a52f97e268dede5fd021822b6943c7f99f43df2ba3a19666b896a3b46eb37f91

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2024, 01:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a52f97e268dede5fd021822b6943c7f99f43df2ba3a19666b896a3b46eb37f91.exe
Size

71KB
MD5

f5031a5402644830835f1921776d3dac
SHA1

c657927694983c0de958d972461381f209e77d4a
SHA256

a52f97e268dede5fd021822b6943c7f99f43df2ba3a19666b896a3b46eb37f91
SHA512

fe949780b584ef4dc5aafcea960fbc0b83de0d797c100a16d3d70df1e5f5657c0bb16995d0f0db36eb4cab16bb35703a671d592c93a44a6e85bf70c18e277512
SSDEEP

1536:W7ZhA7pApM21LOA1LOl6M7ZhA7pApM21LOA1LOl6XQQQl:6e7WpMgLOiLO7e7WpMgLOiLO9

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (5075) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
4136	_desktop.ini.exe
4488	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	a52f97e268dede5fd021822b6943c7f99f43df2ba3a19666b896a3b46eb37f91.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	a52f97e268dede5fd021822b6943c7f99f43df2ba3a19666b896a3b46eb37f91.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\APASixthEditionOfficeOnline.xsl.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Primitives.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebClient.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Principal.Windows.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\it.pak.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\sRGB.pf.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.AdHoc.Shell.Bootstrapper.xap.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Core.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL102.XML.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-pl.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_K_COL.HXK.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\host\fxr\7.0.16\hostfxr.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationProvider.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\pt-BR.pak.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\hprof.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Orange.xml.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt\msipc.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL083.XML.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.XDocument.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\ffjcext.zip.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems32.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.Local.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Xaml.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\hr.pak.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sl\msipc.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Primitives.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.EventSource.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\catalog.json.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL.HXS.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN002.XML.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.ThreadPool.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\D3DCompiler_47_cor3.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmid.exe.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\AugLoop\third-party-notices.txt.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\joni.md.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSTYLE.DLL.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsFormsIntegration.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.Editors.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN110.XML.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a52f97e268dede5fd021822b6943c7f99f43df2ba3a19666b896a3b46eb37f91.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_desktop.ini.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3088 wrote to memory of 4136	3088	a52f97e268dede5fd021822b6943c7f99f43df2ba3a19666b896a3b46eb37f91.exe	83
PID 3088 wrote to memory of 4136	3088	a52f97e268dede5fd021822b6943c7f99f43df2ba3a19666b896a3b46eb37f91.exe	83
PID 3088 wrote to memory of 4136	3088	a52f97e268dede5fd021822b6943c7f99f43df2ba3a19666b896a3b46eb37f91.exe	83
PID 3088 wrote to memory of 4488	3088	a52f97e268dede5fd021822b6943c7f99f43df2ba3a19666b896a3b46eb37f91.exe	84
PID 3088 wrote to memory of 4488	3088	a52f97e268dede5fd021822b6943c7f99f43df2ba3a19666b896a3b46eb37f91.exe	84
PID 3088 wrote to memory of 4488	3088	a52f97e268dede5fd021822b6943c7f99f43df2ba3a19666b896a3b46eb37f91.exe	84

C:\Users\Admin\AppData\Local\Temp\a52f97e268dede5fd021822b6943c7f99f43df2ba3a19666b896a3b46eb37f91.exe
"C:\Users\Admin\AppData\Local\Temp\a52f97e268dede5fd021822b6943c7f99f43df2ba3a19666b896a3b46eb37f91.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3088
- C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
  "_desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4136
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2045521122-590294423-3465680274-1000\desktop.ini.exe.tmp

Filesize
71KB

MD5
783facb44966f82127ec2f1e75569b73

SHA1
d77958f3eda7ff4afcf11a1467c9b89323be9149

SHA256
5b76b6c1e797883ffa9e38b05ed0c5b0198cb4958b55bb7dfff92327258c886f

SHA512
6f7c5c741bc590044f566d1d1934e9ab4b131bae5307a6d746c687c55684733ec1939ecf0ec5cc31d71747629e363866488c54f8f1ca74c01f971986bbdf0d0b

Download Submit
C:\$Recycle.Bin\S-1-5-21-2045521122-590294423-3465680274-1000\desktop.ini.tmp

Filesize
36KB

MD5
ef256eba44865d41c090c9757419be3c

SHA1
8c7628f134ab4f3a88366386a8bf0aa83983cb81

SHA256
3b33620745e8239dcb28285c6fb7b3c1e3cbca28c979c6a75e23239d71a58d05

SHA512
5b63b09ae1cfdb45a7081cd1f9c2b7a115548132a20cba69c58c08fd223ff1a01e37074e537ed79ec44d5c93cdc838ad6555d1e96ea7d7d371e0545826b2ae4e

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
148KB

MD5
cd86e2847ae28eb8f6a0c428d977a303

SHA1
3cae13fd9d6c2539e533bd0b3dd895febf9b676e

SHA256
ac50fc8247e5e2b80ef9f1dc78e6186f74fcd61e995d2827ccbf8bfdd474b231

SHA512
2c5ebda028a8791ff5015e092488e2a5b198f557a861c3cfc09a449ceac9873773c73286a98b2a7480cbc62fa2c63552b15e04ad2c2634b16ba4bb29c9bcdfcb

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
135KB

MD5
09df6753a939985dd5efa976a17e4a1e

SHA1
f924a3456dea1eddddd6a9ea60e28b3403704c26

SHA256
caea90ad82651ce8cdc03bd2745d4321eab2fbd6b67948414430a4258b4fe398

SHA512
cf770a2c2b5ae2ccb78aca08b334087610600d555f1a8bd079178e0bebc3a42aa93a975963418c86a82dcc811e60f52f621eded8083af7b58c8cc802c8f1a2ee

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.1MB

MD5
a29c085a0f5b9b19572745f2cfbadbb0

SHA1
536db5e61c143588bb6c46970315622719d4c438

SHA256
ad4e4326076df9f68dfdc1fcebb2ae76b903c84a23210d592918bc289730bfef

SHA512
4fb7bc2a405578e0b600a64aa45ef4aedeaeb534a3806467dbac7d7638239b30272670bbe7c903de1985e24dc31d15ce6511ecb3d7b9d45cf7fb52e5ccc1646c

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
1aeb6fe5743f91218728f1aff4c649dd

SHA1
7d163df8ab0eb7beb5f009aef10c6f878b939051

SHA256
5d0bf827a8889607e51f1a4f344eb88629d956eb6bda25b47a302190edd9ea26

SHA512
7be5a965155c7bd72776f0401f755c4d98dcb8b3442b404dd8f12d71b0da93cb91b7d8bd3ed5f3c831f638a3d0dc8dfc19c7e27ef905fad685aaf41976b32580

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
580KB

MD5
b7c5cce3a84f5fd0bca963b70ea1ea19

SHA1
9bc1bb0f1f03ec202fa2a3bf4c33764e84f4323c

SHA256
62bd16a2c638e7cda36b84ae71e7bb50bfc91c9d8cc34420e54987b42b8aab14

SHA512
634d7d4ee714d609e4d6b59febe17ca64bc6c5a863cc6161747e0d212780968cc0722bc6f50522abaa518f85e3136ff7001d76f513e3ef056b3be5a4ed6b9240

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
224KB

MD5
e59e589bd3de455c697736d83405adc4

SHA1
7743070de6ff23a9da42da11a27d64584412e759

SHA256
0d925fc210529d21fe522f7fbc34f94074f3d78a08fc98cb02186816c2027dbc

SHA512
afc15e6231ea89c39cb27dbe449e97f046914f91b4e0974937de76b28bf2247126e7b536a6cd63792e5bf31de5888124058da735a2d7905358dedc78e480f3e8

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
966KB

MD5
083f2724daeddf55e64b7af493c42220

SHA1
786b4bc94b08d82050cd9c2f797223b027f67028

SHA256
6218ab44eabd3cea5ea36a4c574f5c702c68425dcfb01d07184cd50fed888213

SHA512
3a56d53976d080f6d22898da750ac46ad9143fc632a7735fe3914f76375cce80ed6acffc0588428af7ed45e1015c476a0bbb8ec6d0a618c1c7a21d99cefdc53c

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
720KB

MD5
69b3987ef7c3f49b0ca24c59c8eec948

SHA1
871853e3975e4cfb2372e6d8f32ab73f950f6eb4

SHA256
da74d274188f37b9eccae83bf39c6b080b5ca0d469b2ace2b64f199f3f156541

SHA512
783c2fc68628e19860b17c788ae8b828a05b3397aa2d633989f178a534a3f8d61fd29ed2f1705671d32578a17a057ec68c43f6d643a6d98e526f174700cff79f

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
36KB

MD5
a66916b45480feffb65a2b00b6902cce

SHA1
9e94d1447f68af8f8947c6be0e50f383f4920431

SHA256
2da703e0dcd1b8137dfa3059232085ef546e6e09476702a6d61d862c68b127b5

SHA512
aa7f83ca4c4d24b6446365be097ccba7b54e70588491eca98748625f3a9efb8287c3f15e942aa380b419d140ff6812fe64791b536d274aefbff5c057b180f760

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
93KB

MD5
cd685dd8bc7997d755d0e42e5182b3ac

SHA1
57a46dc972a6fc691622c4f002359bc94a3d0b22

SHA256
c7d237320c51a6208ecfaf963e0040025e939ae70e1b1a34920508a1f544f9f5

SHA512
5aad77607d5cbefa4c8ce17a2c2b40613edc9674f88359ca7aba5769cdaccacdbe2fa602ac37f5216bc36729631af9d6fc6d07b06ea584724f1a8a9c40ceccfa

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
46KB

MD5
073bfbebe5139700b9f0d79c30902ebe

SHA1
6b17361818593cde7ae8bd3725e0facd415f9a05

SHA256
cc2cf7930b122031cae353b87608f04178d537d34b2a6de8693eb2a976ab6a6f

SHA512
10a166088903cda1c76da931650f3101fdf910ad283d8b08ce3220046d93f48cb6bca6d8fa4bc3439f35769ecb019aa1c3e48e1d5c11baabcee16d89f1524a8d

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
43KB

MD5
a52d4693432edc7917965e0b36a386f0

SHA1
1b1e6b9796ef05f62691f613eed7584a198337bf

SHA256
d6744225ea12b34045926068a8d68f604c980994d2c3766086d613717bbe90be

SHA512
3069ae6c3a0ba96ce1ab803850c73c0b29e7472d1861a596050f8c1129ac4efb29c88aa743a587a89e8a91e35bb8e2da8c7c4d55d54e895b2e14e4d8e3c4e40f

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
41KB

MD5
6d592847e03ae96233737c0e6fae3b48

SHA1
1cac9114ae4f530ea0b8bfb61ad713fbed72310c

SHA256
93222d398526920dd5d8b7d68358d1ef4db13064fd8e9b3e14fd1c30d255b9d2

SHA512
a4cd65c742e4b636c603a137306cb3c53ebe70e818a310a54203c91ab4124eac5d97b4a957f0b0ca970381916ea14733355e3a7a21a9e5834bd578f55b6869a8

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
44KB

MD5
a9e85fb19167c629973814031f4c014c

SHA1
c1f2656f353fd4dcb1ec9c6b11c731f98e6d8b18

SHA256
f30b968d888a09e8fc82e9fcaac26174add05876db0c91f4be3d878b93d15dca

SHA512
77a23b53a04b42ead2f488f093415755fb511abd9c405c55de10bc331e9e50c3518915a922751a7c79c0acdb67b42379055dc32f3b4582aff3505500e6d19c56

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
51KB

MD5
2ce85850bd057713352310ad45672f89

SHA1
16b9fc7c9f11b0a301e73f84262aa42ca540daf9

SHA256
668571932ea33ed22affa5181133af7fbe682e2c1d7e105dd984353002915e89

SHA512
c07636977cc550a82ec7ae9e65bdee43a8318da3a007c3dfc41487d98aa5205bd44160ede037a2b4210875e4935e79be4346a1787c083b4fadc20b67e649b670

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
41KB

MD5
5517b6474f4a44654420780637c1f0a8

SHA1
9d37d90c562745a995205f770e3481d56abd1b92

SHA256
4cd8d9c42d63ea1154f86c3113b39ed54c5d0bb893fe5dd755c2d743bd0d7c1e

SHA512
f55b2c1a9c6171815839e2f39b10c58d46b856bd4a7d1096d1bcdfb66c9aac7c88e28c9c12ee3b30c6dff5eec9d3f8f7bba75aa6b374dfcbc851ad0e5989b4ad

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
45KB

MD5
5c7d0a4940f51c9912f92647fb05e357

SHA1
d53731d7215ff812e969ca39a1b563083645d0aa

SHA256
971f51c862b10383be16d2a48fc7d7eac1391460495149ef51fdf0f99ea538e3

SHA512
5d3963460347ed42337b298ce40670ca3e5bcc000efd516e779fe2e2377dd3e5ac305dfaeebe6a0b95fecca7761306c004c14f6e2f4560f3a6aa9b25f10e5079

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
45KB

MD5
ef60cadc29bd4a0e5b8ae645b94944d2

SHA1
ed282c8529cddc6590fab5ef6d65479d3225be96

SHA256
7e5d34d249ec7c80dc370e5e7bc737c01b704e9f443a1dd8e8581bb08c320015

SHA512
9914aa2f81c5c3b86535a7beaf3d4e5103f82258c1897814a5b544e3fe36c70ff757e6c55af401e3606dab21c9b69ade3f8dcb2d231e707f435b829056b9b153

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
40KB

MD5
5b835eb89963406b2be3af5cc931a488

SHA1
144ec13c170561883cfdf379c6a64909fed4822d

SHA256
7254c3c2dfe388bc71cbde1372904ece2196782343eff2b1cc6997abe56ff360

SHA512
e071a0ca55167cea70cdbd1ba816c7baf1b793ec402dc316d4e77ac839484bd800420cc059da55eba11511686aadc3059042cc3699d618cfc068bdda74a0118d

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
45KB

MD5
f54d00dbb7c0ae55f72ccf84c7a9a6a3

SHA1
5604b3085c26f01e6176418c84917a955c3e0e1e

SHA256
74ecdde06547463f1739a54e5e9888576a9c17f9c0584b8293bcc65c16a5fc81

SHA512
d80da80c348f09a3301eaeea19546d06981036be2df6ea566180809b4379a43fdd9932364218119b4dc016fcca83271f3d3968c46a7d4b188e265e2ddbd159dc

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
52KB

MD5
bd9cf81e7beda4636312291f335cd7f9

SHA1
b143bb9e4cf963056fe96f056d35c46363f4fd70

SHA256
e35fb27b0ab466bfdeb9c297994a1abf165b547d15d17617a62c637890b631de

SHA512
1f07781300857abc51324ecb0b78d525b80b5fdb9c52123f1c4569a2140e8ef77fdc05c48209620deafc61c7caabba9526384f4d24f4b49dba77799e2f93dc8c

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
43KB

MD5
b4869515ac14f3ae61a69a146b71de07

SHA1
5e965dff2c88942153c07fc3897a3dd48973d50c

SHA256
69d7aa85891ca08223437ea0193b62c1314bf4650e2d94e90fd3c871f3480b3d

SHA512
14c28b7a005054bf5b9f0ea07682cf1190e0fa2218de9e76cd83f5978f3b04277d3c3bc2d8fa463417b32bf2ce62601c72ac8696d8d1c024aefbff8f75264a8a

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
40KB

MD5
d04aedfb1d6b7ca7f6e614796827afc3

SHA1
7d9c0fa4717a6e2b22e5484d15eaf0151153fb2e

SHA256
a47bcf7ee83b6231ea746b8c1dcdd471509f045dfe2269d242f3039b7656134f

SHA512
88eabacbd5491161631ab7279ad4fb35266d907ee655c200dbeb1cda466457cc6205aa0d84716eafd20428750b7b296cb6a8e59ded76a43524ce988f042340c1

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
45KB

MD5
905b7954eba85e5cbb5585a50f07e188

SHA1
11b1321dd87a8dcbbf648d39323c93056b829157

SHA256
c9f79598151fe4d61ccdc2b1490d31dff13ea24f5af98dfe55fde8aa05e6c27b

SHA512
35ebfe5fb7c91edb281f96847fbfefdd25d5f7a40f6c44531db39f21cf09724d9d4c3ed78a682fe8444bf0c1a75bc7b97985bdbb94aded80dd1f00a03268a457

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
42KB

MD5
5ec96e93759a93d85755fa121435adad

SHA1
472ac36dd0a6d800be4b5d2985ab09810ee47c1c

SHA256
8275384d0894f15834619836b64dfbc267dede4a5358e4c711b6d986ed888011

SHA512
bead5b2e438187db68e8303d161270930c6f7bdd1e5140790260c4bd60b0c0d81d2afd0c0ed7a4246ca446087292cd9f08cde4cb2d607806668e0a8c31a86bb9

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
45KB

MD5
83422bab426244e6d884d5ee84754c86

SHA1
243efa0fe0e735e8d24969d6a917100c77aec435

SHA256
3734be8b9a6e6025be7ed4944f43f791cea32ef4b38f6b7bb0ca198f64e80a59

SHA512
ad0e663974414bb8a9c56302ea723ac6e9741585672a68dec116fc823ca26049db8456100936c5238d6b5de9778a1c93335d8becffe8039f70063096ffa34d1d

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
43KB

MD5
9c0167da70fbb7a36b7dbaa896326b3a

SHA1
6b70254595dfc062917671458928fec4781af5e0

SHA256
cbd53be94b6def9816add940bf8b77254189fb94e33dbd258997e3f49f2a9159

SHA512
a5ba0c2a1c7eb58bf7db9c7c5b17613c70e5f4b73202454027ed15c64b85191611a1b8aa5138598f5adb57cd5ceec0c8897680bc8236811eba0e166923819f6e

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
48KB

MD5
5cbd196d5d22f82c5b16feaa60a25263

SHA1
b61f6db10c7e7b8a5df0903913ea0eb5f02e2b95

SHA256
0494d1e82d89d5e364383e9b482046402a6a74c5659035e833e4b51b9a1afcaa

SHA512
2856d37c02f6408dcaf95d953a0d8f4d13efb44e773b0e040f8ed67e81c9f537295b3740c874453220d7195fa385c96cf9c5ecbf0b0725ac52eedadaad3719ae

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
36KB

MD5
605e0c41641be5aef148ccc699fafe17

SHA1
4071884d455b54472baf623e3c9c3e8cb91c86a8

SHA256
02a7e63bccea6c706dd4175c6596536f5ee0f221449b4036d4fe21aeebe92e36

SHA512
a21564279e4b92494042e9d68b2b4575748aa5c37b80008c71fb5010f4d74aa3d01d8237870b0046bff7087be8cdfaa8964d91bc618e43102d1f3ef341508923

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
46KB

MD5
8263bd4c7c3a11ef0a5befb53ce4cc30

SHA1
6df64883f623eb4ce3ad853af479869ecab1ebca

SHA256
bf8332aa9f5b70c5fe4d22865c1e71dd25f4e4b1da1bc213b91392d9840988b1

SHA512
0993c4368a8a248afbcc1624dd519ff42064c93c2926cd33bc9c38fbadd832bb0381de04910d9727151d040b916e5b654055f46bf20aa8f8b715e8459407d074

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
43KB

MD5
118758ceb98cc10d446796df443b4372

SHA1
de0ae90f5daa2e837255b814a1c6a0b4ad49df42

SHA256
782db4c37afa7b63549019053a9f2bf0c121b4cc2a9a8814c8162dd383905391

SHA512
75529df3f7139e2c9c461b2cba1f659d3520dabb3c60a8f39ff151bca57b0f099898c148eb983431543734b3407206e1d5dd6606ed012025e5d0ed1640ecc6b3

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
45KB

MD5
cbb7c1f5d7975c88e4bf9f3a23770d38

SHA1
fed8f5d368d8968cd0614b10eab8a93a7e1163bf

SHA256
451ad2cc2dd7e5cdf1876acf29e311a2a60052dc24d7fee0cbc2c9f0325eefde

SHA512
d08608eb326e88c2a358c1e138e251ff58ad216d0e54759b6eed8a3d8391a9a655f602fbdfa50607a2e7ba9023b635c6d719276aa295143e28d3f15f7d3f4995

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
46KB

MD5
475fdd3741f257ca3a07be304fb16eed

SHA1
1bbdf7ac5c8f66f05e0efbc8e5fd13b961ed213b

SHA256
df5507c29b5f8690fe30fb300a403354c72e2fbe44c7e306c4f4f2749cfd2017

SHA512
6ea6a3b2836a7903b9dd3dc7729bddff1350f84c8e9f64033607e24fc740af53c0287174842c414d716dd01298590b273188bbfc528836218eecc651278d4584

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
46KB

MD5
d5f0107ca89caf2f7ddf8340f14ed68d

SHA1
0a7cdfb293b51e0a0c26d107ccc51787fbd3c0c5

SHA256
d70d9bcdceb64ff6a721e6fa41534522bf904ed454b4ee8916acb0071b10f455

SHA512
04b27d438465328912a2da61026d4bd7c2b5a24b3766e66a4c458c582c7966132c79e4d11bf463de4d236a2ba396e6ff742a141de23f651e95260fcd86e2126d

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
35KB

MD5
527de431ff841cb9e86a18d627a175ae

SHA1
a431c5c724638b0d60ddf1d1508905dfbd9d59e4

SHA256
0f4740cc1e196b7e2fe2686d3f555ea0700bf03cb9420a1c031212cf32f3c0bc

SHA512
f45ad73469dbb01376b65e1d56c6d0d53914c366caf26cbfd4f1c107045b20fade0bc6e156a4fe9ad6545bda80c6a0b44d95300368d25a6f9a1d4f35e11b22a4

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
44KB

MD5
69875847baf07c8ec892b5be5097bd24

SHA1
30ae6d12001a6d83ed262a18f02e530be3e14ba9

SHA256
3bec75b67536c8f5a697cb3501540e32de823196e4493f4d471e10595f56067f

SHA512
99224fd6235a142cf3db6aca4e1e9be43bc9b0b953e354bf4b31abc45c63595702a0044e828d13e3505faf8966dfb71072f5409a2ea4a5057eecd4e69201c7da

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
46KB

MD5
87d613b70f3c7f099737a066aca4cfcc

SHA1
2bb7e31abf1f8e4601994f37a3ae39f35bffa3b0

SHA256
f155d401a390834e84e887a1e54f0520a3a3b1bdbda1a203d435fcc1298fc19e

SHA512
dde1859e2af013470c22ace6c55064f13cdc7d4086ce86b15c71f7f92745c2a47aef220ebc74e3928ac97948f59be4eef514f5b0907e8e67d8dc0a1cb3c34e23

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
45KB

MD5
e11622ed745f362f091be90dbb95bd32

SHA1
2bc4ff66d06c917030ca33d3017ddba7bb1980ba

SHA256
defac6f601aeaa030c24445d58688050e96c720cbfdcd9842edb6ca8c0e8e5b6

SHA512
18bc86d66cf867d72fa2ed0f3475ed5bd1bae26d1b14b31aa1f6496bee94331259e1ca0f2d44322e2a8de3cc289d19bf748ff9f3ddf6e315c68865e220a14d3e

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
48KB

MD5
36095100be8d2beba881d7e43fb1e150

SHA1
e3b171a2c34f90d68e8773ef298f99b70fa3207f

SHA256
9bddb1cb3a5a46cd15cf4af38787be2e38325b8e8141dfb0746fe8886a7a6624

SHA512
df6d47a8d6ce7a2410b6894b7104ecc9b47d85451213113aedc692dcbb62af64bb95a4993ae3a3801e0960f5c5db5d8dd8b541999f25b9f12864323d7a3c58e0

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
53KB

MD5
48b75b04685cacf4235e6d80cf6e5100

SHA1
0bbe93c94dde547577161022e503867557453bff

SHA256
0f6714702997d5a959e87d40bdedf16a19bc9a9eaa674e404a2f00713284a114

SHA512
4076c218c28a3c11a55e291c7bcfdf0dde932d17f83ff6e6dc8c0a515d57362585498f7943428958759a8963a8efb3781c3ee4c2f66df26b9cc9417d59711d8b

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
36KB

MD5
a7de0c192d748fd96ec0ef804c5029af

SHA1
da392a58c6481df7c085cb9c8c16cd3cf76b6901

SHA256
b4cd172ebd6efbb157697a7b5566578e469c5bff4659eab9e28e7a63e3ba6edb

SHA512
5945ffc2cb894bc99ba8d50bf039f65f59def03dc722ac611af6a2830d51f2dde847e19372090cb62a941e95c3c6982cd152b2ce57daeeaaf1eded6cb0cf9b72

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
44KB

MD5
39e5556340175ba19afbab1bec607f05

SHA1
13212bc8285e4b629c02e96f9f528e2c0f034203

SHA256
42a80b57acf2986088a030700e03b651ea50a2cf41b7018f97a849fc0915b2e0

SHA512
4147bac7aacfca6e1b347d5420e77077cd192ccd3f506ce4acec8d4104e42eba70a2e07ffccc6bf0def8f4cf48243bb592939cb769a47e2561be991099ad4d0b

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
45KB

MD5
1bd06ae32dda0066d960ff30e59d0554

SHA1
e7e563b0b532335264e71bfd7b4833439c7b430d

SHA256
617d3b1ddf9437d9cde21477e70884427504e6aac11867bcc89d1058ec57643d

SHA512
b2068b3ac4794517c7f203b40da6f0efd87d7e7f07d132bbb27c70018f6d7d46aaab80b434c6eca0c2e29b74fec8f1fb503a931d96febccfc9ae08881b1c7c3e

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
47KB

MD5
aad9d7a0f38b3a6e01e0a1bcd902d959

SHA1
45f73e7967fc977c0e32750ea94d77a23fd1a6cf

SHA256
1c7ec539337244efdb3d5cea3f5a8de8778047c0334c5d87d9969948405b0c12

SHA512
ac0d5ef385bbae9434217eaeebe84960aef0aeca1574fdc86ee87c34d14785d61aae0f2bf5c22be9c265ac9dde7f0c1541c7b13b5e4f10488ffce5321a336932

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
36KB

MD5
e7175515c540f9895b495dd19a3bf316

SHA1
39fec6a71334de5b2ebd77f14870c44ea1505c00

SHA256
d179fbd4c44b97a5795e8940ebd5eb011d08b39fbd3ed44a461068d02f48bd58

SHA512
a34b77f058ac272e5b93aca8515704e4ab31e05ddd199eae6883f7ddaa4df7979b27f09cb50e61942020a0b178e73b47ddd6c65ee147737fb2f03217c3135ad1

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
42KB

MD5
7ffe330649b55ce14f37aeffb9679e51

SHA1
944a77a835111836202bdc8d0b7d8d0ee514a073

SHA256
fba13d848ffceea39793afe4fc7bd01fd326366f6f9694e7e464c903276f9b92

SHA512
fbfdfd6714872f63449d8f08f223332a5938ab9a58149cea432c4d11b5c1f26d1d0b5916decf21e5680b2b7cc4c93f69b6df66cb1998f6d8742452359a88f036

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
45KB

MD5
dbb0f54a6b3ea8e185391c2b13649a05

SHA1
f98913e96262ec7512a8319eded8d42aaecf5b03

SHA256
2c8adb84ce734a2f2c4ec8c67d26245217b9c88059874dde65408ced6b02d3e5

SHA512
afc858cf795ce68880aa8257521a5ffcd8f80c1251b7d0f355db9d831a5787bfb73a2330f72584723a7df5680708f7651449494ec219940476bd7ad997d83669

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
44KB

MD5
95ca123371a87254776d6f50c1a8de50

SHA1
2d00b92c789a334d740a35c7a251245a74b41aae

SHA256
16804121e4eb0d0193103a59a345644994e54f40b9849407cdb1d8cc43ef4df4

SHA512
bbf92277b09a4b1e02f15966f233b6560156355fb2815e9e723e7cabfe50b7dad24f38c5f525bff3fad26e023112114320f3dcd48d5d8fb8a3edf17b86309060

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
28KB

MD5
417dea8f82e24f16234ce6a3bef30555

SHA1
248629d7d149dda3f44a3cf71ebbcfaa31132467

SHA256
71734bcdcbc43f61dba6e85af2a0b2a7690a144761ca8333817fd803044c2595

SHA512
522ea88a20015c4372f89e734ed625f4905d32a9765f0f9b122838c37551d262a2b0338c0c41d5b914799dc1c1122d6dcd6fe664e3308707af24b322ed426f48

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
56KB

MD5
83b391a6d687c561f7545036eb8cd8cf

SHA1
43316c3be5a139a07a40f3c3ccafb4b5380758bc

SHA256
afbf03cbb5058a03d71b95bb3a9c2f1cd68f56b4d92996ecfc539ed271670f7e

SHA512
95056927a96e266295bfeab24cdfdfed57335fe82af7df2c856cd8c6d9db221b947fadaaaf721f1d5529871101f2a7e1233ad35c6283949943352abe3488eb1a

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
24KB

MD5
b4965d900df776c4ef92dcfd9afa1c49

SHA1
d645425f57dbc3db6be2ce4898b465562639eccf

SHA256
cacff1848a7503ceff9b3112a478f926dd1acc69aa110c57bb88eda5ce53b763

SHA512
792781bcaae3cfc5057d72eee6fb308f580786d0d53b6ff51dc591fc984c0c12be9b8e7760517ce60a1f8fd72ca3aee301d8c14d48f5929695d057e3e98f936c

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
57KB

MD5
97fce9cfcfb19d83c0be02bb035d6146

SHA1
8d313d423ebe568c8f5a8c83b97a388492310919

SHA256
9bb215e05906d1ee8a26be8a797a1ad944b4827a9bcce93c6189372974c948b0

SHA512
d36eea06579719e711c7505c80bad6a298b9986cbaa933c7debda436a60787096eff98de92477dc19b1042fa5aa72c397ac7646151c7e4dabb98ecbb66c1235c

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
35KB

MD5
e7eb7390f2dadfc1aa5446e78b49bf56

SHA1
4fc07c3abaf0c93bbafa19ff940ee580eee196d1

SHA256
d06b8238b1011d3b35feab947c36fc16f454dc1331b2fd2883493581e7c90c83

SHA512
f03554123fe93094d6a1af9efe3ef0c6c57d77a70a1998cd09c4bfd1dca953c4e17788fd7d4cacdfec3b09c905562414b09db1942246a36368a8dca2593f4ce4

Download Submit
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-time-l1-1-0.dll.tmp

Filesize
55KB

MD5
38031f1106d08aa6ab250bdf299d8bb3

SHA1
25102bb3f1fe0fa4e58955e77dd7f3b44474ec64

SHA256
b6fe00ef2e77224aee899514a70bfbb5a2e907f0f4e281545c85f33f23ca59be

SHA512
73e76f97d20d3650ee5924834ae4bee856f5f92616ff4c5b4dc670ee5fe8db88f2cd00d146d1fec2d6d509d19ae6e6bfc9035e238be4f6c332674e5d93d677ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

Filesize
36KB

MD5
ae13f1b9f010adbce5497a9ad7d4b6ab

SHA1
814200fde311a78c568f7f34b6bbfa130897da69

SHA256
15f3da9db57cd8953b563c758e571bf5aed3fbead7d3305c7f6b119d49d0f92d

SHA512
5d4292546f47ca752e9a701397380dcc4606515324e8ab9e364a4193610971e54f6736184d2d19ff153502c6b4cdece41c072ffc3d726b43b327873f910c8c53

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
35KB

MD5
e87616fd744da4d47e4c6afd6b9e09ce

SHA1
c769f5e4a900836ba8c67ac160acab0379ad6407

SHA256
903d1a96180fb49b7cfc70066de4fe7965f2a264068cc9aa4088cf8c1b0c610b

SHA512
eec06e72644ae2b439b08da26e588054f526b84c57fd647c101d528ce58057e1333eabcaedfc9c9fc9e540ae74025cd88a89553fdc023492ef49d10ffa8e8337

Download Submit