Malware Analysis Report

2024-10-18 21:35

Sample ID 240614-wxjyws1fra
Target 04bdf18702dcdd3c7be3076a89012c5715de34a8b8358c33a7d6a20a972735b3
SHA256 04bdf18702dcdd3c7be3076a89012c5715de34a8b8358c33a7d6a20a972735b3
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

04bdf18702dcdd3c7be3076a89012c5715de34a8b8358c33a7d6a20a972735b3

Threat Level: Likely malicious

The file 04bdf18702dcdd3c7be3076a89012c5715de34a8b8358c33a7d6a20a972735b3 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (4475) files with added filename extension

Renames multiple (5051) files with added filename extension

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Drops file in Program Files directory

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 18:17

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 18:17

Reported

2024-06-14 18:20

Platform

win7-20240221-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\04bdf18702dcdd3c7be3076a89012c5715de34a8b8358c33a7d6a20a972735b3.exe"

Signatures

Renames multiple (4475) files with added filename extension

ransomware

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
N/A N/A C:\Windows\SysWOW64\Zombie.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\04bdf18702dcdd3c7be3076a89012c5715de34a8b8358c33a7d6a20a972735b3.exe N/A
File opened for modification C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\04bdf18702dcdd3c7be3076a89012c5715de34a8b8358c33a7d6a20a972735b3.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\7-Zip\Lang\ta.txt.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-core.xml.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Santarem.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_ja.jar.exe.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libtimecode_plugin.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\meta-index.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfps_plugin.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Windows Defender\MsMpRes.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_dot.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\15.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-common.xml.exe.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_settings.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\triangle.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\RSSFeeds.html.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new.png.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\VideoLAN\VLC\npvlc.dll.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kabul.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libnfs_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\7-Zip\Lang\ext.txt.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Windows Defender\it-IT\MsMpRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_disabled.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Panama.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util-lookup.jar.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Rangoon.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Bougainville.exe.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\Documentation.url.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\7-Zip\Lang\lij.txt.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.exe.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d9_plugin.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\44.png.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Java\jre7\lib\management\jmxremote.access.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Windows Journal\Templates\Music.jtp.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mac.css.exe.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\timeZones.js.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ndjamena.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Microsoft Games\Chess\desktop.ini.exe.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdcp_plugin.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\css\settings.css.tmp C:\Windows\SysWOW64\Zombie.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2080 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\04bdf18702dcdd3c7be3076a89012c5715de34a8b8358c33a7d6a20a972735b3.exe C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe
PID 2080 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\04bdf18702dcdd3c7be3076a89012c5715de34a8b8358c33a7d6a20a972735b3.exe C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe
PID 2080 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\04bdf18702dcdd3c7be3076a89012c5715de34a8b8358c33a7d6a20a972735b3.exe C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe
PID 2080 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\04bdf18702dcdd3c7be3076a89012c5715de34a8b8358c33a7d6a20a972735b3.exe C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe
PID 2080 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\04bdf18702dcdd3c7be3076a89012c5715de34a8b8358c33a7d6a20a972735b3.exe C:\Windows\SysWOW64\Zombie.exe
PID 2080 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\04bdf18702dcdd3c7be3076a89012c5715de34a8b8358c33a7d6a20a972735b3.exe C:\Windows\SysWOW64\Zombie.exe
PID 2080 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\04bdf18702dcdd3c7be3076a89012c5715de34a8b8358c33a7d6a20a972735b3.exe C:\Windows\SysWOW64\Zombie.exe
PID 2080 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\04bdf18702dcdd3c7be3076a89012c5715de34a8b8358c33a7d6a20a972735b3.exe C:\Windows\SysWOW64\Zombie.exe

Processes

C:\Users\Admin\AppData\Local\Temp\04bdf18702dcdd3c7be3076a89012c5715de34a8b8358c33a7d6a20a972735b3.exe

"C:\Users\Admin\AppData\Local\Temp\04bdf18702dcdd3c7be3076a89012c5715de34a8b8358c33a7d6a20a972735b3.exe"

C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe

"_checksum.license.txt.exe"

C:\Windows\SysWOW64\Zombie.exe

"C:\Windows\system32\Zombie.exe"

Network

N/A

Files

\Windows\SysWOW64\Zombie.exe

MD5 14034bfbce6970fe18291558c7cdadd0
SHA1 90d6c0148865e81ccf20eb702c6c7cdadec691a3
SHA256 9ab8ff29644b63eec71f24cac4273a25e07c2da0581deb56cd4ab59275076a04
SHA512 df4e456e03835c6e1805ed40e42c6aa13bebd0bdc45e94aa9bbcec493b3c09222f8144d379b5fbc4c649ee846b159196ec948397d64b4a47a6ce91a8280bfd53

\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe

MD5 dd9fec56edc4d572d81ee599d9ee6697
SHA1 424d9f991cf05f0aaf281a6d9d9d5c103a90a860
SHA256 a86f8f0682e57d6115c3d1984fd7d46a5c72fdf4162f44a594ebec077060a8e8
SHA512 9260ccb02023f41a1f2b1510320e4c76d4835d7ca30366f40d984ce21b6dcf84e208fdf7a582d4e4a88101bf58a036dce18fd44eb4f410d7860a43427601762e

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 9bae1dcd2f742d5c8d9310a959d7f9c5
SHA1 77e65b7656395604d4b35504ceefc6ff461c4531
SHA256 4532c10a20b424d8d86d51bb54255e76b1b40123dbb3b03164a8122c05509bc5
SHA512 d1a2f246204ea61bb90dab6c4683c04942ed50c8c70e998f8d1d274643aa552097d331e9ad740f938f36479392e3e0b35438fd922b859ae6d87cf705b0761218

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.exe.tmp

MD5 8774b0539f5c4a116282a25698f70037
SHA1 ad8255c591e690bfc232b0c0cef9cd013eb66a59
SHA256 096821c0832914e06397e7368d1595c9fcfe835a342749ec50430e1970f285c7
SHA512 f72e8c09e2dc2fffc24daa28abbd7555f0e8cc8507ff63d4b1c673f2cd95499ad9e8d81d5b08dc1233a9b93a7633d9f785b8127855fe8124b8e914d7a871d149

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.msi.tmp

MD5 6bf68af2345e5f8282a442ff96009f92
SHA1 ba1a71a9d00a799be77a27003444e3ef2e97f17d
SHA256 d8752ce725531c56b335aa617ed2221c951e3a92f647bdee1bdb00085f374ba1
SHA512 8b3afe451a9d42918b5e583bf17d5ea592f8423b7edaa01c449256313449544bf14fbb5e0b92424dc3ad7a86f4f8640a8f8b49664b7ad69fcefaff9b6c76fb0d

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe

MD5 2d620991ac3a4f3b09a9ba0ccb8840c1
SHA1 d4ad823bc08a73c2786ae1e6526684553191b6db
SHA256 8ff69e9971b095d33f78c3deef62e22e8f97fa21e6be293f0394281bc6861518
SHA512 1db9eb8ea52ea1a72187830ce8e0abc4028053e8533d85ecedca8656ec27eed108098aeb493eef6a88490b4a319ea57de5f103c1de29f127610cef0e2c45d829

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll.tmp

MD5 b70d64abed5a12100dcba4fead027392
SHA1 0db41829607b74bdeff914507fd6c1434f7f8455
SHA256 8273304bbffe3122f8b2b81ec8b93112057f7b0a0ea47684a7c850a9cb119b43
SHA512 cee26943b379eadfa3d00651c8721d4ea0998060377a6fe9ac277c2630e9c4054e97af0071ed498c178751046c49515e3dd6ecacd4e8dcb371e824b45494692a

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab.tmp

MD5 8900b62e612f477b2833f6357e5cbf3d
SHA1 679257ec250311897990c4eb06b791d72174d0fa
SHA256 50205c91227f44f48f88c4fffc3de907194b37c8304f36416bac6e02892b0dda
SHA512 18b38138c2717790389207a21eaade3789fb56a7dee604118726759ca79c7ce319a1355968ffc0f17b547817e7b9b7bd1545ee3a448d20eb50c1bb29b6c53878

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\PidGenX.dll.tmp

MD5 aea45a09abf3375e05f2cd8ac78b3174
SHA1 b46ea47fd76fef86d54ce9df19b29ba925a89bd4
SHA256 27445c263ce2d396f56202a5b3f87c77663e80f8b3fd9fd8eccc80dc5b904520
SHA512 0fcbaf1d41b6678f791ceb828890893b68fe706ea05ff27a2ac9dab45d2740ef493569853a7af6903537021d8dc29917bf1e1f60ff1f3ab7831287e11f1dee8d

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.tmp

MD5 ada0ccb3e5035a17b699c2498ea8c6ef
SHA1 3fa4bd26fbd37c1c40571820a876ccf339c15ccb
SHA256 3a9f4aea8c5b3bf69607f97c808dc72fd1fd15ee92adf3527e01597e2c359499
SHA512 7b6f2cdaafff854f28575268c2a788c68f4b76456c02d248e60515c92ced3a1dbd1f87494b0bb68e703df4a045811782b2c3b1dbb07ecee3e695d5e3dbe87911

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.msi.tmp

MD5 8fc5d5f40f0e59ce740b19e8f92483bc
SHA1 9804518124ebcf69ee1aa0071ec37bec08440688
SHA256 ae7fd58c19e927737b07f1e5ceae8b28957c86b64e097d09110571b794d58d3f
SHA512 b3abaec6f1d67219bfd1cd50ebf6f7ba0fbd2ef20a0932bf55c92c221d3e12d1a6f5e0fa7ec64cf8c3f09662ab84a37f740d87239c9b10697acc427fbf56a118

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.msi.tmp

MD5 925fea74d5a38fea9f27ae76dceceb58
SHA1 fe74a1038c4284217ff4145ec9015381515f160f
SHA256 d72a0d8cf3e306b9ea11f7208045226235b3188ed99083810bd7f589aa227d5d
SHA512 433760e32c9cd9652d627184d932e71b3e08cb20b9951e3ec6f30e5295cd3f5f0e6cf4e8cfd7c67904fef4dcf7bcc73a5b83a430a4197fc760b109a6cc562094

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe

MD5 3e855d588a4c5fa33a31793952fcafec
SHA1 42d90e0d4b3876cecb26c475d6d6d94ec867adc4
SHA256 8cd0c84c51591cef84703d05f8dff66ba4cb6f70c6ac673c227a019bdfe073e9
SHA512 59c52270775e58b3689917ba570f49ab6f254991c33aaa633dccd2058ee3dd55af5b2c2517b05923fbf07a59dbec309eb254554846bbf8365765d78aaba6d660

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab.tmp

MD5 9ec3da932016b95f59f50d39a8de4c4c
SHA1 80bb10a5e093a64426ef2829d2f5151d3d29c6a2
SHA256 e40c1e5f23fa2337bac64d5b7ba1267dcfd15e17ffa303e7233b6ee395170bd8
SHA512 4911f3302cf3802554b445d6b1b277d6f294054ac767956c12d9a29b26daf5ec5a19935dfa1edc3c61eb6945bff9e52dbe8b56a24e909ed4685d3ba346e3a8f0

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.msi.tmp

MD5 4f0231e81a6f9c3404ca93619982bb3b
SHA1 22fb05a18e92539c4789bba89308c194df47fd3d
SHA256 9ffc5eb16d27b69e5214a3420b3544cd11203f33d0c0411e2a89ea62b50b0e0f
SHA512 00b71040c63a49038eba35706383190b0b2cca8c3d5a40b5e2be0e02edcc3232dc08f5406cacbbb8ab83a824492a5d1ae4e07e7e5ea5ed993fc144b6d9a99846

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.xml.tmp

MD5 e1ed677d702413db9abec7f37d7faa6e
SHA1 e7713adc40b227fc0141d5feace4cc4e743e9640
SHA256 be12aa0c93c8e7c7c1269ce99d4358955eb1fe68bff142191cd9d14309e50940
SHA512 f9be9a68205fc309fd01067b53e8a99182a4db9ad11afe0335fff73d0e99e546e75c3a074c2d94f797c9c6872c14ea2da5b739f7fd707b3b6ebcd28e6ac07a99

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

MD5 f2e40d1c46c4fe44726779dfcff2313b
SHA1 4629daf154a086e77b7b72c29ba84814387d65e4
SHA256 eb03fd6715089150a612f4c66ea52d356a82a0922cb2efa250c7994c822e13d0
SHA512 5afe24367e4a8ddacb07041af562e814ea1995162a6fc2209fb4e101d8fa73cb4f192516a18e5e0ab596155d468daf7a1345062064e209d351c6d4fb499dc156

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

MD5 fb8024b53402fa195e6485aa4532e064
SHA1 b562be62255b029542f42adf32ad8b0215985a28
SHA256 8f8c964f3afd3c5927cc92be64eba2bd7596f6d883d74e898e5715e75d4cafb4
SHA512 185bc4e9cb1823ac7451067fe09a7028e5ca47c81cd4494dff01d1cd5bfae67b008c27bddc565a0dc548d7f6fb6d202848917a4cf6782c0634402efcbdcef847

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.msi.tmp

MD5 b265bebeb1c1911e11b059c2f0b12c1f
SHA1 af31f784cb2581df9098e5efc451c3454e6eb87d
SHA256 72488cd3b028f61c82adf0683cb939d0f61d82f1777517b2ad6c6c39001a6e27
SHA512 9cf5362cc641f5a986459e35898f42a54d307a106837006c72f34cc8549327ad77f144d917c0244e18bd9a75aae1cc06f7cfbb67fc501f4fd75a9b2278c89a0d

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

MD5 c98259ce0bebb7466fe4ca7d12ead692
SHA1 31173c02bbe18d9ff95bc70d488113d335f1b832
SHA256 290c75cbf5f02436653905ddf5d99c67965f52f962e9c18f5078f5e1b4103ba5
SHA512 fa49102384a9d2156a4e857ac5d3ba0880b90d3143bbfa026f164084be064ba731dcf9c1147d41fcfe38ae27a29f203386b803dedb31740139cb28c8bd8bc9bc

C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.msi.tmp

MD5 8ae4b64ccea4468c1846ad50eddbe622
SHA1 f74d4dde5b0345ffd0b98ef73d4da2631c1472bc
SHA256 b048dee4a3d947e2917c2bfa3d5c51d1b142966fd2a70717c0880fe4af20fe49
SHA512 2214469eb191abae74ae60c5321d940256d28f0e5cb9c6953dfc48d9f70996b1439fe642006bc3a207cd91e7a2f117cfb10db0bcc1abd4af84f7476c141b14b7

C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.msi.tmp

MD5 2481f2340bcefe7eea09a3bd33136ab3
SHA1 4c83d0e344c7a95709b2af7cdd0f75f0bde73902
SHA256 3410e1d859293a846230d43eb2af650887e2f1c7699bf36b19a82ef87ca84d39
SHA512 1b8d8425a8cb0c181fcd4f01566fe16ef90bb50d4aba6d4570197aee573f71e59ee32b1ffedb3d2b2bd866227a9a1b08c60e2ea533831eb3f5546ef961a0e26c

C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.xml.tmp

MD5 7e2aea47e2cd4daba7a3843ba68f76e6
SHA1 63567702da5c1e62188716c041f606c5c97fd6c9
SHA256 50fa083271028f7148167c45ae8dc13655baca4facc341048c29cdd59d918771
SHA512 001f1d89bc21867f13f196ba990c739c39453200f7e3788972abfa48a29ec171f61ca8a95fb8e18d112bd95085aae77a0df29be847c0fd16f53d88f4f9ef0f12

C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab.tmp

MD5 cb359339768d93f9834aa0dfd0d8dfc2
SHA1 3821c78a9fb5a8ad30e95e8a418bc5b8f838fdb9
SHA256 6d2db1259d74965d076744b325033ce379d73b5592d9c99ac393191249706003
SHA512 17c7ac279af4682e8c4f0bd8be274fafd69ad265fd346113d4c71e34e30a31975c5e65ea178fefe3b7e113a9393feba6e6cfb3abe77d3416957df7ed2f13145b

C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab.tmp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab.tmp

MD5 f54908da2ec049f7a9f91b73236750aa
SHA1 7e535389c3d9b48e2082f115a2b2612c7b9d6996
SHA256 48a337ffe86f30022ad1531caf974cb86224eabc92b1b879c6cd850849473715
SHA512 89d2679ee9fc1df2d97c64ee4f517736696eb3a0daebab66b7e730ab38966961b1e5de75b01487b73351587bc73d73b01e835b21a1a02a782944e8610af2320a

C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlookMUI.msi.tmp

MD5 da1ebb11a6bbe821ea0445f6e4bfcab3
SHA1 91093d47b7c7eb04a92823d739bbbf7ed54aa545
SHA256 5de89202c3baeba986f26046c56f49ca377005b5c6e7114574b0a3edf89c1d43
SHA512 b136c6f51b5374fb3ebb0488a7221af297ddc910345aeba5d680ad49c849b8797dd4f0c51f94e600ed8d7bdc162f31826f984eab2d1e52d9d1cf88c3c478fc00

C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

MD5 2d808c9b963638a2a0fb24c74dc112e4
SHA1 b663190a0b53f06a14c5cb15d750ddd2a7c1ff98
SHA256 2c8f309f3fe819cff2dc88a632ee066bc11196e7bee96140a94c34a49e7bbc12
SHA512 38f23c6302f42f079e01ab98703cd5aba6062784b45d39bc09857f4b15224d232a63c8edf985bc51668531db4d278b64c0a3c5f7c9bd43d9c9894b661bcd44bb

C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordMUI.msi.tmp

MD5 49234126a46dcb11040bcc303c9c2601
SHA1 dea36dc76a04068d5edf160e672a236834988bad
SHA256 48659b90ada4f931593c87540d4805d3452d3ea88e44a972e852cc5a09affd52
SHA512 5ff0069520c70c1810d72d9cc1e095103717a25817c0fbbd471ff78b68724907ea5f579ce3d6e439c9b8eb193397709d88df3df9f8c19f64098e73c15adaa89f

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.cab.tmp

MD5 e78a0720c838b188827632de1084af08
SHA1 e7dde97e4f3805df608db4b13ce8b0f8e312f68f
SHA256 9b7f1d0cca7bf9d6097fa8be2f834dd8263f8abf9f2e001bf63e53db18a0b239
SHA512 95e35477efb97941d2dd15b794053d67abfa34f6404668e6b3f9e89c5064620a50b59ba126cbde1a4c3cc9e31523275792a9b5f297fbe8d97dbbc59003a17073

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.msi.tmp

MD5 e84ab7d8641877b55fec6f3d44da499c
SHA1 8c1e455e5359f4e180c4d3d3b40e97c7413aa88a
SHA256 367f6bc13cbf3dfe37e2dac8c6506f5d6ccd30a13db9017ed4de38bf70088123
SHA512 c1e7c414f940e4922a15e65ea75f1c866c1e2afe20bb979f48dc36763828fbf244da08e4ad9dc30f33db3fb80b22bddf4422ffc39d8765e51dfd13b6b0239270

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.xml.tmp

MD5 34e0fe91db3acdecd5de1f60f27ddc14
SHA1 5be56195c5703329f9ff47efb3a5cd827130b2ac
SHA256 b2242c394ebbb51d82faca578a9b951469bfca099f85a841ac23d3131bd10d31
SHA512 2ed3440dc55e191cdb76002b85b66f5bcdb2be36a4763dd45cbb3ca77773e5f192e7ac6474a3f3240dd632589d6cc6c31d88e62a06c272f7b53ab23cab294ee4

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.cab.tmp

MD5 9d98704b5cd93b44fa03a6f29a4eb89f
SHA1 6cb90fe644e38df412e27383f3c6f0ee3246c662
SHA256 c8756f5aaa350cac1e0ffe9b80e300167b770ddac699f1f35987f03a74a07383
SHA512 1cf27863efb61e1e44b62a90e6c3a08bb65db26739f8e8dc0444b8732efd3903d2a1e9841dfb60651f9e8b5fde3a9781e9669750e90ae4d86410bbed896dc49c

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.msi.tmp

MD5 c03773de0b606ecc4e70eae7af444f4d
SHA1 ce889c42f4afc188a18b82935c5de13ac04bc38c
SHA256 ba6f0b733e4b89aec2be0e2f83acc152b20223837b12622899c8d1399024d87b
SHA512 4ef63bcae4347761772bb4aacedff275a58018c54d11e09082ef1110c44ade1f74391ed3f7e4edfa64a9e59d4852723a32a9b7f3863e1ffb82795bcd8d1563af

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.cab.tmp

MD5 e6249b527b3a94b285a340a1748c04fc
SHA1 42752527c56451ae66aecd28d828930dce2e3f3f
SHA256 8e63236948c9a7a8413a2420a99490ed4c1395137c501d6bc9f669c942998d16
SHA512 aaeeccb19f355882d7b3798a1f7265de4774e4d2bd9425a897e4756e283f987da25c108b3846d0bcefc2c95c1727e58ac37a2b2b1d1b1ff13831386f97547849

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.cab.tmp

MD5 908345f2af95c30b76122d11fc4ebeaf
SHA1 bde4936fd45f0080b69de24eff15620500bd4a88
SHA256 101c5bf81333b82c198e1916fb4de695d4d86e025c785a5919f7e8e2b2533303
SHA512 0a488cc7ffebf81558ed0422baec0cf677fdfa34693ba450bf8af2e7ee778f337b4be26445c1a8bf0123ca97e8804a9bcc1e6a310a8741cfcf90f7e8b8b7446d

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.msi.tmp

MD5 2778dc7e37f40cfe67f1551e261e49bc
SHA1 67a38bb3374a552fa81d903d6715d2402b75894d
SHA256 b0cde219b412f62361a4249d428b884180461d14c326d04d2e1bfcfc6099e88b
SHA512 03ea1554deb3a424f61f5e47a4ff6b4256eabde247701c84f7d01bcc0022827161c3da66563f85d77f8164d49b11cac1401f130544ce52c85c5e6db93b54dd2b

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.xml.tmp

MD5 f2133e9cf378e017673b70e201007eb1
SHA1 13fdae9cff7688083f848f2f94de8f6cab48324a
SHA256 09f511887947caf03482a3670f45e71cb78b03d17515536aeb8c487c3ecad53c
SHA512 27848e7dbaec5f8fef282b3f4fd7d09398a7846cf51947702ef07b58d677f0cab65b577d618995f4e72f087db9ac9f4f87baad3398cf2a7d0e33b067f4c3a430

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proofing.msi.tmp

MD5 85d6afaf172bd9233c0f776a04577ae4
SHA1 2628b63ba1f873c709c5a35a430268c9728589bb
SHA256 ebb77e9411913389f2f6ea87405421d2e87511631d477e6ce54237e880da2ea3
SHA512 e55121a4db1fd9e7f7aeba410d122c98babfa6badd2afb4acdfef1066f6f61008e59ed3243a4875d32cc46e044341200e60925621c5f9932da499e0bab06b096

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proofing.msi.tmp

MD5 acc9801648a8ef33b77c50fd15b804cd
SHA1 192fe197b44e76c05d86e2289337baf9b3a24af4
SHA256 1e3672aa39640af42532e66d83437c08a5ffd847d6039c1bea276cd6bc850a5d
SHA512 fbe4a85dd7c054edb71c5f78cc81c74ab1c15f84532ccde5a5366352e8ccb5524360ad9d63df3fbca38fe3ea150daf98746d368ea7e52ea4c02e25d142a33f7c

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

MD5 f846f536c000eba877501f90305a61f9
SHA1 ea7965f28f17423caf0c3237e130f88686fb977f
SHA256 47d3d818b5bc62d012af36d6b3b0f6944f941c5c24669c9eba5160fa1d91f041
SHA512 746413bd3a775f36bc4168ebf2d257c889e14ad301fe562fb794aa39ea40b17d18fd92b2922423e72fa86dde852e3fe23a23c296fb8acbe0aca73cec815c5351

C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfLR.cab.tmp

MD5 53fae0d31657be4f9e3e8847b2513eaf
SHA1 941667eaeeaccdbdd2b5429b00903561b247e9fe
SHA256 f734a1ea12a2fc5a7f3e975f5a28845a2c8556f71d581409a3eaf554a6a63641
SHA512 d7985d129d43d7abd68d0d5392a36a98c4581fb941de416242366864c9a8c1aab37adb9b80230287cc5c9b172d013491ba6de3e788116c2b16e4ad71e9506e6a

C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfLR.cab.tmp

MD5 1f0f876f18fd5958aedacebdb4d3c889
SHA1 f1ad0f21cf8f450874fa97e8f033040e66579a8a
SHA256 3690f25af61ef6ea19749e08f36a9ff6d15b50fe96eba933a1dc451325fc76fc
SHA512 55a79aa7b0d79b7d2207c0194334075241f5d2f5471c53b4687afb994d277fbf13ccc5b56a8a24db6315fe5878d9d03b4213faed809baac4b44fcdd06b43cb81

C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfoPathMUI.msi.tmp

MD5 8a5d0686ed1bd689ef718149fb546d4f
SHA1 3090c6893ab8a5eb816c7eef4ad89641b09e32b7
SHA256 5a4dddfd98c2f61d9621633b2b9f123689f5fc513688ad18b31fa12bead97371
SHA512 5610f589efb88954e8845d863eb226e9d07593bf9a2daeb5131d1283ee9df91c0dc8626756319c69797ec38534db593a5fa627e8916b12fca174a3c161278c09

C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfoPathMUI.xml.tmp

MD5 b775c8e7eb153f1cd1948a79324f7979
SHA1 b7f46cf81d92515038b9b1ca6730b019a54ebd3b
SHA256 787035cc55b25d3998bcaaf5c16c6560a614288d9254a8e7879d4a52f6efdcca
SHA512 e05840c058285bf6347c97e3d9889779dd1a16bfde3aef5f55583bb4315683aef614ef528bc9d8033ed079c2968ef470a97bdcc71eb81921b451dfda05e78d8c

C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

MD5 f0c37e30751031f5db3b5fefdc7f6263
SHA1 00caf39af4238c317a5776fbdbaf2412e8178d7b
SHA256 966052b33f76dab664cccd5ac33b03074bd12113c0ad26e0d108704eed25346b
SHA512 973ada3e31e56193921a373aa4cd63cfba618d7d80af3f528a422532e6bdbc58f4310008b8acf4b8a0dd0efaa198ae58eb5bc077bbb8f596a75b1cda5a8cae0b

C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OneNoteMUI.msi.tmp

MD5 1167b57ffc7a4939876ec6d90d0381fe
SHA1 84bd99c114573edc354b2ac3cfde97632b1f93e5
SHA256 19c14980cd33a754e313078406f49ae99e17c54299c89ec7a645c5d1e0433698
SHA512 d0c117996f9b730f19fee137794827e5f90679a4d232dc430af51322c5daea98ad6fdde15786364af5dd4d6cff02743c08a00019a3683a6f68800716d23156e5

C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OneNoteMUI.msi.tmp

MD5 215245d2396dcb2a917b462675a07ed0
SHA1 07ffb3f0fcf9ffd8df90e1382362803ec1dd47d0
SHA256 39f8b28f095a95781e85da57de716181a46444ad918cafd214af0b2fdbf4fc52
SHA512 70b867d54ddc5ebacdc68a10cce5650c8f6360e47dd9b1ce219f0a8e5d8bd619708e5909dc6280f288a56a1f32db93f61dc87cd5417f48d40590910152db2abe

C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OnoteLR.cab.tmp

MD5 e4b88805bd7654e5df4daa7cdf2c0f92
SHA1 0f3b655a2f9e924ddcf2c130b17870e38af2b76c
SHA256 6c4fbd73a8baee7da89b0a3c75b35f0440e2787759475a4d11b8cf191d7a82d7
SHA512 16b25c2482c7eae0e33eaa2d07bdc25c41a49e05c24a79782271d2c2d874c5ce8145e0bc60e4d31cd0212d2ee811946d140bd11424bdbff4b324cb5f5cc2f77b

C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OnoteLR.cab.tmp

MD5 84bdf69d949c4d7097e879e70565695b
SHA1 3ae7a749ce6e8d07f2763284eb39544e51e8cd4b
SHA256 ff45d8ba99010dc1fb877f2df5b1682544ad7a9b5375f0f2a8e8599695dfd60b
SHA512 88ca73ab8e2529839bd53f9d2714acf05f1b88aa8c0995e9a2c0a38b8910c387b1b041f0eb22b034cace3f7dc89297e82a6048f4a306ac0bc288be8a0ea4c0c2

C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveLR.cab.tmp

MD5 e6fec7b7700d61215e12e1cb6516f32c
SHA1 fc83a93c7655597c4d593470b1fb7bd32b8eca4f
SHA256 7e878231a620a06cddae7a0326a1119cb25f7e3f4ae4b0a3b0622f4a06179e80
SHA512 5717b7ed9972a531d2bc7c2302f15c2516a782782a4007080e70a1c17a528b1ac5240a8049f8a89d88f0d7f8b24531f1a7e18e78592a8ce1b997971de1c95841

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 18:17

Reported

2024-06-14 18:20

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\04bdf18702dcdd3c7be3076a89012c5715de34a8b8358c33a7d6a20a972735b3.exe"

Signatures

Renames multiple (5051) files with added filename extension

ransomware

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\Zombie.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\04bdf18702dcdd3c7be3076a89012c5715de34a8b8358c33a7d6a20a972735b3.exe N/A
File opened for modification C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\04bdf18702dcdd3c7be3076a89012c5715de34a8b8358c33a7d6a20a972735b3.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Internet Explorer\uk-UA\ieinstal.exe.mui.exe.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.dll.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-100.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Client\AppVLP.exe.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f4\FA000000005.exe.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-pl.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Formats.Tar.dll.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\ReachFramework.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\j2pkcs11.dll.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Interceptor.tlb.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.Client.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File opened for modification C:\Program Files\Microsoft Office\PackageManifests\AppXManifestLoc.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ppd.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-100.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.Interfaces.DLL.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\libpng.md.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\PYCC.pf.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial-Times New Roman.xml.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationClient.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Mail.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f7\FA000000007.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Accessibility.dll.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\prism_d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsFormsIntegration.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-pl.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\mscss7es.dll.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\instrument.dll.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_sv.properties.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\tzmappings.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\msoia.exe.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\index.win32.bundle.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\ReachFramework.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-180.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationCore.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\ext\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelInterProviderRanker.bin.tmp C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\04bdf18702dcdd3c7be3076a89012c5715de34a8b8358c33a7d6a20a972735b3.exe

"C:\Users\Admin\AppData\Local\Temp\04bdf18702dcdd3c7be3076a89012c5715de34a8b8358c33a7d6a20a972735b3.exe"

C:\Windows\SysWOW64\Zombie.exe

"C:\Windows\system32\Zombie.exe"

C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe

"_checksum.license.txt.exe"

Network

Files

C:\Users\Admin\AppData\Local\Temp\_checksum.license.txt.exe

MD5 dd9fec56edc4d572d81ee599d9ee6697
SHA1 424d9f991cf05f0aaf281a6d9d9d5c103a90a860
SHA256 a86f8f0682e57d6115c3d1984fd7d46a5c72fdf4162f44a594ebec077060a8e8
SHA512 9260ccb02023f41a1f2b1510320e4c76d4835d7ca30366f40d984ce21b6dcf84e208fdf7a582d4e4a88101bf58a036dce18fd44eb4f410d7860a43427601762e

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 607610ec64e45c15ff7bb4d6d22fb2bc
SHA1 2fdedfdf78bfce99c23a25948977e8a09245ba2b
SHA256 b2f0366d1ce651e1b480e284aaf08983e7786feabef9ba68ff7ef0ee4099d2c6
SHA512 815c50ac052754bffd45e3f826daec45d28fc61a34fa3fdc2de9657a5774ad5b2beefba48221faa4bccfc82f9283ee89167a3f6b85fa9ca4bc3c1457c583a8a6

C:\Windows\SysWOW64\Zombie.exe

MD5 14034bfbce6970fe18291558c7cdadd0
SHA1 90d6c0148865e81ccf20eb702c6c7cdadec691a3
SHA256 9ab8ff29644b63eec71f24cac4273a25e07c2da0581deb56cd4ab59275076a04
SHA512 df4e456e03835c6e1805ed40e42c6aa13bebd0bdc45e94aa9bbcec493b3c09222f8144d379b5fbc4c649ee846b159196ec948397d64b4a47a6ce91a8280bfd53

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.exe.tmp

MD5 6bdfece213287816c5c5483368615483
SHA1 0aba01d8730ba425bb8d903eb86e92b466b20103
SHA256 6005f3f862c9095e7cb6a119c1504f601c80d43f1d94a757a353af8ee872ef7e
SHA512 ae4110f10a40f25c87854a11f9c57cc22365b42a2c6206569731045c01677aa0eaa4b9669fd013362ca09aacdebcecd0ddb083a58cfd1619cf27616722bf3edf

C:\Program Files\7-Zip\7-zip.chm.exe

MD5 54c5246db0f0ba2429aa0296e9d07319
SHA1 320fe0dfd1a418e06530f1f4c00329a1779b20d0
SHA256 dcf498b68015c9f774411f2aed91b2a684e60a1bfcdcf575a4e2bb4b04a31ee5
SHA512 9330ea2a90898612dd97c97cf0e1043b23880245b603a6e6fc74609429aae45aadfc5048db1d459ce7d57baa28ce4d8d22a44c0bba98220b68d49f78ec8ae434

C:\Program Files\7-Zip\7-zip.dll.exe

MD5 38597b673c7a16baf4b6e900f6444b17
SHA1 f086e07c4ca234646c1c30222d28162a9433ceeb
SHA256 97a816bdfb1cea43777a151d6d9b62943750b8cf60ecea29dce858fcd147a6a2
SHA512 92ac4271c67c91490d354cdbdf650bdaf54bca16c9810cbbaef9ce4d3e927f356b2d81faf3054da425e2fa3e071e5e1c7077d66f407872d348a551a977e91750

C:\Program Files\7-Zip\7z.dll.tmp

MD5 a8b155277d031525a70a70f3c3a74d71
SHA1 2cc6f26146d432c13f8625f315110ec33cd918f7
SHA256 787a3692b1111211c59d55c5913b49a04e1f0be8df02faba85b772f92942fe32
SHA512 338c7504cff353814be02f771a455de64e1d284d93a636107b35f9196ec46dabb02eff93fff184a8e715797711f328b7b16d25a3b36c7804a314bfb166e94dea

C:\Program Files\7-Zip\7z.exe

MD5 15eede6c36460a3d3cf6b683b40fa63d
SHA1 c045eafb46d3e257bb2584a393d046b4e3bde836
SHA256 6d4f1279db3f6f3ebed2e3439b90eff2d7646348b91f61c50b1d38ce5c3efcba
SHA512 0bd973213f1a34c79460de596bcfda66f524da1e6499c81e2135ee78ea2212da14e4b934cc7a3bb0050e5fb274ad0fb64af8d7c1f44ce12e6502e47d3593556f

C:\Program Files\7-Zip\7zCon.sfx.tmp

MD5 537ef869dafc78a07372df6b0e8b2e91
SHA1 1e89905696866cd6cfc9f9cdac529c4a2dfac9a2
SHA256 75be1904cfea74cee1dbb344f698936e3b696c47506c213363890155f633b56c
SHA512 d95c2371fbfcb8aee30049936a1689191453fc0b9147eb771d93ca6e740014301bdf332474e8f02c741e360b95805551f7561104eef0312918ec078bb909b96c

C:\Program Files\7-Zip\7zFM.exe.tmp

MD5 80e76792042e2d477af197245b2de0da
SHA1 56b448421a9f9ee1598abf4cf39647f38569f425
SHA256 c6bfc3388a18860756c953f7d57ef448d9f0e7103500c9d82f6978b6505abfc8
SHA512 ddc6d6bcb76f07ebabd93fcd7bb4a21dc4258a4af87411914489055cf77928b36818645e2d969f26681b6b33aeef143eab1c6ab4d749810c90ef26a72c313144

C:\Program Files\7-Zip\7zG.exe.tmp

MD5 957fbc3c6df8be114d201e3d58f59d2c
SHA1 c0bd2990439a1f0533830e05959a548b518f12e5
SHA256 cc695a30e71dd879ae642bb1fb3a7d867cff824b8aaa4efd9b6654c80d0735c9
SHA512 0111778107f69d7e62986f598f242989e472854a7228b0464a9f9e601e2c698dc7ad82d8f7c0d3ef4d62e142f915e4e8f4b101a54ca31421d4e9e5192d9a8819

C:\Program Files\7-Zip\Lang\af.txt.tmp

MD5 dc1d1213cdc42b28d39249a05ff2e914
SHA1 3d1e64f00906a818cb35cd33ebcf1c1abd9e960f
SHA256 1a3def2521518cb82751f9ff7b0e2c1b20ca1d878d10bbbf258ef194ad9fc144
SHA512 ec0fe63563c5a34f13ccd2efd1905374814b0d996af88c37c2cb0cfca044275e45ca3999993f223adf2fdd0377f20c737d6947404bb36472ab65ca8d00e65ac5

C:\Program Files\7-Zip\Lang\ar.txt.tmp

MD5 74e81c7795970780d9125eade9d1fc7f
SHA1 c13131f5f0b5c7f139e098d484747db405c74cd5
SHA256 6c9c038d237bae781b980be1535694f27ddf892e94367751355ad98c0d92c949
SHA512 b288ca4f7278c4dc3a8fb6a5c5e2821770dabcdac6c5f1c340e42ba1f64a97d07400be38d101b24817dfecc96010d73f6eb9744d5e2b6f18016ecf553654094c

C:\Program Files\7-Zip\Lang\an.txt.tmp

MD5 7e68429fd27f9b40b4335794b560d2b6
SHA1 83276999f99dfb6994fef20a14dc33f00cb5418c
SHA256 99f15990b17d8dc0af1e709f9480025698123068b7afe3bcac85fab3647ed038
SHA512 47341eb98dd26de5eacb11583bd5a2b332c05b4feedc1e15c9581267724a1c6e988c8a88f4b6d497424f8975f06e180ae65df0ed1b64fe1a5bc61c3f2e1e917f

C:\Program Files\7-Zip\Lang\ba.txt.tmp

MD5 7ce4efc35d2a6842fd632b1be7bd26c7
SHA1 aef317797540a7600d314422262cad85d37e6bf6
SHA256 087b7beb8ff8c8b763ea2a70884b468c33036652456f617f6d58165674de641c
SHA512 214841633cf41f95847ac8336bda4c83209a7632edfb70cf84fe89930d78f79a9843fba8782f0d8e37ed00609d0e87cbdcbfd6c023a0b72d29aa17736b34f488

C:\Program Files\7-Zip\Lang\bn.txt.tmp

MD5 3afd7d37651654f05dbe6b146fe7ca16
SHA1 e355633b86f8722f1d93bdf10e322e8051fe4766
SHA256 e1d7b83399f9aa98b0281eadbb27da3b6f68f7491b9e758fda02d4662414b830
SHA512 4c4f0e5dca048c458262c7c38366b52f3a04b8bdcc4750f4a41377255d9784e8b8ce9365395da04beed70c56b925a7b2a8b777b44fd6af51deacdc7a14cb5e30

C:\Program Files\7-Zip\Lang\br.txt.tmp

MD5 2ed48dd85722f03bcc53a3029160bbd3
SHA1 80dcbf2b08dc1dd7b58d17ce5b8311b29933cab4
SHA256 3b527082e73b217148157b14484c25a749301ba8bfb73ded7dbd49645fdb51d7
SHA512 e0208f153c482c6ddedc72b150098d02f80b95f74b8d68a0d1237ecfe1499b53f6c642aa64b2c743732a5505ce7b8432418a69919ff0fb0a33f7fb3dcfbbdfc2

C:\Program Files\7-Zip\Lang\co.txt.tmp

MD5 f673471ddb1ebd3e642a9dc86da49de5
SHA1 73224fc8e4308f6132c0e8f4079437863cdbc1c6
SHA256 bb70a11cb5716fa0456f66d8cf7e6ec9dcfd184e813f0e375c033ab61a3543d3
SHA512 7a5351b571d2ce69d421e1f094d6d9434cbce6a9a85b9e26fba87511bb780d23fc2748b073417ad2ace85967c48fe08b10e132b42253ae3532fc4572b947e106

C:\Program Files\7-Zip\Lang\cs.txt.tmp

MD5 a8d2b3b1558d36ef7ff229b64bbfafce
SHA1 6d0237a77ec8de4e6ca2f1d1d36240387f784c1b
SHA256 eb6f9a518001b11a3ee4d77cd0861435418bbd7b4dc1aa192dd4024bda666b8a
SHA512 6566cb8d52968378541fe4a424d340dfb91aa91a4762617c2d80fd7335915e7e85f66e43fc92b0c9942eeee4dcc15f348cc0546e37098fc69041f1159cb973ca

C:\Program Files\7-Zip\Lang\cy.txt.tmp

MD5 99144697d1e4e6ce66b37d483471dd81
SHA1 c5179dd44117bd27b0dc718cf90e7b039192d073
SHA256 414a836f9a9d8977386389d6da5fb9d9fe4dd20754fcb1b1fa52471c0768b6e8
SHA512 4c7a6f588482cebe82daf853ae99feee1e35c03d48d98b194f90bdf286bcf9fd2f9d46b1e88b089cb39f64f24226babc9b07e584cc27c3a5383abed9ca89e84b

C:\Program Files\7-Zip\Lang\cy.txt.tmp

MD5 a4417442ac17ffa4dacc08231627bf7d
SHA1 9dcfc72bab3495eededd2171b338dbf09f0ace19
SHA256 97144adad59f6bdad7a2b6362443dbeee48604c9af5585736f685225bbd578f9
SHA512 c2403d96880fd9e98a4ca6faa81e3582c219d7ef936b88a02b348d8452cfe034da05bc99ec6757d7972122b0a3ca742c6f32292e380ac6ebc5ad4eda5eb50c31

C:\Program Files\7-Zip\Lang\da.txt.tmp

MD5 f660af40834b9c05cb83247a9552288b
SHA1 bb2df5731bd94ba5f0b3b736e745ee6f582a2efd
SHA256 63e073a804a146f80138cafa9cced3a55382ebfd920dfe3c125cc7f5c62eee95
SHA512 66065ecb22c7e4a30d48b311630becbcc62a2aed13afbb57c07f9def5e28ff906d755ca868ea8fc78fd65980539457492b9ba0c482c09fd2f1a1b72e937b87c9

C:\Program Files\7-Zip\Lang\en.ttt.tmp

MD5 54a3ba343c496158637c015cf4a6cd12
SHA1 8293d70fb6596a04ef3164cd4f1e9dce82370bfb
SHA256 2d6b316e77b11ccac76d145a09b5635e98bd5b783896e9782898e2d252bde7fe
SHA512 36e3071f0f33769fb02f5cd89536941b8582bb0e2dde3391f68020ef9f4378036f96b02bd0ec33687b87106328e8666c8ae72e9e68b2a0b0dea90e3444f4af63

C:\Program Files\7-Zip\Lang\eo.txt.tmp

MD5 6f1bf5b40a52386974c052f437ceb9ed
SHA1 a1b445cd0f5e6d610b845eefee6b4757905d4686
SHA256 9b59643045deb9a013a8a0dafc13595fe2016073f579775245795610a6d822a3
SHA512 0b9053c17f7d238999f76b50b6af9697afdcf87c81d7ff1f3f12be544acf4fd372b94e6f7a78e78c683c751e137d41f1f4df1ddd5bd46670f37136cb538702eb

C:\Program Files\7-Zip\Lang\et.txt.tmp

MD5 b4dd7f03d694dc1b9d0a2d3633a1bc8d
SHA1 c0ee1c9b04574dda1a350ee767ab78bf76688582
SHA256 8f5c75fd0eba972b5f8965906bb1ebb65c1b12606b796aedcb8e60dedbb54b4a
SHA512 77206661f2a4884335fa62286f2f57b73f82553d4b0b1788abc109474bcd73b7474ed7b2dee2090d8e370e746a696cd229319cf12f73357d2160dbc4d84a400b

C:\Program Files\7-Zip\Lang\eu.txt.tmp

MD5 dba433a824998822cf573a8b2fe2aca9
SHA1 54b9cda755714d0ff670fdadbb1b690fe8db43ac
SHA256 faf7d07320e0795f71e9f5c523a68ac3575d801c41be0251a103c7b40002e013
SHA512 8dec0ee5dbb798902a36c53762371a90edf8b477b5ecf98da1043ab4fc3d1b8467aae9cf30fdb59ce40e9e78df4f28c9bd5eb41e522f480cdd4f6d3855ac92bc

C:\Program Files\7-Zip\Lang\fa.txt.tmp

MD5 61177bb3ebafd7f090ef527e17128305
SHA1 e1543ce972658e9e4df175d2b3646c0e4e9b5439
SHA256 1971948fd3690b6b26660d928b907b6b1a1dd59c24fbbeb26b2c25046819e649
SHA512 22e4257eb8bbd593e970a616585b207fac165f28a8898e772c5a24b9a95b1ee31665773d27264460f8cbffeec64eb7b8efcba77ea7fb296b03600e11df614930

C:\Program Files\7-Zip\Lang\fi.txt.tmp

MD5 68740ec73efb7d57c0544bfd8bec516f
SHA1 81f2eb9975daa6706ff688a3554dceb0ac18363c
SHA256 f728ef50719bc7c4fd85c8aa0ad5f54d8a55c9483da8a12b11e3631bd3b82852
SHA512 d04ca082f90e2b297e96cf72175add9756c90c4dbbffe043b2c5b1f6f314d0b0810f0f72448693d8977ccbc48b3c8229a68dd5cd2ef31c659030491f1ddc9840

C:\Program Files\7-Zip\Lang\fr.txt.tmp

MD5 24ee0b4ce988feae4a58f831f176ef39
SHA1 d6ded24f0d21c7ef222d55bef62297f0b4bd0e24
SHA256 559d8d1eef0d0f99ed06d9abafb9edb42bbf11e978f818e9c0781f91d773ada5
SHA512 a28afc9482392ce5a26e45fa2b4eb9ae9fa221d6f75b7d4944d125fc1baba83ae65c8a7526415cf9ecb82e241d1b30a63850330d6bf2c9891be643fe8c6a9135

C:\Program Files\7-Zip\Lang\gl.txt.tmp

MD5 4538bf2b16f4fde1e0350ecc1b5f860f
SHA1 3008de37753d57355d67fcaccf431cfd63e8bb84
SHA256 076f715afa0904712ea7ef4a1ceddd87ad9f6baa0c1e397530df0858dbf6e473
SHA512 06b31a8b476d62abb11e01a13c567905589361dc0df5230e3e3b3bd1560c503ee8f4d578e78c2310eb99380e393fa49c512970a306947f5a5876a2f50cf874f3

C:\Program Files\7-Zip\Lang\gu.txt.tmp

MD5 8102c6e959a79577abf4aaf2fd553a9b
SHA1 a3af3d2546a725cfda8a01875240e50f9331278a
SHA256 3528d1c83feca1a58c0d270b6a2dffa51504f7256aca315c9d916c717e560889
SHA512 e50c0d14550e52116b27d07566838d4d31693624fb75b15c1cc80b4eb2ef02ce9bc8d33551a25844ea412570af898d7e05e453bdcce6101feb3f390862551aa4

C:\Program Files\7-Zip\Lang\hi.txt.tmp

MD5 1320149b83589cdb4a8010bdd61e0d00
SHA1 a008586d0eb0480f39a2c0bba5c538f35249e0fd
SHA256 e7639002fd361e8d1449109369d6ce19460e62b90bc36823e7540f4d0214b94d
SHA512 99409383d28f50f0bbb62c4c1f811fb5b3ab61fc6311a8dbc5266b3c0430669dfda86d181b0fdeb6347c645d189e27e55fe645240441e68eb76ee6cf66d5c277

C:\Program Files\7-Zip\Lang\hr.txt.tmp

MD5 2d8b23bf108eb8372569d08827308f51
SHA1 c1448786669689d004205fdc9fc9c719cb2e6c0a
SHA256 a730bd98b27d59ab7980ef01cb16a0cff50dd25ab4ad9edc80c5a62b398abafa
SHA512 948cc67f97186cc7df9f0e3314c9098edb0b3e5fefaaf2f3004b240a5e549815198c879fc455f72330abcf3cec7d93c6c977f722e26f1d7899db1f9b2e47bb86

C:\Program Files\7-Zip\Lang\hu.txt.tmp

MD5 b81200f7d3e0fff202d668471113cdd3
SHA1 2ede075c16ff750f1e283d7c505b7bc73aae89db
SHA256 27c9e358ddc30501ee03876a3f1e74dd22e870d28c9f926d13db0b044f8a7b94
SHA512 48816898bad59e0017606a9e711e34b0372fdf78d8629ddc579cd68a5385b9c7b00b6d09da098ae9731f45b20d36dcb5a4ecfba6e546eccdbd37725d49ff03da

C:\Program Files\7-Zip\Lang\hy.txt.tmp

MD5 547ebb0e211fa722ffd04f6ccf1a0c83
SHA1 ab605ca5ce72559fe97cfb2934b4c79d6ba5b2cf
SHA256 a40ce19d3bb00c9c4d0c38ef0ddc0da7343ac5c70911c4cac8f89ef9857fc5ef
SHA512 d3829a09a87fcdc2e2d05f32360fcc3e9f65ddac3483fb379d8ac59cc01f04e712c9769e41b3ae3bbd8b8bc07ce078256ad878748c88667a45411fbbc63e822e

C:\Program Files\7-Zip\Lang\id.txt.tmp

MD5 0015144ff90a58915bff1a97c0afe022
SHA1 be0391be7a069eb87da1a05b5baf542a2a011a9f
SHA256 89cf3273c847275d205dab148fa04db69df067202bdf3ef787e87a7a739b1de9
SHA512 a71410f170b78641a5fd664e15d4c4afce5edee760414829d981622cea5b70be89b05a7d64694ac3f0507b5bd19e2dca9c541d32fb78b473844cf023224f6d0c

C:\Program Files\7-Zip\Lang\it.txt.tmp

MD5 238a9414a5c5184192a7877287baba5b
SHA1 6a4ee23e3ffbe353a30fe37c493bd0d2fb3c1dd6
SHA256 2db9c9fe159dbaf0c5dca2f98ab6930c3b3d41f7522ca870897be9415c6e5b1f
SHA512 299719f89080ed294500ad00af62664a5606ac991f33198d3b52c2dbe4f00c9c0f4a585a2460ad49bfad9e16200fedcf934722ea9edd89bedad92dfef42587fa

C:\Program Files\7-Zip\Lang\ja.txt.tmp

MD5 cf0786489fa3ba7995d328fc36f6a61f
SHA1 a630a6d01c847544aaf48f6fa16cce0e55229de5
SHA256 583f1e87852c73bbb0a1c58fd991dc4e1feb93c926f407f3e2eb63c6797d6d5c
SHA512 1951ebf0eccdbd3ed61580fae8e3c31258eae407526f35ed4a9342bcf83504abafcfa4dd8c366105f15f5bf3774a20dc8b514bbeafed85e69c8af2a5af108853

C:\Program Files\7-Zip\Lang\ka.txt.tmp

MD5 39eb6591cc0111a123e756091c53ebcf
SHA1 4386a7f470763da943555219b8556ee2edcf13c8
SHA256 6452a271cb903753bbfd9509543c5b3d770bce69bf8058c7de1cef93403bea64
SHA512 4ee08895e2bc6b95dee0209a43959b963d749141d9902f9bda127c2922e3d04ab823c9a4ee1d0d3d50632d8239710e826c6a2602ea8fa26c07d09ef7bafb3a6a

C:\Program Files\7-Zip\Lang\kaa.txt.tmp

MD5 c4ca88e163edc27afe83f2dce3d1a389
SHA1 bce941eea07f5a222293cd85c7a8dd9fcab3adb4
SHA256 1f8a6c5f7f46338571a723e6c09ee15000b9137a1348846374625cf39d25ef6c
SHA512 c227ffdae49e4d3b9c2b5ae546a3447fd43e2ba3a908919ec44d4a85d2e44df2f190ae739ed5c238f58ddf3bd068c8e5936b73ca1768282c138c4bb6d962e98e

C:\Program Files\7-Zip\Lang\kab.txt.tmp

MD5 ce699454c486de14f9070bd537143517
SHA1 0e69b9fcbc4f8da381da958ecb859ce7e92238e3
SHA256 d6071df5d192d78f4eadecec811369728a4ff4b0985da95be87aed75cb16fe25
SHA512 16e227b84788d94accc4561cd876ff7044a5a69f6960d4bb0dd0a3e287771d2141c62112ac054877c0578ad0fa1bca7d87e204d3759e437fe095d8a8fc23a591

C:\Program Files\7-Zip\Lang\kk.txt.tmp

MD5 5c5380d594e27fc09fe3f7f0fd6f4c99
SHA1 8cfedd2e3a91cb75e350344c89a853a0079c05a1
SHA256 420434101c15c7752116cada6ed0ab9da027983295d2e09d126c9fce38281e75
SHA512 6b43d1f2a72574e6c071f2bb889a5e1c36b6a920999af7ca9b0982eac3786434f467f36797738f20b15f38664f557ad6a16ceacd9fa9103a686666cf2a4ea2fd

C:\Program Files\7-Zip\Lang\ko.txt.tmp

MD5 f1d39358120c338e2a0feba37a8886c4
SHA1 17c6b1d2a205749a415e063080a91183fc0748c4
SHA256 db089b9f0a51a9ea873232d97c2d2783e49764c6288278852ca7ba4473876a80
SHA512 0517e2886d92ad5b102da804d147d4fc1d0132a7e21ecc89482caaa4f98ccdbc7472023a15668b4a528a80a2c19c02f3ddc51f0bdc5f0687373e499d39d7c0ea

C:\Program Files\7-Zip\Lang\ku.txt.tmp

MD5 bdc6c08dfea8a2d1fd6b004c84d9b409
SHA1 7f10ff987be2dc12b998ed609d4bd88ab5831293
SHA256 98e94ecbb1880d5afea4cb53f421ef5daa811fd60450b29836a616eccc44da2e
SHA512 63e0925aea8c260acb83b2bf755d7e862b760f01d0ee45042576713f83ea7d5f290aade4e66de5275056e9374b5d9d765a21e077eb1a679d7bd076f636150f23

C:\Program Files\7-Zip\Lang\ky.txt.tmp

MD5 deb83a2900e9ef33afc318a8c0322f00
SHA1 978306b00b068ab9f411a34f8332d89c8e6f4384
SHA256 5d1e630eb398bc3cd0d0438f3e914835c361f5d1c5cea6a13b987eb3a9a5e7a9
SHA512 f489502738e584eeaad1369512845218ca08e8c49667e1043559817c8dd1ef49d2d6ed436a5a02aa98f80b2f4251f16ac06b56c5835e411bf2b934e8d4852455

C:\Program Files\7-Zip\Lang\lij.txt.tmp

MD5 05f7a6adac63a448ca7f57ad42c360d1
SHA1 ab1310a5e042829da7be2765506aafcb088e4898
SHA256 24dea128411b27ef8a92622ba5014c60b80a0d8c5887eb1b1eae59e646afdda3
SHA512 108fb2cc8dbfb29bde7302bb8b70ffa8daf589b20188b8927ca1523fd932cdeaff7758114ec2bd7275aa7eadb97fa5be1378f29e70bb513bf628a6b5639aaadc

C:\Program Files\7-Zip\Lang\lv.txt.tmp

MD5 c99c29dd718c3ef5a64028047e8de095
SHA1 5ee9e68901917586cb9b63ee31bc00892a518051
SHA256 90f174eeeb2d2dc5fdfeaef8eea1d020e323863a6de1b960b70a220fba64a7cf
SHA512 7353efa1913ca5a7dfb8d62cd75d77496ec90075d27232d6ded74830f6eef458c202545669c9e201ce776ecfe969da0c0d83936c1f9a6dc69ca8972606e31b20

C:\Program Files\7-Zip\Lang\mk.txt.tmp

MD5 db821d6a78e250734bb02da23f40a6fa
SHA1 6a6268c985486b2d9b6c0125d72d02cbddb1e256
SHA256 8ae1dcc537d5d26bfc5ad66dad7ca890fbeb1d535020b3f8127346a60eb77ee2
SHA512 39ff691d9adff5a69d8e94e2edb07cae42d19a8f37167afecf0d652105f117759bce91de06cdcb9600e07dac1944c115473c2ffab10936cf18a816c79e98b360

C:\Program Files\7-Zip\Lang\mng.txt.tmp

MD5 92b444949e1bd24d461a0da83c806d8e
SHA1 b8317e6a4fe4c6b791435e31dd0026243464550b
SHA256 42f5cbba889e3fd2f172391d0692ed2ef212650bcda6c505abb619a537775e9a
SHA512 10ae0a1349aa83a5ec84a39c29ad5324cf554323cc963ec80c31839432910d34b081925fa556d631545fe585ac106620bf7747cc46a0804b1e1f63180890ace1

C:\Program Files\7-Zip\Lang\mng2.txt.tmp

MD5 4b2ac4068646fedfc0ef6d368fabca3e
SHA1 1ced15cfae54536b864595620a7b8887f0cf1aa2
SHA256 4230f118c52dc1e2e889a2a75f101db918ade136040b7f7a28a28a3ed4f12958
SHA512 1cd14fb651e10c842c2e0efb6ae685397cf82c481f50a470aedffafe09a32ade6bcab2499477144f0fb03dec3405529ef40ec715b10dc03f98d74121a6ae8dfb

C:\Program Files\7-Zip\Lang\nn.txt.tmp

MD5 0c6cd5cc9c9110664373359277ee4133
SHA1 fc79994514521021beb2902f37386830909f24eb
SHA256 73007a8efc5ea8ceedab4cb945d7deb5a67ddc71dc21fa84662c148e399ade78
SHA512 e64dee3f7820eabb62de8f035d7fa84d1823e6e71856f6012d356f88774120784d9748b3ee372b6533a655f0fd48b3eb02078b382d13740dabe22d428054c51f

C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

MD5 d659895b5f4e8e841fc6f7bbf920dfd3
SHA1 6021dc314060d989375bfb4735833411e079cece
SHA256 9d505e946e191f36ba336a2c7efc18879328930829f99f6247082f7f5bcaede0
SHA512 076a2a240b0e8148a11311a01746eca451441b5a0ac02f97db7dcc12fdac66d6702bc290ce1d655925ae1ea9757fd3071397acdf68a2f6c24130768fe0147217

C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

MD5 f20d87fd87cb56686cd9ba35fc642b8c
SHA1 ab0273691f43fbbeb27546ffcfc491601c5e3c28
SHA256 edb63a93a4e3f404f91302d561d46937ebf0052191d1f80359b93e849ad1ff8b
SHA512 9091237a4e282fc3704cfff06abdc0b2b5a5b93410a6ec502a5fe127954545fca898d3ba6d89234b7ae4b8ae33e0abe8c9536c22178f6a20429aa02a957e09de

C:\Program Files\7-Zip\Lang\pl.txt.tmp

MD5 ab0e423fc9f6ad4fd16713282c73b2da
SHA1 5bae3a78618f050c8bc9ea22f348ab9da16e86c1
SHA256 0eb9c9a525d4a88f58f2703207faedd9a4edb02db38084bedc4de02ea00b59cd
SHA512 75f5d8139cdcb6d20813d5e11a4da0e4919169127e3370080494f009bc4cef97ebf11779ef27042ab56a8920c01442a0ff0c108594788aae5019670c81c28185

C:\Program Files\7-Zip\Lang\ps.txt.tmp

MD5 25df361f9041892ae80ed1816d3762b0
SHA1 e7c46fec5bfb3e9aedd7b189cea38ae6e4be16c8
SHA256 004006876206897066d1a666607b9553a55117921835e96c08efed3f5de3e69b
SHA512 677da18dfa8b98ae125c1ff2aeb9b81eeb04b6f32834dd7bdd7a2f528819f9b35445d15a76848f67659dec6b1990d8747d8cb6c47fd4113278f9d4c8501d6977

C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

MD5 fe308c32aa8d53baa0eceaad481649e9
SHA1 1fdc165adf71a57ba1df2937fdf41fd2a0fb71f1
SHA256 f6c2137a1f45dd687fbefa209e1a43aa57410a0dc0c78a9d1da9d82b8963ad04
SHA512 e3e0b3864421448122d067a0f62a7025e8ed0f48131324b19d2574c8edade254c0f1bcba2e27b3078634ef255c4c2e3a0a475844eb8540049ab56e3646cd39ec

C:\Program Files\7-Zip\Lang\pt.txt.tmp

MD5 c73384640afa803afbbc0a7a582bf456
SHA1 eae1d0db621d1da6b94bdd9de0f4f6c2245310ad
SHA256 481a4862df68da3befc541e53c763251b787170c05566a2946557b9a2152dce9
SHA512 eb168d106a6bb0bb77e8d531da6001af324e7775738d9a5a740d7b9a0125d55e3fc4a219d9ae9eaee43ab931b45d82228b2bcb64ae780ad92f187003d4efcda4

C:\Program Files\Java\jre-1.8\lib\security\policy\limited\local_policy.jar.tmp

MD5 42b52b2ff028040111c2e2488eabfce0
SHA1 74e4ac231c45abe150ef30e94616fd04d54241d1
SHA256 40423ae3c449751eb688f31bd819f9f18d9095214222e15e37ee7617890c5ab4
SHA512 e4c86a5696daa1aae924836627814d5b3820b6f42b90d7b95b38c327509d003df214fe476dd4b7c7205e734610cf7d4617f7f4c56298ba1deabdf9782d1eb35d