fdb2e82cfc9739f0a66ed46bffed50c4b17470374bc882664847631338f06619

Analysis

max time kernel
120s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 22:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fdb2e82cfc9739f0a66ed46bffed50c4b17470374bc882664847631338f06619N.exe
Size

173KB
MD5

1c4f0430fe44994a5841d10517cb9100
SHA1

8b7b4ae9daa460ef7ffdc80cdb0148524feb1391
SHA256

fdb2e82cfc9739f0a66ed46bffed50c4b17470374bc882664847631338f06619
SHA512

3831f1cc2e1237e92d3d6cbec3cbe9c24f75784db5b91a050cdec3a16f66301e727bf196f82805eb847dda2a24389fb1b87aff4c388447f197f50a0e2aa1252b
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBF:PqFF2Ie+eFYDNqFF2Ie+eFYDI

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4440) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
900	Zombie.exe
2768	_desktop.ini.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	fdb2e82cfc9739f0a66ed46bffed50c4b17470374bc882664847631338f06619N.exe
File created	C:\Windows\SysWOW64\Zombie.exe	fdb2e82cfc9739f0a66ed46bffed50c4b17470374bc882664847631338f06619N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsFormsIntegration.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140_1.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-environment-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.EventBasedAsync.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\gstreamer-lite.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsBase.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClient.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Controls.Ribbon.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsFormsIntegration.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationProvider.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.Pkcs.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsBase.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.TypeConverter.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Console.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.ThreadPool.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\wpfgfx_cor3.dll.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\mojo_core.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfr\default.jfc.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\javaws.policy.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.Wizard.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\management\management.properties.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemDrawing.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sqlpdw.xsl.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationTypes.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-pl.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Console.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Extensions.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\tr.pak.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Ion.thmx.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_desktop.ini.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fdb2e82cfc9739f0a66ed46bffed50c4b17470374bc882664847631338f06619N.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3328 wrote to memory of 900	3328	fdb2e82cfc9739f0a66ed46bffed50c4b17470374bc882664847631338f06619N.exe	82
PID 3328 wrote to memory of 900	3328	fdb2e82cfc9739f0a66ed46bffed50c4b17470374bc882664847631338f06619N.exe	82
PID 3328 wrote to memory of 900	3328	fdb2e82cfc9739f0a66ed46bffed50c4b17470374bc882664847631338f06619N.exe	82
PID 3328 wrote to memory of 2768	3328	fdb2e82cfc9739f0a66ed46bffed50c4b17470374bc882664847631338f06619N.exe	83
PID 3328 wrote to memory of 2768	3328	fdb2e82cfc9739f0a66ed46bffed50c4b17470374bc882664847631338f06619N.exe	83
PID 3328 wrote to memory of 2768	3328	fdb2e82cfc9739f0a66ed46bffed50c4b17470374bc882664847631338f06619N.exe	83

C:\Users\Admin\AppData\Local\Temp\fdb2e82cfc9739f0a66ed46bffed50c4b17470374bc882664847631338f06619N.exe
"C:\Users\Admin\AppData\Local\Temp\fdb2e82cfc9739f0a66ed46bffed50c4b17470374bc882664847631338f06619N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3328
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:900
- C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
  "_desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2412658365-3084825385-3340777666-1000\desktop.ini.exe.tmp

Filesize
173KB

MD5
29865a9cfd7c2ecdac4b75240e77641e

SHA1
2b97c3b3c8065f8139360ebb6be35215c5704eb7

SHA256
e3f3d386424ea1a06661066794e93114fe1b3b7acf94ba011e1087c80e0a3c66

SHA512
c90846144b53bd3a35cd045611699f865af36349e78ffb4064e57dfbd9ed7fed92af9742915e34455efae9d0df348e0de59499efb7ed341b16ccfa0a7a492bf0

Download Submit
C:\$Recycle.Bin\S-1-5-21-2412658365-3084825385-3340777666-1000\desktop.ini.tmp

Filesize
87KB

MD5
83740a6c9c0b1da8b2cbf671ebf83003

SHA1
48d3ae489685e9b61412a94758335c7c69e27902

SHA256
059c335b1b34fa341465a92dc52edd9707c1871c0a92130224ea525abf3ad29c

SHA512
7c6d88e1f084a4ac50857ce01f4affc6fca164497aaaa243b4cdcb4721dfafb10deed5bba04a21cf9718639375f1fb4ce3b0ce5d55e9877fa23e0ca6116872ed

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
199KB

MD5
91045bccbede9f785b9921f3d78fbb6e

SHA1
c19223214edba119790d3b7fad6c37db3d995ea3

SHA256
a290eceb43c60e7e1ff832c9c4908eef08d496e898ec88d85b801c1d024db659

SHA512
ad48f2c0f3164c14dceb9d077afc82f3d77de9a40b99e610e04004581ad4f503f77a60c1ef4be18d6d87334d279c1151c5999947b56e407f6aa40ddd0bc7930f

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
186KB

MD5
377c1f8319a2ed51d52d15d21da044aa

SHA1
2e91749957164828d251973ff2c67a401977a6c8

SHA256
99236a454211b9fb89091a2d2c1cae46daaf15807d340f5051fd5d7b156f12f2

SHA512
d6057ba9b5f3128b45ceb822c5cf85739260071eb80506846a05b27a0727aa62cd6ad45a4c528dde85cd18b6bd3084fc89f9df0b039402386e15d2303c4b39df

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
152KB

MD5
7a82c4db5b70448744ec92b29b92389b

SHA1
d2ed13f0ea52e005365cc3e36cc8ce16187dff19

SHA256
069a8ede7e1da493629d5bb21e2be95ae55ee0da771b579e1f5242ad1e78d9bd

SHA512
f7ea52c20d48734584585a81c3adf011c27ac92c10cdaaf5fd0122248a163ae50b0b1a7ade80a8038e90e73bdfd31cc9d057f45c0db2b7e5ceba964163199c0e

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
9c2f021fa2f1da3c78ae1fe5618c1046

SHA1
4c4af3406c19f0186a67265d1b8e1f98e3667d11

SHA256
1e25256f1b8feaab7e2d535908fbfe18930ada9e5088ec1683975e680e417741

SHA512
df9b3234f04b34411592e803c30bf47c843d5047ba18a883aef37de65dcfdda60df5f4c200524aab3a070d979e1452e377ee0de8be8ba7709d10cc3c54c80ab4

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
88KB

MD5
6f8840501cdd20a74e66cf5da5e9a6e8

SHA1
264908b95a0430a2bc9638da11e84b26682243ef

SHA256
ac0b99427a8f74a73488e8f0c95702417df343854c61c2051f0b9565083f42cb

SHA512
71307b9fe4932ade68b6e9f1630c4dd6a2ed7febc2d3e45d2036bb78c84160cf01df92bb80af54674308aafec33c67e39e79e31ff1d7aeeffd7f2612d84253b8

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
631KB

MD5
228e1c5d630f6770867f5558a93303d3

SHA1
9d210a2dc9539e51493190efaca954da79c380e9

SHA256
5d1e4a58d6de990928a700cf34f681fcb0b9e67bf5b557bf2655bb635f5d82e8

SHA512
3b2bef7b1a1ebd6e0a2c57851586a80bc132ce948057652371fac4032602b7f3fe0a7616113860f757385d109af1090afdae127884e1992833e41b192b7a3728

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
296KB

MD5
79cbd7479c4d8225be70319b7ecde553

SHA1
191d51ffc5c385d63e0e2f27b1ad6a0475a48af2

SHA256
23c30d067a4c79cb978dfe5c7bcec4cdd0f5043951cfe4052097bc6268faa17d

SHA512
1987e8f3778e0e2d8f22ff4896fd0fe9ab653a98bc82c74e3dffd0e2d2d4bf78325e56bc6852cef81992380b01075e7c568c86218e506e64b4cd1626e999a80e

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
275KB

MD5
489b7f3a353bf79ab4fd2a30c130accd

SHA1
223862586bdd73b891e78b18dec45e794102d581

SHA256
00b1f089166ce6908b3613ef797a0dc19d27512c3f9ebdc367d9535549252a43

SHA512
786634847c8b688f8ad7a3a03ebd86d1bf76a907063b4660aca05969821ada964558169e790fad2bee22dc09d9641a55a70b95812d383fc28b5625abdc4b8327

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
1017KB

MD5
89d5ee8252fc97b751a6485a1f011c79

SHA1
fb9b499a0e35ac588468a6c0d661da3db3bea973

SHA256
f5243b74ada471094f9fe97332911f3085978a4ddd331b116e5eacdf627350e0

SHA512
b23f70d4ab173d838360d5ec23d546a74b9df82285cfa8d5688399cbc62d8d123da84138383d79bd58a65cbbfa43f34f075028f69380b2509b5b501d027f542e

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
771KB

MD5
d8ed172e9c37b700364b4519bea67111

SHA1
83031fce0a703f78fd52ff950310ca711b0c2787

SHA256
f521c71d42c30de5f7ebe63431af257d04982c5c6476a3e733a03245d94a72b5

SHA512
307a62f45500b7713111daba9ed6c1d3a6746fbd8e56d6a9fefb8d93b8b58a0bd3865afc3a3f482457551f47491d61a2fcb7275e36a4ac7b4c371368a4c37c1b

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
144KB

MD5
37a88e01961e7c6801bab6677b446e02

SHA1
e1d494d8d1a387ff37af74bf7fd4f00cf9617bd7

SHA256
59c71f373cdb4c4898366f32a8845f763b2ad8d0a0759f1550c061ef5fe26808

SHA512
2806c346da8420c7e3610562c423b91da399d958033d92ef7736ccdf6329be8ee4df57581f10f01a52875a8035c031ec1c39192e5f5fb5438795bdc8aa17be55

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.exe

Filesize
97KB

MD5
bfb2d17ca74c135c41124a6b93ae49ed

SHA1
50e2907acdc9ffb81eb17af8294de4236048f931

SHA256
8c00cb9e8fcde7b1640640f1f3f187aa0ef62c6f7454bc18d298389928d4a384

SHA512
e717162c0b050fb380ac5c2d452ed50d5efa5bfc0ea73958b9dcc8a3bf5c7c946bbd2d7d434266e5f57552b1c59c060b553edb488d8464db8b9e3454ef5615bc

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.exe

Filesize
94KB

MD5
cf9a2d1ad34b2040ace919ca2c6b5bd8

SHA1
fcaf6375a7866b157a1b750b8baa9cae1681fe92

SHA256
38af73ce1569d2f4be2611e4d52b7c98d089559fb338fa05301ac70ce2d099ac

SHA512
de39110e295c4f176d2e4e68fd3b02761bd71eabeccf02312dd709263b93a2de464238cd8daa59a55ee06ce4f42e7c66b6255258a165bbe42127444d3dec4dad

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
97KB

MD5
51f1dddf5e4bc041153fc2ede9c5d4c5

SHA1
e880eb394d2fcaffe4ee80c8b93bb9646705dbb0

SHA256
a2b6788c851f9ad821a59194a372be93cc24f8cd3d47d8935435b01b3b8ad621

SHA512
c37b260751c7bb67a007fd177e81c7dbc35de80bfd9f50407ea22ce24331f189be3aa2dbf70afd881d5003d163793854c996645a08769700ece8a22532ce4f70

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
100KB

MD5
37616e2bcd64d6e1079cd2e82468f674

SHA1
cb718f07483c6d62d25037ede8f0c1628b551e6b

SHA256
8a09a3b2363e85d6dedc46d1be72f892e5e815d8ca82ecf9f1c07f08e39d1a01

SHA512
6a3671f5d94bac6f8e9df526e89a059a8a835ad6f33aa555c52cb6169f6dd955d331e3e62002cb2c444b62bcdfb29376388795738715f8f49021f43dcaceca1a

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
88KB

MD5
57e9cb68a0db73e89b01199728514168

SHA1
78e5d43991da6ab4ac6d3ef042ec27c1bffac23b

SHA256
4ccbf1fa2a90c292e70f2e4b064ac3980ec852e5375fe96f466a1c57bc5b758f

SHA512
eb048283631909b2993367606f12c7aa95b5d3106749e58c10c9cf2d06356ba47dec501f0146e4717f01aa010663156131cfa42bffdad44b9b1b0e835a537e98

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
92KB

MD5
d7803a509326e278351e52e61b78cb1d

SHA1
73b2153c4eb78048e10d177b348ecdac3390ad1e

SHA256
8b66a4d3aeabd313d28a09c4035d619e1b7a77716ff632b1390bb179f5edfc73

SHA512
6e4e325137e0af4a426f99e7a4acf0c13719abc990b44b049339c9e76842ffe27beaef30b1ac6e1f075cd045d0b9342d7d0cf602e4b041195a4e8f7b60dc531b

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
95KB

MD5
489b582b1daea9cc35950eab8bdc630d

SHA1
356ca601755973a6774eee0a4c45eeb7021577d0

SHA256
d839aa5370a2200a43d07c4f768b4a22be3d9328832669dd913f1ad352012503

SHA512
9ee1f3c05733ec894263febc5c5e7b3bbd433af0738660ef97b0cf75e5ad6be7652081e1bf809fef3ee667d32b35c1c1b3ad8f434857850b62e8cf185aa1c8cd

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
97KB

MD5
a6c363e6a17392710abd96574d80f3d0

SHA1
f7d0f12cee08918dc5537970eabe4e9654748dad

SHA256
efe8cdcdc927f6cf0fe3539bfa900bf6bb61f854475efaa3b70b704d8a850b00

SHA512
b621058af5d309a135a07b89d96fe4e578db4b0d385ade49a1ce45905f43d2f80fbdd7b07de41fa6d5fa7535c0561bb90b50742365e7608f31eaabfc62a11683

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
95KB

MD5
184e4f7039051430b503810fdc1ff87e

SHA1
7b9290667612865242b0264f46def960bd5544fd

SHA256
e414da264f5ebcb56ae8c548b577053ad1785d04198826ee630d02e8575e903a

SHA512
f3380204c42f731f205c545efbfe287c0fb4ba587ef40b957f08a4dc597b8109192d08d38796fa437e4a3bcb8cf0b82ebfd82d203423fcfebeb21f34d6475aba

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
96KB

MD5
486bc6b481b46e92cf4aecf12fc088b7

SHA1
b5f942bb711163c7c168491e48be9bf9ea0e3c5d

SHA256
4d00d05b97154e35d4b671a62acbf9b2eaa572d5784b058c77072a5ab6743898

SHA512
a62f5b9506c14f04e380e6e63b86471674d85d0da9a3d5c0cbe80f503cd8d5e17cc8755a935d09fea2a5201ec495375152bfb1e4ad34d8fb504e1a2064eeb48f

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
103KB

MD5
752efef58f203cf4551c07f07641e17f

SHA1
554b18c6180f27d6f0dbe357d24dacb8524324bb

SHA256
8dc3abd416867eec99b97a6a0b16f16cc64b17c05080fea43655d86233169c9a

SHA512
a98324213d378811fe0ade90e679e3a089bb402ae8677a60a78b6cb8941b01e74ddca753c452ca3f7b1869e64dc46e5849ad9f5b656a37f76803555497f1ba4e

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
94KB

MD5
b21d89b3c8c279b1bae9a2dccd7660cc

SHA1
e3ddd348b8aea30e353b1ec8340535d9a6836a40

SHA256
f41211d01c4f12332ce6ad7a5a010c6b8ece227b1f77e4472d5d54d90a4cc9b7

SHA512
e1634d530e7ce50e8845a100a886f847b26d11b3b079c2ddb5389e5bf04fcfd932c32e4c824a19b9fae716c4404390b7a410f07a73f70f681a98b2e0366f5628

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
95KB

MD5
26595d6d2f8fc473ae221bcf4c284a70

SHA1
38136ecf810e2c47bcb957868970b79668d66f32

SHA256
6d127297141fcad17c8aaa12c772ed3803c844b65bc952581d03cf4f2856ab6d

SHA512
d851d4a398c1932455f3c0e747e951ecd8694661546728a03a8a09997aee41e80b0071b16fd83cbe0b1788a7d89f706f4ac456049ab344a45e927ddcd9ddde2b

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
93KB

MD5
fab6cdad4fbccb8c2d91cb23724c0eea

SHA1
08bbdb94a45637c0210f22b6b4d2a305789149b8

SHA256
a5f710c2b1ebce805343134603b492dba17c23a173b368017d48579fb1fe069b

SHA512
e66bf509dcc66b179d9c00ccb691d6bbc26d08cfb407e06377def868941d7d5b1b1ae2844d4de63bc6eb08af28bd32d345e7a94ba8480ddf8fff0874aecd6e53

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
95KB

MD5
e2b9141ab09815ba0bd808d399610a89

SHA1
d1512682e52ee517a0a87dd1520dbc039c4ee0c7

SHA256
96d466d05c8ae87dd4195f2c23e958b2590317fb28108a7af1ae5212f2756e36

SHA512
50ff1ab853d6ce16391d4e98b51d45cbb906132194f61904124ff848c5238ea2433a00d3d1df7d1fcb01605f9478f19fd6255c66f67320273d7f1ab6e6e7c85a

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
96KB

MD5
2fcb4d216df7e3a506650479c26f3468

SHA1
16d79386ce54c9247829deaeeda00cfa9f306266

SHA256
29e6572ea2f1866eebeaec91cd2b60d489e6861885a319e43661980d60534f4c

SHA512
55d2d2a2268e141b423c6eb2a9ed235a3597971d3e00166cc0b45fd367663438b3baac364bb29292e539a12ac119d895c7c4910c77110836f64d58074b7b4982

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
93KB

MD5
f6edfbfdec81e56c04034c06a7458a53

SHA1
16626ebf1f8bc9cd94c51494fddcea2b3d37d8b1

SHA256
e26d7c22dc51efab0216290720b3544f80a029fe14daddf4bc8f869802e8b3ee

SHA512
11531182da026cf1f19d8df8b25a46f2ba2a6f68243f86d19fff5e1cb1e8a915400b8e1b24fca278c898026b6880e4201f4ce9d37f61296500397c85466802f7

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
92KB

MD5
c9e6f0884a2cf2d005ee3ac2d3f1475e

SHA1
28e425a3e453cf742a502f231a71e330cdae2386

SHA256
b50e325bbe876f677d2806700bb85d44238b22c04f0c4cddb1c8276b423c2058

SHA512
d4c2fc31acb87fc4cf3a6a5ac60797d2f2635aa6a5ffa8482e891ce2f65058cdea6fe4db86b1eac9bdc34ea407c2c49ce080373ac00cc7c3b65c2f1e4df168c9

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
96KB

MD5
059b856ca97d773f900bae99110b202e

SHA1
0ddb8034510c51a2efe88be0daf05f147ad5c5fc

SHA256
9390d915c9782bbc8f15dc91f4bf84287479ec85e6390147731bfc307a0bc80d

SHA512
a6bd1dba1b00b80a5a04af73ca191886d36ed89c0466609d3fc9bbe7fc9e326025edc2f5651c9c7854cb6c25474e37af2db7403ce71b4e59b925f05d289183d2

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
104KB

MD5
99f6d8a4692fd414c13997f27d387de9

SHA1
d1e5208c8d1032454bf9dffae6d8c13ad3cb89c7

SHA256
7a3516a028ba379837f31f4bd19d116637012390c8278d061d8977cc2e1acbf5

SHA512
31984370241f7964997748ef013d3e67a7899924fcacab528115fc66d7c6aa8f4e44baf0f53348cc65c07c0ac6a10910dcc24c24f5961ad2c112940e2b1b804a

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
97KB

MD5
a960c4773f70bd62b72958864be930fc

SHA1
a399ef9ee53dfcf338572db409b6427245173595

SHA256
4dca9964b5e86de68d4ac45651f0644e00e92f24781bb93e13583a7f826d3945

SHA512
ff1a6e26c3ea663fb85a7b956c6cf49ea8b6aacffee1b71d29ec9902abf45a525c41a8c461056d6fbb82d860a2f2cc0f7b84f9a3eaa665e142bfe25bb1e11f68

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
104KB

MD5
f07e7f360b48190a9b3824d23f9be57c

SHA1
dc09664c057dc4788ad37f9cba15409e1979a304

SHA256
a7327c345d0d2a24dc4ab2488e8b58ae448cf051393fe19d0b9a7114ab117a17

SHA512
ce5ac106e376223d7347e80c11858a9a106be40fbf2a0387c7c8bd30b9c09e2c17768107972117a34b1fba30de97990765ea910183a13e80f3e3d585c7172d3c

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
95KB

MD5
39a169034cbb20d2e5dd88fb64a1a619

SHA1
d8c9cff09406ce1bb53b80dbfae300b85495a2f5

SHA256
53006eced44fd4f23e0d9c54385877f45c28c80b9f7b7861d6bff0d45f1a0609

SHA512
0f357f02f3666e56b813c74feb5f86e79b885c984ede6d0c4ccd7cf41ccdfacca12f1d28fea3fcd41a1e22b14a9352d14b130dd094963365eb8d1c6967ad647a

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
101KB

MD5
b92ef64f049d6beb116402a57dccf2c1

SHA1
d239c217f680c142b6bc4ff64a0715881e2e9636

SHA256
611da81ac8d455a2b5a4076e303f64cd96746ae9dd4e30e305032bc96f68076b

SHA512
e1b7b5b8c2d17372f66bdd989e511e4cc75e8b2af5763048bd99ed7d73eb5b780af1c29810ed654e114907b11c0feb765663aa79b9d8a008180613cd9794c97b

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
94KB

MD5
45f4f80f358ff7345100a712bf3426ac

SHA1
8e19676f86d2a55dc048ac9bfefc0698b6bc5267

SHA256
a1c6f48d64d9831c5a69e4a00c15107a65549a7001d0aacd932c23f976df953c

SHA512
dd6a40c0364b442d70c6745cf17415f8b03221c2dae090eba5c367ad1c4405c3f67b3cb6161a24e3ba59dbeae0aa73c2a96fd9f82a8eafc488f1319cd904939e

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
97KB

MD5
f35f444b1f7590f2f564c73c1e63264d

SHA1
4da3baf83fcc257413bca462739f74d0f75045c9

SHA256
92c77f9c627c98e46e5b375ae509c3b8e6494c838119827d6cce9d1e0c00fc27

SHA512
d979cf53a5616ef55670c0e6dc6e823d48797508cb607b02b9e9dc87231799c5ebe46a215b7867efafaf26b89838aaae0b9666938cfdcc6ade1dcc906840667b

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
96KB

MD5
8f14d76557ea3505ba49bff5a2114629

SHA1
c395ab8059da0d40e1fa584c24b80f2b80ec5cc6

SHA256
cfbed55696af3171463e579bb5ba3a09990eba6a5bd7e4a6350a2fe91499b664

SHA512
f2aabed8593ba4ed9f7d9b270d6dddf53462c147d1ebe79e0504fa73968f864f10235a9779b32581fca810232a93bf7ea8bb15f5ad655f221442272800adc16d

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
48KB

MD5
a3771a99f54401c4a52d14308dca8c6e

SHA1
d28771cdd36a7e97328661f635d4ee007fe68762

SHA256
ce2f0dae0da1b90e5a15bc7416ce3fe2204b4f48a92bb03e2a3b4a2c0e8ce188

SHA512
2e880d7ba679edb90a909ccf5d6660b8e4782931e56c3c8d3907ae4f4c94080bec1fb8e6bc3313943ffce56e0731632b9871203560307cae2061212c6614d83f

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
99KB

MD5
b232bff707405460496361fa91e09ea5

SHA1
9f87f2b58828a3cca9cfec8f84de8434f6c31cbc

SHA256
367c9e9ea3a360a9c67e37848e7adb78776318916ff100351f6dadd6e2b29258

SHA512
6b3c5f8d221864a72a5daeb3e1500a8066508867d0336bc1eaa30db63fe5f436bd444367ef11ff394af640210955cc0ff37734ff260166b98a2762a618f37d54

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
104KB

MD5
4a48fd22ea6af25cc36ef59925f62aa0

SHA1
7204a1505ba43b85433dc493d1a54a5c82c4107b

SHA256
e01cf7af640bc28e06574568c1bf45f3825da11ae5b3b198343acf1f0e33dd5c

SHA512
c4a51aa3fadff095797afddcb37087527735a5c1d1618bab75d4aca68e3ad537d797131569a879752fbd929766d0911ae3c1fbf84664753d3e66a41ccaca0892

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
94KB

MD5
235ddc6a05ee2642f2d56893fdda16de

SHA1
c371c521c017b999bd43895a6a560e8345919abf

SHA256
0e35ccffaf5276b88db5c4cad2432ecb8b0fc6afefe212d51d0c5b81e0764af7

SHA512
449acb8b5fee2f1b08e8bfa6addd30d4037853fe8779d9d558801a1821d4d03bedef64c9ce3cef49d62fa7e92b9d0d1ef8b0d48cb534836e57c405751df8e7e5

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
97KB

MD5
bff7b7b8bfe21582630f5616efb05e04

SHA1
628e3f184885a9ea7366775d9f212a384f2e3019

SHA256
64e2f7ff381bd899cc58a1f552bcb80c6ee0d17f20a765b71018b5e25fcb8b62

SHA512
d9edb2bc622c2a843854c97e3c70a0afa9cd45a32995043895a2b395bcaa004dd61e09c82bb15a2ff8c1ac18dfdf1e361ab7f2f24e292d9c1f4ad6677d222468

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
97KB

MD5
3659de975de3e334c8b38349b98bcf1b

SHA1
d20bb611efa9ee413db8eb5e3798a6bac8f6b315

SHA256
7cb995f0291cd3731f96c6ad057f368bed8350d6b5498d64589291c77efc5b6c

SHA512
d5c7bb5df8ec307e51ecb11775e0f619dcf6ea351ae8b9f7e5de48db0440e0561d8c31317ca8ee8493abde5c6ab2f5a51aef2a2d74ee239197103d2d1673844b

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
99KB

MD5
ec5f6826437bc4c2f8adf1a73ef25ba3

SHA1
6cf1d3834fb88e5c45bb34038eca04b0b6232ce9

SHA256
363536fc42cd331fd9d6d86fe4b4b7455d94b376fe14a963a1443050f112fa66

SHA512
65d5e36b40d191feabe004e3f10420b3e9db28dad427ae822f55d66a25e4367d4c79a68dc4fd3f57041e1ae2cb3031f0fa2500b86a8071d0eca3cc0c5f070e4b

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
94KB

MD5
af2c25a7ba14c48bfe1ad1de9803e160

SHA1
b01568c633a72f38a5fa50abcef93b0ec843bee2

SHA256
3e1825aa4f68b56d51c7932e52e36f9e9b4cb92297b95b4232b6e9f9fafba36e

SHA512
0a612e4eae4535e6b634efa396b81a1f2f58cf68cf1f55af3a684d1d70abd4036b518f677921301b55b185ce7b39da148d06b8e2d99d065fd169ff7ed5ade903

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
95KB

MD5
228256e16c4c64f34f0bf6a2c83530c7

SHA1
3f183910d611830db5e7dc45a50d546dbc943d5b

SHA256
327399098d162ee30599f261d93c5e9362cab835a79161ab3c73152a94cc1d02

SHA512
2ed0847f068860bf52a8282ad2c8873e7c021981e5b03d82189a81aa7b05eef77c9deec79903c2aee985c714b913ca60c5f797569d9e721babef8f47089285a9

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
87KB

MD5
941b7537e5208933ced9bee62ad6f7a7

SHA1
0943058f03fa573dea952805edb2eb94bb0db29a

SHA256
fb53d6252eabf317aefbf85afae7d400caff1cb3748c9bb49f04e08dfe0b63f0

SHA512
5b4dbeb341473935c7406ae805431521ace64030989f04fdab26a7d0d96b723ebaa5f8e4a14da02e2cdcf6a79fe996a6743ee8dca3bf68bc43c487de3dfa615c

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ppd.xrm-ms.tmp

Filesize
93KB

MD5
ff64d98174e1ff5f1943b92ca6593941

SHA1
83958d4a3efa58766ce8a73cfe7caf5ab07785e2

SHA256
a6627fe0bc39e44664355ab9a1146813c36a93a6ec940cdbd5c408ea6ee47a57

SHA512
931f61096e22e84912f719b6f0b0b56b79033841c6309d656abcbaa4f5b11753a4503245065a07623f2db72f07c51b7e985d26519194c6e35a5e071b1c62b0a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

Filesize
87KB

MD5
d7b28d7258fa8b91f60ab00dbd27646c

SHA1
fed684dcc2484c02bd4a15a896d23aec457f4e2e

SHA256
eeb677ab95186a1b67c75318b081216ac436198b1af81aef0bf6fbffb7a676e9

SHA512
b49521c15a951d1fdfac735abf40d4919b330f1e372146ea0f0d15845d46fe7e1b8618eaca6df51201682f5527a388c25b6d4d319efc40974d578ffe2908bd28

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
86KB

MD5
55380d0e48519d81a0e75a6fa106f514

SHA1
354ccc3568d7fd5419937013ce1af4481f4b0281

SHA256
c258ee1a357e334533ca8580a551870bcdd8589c433b49b304d22727138b14e0

SHA512
6c4207b07152fa3c0963d415850040cbe86a65f618dc494be9d3b56076f00a087030ca4bd9683aeacd55cd346f09971481e9aa761617cb035a763cbcb6e305d0

Download Submit