f6367ce348a925b34575faff22d9c616832357ce878395477c0c3a6f28b2d131

Analysis

max time kernel
120s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2024, 22:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f6367ce348a925b34575faff22d9c616832357ce878395477c0c3a6f28b2d131N.exe
Size

148KB
MD5

0eef432ee370205cae4e13c154b23d30
SHA1

34d893892fe77eab191ecec4ba43abf0b5bcb7cb
SHA256

f6367ce348a925b34575faff22d9c616832357ce878395477c0c3a6f28b2d131
SHA512

323543ecd779ac0dd0cb64f689168b3a583e7aea33d218e735cc5d68764e2080fe9802af3019910894c09fc40b8f98847b5f55d0add6610374aa4367bc6422c8
SSDEEP

3072:9QWpze+eJfFpsJOfFpsJ5DdZ/D5zf6ydyf+abMkF24kzK3jbrCkoRWNkzZ/D5zf/:Lpe+ewD7pe+ewDr

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4692) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
976	Zombie.exe
3812	_desktop.ini.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	f6367ce348a925b34575faff22d9c616832357ce878395477c0c3a6f28b2d131N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	f6367ce348a925b34575faff22d9c616832357ce878395477c0c3a6f28b2d131N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.runtimeconfig.json.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\3082\MSO.ACL.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as90.xsl.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\en-us\msipc.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.VisualBasic.Core.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Classic.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\classlist.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.XmlSerializers.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER.XLAM.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClientSideProviders.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jhat.exe.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfr.jar.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Expressions.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Timer.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\splashscreen.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsBase.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Cng.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Controls.Ribbon.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\bin\java.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\WindowsBase.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.AeroLite.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.Diagnostics.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationFramework.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationTypes.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\es-419.pak.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Luna.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\ReachFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Internet Explorer\de-DE\ieinstal.exe.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesstylish.dotx.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\wxpr.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PenImc_cor3.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemDrawing.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationProvider.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationProvider.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red.xml.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f3\FA000000003.exe.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-pl.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Primitives.resources.dll.tmp	_desktop.ini.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f6367ce348a925b34575faff22d9c616832357ce878395477c0c3a6f28b2d131N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_desktop.ini.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3352 wrote to memory of 976	3352	f6367ce348a925b34575faff22d9c616832357ce878395477c0c3a6f28b2d131N.exe	82
PID 3352 wrote to memory of 976	3352	f6367ce348a925b34575faff22d9c616832357ce878395477c0c3a6f28b2d131N.exe	82
PID 3352 wrote to memory of 976	3352	f6367ce348a925b34575faff22d9c616832357ce878395477c0c3a6f28b2d131N.exe	82
PID 3352 wrote to memory of 3812	3352	f6367ce348a925b34575faff22d9c616832357ce878395477c0c3a6f28b2d131N.exe	83
PID 3352 wrote to memory of 3812	3352	f6367ce348a925b34575faff22d9c616832357ce878395477c0c3a6f28b2d131N.exe	83
PID 3352 wrote to memory of 3812	3352	f6367ce348a925b34575faff22d9c616832357ce878395477c0c3a6f28b2d131N.exe	83

C:\Users\Admin\AppData\Local\Temp\f6367ce348a925b34575faff22d9c616832357ce878395477c0c3a6f28b2d131N.exe
"C:\Users\Admin\AppData\Local\Temp\f6367ce348a925b34575faff22d9c616832357ce878395477c0c3a6f28b2d131N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3352
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:976
- C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
  "_desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-523280732-2327480845-3730041215-1000\desktop.ini.exe

Filesize
74KB

MD5
bd22ab28b532637ad6ed88f5a606522c

SHA1
8cfb1531b5c45d62cb5a43f568961ec203c645b2

SHA256
8ad975bea0ee192d0e062602208e54b7176d044f201215a9cff6483c383ae753

SHA512
f3ffb0dcfe3fb7c713cfeba20b3081b96d0e32cedff28370e1d201ccd37a262df190fa5798957e3bdcab69b5f10c0de5e083da7137e27380cc194620a3b2a042

Download Submit
C:\$Recycle.Bin\S-1-5-21-523280732-2327480845-3730041215-1000\desktop.ini.exe.tmp

Filesize
149KB

MD5
06ba8806409ced8336d0ded0fbbb13a7

SHA1
d32b0deb6af2b9f0760ea5a0b1e1512d9b405ec7

SHA256
9d059f55945335f9a3e2abc71de49f562bc66855c2341fb40d39e2ab1c331e38

SHA512
7e5be5fda7932a34c194fe06c74cfc9f80e4ba6de1e293a4d9f29a16c3879601e07f1ea7c797821c70a568842b777e6addcd60ecc92c3c3e29929bb270ce9990

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
187KB

MD5
30e349f3943edce76ce49ad102d59613

SHA1
0b5e39a250691b7cae1aed34589e31c5737d89c2

SHA256
bc518e5afacbda31ef861ce3bc1416fe411b17b1b50c62b24f87d74e16783ce0

SHA512
6fa7aa64994ed54c4dd85eb3ba9603d52d70433033d8d5c9c6b3607c056e7629d723bcfe7261c37e376bdd8af1f51241c1c3dd9f948acc1547d2273bcce04465

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
24013a1b2b83a061ac15894f5e65cc06

SHA1
c42a12b67e80049050ecf58587b4e35821282669

SHA256
a3cc64a2dfae8433df03392defa3050811aa894ddf14a6364b4f5708c973f85f

SHA512
1b5a8d33a41d2e3e05b4650fbfb5fe55e15af8151e6037e13e2840e3a31c2f34d578c68a2e8ce15089def49c805a17f50ef06fa0b4f6a4db676b750e87aa97c8

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
618KB

MD5
c0f7ca224503a16d54089868120c7a27

SHA1
da2ae37c167b98eb0e9e9297af063db4fbbbe731

SHA256
92144e96368fc06749d9658fff5adf3d991cee2f1eda67603ae0672d22d4eaa0

SHA512
4873426466c9da5d4cf534abbbaff0000a7571e6551fc69856fa49c07ca7b2d070b59f55cf6a69f2f18ceee74988562ea1870a42f0b915143c7a30165a171ec2

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
262KB

MD5
205d1194cc97971b1f63588a36e4a994

SHA1
f71360ac9affed1b81674ce5ea3359376c37433f

SHA256
596ee03fec846ec96f5acd25ca9a8a9ae018d4900030430470e1b2ad8ffdfef4

SHA512
421b11bec132cc4a1df430d933240672e7b4d04e811b1d44902be2a0174c72e60fb4ad638b4dc9c3e02f6a1d569a38a76bd46692ac96646c26300af43002d709

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
1004KB

MD5
f43ef81dd05a3a42bdf82d389b21338c

SHA1
349196c496c941b89618156bfa265161db9e972b

SHA256
2d986c6775eedecbfe9f928e4d22fd7e1fba72727e91c18b68f0642e104ef9a6

SHA512
6caf2947b0e515deb4efd125eb11d6770a2894e9c22feaed1cfc30e785711c8745d746138383726e534afeec98ec08f95d789e078b53bddb152aae3f4fc613ce

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
758KB

MD5
661c5afdbc3cc3048640b8fd1bc81d82

SHA1
c55755b67427332e2d3e3485d01dfdf8237752dc

SHA256
507e2ee12abd8b094200d65be3228d497043ec610f2bbf574681b0c5fcb72811

SHA512
a0808d4b7d407ce951cc93cdee5f2bddad36f9a60f2bce980649cd7652a51fbe5aea70e5c47780d7b0fe8e5e7252b36dc9e9c9a3aa4245fd64fb7bc75e12b46a

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
82KB

MD5
0227df7a5d6c19217a8fc8c2ea0de0ef

SHA1
5c1d100b3ec13e06a113c4b5009b65eb1e2849e0

SHA256
1765902faef97c515f1682f7118de47c6377f60b8e8ded784fd1f7cb182de308

SHA512
8cae148731eda5eb9fcf020fcdcadbd347f6e2f38cbda32514dfe5c2ce4cd60922a00034fd0b654a25999709cc6629681fbeb2dc3f04311fe92e42375bdb84c5

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
86KB

MD5
7441a30d19cc8d394eb868dba8c8241f

SHA1
7a0314139ea77a22d7e7172cc4120eb82ab7ef9c

SHA256
ee1c8836c809837e66504820438f0952a3f2481e614cd10c3ab13eb812922dc2

SHA512
700675e90eb16aa07fecbdf931ef6cecbc3295bcf59c6eadaeca4d76d8fc67cb50b92cc3367b8de12cda009a5029d1a472172ec84b2f6e705f14200bfa5699a1

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
79KB

MD5
8d097644d7510977c743014869f5a213

SHA1
37095dc05354b25318a7065f1c42deb49134298a

SHA256
918473c20038510fc417ac77bdf9681f5ebb3b57faad88f770e507c04d47da9b

SHA512
494f8fe4a397c9f5f16f7f94f639895b58226688ccbc8cc22dede4a72a2179fd5a81bfc4f0a0caab65a5b07b133b77907cd27f2fe03af2c34f8291a0d17ebddd

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
83KB

MD5
6ded79c2e3ce739a8e2c3c1bdc6a7147

SHA1
60d2480c32d66716802b8836a3842de9e5b78c8d

SHA256
50fbc015f96cd7bf341b9f499352ff5005ca1314ba5c91918039b8c629568faa

SHA512
fb861d48c2015e9c53cf1af80e313f8998b0fc251dc9084a5fcf7f3aa44e1c87ccd45c84a16a3b64108c8a859039a7868dc6773e8bb5ac891b832c260b3f10ca

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
86KB

MD5
9a9739356128f839444af302749322f5

SHA1
e7d977bfa9469947b8a07278fcec59dd92ba8b4b

SHA256
d2efa814b422ea16e91ae08917559139dfe640e354d9da2b15f9662691c357f8

SHA512
604d731b290c245f3ab5572c582ba0c858db469b504454a0a7ad70fef532702a59e14c14394db0faf9e27a0386aceddd200464e9b9ebdf4d3c168273b0e190f6

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
79KB

MD5
740da09eeed13dab778787568c6c47e7

SHA1
1eecad8fbe0985d969eeba16a36026a8eb5ada54

SHA256
af95cd36260341260b3ece13ca909384f6b902dd08e12d83a85c6e7b6bf5f704

SHA512
7027ba1e14393b83289efc0c37b12adddc06fb836e7ea93af6c9476d047257d0d995a60e340a9ae26524b4dc31893b3af9cf2351d9a4e1b3283e77628eb3ddf5

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
79KB

MD5
686ecb6fd4fe0676acef5d7225e38722

SHA1
f13ab17852660a50c5d608c9b11174535287a42a

SHA256
932caa1e2d746836be2340c51b1461743ee7e6d3a9e0dffdc18aac5228b5a8f8

SHA512
21f12a3f1e4aae629963f8519be8caaea8cd231cccd60028ec4c34bc2a1c94daa65b5b2326b69bfe99a8bd8a930f5ed516ec64d3ec0c4a260d92a9acae6d8d4c

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
82KB

MD5
4c14b19ba98677433b5719a329e5acd5

SHA1
061c1622023d7382f983f73e89e27876fcaab1dc

SHA256
d201cda234b01abe7f33841f5e122e732dd38e870ff8fd8c71b399c1293f5e0d

SHA512
c67f1a453d210c07a056bf9792a10538bf0b8d09a8b2130a1b091fdec725302447e438c3690c8f437a4372e1629f65a239fed2b577cd6867f73993d7fac17257

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
83KB

MD5
15d151cd6a8d729f96a906f851ff09b4

SHA1
3b751960c92007ab281383e9e3a3ffda2119fa4b

SHA256
5d58cdfe3d3d8c204b0726fd3a97cbbff91ba8430ec614de03f299ea3b124a9b

SHA512
4694d7ad1ccea2cd9114a665784f19cd9d1c074ad36c789412e2633fbf255d0486ece9e8c6b8ba356d52d9abded5eea2fa4098eb237b23721194c5a8a454c81f

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
90KB

MD5
6665a0c7f8e610c41ac568bc0765413a

SHA1
3532e6021b9b388d726364a780956c6ab10f7898

SHA256
78b3a04eef3727b674c069ee1b9ced98a41917b7ebb30307e9566debac00c8cd

SHA512
a56ebaaeb5a2ad0e31416b6971653b538c48ff3a31a5dae63e14bb5728bf6850acc06309fdcaa892fa5dcbcf63b373a1db9b13e0a5a61a62f0d0f87d3c96f72e

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
81KB

MD5
9db49da366f041e97b00db90c49a290b

SHA1
c3ef4d1d1f760b547b3c676253f1f68e804756e0

SHA256
eb658c0b9ce2479e31ba9f1edc81b923f0c21ad601b064ee43dc929095e55513

SHA512
c6f76a3fafe30d37c5a657d29836a303ba241aaa41c84770bbde1c5febb8b2425bb2d3dbc5d6ec2317dc0a0f2d738c3d6746035550805d4aeea134e1c1c1a4fd

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
79KB

MD5
bd419b4f3c0f6a3d311c2879fe8234b9

SHA1
933dc3365dc8a41d7ede87578e76cf70ca0bff4c

SHA256
928bacdb4bc1bbfe32dd30afdddd78b9542637720d39a96e5a4f35554e8064ed

SHA512
c265441eb25c8dc5d565e910d807ba16e267872ddd33752bc80eefd25e5915de26d178848bc930cd3cb62cfbf81acdf48db137007f259d1f18608fba949ec4f1

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
83KB

MD5
3d17e96747daf523159fdd30e865201b

SHA1
0512a785bcdf8fdcc512d4100756a958de92dcc3

SHA256
e1122df2c239a36e69b3d55a139e16b788e05041d50c6471aea96555c274038d

SHA512
8ae870f952d64e6fc92654266872af7ecf37bde7c9c1ac202a7ae558624c87747c6f7153bcb0381f959870082bae86bc3707993e72b8a03f9025c4e5b64d0637

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
82KB

MD5
bf417283dd80a679bed6173806ead26f

SHA1
1e126a22e78bb8e61a7963aab6b37bc1a3d77681

SHA256
70b8ab4fe1c2ed0162e36456e65c59766f044450b939627efc5c6d004d908142

SHA512
dcaf9f16f0e30abf4b12086664979caa463a75e945b120c72ee76347a2d34ec94396077b0809192149b3a3cf7ff8451f3e29edb865f8f04b88443c9504c149df

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
83KB

MD5
ec19b107988a241a6688bedbf232597c

SHA1
4b449bdfa0ae755cf859af1d9eb4c976166fa3f6

SHA256
0dad28a902fb5ec96ca6ad295c5e628c88997353acca67276936feee4fe74e2d

SHA512
8392928820ba90c1a8d4431519f7c3d1e480a587a56e9788681c29649c8e623739b363318a009f72e4902ae93bb5f0ce8f905cb374d9c23207cf6905da2eba0d

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
84KB

MD5
99815526a4075afbbe793aa259741274

SHA1
25135fd2b1a9ef45930da1f232e663438aa1bd48

SHA256
7d266038cfc077d70f8f1bad9786cf77cce65e8a717a5bdd7c901fd70c4512f2

SHA512
5e5f2bfa56cd363aa1b15637aae16923b01ed3eda68558e8359da5342a5eee387c7c63d31169a3ae373133d780cf2ef52a6a14c815d236e87b795ed2bf231d64

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
81KB

MD5
742077026f0dc683a6ddf00dacf1d143

SHA1
d2f1310e6c70f777c058203a6615c8f379b8bfd0

SHA256
02c1ab74720b5661646be110a1e5ba13ad96022d935e0c177f89dca601fc4532

SHA512
b90c25c04e20cb6d86821f0a9262e1930f5d97123e4988564b8b42509705b53a8c4b4f3df065365a3b0b5486ebac3d6bf89471282b318048eec1b567d9c9300a

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
80KB

MD5
83f01a8c979db132cf11e0f0d774d1ac

SHA1
18d82d14dec3d37202d4369bbc7a00ca7512656f

SHA256
996eebc09e777b7051a47a8ee5ba6ced17546921a4a01c6ee9041c116fbc1641

SHA512
d9dbf8d90df0af63b811b7d20deb7b27816d3986e9c63e0df6140d463ae82af123bf42115d64636c721f65ee5544232cb744687b771af3c32f1f998b9e9436d7

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
91KB

MD5
906dd8a9de2e7b644835b76e218c8a25

SHA1
aaab17ed46c628dddae4cd66866b5bce502b5c48

SHA256
f0133aae80d4b437b6f2ba2f606909f986cbc8a1bcd723a4735127abe88434bd

SHA512
8b650ab9f948b683c36e1e72ef1b2ab6c37409470ff65ed20c7240d75efce06ede30adfcb1aa1937cb0d63113cae43d09fea3bf68290758e8bc7a0c6f116a396

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
91KB

MD5
8c4126e6693b2a85cf6e13898dc580de

SHA1
0fc8cd16665a13296378193bab01d1dd97c92e3b

SHA256
ab54044ee0f07c985c103a4865186756ba96f8c4199fd93b8d9bcc3f62a4273c

SHA512
82fe61e83f0c13795f746bd39e457cf7597e3c69535aa42c2af916b5ed37332cb9a693d1c615ea81bd541299bebaec0e5b394096771ecc00f4c66210b84506c9

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
82KB

MD5
110deb468f82db35088e474d140e108c

SHA1
0ce20c5e453c27e779f9d2d64bc853fa36379b6a

SHA256
7b26aaae1fa3cf61f96c4c7284fa61442a32c3e0af6b2b9166aafd51f153c4bd

SHA512
52c08d950fbbf451623f30932947f4cc52ce3db363078db8cfe68f0a98899cacdca57dd4d944de0602bb4bb18b4d21cab85143e45f5f17082691809ad1b29cb2

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
84KB

MD5
6ecffaf1ed64633c9c9132ae4d4c87e6

SHA1
ea089cfd7bb601e31ffccd3df0bfe7d11ccabcc4

SHA256
410a5b581be941f0e95445f7c3ac3628c4066f56d6f93dde54fbb2d896c7dded

SHA512
54dd3ae0f440f5ceb2bcda5f5583cf202ccc8c2eb38ec6d27c5c80d888e5dde3904f9f5f1db3f6ee0518cdfb6fbf1ee01e634282f39b030ea2408a9d0cbf3fb8

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
88KB

MD5
7a7014d0cb8f5997c79683fe2ac96f67

SHA1
9e349762afeb2e54451031a8194af2970c1fcc4f

SHA256
5b69f9d0993c81d10f289fd608b19fd9198cd873c8eb52635bb814a2dbeacb5a

SHA512
3d704ff0efde66ab48d45c5417e1d1e3a495f806ccf974d524ba9d302442dce54c9cb2c9359f1d9ab6f47b6d43542b65eb102cbbda47bc3934fa208842b041c4

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
82KB

MD5
f2e1ed170c8490a3fef2193c72ef8550

SHA1
66968b5509181d1591148dcead336aaf1c69192a

SHA256
47529b1627a6fbec174532edc73763e8945349070965c530613cc95e0ff93bd8

SHA512
7f5c54fd818db293bc80f4b5fcdae784f42973abbdbe0e6e3f6646415602c8d0406ae38a305870fbc9ce851614d5b45de7dcfefd6039fb308593d9377e045c05

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
82KB

MD5
84f494aca585b6fc27c59eac7ac5f89c

SHA1
6e1f371c9647d6c027e91c1dd997cc30a0f97e3d

SHA256
2e7c1d85afb5069965bffc287bfae8bc4c3157ad843f24bf26315fe6231b5314

SHA512
b290cc50c4f7378240d85fdc5f3285fbb587d4401c766b83f49ef8d477f43508cb4efc8d72f72f7881db3052d9eec84bbd330b025cb871fe1fd6839b1eb37090

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
83KB

MD5
2625d866f2c590f2265b51751a88036d

SHA1
acb0d69c21d893043511fb94f16a857c80548df4

SHA256
ad9d5add154478569976f169e7bcdf06a6f353dd6f45067a2e27bbec04285af2

SHA512
00e337162617dfe26a3ab7a7764171c7236fe4c487a8d0f27fd7374007039e35643b6c0852968ea5a4de3390a25ce61f6060f50d40718c2426244173d2e46bad

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
86KB

MD5
ab2ac4718086b440611b4b9fd3966fbc

SHA1
a9e18c383b674efb92a972529d0bb7ac595a70f4

SHA256
8f269ea074aeb9446c29f7ec6b5ead7660f0d20639789a04f12e102473f35297

SHA512
22f2941bc6053f2de42fad223d671f16ba26f9adc1b00538e629cc3c602dc096357cef7a3bdc43158ce33c611c22c3098385181c44526cd75b234be598ff5815

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
92KB

MD5
061108c9d0d40afeb0613d27ead2d38d

SHA1
b1ad1264c320bc437c47cebc7b6a212e15b31c47

SHA256
bd81dc12de461b4b10a548c4d68fb1bb6dc81f7cfd4c95bef5d05d4d3b66bd44

SHA512
f6f8aba9e73c7d1f19ca4f25061e3a19a6b91c10f66ce2505c6e29fd2d488370b313f6da257ec666d2bb4915a5d192dbfe2174ddba592fc1d7a38c6024ec9638

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
72KB

MD5
42b945f866d760822faff9d813f6dd66

SHA1
6580d25ad0fc0b86ddc94ca7f14c09bf57581020

SHA256
78fad003b6f28507999d5f2c0efd8bd7410cee570f2eab76ca6c41103927bfbd

SHA512
121533282af6fc43b46a9d0a19b5b7c17708e32cf0fe017861d7beda6662aa458805590ec3d0c1baf8369f33383c80020115a83d635cd323b2c169d8bdf4cadf

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
82KB

MD5
e793a3c256b6399beaa1c40d75e1ca15

SHA1
c6c8032d25c8ac2d402e74a9760b4c803e389169

SHA256
90576c6471e9b91c5ee262da624207ac981ccba3429142f41c20fc0ce6229d34

SHA512
ea9f18878b1720f105b311647dfe21d480f21d4177033cb32484af3061a6781dafca15d0dbf3e81a16c659b3dbedd7755f4d79f358bad7373b327e335145a44f

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
80KB

MD5
5f1e62af377a961f6b06c14546db93d5

SHA1
f39ef319b5045f16fbb309c17b2587135a111b17

SHA256
024994c575e2c561e921cbd760fa7d516592929ff397a078a27874bfafe66e93

SHA512
81c4ad2890dd4f8650e0e9fb1508716cae8f729ac320be1bf0fd4d0073da587e9674796fc5a9aaadd7a213866680d7ea918e880be0067b0ee8d21627ff59f440

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
86KB

MD5
f9bedfb83eb09a3edc6b1193aaacbe72

SHA1
c21329574b391453603a051a03c372fa36846fcf

SHA256
c060bb22d6ffef9e75d4dba2aa145b588e0b15a8f56180d8212c6a1014a49487

SHA512
d2427ca4171946e3709fdf7e6ee0728f6c58237aa9a52d3d21cd5cae8a393e706a61e40b8fdf34e6ac3baddd731e3c1647c2ea6f78e18b2fee10e3cc9fa86d82

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
74KB

MD5
7732f25000fff8a3bb09d24d41e22625

SHA1
9becee4a594f21e3ae47a4df3a95c930049dde9c

SHA256
774cbda5205e439e31ab89aade6d14c9be24b6569f77b2862d06ba21046cacdd

SHA512
10d303a409e858f96af7d2d82593ba26872563dd3f8bb31090da128b8cff80ce0f5198b60333d13718cec763d1bf4da5db2683ea778155af9da36ee2bdf1799c

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
83KB

MD5
c52527127e7d5b6bb5719f47a62ffe65

SHA1
406ed8d716abc1d0aee0cc2e51bf1f3e899ba8ab

SHA256
6e701da69069faa1606292106725f7535201b7516fe502056bf871a8ed28c6e4

SHA512
7566404da41af74cc516fdd7c12a207a2b19bb5af861339de2065b89c4a204cd8da9e02d7bcedc5d1745a87684b33317ad00e9e370face6d0a9a594b7692667d

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
79KB

MD5
fab34e33a2565c873149f4e3980a038e

SHA1
1d5f00611556cad3c599290b54643775ca31bc05

SHA256
e0b5811894b3f190fa5c33860648ea06067d74eebf7af043a5ccdf986a1842ff

SHA512
de1985fb9a414ca3320531f278750d5ef82402679bbc751d7a8d88211e0b5ab1ea72ad212870af53ddd0c35b178530d8e9d38d3dac26151e027154a9dff76248

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
82KB

MD5
768014d932167a28264a483337ece735

SHA1
d0b0c60cf9806a58a0a3a2c43851bdcd000c0421

SHA256
142da3758129b68ec470ce1215d4108829fb9b081f8bdd349049a612ff225751

SHA512
64daadb6d57573d754f8ce65a0a8bad5ed9d92f8e4b5b8228a4e16976d3935d7b7325d4d14e3406aae10c40fa1b81478e63197f5b73ce00106f60882747dacdc

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
82KB

MD5
6e5a062d6d9866bacc7ca78d27f0f252

SHA1
ed95c8c3066e3430292154a76af30c21360e66f7

SHA256
72146e6f50d8379dd2ad6dfde953af6094e21be05bfdf32c946373a4b4478db6

SHA512
3d16432e0528760c9b01cd43e762267286b9ed01bd416e606c29b8988d27427a45964fd6d34a25b19fa979470359f9c5ce43be047225b02c6e24d6ce977d6707

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
95KB

MD5
5d023426b986b42c43148b0160166f9a

SHA1
23fcaddfb49a3951dd3f651a1ea5f443ec3f0ac3

SHA256
a668c07ff1ad6cf740b88de0f847534ec0c5b1908bc61072bb092addf7ef4e46

SHA512
0419881375423e41f95e8e2c045d1abd3039305b158600c6af4211a098ee24087cbb3aa59a9c9bbf2929a57477e6c65f48822c5c47409ce0783b93fe6e809e71

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
85KB

MD5
3d1a957ef33e2832765e25ac51683a06

SHA1
5e3ad4a211a2db14adcffe2c0b4705afa06e6485

SHA256
379df227515ab4793d2052f8161f6e6d24b5a7c01f6eb675a0827cb828d21f5d

SHA512
b7f233702cab5d7f7dc11a82d21b4ca671f6b36c2833784aeb34303ba26c2ca4315e4719b953d88721016f44ccf8aa086fd00deff6d48596a4d3cb22feba87a0

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
79KB

MD5
dffcffca0174ce59e0602036b242fbe8

SHA1
0894412ad944e805f565ed76dabfba23f3529198

SHA256
f22174c0a9badf501d8e5a34e3610126d91d92bb26793ec756ffe85be175a722

SHA512
353ab52713f62f072f16692f9b492b557c3621807b32d8fcf59b2aa297d8e6e55adac09a08f29db84d858ad3f5a6f4d4377e701071aad8df0f2d27df524dd770

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
83KB

MD5
1761d30cddbfec97d464c24cec8c67cf

SHA1
2eccb688403c3b1996a082ea1894a5416aab1e5f

SHA256
ff54e9b9f1ea80d8888a3da657edc808768448362960394ef7a99ce4e562e2a7

SHA512
e1e12a207b48eeeed70588428e739041d99647d38c7e1cc4eb51f8cb64a7fb853cdd2b9eab514612d9fe9e117f97aa058ed8ff5e34566637ca1213b67d8a712d

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
74KB

MD5
644d80887edba4a43382ec7c7332e5be

SHA1
11f6c4d9e92e59aad630102db9b65d633dd9d5eb

SHA256
0d64bfea4b8a2b1de610b37ba48653bdf1c5bd253c35a827d6cf4d154dc2abba

SHA512
29856c06508ea11ecb1e8808820ec8a8877ce71ca938cbfa86277750c9749c5843c3e104a336ed8867d43949953e0b1fec6a27944c0c8b93a76fea099d4374a5

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt.tmp

Filesize
84KB

MD5
6041ae0454e7a84c1d515940afca4cad

SHA1
f84d90116bf69d122029045b06a30eb670d45959

SHA256
62c685b2aa424fbdbba00ff339334f50c8e9526fe1c0930aff05432508c80853

SHA512
a6a35d38e9e42c65662f8a0f7447535240ed257db54f884749bac41c7a1ee931fff9c9a97c0e97e8c4fd309393b731495e1a3b2c709a2d6f5a9dca2fa7c2a053

Download Submit
C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

Filesize
84KB

MD5
6cd5664d38797ed8e934b5b9d490dfb6

SHA1
ecff38df9c7ff5461211ce9d97c0d4a9e3614221

SHA256
3ee89f9682690840cd6887ee2f146a357f84ec4fa6fbd5a0c7a04ce5f31cbf2a

SHA512
63477028ec1cacd39e8164e5146a021e580d044fe43e5b917b63196f0e9891f1a4a4f48c9134e72fe6a5683cbcfd44d76b259217f93d0c1bfad287f4092899e1

Download Submit
C:\Program Files\7-Zip\Lang\ru.txt.tmp

Filesize
89KB

MD5
29b95716eede2f3776dfcbdbed7ae2b3

SHA1
cc27b3f43d144c0f69609a335aa63306d6756cdb

SHA256
eab8d10dd9a7961286d713c1f8f05565663e141cced7c291e7a47088fb7e56a9

SHA512
8f57b5cbbc2be642f833b1816a8d3d5b66319b5c1a17333b2f51f0f4c06cd5bb77147f2f66de9eab60a78d6d85e3d50f2a8683d889e1defac8f004994db834c9

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
75KB

MD5
3f25381eae035f200460e8487f353235

SHA1
6ef87094885030f24db057ef4164e68f06d14f46

SHA256
ecea85551ca538a731e1a98817014e73e7636ef00a9fb304025d0439e80e0ef5

SHA512
af17252edeb6f49fa6762ffc455aa733de84c004dbc43744bb1af13c5f5ae6d95a98ee3328ef43286a49c791a89703b6f80e65d11607a0afc53b3bb859d51653

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp

Filesize
85KB

MD5
eada6210269bb9e9378dbc233d2126aa

SHA1
ae22576498d2e99d1d9de410facd4293cafad4fb

SHA256
63c74e7b2231b39d51e39af04d082c98d63e84f8e57a00179191c79df977bdb1

SHA512
88f2a96ac8bc21398eda420c57ea48d57aed18ccf35cad197bd294210114cd16d7dbec528c878539dd24696cf328e6736f4d952372d2f3135930dc2ca9e1f1b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

Filesize
74KB

MD5
ef3f28047e7f1f97567335e2ed7f71d0

SHA1
e2a8b0ec5150b33e792b11dafa2c8334a3375e33

SHA256
9a4979295255bb1b7ada151504593fd253dde3dae0932b5c52ff9085a52e43f6

SHA512
006952850ba332cc21ca6487ff5800a8fc190c9b80cd5108335dac782583da827d3ef90f696c9a79550835b02bd0f66d79d025ce6d43c0eb0a0d09e64b966868

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
74KB

MD5
7c4676542eb51706f33918d2f4ea13df

SHA1
38653bfb76f87f0ecccdefeccf997aa419208edc

SHA256
5059da5ccebf683ebb575701f168231df5b56bbf788ab9de9d877bdc3e884390

SHA512
9622c5e82b6089c81ef1ba6bb6aa80454e324322a6348e5bafab44ff6fd14750f85cdadf990d90f5aa5d3e5ff4ee9a5a8b21d72b593ec743b1711119c2363328

Download Submit
memory/3352-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3812-15-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download