Malware Analysis Report

2025-01-03 08:29

Sample ID 240616-3cdppstarg
Target 85461d5f0a63c58f7eb90f55021127cce1c2b008706b0d35aea887aa11642127
SHA256 85461d5f0a63c58f7eb90f55021127cce1c2b008706b0d35aea887aa11642127
Tags
upx ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

85461d5f0a63c58f7eb90f55021127cce1c2b008706b0d35aea887aa11642127

Threat Level: Known bad

The file 85461d5f0a63c58f7eb90f55021127cce1c2b008706b0d35aea887aa11642127 was found to be: Known bad.

Malicious Activity Summary

upx ransomware

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Renames multiple (3391) files with added filename extension

Renames multiple (4795) files with added filename extension

UPX packed file

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Drops file in Program Files directory

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 23:21

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 23:21

Reported

2024-06-16 23:24

Platform

win7-20231129-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\85461d5f0a63c58f7eb90f55021127cce1c2b008706b0d35aea887aa11642127.exe"

Signatures

Renames multiple (3391) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
N/A N/A C:\Windows\SysWOW64\Zombie.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\85461d5f0a63c58f7eb90f55021127cce1c2b008706b0d35aea887aa11642127.exe N/A
File opened for modification C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\85461d5f0a63c58f7eb90f55021127cce1c2b008706b0d35aea887aa11642127.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Mozilla Firefox\mozavutil.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-execution.xml_hidden.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Kolkata.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File opened for modification C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\7-Zip\Lang\lij.txt.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Apia.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Selectors.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-utilities.xml.exe.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\JoinShow.asp.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CST6CDT.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Santarem.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Internet Explorer\ie9props.propdesc.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Malta.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\eula.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\ChkrRes.dll.mui.exe.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jre7\bin\zip.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Budapest.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.clusters.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-filesystems.xml.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Asuncion.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-heapwalker.xml.exe.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\JAWTAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_zh_CN.jar.exe.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar.exe.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\jaccess.jar.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem.tmp C:\Windows\SysWOW64\Zombie.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2916 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\85461d5f0a63c58f7eb90f55021127cce1c2b008706b0d35aea887aa11642127.exe C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe
PID 2916 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\85461d5f0a63c58f7eb90f55021127cce1c2b008706b0d35aea887aa11642127.exe C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe
PID 2916 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\85461d5f0a63c58f7eb90f55021127cce1c2b008706b0d35aea887aa11642127.exe C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe
PID 2916 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\85461d5f0a63c58f7eb90f55021127cce1c2b008706b0d35aea887aa11642127.exe C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe
PID 2916 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\85461d5f0a63c58f7eb90f55021127cce1c2b008706b0d35aea887aa11642127.exe C:\Windows\SysWOW64\Zombie.exe
PID 2916 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\85461d5f0a63c58f7eb90f55021127cce1c2b008706b0d35aea887aa11642127.exe C:\Windows\SysWOW64\Zombie.exe
PID 2916 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\85461d5f0a63c58f7eb90f55021127cce1c2b008706b0d35aea887aa11642127.exe C:\Windows\SysWOW64\Zombie.exe
PID 2916 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\85461d5f0a63c58f7eb90f55021127cce1c2b008706b0d35aea887aa11642127.exe C:\Windows\SysWOW64\Zombie.exe

Processes

C:\Users\Admin\AppData\Local\Temp\85461d5f0a63c58f7eb90f55021127cce1c2b008706b0d35aea887aa11642127.exe

"C:\Users\Admin\AppData\Local\Temp\85461d5f0a63c58f7eb90f55021127cce1c2b008706b0d35aea887aa11642127.exe"

C:\Windows\SysWOW64\Zombie.exe

"C:\Windows\system32\Zombie.exe"

C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe

"_Desktop.ini.exe"

Network

N/A

Files

memory/2916-0-0x0000000000400000-0x000000000040B000-memory.dmp

\Windows\SysWOW64\Zombie.exe

MD5 51bf70247d59b097fe227b42f4510a74
SHA1 e6f5c06d6ba50845f05d28de926f7e7398e3671b
SHA256 29b5a34e0d31d27589996ebd5fd41984bfadad9db7b0c70f4e91c2422185b454
SHA512 838e282c57246ab5027ebd63ea5ac88e9c745c244aa1510f30b4e8f587243f0e6bef315a25de9d4d83b72d6a944624bbbc9a39bf3eae5db109f505d9e16cc5b3

memory/2916-4-0x0000000000260000-0x000000000026B000-memory.dmp

\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe

MD5 deb3c512cedd4f0e9a044cef529f0a5e
SHA1 b20e585bcb3782208d260409d9429118337b393d
SHA256 f07f1e0e09894cf4de6a80382c6d41001507496ebeedeb38a3864a6b37b0324b
SHA512 23f5be034e923bb247d6b5ec88df6e7be7d17a63e5674cfdec24fbf2de17350ad3c95253a0bfcb66c9c7f1b43b252d9c62d71fb16790b05d4fff98d7e6a83f3d

memory/2916-9-0x00000000002F0000-0x00000000002FB000-memory.dmp

memory/2916-20-0x0000000000260000-0x000000000026B000-memory.dmp

memory/2992-24-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 41fcd377aaf52d3fe9b0d0ac57ba734f
SHA1 85598b47aa322a3c0fa2f1d67bc2be1489023694
SHA256 2f4ff25775f24699c65917a1a8a838f9b9dd80f636ab3254e1546221581b30bf
SHA512 2f03b7461f07ea58eab20f49120846469f666bf5b8f8d75f3bc34d8ede74c06d406eeea0b05acd005c3882e9f81553f3a83cb686947bbe5aba2a8fbd2abe0f81

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.msi.tmp

MD5 841ec5ad175012260425134ae35a9736
SHA1 cb68eff49aa555a884eb3673cbc6a69aca2682bb
SHA256 2f64ddad1be803073bab1466f270456407e4ac05930c02b7ccb3ef4602c88e0b
SHA512 6e35fa6ea81cc0e674045d1da73681d40fab253644bc87394f52ece9b414827d582a09394c9b3b838981acc657c1619e4e6744ccef7eb864eade54f22973e6dc

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll.tmp

MD5 6828004dbc1a264def7586409efe9d22
SHA1 506f0591bc117b0410c13786ead50efe3abffa69
SHA256 7ae5d10872ad9c691aed09efe1876956d2f76eca6692724e2121152b9ed7ec59
SHA512 2bc7362eacb131d96a71402fc0567ccbf6d6447a8c1770e9348dcdf67d86b2f7417a5a21f81315030492daf8ad58c075aa9d3b0d8d08c74e08949e8d1c2c679f

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab.tmp

MD5 fb7e665dc5bceb0dabc994147863ea5d
SHA1 31d19a41280bd9a0070533ec7b1a2ac180da908c
SHA256 63cd0433977962154030ca3c916f5ee20db5adf778b19564d415b6bc6778152d
SHA512 6fc42ff7bd5f874841fcda50f3eaf4e82e9e8e5e11c8c4ad911a708bed466cd7bf04e4c8515af4316dd1f4838f7126bbabde49422082ac379d4c0848436b17ba

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab.tmp

MD5 427ee68b201e475ff3994867b9d41135
SHA1 bd7e0627eb759dcf9e49792e527418baf633f702
SHA256 4d06d756c9e5226f0deb272085bf183627c2863757b83063d9db99d22a8e3d94
SHA512 6d64c0135cc245bf3b88551f677efb3831aa2feb1094fc489dbee0e3d73ad6cc19b0f7a5b8426b8d45a7d1c2c4feb2e9ee5896c1f49eb26d58bc9c0be61858b4

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\PidGenX.dll.tmp

MD5 1db92d7c83a598bc6f7019ca6de85b46
SHA1 4831ffca5f75b0cc3e962e5dcab2c391fefd4458
SHA256 bd436749229419651104d9634b2bb4997329b101f366016205da2e6526142bdd
SHA512 22400c5c3f39104c03a5ad9bb10f8c06c1b8728c94389fd330f86cbb88e73ecf0f2ec996525c2d24b3c77ab422241ff13fd8ac9946d36060656a858fbda1aa9a

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.msi.tmp

MD5 19a0c24524c3dae19068e25145065360
SHA1 23b8b338c9c9980a2ebd78a716f1fb6571789eb4
SHA256 ccb0f70174dac78af871d641d3fb0b65fab91960b2d08f58d4b8560763a1698f
SHA512 ebbdbb1e8e2e092ae97bb27a1a00576c8f406b1437c2c76778fa18ea69a53e891dbab181d28ef9181d87231bbd7ff661adf1dc4e009325301f9759b97debfedd

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.msi.tmp

MD5 036e2a8ba468d07ac5e26f272303d880
SHA1 1fe60096a33d6a3ca76ecb8b5bb0c0c7e1d23ffc
SHA256 6061114f6c82090e05b4b68c5515e42b33563cfe906e4fdf5b421fa2c037a872
SHA512 912a9beda8b6983ffa532df18edd0e75da50f07b45c877d96ba4b20928424d2d0ebe647c9e3f3093285a049ae3cc6a301016597a4b59ba43196fd56d5d30cfaa

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe.tmp

MD5 8219e56728c6f945aa28853c8e6b472b
SHA1 5592168405eae3939f2df474392b230d21c6f97f
SHA256 707a07a9bc34a5c230edbcdbe00dca5d83718e2f97846a001f9e7bf4d4a58e45
SHA512 c2e4bf22d5b8f1fc756d9c05479b17d9bfd6c5d01755d4fbc76c0b1b3ec8510d97c6ce6c345625bac338975d160f068ad46a5d825c9c6de49eac7c831636a1dc

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab.tmp

MD5 b3055c0021f115238aa447d33e950025
SHA1 97c713e3d7763df9a6295d031f0eca518a2893f2
SHA256 b9b12c9080044aeb5f433e1e3e356adc37624c5f9ee21743efaa26fcc9cb4cb5
SHA512 8d75e388e78e53f511e479b45a57d4c100d3cdc3eae1cb91adb944422b8076b6e3deada9bfd9d5e504036027d983a03432332ba82c4a1b98c851cf96e7a00a23

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab.tmp

MD5 a8e875f23c9979a42440384b22bd8cae
SHA1 3902902e4df56df14ac63804dca0b9be5a216fd9
SHA256 0730e860d94d071d38c117c3986305b8e55f12ed303037bef3561d87af5b78e8
SHA512 9bc9a49ef8b5b420da846d3d0eb0c06a078109f34971872c4b24515efef61b47469aeb6eaaa29ed6c70067bf430d7844838a8f787e6d77af29b3ad87f335dfe9

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.msi.tmp

MD5 5cae53005124aa93cbab39cac280e695
SHA1 aa8611979709562addd4fc84d3fcf05b4e2563ef
SHA256 539ba3a1a8d6652cf116ac7a74a8917ed13c6cdf092763bd91d4aaaf5cf9f344
SHA512 c49dcae5bb4cfa28e1b4a5379a1a167ac60715955254a0c7f7be1b7282daf325f8c96ccc7418b380b3171db6044272b72a75f7b9f82e14af6b93b92eeb7a9708

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.msi.tmp

MD5 d1a6ec0e756bbfb8fc5ed3d0e53b2cf8
SHA1 6b0a4c47a9b02254c7bb5a1cbab50f252c3a4b09
SHA256 fe014727f4495ef0c543d6a72cfc7100f3b592238c53eb3061b41fd80f6d9026
SHA512 d3b96f4d0426ffd2e99b69c8f66ca46bdbfa6c7b9728e341c9dadc1e24390f0a0e99445358847bdd39dbddef8ff8cff31fd4f7859ec74188283fe372aea7c8b6

C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.msi.tmp

MD5 07c89738f2855c14f71cdde144eaf9f3
SHA1 5cc29530d3f1f734fd9b74ed264b7978b4336295
SHA256 c146e1696045b37a08cccd0f82f3de3e023a9b016899c675438f5483280a11c9
SHA512 3ef9056bf807a0d1efa22b92c0624dfff9a5f199624998b7be309d4bfb4a8ecc34ed6aae0fbc63c12e14e9fc35283aec253e8fc8b1baca9fa30073b52edadd18

C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab.tmp

MD5 aed7ab68c8758a89c6d3bc0e62e39088
SHA1 dfded9e9ef380dc43cbbf73cafe2a026f9eb2463
SHA256 b58df97eff260c040938c9ed4ba773d860e7b2b76689f21ee4b0296d14c8c3a8
SHA512 e3a1f66afd325494ca15e7d475b3ae1dcc082899d502266e7e9af532c3df211b7918820771907e5f2b07abaf45df6518ccbb6a56903a262dc91cbe99d3e523a7

C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab.tmp

MD5 e7e4aa04e778dfea3ea1501ecb496b23
SHA1 6f7206cb203be6a5e54cb885d3e978cc516260e8
SHA256 24c2b233fdd63c0e8306a8e9af33b1ec8689b62dc78a6386c6087bd27212e404
SHA512 b35452733e29cba3a38df2d140f515d691c9d035084edaff582ee515f3540a02b33cb435a144448dce60eb1ddb105b442f072ff6c24eb46a103c4501b72a2779

C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlookMUI.msi.tmp

MD5 0bd2ed61cf95bfb26ef74ad2feb5d499
SHA1 1fddc5a4aeeb66ace20d2c7992cafa12dcd2c46e
SHA256 d638e1548717a457bd9afabb0a0bfc9f7f9ee61fd27c16b59a9916e4fd384e43
SHA512 7c80b58a6546aa0d3172fb1ac4bf94e29cad29a7f59b1e2a06ce42c3d0f52fcd9ba33b34b6704750c02c28caae535e3a1c4163e2011f9b75fae8b0eb11ea379b

C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\Setup.xml.exe

MD5 db4882d55fe619790cf6e028d6a75354
SHA1 4098adac2db06b32bc58eb558c2ab29805f240f8
SHA256 1fb2200dfbba3dfc7915fb5c6cf909ef1366b84726232e84c8c7f6e9631bcb1b
SHA512 bdd79b371380f302b9a408d27384a3fc4c422b4400d29df1bafd7f96ed3ede04d7893483593fc25d7d380bf56f1170661f943a2daf35d3e76bb8d0680f8d90ea

C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordMUI.msi.tmp

MD5 0cdce8793d25ac55b110a3c08c6010b2
SHA1 edfcd11c6f183e6c215e2274cd8a2c5426fdc5a2
SHA256 cf21eb6ef335072202c818d7ff28879b03ed0537271ad186860d0fbbbb80cbaa
SHA512 583e9638ab9876d7a20d8e460b218ad8439c0d0e3d5ca2cc6a4cf57c57197a8a18b7d68f0664e659a2bdf5855374e810215fc7c704882c68a5a7e55ffe6d0cf0

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.cab.tmp

MD5 b46a551b71a4a4ad2ee4ba843ad4b73d
SHA1 c70eb74cf073ec9022210c8c7933237f05cbdcc8
SHA256 93088fc7842fa7a4616ab434ff3c6c397f0e14b37829e3c9efaa2fa8ee2f7904
SHA512 5c282a6dc285684d7cf80933c4a60396f46b06aae0edc1a89a1d102fe7e14b58b3a7a37cf1c95380daed18f426c0cfc6127fb4fc0381373453fdce204cba16a0

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.msi.tmp

MD5 8f1c46940ebd7844e0861d3b927c4245
SHA1 614e387c33effc0a5fd4a02898f2dc4cac36c1e9
SHA256 11cbaa13d67af96d5518a85af6f40e0a22bd7390ee9990d200d1e6c50ae19e89
SHA512 53988246ba040873c8739d8bdcb43b777b9a7d72c4899d721090337438e3eb296bb5f651f1cc2c0be3388f6ec3b9595b40187e313b1d24763dc66350e4504ed0

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.cab.tmp

MD5 a2ba5d0c6b3d7c57a8f0d2fd7ae380db
SHA1 c8a012d293b38c8dfbaf3bba2203742d1f0b8e41
SHA256 18bc8def288941e1b857957a84087a52b5365d9415bfc0ddb3b90e1a50d24416
SHA512 d3bd912e7705bac685590a0a805f49bd4a99b22379ed020c5733700a65fed887ea40c8c9412a7d61e9df695c888d3651d1573e376bb33eb36811ba38698e0a9a

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.msi.tmp

MD5 438392ab6e19a10034457c88127c72f0
SHA1 5810217985d0268611a90d8a013f220b65713ceb
SHA256 2176b339a2be96f0925dd34052b09de1c843e5d6d474d40ff8eb611a05e78083
SHA512 8872a21afa2661ea861cd1051de800113a87542a5d901299932bbf0a530e43433ca8fc09d988f08f62251edb1af4b0d48f407b5ea73724ce30b3f1d25687377f

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.cab.tmp

MD5 fe48579a96bf4ee4e58eae9fb9e438d2
SHA1 80854c72f4ef5f943d77ee70d6780e0d7b37f4a5
SHA256 325a3d179f2b68425e998c0f86d302a50a12fb6dd3f5357e48fa73f1cec269c3
SHA512 d99ebce7c4b90bc4f702860b71848be92e8c4f4d9b8753df48d8a178288635ff6ee3ac029e6a06c0f2ea847e2c2fd21e96b12b67cf4b7a85a0cb60d48cfb6412

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.cab.tmp

MD5 eb963c99ef9c82af23be53f3dfd29257
SHA1 823a2629b52ce4f065ebd2d36a9bf9ec0374060c
SHA256 8f2f7d1ac160493a54cea19f79c870c6014a85f7beba651de32e36de9be697f7
SHA512 0d53c580ab0a10c94184e708e7a8574851b43b5e8c70da4f2437334197fd1db577cde1de46ed43a501544a24a542e1f188d335a5b539c5e6b1118eec84112ce7

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.msi.tmp

MD5 9ad2c7bbab9bcd4cbd0202226086c315
SHA1 b285060f69da6ce17cd78fe8c1989e9e2c9b0f5e
SHA256 3f5df850e11303bad646d83fd49bd4936ddcb5584d9d48c539075e6dde71b2fc
SHA512 9d7d54e5110ff2c5391501ffc7d8f86a9a1a32d20741d25de8dc0bb98e1b339278dabf7ee385113c75086151ffaa32945d66d683cc573e2e30bde818363eaa8b

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proofing.msi.tmp

MD5 6e66932094490f4250929edabd832363
SHA1 b89a932600f5fa3218326855a84d501f580c3bc6
SHA256 ac036991ea0fb934da855bb574edd194878c4dae3d96cc2f66fc00c15672b1f2
SHA512 6787446eed28083d91aca46ac0b7321f2e73c1f16cc52a64dd5da2ca0cfd3075999c140ce01194ae724c135e083cf4a40b6edbc30c6549e8b9615db6e5ed4ac9

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

MD5 c1e746b11c2a97e93daf43faad05b94d
SHA1 64c9b1c67c9625fbde2687083ae4a1ac6f865234
SHA256 72a3849710ee7d6bb66609ef40298fa29d5e7e31dcdd005a2a945384fc21d08d
SHA512 d40be795d59eb6c2c664a1c203129c2295e47b2cfe28a97983e84cb4b88aff25b161007eee7654d7afb203be91c7ca459582bb691c5879d65fff75633537fec0

C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfLR.cab.tmp

MD5 10aec9393c80ee9a25cefd01bd835106
SHA1 7e4f1f572655b07035c433a36d6124268304278d
SHA256 452d22c26f35360f8c5a01ab155f101cc52c85158a9df97a2513146603743f9c
SHA512 370422569fe77a468dbe7536ff5028c98b6fc5edce58a9bf1e63b63e064142aee283d7527f1c1149f8c5899a1eb9fe4c42a4c1e6d6ba0852a17c44b17013e596

C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfLR.cab.tmp

MD5 e060605cea0b91df0fd995570769900a
SHA1 d415053fbaaf9527144fb83800db40fcebfb56f7
SHA256 c6dfb12e8d23bb6e68412409a77351f990551f2bdd3d338eac3fa2b111d11fb9
SHA512 e7703b41d59dc95c24c5cd0a0d5326e5360ffb6f8a4d1c11e78bc11754fec38f703f74db9a4f14d593dcdb04f6c84290760f66ea7ea4c32d3185e6683f194cd6

C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfoPathMUI.msi.tmp

MD5 385c5f0b67336bac81336810c5e8d831
SHA1 aaf52874991f38fcfab3a1bf8c7a74c19c53cb9b
SHA256 00513834a6749694bfa475ec1fa2a2e0193554d7e62d8d57fd9e38a18da8a029
SHA512 3ad9b2713f0a03477fdec4092d9e504f2d5ebf6a4b6dd06fb75a4be40872532bcd39da237f26f8e79fc47c9c36e1239d907a1a675bfc172e5eea7e32cb6bd0e6

C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfoPathMUI.msi.tmp

MD5 3fe9ea8601aefa4c3b561b0838793988
SHA1 3edf7f7190638c6bac854796d5d4d1764edbc111
SHA256 26408fd5d89e957345a36070cd22d05ab9e407967b7489e10db9dbcc1df479a6
SHA512 ab174f81c8c6abb8778c56f9d52167e539fc6ab2755cb0c46ff0fb7d5f29778e07d6ec49e50d232ba7b9131e971555867f3e66b7416cb7653ee38b7b5299a3fb

C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

MD5 f618d0791e075f82904e4ffda5dc068b
SHA1 552f87c941bf2d9ae964dd768d812923bcd5603a
SHA256 40057853c000657f31a9709b3b5eb73244a0b82ea05102deac69ee6121b6c189
SHA512 fcbdaae9b33ffc826166aa4b5e6f029edd5c38be67749325a80945782fee83b7bca8041f516986b76fefcaf0b294bf8df1ad7d02fd2d0f239c497a1d093d5f46

C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OneNoteMUI.msi.tmp

MD5 03ffb96ba3517d88afe1d0a603865440
SHA1 713735137937bfebfd737caad190115b37effad5
SHA256 3c350fd03a0b9e5b23056bb72de84a0dff303c674990cdb06a9d4a30954d1669
SHA512 661ee70620e8d2c5f3f7844002988f8863f6661d47ed1a2f61a5a3e71d0293ae153e5c4ce086db7937bfcd489dd5817501c4d4395d2340da99714ac4c65fcf4a

C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OnoteLR.cab.tmp

MD5 1db3bda3474c4e42d46a0ab4fecdbe5e
SHA1 896bec6ea454621f8fdb2d20be4788a068ee2795
SHA256 746f623c7563797f622795bfacfb033328e1c0109d9e493b56d047090383c1e1
SHA512 01fbe1a975e45a8e803acaa6e3e2b6297d9d01bcee50e8fd1e94d508fa19335c152f103df88c15210b8e388cca1eadabb01d83e7ce54b4de1e6ae1d259761070

C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OnoteLR.cab.tmp

MD5 7135d02f85212f46e6b7f2aa092ff63c
SHA1 ff0e29f077786f664bfcfdcf8c5fbd56d31ed3a7
SHA256 10f9dee310393117c354b8e63529b6bf3257f20444851e74970ea5897905240e
SHA512 15459ca333753e8d486fb65a47c91215142f937f8652a968ddd0000e67065126f2afaff0a74e07327cc5032938658613419891b4ba06fc10e585f29bc66cb790

C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveLR.cab.tmp

MD5 504875d265b583292d403dcc8036dbb2
SHA1 9340ad644d2ab81e98bb7236885d518f275349f1
SHA256 5ff0c2525712d2a099d128d9d8b4c57dd228bd4b4b8fe0712fe5242e05161996
SHA512 a5bb7dc7a4dfe2537959f0b93316d02a4f7aeac757c3edec2075d0dfadab86e67cf9885642e21fe63da496aeab2bf81f78b8abcfe1f21ea897d97a8908b5838a

C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

MD5 3eca33d9054ea7968b3da7b819592cb8
SHA1 9694dde2cefbe4df982d0ba227ab23cf5c03d597
SHA256 5b8f95c148a471b4db279dfb4c4eb0b312027ba8cb6dce007d5ef72bab081ff3
SHA512 d59ac629cb1dec9b6656eb45beecce09548b6e66346f7939a0e17ad4eaa98384c7cac05415176e4f81099de68c88bbfb81694c4bf397f4df1c2d40c31286e7d4

C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveMUI.xml.tmp

MD5 095f6f78560c0f7147c39a54fa248583
SHA1 679157a250f9ed71a9f0f2a386aef473a4e1cee7
SHA256 e7d0be9198dace203ef83041d6f8bc7dd572ca3af6c110dce18717f83de42c7c
SHA512 01d8d9ea7143fe3c29e83ae1858be7be5c266c134630e5b5f59571b22f04255e2c6f43a2c9f9aa214fae277a8df69d07ca6984123b295faee9edb8ca48b04407

C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

MD5 39bbe44c6576975929246c7cb156bb66
SHA1 4ec8490dd1ed9efa98b2fff7515a99ede35d9a12
SHA256 70ac4fc481f7df383997c512ad94aef14285c982f6e8f98eb0497a3bb5203289
SHA512 44f5538b6db74ab176416be713fc78b5daef13694d48ac417b41db82a3719e32d28667693118ac235e91100af1006127550a5dff63c0e9740e75869703c5cece

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\1033\dwintl20.dll.tmp

MD5 e2a88e0cc5252059fb2991f908d1cd9a
SHA1 42b81a30156addc98ea80f461d8621b1b25759d5
SHA256 38c00c0a9a352e655fb627e5e26df99f7933cf8436f17ed11dd9d6de96171cb6
SHA512 88552c2665b0107a30a22de8a37b45b6ae344a50184e7c5df70c5b0c30a8aa65a64ccec05de6db52f05756cf8c54963a9f10f2f7a9b5bc603d6d56f70e2784dd

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\branding.xml.tmp

MD5 f9fc4b9002bf809187af8b304d1798be
SHA1 097f1114202fcdb91299358e2652e18a7138931f
SHA256 ee4d8051f4f4acf643826d426fb1ecd6574e536a154eebbc8ff5e5fedfbd2184
SHA512 8c4d88f35b887cdd72c39de7618d12e5cda19a1edc71cfd1d1da21141c5b66ab41ced6adb89b7043a20b42f64b06a4d59fe6009a713650ad6b8345ccdc764843

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE.tmp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe.tmp

MD5 f2dc98a896a6de1fea24d2cb7fc8d8e0
SHA1 376a154e6d1466b509cea35ccd15ff04d84767b6
SHA256 67239c6103abf4ce140940a3696ff978051d832de911866fe6338dacc6403c6c
SHA512 abc11441dc54f95e8d0a7766b57b684e2f7c2bacb69ccc39ee633bf946ebe0131b31ff371f8b30cbb732987f2d1c791cfbabbe4a7e5b46d32f5256f4364e5de9

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest.tmp

MD5 ea5fc83f1cf6250c70e9b43a4cd5242d
SHA1 bd169fe0dd7bd729edaf56a2c5bc1950d3780a4b
SHA256 3e45dce2da224edc88430e4769b372a2cdf6f03938b98c8661422b6ecd746e51
SHA512 3ff7facc2f7fd802164ab59fc0d2601661ddec453f79a7f5beea35fa3817763f6274364774a8a6ae4957ead61f01f35788658318ffcccd7e47036e8c929b224e

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\msvcr90.dll.tmp

MD5 6357808e29fb76e5b416ac0b587ac603
SHA1 08062d9f443e8a10614489c122238abebacb1b6e
SHA256 388578ba58e548763e8038d827836bcccba7c1dbdca20153eb49452dcb67773e
SHA512 208b976296d47198931169429c8720c03c795b7b9a7e00ba43ab4a5656901443217c3fb73e179b6d5d6daab84686136b44832b7680cabe3a877955d422c1a6fb

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeLR.cab.tmp

MD5 73597bd30dcdf108144e1d1561b485f2
SHA1 59eea31601308582a365467676a47168a844babb
SHA256 49ce02fc33744f7881e4fa43cf49faad5340b29634b86e2c2ce6eee5d2970155
SHA512 55fc41bf66e3ae599bbcfda6104315a3036f65e1af24d9c634c59b9857f39e6b08e44eff214d5b9db8900b0d8ca35c9476cb708d4f110782ddf10942ab16f7c9

memory/2916-226-0x00000000002F0000-0x00000000002FB000-memory.dmp

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.msi.tmp

MD5 4ea03c04c49537d3ffe101c1467ea288
SHA1 94b86c0b763add97e5b15130417f559041907bfe
SHA256 2d01b470cce960a245e8c78b817cec91a064c635596ef915cb57956d52926d72
SHA512 8b8be926e97885a6388498322039701b2dc62fa8d80e0eb72254dc03dec208659e1fb9313dad58dc8d45031e509044014ca2b8de74534b65369edf7844e52f67

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\pss10r.chm.tmp

MD5 ac0335b4634985e797da07c0a5dc97b6
SHA1 7a23fdca6370c124f692fbb0a915d0bfef12030f
SHA256 d965799ff876579abaadcb7f1c733f37f17fbd36095990ede93f63d8daaa444b
SHA512 d6c81c3dce6f40f26dea0f9b20159329eb4ff413e0689bd42cb63d1efa032f62395435a3b0cc7f2023b734409f15270070ec36467e7fa4a7374fedef932fc607

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\setup.chm.tmp

MD5 aac81e98a8dcb9b28cbf8b87a0d6c4d9
SHA1 10bf755be9b51fbfadaa56c4fe956c0e53919214
SHA256 10dd9af969608d10e5f8444af7676e54e8f516af0ba06c261ebf452e3ebf9b9e
SHA512 c5d4ff55f33438910843ddb6dda63ab85d29c5ce9e493f0586ba2cd56da9b913549418bebe40f56c44be483be55099382a5a50ad0f684b55500b469b1a2311e0

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\ShellUI.MST.tmp

MD5 7895555fc0867278111b868a166484de
SHA1 8af7062e7611d6f9801ac4c80a2d6b754f57ae86
SHA256 d82905ae7e80de136dc608e1e90f7aa823757829064ae907e1fa7b60965529e8
SHA512 2aa6172c771c4f84562f53f96cdf19783af6cdf50f49cf803a031f9e7ae8eda66d7252d25a70a35d8ceb7938ef45f3d712462aac8eae6bc4730344efdcac19f7

C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUI.msi.tmp

MD5 301f1206ff44f1cc52998bec865805ff
SHA1 8da1691362e8d8a88a5827429ea444e9662f69f4
SHA256 05bb37520dc8e8aa118a2a4012bd25c42b924da2a37d303c30877c7aea05695b
SHA512 33e66ed34f9c33ae26cfc48079a774b481ea87c50179c794b99cad3ad2afcb6056cee5a4eea4b4daddab273f405112c8358b9c24d307080a4a38526c0e8e55a3

C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUISet.msi.tmp

MD5 5f8be89afbe56e2fdb4222a14c62c25d
SHA1 6b48f8f83c7dd42d6ce716cb8fa7410e50614d4b
SHA256 4e795c83112414dda60e85641ef29fa89ffa9286755e31aa7689460d9337d9bf
SHA512 d5334fb105aae9b86e6265fb14c70d3ad319cb57e132b024eaba24728722d38a42885aa4973e223e3aa7bcefc5a41a7b68a02a0083c03ce59776faac3bbc8a98

C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\OWOW64LR.cab.tmp

MD5 1600ac7ce75914ceda359bac81ae21fc
SHA1 3d7ed4d2a225fda54184a448d8064e7c24880196
SHA256 a9335214b10f26d3308f8a9f7622cd14e28bf10ed37999ba50c21c9b99b0f44e
SHA512 98df76d3134cf448e33903852ecb3c8afbb05c3105c1f5320368bf04bfa8aef24c314aaee663a47f6d6be74e443af7770671df282397b96936ecec60218e5c0d

C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Setup.xml.tmp

MD5 d46c8c6c7d6ce33177b5dcbd49cb2283
SHA1 0a1fc38b421bf9edf609892ecdadd85804dae444
SHA256 9e87f394c880c6d0f3874e78a357fbd781838c8a5c62cd7b9a7d9be81184bf71
SHA512 a204407b592b2109b4cb15c6ee16a7a5609fe99bf67b55d6224ad7cdf20581a685528081d7052f6e05104ac0469c6c838c218bc55124036326b76f64969445e8

memory/2916-497-0x0000000000260000-0x000000000026B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 23:21

Reported

2024-06-16 23:24

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\85461d5f0a63c58f7eb90f55021127cce1c2b008706b0d35aea887aa11642127.exe"

Signatures

Renames multiple (4795) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\Zombie.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\85461d5f0a63c58f7eb90f55021127cce1c2b008706b0d35aea887aa11642127.exe N/A
File opened for modification C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\85461d5f0a63c58f7eb90f55021127cce1c2b008706b0d35aea887aa11642127.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\offsymsb.ttf.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\MEDIA\DRUMROLL.WAV.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLPROXY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote_win7.cat.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.CoreLib.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.CompilerServices.Unsafe.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-oob.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\GFX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\ReachFramework.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\sunmscapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\jvm.hprof.txt.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationCore.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Presentation.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\policytool.exe.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-pl.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ppd.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ppd.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ppd.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\trdtv2r41.xsl.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-pl.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymk.ttf.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Xaml.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.MDXQueryGenerator.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2iexp.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-file-l2-1-0.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ppd.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSQRY32.CHM.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClientSideProviders.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.Diagnostics.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.XDocument.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Grace-ppd.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-phn.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_COL.HXT.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\zlibwapi.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\7-Zip\Lang\ru.txt.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-pl.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Input.Manipulations.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-handle-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jce.jar.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Organic.thmx.tmp C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-ppd.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\85461d5f0a63c58f7eb90f55021127cce1c2b008706b0d35aea887aa11642127.exe

"C:\Users\Admin\AppData\Local\Temp\85461d5f0a63c58f7eb90f55021127cce1c2b008706b0d35aea887aa11642127.exe"

C:\Windows\SysWOW64\Zombie.exe

"C:\Windows\system32\Zombie.exe"

C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe

"_Desktop.ini.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

memory/4736-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Windows\SysWOW64\Zombie.exe

MD5 51bf70247d59b097fe227b42f4510a74
SHA1 e6f5c06d6ba50845f05d28de926f7e7398e3671b
SHA256 29b5a34e0d31d27589996ebd5fd41984bfadad9db7b0c70f4e91c2422185b454
SHA512 838e282c57246ab5027ebd63ea5ac88e9c745c244aa1510f30b4e8f587243f0e6bef315a25de9d4d83b72d6a944624bbbc9a39bf3eae5db109f505d9e16cc5b3

C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe

MD5 deb3c512cedd4f0e9a044cef529f0a5e
SHA1 b20e585bcb3782208d260409d9429118337b393d
SHA256 f07f1e0e09894cf4de6a80382c6d41001507496ebeedeb38a3864a6b37b0324b
SHA512 23f5be034e923bb247d6b5ec88df6e7be7d17a63e5674cfdec24fbf2de17350ad3c95253a0bfcb66c9c7f1b43b252d9c62d71fb16790b05d4fff98d7e6a83f3d

C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.tmp

MD5 a9064336fc8012a955737299148b1863
SHA1 3fbc3246822fbf8d5ee43b1a85d98c7020205036
SHA256 03c86cd10cd34a47eb9ad0966834198aa7b0b9c82283aacd06515fc0448a31c8
SHA512 3382a4aab38d06e96dd5abdf6533e384316cea5987fc8df1cff14ae8b03c359c4fa814b4c1e377309a5288281a54d75735f3c1273a616ffe7d386b412c2e525c

memory/3380-14-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.exe.tmp

MD5 10a00322c262b576203a1ca6bfc9b6c2
SHA1 22f21df6af326f0f3f3ade928565e57ab930449c
SHA256 f72c1723db929fc0fe81fd5b4aeec4defd92b8a6f366bc4a62aa3750ae4f6751
SHA512 e6361c929b78c8f844e2fe5f8670393af8eaaa496d9533bce80fcf823613527495ca2103909f9bb9ceab6815d0f78bdf92df0c1d40e3946ba205d250deb55680

C:\Program Files\7-Zip\7-zip.chm.exe

MD5 64e93c97f83470ee90ecf2460bc58c45
SHA1 5c67ae0d525b689cee119a07b2c1bfb13394f955
SHA256 fe32aab370a47c2a6e8636d2be0f023449d0edadb5bbeb8a51093a4fc8053268
SHA512 e878a86c8d7a8a2a450b2fb9ed8fe510f20e12825d02cf2a783590a4307875439a4480e3c7de138377c65621879e3c484fe23f95a577cc24da8401b49ce2cdf2

C:\Program Files\7-Zip\7-zip.dll.exe

MD5 8464d7aa7fb5bfdbca4ad397544e163b
SHA1 7bc0f72612fb142c32e795e02b45dbafdc917489
SHA256 2a1c3854b7dca5bd524df184dd4460cd4ff2b5399c8246b4b0f4d32ff4db5bda
SHA512 515565d83971f2e34dfcec4a747d90ca44e8f967965bc0b78767c69a4568cbf232c95b5ef3fb9c3fc4f547ed59101601b8b2dd04efa3e2be42f9e9997621e30b

C:\Program Files\7-Zip\7-zip32.dll.tmp

MD5 742233ceb7278ca460a8b5c259867df9
SHA1 ed1ccfaf5e88cb41796cfea2f5f3fb681d86eaed
SHA256 4d5fb07e4b0fe89c4778af2ba380fe7ffb31ea8d50ab6b75e8a4842f6c521274
SHA512 7e4e16f57dbfdc41a00d2b2886b131111312705033f62f669ec38e5ed7ce784dbf4d140af49813e83bc77a424f9ae61c0f02097baf4cffdd9aa320f33abec711

C:\Program Files\7-Zip\7z.dll.tmp

MD5 5e42641076079da5f88d7edb89b8ec2f
SHA1 3b74e4ec6074881239a57fdfbaf8a9b5c2ff8521
SHA256 e21eff4d2449f88e74725dd8a7d09db6b3a7fdebc544cf5d5a34d341b029e979
SHA512 739dd6f0f32159c12340b3ef2acf9aec88c73647c602b2e51236104a564fc94b8c42b95fa4747e3552e3270730ad7ee73be5d5bdd4d6facc1bcf9133b71592c8

C:\Program Files\7-Zip\7z.exe

MD5 ed8834b8b4898f848b44eb572e7bf2e9
SHA1 130d4fbdb5b797cd92340966847ba96a9f2cacac
SHA256 9b54aef1f992237474e2e00feb01b026e18d4cbed3f5711357ebfad9b602e99b
SHA512 b5a2feb775f49afda54a4368f5d094d9948f513f39e51041ce5a9d47be8a9bf28308fa8ef8c3bdd005869cf8c9e5c55479cc4fd87ffe8b4e3f38590d7c35fd61

C:\Program Files\7-Zip\7z.sfx.tmp

MD5 8fa97840848466060dfea2cfdc95a07a
SHA1 da2c384fc16d6eb7f80a97c4ea56953ee3caacbf
SHA256 477d4f20b98d0e59b563849440e02a7333724b5848846b610f90fdc87ba66988
SHA512 9379cb1eefa6f4d3f992e4d6d5b413e9f791b974e84b0782c49b062b092da08b9cb001aa130364cbcbb657bcaa268d9b6682dce3d4078f8bd15bdc30f6eaa6c2

C:\Program Files\7-Zip\7zFM.exe.tmp

MD5 f125918a2afca4b71f57c3f00f7ac84c
SHA1 9dce36a5c1680e693c4fab68286142933b4785ae
SHA256 7ad3494f7368b5cfa7e87e2747125db541b94356d18654697d42ce00975b3e2e
SHA512 cf8f1d6b4e49c86d1755c6d5c0fb896e0fd4b7c3a66311c5f02ff3717425f5c97f29954d0223e114e184ee8b9b5317e5962ef1300fbde4ff570e9701b8478d48

C:\Program Files\7-Zip\7zG.exe.tmp

MD5 1c178e14a18b351d13b2e7ee7742c79f
SHA1 783cbfc484f780018bce07d4530553ca302c855b
SHA256 467f11489105d795a702a3a18e49488385e3a6dffe21abc4b72da1aa959e1300
SHA512 8d27f7885912017195b9de12940d2ee539b15320f6ee3d011f306b0785ce2bca4bc679075fad076320db13d5189ad86a1cf8e97837d1868f8b5d3c9b2997000a

C:\Program Files\7-Zip\descript.ion.tmp

MD5 a2775e85c31068590b6f25fe0cfe4ed0
SHA1 4fdf6e31b7a853c280ae23c86421ce8bea99fe31
SHA256 e7c08d1f9f3e4c2e8adaf6d86141ee02ac61decdeaa8e233b79eb365cfadc32f
SHA512 1fd60845f62060f0514a6460a9e417fa882ed404dd6a41b3a95b4b3d13a3e210d8895a3cdbc6e2bae65b74d95487db7d39a90094f58c3282cdad5e6652c5fd37

C:\Program Files\7-Zip\History.txt.tmp

MD5 4780d6ba48572e1fc7e8ae36eeb623f2
SHA1 fdeff7c838117057d848e94a458ae674e914cfdc
SHA256 11aa40fad5d2e73d5090a342ede8534b762f0b0868a890061da7e6300c45858a
SHA512 6da19dae58c566f9c660e030637192fbde4923f788b466b935c7a09afe2a46ef763e1cdc6940801c5a111125a5ba67b1aa8ebe0f71068fd0332e52b8f30e76d3

C:\Program Files\7-Zip\Lang\af.txt.tmp

MD5 5f8966c436ea9b13d071fad6c88a11c8
SHA1 40a56928ff734cf6f09af598ca9b9fd76f0295de
SHA256 89828b9e2f5e5d39e180431a66a21f6c5533517eb6d606d961b982e2eed0eb21
SHA512 8b032802a46ef92808ef187c4216d2999aa9712ae883254d397523416271c160c275b4a8a7612b1dcb5a4857d4ae18aad9117ddde6100a493c69747f027edd6b

C:\Program Files\7-Zip\Lang\ar.txt.tmp

MD5 aa82b2018d69dfc2504d945b34fbd7bb
SHA1 6330113924191e74d5df28f2537c10e9c06f787e
SHA256 638b0873f3ef131bcc1239aac5a7a4da8aed66ad2ff49da111523f18093eaef9
SHA512 3e6240f9a4272ac62a801724bfaccb8175cb31ecf7b4053a8f19a021b9e467832466a0ab84dd35c252406ec895b436a6f041ac7106da62fe0d70bd3c76af6213

C:\Program Files\7-Zip\Lang\az.txt.tmp

MD5 3c694682b5ef72f1ad5d49fd574856eb
SHA1 56cd0458a0a6fde4330042435eb0415a5435b7ca
SHA256 ec002a116062b4f48da6d00095c498051b80371627e2389a7eafe3e3d68f6c0e
SHA512 7fdaf9aa33b41a4be9f291ae17da7b3f2f8c15d98e49015c15826ae0f5025fe95ab184588e6ce55ff6b6c555a791c32220d6da34b01403b6450b856907593b16

C:\Program Files\7-Zip\Lang\ba.txt.tmp

MD5 efa47aa75e551a83f0a4ff7b9882a5b3
SHA1 6702063eb2a3b371a9d8acc248289113b716caee
SHA256 a7c644beec58700cadfe3ee8454ab5916d76442abdfe23bb6547ff677f0b8904
SHA512 12ce15feb34315287515317ae7d42e3a6be790a432cbf87801fc0efeea873e5504b1ba88b3704ed33a23eb6d5979dc0c0a2b74f803472977df73fa04bfbe3668

C:\Program Files\7-Zip\Lang\be.txt.tmp

MD5 ddacc4055cb4bd49157f639862d53201
SHA1 46e4febc9788012445635e0cdaa16feff2b71881
SHA256 e7a0f4f8851e939069bb4748f96a7a2b71acef0e1b2c3e95838fc64e4b931b14
SHA512 dab63d5565793937c850c132e3017dc1ad85d4a2f6ca042c87b7ddc9b4fb518fa563473285697d559bc9b867d1dfac31a9a7cf82260569f593e51fd3bdbda1e8

C:\Program Files\7-Zip\Lang\bn.txt.tmp

MD5 bdb25d9c4a47b663a315420aa1e6c039
SHA1 2da4435cbda86a7dc7c28c799f3dde0a217596ff
SHA256 dd7fe743bc46c2e698b85b6fd9abd68d110b21ce77e2cf6bbff5a1c52bac3daa
SHA512 63231e3d2a7128aa9c4ba03ca2cb895beb388aa1196199855538361eebf03fcfb20387d3e246ee125bce93f30d7c8a8f0d02cd688aee96f2cc8559a572c44582

C:\Program Files\7-Zip\Lang\br.txt.tmp

MD5 d6e5b31ce1f501bab34dbcd9a4ad17b4
SHA1 5069f443c531a13990f78e4e4512b5f873b76bf7
SHA256 4a22fc7f3dc74b2b597100786430d8fafb647a0eb7ac2d1a71b3c73ba5a39979
SHA512 cf67a1a3c6923b51053c79fa7ea4b09ba3e5f39db3a89a046f2ed52b16ceb555f90891c80c8b603a555520e41e9cf92b2fa19c79d011a6571dede7567c963914

C:\Program Files\7-Zip\Lang\ca.txt.tmp

MD5 d80d3e4de7b92006eebe523426fe2d25
SHA1 e54e749a12d1a9b2391701159757e98d0fb66d15
SHA256 64ecb095bcc5ef21ccf5615107df0252719f1001969ee9e92836371d444a1505
SHA512 5bf1c066ae882befb3442de1f0bd0806e72ef1125b8b17213700574b28131a23025de5f24bd22c4825a894bdd6f6cad938b8f47b9d3e57536701da9a48e5afa7

C:\Program Files\7-Zip\Lang\cs.txt.tmp

MD5 1d7a416c9ea99edb294d5cb7498a359b
SHA1 e242d826467cb1f8a1304220f89106970d4799a9
SHA256 850a5c3962688ad919a0963d633d0566e772a1ced6013f085d3d92ea6cf8f0f9
SHA512 01093234c57a1cc9fec012a042c5450216fd2f58afbb7f8cc153fe455f9acc7c840d68526a4898ad64aa6276464c54e2de909dc1dc9bf0a29e62d066eeb3cd7c

C:\Program Files\7-Zip\Lang\de.txt.tmp

MD5 5f3f05d9622aaf3e241102cf8a4201c8
SHA1 b446e6d753471ac9c7b0930939b7810df270c3dc
SHA256 c136958cb23361e1805745a22f27463c8ab533ae70a11e4020038b65de73fd6b
SHA512 c9e4e89eb5d33a7a6763f2269059b68c61d209f7a0a6b05c062e9502886cc6b43309475c3473c1595f6cb10212afe7c974fee9901839ece882c5e955be5ee967

C:\Program Files\7-Zip\Lang\et.txt.tmp

MD5 a043b1b700f67c864e4990e7e3b88a6e
SHA1 aa462454c41056b3af7fe64b595f7658820b2d00
SHA256 3196477a87ae144665b96be3fd3e4b44d6f78fb477fde2a340023bc487f9d3d8
SHA512 f353d3e114b1770a65efc4b0413e6481ab54da6413ba4b4e831ce07b0e7ec207170628166076ba6c87544e3a81b4ed77d0223748bb79a8211702a59314a90719

C:\Program Files\7-Zip\Lang\fa.txt.tmp

MD5 a9176fe8c6f384ddc09fbab92a622373
SHA1 f8aed75214c34c42535468260d58987b1f3c9a27
SHA256 78da09181e41eee83eef95f66da9903be02a14fa270d8a2888d9412db52dab28
SHA512 7171c6d248be2722570059af550959de9aa3c20b954f0b3683171868bd167d4f9ee877e3c7dbbdbdaedd28017e14277cc8c5305ba5daf7052d0d12cb192b815c

C:\Program Files\7-Zip\Lang\fr.txt.tmp

MD5 cdb71ce7dd08ab33cb6137950bcd433a
SHA1 b46823f96f48f574632bffc69526f47047c146fc
SHA256 c699efd089d586663a08339dc1e6ae65fb42f72bcd8cd450a7296a2ccb39afcc
SHA512 682de0232977b4a27f9c648a36c4672fc52383e9ac52a60096db5df3c2d646c1f3a97be8e4a5bf97152dfd2772dc1d943ef6574ec4ecdc498c1aacbb293b0db2

C:\Program Files\7-Zip\Lang\fur.txt.tmp

MD5 2fb73f6663dc3bb749f5e211351e5277
SHA1 7258616803dd8f7fccfb171874ac301afb045ef2
SHA256 82431f437c50070032e9c0f65322d63b8c988134cd981466d98ec8e7782d12c8
SHA512 6f793e20f4656e0be3dc012dd70f13d00c2c4a409bac69ecbbeed307dc0c88d3bd75b20d22e06598701cb08e722fb6f674ae04bfae35dcbe39f64a2f3f4c2bb2

C:\Program Files\7-Zip\Lang\gu.txt.tmp

MD5 969ea214573d7a658b1991331fcebf7e
SHA1 d70da8a714105ca30b6712194ec56fc6927212f5
SHA256 6161635656bde709728126337f88674e585a6990a8216805fa784a09a7371e0f
SHA512 9cbe9613038c788098cffaf3007702b0f8cfcf9414d5ed0c5e356002c1cef3252a3deaa6525f1874bb4eb58d1a4817476b9301a4759b0dc43704e050294ece5b

C:\Program Files\7-Zip\Lang\he.txt.tmp

MD5 23ccde52ef94cea4511f5c502ce7d450
SHA1 081eae79cea9e7137ad90905c95f4e5ab0556703
SHA256 31e14b79c1f76c5e5c0070518cccd71c90215c57d5a409a00000e4360cf8cba7
SHA512 80cc8bd56370ffbe47dedbadd48ab1405f80ab9afac5cd59409088a460a3073f609d8834c3ae6b99c398b8b7eb8872caae68756ff5d6f25ab95c053736c53f0d

C:\Program Files\7-Zip\Lang\hi.txt.tmp

MD5 f737c2b06231529a88bed42dca226825
SHA1 7694e74fccf760a98291933620114eee554af7e2
SHA256 aab278a654035a735540a5b3e65c678f8d006f4b740929c097c74ba7af4f68f4
SHA512 1a9fdc7cbff68c2b0b75a43be0c4ee130168c0de7d6ebea6efd4711ec7a6f12be861b84520d3e226d532019a822f765181699c90ae064228e870874961c20a8e

C:\Program Files\7-Zip\Lang\hr.txt.tmp

MD5 de6065b8180b4aacbc9664e7c108bfe4
SHA1 91ec5e6a25c472d3004dacfd4a45a2b327983365
SHA256 7e74a033d12b9dc05c4a429093a7ef17345ae5203a44a6ec99756efaf4ecc545
SHA512 6abb48e3fb3d41f6aa95ab20880477dc76709dffd6d79e1532dfd0959a99f4ad6c42af7ef663f9f5836f66a9d4664b77d45c34e383a29c7eadab0ceb19a24f2a

C:\Program Files\7-Zip\Lang\hu.txt.tmp

MD5 3cbc92a4e87bfb4d6a6dc5798ba07588
SHA1 e48b6b7856135012cb2c9f3866a59022c0e7daa5
SHA256 5c6631f04b9e1f04e5d26ee9a62862ef01cc57982cefe0ba4ce1926f446cab88
SHA512 5c681d88b5b54f8f881548c8b4a7d80420d2bb94f371263de661f69fe2ba2e0093c30b389d27695f8e70f9e9146926600f4f64e43777ddd2dbd2815a1f2901be

C:\Program Files\7-Zip\Lang\hy.txt.tmp

MD5 7137f0523c0c4186629f71434f8b3840
SHA1 cd79de4e9ff5a7fe3af4ae3734dea5a140f64740
SHA256 1e32ceb8008a8663e8900c8455e23202a8bbf8a1ef99645a5e1fa548d479e2df
SHA512 91415e6c9045370f08623b0d651815ab58ea73db7572fadd772aa31ed1fdd639c63d1f0e9df6c43ed2603056083f195721358d9cde9fc81cf7f1ccfa2bdaa945

C:\Program Files\7-Zip\Lang\it.txt.tmp

MD5 e066123086fea99c583f6d83705b318a
SHA1 3109ead16d604d90d2806310f580ff1d074ddd57
SHA256 c98fe3cc7c662aa693bb968f800e3c9d5916a64f271150b92839b42fc672c71c
SHA512 85453339a592cb8c306b8637c451f1fcd5357c36531628cdadd371b229bc99bd230f0b574dd5223b8b5ba5e06f9fc85f9b3f3534c1a32f291fb1e3e534c87a00

C:\Program Files\7-Zip\Lang\ka.txt.tmp

MD5 c1dd983b76de5a5e2bdb296371efc113
SHA1 7fe8af042ed551f4aab394c5dcb00c717d90a571
SHA256 3ed67f7353c279243459c5b25cf13f37c237fb73867495a2da0b1ae57feab9f3
SHA512 6958772d2a1fbaba3373dcc2d0e56ceb94c5024e6fb77503c6a251b47e74e85b6c323dee413b4c9447177b5d77c8c49ee9177c258efb8d658d9c2775496568fb

C:\Program Files\7-Zip\Lang\kaa.txt.tmp

MD5 1ac32d9ffe6789474c8d1c58c6392fd8
SHA1 d7fbd0bdf27102037a754a85eb633177402c6bf1
SHA256 fc419b78c893ac9970f0544a225daec4f6e4f6869c2017b9a3351f09978aa47b
SHA512 329d517ae33ff77ff40580ae13f8f446e806a6ede237125c7a16bfd47ab0b7e91ef191437a4e973cc20330c66fea0ce28e1f921b6d5cdb2408c1622eba85af68

C:\Program Files\7-Zip\Lang\kab.txt.tmp

MD5 3d593c00ac2c003aa1baf3bdc387d1f9
SHA1 2d04e8bb0b534d76619f052b4e3ac85cc8c9821f
SHA256 a172639270812d6abf2ac93bf205dd02899c590d178405d643d0ef48ea659898
SHA512 027d525ff4ce98cd13c1e2e8ac0127014f20987a267df7cb9b977eb2bf8873091adde4c257bf64ad0212260e62a86a0f70e10bf7366636cf7ae9da7bc9089d68

C:\Program Files\7-Zip\Lang\ko.txt.tmp

MD5 a068186477e107fb23e581bc58b250ca
SHA1 6a78158ef5a68424c2e82d86871790c53309c5f9
SHA256 72ac6d6579a9e8c2622f6cbac7bb53b6a79bb3f8ec8050f787e1f342ce60d349
SHA512 8ed9c260a9e393aa9f80b8d64a66f3190d6bc82951502e0347dd2dd9a6e946559cd2bd535942b4c6eb52f315fc30cfc8f199c99c0c1421aac804767e6d773927

C:\Program Files\7-Zip\Lang\ku.txt.tmp

MD5 6fec6a3a1e358620885a11244c43607b
SHA1 1b0f6d63f0d4b4081f352c1626a6ac1b6ef0b46b
SHA256 02f65802755b85e879a9a9cc9e0734f931590be5c6eccc4fd57de45065bb5e4f
SHA512 296e97ba2cd0ef4c5fade356867c9273f0bbe6f88eb0fd8dd237155a897a9ed7c193144e20ee0a89a2df779103e31911db8cf82ff14785ece2f2f071983c0fc5

C:\Program Files\7-Zip\Lang\ky.txt.tmp

MD5 80271709bbd21ceb401cb56afe7cc87a
SHA1 ed37ca90c8cf1af2ed5a3a787df57de4deea1d72
SHA256 21462eb4953ca98ff4f52a3b31b256acc030b969cb9e8c2fb77584b10ba06909
SHA512 353162813ea45d67ff2bf11d7fda31832ab027fce20f5984298cffeeb0b5b12e58fd948514ceccb908835afaf8af6de3b0c0f203a55120b0c2e265d2e89f5180

C:\Program Files\7-Zip\Lang\lij.txt.tmp

MD5 2a9114e2699f415daee32f2a6afdc088
SHA1 2349de9d3595924814957e9787d6ec70f1894014
SHA256 73ba93f8f92dc3e6e1b91e92e43c8e2d454a9cf6b7dec02ec7d30609ee35c5df
SHA512 b5cfebe94cdde86f7e05f95d8010c995c53b55138ef3738e6036444ddc6c09d163aaccddca587fcf48ed3843d2c90866247f9851e34f4f0d5e1419a2cc218f69

C:\Program Files\7-Zip\Lang\lt.txt.tmp

MD5 cc5083b5b7dc7df56249f8a8b925ca2c
SHA1 6729b145ff286603c3238ec531b8caddb077a48f
SHA256 12854a9b55125dd36416732a15325db86081cba36e6cd0545aff8c23654b392f
SHA512 968ca7f0a7d6967ca1c4b5fa385fc52f00af9a2dde76dfee43ca041ce3f6252d3e6c6c3d2c70d6233de5a782820fff9d20d774aaac8c83d6b27a5b3a505e2d2a

C:\Program Files\7-Zip\Lang\mng2.txt.tmp

MD5 a1a8e1a623ee1c2a56de94f72bf83a3c
SHA1 ec44164eaa3da28d963961d98f54bfdfcc91c77a
SHA256 02d086dbfd875737614316feaef91e087a146ac63bbebb3236c7a08d86c574fd
SHA512 83afb9815052ba85e4578e66f3ea05cba915407bac0fdbf7ff7dd344ac1276fa1d735cc23f50368cf89a007fa1cf9110ffd321dbf47e9c246a89fc61ce12d0d3

C:\Program Files\7-Zip\Lang\mr.txt.tmp

MD5 a4abd3c768c0ba859fee8ca02119dcd5
SHA1 5578031e6dfdc77848683c9a47dafea773167cf2
SHA256 55870158c92ef0f4c835bb7dc6f89284ddf28326acec2f69bdfd656851276c5e
SHA512 fa76a29e0576a5f5bdb95f069cb97224de336c080d210b0dd0f07a0e842ca6a2547574c587515d42ef1d89a581975ac9cc68334808a684f34e59c4e128ee2d3e

C:\Program Files\7-Zip\Lang\ms.txt.tmp

MD5 858cdeb2be5a2453a62f2cb609036591
SHA1 c9cb93c36e4cb8e7e74769f74dd5123d233500d1
SHA256 e51d077aa1b41e5429249aadfa5f6d6991335ef87646f40894c537b074fa9447
SHA512 9857b59cdbc1d1fa17bd0409d07ebf38ed8498095c93330ae93c088cab838dcfc325d3a8ad2201d772851a2bdc2812fa36935d459d6eef0e66f9377e1fa03725

C:\Program Files\7-Zip\Lang\nb.txt.tmp

MD5 539e71144cfe955ec5a9136cb6483624
SHA1 16751328236bfd690bd6af58bf9b1fe25e8b9862
SHA256 f1e192d01fa0a934a8e17d0d4e88399d169cc9b58dc21dcd5fde067dab6a6553
SHA512 8cd7b6fa7f40bb087ef96caacf2d3b22ca2103d8aa78be30cbba8331a1bd7cdca345915f54f54e0de263c9efb03b5ad082ab9dadd908a65ab8c63c92f15a1b98

C:\Program Files\7-Zip\Lang\ne.txt.tmp

MD5 4f5c03aea160df1163167d241f4e53d4
SHA1 32db9ffad80d22a211e426fdcbaca13074b8d4c7
SHA256 5d3719e891fe20509c26cda847bda681f13f0207182517dfb06f3f03838767a0
SHA512 e70b9d9d4c621fff67bd34ff702dc56b1e3ed722d7a79519b600b7bd69e59bbb2aa0678f5f10224b8a4d089c07b1211466d05fac035e53a611051c9467fc81a8

C:\Program Files\7-Zip\Lang\ne.txt.tmp

MD5 54a4422bfa726513ba17a234b6b942c8
SHA1 36548c0a1d4ea14622bce5db073f5eeca12713d6
SHA256 f5d7a0ac9059258f9c2db19e53f574df9d1f2ba37a0ed65b5b3334675abad915
SHA512 606f77cbf699de54e56c2110212e7012707def138fe3f74ad82d24380ff47ce44ada7b8bc762ab9de997c2ab3c58f77002031e481e66efa5ba5066aa62008589

C:\Program Files\7-Zip\Lang\nl.txt.tmp

MD5 105e69e6ce1ca3533d3522cd1ec42a06
SHA1 8c8093867bb1641ac3efa8ad7eb43a4f53c5038e
SHA256 f59595ef37ec12b18194e5484dffe470e8b702a3149a7f7a7ffe3cf6cbe4b637
SHA512 0d6ac73eb315c03d156b638bbe3b63ba5ffaf6a649217e292a1bb62e7c3864554d30428687d3f3b694d92e5ef7c3e6ea66e84216bc3e0b0efa372d73a12907f9

C:\Program Files\7-Zip\Lang\nn.txt.tmp

MD5 560e6ca30c2e989aa4ae7f2aa70b29b0
SHA1 3579e36a193ed02899bd46ea520028817a1f63e9
SHA256 a6472dda16b38241e26502780d85d157b8bbc00feb9d9b09cb9204099e15503a
SHA512 c4699345dd38d2685f2d0ea74e8d01a42ea524686ce8b671bc6d003c0fb6cbad46d923a12afa53806e6f5807b60db72a9d954453b4d5a608fde997238050a288

C:\Program Files\7-Zip\Lang\ps.txt.tmp

MD5 6fe58571c5d0286ebf1654311c316bf5
SHA1 f4ebf10619baa9d641e7c454b4055b944eb19a4a
SHA256 a6ebc4723e54746048e9870900b13497cec696ac460e4e5224aedf597dae39d3
SHA512 ab38c257b5f76e8b4bf0780d07b144c0b063536db6e9a98775f5932a4c06e6c778f422c6700a29c77d4da460517a8045dc43bf0521454d60b9d2c2274c1b7fe7

C:\Program Files\7-Zip\Lang\pl.txt.tmp

MD5 bed585ee5a22afdc1f7460e7e3adcb0c
SHA1 cf11afe3d88de985e20f195cf47b13d3fe850e3f
SHA256 30032e47422da186abffc4393e5005332cb1431e4f189a080845d3f3438911fb
SHA512 c1cd799309ab4d78f6cd39d66e0621e5a28bea6d9ac4f5eba392882f42c6603627508a291928c357d940a26acaf3cffc80f2101efb01c93da9b8014e4f890267

C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

MD5 ec08c0b89095c19a2ecbcedb3377f73c
SHA1 ef259a294019ff1d872b9917f4240a3ee4ec7813
SHA256 c8490fec5ed02ca2f8f1719ddbf935e364975f9cd2735ebaeaec6c75ce1b495b
SHA512 5957e15f5a1388944d7973e46dbe61de7314cbfc95dc0e1b9419dd51fdf1bbe75cfa37d6053d2f8c88c31705ad6daad9edfdd09848341505ccb29c6e9ef5ce86

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md.tmp

MD5 3661748659d55434b9e73a1346fde883
SHA1 f46fc29d413ed9d36964b372adf27cedd6c14595
SHA256 ba1ea45c14fb45c3518ba302734b372501c3f61cba984199784196a97b3530ea
SHA512 1d3e33cd2e7801063c6d1814d9c6a6967924eadb9720f06eee2e9abeafb5d8dac79f3912963fabddb3c8977ce12b8b3a744dd4c4327a6ddacb55a9a562c073e9