1d5688337e4a9dcaf866e4db495d97eef494fb50a98744f8e98abf7d8395fa833cf6f7a5cb4a60f77454002e2ac67833d4c

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
70KB

MD5
2b3961924fa94574b9b8cedb82cf2ca4

SHA1
b60f9b9b142c6875fd904e12b9d46030bc358892

SHA256
3635b5db22ca68c98ecab6d3856348688719afd6d7d8147c65190ee270a8f337

SHA512
9596edad0b91d9377db328dbd3abef3a535f243c1a29cdba1561409fbbfbde94b0a632d946a95cfb8532008e897b42eccb8ed4dc6f6439c841884256128b7c3b

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
69KB

MD5
4aa0bf503e348447bc4a43e586429de2

SHA1
4a2ed6b3911827b91c6c05f2d6ea55d1cb308cae

SHA256
91f83349cd6e2d96fb42d10f9399f7467a826d4cdd4a0d269f71d4f27fa143c5

SHA512
6f4fce4e0d748a575398ccb258dc5d9296b2d988ff43a6e93957677070c9618e40fb30875dac9a10984690df120df06ea8f44089ddc78dcdbf2a0e894b4389d3

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
70KB

MD5
7b534282d326e0fc8c2ab77d2f3ec211

SHA1
e8bc941ab12131b87d51288d32f806516f1c9abc

SHA256
1c1a3d35d645bbbfc625fef97a86e088aa5fc6cf9c7a25c00263c9e9f6ef4406

SHA512
c095c2fb9ef12a25e366ca04424a9ddbb82c8057e3f002870d80de4abaf61fb36635a3c5a2660a0747664f4e7ad292e9e0be2a118ec6b32c2f6763d57c19ff6c

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
71KB

MD5
1e812e562b499a7ea062af6624d1a545

SHA1
f696165fd6b277155e918a1768ef4f43d509c272

SHA256
e16ba28aa182082b285421b1792f44c7b87f64de667c1b15c011f1cc34d51ee7

SHA512
196f18bd76f5e858fb92846eeb8456ff14c5300e8ab275abbddef2fc0c57b83bfda741414a4b760d77248486371d5a6afd57a9ddb3813241b485bef5b3cfff9d

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
80KB

MD5
722198883a64846c66b89ff81f77ebb9

SHA1
a554667d264c33770b42feec23e507c1eb4d2bb5

SHA256
58f64a2fd2166c2bfc51df6180d2b56da5f14b7be512e3739f0ad9dcb0790c9d

SHA512
8505f580cd82bd846ba3891f91206d0c1b70373e51db96e73a363b4269e674dff4e73656bdd0a749ba4ab76466bb93a5ffb39ddb30674b88f33803f0b1310cbe

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
74KB

MD5
89c7d9b1b8a2b3922be962a3a0064459

SHA1
d381c9a04a66da1893aed06dfcf37e2eee98c55f

SHA256
4076b09030627f41cacc2715dc12a004172b061e7a0ca46dc2a0b53421f3e01d

SHA512
8dc3ad76e0be2ed9bc08b0e68c2b7626172fa524cf50a89f38e0a8d7a8eef334e44f8ac03a15365fe7bd29f11f8fbffbf009cccd4857ff889b22812c134d682c

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
79KB

MD5
be620097a04781cf923f5033a17fb98f

SHA1
f8e19e158145b4bf9f9637ce663f17766e7a9167

SHA256
6ee9829f371aacb9f7e896b4309efb112488027963124f76d667ca6c2cb66c42

SHA512
41d0ecc1cbb7d53093a93b79c23516fddd871f359d698cc43bc6f6f96fd1cc7e930b2ec101bfc0786d50c8b98603b39b50db0aaa02c324f9008d464650d5ff68

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
71KB

MD5
1fb1c7843d3b8158b1e2da16b0f32a93

SHA1
77244349cf47966f1ea828a97b58552b50d3b4c7

SHA256
b57b1ddeb2e766863afa322bf224768d9d795b1246ebbbaa4f40bb63db48d8d4

SHA512
d354fb7f7522e047b364fbd1717791d122fe275b204353811439e4e0e059539f219183a96e2840f4fe27ecddf93f06f58f2c89fd834e03500896f9da1b5b5cd3

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
72KB

MD5
a689491f6ca7efa4a0056173457abb7d

SHA1
7a7022df867ec98f980b3c3cc3c9c7dae9967fe7

SHA256
d034c74d856aaf64fe2d645fb0a261772fb90cc3cfea3d840f9aa15efae8428f

SHA512
56e50b568b68a3d2406ce637e533f92dd7de6776223cfc84e0b40b7c23b53465da8751f82657d133b747b300f02ceaf3f7cccc6675e8bc156881038343ce83ee

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
77KB

MD5
605fd9e99bdf6c9c8ebd6d90a7defdde

SHA1
4fe5d8e3cc2b43c26cb8b99f9202f5c3b603b53c

SHA256
da55d495cc2cf35577cf6fd54b2ca6897aeac211b3aad96a8490ec270e505803

SHA512
39025332e31441353c37f92d7842e763c85484032fc7719f6822a5c6a0998ec34bd757efa85c4ee672326e641b94454f7c1ff2cfbc756c19e5555d637f3c081b

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
16KB

MD5
6e812ce6bca23bb73ef79b732852a9c4

SHA1
c6d1648b7036e52325d7dc22f042255cb8758169

SHA256
17fd7214063cca63636d4ade8c3f1d2a41e90afefdbec661ba437ecd92cd5c8d

SHA512
aec5ac5bac9026ab893ed45d23c0f6d70de57383ccee181ee7987725ae82abe7cc83d71f36dfefeb1cdca472a04d37b7f31903be6a3b22e5c657bc97b1ffc8dd

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
71KB

MD5
2452d62b80e37921580684df604477ed

SHA1
2526dcf56e6a600a0a2305e5b64e4a189e166cf0

SHA256
c1a0b44f1021c6a0f7d6e31ae3a873868247c8ca67ed0091ed97163ef2f98993

SHA512
cba8358d5e543013c89fe36b46b19d598e65237378e2af11787c634cb1a0236c66a5fcc4217f9b204c554164dd68ba13ddb98d978cce92a1dd5eaa3afde134dd

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
72KB

MD5
e26883284e47668b58909d8d20a75cea

SHA1
e789c0f5fb59b63782964babf91345196868e3bf

SHA256
6f29e947e223c9f4f098bc733cc39c4135fb2cca6d41d76a7668be9cd76a5969

SHA512
2d579bdbc82b74aa280fd58da73e15caaff966e99ba1a3fec786511df66cd62b1b7b49b34c3fdede4e8d807095b238bc9f8989424dbd1bd564c652e829a64245

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
72KB

MD5
02a2a7aeaf321ece1f3e725d95939a80

SHA1
d858494d59514fbba7e68151470e51baf837e852

SHA256
0a24f1068d2930b01ed9e591760f39834954261192b026d0128d1340dc2c44fc

SHA512
5578a6f537c19b61e0fba967c8bd231b1d7c529cf8eadc47a9d112233b8a5d78ae3925aba4b2f57202e91f8bd7e23bfe0fe3b4863bd7c26e36726167a8ba6e4d

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
71KB

MD5
94acb6a58fa3e7edb9acb5d2f7962cb3

SHA1
4afc4046acf058f0f3c515d3f7c2dfe13d094c47

SHA256
310a1317b9eacb168985b15ef4566605d286c4a9c7a01fd62cc040b21a09e518

SHA512
4069ce7b4e441c5a295ce35519114ceadd602657d35d2b5f2ac5b0984752f2dd80a8b131ed20df71beb64248d9823e2f3d11bcd6e3a979b466fbcbe69df16dc8

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
80KB

MD5
726c0acadfcd65f3d0a38e23316f5738

SHA1
f7853a58e7193d09496b355edd3e88c75e4e250f

SHA256
2f3b54c966dea6e4c03f6416203665b246adf06934cb163d3c40e458a6e61f9f

SHA512
7d2ba7bf33aa587a9c4546fad5f81cd32909fe4f0497d9bcb179cd5b434497f267d602dca01abcb6768e2987b8aedb4c48855584c95977b3b0905a20e1162f67

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
70KB

MD5
e7641540abd69162c7f036ba5288a139

SHA1
13b039647634ffb8f47d1532b3481d725a4cb5ba

SHA256
2803f035458a851c6e818e70b7ce747512556a01b5d5a734d730e11f2f66fa68

SHA512
401eebebe6550e6c9e09d38f7066bc3478b9a0fc7192fb39c29626861fdadfff09d39ef5dfa119ffc33867e7eacef79fd1030623f46cb46a6d66744863428b3b

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
73KB

MD5
314c80e84d7f2690131217c627622f45

SHA1
5c89d89daca3119e54de320749f6bcd18eea0616

SHA256
a167be8fcf9b46d7514e358e4e4e3b115b144797e41cfa736dcb64e6b8f3597b

SHA512
999b1d2d1b254efc430d03b4e03fed629f3fc4090298be8dd0b4726d941299c94aae1f03485cfa392db849108eadba2c976648f6319021427fb70798da54215f

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
75KB

MD5
065e74db349711905b1aec3dd889ebab

SHA1
d469039dcb6f79ba288571a142eae70e00b391a0

SHA256
efa0a3130409f199da5665e208a003dee9f806fecf7dbe27d1c3c40b1a83fa26

SHA512
340faa5d89b1e82f58524d829fecf183ff2c743f8b77663c7c9980d4f8493ad87baaaa891d39b866786e087f1a7125a275f7f5f2944f21f987fed115db0cd16e

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
75KB

MD5
2bf75802f1e626235f0ea71de3df042d

SHA1
1d55213b70c706bcca5e762fffb94fc85dabcc07

SHA256
bedbbbb60a2682203ee1a0f58df690b1008d0be0660a54bf66fa8fc431c83d75

SHA512
8d2bb181351732b91adf3191ca52767d9e6f509d31e554247b5924b691e956bc58913aa95a88211fbf6857c8f1412f5e11feb351c1ff32e56cbc53bb6cfd9caf

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
70KB

MD5
248de14d2dac3624ab5d71ff06fb6a0c

SHA1
47e02ec867ce370ca1db73e339b5124b19550616

SHA256
c026a4fd1b069edc7c9c1708922453ddfbf28fd5c0384f4fb6421bd504da58b0

SHA512
ecbc83bf00e522f0af2cb4c512c53b372b713522a44db2e62fad1121e79ad8ad63677daae3e89d1bf04bbddf6e06483ba6abdaae43cf191fcddf2d1b5a9ff818

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
72KB

MD5
a900a112eb3af4e24e5cc5eed4ac5a18

SHA1
9096adf3d4504c9274a0af5403adc0243df2fc97

SHA256
6357eed96653634a60a464491761b975be2e82a42b20e8512ca83f9fb026b8b9

SHA512
5bed7fd936c53e3b85d1e13a04b17933c941e3487a358a903f30d8cafaca97fe6ef17db673ca5569013df35256bbce70220c622103be301b67fdd2627fa148ae

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
68KB

MD5
6e581e3c60b0ee51ee163e7356bf7e2c

SHA1
e25aaef5bee042b2386d635acafc623abe5def08

SHA256
75da7927f41ba2f991f979eac1746894bedd44040ae6b5d89ce10d71209c9887

SHA512
0475801d65d1dc995a5158e43fb59d80cd4ca60784be17f393cc5b60ac319e6d7523637d872c12cc47b2b72242a74265579e3468c89edd39205b119d0ea6f0e9

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
71KB

MD5
d0599cc868795901a2adeb54bd9d1306

SHA1
77c90d92524eea28ddb398af3bbaa21b06451814

SHA256
c6c0ab0e0c35751128c80b91d6f1fa10579d764a20cb803b708352770d52f10d

SHA512
3bd617ee8cee67597dac46fb1be6f00e9586dcddeb62c17cb4a4d757174b1c67cfc2162d4cbfc15fa1a3120d5eba979a12c00e680dcfd5b3076e144918f5f17b

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
71KB

MD5
d2d11ff603b3f3ad65a896c7296144e7

SHA1
acc80fa112e0b23cb4953436e6ea64f6e000950a

SHA256
85f0a3d2614c7a8194c060f930269af89fc66444266a3b20f3f3ee554ca963da

SHA512
5957389326956a73ad3b47b204cae465b504e47c72e93e7f545755b51a0852e10d537dc83f07e48ba556a19f9c49c1fafeb28a9329c03d4732e97b4c9e55040f

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
83KB

MD5
e924d94f184b93e641a0747c5f49d847

SHA1
6bb1b2e4bf35aada5ddf625e1cec479d40a9204f

SHA256
58b17d7231f3a9e1b00f4daae1e6dc3ade5abb3ed19a5b065c6ca7d38e4ce281

SHA512
4c47b8f1f6ee8f87cd022fd408aa2c2069b8eab5cbb5a8d1f66ee7cc32e88fcb65f0b958b2eaa25e99547c9b06be31453bf3fc2a5ef8b89e903ab4cf609f87bf

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
73KB

MD5
e3e20f347f24ee006eff7dcaebf6650f

SHA1
4d3983d467ae956c049ea14d3902a9b8c301fa27

SHA256
f7563ac6161d1115391a35bef494c834797cd4bf530673959cef574a102be175

SHA512
f90a733be3925eba258f5a11e1ae0b2f0c5d7bb6ac282cb124aa13a07e568d2aeb3cbe9cc1c50acb5edc0b41fd46e759e731de3ed32c124f1ef015dc137ca0f7

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
68KB

MD5
f6de13c0061414c1548275a1d27a789d

SHA1
eaeb3f8074b815fe6bba2112ebec658fc0ccdd0c

SHA256
de15dc20ea3ad983fa7f80e56ad45b56c1d78fec3762a1b48e987b6d0ace6974

SHA512
454fddcc949b19c86a35cac1929e96665dbb595f299fd8f6034ec4d296a8b9552b05439dadcb6a55149e68e7d0cc18808cb208f09932f7e910a40643a642ef88

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
63KB

MD5
f894f0e1c421faa11d9aa9d854866405

SHA1
2008fa714c0cd0693f92cf6f99c2f9733fbc592e

SHA256
8a873ec681bfe5c61a7a8af36825785772546929251d3db3eb41d43c84df089b

SHA512
3b89f32bb51f6a2b7c0d8263c611c12355d03c43cd1c9048e0c72d4a04d07c66e26c89216df59f689ab196c7525c32dc80e35dc65a1bdf1d32c0e3f5e147335b

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul.xrm-ms.tmp

Filesize
71KB

MD5
13084013f23380aa4c2941468d5c6a22

SHA1
8654d08085303bf4cf22323fa2aabd6cbbd03e22

SHA256
4c3ca8ad9717c06283c6f361c396a66fe37bd9fd3010589359d1bd5d571df67f

SHA512
c9b7e7b60ae693b095608d96b631a45ec0c06bf6a8c331dd7b11eec13c0d9776d9a2a905bb03051946f5f64569023146850343e866652510e8efff6881e4cff5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

Filesize
63KB

MD5
aa8123cf72a917a53d3503aca239788b

SHA1
f1adbd561bec4b01f790d01d4153088b411a218a

SHA256
265c0c66c707bb5f8c131cbbdfbdac293200442fed0259eaf12339498f2846d7

SHA512
61300f3e0ccb6048b6377ff5c003b3a4d9fec8d9bd50a949b8ac978a237fd4a251f428782c361f8c21fc2c86447634b3d3b2693954cc63fe25cb4cdc9d792776

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
62KB

MD5
db16ba8f284ea41f465f7f0bbd3467ca

SHA1
dbbaab779f40a4065d605ac69951e891835ea26a

SHA256
20bdbabc95cc40a5e14d75cb3ebd614bede2034baea628435c579459768b6a35

SHA512
aa1a247cbe0ec8a8dca7c5138de55d54db88bbc157d3f8b19f4fa8ee8ebadf0bd92207cb69d85f5f81e12931b3fb0d129ae8d1139664b433b0f876eaef319e91

Download Submit