691a5dd11ea4d8877617ee27df4ea4aca3b6966edccae0c110d118cc10626035

Analysis

max time kernel
150s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2024, 22:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

691a5dd11ea4d8877617ee27df4ea4aca3b6966edccae0c110d118cc10626035.exe
Size

99KB
MD5

72bce8d3cf0e5eea87d1c143025e0652
SHA1

d3e288d21b067d55d977f22b27f2d7340fccc189
SHA256

691a5dd11ea4d8877617ee27df4ea4aca3b6966edccae0c110d118cc10626035
SHA512

70b0f84fab043512d453601b4a314206312354f3dea99be21742323cfad3d1cc6072bfb41497b0470ba7ff6d72c10345aa2977b5d59e21ffda86482e53d01e39
SSDEEP

3072:6pWpBMyKoIWbsHfySkT5GeCyi348oWGRPOzkjId6q8UdrSD+kCoIfL2YwqAFZwIs:PcwVlzlMcwVlzlv

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (5181) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
1016	_desktop.ini.exe
1524	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	691a5dd11ea4d8877617ee27df4ea4aca3b6966edccae0c110d118cc10626035.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	691a5dd11ea4d8877617ee27df4ea4aca3b6966edccae0c110d118cc10626035.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140_1.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\sound.properties.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\el\msipc.dll.mui.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.FileVersionInfo.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\jce.jar.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PG_INDEX.XML.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Facet.thmx.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.config.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.VisualElementsManifest.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL090.XML.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Input.Manipulations.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Native.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN065.XML.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SEQCHK10.DLL.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Thread.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Controls.Ribbon.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Primitives.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\flavormap.properties.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\DBGCORE.DLL.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.VisualBasic.Core.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.DiagnosticSource.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Extensions.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\lib\jconsole.jar.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSIPC\hr\msipc.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Threading.AccessControl.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.XML.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-80.png.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL012.XML.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL090.XML.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.AppContext.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Json.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack2019_eula.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\XLLEX.DLL.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-80.png.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-pl.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-pl.xrm-ms.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_desktop.ini.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	691a5dd11ea4d8877617ee27df4ea4aca3b6966edccae0c110d118cc10626035.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 1016	2148	691a5dd11ea4d8877617ee27df4ea4aca3b6966edccae0c110d118cc10626035.exe	84
PID 2148 wrote to memory of 1016	2148	691a5dd11ea4d8877617ee27df4ea4aca3b6966edccae0c110d118cc10626035.exe	84
PID 2148 wrote to memory of 1016	2148	691a5dd11ea4d8877617ee27df4ea4aca3b6966edccae0c110d118cc10626035.exe	84
PID 2148 wrote to memory of 1524	2148	691a5dd11ea4d8877617ee27df4ea4aca3b6966edccae0c110d118cc10626035.exe	83
PID 2148 wrote to memory of 1524	2148	691a5dd11ea4d8877617ee27df4ea4aca3b6966edccae0c110d118cc10626035.exe	83
PID 2148 wrote to memory of 1524	2148	691a5dd11ea4d8877617ee27df4ea4aca3b6966edccae0c110d118cc10626035.exe	83

C:\Users\Admin\AppData\Local\Temp\691a5dd11ea4d8877617ee27df4ea4aca3b6966edccae0c110d118cc10626035.exe
"C:\Users\Admin\AppData\Local\Temp\691a5dd11ea4d8877617ee27df4ea4aca3b6966edccae0c110d118cc10626035.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:1524
- C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
  "_desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:1016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4050598569-1597076380-177084960-1000\desktop.ini.tmp

Filesize
50KB

MD5
c1d6cba23a346dab875697d72b9b7ab3

SHA1
6f150ed89a58f8a95b6e5cf718c9d7d0191e4261

SHA256
b478a0b2d97ca993bd817ac45f0b795640727c354eb610051044eea8dcb25660

SHA512
bb66afde9a69d7b75575c8e6edbe86d375c3935fddd8fee9733b55f7eeed2218e631d952a5b202027dd5658d227abf604b0c3a061cbe46d9248de4a2d9f7bcaf

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
162KB

MD5
b25d146d0c38650722e719ed20dba7f5

SHA1
af4f2c39d4003e87ad657f10ca0b687e134eec77

SHA256
a0e5a9c50c127f8055eaf2f7de54cbba426bb3923a62dd62fc8d7c06ee6c1f85

SHA512
90499e48c5f56fedc762a66e3c2f14708036a21911727488c807eb181517d6a35240829cca9e7f7a55b04301f82c8757f8e8be5ad1c6cbf3b825925e3d24be3a

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
0329b9989b14930a651da173bd50864d

SHA1
f882193baf9e0c629e29a822266710a8da906905

SHA256
600618b2f7509a2a9a5ab4681a0d132e2c76dbd1d19a29df294119f2b7e649fd

SHA512
1a87d158a69fc1f3ee4d2590fe5d65c65c49844ad430c44d771fa6ad8733d75dfd1d4f3128b391d1a1fa36bc694ffae6a81379c72ed89e3d4b6df489561a90b4

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
593KB

MD5
5c847daf6b3d054be521e614b0dc840f

SHA1
5ddf43311fac156872f7ffe1bddd08eb36ac1200

SHA256
53a17d6a484bb27b790c846ace63488b1c44141d368477f28544d1a52a0d7e08

SHA512
ea562051953685fcd2bdcc62862a306a7744fd8ca24707bb0b2be7fc414e0fd3cc3e650340427982cd15cf8f03fd7c25dcc1320f1d9f2e341df87068aeb73c0f

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
980KB

MD5
1e2dc50841604ad82b5a8b406f56a2ca

SHA1
22ae40d2ba9d3c9acb2c3f2b9679cc03ff8ac684

SHA256
5ccf95a0ae58afe57a5edfd2ed761ef578651f26094f15ba104a99adf94923a9

SHA512
d0ea3b6f731425c99663acb6bfa7251802c5c424c8cdc52bf99c810f0b34f296d246d867379d287d89ea532cbb082ae2cca419677e8b0e0f973a122299e3a8fc

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
733KB

MD5
008e0121bdaae38d1a7f8e7ec8289783

SHA1
1a11dc73d07952abaf5ab0739835420417aa73ec

SHA256
f0f47d0b124482d68a6abacbe3e7152651d2b390c96f633b99747b763701f606

SHA512
72c6f337e1b7b69e918f8aa920d0a788868a3e633cf11fe5da27f9fcd37b1279b3b2ebb420e50599cb243d3b8458dd3db75fc7161d4d563205ce71d0aacc2807

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
57KB

MD5
af2a347031de9a371bce9f5ab9350884

SHA1
1776b1f93e4ab341ae4a1f835f834c8e9bb56f1f

SHA256
01b7a5bd7260153700b14625378a17f30d475f5dcac0b23d9672e91e22f9a9f3

SHA512
71c481e17116170fff25e764c030865f853755b6715edfd4c69d3dc8992ec5ea94d653003ad5e41e7152ee0f2bed617481c800b83877f259431e5d3073d7f476

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
55KB

MD5
6ce5779347cb89bd1d670b31690ced45

SHA1
41fdfbbc4cf5116a2ee32143945a6740607df11a

SHA256
c8b9df911019621369a8b5a7a0512939dfa14bcd7db5eec4e0e30b5a2432fc99

SHA512
ba55279a5cd67dfebcc56df4c43f28bbb8bf9434381c1ab6437336080c042a21a6b0a684bcef7214980125e5ac9a2a1660851464176f5423695cc61c9e9c2837

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
59KB

MD5
6d635e0aa9b1b1233c77ff7b44035bde

SHA1
4adc249c9b15663146d371ce453702ab6fdf56cc

SHA256
0a1e398639801c070d1136bec7ad11db2e04e3b545769bf18695337b6f43d81b

SHA512
edd563d7067c1fcc5d5a1f53147cc93fc3e7c638c570b7481036ac04de891a76165a181842b1ed794522603f3aaaa7baf4457d11ed6028899d86e19462292be0

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
60KB

MD5
06116c932294aacb1dc78bb098fcc925

SHA1
587e030efee62d8278299b968e87584a8c188485

SHA256
8823252e762bc79a8b4f9c47ff0e879283624857f6968a24f893906954ea7600

SHA512
80ccad235e13505b75024620ee814c455f478e0277b320bff65f08c26c3301651197f589d2ae56974b1f6ab52f53668083fd382c537d7e2f10b23466695f9bf5

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
60KB

MD5
98c28a2e60b8b320b85de87d44556a8f

SHA1
5e49e275f7a4a708838077a64c11cea857c7bff0

SHA256
d098b4073250df5b9479b238ac89939f36d0d31633f92a5038aa90d263129496

SHA512
4cb1f8ce5197c3b37599c6b8b8d6bca2bedeccc679ce8a9d61c650c24f06b2719a98b366ba11081d5b2776650de68d315486b798e6ee52c8e1f1b02efcda8a6b

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
62KB

MD5
6130a8e1a33115d7d39f582913fca7fb

SHA1
3c7dd63ba9c8078ddf0ff8d6bf3ba744fb97cd5d

SHA256
e5956e4c5d642776f96561080f93fbaf95d750e96e1b30504f9f2991b92c2404

SHA512
793651b876e499b542f8919037a59c6cf194aab5f636e7c874744fd39de343625dca3dcb35d1bb87188b2c5a1b0f2ac6b276bbb478b75021fa88b4d462c27fc2

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
64KB

MD5
d65b802ae68c6c9148b603e2fa189238

SHA1
559af3bb1d1bc533cf3ea112a6d3b589cdb07085

SHA256
b53278949abbe24a1a01dd659b249e93dccbe9c061f827e8013709bba36faaf6

SHA512
3dd3198c3d92294ccf3d1b1a5af130bfc35b97de519fc111634d87b9ab167aae070e8f7093fa4ca1769851bd7a2b967a56d1de445884f385473517a868c9e1da

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
60KB

MD5
69541d34d82007538d993f3144d611d9

SHA1
422d9c7d74a6250dba2c2651ea6b7b33b36c85c6

SHA256
95ace581c0b2a3d95456983984e1cdc822a8ab426449f5d8e05fb6c05bdca7c1

SHA512
2f21022feca7432459d60eaf7579ea01e33583a84a25ae039e169cd33248fec89f600959ca75720f1cf7f361eafa759a2eb25a355a2804e3ab2eb6c692c57d72

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
57KB

MD5
f059530edad207f796a4be09b086f163

SHA1
4860304526c3a7ebf0f14f41937860e224c7791e

SHA256
3233096ab33e4c96c95fe2886c4e11a20e296ab54587c0a709d6ccc2d269cbfb

SHA512
d08bf00cf7796af7560ca3a343d886584d65438db3d01878420ec2384ae3bbd2c1077b5835773e7e7a26bf5bd4ab237b725c47c231b779b1153dff87eb131ac4

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
66KB

MD5
f5291df45f04695f25b233725c9f168c

SHA1
cbec76ba853c9b21ff7bcc32e3b73553e984ce4d

SHA256
a80a312f700075aa43b7f686158c1a0f18f0c4a86d003a72a2fc16915dc5f7dc

SHA512
160aa986a79ad8b6b797115c7399820151e7fab5681f2d2cda73e109325294f475ff2f87796f1cdf9727feb4c097b01969ee6f51e46ccab525d363ef802b97f3

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
49KB

MD5
f3f20cf19d58c671939d633e5dda4e31

SHA1
3880d57ec1a372a1fd5e65b7c63ce07e6160b662

SHA256
7db7a52da6c61fb283e61ac382e7a6e1710c36d5bb1d14da8cfa1ff19e6740bd

SHA512
b1c696895358d7fbcb170da8f8e8b57b7bd94a28b610c8811570fe84cf20a42cf8c8bb84486343d4de9a6ccb85f975f8d01444f06a3725264b76f338e247a671

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
56KB

MD5
d7d33f6a9ecad3d36bf681715feaee61

SHA1
6900f16938c050864803ade0d5cec9af9a871bcd

SHA256
92a8de42c585b4f11c3fa52981fa1c0eca065808f6a1ffd9c75d2c3801e6d523

SHA512
611fa0161033766eab590d5e9ed5a70e7a12643500eb21856de4ac7445017705a48ccaa20b64aef5228e36e077a85cfb4fcedbccd07cb8eff63ea4a6b0f36489

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
57KB

MD5
1ce144490c66059cbc07083765fd222d

SHA1
f73b8f656ecc5637459f53f583c0702a04bd2d60

SHA256
cea1e8c29649e4f255d174ec899e8cbbafb5763f87a89c1e5c0327e466826848

SHA512
d9874759f71a37a667720be21b3e78187d74bfd78cfee50eb47450e4bdc754303378de5b90c0f2b9a624bcbf5957223bdadaf6d77ad85916f719cebf4fcfab11

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
58KB

MD5
d486dd85e96e672daffcd40d936b5763

SHA1
951e850f83ad0c2861c92984e55a7898c58443e0

SHA256
c5cbfcc24bf42b053bf9b96644bf6520b00fdad92755133c6e4794eeea2e2bec

SHA512
59fc72abe4159f15a58a7ba4cf011cc495b84519f921e2eb1124fe23642a7bb30f017065ccb66248300920f0e1f94da416d9ea366142b628382458673d7a3d82

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
59KB

MD5
4418aeda7951a47ab6cacbe62d2e0f19

SHA1
e9500d1207a7728b98183ad26c033e57317d1399

SHA256
b3ab4fa1855d8825bfaa50a8c7fd72b4820e0bddf383a66a13c9c6e4407e3727

SHA512
33d526cc71c3ad268ee472e8990ae9e1449f9e0b2a871d8f0ba328ca9677a7651a59ff460b10c239c1a7ff6dde632ced6294bfc2b3c98795e5591407fc16f772

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
57KB

MD5
13cddad4154ce1ed27f5b0025424a3aa

SHA1
b0e31f1cb252a8ff2daf8f0367458fdcf3a39732

SHA256
633eebfd7745cb2552e7db786498d6c5b6edf4041a8b8147546435dc37f5d7d9

SHA512
09cab37d55e8abdefa680ee8f1aaef1e1add7134b2ba15f8ed6d73aecd8afe5cf23ce3d23ae8d87ba9195c2cc96c5f01a8826fb3e32ea0c440dc18ef5e377ec8

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
55KB

MD5
7414ec0a5b3eafd51aa743ba0d2cc0c4

SHA1
5deab62e6a87a526e09698dbd62281f783e347ab

SHA256
6aff2e654ddb90e5d059071640dbd10e869e10da1edb0cf903c03143feee782a

SHA512
1438fb5d7cedcefacec8db5c6dfaf18941b1e5da6613dbf02b284d7860d3ea8d1b0d9db605e7f752cf66235771d5112b25071744505e10bc747e2e0aae464de3

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
59KB

MD5
f79c67af23d216216199fb9a47f9ba98

SHA1
01eb4476afd18276fca880e61664e4cf7fec5f04

SHA256
b540649b41e6916b5ab609636b74b52278cb653e9dbd78dc0792e897d6855ee0

SHA512
4922310285c15dbf7db9759e9c93bcf4e7556805ad5f9860820c8c8c3589ef61c627938046daece59034dfd85752274c7df09d31bc431322499a677d676fa172

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
67KB

MD5
a433f8776d1838d33c3ecd6b3d1536a1

SHA1
01dacb8ef2bd66005429629b503292e49bcd376c

SHA256
d4d4b68d88f643b0745f68aa9589c597d56bc5cf34964fe3bd0822639efe14b5

SHA512
1e0cad9b85a33a85cbbfd16f3d1377d2d9cd55fd3bf81e3d8540010380d73d971d94cf5ef49ea17a72dd5b69acaa6442eef6b8550704eaa0355f2b7820bdd774

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
60KB

MD5
07bf9390fc9195fccb52ca6c2ff07353

SHA1
8158340c8f4dc3fbc1cad748e2ff89702993c95f

SHA256
e1a11af2808a41e5633ccc0c1dbcb93e61c771587870c55dd1f5dc522082c623

SHA512
8235c7cc99e90a6c72dfdb86ff7424584c68b2e4fc618c0c07d8b2ee1857ea37950bea67ffd1070bb604a2c76764fbc158638136d68b012dcfd6f3abbd9f647e

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
59KB

MD5
02cdf1db3b22540317a1ce0dea39b059

SHA1
7edfdeec22de9690d52b34d1318f50b0056afb57

SHA256
8691bb8c4d1f7d6df00d7656d8113d03c2cfa12eb17e658851e5d2eca37e9b5d

SHA512
f1850c53d3254f42d57569b6fcccb7dccb02f5c4989edf9ced9a322fd89a10a5cadf2231b666d03a627a5f70fcb1d239c901b097d402e85a4ec6ab99895429cd

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
63KB

MD5
27182fac98769325feed86047d793224

SHA1
9249a11f2393e5d6ae249c394ac0ed5fba9df06a

SHA256
97a68a94c26f745768b5750a40526adb7ba4cc4c814e3e3b62fb9d19514b86b9

SHA512
4d9928bea5d152f80b289b37582c40d5584648b1e4cdf0b7af4b237404c3a0462d8daad717b659bda68c2b618b90454af5dad6f461c713fc9b9beb3a9328a1cb

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
59KB

MD5
6c494224caf1d661f3e54e5df091afc0

SHA1
0c264b1b2c153f3710ccd0db5c5e6b0b9d86bf55

SHA256
2359a01d9afe4b82364dc0e3034b3e923adf59c2de32624bd9854c94db22ec42

SHA512
c4e9d3bd14cac0e8c522ac4e011eb559528d081b100e99d1e8c4b68bead7e5bbaaf73e82857ce603c486e01ef0df11e5927258e62277ff108ca407c7c68604bd

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
58KB

MD5
4c7a4bad1420a00e8d07369f90c689bd

SHA1
a72bda043c8d652216b071e97101ce6a8f802ecb

SHA256
b4f2fd84a8f6629912c4b559a026b936cddc6b9dd65a2d1b3b8e370f2a952320

SHA512
8cfcd4d89c09ce7140dfd8989f82066fc55769b5c65700c1816b1c1ded03be69f77665375b2eadd3a5c35b631fc4506c79299da7c8ef8bcefed4be01ef830f7b

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
59KB

MD5
e8728df28e3fe6e116db6b562de3dda3

SHA1
b6a64df1713d24110058b6b90cc9309b9c313017

SHA256
e886c2ea0c5083de0c50e0707dbd76f1c5df1c1d1c2d102826300e0588db2744

SHA512
05b4b4ba7cf973f47d3334e948e359747874ff183b62d64e9f90874a5a0cde5f3ead9a3e60b545834df7f280c48a5edd07d3b89f91303e2676578adb1748d185

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
61KB

MD5
93965e4c049efbfec1a9ae693a3949a1

SHA1
90772b5cdce0aa72ddbbdb7d192f6039983d5468

SHA256
b8df44a5f728ffe30f9e29b6520d9494d544f8c07cae405a4c7d52941c170360

SHA512
19b420f19362b59bbcf20aacbecac6b117c9029744b023188e47c0ff1c5c31d341fef1061925493636f26dde75613167dd8bf4ea0005af31a79a4397a5e47646

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
49KB

MD5
a1b2f4d8cc9b6b07ba3a5129e6c7cf8c

SHA1
ec9f47b2f60aaed683796d4e79412e6386e362da

SHA256
32e7e0bde95a8104e9c709681ec19c13a3b83c250beb621c54304f548e6c23d6

SHA512
9301fd8f0e50c01a319385a0d8f04db59b37207335899e6f5798914f853600bc4695aaf51dcf43807eed84d6d367f4479196f3072b02fdef61b5788e19bb786b

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
58KB

MD5
3bd19d2f8833a52ba5dfab091d294867

SHA1
912fb7e937f1d43dec7e19eab075d98a963dab48

SHA256
6dc43a5e8c79c638f770bb22ad230dbf0618f1da5fae4b16edabff114208b202

SHA512
379e752b83f06811763bd495bd04787e79cd1378ce5e336d3dbda29188282e88b3d25bf91f56a0565067bf52ae9664688bc98bded15f350cca2528f5127794ea

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
60KB

MD5
99063f417f1658b56bd331613f09952b

SHA1
9d24be971fea51aca6de78cc2309f793a597716f

SHA256
376a537e4dee74f130ca40fab44b65875c81523e2e55c840a33e7a276078ae91

SHA512
a0df198e7023cd5eaef5811fa9ce99c1df0e35bdd3e4e52d2ecbf6f98d283f1940958bbb5669df8d9383fb6bb15de761e89caf7ab7a6ad62d0aa8ce31c691d80

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
59KB

MD5
25c70e27b9517e1e7072d171f087a341

SHA1
62a2a3cb5123b7c6260161eef8de2c0c5e993673

SHA256
2c06c8474e9e56e143ba4ae49cd865c780bd0a1258d10f6d06e51d3278bd869e

SHA512
869f35a283686d8a5bcc6a733ba069293b3ac879acbc6c56752c4dea15bd2a1a966f4b984756fa169df3afe0f640dda7d405cb7bb53f97362cdf2569999658be

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
55KB

MD5
780a9ab231e9a1f3dcc01a8ca7a85d43

SHA1
245a9768044c7fabbf2facf4551ecdc4588277f1

SHA256
58e4f0dc5c475f406be3f998e9c2de4dd51bdd3ae31d4d6abfe66d5db305a9a8

SHA512
80ab847d2bb556b960f1b79f0538837cedb6c465e990249fab3ab69ac97ef0fe9a2b6f95e405bbfb7e267a48a022aef48267228aa436f0aecbd021743ec3a402

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
48KB

MD5
7762f4b9c2d7272faaaacd864aa09f53

SHA1
84f68d9b34b1536cc7f0b992da8885512d0a9eb2

SHA256
69f3c409e9b422024d851ea26dcdbe6e02e218dd4094308eb1a22f3c1c021e6c

SHA512
70d8b8a4fdfe6a08dcce657e0b5fd0fb2c4d229e5dd3a659df64c00d5b883e70dfb99d482003a1749f7ba74dbab3313d12e30f13b91eaa96f36995944c60920f

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
61KB

MD5
e96cd39862c3c6d98589c0b34fdde37b

SHA1
97f66808d72ce1cdaf1d2fff1d3110169586d65b

SHA256
5e5bef381df0d0b0ec7f4ad0050f99b258138515f1adfb3c2206e32145445a7b

SHA512
3ca5f74874f2dca532ebdacc7bf0b47031eeb6938a3b178d001fb431c355929e4c1f8fda5a771109fa435b4b03f37c2f786a5a0be33a5a2de48d4f427b6b4690

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
58KB

MD5
acd3bc2d71e1b4179562632c0c23d562

SHA1
a7eeb11004652cd5d86761a0f40135c60db6cde6

SHA256
ed8079619a43343a77b61078b3a68d2ac6a5c523f1401d15857b6df5dfdd98a4

SHA512
fb06d251fe17c1c4e8b5c80ae8b33ffac674376dc9b76c9036d47dcc484044c0c8505cb976fa4c6dce9731285d1ca8595a1878d22beb5965b213b9041c5fc371

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
54KB

MD5
1e2974c396aa90381d6a25a916a6fe08

SHA1
971f08bfe0a5320242554afc3d4bd9b3dae43359

SHA256
d3d335b39e17f00b7f5e0f187ebceb9313372e5356d119fab37fb46a95d4754e

SHA512
8e34e93412426469876006e6cbf9ec4bbc4a6302ae1d46fa7f1863b7974225d3a6a74f7ac2448233bcf21184fe76be260c58c7f5d3c9d54f72901249c15dd032

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
58KB

MD5
58af6c3dede6979553e86b542fe99687

SHA1
9b46c9403fe21e1b2480230c62a0bedb491ac288

SHA256
25df9cc98819504c2693e14ba971bbcbf2c4fbe76277143f9d42f398bc009587

SHA512
7cd3ba0aa7276371c6b40e10b3084a1d57ee9820aab924f366daf1ed968ebc2938d4b3f53ea1ceba02521bacc1752ceb8c8ba3d664a7ca6016303aa1f459d7a8

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
69KB

MD5
eae397cbbcff94e21c8146b5ce58d4dc

SHA1
2ed7d7d6bb0cb9088ef26c1d5530f007694b7afc

SHA256
b0f6b24f995cff0fa72d433ff3dbf69853de8a2fb0b3988cb06bb2c6e9bde8a1

SHA512
a2c7c3ab928829fcaa02a1d8c64e519d78746461f34e97fbb9d27349d11453178b47ec0377c7a819b22e5611ed1abc8a097575b35a4ecfc84da28f9c4d5f01bf

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
70KB

MD5
0822a6f876c569f1a0a94bea8132ae4a

SHA1
2a2808c6d239dbd927af903171a660dbea90b1a9

SHA256
a7950834c11309e13c84785b85f02d92a59378c0bcb3610d23a53db446c4b71a

SHA512
aa1fa08f32918fa5b803f89308565cad709fe9a454574f56b72af1cf0f66a9117455147132a9cd4a3fb72467e8cb933ef5f7504c61e4025957f2570711c4fa1d

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
62KB

MD5
87692a44f7327e5462bab7a0c420bb9f

SHA1
13ac260ea62b0a6e33781a4aa7413e54186503ef

SHA256
2aba04b9329a5a3dfc2561b974d65b89fe91cfbc185d2b506ccebacb5e9b72d0

SHA512
f019b0195438feceb2c15e5c854dfb53903f77909279f13d9edca0f1d0450731d3461743e8a6ce4c7b37e95e08cdfd167624129c140e6fa121395db2aa9d76a8

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
49KB

MD5
08f42c6bdac7a6b0adbb28ab656e2b31

SHA1
ed15aa98231b83077df05198df9f129b5c39c92f

SHA256
9bdd252ad076aefbae305ed62a5990b142f0f081371f6613b3fdfa6cdac36b1c

SHA512
12d29c273084bb513a3facb3b6da3717ab980eb82291b62297956c4286f60492936a8ccc695e271c159f37181a591ff8001041511cb4ea43d2182a7a8cce40f5

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
55KB

MD5
80aaca292ddab2089f7d635a68255d6d

SHA1
cd4fb9e75ea342f005eacb4e357afda3dfaeb870

SHA256
a4c646a8c1bd8b0581c2d575143806e5bc9f3b5f7eb913d3795a16e06e9f2b37

SHA512
7db9f621cf06d2672a6a01a15e0d035eee71c105ef65f6a7982d07e19b4c2b5f34c8d304c6099c1faccb8d7adf890d412bc5dd1ea6835b35e3e1783f4358a7a0

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
63KB

MD5
584b071a451a36d9349f102618b62be8

SHA1
9d05714c848e39fb42bba54c8b26b4fe13fdfe82

SHA256
9597dacca960af4071051603e0760525b688a1d5311570ca4a5a7e4e65afc00c

SHA512
72a77034e2ec11f80ddf0d6d71a343095228dbc8542872341ab0bd336683e2235b744e4738757ed360d99148f836721a32fec708edb6eeccf562c92354ea07b4

Download Submit
C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

Filesize
59KB

MD5
b4c077120475819970a1e0e8098cac96

SHA1
2de45851db0aa6b8c4bba5a1a61c6ce6dff56e2d

SHA256
e7c67c32d26001913673a3cb9cf7a94eaab428f49189b543441fadd0c289c52f

SHA512
93871f8607d57610f2b5ec35f2a67cc731d20f312259373a04e41a64ade4e5c9634bf4511576c0c03949fb7874b4a42312bd0231dbd8a70ad0281fd99b90b5bd

Download Submit
C:\Program Files\7-Zip\Lang\pt.txt.tmp

Filesize
59KB

MD5
929cf3bc33ff9da6149929ec28998a69

SHA1
32ddcaa3e76c3672d05f343741fd7d1f94dcb6f2

SHA256
d2a17b6bb0767fe43c676b76dd659abdb4c60b323283e63ba7601dccdb48119a

SHA512
3c9779107b9107853ef3c400e2d480df9f9307707bc596087bfb037053cda763ae2cd31825d2d96e81471e76ef2c255c73b7199c442e098ab299415de0e7c041

Download Submit
C:\Program Files\7-Zip\Lang\ro.txt.tmp

Filesize
56KB

MD5
7d31246f419c2048182eb9bce057dc16

SHA1
850bcc37fe374919d173a535445202f8a16ddb12

SHA256
85ee601d89e2ea80cb75048d7e959750a4436fd749706d25bf54e5cde3d5dfe3

SHA512
250852a886268c558445212339319b2d4e1d90a9d5581a02a46e62a876f0000850ab5c664dcd8b91eaaac3782e6a9019b38c8886acb01f0fff03fb1031c6d170

Download Submit
C:\Program Files\7-Zip\Lang\sa.txt.tmp

Filesize
68KB

MD5
9025af17bd8913833bca37eb94d8228e

SHA1
e759755272c02615d1f78ab5c3cf232c5a52b1ea

SHA256
6c4f5361fd0e2965bbdad5936795c35bb0aff13df11dfba9491e954cf790f8dd

SHA512
178d8b01e3ab3a8fffbbc003ffb4ba5d422fc8582fad0445d5f2ffe8928246dd45e6d76045235889bffb4c3aaf565511c38d8c11a1889455c01151a08ae6db20

Download Submit
C:\Program Files\7-Zip\Lang\si.txt.tmp

Filesize
68KB

MD5
4e4f81ddd7b661aac6d0e6a111ba0e10

SHA1
d841ff0133bfc7ddfd547d3fc73e86eb2b177074

SHA256
3de79389e38f5640ff36148a67539325ebc1732bc372dd8f8b8ce5669bdfc071

SHA512
9c435da4db3ca160ef0df1fb3fa82e5014e0f3395de85d2e5423a64bb49bbafee11c11ce4c9bf18f76e2cfaa5651814be84f278d6fffc0ee54252a966ed8ca32

Download Submit
C:\Program Files\7-Zip\Lang\sk.txt.tmp

Filesize
58KB

MD5
3a7ec92f23df6d0129e7d539b35d4000

SHA1
c687261b2bdbc6230f4e5748f17a96523684d09a

SHA256
176b536c2fb8bb3a1911d32152e9be974bb2ff1f8db44c0c2a1af7fc0b5a2fc9

SHA512
8c6e197f11779bfe4cafca1d1b18a381f5d77ac61f45bdbeef1c1949cd7dc65e5080d74e8edc7ace2b5c72d674539f3d28f4a6c39be3f0a61ae5f45ca186e47b

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
50KB

MD5
d254815be7f774f5176b075e742c0cb5

SHA1
5cc1c8a2ac4375e4d7ad5df753d91cec9917bd43

SHA256
9d8a3007d314f12899a4a28e0157ba6a89d16f1269d69f2b57f2cc43d7aaffc3

SHA512
34ae090192e96d05e82dc31f0ce09ed9344e93abd255934a0a8f9949cabf39b927dea0e6e8928687fad314c1b684db900da8cf33639c968bf15d7a7080bdecfb

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ul-oob.xrm-ms.tmp

Filesize
61KB

MD5
6ec487465eafc0cc6c28e1db50dc6e89

SHA1
b5da0df7c698444c255289fb4d3047bda7fdf253

SHA256
5fa9dbd18fed873acc157fb494401b6164a9bb80d420c71800f120066d1f31d4

SHA512
0bf039ebc0020afbdc41989e7fa6f673fc2a9d7dd0b4b6d786ea2456c08e993dc8d8e99658a4557e302f707ecfeddea764d50104315baf80a9ca962cf0f1ed8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

Filesize
49KB

MD5
86c8ea8e22704c02a85fa2a408dd248c

SHA1
933db69307052e2b1b221967368a18b2a82c955a

SHA256
15966a8110450d980dbb4e3d99f4ea031de8e4b68338aeb9ae77b0580c7de1df

SHA512
1fe5f163fa4d61bbf1a5c66deca57b52a2aac5a68c28e1f81f746304a306e2372b1a41d4e1372bf1f0d963f857ff6602b15dd17aa2207dc6c3583ad000c5445c

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
49KB

MD5
168b8a40d6184de588db0202eca73899

SHA1
76f49b238e54890601c1cff214e53541c1151ae5

SHA256
ce0b91d38b8d608ff1540b173f5a062d16e1f62ee6ca96bb02747db4294a3de4

SHA512
fae0b3627e591952d90c801e281f507bea5cfeea59826e175e94bcf246883342096a3aa56a5d1f56da20462b3f1b15db60da7637f4ff345b7ed92d6a2029cf4a

Download Submit