bc30febfb66759c4a3e878051e7a766153383cd6a14d107bc89d3a923eef983d

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2024 01:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bc30febfb66759c4a3e878051e7a766153383cd6a14d107bc89d3a923eef983d.exe
Size

90KB
MD5

d25c239914bf546d2a86cc150297ee57
SHA1

11b309ab902dc79c6fa5f056dd328fe51dc15531
SHA256

bc30febfb66759c4a3e878051e7a766153383cd6a14d107bc89d3a923eef983d
SHA512

254a9266bc8b47b95ad2758303d8802b3215fea61c61941b6d699cc1d0996d20dd66c0995ec9a027430184bf156ab1467c526ec1be5fa2b34ed0f4eb0a25d6c8
SSDEEP

768:/7BlpQpARFbhNIcv7717BlpQpARFbhNIcv77y:/7ZQpApP7ZQpApU

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (5194) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
2040	_desktop.ini.exe
4880	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	bc30febfb66759c4a3e878051e7a766153383cd6a14d107bc89d3a923eef983d.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	bc30febfb66759c4a3e878051e7a766153383cd6a14d107bc89d3a923eef983d.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationFramework.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_de.properties.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.CLIENT.CORE.DLL.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Controls.Ribbon.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\hr.pak.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\fontmanager.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-pl.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\CardViewIcon.png.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\msquic.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\te.pak.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8ES.DLL.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Xaml.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsFormsIntegration.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaSansRegular.ttf.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\localedata.jar.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2ssv.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Xaml.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Design.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EntityPickerIntl.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\3082\MSO.ACL.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\ReachFramework.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.manifest.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Ping.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Primitives.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD.HXS.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\resources.jar.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\lib\ant-javafx.jar.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Memory.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Concurrent.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH.HXS.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Primitives.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.Common.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-process-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationCore.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bc30febfb66759c4a3e878051e7a766153383cd6a14d107bc89d3a923eef983d.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_desktop.ini.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 2040	2724	bc30febfb66759c4a3e878051e7a766153383cd6a14d107bc89d3a923eef983d.exe	82
PID 2724 wrote to memory of 2040	2724	bc30febfb66759c4a3e878051e7a766153383cd6a14d107bc89d3a923eef983d.exe	82
PID 2724 wrote to memory of 2040	2724	bc30febfb66759c4a3e878051e7a766153383cd6a14d107bc89d3a923eef983d.exe	82
PID 2724 wrote to memory of 4880	2724	bc30febfb66759c4a3e878051e7a766153383cd6a14d107bc89d3a923eef983d.exe	83
PID 2724 wrote to memory of 4880	2724	bc30febfb66759c4a3e878051e7a766153383cd6a14d107bc89d3a923eef983d.exe	83
PID 2724 wrote to memory of 4880	2724	bc30febfb66759c4a3e878051e7a766153383cd6a14d107bc89d3a923eef983d.exe	83

C:\Users\Admin\AppData\Local\Temp\bc30febfb66759c4a3e878051e7a766153383cd6a14d107bc89d3a923eef983d.exe
"C:\Users\Admin\AppData\Local\Temp\bc30febfb66759c4a3e878051e7a766153383cd6a14d107bc89d3a923eef983d.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
  "_desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2040
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2718105630-359604950-2820636825-1000\desktop.ini.tmp

Filesize
45KB

MD5
293eb89ac123fa17a44c836b74131097

SHA1
9039ad15244218127203f5387e4ed3e408da09d4

SHA256
65cd827384bbbe90e6717f832c7167434ad5e91bf7ab00b3c8c441072b3acc49

SHA512
9805083e8a274325eddef84e844cf0c2ae9c0ed786c9e71ca05cd2200933299d47bad05128033c87a21a9ace1ea3ef6b3b34c59f113a3388d496d497adc407bf

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
158KB

MD5
af25eb6b3a183e436371b9d0ad80d954

SHA1
4c4d217de611b4d27f1ad175e3fe2512254cb84c

SHA256
35e5c4f61ac6b6fd48d120650b3959a97de713c7ab521c5be6b02d272a18aded

SHA512
8def30428bc4a5b4eb7b62666213220c1e1dc8f47310e37b70d7b788158de8a8caef38a8f4eb561fd23c60e026dd35ef404ec91b6d3a473c4b59a141c0d5be87

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
144KB

MD5
9a85d339b09d4764271f838bbe6c6af6

SHA1
7b960d5fadf0aecc6440666ef826927194297066

SHA256
3df398eb384a8956af58615a9c6e51f12033b379ad9a40b10f88bddd7b245bfe

SHA512
39e4c33d7911eed5c954b349f55d0174822f771d8ab7fbf5b340865d90c34ebb604cd7607c1771a5cd400ec1dd276c39f105495a8baa0686f0a8e42c08cd67af

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
f1b56dba37f89ad1b7a3e3ab388bdd32

SHA1
01901d4d80fd6048e4bba91126e0684b39279135

SHA256
5b2845485bcebca8fa68a7d6295fe29d4078164ca223c15a31cc6df1f85ca8a1

SHA512
999973931b8c1cd8b7c204faa3783be4758175ce542d25e32f4720ead74c7d0114916b9345bca4e4942a66f625aa649dddf78a1d21225ee00b3710f9452c611c

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
589KB

MD5
6186f2f0cc4ad235a58643489899196b

SHA1
8dfaeb2a76199a275eecd29b4ee8559a5038d44c

SHA256
119ec055e09ad8242076a028badf74a3c1bc674824416106e0cb1a6015a5f8ad

SHA512
de611f32962d45c300a0a5d1951210672826d4f6fab4b790535c8c4618dd1a212dd2243d86d6c78b0d23b316b6f515e1aa0572889061d04c93454bce36cb517a

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
234KB

MD5
5a278f1ac26f0ac6b4731368f602cbdc

SHA1
9625ff7ff93f6e4e169ed2c45c370769a41b6bb3

SHA256
5e82dc124d899936b868deedaa4b465fad96471ff20a0beb5523c3515cad1791

SHA512
05735498406afa99f519d9d1ae993c6b428c7c86e22dc48f251e22d1b055a508957f7c87efdc8af342b0df6d1802d25f80cfbd011f17ae7dca07a5ccbca59fe6

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
976KB

MD5
315b0ece895c9a77a9ad6f0df1758b9a

SHA1
9ef924a52717199740bc2f3d1df6ea6f00d8381b

SHA256
f4376863874a3d1c94df81af17a33a3362e3e985b4317688cb39c8df0d038564

SHA512
04925a596dc2ed8b35348423b021ce50d6952f3572cc9fcfc36f463a6a5a70d360b29609e0d06871e79a779ecbb976a5d7dfbc6ad3f0b4d9007a41fb4be52f62

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
976KB

MD5
985fff2065721f969401b6116318918e

SHA1
eea7fe6a69475b2f9d1e31819a29b18c3ac9f8b4

SHA256
261569e99a606923768bff50499caaecf81a9655241ffa1d11f937e0fc2e398f

SHA512
4f262905e6c1be8044be644c39bb328f0d17e0cb08d776f5a4e3cd6a0d402ca43e9de94c10f413a8caaa21bc02ac0f4071353bce2e4518f968a6014edaf3a169

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
729KB

MD5
6d4b06af06654d1a07855e10f031a41f

SHA1
10e99fc4c77cc3ac6a829c8d0a8654b92b7afc52

SHA256
3c23718f810eaaa31b16f45325e324dab9cdbfdd6cab4ac446e3334e5fed7bd9

SHA512
c6f61cbc2bcffde515aa2af28138e06c6a83fee78d5c2506b1d91bc02c16dbdd8c36417ed4994db6158504a3b88dd9d39afd5a0a5361b8aba8b2c30cbeb96341

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
55KB

MD5
3940e00bba6d0a0640ffc128a9b10296

SHA1
bac05ed9bfa9d5840a08644299624cbba8a64a42

SHA256
6dfb9b0b03d3fffcfe14ed32266ad60671743c150b34b84a16e07e0d928863eb

SHA512
ec7a5ea334a8de9ea12c3c57cc7a226898f2167e852341e15288e6f46c54c7104b03d202458912fe02a6f8c48ed7e54aa04b556c8ad4e8d8dc13afe556cc711e

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
57KB

MD5
d896a632a611984889deada00ed92061

SHA1
95c4568184c9431b460a360540d43926aab9dec7

SHA256
c76ed74e11b989f39d51545ed7af2d165de69f97dd9277c45ed58cdd1cb14f0e

SHA512
273ffee1b0e2f108e9fe3b43a67e29446288ee1110f42374e1fe9c6b406043b72f626112c3cb9a5c610726de251829188e4978b793a3d3409ce19c3fd99da29b

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
54KB

MD5
c6230d040e720213d4df132ca3107cc4

SHA1
a7d2cdcb4fbc30372a7d970d8e24e9eb5740f35a

SHA256
8d8ff9b0046b2607bfca91c2498cab7f3dee8befa687b35c97599ce47f1dc7a2

SHA512
e4308828e1e627719889067c51a2d31dc4192560608b6b8f1b147be3b88ca0e59c4181a248cb6f3e2224be405a43cc3b5aeeb2a612a0fbd984b65f3a6fd5942d

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
56KB

MD5
760c72046a68bd8de743d68f00f4f9a1

SHA1
420bb9b9f447c6bc6d7f71677e9a35c13d4e5063

SHA256
2f03db410c296a321cbc4a37a70a0940907ecab43608badaf50116b5bf16a809

SHA512
af5c59f25ec0932f3a4dea98984c352b8a136a73f3f082207f756fb48120e481b568cb07e410b0d33c984d6473ee3748a9813401c7081dc6cc35671b678ea8fd

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
57KB

MD5
0484d5cd59d78af85548e87f5cdd8b29

SHA1
7a7c82aaf4307fa5dc32ee954915e57152a5e57f

SHA256
9df7ea057ba7832e9a77fd17e5740089f88d665407c3b91b19cde7c134cb189a

SHA512
23790ddb47188044ad93c2381023c7dc68bb900c58ca16adbe6279dfc4634092ed8d135913b34474120737ff3beaff8e530537683b9cd672ef67aee7733dc24d

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
57KB

MD5
9d72b187a9e01600257b02d918813b41

SHA1
d71c34fd5e19a5d5209c4d7eefddd10b3067a28a

SHA256
7ca9236c748b0fb77242e660df4c90f17904fd52f1523d021ee109723fe5131d

SHA512
321ad700f20223d3258d15f03dd650ea25f89af4fa58810dde6724e2f176404c41bbec390b43c6e4f3962d4c833f548d737ac072a804a30c8e50c83a50253efa

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
58KB

MD5
157650974f978bb33808142e54c922ab

SHA1
8e3a5fd37d38232c67ef79f9b55d6d245f8e4d7c

SHA256
7f3e79eef85405094f74d41a8bc12c599350830d2c4d34659bf9b6e9427e3da9

SHA512
9dad8b321e54e260239283598db0d661617d347d9d41a62df60c0f4d4f60b478666107b77107d608ba81acd128e12773fca1d524f9ed6423be3b5920363c0ac6

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
45KB

MD5
07f46d7055209090b5d3146f774cc4bb

SHA1
e45836e2a9cfe38fdbcadf0ef0ec2407959c0d26

SHA256
ff8027ab490b048cf13a191b8051163e2d041752b7e7637195f11b3274d547a6

SHA512
8efc3b240f5167f229b9f1c783727fa361530465ec47a7681363c3b4de028148f8e1f309d266616de0ecf0b61d5f4c6a31c020c085486c6400e63e6f614c7b97

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
50KB

MD5
382edf5a1f14320aad38b4dac684cfdd

SHA1
02d17cc623d479caf198b75f307ba2f8dacc0a40

SHA256
158538e71c5004a806950047020f589b28447a8d740e06e04d53f59e76f85a9d

SHA512
99668bd0a69e69a65a1a566b2bd9b96df7565695f5fba435d60172646fd407e326ec04e2a5ac0def691b50394d0f76869a4af543a9ccd12703d98a87d51d7039

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
56KB

MD5
a7b26eebb9f2ce0bdbf445154981dd50

SHA1
b0ef763a210824295fab0268d5aab680422783fb

SHA256
17078bf2938a540e0edbe858469d3479e9696ad38b118ccf9c5c14839182ecec

SHA512
335da715ecb55212c48a8c497d632e851cd5048b5b9562a04932b1b5d59b750a198533f6335df08e9b9d9d6aa6c27d7489864b8b6e63e004a9b0c4bf7f165d17

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
54KB

MD5
43b8d13402236d2947b0427238a584db

SHA1
cf2d758153d763178ffcbdcac9f245c7b910bdd7

SHA256
c5de853fd771e4c6fc1c12e43084b6fe1593137d361042da40caedfb0e159db5

SHA512
c09bb8656e02bca7d6936fb4fd11f68595e8cc197d30ec1693f5401d45b9edb96ae8a11066a4501e511740b4c6be4aba46b9079adb8d809d269be0250829f502

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
50KB

MD5
9e0016afddbcb3ee0b6f1f59c6e85011

SHA1
d3b0670520ffe63d5c62ac26094fbe6332a71abb

SHA256
9569c492ba0131ffb48e55536e592d021712cac8f58124e12faf10a539f1c2ba

SHA512
e8c66e1ca7a9629b8fd97ec3c290a3b717ebf7151c90b7a6365879f630bf4a7315e170a467fafeba6927422e30585c9dc3a381e49a94cc56b324fc3b8ea6eec1

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
53KB

MD5
976dcd6c76b67c979c56c40c12bc841c

SHA1
0ba4e98bf350456d0974959ce9e302859573e5b9

SHA256
167350f7998ad5338cbf52948cd405371af75031d9c640994ae4818f0becddfa

SHA512
2674b3490ac86c0224f8d5d885f3b10cade711e7c48fb14b85c28a977154ad473ead948523b540d32edaf72530623b621069d9b22f0fd38e09a1efe249a7754f

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
54KB

MD5
f6eff09d6ae4c7341f63390b586bec90

SHA1
7d5d69e9d794de2137a039b16d14a41cb49e72b9

SHA256
fe1c4e601139221bd51cbbcc02d1498df09c4e25fb25fec6a5ac777518154053

SHA512
bbb98b995aef238c0b4523401998928e5f8f25dd57d1c8b308ddc941d0572fc08a402a5de648acc6768e151e43d4a635fba3d53c181e573393f10962554cea38

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
62KB

MD5
96bc2c442b06899b2533a9c110a36d43

SHA1
fa0d587248589ca25d8a4c19304b3445dbd7f0f6

SHA256
7a02ddd8669c28414fcc6b82112c60f9071117f8cd72bdbe5ddc47b73dff5251

SHA512
71fc168946280021258b0c4129661d399e1b9a245cc6ed3e76ed6b48851c65a83663b49e912e0a1d060a1624cdf71fe190c1c8f91db244363a74f37a5b1c445b

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
53KB

MD5
733000a364ebe0141a1d7f093eb9742f

SHA1
b1b41e816c19cc2568ff8332e5c868b5cea0acf4

SHA256
169a962294bc27bc4fbe148e7c4e7096bfbd5dfd710cee32c4ddaa57cddec076

SHA512
87c7607dd5fd806517459a9271ca7a91ae6f8eafbdae996a298dd386c0872663cb762e7b68a827cab71b559e4b2513d8c11e99c45c915d6c68a3223aeac49048

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
45KB

MD5
61c462292fbe7c17c84875b49d3add86

SHA1
90d235523b4266b36396a936459ff549615f8423

SHA256
3c9a2f45e044736d370df287a763ad6b390ddcbb9432e1b2e3108994709bb992

SHA512
fefd8e93919070eea8c383e6decbaf501a4ff187d69cc2725f6dc846d0d65ac6b711f4badd3322b62552b71bec8510f95652e8e10376aaf6fc9dcd44df0923b8

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
45KB

MD5
8783cd65f172c1b3a5d054453249034e

SHA1
a90e01f2e999c6e9722b6a86ec380f16db69f2f1

SHA256
130b71c1ed06b83aef80b490a23fde332a12799f44a703c31ed73febf5810984

SHA512
a92b6fc5ed01fc83bed87f4b45fe9d7c6b14b13b7e24f60d730608c7011c583bffd5973346df488ddb6f32d772a6612ba9aa0637d4e8b6f02dde680a9991fe64

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
52KB

MD5
99af599333a4f07e03e9dfffc7144c5a

SHA1
9ff068865cefce56052f946d926203aec2ec8cb4

SHA256
9cb5fe46a4177951f44966b967e0584cb6946f61b0f449014d57e179de16516c

SHA512
cba86181700d6972929bda5a15400e705e14e02bc601880f477f8c08ebc76d296c78d15a7a4f338c1d487a94565d8f6f3fe318464dd04a022545a29e654456ea

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
54KB

MD5
3d9ebd01ceec37c272f62f9518f94adf

SHA1
6b5abf20d65676079e8242acbba7ab28630f756f

SHA256
18d005821fca2befdacff05c8cead13ca1815a9f01bf3f8167474f03537873c7

SHA512
0f41445c34ebd0582eb5af83a04251b8fdbe2bdfc186c5acc6055856ba41bf65b0a7d57073a597a092ab0effe6e033a5fdd816f1bd8814fd372a16116e8206cd

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
44KB

MD5
18468a915a7e7075df2d12e3892b0c2e

SHA1
cf3745408ca693498d2a627c72f6876ffab75919

SHA256
0c5df1ce2aa4f29259c5bef21856967c7bf9d3a6199ba59ad359529cd46c9d6d

SHA512
39d887620bffd0190d70e8b24ecf27fbafb1b61707f06ed5640e6f6182d2ef7684ae1d0f5d8b50733073cd883e83dd9f591addbfd94024955e40d61d2fb6583d

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
53KB

MD5
d4eace9e74656864282bad116d48ca28

SHA1
2c2f314f1823397565a81acf4d8d49b5fd132831

SHA256
663b1f5cbb812f21d035918226fefb924f930616ca01cbc4eff262190fae4b09

SHA512
02dd320900ade4f4d78b48d60f65c9982530716a271a55c64256b58bb6e493400d2429848790cfdc3b9f848f553587475ddf61e66f2b0ab5db37c61bf34d2cff

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
59KB

MD5
63e9b315f702aee098feaa4bbb66ba26

SHA1
e56b410dc9fc5666e4e434c7b4cab17843bed503

SHA256
415cd7ba045de464e42c9c4cc53228a8fb61a2171bf07e407b7e7604395b53a0

SHA512
20d379d492bc318c32e1022e57b7210c23b6b4b00ce973079e1d4e5661bbb37e013f5a46d82cea87fe04c631e4bb9aac9dae51c0faf84ee233b3a7a20a4efeef

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
54KB

MD5
8583dc2db7778f4ccbf0c047db5648a7

SHA1
68bc8a8923bd28c5bed2f2ccb87cb67b324819d0

SHA256
dbea52364e4c5ed5d571d92b36414bf13fa96969762edff4e6da4ed49e50c373

SHA512
fa63a7e03fcabd0d61c81ba12e83a81c8b856a541a9ed7387162feabdec02fb8f38f5dd139df2c2fda8f2f58d34872eeca735de948ab28f6ed61971a48c5baa2

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
52KB

MD5
067860d02d2e747805c368bdaf0529ef

SHA1
26bc91afa2817072789c1ce738cf92d61c4a5d99

SHA256
ecd509d339d20cbdb9cb55ed29ca2c18061155df6b64a79cf142df02e2cfa0fa

SHA512
ffcf517c9b5a810674898aeaa878eccca9803b2db01e0b15f08088f5ab5759cee1700f6f7b6e78bdb2d2941f04499fbeb824608d26fadbad62f7882eab7f4918

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
51KB

MD5
be10934f77a1d799c41f76bd334c5c76

SHA1
36a63347092b890e95fcc8d3bd2d816b5c9aa136

SHA256
abe0f2a03df054c61d026a83772ae256949e4a55121abfe90697ff94d9baf51a

SHA512
4de91c2114b9e3b8c7e00e4696f54e484b61edfa8530cc64698c9cc6e6f282063835438b31877125d7a369a5e7cda4d2c6f6e3e08886e39425c511008ee3ab77

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
53KB

MD5
a0106ad28ebde4480a991e2330522bb4

SHA1
c3c11475a17dd411f6600542993999c7c0751f94

SHA256
a2cf81f4fa915d4a127d4c2f281a44927ca52f993e06daadac0c1a51547e80c9

SHA512
500f9ea69631eb7afb1637e9088ef6019bd66e9447d635b3f7c4c4ed7b2f1b5c20a88a949e1c6da2d4e02b4f2888c8d942f7a87848942b55f3d1118f4e958a63

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
54KB

MD5
eb1926d55a160be5ebf6fb73fddd43b4

SHA1
46bd4c0a45aec0b2e6a20fa9c5603f6dc81438c4

SHA256
33311820a3a0062db7dcbd051b7456767e8ba9a2d71a7b476c90443b84c80810

SHA512
2f2b7ff7ec4d3090bbcd2404b63ff84ddc7a09b0167db96ce8d6c1153634fa672f4d578395eb57ba393a62e7d40349ca1a0bd0ba4ef6a332f49c326fde83070a

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
62KB

MD5
491acc5869ee281be90235c7d4ea5d46

SHA1
69a39e8df6dc95a2447b1963d334e366d54840fb

SHA256
c82c8994e16838bf19e813983e1b8f0a59ca50fd36a3016d4963dadc28c78b96

SHA512
0cbef6c0fbe51e28fd463a75f6d95f63f78eeae3a0528c2f1b75f537d0eece5dd1cbb2c77a1a80f608d9f21002a5c2d5702f3693448123ac69d4e8710888b159

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
56KB

MD5
6ff4dc2599722d9c8afe09c5564a11f5

SHA1
e4b486af071141962debe46ec4fdc4c0bd02068f

SHA256
6f90c864e2bc6090555a21c6c207fe90e4cc6e1c09778aef1589b3834fb977c2

SHA512
d26dadab844defca1fd33bb4673912b87a76f135893d9e35ab0d01effcced4d301a29946b4385800da1c85cd0ef9452a386fc0cbb70a834acd2bd0b07af5037f

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
53KB

MD5
eadaa05018a858974fb8ac84d7e48d93

SHA1
b06b1921653165e7bd5ac606c757e7161b0f9666

SHA256
8737edb08531958c2ee5aaf5791c5c1d24063114f2ffe753eb99858dcda7930f

SHA512
dc1d72a7f9987892ac5f8b4d54857cb8a1008fb717ab003f1d4381186d451f1898c4a0236a9db740627a38d7fb4d5082fe7f31035c6741eef0749ba0eedf27f7

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
55KB

MD5
c54829e188934cf8776ca85c6a46bff9

SHA1
eb5c0c56419e784d5c34a40356d450e028ed0405

SHA256
5a6c5c92ea2e8ba42f4bbc7d282aca30e6f7f2307bdc8a07e1108307f84c111d

SHA512
0715504bb5622b48e2c6646f209b92ebc862abc091bd9f281a307350250dcbdd28c45ebfe89788c6d8709ca280e853b1460e7df18acb2edf5a3ae44425e62617

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
59KB

MD5
c10d79abfe8cbe3f72a01a2376abc95a

SHA1
1ed1397c29914ee74dc5d80c7ac89ea28d80092c

SHA256
2414890a029181be6a1c72741db7feb6056161c85f926134da367890461dfa61

SHA512
29e8cd78c42665d96988c3c5eef7c93beef18e10fb1e7cbbae6dd9fc09f18d1c5b48031c0063f6f23035f097c9adbeb85597833548928bb05680cc7d9a7069a5

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
54KB

MD5
90a9164797c3a8296eeade21b592b45b

SHA1
44b250a995c662933ca16aa8aac07fe2c35d996f

SHA256
dcb2fd5d5bda81066f070cb3e9b72b38c474302259dab727a41d708d88bf78e2

SHA512
7ef407d0913c8cffefba6f55abeb78850fbba1aee4e8670ceb3d8b77bf3aed12b124e32186a874bc64047955878bf8c1af1ed84b97e1e40085092e87e2c2f576

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
54KB

MD5
bf297b94209dc75c0fb55d5247dc6cfb

SHA1
a89f75d60931f1a8c25ba40dfc93d2530930302e

SHA256
d909d59ccc9af042a680281d196d113818dc8b97b0643fc89e009dc8dd041b44

SHA512
2fb1b702ad9d9285eb692d98b523e151ceefac6ed0c2a9680132143272f3e0020c6e7494862a24d6d2cff257f38460a445b823a5fe38384f4587516eeaa4ce66

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
57KB

MD5
24b548fabc3cd02da5ddb7514178b70e

SHA1
c9e9cc7b91a94c24fd0ac82463c6d2cfc82d08e7

SHA256
ee4c7df7d4adb615a4aa44e5a8e0484dc0bd27dd3804e27c6c3bd35061af8e7c

SHA512
87adc8df4e3a2cbd1f6fbed668f0a5f26f78b99e4c5fd450f8d87023582386ef4b1f7f161611ff559e14bffdfe694b15db8d8bbef90a67d0a79a72bb177163a0

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
63KB

MD5
44bc266753e15fe07058d977e802f510

SHA1
bf22f08d1bd9b00fc187571661a54878c03eb86c

SHA256
31d0e4af66d80bf3af2fb1f000916c708a416f85c329ca91cdaf6f480d96acc1

SHA512
5afba6456dea91cd1597c1f34ebd7917986d9530e97266f80197b38dc16e0dc7855f6bbece4019bf817b98a2f88607e280e0d3e88229f55a8371fe500caaccad

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
53KB

MD5
c390c8da1d08809d19c64b0f9b601336

SHA1
c9db6e783e46baaa52da0d784dec8ff475a94697

SHA256
d5dd9fa7295c679e120fa0740660aa36984dc85cae3a4790f38fed37ba848854

SHA512
7cd68071232bc76899f0e94a76235c7f0ff6fd55f7f9a87e32786186a1cc82c3da970e33600d85fc17fcf52835a6029fc09eede2ae1b0610e1244d35b9017ecd

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
53KB

MD5
65f7aecd0d4cead6c40583c84d46aa81

SHA1
568ef3f396d038b43e48b8e3d073160334a3e9d3

SHA256
3933fdfd4d6be23c224544a8d461a8383e8682370ad0b88ba7cc9c7d74f0c6b1

SHA512
00bba5adb215efe0a02004a4ecc790eb53cd8aab441bf344d01ed66a1b88c2d4aee6b1c14dd720fa38c2d918f53780f245ab7be7a4eab5efb77c5e8af9cb834d

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
55KB

MD5
78ccc7f70e69b4a96fec59bf236534de

SHA1
9d6e1dab7e3761f88db521804b7c1985e3e6fd8e

SHA256
2842cca5c8ea63de81e7051bdac7baf8d171f3e749b87daf1f34a1da3130605e

SHA512
2fa55f7c3e9bc72e69b0bb15140106ed51f448533f5efed77048ea4ad1a098ea4e6606053683eb528ee9825fddec212143dcc08a6f48194eb30172bdd4239eb0

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
40KB

MD5
1c34710ad08229ce19ac76bebe6f2941

SHA1
f04914eab19601396b0f81a62a0684172852f41d

SHA256
d6c33b5efa7bea8c83de32db8c653cd1a26976a82ab7a2b4206e19de1a4aa712

SHA512
d7af6e67fafcdf360fc496ffe3ecd6507c4208aa3a420ac9ad32e047cf990b5279238b1d5d26c34a85ce0ae17cf081beda48092fafbe0b034a0cd12abb96c04e

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
45KB

MD5
9025c87940bb4eb3159ce5b51470b500

SHA1
57b5f9007f9acebd73e48cbe075f673dc23c62b9

SHA256
d8127c82cc990972e7c75797d881e6c41dcb61fa9698256f3f7beb7b9456b0c6

SHA512
93d4640ee791b4298962d2c08e7ea4dd5674652101b0243d25b1e2bdaf8985197941f0446ddc4e9010ea502e8dfc418dd89ff5ca3e02c68e4ffb3aebfbfb669e

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
57KB

MD5
0a34094ce405f555484dacf6e618dbdf

SHA1
6fb35ab4b1f9c259cb5225c62bdd57acd30df547

SHA256
2b85aad8c0d52a78483abe92a186b6be02a534cbb81f41af1d94e029eec31256

SHA512
c6b62629eb2827bf90bd6e03650cd731c35b5a07fc232132eb7977febfca69f067a9b0563ac5dfde18e59e1763d4c1d6ce2848595841ad97a77fb5988d463404

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
54KB

MD5
4f65efab646421408eb10721f1031c27

SHA1
5a78337e1fc77c69179f8366bc0c10bea8844d3c

SHA256
79229ac5574df3e3d5f6d386c4ff2c04b7ea24f9eda33f28125096d858cdb7da

SHA512
fcc901cdafbdbedb1f76331484237fe98d15eef4ccf8e4b9f311929f8814f95cdabc2b12fe3d254dfdd5b29753b6b154c0276ec51dc2d0ab2e691d8635df71ad

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
50KB

MD5
8a4665fac6e173e56951e786415c790b

SHA1
3f8172c804fd234a0c908253f8e265985533430d

SHA256
7e44567ff9d17b3b8670ca9c02fadab3987a0d49f367dece63518f600c9f39a7

SHA512
f24b3d962df32f99b4f95a21e0c053e5e33937739615b96c13c689aefa7111c69bdb9a2bf0913ffb31df9b3291e11b600bd6816daa4fab1e728fad03b51135a9

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
46KB

MD5
2d304888c4bb9a76834d590abc892965

SHA1
8ff77e10b23caebf1407daf24ef8644196eb5418

SHA256
42f72fa767ccd3fe3427868f30af4aafdc494b7f188a81f682e1ad3709b56d44

SHA512
dc82c3bada3de428602544414d7eeb22666783415409cfed2025b68afa3866311e7d73dd78e915256fab66c46eb8317a878163ca6da2f3dc50d73c6a84a3d8c9

Download Submit
C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp

Filesize
55KB

MD5
4349858e6e03c321c29afcc836828fa7

SHA1
59d3b5674defb902ce32d4a3e1f9dd35b62466a8

SHA256
9561ab4ace3ac9b241db54737ab2df72b10079b1553e66410e8e6be046ae6888

SHA512
e8841183c9a2f0fe3b4955a5e1ea79a929fccbd251a5203a9d42b40143f2487f531d1445c76f8f6db5acafef70a2c3e0764d6a251414c94fd05ac62f3ab71ce3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

Filesize
45KB

MD5
6630bb645bc7f56326b973cbf5be1f07

SHA1
ec8619658c53f5295c52c595613aa2815074140b

SHA256
d7122baf06b1f8761a8dbcb1139d73a221827e3477af4eb48dc11ba3f6231e17

SHA512
9aa605806091251e82b2f8b3818fdebb87c3ac365fea5eb8d0d9b17b6444ccd5e007ffdcdc91ca7164fbd87c0e4b3849fe5c3e01c627180081cf21baa7c935f2

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
45KB

MD5
df50e89bca39746ebb65274d5a4e42d6

SHA1
150853f8827d5ab13060edd4dd8aa043cfb558b8

SHA256
dc546dccf049276ef2a4c09dabadae9438215fa67ec4a13ea5d4d24eaa3706fd

SHA512
9041356063624e7f2616251a402f0d2af8421493ba27a15719b671675822e06111cd993b1f29e6567318bf6b74842d2350148944a84758a4d9a11993a9679279

Download Submit
memory/2724-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4880-11-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download