566e6820b3ee0ee58747aa0a8d1a03f1ea2e2c542486d336934267495780efac

Analysis

max time kernel
120s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 14:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

566e6820b3ee0ee58747aa0a8d1a03f1ea2e2c542486d336934267495780efacN.exe
Size

85KB
MD5

03ca2db0dc50622216acf0e1c7651270
SHA1

58c74c03252a511da13187ebbed3722b6e699ce6
SHA256

566e6820b3ee0ee58747aa0a8d1a03f1ea2e2c542486d336934267495780efac
SHA512

a67ae7d17d4793cad2ba58ac0967be4054b8168df634e49babd89507ad2a14b2cb724aebcbfa1f7955f50d4753bb34224c8d06011270ccfde1d0c4bee07a3637
SSDEEP

768:/7BlpQpARFbhNIiJwsJwwnZh7BlpQpARFbhNIiJwsJwwnZO:/7ZQpAplJwsJwwnf7ZQpAplJwsJwwn4

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4802) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
4188	_desktop.ini.exe
3484	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	566e6820b3ee0ee58747aa0a8d1a03f1ea2e2c542486d336934267495780efacN.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	566e6820b3ee0ee58747aa0a8d1a03f1ea2e2c542486d336934267495780efacN.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstat.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.reportviewer.common.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-time-l1-1-0.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Formats.Asn1.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\ReachFramework.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Input.Manipulations.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\EntityDataHandler.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Xaml.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\meta-index.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Primitives.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\classes.jsa.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red.xml.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.manifest.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationCore.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Overlapped.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\javafx\icu_web.md.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\PUSH.WAV.tmp	_desktop.ini.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\bg.pak.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellModel.bin.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\ReachFramework.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\es-419.pak.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\bin\unpack200.exe.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office15\pidgenx.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Xaml.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Xaml.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdDataExtension.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSTYLE.DLL.tmp	_desktop.ini.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-math-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\Office16\SLERROR.XML.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.DataExtensions.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-utility-l1-1-0.dll.tmp	_desktop.ini.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	566e6820b3ee0ee58747aa0a8d1a03f1ea2e2c542486d336934267495780efacN.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_desktop.ini.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 5100 wrote to memory of 4188	5100	566e6820b3ee0ee58747aa0a8d1a03f1ea2e2c542486d336934267495780efacN.exe	83
PID 5100 wrote to memory of 4188	5100	566e6820b3ee0ee58747aa0a8d1a03f1ea2e2c542486d336934267495780efacN.exe	83
PID 5100 wrote to memory of 4188	5100	566e6820b3ee0ee58747aa0a8d1a03f1ea2e2c542486d336934267495780efacN.exe	83
PID 5100 wrote to memory of 3484	5100	566e6820b3ee0ee58747aa0a8d1a03f1ea2e2c542486d336934267495780efacN.exe	82
PID 5100 wrote to memory of 3484	5100	566e6820b3ee0ee58747aa0a8d1a03f1ea2e2c542486d336934267495780efacN.exe	82
PID 5100 wrote to memory of 3484	5100	566e6820b3ee0ee58747aa0a8d1a03f1ea2e2c542486d336934267495780efacN.exe	82

C:\Users\Admin\AppData\Local\Temp\566e6820b3ee0ee58747aa0a8d1a03f1ea2e2c542486d336934267495780efacN.exe
"C:\Users\Admin\AppData\Local\Temp\566e6820b3ee0ee58747aa0a8d1a03f1ea2e2c542486d336934267495780efacN.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5100
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3484
- C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
  "_desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-945322488-2060912225-3527527000-1000\desktop.ini.exe.tmp

Filesize
86KB

MD5
a91d67510aa0f758f5f15e03b7eae652

SHA1
590a834d9a3d2d7802ba1024897a5d1dddfc249f

SHA256
08774b9cfb002ceebd36b721e8714da0c99994344620ce1d66a259dc077c4f9b

SHA512
09234b13a7d43426a4d7b8b3f58b504a6403476f14a5c7d757c7c6e419b5abf70b4454a23f52c61c3d3a8a8c2d14fb4b7ee144a027f4add6ebf88b6854848d93

Download Submit
C:\$Recycle.Bin\S-1-5-21-945322488-2060912225-3527527000-1000\desktop.ini.tmp

Filesize
43KB

MD5
dbee2046a4ff2c4667c0771551409b8c

SHA1
4bf0f3d17f40346164929c60e1e3fc9b80289d96

SHA256
2c854cf78ff4b2a1227a8844f6dc014a46f3b1e1a768b4e00ffc61abc46c2cb3

SHA512
0ffbdd7e6897d87628214d45bcfaf547e03c6990b86a7771ded64c2e80f95fabfc25fd0f5d1b95d6ed86477d392b1f91bdd66b96ea02c3d4745d7e9b8ec08344

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
155KB

MD5
81d8767dc9349ccf04ebbb67f68e2b8d

SHA1
f06392092e9efcc1891efedf8bcdbcd1a5afff63

SHA256
3744cf5c556a7b31beec025a86e1ec0e4e6ea36a65a6ced4de6ba85838035bd1

SHA512
e4cdc094295dc98766b30254031d60b32d470d216594bb210b76550dc16407985c8c228c4b5b42dab6effa0942c9b107f54f2ee181bca097e680b3ad4bd1b271

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
142KB

MD5
101fca3a4cae3c561bb9636ac781cb26

SHA1
90b28e7f9e28cbe9903fc5f1ce245aecdc7ee79b

SHA256
bfcbae609dec9afb356de52701171849a4f90e6e466fd896266a1c40fd96a502

SHA512
7124dbbfb76b1810b48add90ec5fc775aea1012b81fd3f48908ba785459861edbe8163734c791fa4c748df069c41c0744049eb931fa05fb83982a8afb0ab5ddb

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
6b234b7ab1e29c5fce0a6f0734e833c3

SHA1
d455dab156f507668ed7f2805d9706de4d3aca2a

SHA256
2f07206ebbb8df1e3c266dce7edb433317ee102b17ca6c879cbf478e370e559a

SHA512
de46f4f93a7a65115d07bb3fa4bccb71564e29dd253fc2d5f0bc2cee2305c2b84b00a1f5508adf96c270cd90adea434d775dbbf12a7264a9f07a0b3897020906

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
587KB

MD5
574d2822fda7724b215662a8c3c6cefb

SHA1
2f6b99c95820ef9fffbd3b1ccf2e78a81d0465a5

SHA256
0a5ec3744faa37f8e30f15d05ade2e66044b8bc3d903f9e72cf371e84d24962f

SHA512
8a4dd1c75a3b112597ceddb8bf70e4379f94dd5672fa570c541f1c87d8f2cf22b0e4bac87fe3e2b41a9f99e0242607b10bf6292ca4923821bc2394857cbd0b4b

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
973KB

MD5
1e9b408b13c880f8f2fa0d1b3ad0892e

SHA1
58e1fee4855474e6e55017fcd91f66c13c84ad8a

SHA256
114185e0eea77f3635d6cb3666cb8737f9a56a2681a490327c77c1d8315101d3

SHA512
4cfe3fd7384c1b7cb4c23a076cbc0ba06c0ce1c38ce78f60bd98b4a0c00ab0dbf2d2a6121844200d3bb5a41e90cbddfdd1ea36bea27d48c1d63eabf328a352c5

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
727KB

MD5
061c33ea372cc8e17157d54d23912e48

SHA1
baf58500c4d7b06673024d4e03fb128d13c9387b

SHA256
2e23f59fc6460f86228c3ba6b8e4a39d935119b4163ce54b3e03cc11c2bb82ce

SHA512
7a1b58b6e447689ca515950c21a810856d22818737ca8fc35d6887edbeb192ceeca3d53bea1b84b2ee0d16f30bcd398d934bf27d4318aa673d21c1ba0c6f8907

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
100KB

MD5
af222bba6ce2fb07ecf5471ce1299684

SHA1
02eb86faf96cdb204fe270cfa7f2834741184bd2

SHA256
91cf89dae526aa20e672f8e3c6e996dc7a3400e79f05d819a6bfc818c916e966

SHA512
792477516d96ab59ffc481ff2ada39e287dc4ce534cd9dd1cd4bfbe09fb74f5a9c2b769549227a847dd997ac5b83182c02af6961d32db6a7f023fd0aa6333b9d

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
53KB

MD5
ac6e1b2149c98013f6e191b29fb6c7a5

SHA1
904a154259ed6d64d245d0734bae371284c7b22c

SHA256
2ead0c3961a9e8d17cf94bd448aaf36998b1c30469ca16e559fb753cc51f8eee

SHA512
673809d0650921c63bf7e95a49eae24f5bc7506ac96e79352564d4de151ccd2dd5df6be18952c6a75959f34993cd38ec6b9652fe92a6cf6095b9558edefbe54d

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
48KB

MD5
51ad494c1ef0d783717f23bd1d74f9ad

SHA1
7cbdd46aa1c58a94ac34a12e5016cfe7146b43d3

SHA256
3aaf779b07bb888e6b8921ff63944cc89d6faa2ac48fc279a8b51d0ea5ee3512

SHA512
440cef6d82123442e4a8406b6aa68eccb0b588df67666be1f14e45c5113a579de9692274be02200a4e15695428f2312b8dc64916c305b6b3eb9a1aa37577529b

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
42KB

MD5
7a240e13f8cf84672359c8fa62c951f5

SHA1
b9a9592ee4b47b87ae1f8a20c8a28d7a905657aa

SHA256
d08a0e279bc707840991417f79711e1837a8ce1e0167107d891d8844de67b3c6

SHA512
73a5ff2e8966634f420a073a14f72ef790574361a81190c0556a1c9c842e228de9188749b310bd3ad2aaed7ce87eefeae07d31a1223ef250716d9db59c5e8880

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
54KB

MD5
e2d81526745df0eba3ee554c76fff167

SHA1
9dcc95479f2db5bc3653ea2b2c2d456523ffc4d0

SHA256
ca16ec309404a932d03b27b068044e28166920305fc913bbcaad0b862571e5da

SHA512
06437730c6055330e2e08a430f98fab0e0b96c442e704205199bfc35b2005bdbcc3d286204a8d5a37bdd83009e3a06d022018fea3c690c05e3db67c92f314200

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
54KB

MD5
0d283475f406ce6454f44f457d050124

SHA1
ee61a64cb1dd206a3e1e9c689fbc781d08ab0dfa

SHA256
547c77e4f7f05986d4f8996e375f56db6173435cdcd01264940b36231e5a4b5d

SHA512
d7a4d8606e39868cbc95bf4210cf1cce72bb1152b58e7136732c53a5236479db9795261984e97e7092d995ce6f03cb86530500aa8fe544858a10de8bca5721f6

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
57KB

MD5
1ef35b986f9d2b87985b09e9a14bdfb4

SHA1
c0b87fcda392e065a6a44ade34c169b7c8cdd6c5

SHA256
a0de5d9e54fd243e8332555f9898519ecb352e48e61e7fc312e69969f8cc6994

SHA512
eefc454392f604394657122b47445e7a3a85a4a21a6cc1f7e7e5dd130db41472c709a77bea1b72afa873bdf59a1b67a6cc25d5bc3df411919bb471621b96dd9a

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
53KB

MD5
2c8d2bba7594587de3a2914e6f7b2548

SHA1
0cfb451cc701a18f4590c54c4383c7c9320e8202

SHA256
a012aa9f25305e4158c0980c41f0ebd20a156e69d9630607cf8e48893e950810

SHA512
1b09b62cb11fd70c98cba6ce4254a5f1d6d4cc01658a41bc81aa84130db47672ec6140e4587eb264a5c85e8f9ee951dfb088b6d97ab182d1a66d4493ebb0d21e

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
51KB

MD5
54c36c7ab129c9c08ad582756fea3004

SHA1
bdb98599b08860501b79ea4a6a327923fdc0be43

SHA256
5b143fce60e426669eadb37aa3dec77e23421212498d0027a8c96e70a48c41d6

SHA512
15d7d402ad1b84698c1b7c2bdd43595de4d9c3ff4a1dcbf27910dbdaca18aa07c8c8a98ac86d1241d49aba42d267c4a06f89e9d14edbf1d3149ee286a3d01c8f

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
58KB

MD5
3bf03226dd3a606766825be1e6a988dd

SHA1
c8a782e8b258f47f2354f0c204ccf77456f205cb

SHA256
75a6fca07eefdfbac6889405c52fb187af67d6f627431f428345dc25163fb0a5

SHA512
d85187e35aa870895560b5ca01df9063d5a1f005f787486b779d3dbc333dccde998a7e5747cbc52ab515be8800aa1f2438031a6b18adc3c6505b726f750c649d

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
43KB

MD5
880a10d0760bff68fbd460832503ff4a

SHA1
ab33abf59191a1043a7407a7291c5fc0fb821a03

SHA256
ea6e94a0f61faeeffdce52eb13bbfd1a1402b3dbc8859b78c01d7cec9438aee3

SHA512
56fd34a34e8c1a0b4921dfd0dcee0335b62f968ef7174803292cd35c0381986c9ed9850d955dca075971af0965a38703092e36b2a5efef0064e959ff6ed4aca3

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
43KB

MD5
498da8e973b713451fe133be9451f0d6

SHA1
c02faf55d7c4a2e6576bdcbb4646a7f8753571b5

SHA256
dbc7b71f57dc2a14986e73a0882e07d1af4bea2a948b369059a7cfdd4b15333a

SHA512
64ca61227a1baf5a952b2d98c6fef3c51c3e78753252f6ea66a20ed04a75fd788f377055ad9aaa12f11ed63926f559948f053c0a73763017cab3d52e7385e01d

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
52KB

MD5
6b50a23e8d0f93cfbb020f0d55a9814c

SHA1
6b8b18d70d33558e4a24e273dd2a8e21ece25da7

SHA256
336f0ecbeeca8a993acb88f8b088767d513232f76c75a7a78ebe45cf55ca598e

SHA512
c57e51235a5c1666d8feb0c70013a8bed18f56c8f51dc70f4ff04b7aab45bbf6c300e52da5bfa847c5fc0e5b3bcba4ac18a053f71128b52e9ec9e2a7f87b39ee

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
49KB

MD5
5c64ac8db30fc16bbf882097dfad16bc

SHA1
0aa610be6b4ef0043b3cb020e560a0ba8f3f7ed9

SHA256
37ca110ba138f1ad5735207b3f4b72a0d87bfd2df7ca637a0f2658aeb818a212

SHA512
356b27fd1ec47cbcec65a0c6b78a77e0eb9d55b58bc75a43a2c5c8377212e43d4cb8d793c8995ade49a52f933078c077942fa57054da43aa20f89e476f688da3

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
51KB

MD5
7b54f2b7860d2a2713e04be0930b744d

SHA1
33c9aa075462b1d41ad863e4c8fa2d7eb7d466fb

SHA256
c57021a587fc3f66b5aee22fc9c0e1937e3bd3ee9e5a2497c4802789d4516d9f

SHA512
60f22c2816c3d06d157ad8435cd2f4e0ff7c61eee634912d5d23fac4f95d6fcf696de9b25d2928e21a39eabc54dda4d3677b2cfa808dd4a9975405752b7085e2

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
50KB

MD5
ba8876bd5c88068c4b20ae64fef5ea6c

SHA1
4479e0a74f36b2c947d515e29ef72dd92eec17f6

SHA256
4accfe2ac7a424981b4e1205c63724e31e61052ab9ee6630570bec7813b1c022

SHA512
3fd967a5ffe33375ff9f8271782ff93f313290ea6a9e8c8bb503152f8b1271acf563eb444ad15782a896541dc14258bc0cb6d1b6180a78c453a4e71369819201

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
56KB

MD5
ef2cdca00fa402fc895b0a576c2daafc

SHA1
579698f8bdfd84a90bc4e532e36a48841c055463

SHA256
fb4415229be26ff108366463dad59488b9b8fec29eb08d7be12feaf50603a743

SHA512
f4aff7b45b0b48deae114df0570e71ecaff9f87be96e8de32b656e2c1ef18b96d6b97ba7ec020d4015b9faa8c0ce5486fffeba4ed57e93c5394661c75153b6fb

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
52KB

MD5
d1c2cc9855fe7cc7e35f601c5c54a476

SHA1
c2f78c20f1e035a372674c47bc7e81e9a877674f

SHA256
f93abcf6a5f7b2d6b1bcebde4f54c1dac4495722a33601a482213cea265c7527

SHA512
625335f6a496317f43b844c2570a8eebfa97d560987bf9ab718cb0d04bd372227524a2ea0f29f6341368bf80109ee531cf1f80b139e4804309fe63cf175804a5

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
42KB

MD5
dbcd6e0dce77b25737a939e30378ac38

SHA1
3983288b502f2c633cdecac277cfc264092e27de

SHA256
87f7b8a34fd9abc30a8415faf7c01528ba1485e9aa936e1e9590171dafebb1ef

SHA512
bbdcc52aca75e27e2d6857371ed77de142d2c3dfaf741aac218454e05025a2add4e6c2243dfdc3d029e8dd463563058441b8d4e6bb828da4434c03f0df89b1b0

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
49KB

MD5
b4f25c16fd4e9fab3c0a48e101615ed1

SHA1
997814f4244fbc4656979098bad0c7a61f2b6678

SHA256
f6abbfe781f07c7c32de3fe07b4bae90481fddf43ab0c31498d56fc44dd8e701

SHA512
52e325662053ef6ebfeb2bc1f58c25e1184efc7effb4681ca4bb33dd570be7d948b9f9ca6178ca6092c5a16c82c9e03d515fda137ff747b9f4d220bc04518705

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
50KB

MD5
76f332c9fe6058b1fb4f309a976d1397

SHA1
e93a623e955a46c3126fb17959448d2721fa8e7c

SHA256
ca5a0a737cffa7ef41b7b475cc2879ca5fcc29e6180d547312496152c257e10a

SHA512
2ee63484a096e9dd1918e4a4565802b2fbe24c2bd97d9a4a171174c1ea89bc046d884f812df2a2a1abd178aa83224d45008210514bf24abad265009815f6711d

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
51KB

MD5
890ea37bab150b920d9156affee5553e

SHA1
b6649962d2b409708df714fafb35b349f2b54873

SHA256
42e5df5e94fa9ecb17e48c6394b0ba923e874662e1a0372fff7b2da897a1e9d2

SHA512
e8703c495492eeb7809c43fef6608bc715354c10ed4dde8a46e0e55146d62868c21ef85ec7d01d0555355ecb183488dd1556b8d42d20422ce3f4ae42db858ad6

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
59KB

MD5
1cac765c6d44bf046bedfafd46ab2819

SHA1
89b78c32eed99f82ad85a5420b521f6b7c726d2a

SHA256
7d527fe358e2745259c396f797e908abec9f80965435ad74e8f1442d5994edd1

SHA512
4d5179515fa4bcad6d670b545a29f80fc5b49d4a0518c6ba71b9a5039bce34701980955a173daeac46213109f2c8a8cb26524811bcd5456502839905bcea8354

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
53KB

MD5
a6dae9d2c4f3d40c055fcf448096aa87

SHA1
0071bcd514892e60e45279a122fa7d12ef298728

SHA256
cbe20236a0aabf0bf8d700ec3632b755a4bac285604019556cf58f711afa4047

SHA512
47019febf334959d5706967f215f1d329a1d5eaae00bb5753468c919443c36bbf858f0b890e0e0d91b6bfc391cf4352b56a73b3a87a6feadb605ad22d2be323d

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
57KB

MD5
abdd6e5eb00b2fcb66e87a78bd349674

SHA1
6415fbc8edda599349e357ae399a79da3ef17287

SHA256
1866438797c1cd1881489f313006fd52cb3cf97b9441df8d9d590afc936f6970

SHA512
cb794caea3e633e4e11cb1957f7b0cb810c89b91852f725fe42913fed9d79bb794efe1e76b605c4ba31d9d662f4baa17163714c44bc184a802cc6cd200369768

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
50KB

MD5
eb1fcbc750f04070a064fa10a1320188

SHA1
3c73d49a0ef9c2cf2bfaecc2ed3c79dc554d458c

SHA256
9882f06cbe84afee2ed4eb045e72d2a63bac7c8c3b1e1154455ef5f4f6fa9d04

SHA512
f368e9af8958f245f2613fdd313bd9dac2c8bff0b5ef721fc3b41d52657a2c950648ab58d14a6b148feddb05879b29b7c3d76739241a005cd14412d6af532282

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
52KB

MD5
f54954769ab51ac7fa8b6030e7ae0329

SHA1
6cbdf58204bd418044d349ff36820d9ba3fef997

SHA256
763aefdab6ba610f0dbf390623b2996aa5e023df406060b1c2b524b9ea208bff

SHA512
c5e8cc3e82e5eab120555b802ae69528ae7daba01726f5d4289e529c8a96aa8674ab014a522778501445e3a7f214a3af1cf70f009d53e17f4414cd6a596ae562

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
52KB

MD5
8f804f01264806943c5f78c1c0b86bcd

SHA1
b9e08d12078be2eb71c796b37f0f0ea1cb6a0cbe

SHA256
38d295ce3b0edffc0ac2d575cf418f497a0bf06afd4fac279f2a7c07521f038f

SHA512
124520d5ab8655915baed2adb6f683236326bfea7303e8cada2c20bb274a17bc83ba1efa0945a1bf7fdcf846d6c9dc8432693f9b66195191a2ef8afb9fabcccb

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
55KB

MD5
a71c6df2ee15a7655a7371f26caffcc2

SHA1
265048e06bff8289d9cec0d47c53c0c26889a826

SHA256
c638374bb2124eb33dde7b83da1d86d1f7438db930647a3dbfe2d1fe5fcf3aff

SHA512
5049348dfdd4e5152abb98ffd3a9befccd557859de8af1bb7e5d84cfa220452ca858fa1fba2b78358480ce6b2abff84546688c36f2c07785a30c75d116b24ed1

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
51KB

MD5
60898ea8b4b3389d6c41f74ac2df8696

SHA1
aee12b91081124852e15def771fcd809f0db724d

SHA256
ee1482baa5c55b6578eaed4c1dde974e69f944f84d0c9a1004c20d419056de0c

SHA512
f275d1b05d6e5c85fee193b2ad8eb3260a31fbf86e982783d17a397d0da16133928728ea9d03639f352098c7e21ee0c349f0dd3c8cc42f930de97bab32ccdb1b

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
53KB

MD5
525b2d08c13e7a90be97939a01386cd3

SHA1
a0a28a6316c0ca50e833666bdea5989f27aa47b0

SHA256
28202a242f3e78ed7eb94e05b63b82691f99ea8012d25bac715cdf07cd998585

SHA512
3a324e6eb06e172bd23407e3ac198006d35c20da6a1a9c166e6022e8a4e42421c41595440cfbb82758b6741f07a7e12caf99c5324cc275357768d2edde8ef9ae

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
54KB

MD5
cc0303c36362b1526c8486be67005a0c

SHA1
1a643c471c08905764e2d3014900d8760dbe0f59

SHA256
421b7c750bd8d179a9c9aacc23d23d2a4953ccc9444198198df5e07bb3568d09

SHA512
c11f03dbf3e150797504f15910e099fa70c42a6dacee23e13d73082e0fec339f6fad550d6aee3e62c95f5432b062ee69bff5fbebe1057c7cb15a6bc529597f81

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
55KB

MD5
aed5946e94110a1dc4553c9be6630ab9

SHA1
a91e74db978a87b82e80f8fb0c315e5b03de0089

SHA256
4c43183921582e409598a1354cfb821373bccabcd2c9bab7fe6601614ee99c0e

SHA512
fc0b978238d35e52e77d08946595b1fb90d0ed295f0190ccf9f7955d6128b6250ec371f2ef89f34d079b37ae045907e9abfc0869033f40510936975a992c4f0f

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
50KB

MD5
a1591d6071b6399aa2e359f930d41706

SHA1
8ce59cfdd39491e45f5aed48e17132bb68525b18

SHA256
2156dae9dd227590d4a30fb6d28a9b1cdc21d3a3cc727e8e37532a9615d1823b

SHA512
d2611ffeef72a377b33aaa43f63d3c7ab793025f9cd4718151cb1ca26c421771740003eb9955720c402c6475aa8ca89ad8e0e54e91fc39ff5af551c12aa72181

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
52KB

MD5
1fa44a790dab3ead738f4930242c88dd

SHA1
2b7ceace72ddb1e52c4d03c10f49ac15263cab88

SHA256
aa491906d668c2a7a21469627d9351aa2cea2995c4b676633379de5744807d57

SHA512
da610667ee530254370c21f39c0bf88517a538871546ceb342b8290e0c6d87b3334b417e28d2c38d7ef24939028cfbe625cfcfadbc7afe2630c91a4834e32902

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
51KB

MD5
820e333333c162220deaa5e9064fdda6

SHA1
b6d8b2189ec7045d42435e89578d9a12f96d5f9a

SHA256
98f92530743a671613a4239f09768683d53c5177624d0e75ca93111dd3a563f5

SHA512
02e82ae763a9d18046ad594b903261a5df6d3f1946df151a8aae3d523fcfe456aed5c4c86092c758cd3982d28fade5069726af65d01db271d8fe569e76ea8c71

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
63KB

MD5
74beb3b72a36631af06f6a61f20bfd5f

SHA1
a75f865ebbb1afebaa42c2c1a6d09764a968cb29

SHA256
1f19966442bda92676e4f7cd35579945142216588ebd2546844d727a91f01951

SHA512
454aa7f24d139c662fe57b936c6716dda3ebea81b43a2bf378a820703ce0d9e9c6d3f8055192c638232660561afb5f73c4d60ab198806e5162c5cbb1f40f776a

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
63KB

MD5
8a685b9cf6ca4e3dc32e1b93dcee3aff

SHA1
f09cbf3447ea8baddb8f15f91fd0244e2a0e9b0c

SHA256
de6dc7ef7650b4aa1bcbf82b9e90c760bec968bf05efd308b075e59b3bfef583

SHA512
10fdac908994f71fc42596188d8785e372c183f40b88a8bba7ac616849f69af33c9cef6d9b931d85fe0a41de779221192d564321de39402e0a7f46a4a89257da

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
53KB

MD5
b8c7acaf7a7cdc73e89536583ab05d32

SHA1
0b7f1c02eedeaf7e2a98e7d2a5addd64671d2792

SHA256
7b6cd330a84d72726b5a1cef01db030b81ee04149bf73939e4127bc20c520006

SHA512
04f2a005336d0a1b28f01396a01ba0078234e0d7e92272f333b49d773b7fb056f5a0d6352efdae2b0ecd4c7ed95f0d0c1dd01a624ef2917c1222c4e4a0eda24d

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
55KB

MD5
58d29ed3004cafbef5cb41a884ace799

SHA1
f1b258011c964f2a7fa3140bcba00447e45652d7

SHA256
1dcbe203e586e7eb1bd12695588642aa8c9b17d1cf9237e11efebab95f08c33b

SHA512
9aec40eca2bbb8f48f24a5c22fcd19e00bb32c7c96f0d98a378f4c57e41b7b8d49a79adf7d02bb6ca51a33af4bbd4998aac06127a7f74635f73ab2f227179446

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
48KB

MD5
49d39d53ca9e154e149afc90ca0a7e38

SHA1
f5d0f3bfa7932bcc125d3a0e3e91cb3f2b48c284

SHA256
1359eb930003de5588cb4bfc8f3167b4baa10b3451e19f8a9dd9e0d26ad03931

SHA512
8d15e0d8356b41e2df2d3ca5b5d6a52904c446ad9485c496561fc273a899ab015afdded5c83f9276c50a25b89f2ad02ba3625989274730a3ac957b39762d4785

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
57KB

MD5
9defa2cceece2b39739313e6efaf5a7e

SHA1
f8412be64b4ab5fd6ba2d87c9540221df3505383

SHA256
040c7e24b47f59b451111eba3c2d08bae930a1043ba56039732fadebd54557dc

SHA512
00ad715405cbea94a9e2f887d7a94623d54736eb7d7a0e24e8ff8c769e014a7818a2ca059a1b2f3f3469d6974ae4856163892460167f3c07ac8c66de478ab0e7

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt.tmp

Filesize
52KB

MD5
56c163c5c19026f66d6670b74093216d

SHA1
86abc57e3298532e0e1248aee47b60f2648bda57

SHA256
65e3be326a7edd9eafd07cc5bbab0318faa28baa6c5134da970f2cec63c33854

SHA512
efebbd205f5d78ad5af228da470d0bba3095135984d51eb12e661865558cba58119cf2e738d1caece53696175367e7c4c28a79b3b1f04cf82bbd5d5eddece8f6

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp

Filesize
8KB

MD5
93f20733cb284bac63f8083221f2653f

SHA1
9088b6d2fff258e059a96abe6f29d2d09ebac30b

SHA256
e47f87df52788b696ce72b2b26aa67a7d091fbc2379bbbe44cac58bf5f93fa49

SHA512
e1a86d19f935742fb65d8a8c8c8a2eee4c97142f51a2f50c57fdb2b7551c90dc59249b9a21d86b7ba9f2c2cbafe7b3fe391709e1e152d37f0e8e27ed4fe0d364

Download Submit
C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

Filesize
52KB

MD5
0c84bdda2ebab53a01577fa119d394fa

SHA1
7a48226c61f4957c190175d7e4567a6b07356e3b

SHA256
e30e82f24ae326fe15d3de839b0056f411ab3b27cc06eba2ab52f06c3757d7c9

SHA512
84381be6c8c43486599394a4cd1132c2f1052b25480bc7bda0caadbec47f2eb4251e26f43ec7a55bae32c1c6fc0dc2eac3738460f35135443b7bd4de01bb8344

Download Submit
C:\Program Files\7-Zip\Lang\pt.txt.tmp

Filesize
43KB

MD5
2eb7c80d84593d2a6e52f97b9958d66c

SHA1
0fc904fa7a533f27d2badfaaf1528cc70431f192

SHA256
ce4c14fed4e9a2c8b1dd079220d24cff41b0879cd4a1e1f8579d4a704d625016

SHA512
cb1705263a791d7452dd2b71086020af70c9291bf8663ed1e2afe9908644804d8622d0c86391177f9319cbed88131cce41a0b5cb6fcac8b142af33bef464bdd5

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
42KB

MD5
403337e40fbd1b3f921d7ac7b8d8d9eb

SHA1
946944d6c04c25c76cbd9278556eebdbec07684c

SHA256
e83ce9d49f05703497c85a4dd20e94ee50955fbc7bbe96ed3164dfee14dd4f61

SHA512
84806576128bfd00f39dc068f6785e148e05475ba51da75137834c8f5925ba4ce118c1688537b616d410c102934d0a8b1e1da3a988231ef0a16aaae16f985887

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.tmp

Filesize
88KB

MD5
7e87a8fc236a566d268bef05a02fcbe5

SHA1
df89884f942d2f8a0dd98e784cc5f8423ee2c725

SHA256
f70f6c3686a9414c04e45b834ada3b15110c2c11aaf3da93c4014392c3e4c593

SHA512
dfb719981d28f058be05af9a9978cd7963a554e829bdce6ad475b4b71ff54a3eb685553e603a67f07849a42928281ff12b7a7a1b8dfa9fdd52dd119c062f5461

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

Filesize
43KB

MD5
d5cb4b2244251b38d28f0d7b49472383

SHA1
103456b30de9819b5934b5507ed439191dfdd0e0

SHA256
5c2eeaf0f160bb89e46b3e657b211128831262aef35ce8e72870fdf9825b08e4

SHA512
4380370d0151a79fbf0f20da8b01c461fa55d2b4a400e4fa09b39a7cba0bba89330b23cd3813ae1c3d78dc562459d8daf08aa5ed93cedf2dc5ea6004b585c93e

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
42KB

MD5
57f2f7ef606bdf81283bcb72d422e2b5

SHA1
382693a181161f4eb73c251dd3176ea5fe1d806b

SHA256
123a8d882775b54d10debeaf219414c01030b84170dda6c8b957f5d7866318c0

SHA512
56d6716c2f2bd44a7278b7e65adcdf5d113ab22b502df7557a877d63a9bbead5455d399c0b8333c4f034f01efc4b1b77ac1fcf9d5a700ab3722223d77d4e7cbc

Download Submit
memory/4188-9-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/5100-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download