Malware Analysis Report

2024-12-07 09:56

Sample ID 241113-3y8f7s1glc
Target 856516b7d0505ed07e40212f990cae7c9153743d40b3c5d0e2d3d5b358fb2a32
SHA256 856516b7d0505ed07e40212f990cae7c9153743d40b3c5d0e2d3d5b358fb2a32
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

856516b7d0505ed07e40212f990cae7c9153743d40b3c5d0e2d3d5b358fb2a32

Threat Level: Likely malicious

The file 856516b7d0505ed07e40212f990cae7c9153743d40b3c5d0e2d3d5b358fb2a32 was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3236) files with added filename extension

Renames multiple (4776) files with added filename extension

Loads dropped DLL

Executes dropped EXE

UPX packed file

Drops file in System32 directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 23:56

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 23:56

Reported

2024-11-13 23:59

Platform

win7-20240903-en

Max time kernel

150s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\856516b7d0505ed07e40212f990cae7c9153743d40b3c5d0e2d3d5b358fb2a32.exe"

Signatures

Renames multiple (3236) files with added filename extension

ransomware

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
N/A N/A C:\Windows\SysWOW64\Zombie.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\856516b7d0505ed07e40212f990cae7c9153743d40b3c5d0e2d3d5b358fb2a32.exe N/A
File opened for modification C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\856516b7d0505ed07e40212f990cae7c9153743d40b3c5d0e2d3d5b358fb2a32.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_ja.jar.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jre7\bin\glass.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Mozilla Firefox\xul.dll.sig.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\ReachFramework.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Utilities.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Adak.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Matamoros.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Colombo.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\Google\Chrome\Application\master_preferences.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\prism-d3d.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Simferopol.exe.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\Java\jre7\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationBuildTasks.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\eo\LC_MESSAGES\vlc.mo.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-options.xml_hidden.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\7-Zip\Lang\ar.txt.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\7-Zip\Lang\et.txt.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue.exe.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-heapwalker.jar.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\St_Johns.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\dnsns.jar.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+1.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Australia\Perth.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\856516b7d0505ed07e40212f990cae7c9153743d40b3c5d0e2d3d5b358fb2a32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Zombie.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2796 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\856516b7d0505ed07e40212f990cae7c9153743d40b3c5d0e2d3d5b358fb2a32.exe C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe
PID 2796 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\856516b7d0505ed07e40212f990cae7c9153743d40b3c5d0e2d3d5b358fb2a32.exe C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe
PID 2796 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\856516b7d0505ed07e40212f990cae7c9153743d40b3c5d0e2d3d5b358fb2a32.exe C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe
PID 2796 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\856516b7d0505ed07e40212f990cae7c9153743d40b3c5d0e2d3d5b358fb2a32.exe C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe
PID 2796 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\856516b7d0505ed07e40212f990cae7c9153743d40b3c5d0e2d3d5b358fb2a32.exe C:\Windows\SysWOW64\Zombie.exe
PID 2796 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\856516b7d0505ed07e40212f990cae7c9153743d40b3c5d0e2d3d5b358fb2a32.exe C:\Windows\SysWOW64\Zombie.exe
PID 2796 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\856516b7d0505ed07e40212f990cae7c9153743d40b3c5d0e2d3d5b358fb2a32.exe C:\Windows\SysWOW64\Zombie.exe
PID 2796 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\856516b7d0505ed07e40212f990cae7c9153743d40b3c5d0e2d3d5b358fb2a32.exe C:\Windows\SysWOW64\Zombie.exe

Processes

C:\Users\Admin\AppData\Local\Temp\856516b7d0505ed07e40212f990cae7c9153743d40b3c5d0e2d3d5b358fb2a32.exe

"C:\Users\Admin\AppData\Local\Temp\856516b7d0505ed07e40212f990cae7c9153743d40b3c5d0e2d3d5b358fb2a32.exe"

C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe

"_Configure Java.lnk.exe"

C:\Windows\SysWOW64\Zombie.exe

"C:\Windows\system32\Zombie.exe"

Network

N/A

Files

memory/2796-0-0x0000000000400000-0x000000000040B000-memory.dmp

\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe

MD5 ea3655362a50a03ab224bb8199e577ed
SHA1 cd00afb51707b5083d60e71d2ad58091cdb3788b
SHA256 9deb47e424174635040b2101208e3d42eb81ce700c0cce2e355e1819401e80c5
SHA512 da5e03c60bc48996e9f6a253e9f16ecfe7277d656c326d976e858f820e9ed26e422f2e740f958cc2bf87798cf37bd3af1996483f061f8a921e931aead9231505

memory/2796-7-0x0000000000270000-0x000000000027B000-memory.dmp

memory/2712-27-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

MD5 8111c6a3acef696c5869456bfd282a54
SHA1 c42669147896eda94e487052d2d07fc8f379c947
SHA256 ca5263891dc99320d2baf2db75c601b8a0fc29ced46de3bc85865717f7c91766
SHA512 fc46ef44c931b0544ccff6f9e4c1422fe79215e330505bf18e4bbf05df48f629bc34ecf54fae8f3f489c0216e4de3fbf8566afd5d39c1d1dbd38769766f19304

C:\Windows\SysWOW64\Zombie.exe

MD5 7d2c218eda09d342b62b0c5543e40f93
SHA1 03b47c8fb28c6ffa854bd30d2ff3ababafa4da43
SHA256 ca38c878833b91033bb5d3c70ddb0e7fc452ee6abf0cdf86b5b174d8136a04ba
SHA512 fb94f490c3c8c4fcf7f7a760c0d080edbbfa812029faac3eaff740f1ec1315fe3b8649ab8f04b58fa7ea212a56e924d4172453f50f8d9a7c9bb89c790bb0dbab

memory/2796-19-0x0000000000270000-0x000000000027B000-memory.dmp

memory/2796-18-0x0000000000270000-0x000000000027B000-memory.dmp

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe

MD5 4b45816cb0b15963d5f33a78fd5d1735
SHA1 7a4399b960efb51389ede8b459bf0b5e52a7d4d1
SHA256 1005353daaa62747e37fb4ac5b9dd3c63ab1af12bca135d451b601539d908322
SHA512 3dffc9f0cce4357e844e15dcc2acf6e64b75301d9a4e7903d60e379067d539a85dac08fbd9243ce75db67856659dbdfdc3a829444d11e6d9d15c90629e29e3d1

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll.tmp

MD5 de931eee9a6e2909b6d1a76fb18be5bf
SHA1 668a6e1efa12d68eb3964290a348bd1f1917d69c
SHA256 08588bbec1c072b1d1f062c7f38a399acad4d7ee5b5ae5773829a4f3181e8eec
SHA512 515b91ed1c19bc13c1f0ca5535a0376f84f63ae13422b9e708f6e7db4d84d2b5c6b6714d5a33bdaf73e58b63db8545f82803f543d1d9c698b7192fd149d59cb8

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab.tmp

MD5 ff8b85223607c749a5707db5b3a0cdf2
SHA1 002b252a4522d0b8960f635fdf6bdaf3171363cb
SHA256 11f54cc32309e58ef4622507719117379bec7c9c9424506d0fc3261b809c4386
SHA512 488cd8fc4d26fdc81dbe5529155b40b6d835d89122192954c1e23231ff4cea6fe7009cd602676cb358c2f0aee66afc92545c05d408bb288dc72963d51c1e12e1

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.msi.tmp

MD5 ceeb61ec2c7582aec2c17587e7364167
SHA1 5924b657d837716dd973fcc65b3075f596f82225
SHA256 995e1215e10f0a8bca3e3e5c8dafbc6a495667c578108a6629c2b37a8cd0106d
SHA512 725724e2cda360760cd9721b8d4c20a37a385a4d66b441427dbd8616bae523430ad841b09a09aa7f1ea034865e8d7315cce94596ffded07f163bac0c716ea451

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe

MD5 30f14f85e50a175d2938aa4193c4d857
SHA1 baf0be1ad34948e487780af7ea3cdaf0f8ab4aa6
SHA256 e416bae0fc403360e0799731daa997d1a898b10544e9ac05eb81b113fe9e96ad
SHA512 002cc64b0a0d1826667bf0548a40eb192850437b74d71e3fc469a3c74e5b834eb1a245cb53793015f5b299cffb2816ee3804a108b3cd19714f6eaf673335cd5e

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab.tmp

MD5 e73717cfbf7ba302227dcc2c96799593
SHA1 f64606f53ec7176e62249784e59e11d3089cb404
SHA256 71e2c8dd18b0ab5953de9bd44f2ab0811203375a90c87c7fbef1a7a98eac727f
SHA512 31d796095c35f5c48409183277348cce8ae75bf538e964985754d91208f51eb3be062666c1db35ccbc5d3c4e7bca525cbd15136bd3b96649663bcb806e6b494a

memory/2796-61-0x0000000000270000-0x000000000027B000-memory.dmp

memory/2796-63-0x0000000000270000-0x000000000027B000-memory.dmp

memory/2796-62-0x0000000000270000-0x000000000027B000-memory.dmp

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab.tmp

MD5 d13bd0fe8ce1580e779f23a3f5dd1d27
SHA1 2d5cbdce049bd788631ce0dd5717f107e79cd377
SHA256 deff497cd65da9d7fcd06d562137d95ebf85d832d9b36b68b53e01868e915408
SHA512 16feaa1de31222179e18d300a484f3c3529840e718b1853abae4f89babc3f22ff4840deeeff7c6e553ed20feee1502b821728049b7bdee51fe82cf7673594ba7

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.msi.tmp

MD5 125320330e826b32bc268f6541556827
SHA1 c970eccdc73a700ad3c3fe02ba6855a3e65ccac6
SHA256 37af58d917063d15690333c6df03b5169b079bea591bedb3576257cbfe29ace2
SHA512 039e817a03170abf4e614249292d5e51c960bd3cdae32ccf60e6a9df0291c91ee810ba2282d6bdc7fdd8acee72532435d60f74018f59a5d2d3dbaae0215b8597

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.msi.tmp

MD5 b5aee842b53a909b7f64254d884362fb
SHA1 2ac5c568bd5ab93b77a91f55834199c59b68226d
SHA256 7a7491e7c1bd43071a36428ba019618ebe76fa0d3e124ec524fd94375701ade4
SHA512 d2832e0df21f0c38e1b3537b9eb6ee432c5edab24ff158d4ad7c743b8aeec81ffd383ff2944b9b2c56fb2bc1d52f92531da055663704c7a8d651d3e8517ae66f

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.msi.tmp

MD5 970a074c347ab1d4760e7efa05ec5475
SHA1 64e5ab04211fb3ecdcdef82da2e61a23563501bd
SHA256 a72bf9ec73839fefccb26d42f399a5f1ae1bc139654af26daa263a0ecf3d33e8
SHA512 41d9d2735cb3154beaecb24f0ba3d2c41cc955fbb5f4e7bc72f93d7ed1cdacdd42303a21da8d9e9b629dab8e1db93cefdf95852283150e32f03b87ca84b62a9f

C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.msi.tmp

MD5 ca8d5a97e1cad4b16aaecfe256752262
SHA1 2fc7d64869468e1379c69bf298b1416109190973
SHA256 d12616d08eb9137804516142f33ba04a99969374864214898107a8d81015d431
SHA512 d845b2d3e3af36244b97fb41309d3d6a2f5438bfd201a7e4ebd08eb3515b782c23b77966556fec75549162d9bc6db69aaeb796d4500ed95524c651c5fdaa33b0

C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab.tmp

MD5 dfb5b75912738b65ca62821b1ae2a112
SHA1 8844cfe2cd4ee3dfaca8654daaf68421435e385c
SHA256 985b93f10204eb6b3b39a57807ec37957390018a7552497534d98c94448b2032
SHA512 e7445b90412267c085db8af1ab66b03f125d9808c66e31dc40bf0a9ea9e382d9e02e397dcd0d34fd1abd0207a5ae975c94b3c66abd2c0503c6b17ee9e07bc436

C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab.tmp

MD5 85624e5ebcfbfa9050c762b7c3803acf
SHA1 aaa999b5a8ba414b28417ddafc578f65227c1778
SHA256 ef53fe13ce20bcdc88a3a4a8e713f9bf3a71d9b3a4ab616eef51b048e5a33833
SHA512 b951eda79bde407d425b4edb71daf66328b4287a9db33676c2b0ceac5fe1d382d65443b0f3154f4729537d541f132ae73df4acc5d1808d025333839393277fac

C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\Setup.xml.exe

MD5 083f8c05aabca32ca617863a6192d7fa
SHA1 17214a814e0747c0035f811f4a49d9c9b87f5f58
SHA256 a17c4610efc5cc58b14bb908addb5bcca1e7f98e45b68cbbe4a17a0a49b1860c
SHA512 49519df577f0c83b39b46650e9d46c0ab952a6ee68227c4c3c7d6f04cc9fb9b5887bcedc633530b5ec20b3e3596c356cad872de39083889bda13a4bf3f6af76f

C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordMUI.msi.exe

MD5 1862bee3bf054e25244194fc0989a68d
SHA1 bc4cb272b372132e4f5d00dc1639586e5cd363cb
SHA256 9c7deb3884686baf5cdffdc680f7c8f832106ab372a75f50fffc2d82e62f9548
SHA512 b47d39d1052779fa8460c7d8649c03cdfcd966d11a10e3316ed0b58f4497351ad484f4e8abb30ea9166741bfb9606cfff48234578740926ebe73dff138a405a7

C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordMUI.xml.exe

MD5 9cf9bd9c774ceb070c25f5bf0de22275
SHA1 b7c26e813c9e77625924cab1c2d822f905c9bb67
SHA256 562b3c4deccb6c4561afa90a84bf2451d03a35561a7612b01cd96977a45bd79c
SHA512 ddffa4feb5e1d666333698db8645899b4e063a4388f36a2554a6a9d2e6333a4c5a5e037216d3dcce5fca6d13307bac387eaa41ce6507ab16e712896baabdbc1e

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.cab.tmp

MD5 5e55b2b07fc26a75b43e6751992e07e6
SHA1 6159b236d0713fb9090a8dcd51ae44f5d61ab878
SHA256 b52ac5fc93b2db911ee22828da1649c2c2834d9803fcd275a7eb60d0fa0df68b
SHA512 892a17f1d84993af46085af220c96e22f3fe4b0aa4411e66133a653694a5923105852657cc371e8ea4ebe7422ded51fd0464adaea9cb7edbdfe9a1a20520c6c6

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.cab.tmp

MD5 1f49bad70b26904a15ceda295fc1e18b
SHA1 3685e29aa2edad35c2d18ceb9a0a48f2187c496c
SHA256 74ff4640f6603addc10cdec0b7542d8f23256e16268b037ef0e8260b074faf65
SHA512 35cb6909f3e0ba690665a3633e5a83df0761ae76997f371b816dbc06d28b66b8c28fc4c80be22b65effe7523eb75afe29b4a5b20a87dc2965462de0744fe34d9

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.cab.tmp

MD5 f7740ce2ab6d8d2382b8d600677feda1
SHA1 d30604af2f7422e312bd9349e1cbbafcb20b808a
SHA256 155adc47c69caea1a37314af40451c34d57824cf90a85309789c282cf83e3409
SHA512 2c24edeabe4b4ca58834a3d2c924273d53682d3a29b284e95ddb0245ba7b26e477e4a2c3474a7a21ba4e51fb278a5087caeb307fe2790b5fa0e97877542173ed

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proofing.msi.tmp

MD5 17f4844226067868c8fec7569f7151ef
SHA1 225dab1518ab55fbfb2b942a3c5dd98984fca915
SHA256 53594e3541ff4eeacfbcc89cae73a8679562c88c7fb7197135277ca4b306f369
SHA512 67615a6c1933fa744f6bbb6dc0492d20732016632ca81ebc073cb7d074fd620d81f69d6e148919ecc0946ad17bf29289c4388a1d6b074de11c20568dcd04357e

C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfLR.cab.tmp

MD5 ebea955ade1f5fabeab04f33df9331a4
SHA1 4e75ae6291ade4913794fec61c9744e1d53dc23c
SHA256 f817defe6468bea0c53d74a56dc44cd797a5a1cf282a726e604621f45f1b833c
SHA512 0f8f96980dad3dfb603743381dcf6bc6dd307a7fbf498dad972c900bf099495126eb753656421c8c07cfb50f112663cdd8086c549116670a7580d6b6b04a1630

C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfoPathMUI.msi.tmp

MD5 2f420e2c05a256baa8a7376979f12e38
SHA1 2c902c7237baf9283f98356f6a051af23e3a39a4
SHA256 23872499cfa4eec25e716736e53be222819d32bd56ed959b417149c2b23279d7
SHA512 4682bccd85917826be8eca1572d479c0f3bd0d4a1ef2968531e9e4577a02c92fea3fa86c555364298745a92ec037ec0ec6d52890987a684273ff3e07e7ce08f4

C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfoPathMUI.xml.tmp

MD5 6c8499fe26c8a25c526fde2449076c7e
SHA1 89e4fb8e988cee8bc5974b4818b50abeeafa15dc
SHA256 af3ee29d26fcdc5ff4b3746a406197f3114444dd5c3f4d1bb04512e374c4534e
SHA512 80590eec8064e02e977ad510f2807515234ca97ff5b66b948ab8e0de4c36316bf119144ee43bb9102514a76b4aa400400845782719d2c4548ec9c8f6e3516f7a

C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OneNoteMUI.msi.tmp

MD5 732486b48bcdc34862bc16f571df88b7
SHA1 97f1089fc0ce13e752713e63dbe754eb4e022535
SHA256 508629375f7345e7075a6e4d40a002010de681da9b21938a92106703e43f8be4
SHA512 ea3e510ff31af83d1b8bb219e7e4c8a567032b22a31d2d9cca348ecb3ed6be50f940f9f1d98abfcb3443314f3273cb8ac38c9b52c69c97599748b37a82130070

C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OnoteLR.cab.tmp

MD5 825308c0f4240bbe5647cea4e07b856c
SHA1 529ea6a8955f9101f893916edcbac78dce5e93c0
SHA256 cae0e838d397d48b348aad1524ae72923007b9c9927da5b527547d2b9f30774b
SHA512 db7f063f8f90ad619ca6e191194213fb13339618a7849c9eb9665f7909c4656b43401ddf331851f14246bfb0491863ac004625ac4c2c49ef8db2353269714cd7

C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OnoteLR.cab.tmp

MD5 3e72092e68dd2b6160a745fa2e77db6c
SHA1 e5da316cf2fbe2bf94f5be46e1694f85f4c2dfa5
SHA256 d4349ae913f1ff74fbe2ec1c15d8dea44d44049fab244334e9b8a5b4a6112d48
SHA512 67f4efeb9c6dccfb17aa96871aac698681af7888bd2cb85651a5bafe68114e4569fbf3196e8f7f9a6cc05a3ee1f65f5d1f3eb509c4a2f75f98268e2d1d202361

C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveLR.cab.tmp

MD5 16c6e39ceecc6317474fe51f99d2a21a
SHA1 d6d7f228835f451e397ac2e99cf49e9e5ca2436c
SHA256 f772d1bf119a1e96695aaffbc5071e0a956cb369e84526812b4de88163b33021
SHA512 597974a67608d08d33470ca6c8aee947d86c87a74685cfa14efec67023baf99a7ecea1fcfda05a9d38a2596f09aa205af4af5a7ebeb2aa39bf88afdbe9a1a2fb

C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveLR.cab.tmp

MD5 d51d257e348151c0682a0e8a6b4d685d
SHA1 bfec178f7b6f9d6d9ec318bc9306b3004fa138a2
SHA256 35b31b66863080fff5e0a0f068ae774de524d2b10fb1224fd1e05ef7642afafa
SHA512 d2a0d561912551b98cb80eff883173f6199a3cc647aa426d3c051428c9869fed37bd75d0aae8586665627499a620dd3a11e232f57ab8a290633eb56df73c65dc

C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveMUI.msi.tmp

MD5 8625bdcd5fa3513556e984210b542241
SHA1 b82a73e92c823f7e1a3bd2314c8598b5291add34
SHA256 0979190af3c5a0745219c60d57bd5cddcff7da786f1c6223ec4fff76bdb3a6c4
SHA512 e0a334952fc7a02af2068fd2bdb86dc86db7cc8c6f0fb78ead9c514f4af8b5d82ab840ec9caf10f89ddb49cbc21e0d766d4b386ec9ec08efa81a48be111b6d42

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\1033\dwintl20.dll.exe

MD5 17ffc8a8b965ade02c485ef69c3428a8
SHA1 5b0921c143d220f3b9d2ac252acf132b8590db47
SHA256 2218beff3d023163e9a06bbd5f4843e5a0385844cd883bc7026aa1d0c5b47960
SHA512 de66a61a0a84333222137d2f97e3598424f3ad967f9e79cecfa341560abf39e42c10a0f62cb16459602d62c84e96787744dcc099d3f2ec752720b62ed4c4b28c

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\branding.xml.tmp

MD5 0d7826d2b7dc13d5633b1606d013c707
SHA1 0205d369821e1d6dccaeabebef99b1217bd123e1
SHA256 a71fa9ee5f6a1ac1483fb6e8027d93d946ee65cf00cf556066384fe029fca844
SHA512 0b6fb07846c932b8feaa58d9fd670b0e2883f7a8e8ded90a6a54d1a64f1f1b14c83458185393f88216aaae435220544a36453246e1c1eec3c9b80dabbcbbf306

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\branding.xml.tmp

MD5 969dc29b66b31ddef65a4721c4f2b883
SHA1 338663de8db1ac8991fbdc7a59c97f73d16ac531
SHA256 df3ae015397160e940f87ea0a39b9ccf00aef1ec4b3df64d36d06c7052e3ac08
SHA512 93e73b80980464776cf35d37ea59ce9b7fa70bddaf48227ce804b58bcbc6a4d3ce5a28476fb0f5321adbfd347f1070be69ab7e1bb453a2aedfdfa1298f95ae37

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwdcw20.dll.tmp

MD5 abf857b8bcf92e275f4068a7637dd620
SHA1 ccc5a9ff31bfc6d5f1904a2b357c970f786aecdf
SHA256 ce0f97384de8396964d72999693d6df24c5228088102fde584ad624fe4afb1a1
SHA512 662c5887e6e188c317d6b1ff8ca6223003633cd214cfd780ecd962ef5e45ddd06bd7d39b541ce084f6a3c5e5d8aa90c7979845b2ffa4336ed14e2f6e64caea4d

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe.tmp

MD5 6538254c204c32fbae69642685c5544e
SHA1 dd16d9bb8469c3979f89e8a1fa29262f71cdd822
SHA256 4a699e8460e6949700284d78f19d7a6af123a1f5218a7a2bf0f5067facc3f79f
SHA512 ae4840a984ce1ec96b1bd3a3a51f88edb979dd0cda60a559619897a69cbbf73ff1d83fb8c07d710e92ee4bf742f1892d5d953a49fd65a3a9fe925b0d88b17002

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest.tmp

MD5 43d21cceb0d1e895473c3a1755c6cd3c
SHA1 7d99f4cb90e3ad20e2db74bb13256f87c16fb87c
SHA256 6ae29542e2e9c7398b503c8698706a57c94649ba8543b08d00f7bb617b1687c6
SHA512 bc0183c13ef6009f03ba25a5093db203cd5ac574f77485d75d998220a2ff80358fd32c77adb5638671a28586a789cc763f406b5b11262ea71f11581a2f5859b5

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\msvcr90.dll.tmp

MD5 17e297a3f99430afca41def21f9527bb
SHA1 6be3acdd06cc64d9300e8100ef2129e04ea14e29
SHA256 388d1e321ab392baeb967eb34d1478779ba994b5df2ec26a198a28dcbd374260
SHA512 16251099290bca63705d757fa660baf277516805311ef8afe412f6169cf875b591f9ea2723bbe1644dd9f58e2d9142bc5c977847654d229960ee88b8c99adba8

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\msvcr90.dll.tmp

MD5 4c16a68364d9151b94929bf4c63412af
SHA1 8329f2340909e49a7e755e44cf328b65e3be3f9a
SHA256 662dd22dadab03806bacd37f0cd5d95099123093b47db3c8bd2fa405cffb7b92
SHA512 46a5531a7e597bb690c3ab5aa2fb450e64613cd1f3a0cf570adc2ad5ed6914b96a1936f6081b5e91031745de452ee06dc3b9eca5b8f2f868d80f7baadae7836a

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeLR.cab.tmp

MD5 0a23e026865fec9ea45ba39bc821506f
SHA1 875c7bb7bbf6e75c240fd7444b8b1383566d904f
SHA256 4a0e155b016a08b236f73df487893c9e5ecd829d3c9589091ef5853008486617
SHA512 c6fb612e1406b4e4db6241d2c8bb4043fb744aba9003f4471f1dc09b52f81f91ae567d753935b79e2f0a408a637f9382130b740c439b07066b8c60c32ef1b3ed

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.msi.tmp

MD5 e43b0cc50acbdb1f381c7a8bd15611c6
SHA1 e72b6ce30bfb28c720dbaafe0a8b06c09eaa7504
SHA256 85c98c3d9105c98f38b660f75569c30bed73038d7e6342861f064598794af1b2
SHA512 a15f14e1595d145bafb992c5df7b7bc9afe286d89afe406ce725c5cb04bb88a571a9f9b24331fa6ae057c4a67b2f5c1782a0a19290b08135b382fbe909415355

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.msi.tmp

MD5 ce5866a7301f154225250b25af81cffc
SHA1 f9244453590047fef55165787f35987dc80ce05e
SHA256 0e82c39139bfca8855051c5301a69116aeb742cb0e6babd570b1d52327c067d4
SHA512 1ad42d391772a0eac2b1460fe6006bf7ac28c1b6f493d5bf1f841fae9e0ea079677bb9d58ac162b1bdc3481b8658a1ca6b04cf2c17be0a115c32a9940b79407b

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUISet.msi.tmp

MD5 4a5e862fc4764f20da93cdd4aada1ab7
SHA1 5ccc5c107af0699f4903696c9f87b70b3f784cae
SHA256 cc8c4e8ba5eb399c207f96b9dfd56951e662e4ead1aecb40d5c1227f6cd03574
SHA512 a48aa56f9e454c6d9d7b269d735b144c3fd7d50274518634fc16ac1905451826a11b3193893c81b2e3766cb5e0d61abac28de0be1b973578ea6981cbbf810b98

C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUI.msi.tmp

MD5 e2b6373be1b7e1abb02634933c54aefe
SHA1 0b1f1fbffc4e2a5bfb0eb2a2dd18cfae24621a1b
SHA256 0608da9d29537aa9d1c18b253753822b1cf8bd5b2531e3fb3ecaa06acc0870ed
SHA512 cc8516952fbe83c0b0dd93f4b50984119179bc94f71d97f353da3864025d3bfe092921f83c54419b3058544f8618c1b06015a39d3042caa89aa16779a25156ce

C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUI.msi.tmp

MD5 e7d31103e60f8e414df2c618d9107f8e
SHA1 530e93753f62be79fe0940b1aab37d7640117420
SHA256 7fb3d9697b973c98b3e81a4e6c59f99e649f4e3d651c01f3cf3f063017e66017
SHA512 af001b08e972a0b8086cfe84aac44eecb1672ec926808ce9bbe418571b88b64375021b1d024bff474e1a3e43a72365c4d3a2af94aa2e07066a92f343275b46e4

C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUISet.msi.tmp

MD5 111d5e0ff6819f4bb685581c2361d881
SHA1 f656b4f0c8df18cd68a16806d2b1d0bbafd9a011
SHA256 3537662f285ab436ea76a49bbd12ac0c6dcb65f74b4773f296bd0a08f9f129b3
SHA512 29158dea48a627f9b844caf3e3ecfe212652235ff4df96128305b727dba251bfa5a0636dfac9a73d266cc456ec4b78d92bdc887f016eb699d1217428f11dc8b6

C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUI.xml.tmp

MD5 94cf827b77d8a58f0892b6373c3dd601
SHA1 574d57aa13f4a008d4803a28c233f3271fa5d1c0
SHA256 580c9bbe8995a078b1e4b513721fb4232c9022b2024cb5d36abb579c4b87b71d
SHA512 a58a3af05e6e5c082dd52129a5c0245bec73576e4dccab27b98247c4277b98c4185915bc2fe0af80d2584eb40db13a9e0d2044aa9897a604387f5eca0717a4a9

C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\OWOW64LR.cab.tmp

MD5 0938bb21593014425accebb458b61ea1
SHA1 4658ecf40788560dbf44641d7773cb529c43403b
SHA256 61922da5735686178e54857384d3113a289a542c7345978abcf05c51eb46a400
SHA512 27b55ea6df3b758120e0a50e4287422d14e0f8c8a6167cb5489bdcf40c0ef536e3d677eeabed72fd6cc1097cf70f267c028ee6157a263a7f16910ba00d2d8b1a

C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi.tmp

MD5 e79ceffedca13591fb6a821aca117280
SHA1 5db0c7bf04e8c943466ce3bc35ae299111d3a120
SHA256 dc0807002a7288135832a5873aae810e15144247ec761f99d6b90397e4bb047a
SHA512 88bbde54a091d4974c830d729f88515c2c31527b94210839a8bcee1c745d00b9569d6a4b48a2a489a0a8c31ed8515f8caf221181f605bb01b249d2a6006ceee0

C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\AccLR.cab.tmp

MD5 8d8cc416bab4346fc26a6afe99131df0
SHA1 e4227a04e0247bcb0bbed0a5aa09d0206ff20117
SHA256 bece60a56e5b4135d6e70ec74cf59395579e61cc0d1f661ab4ef47049aa2342e
SHA512 391d924fcbaa59ecfbbdb53fc545f5109475b5fec4d37960e012d6ab0a072e44cd69c43f55ded84615b7bc9124c1d9299dcf7bedfcab0e6457e57ad6fd4bb6f6

C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\AccLR.cab.tmp

MD5 855053ffab09f98321288571a72116c2
SHA1 bab572839685cbf60ac57c342604659f7e7ad938
SHA256 f5e8e9e831a22d2c3a77f0f1a632761b0544f7cf45e92270621f12f736290e9f
SHA512 22b28e3a538b4c19fc5fa4c5602751436e3ee938e1f3a1dfb615bff4434dd7603333c47dd5f89bb519fe9c464d2c568c0b5ecbe15d7a23f819fcffaafd7b870d

C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\branding.xml.tmp

MD5 063f73147af0328bcbee6587f6045264
SHA1 c46efb323dee03f2a92e2b734794199241f7f194
SHA256 12faec8b043a0e7c9b1a648935ca820fdb4324a588f7b77e2daa57d249fab1a6
SHA512 3766669eddb942278ab2d67f50b704ac65dcd7f17033f3a26cff11b890d8d0a53b2515ece24c4b31016d7f2fc0afee77323c74ac66724ab29ae7ce36c2433228

C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\AccessMUISet.msi.tmp

MD5 74bb866d11ac7ad8e38072abe0d248f6
SHA1 7ac29da82a26b4b7c83364c327e12251c7938b56
SHA256 8c651b9b6baeef585f99d4afe6902957681ed41ea6049a9ddbf9fe0ec0374b19
SHA512 4df3fbf07a2d4dd6f91d837685d140032aec84b15fed9debeb885f0a402a9508122e71a124129d8c34cf26dc5d5e77d2be24753ac30e9d95bab31de13819012b

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 b3b24d3cdb1b93dbc19460b8208d1687
SHA1 94cc3045893573c35638f3e73aeee1dab648f023
SHA256 ecebca70dc4ab06dc2fc8d896c7e4aa73247fbf45409e8b1b6e86026c05e6ccc
SHA512 edd918b869f8ac9fb6dc8f55a4460baf02bb88bf7c15f7f74b99ff0ad02ddb55f743d4701214ebb78b971e69f50605dcdf4b42b1b9bdee3e204fa55980db4d21

C:\Program Files\7-Zip\7z.dll.tmp

MD5 1a07562cf0122f9bc8959032a1077142
SHA1 9141d6e77dbcc99bc26e8db421d916ee707f6140
SHA256 85a0b37ae8f720dc8d0ed4f48dee9ac9ad486dd18c1f25c6cf45f303735f724f
SHA512 3b4903775685f08721db47a4479d6aca3ea7815fc723a308c9d2bd3ad42a53d2d3af6575bda150472a9495e3195d33ac2b2855af907d09cf7901af9477b4e5f5

C:\Program Files\7-Zip\7z.exe.tmp

MD5 7b7f43b9145773874080c06914afa6a4
SHA1 004f7218a4ab6675af33545bc7d00d03199b410a
SHA256 322586b5a8e65522215d4e2f3f8b80adc34c92f6bbb910c94f8acb95d538b026
SHA512 eaf98146aac8447b2a9e1d432e211fdd683b5e2a8bd5ff8f961947ec3c3f7be98ec4a7664f7b211ea3dfadaa6654e49a5b903dcdb22ef5052086eb3263e948a4

C:\Program Files\7-Zip\7z.exe.tmp

MD5 ec6670cbbdc019053802a4a87c1012de
SHA1 120206e9317dd37c9c9f5c8bf5e65c2b94063d62
SHA256 4b8b1eae336b5ef93ab60441aa66c1aec7204fe1d3296025d3435499c8e63bf9
SHA512 756c57885606854e6df2b787e6816723d8cabc677c9a0f95050762620905fbb573d178f37b9847a649389de4adaf1b280e292351983348e4d11c7e0a1fdde933

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay.tmp

MD5 56181f4b5e95da5d3cebd748cc4d3349
SHA1 0a16afbdd099af55949288bf347464b4b872909c
SHA256 1b71d4fa13e9f0ffd634657d7a8248e69befff659d2cb3ba986827b4877b3af6
SHA512 ca7d3ce041cce3350e3f66be87d40bf0fde9be917468fe9d5b38c95dc8cc4b2d7c96e54ad51be3c8fc3902db72c2c65c71737cd6aad6330dd6fa3ec95ad33bd0

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 23:56

Reported

2024-11-13 23:59

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

140s

Command Line

"C:\Users\Admin\AppData\Local\Temp\856516b7d0505ed07e40212f990cae7c9153743d40b3c5d0e2d3d5b358fb2a32.exe"

Signatures

Renames multiple (4776) files with added filename extension

ransomware

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
N/A N/A C:\Windows\SysWOW64\Zombie.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\856516b7d0505ed07e40212f990cae7c9153743d40b3c5d0e2d3d5b358fb2a32.exe N/A
File opened for modification C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\856516b7d0505ed07e40212f990cae7c9153743d40b3c5d0e2d3d5b358fb2a32.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\vcruntime140_1.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-pl.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSSRINTL.DLL.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\Library\EUROTOOL.XLAM.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jp2native.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\xmlresolver.md.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_K_COL.HXK.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationProvider.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mfc140u.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ul-oob.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\BIBFORM.XML.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONENGINE.DLL.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.DriveInfo.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationNative_cor3.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\optimization_guide_internal.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ssvagent.exe.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Inset.eftx.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\lcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyDrop32x32.gif.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-pl.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\OFFICE.DLL.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\zlibwapi.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Json.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\unpack.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.VisualC.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Handles.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONGRAPHICS.DLL.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\7-Zip\Lang\ko.txt.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-oob.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Pkcs.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemData.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngcc.md.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-oob.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libcrypto-1_1-x64.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\hostpolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\FUNCRES.XLAM.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Debug.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ppd.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXT.tmp C:\Windows\SysWOW64\Zombie.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\856516b7d0505ed07e40212f990cae7c9153743d40b3c5d0e2d3d5b358fb2a32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Zombie.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\856516b7d0505ed07e40212f990cae7c9153743d40b3c5d0e2d3d5b358fb2a32.exe

"C:\Users\Admin\AppData\Local\Temp\856516b7d0505ed07e40212f990cae7c9153743d40b3c5d0e2d3d5b358fb2a32.exe"

C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe

"_Configure Java.lnk.exe"

C:\Windows\SysWOW64\Zombie.exe

"C:\Windows\system32\Zombie.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

memory/1472-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Windows\SysWOW64\Zombie.exe

MD5 7d2c218eda09d342b62b0c5543e40f93
SHA1 03b47c8fb28c6ffa854bd30d2ff3ababafa4da43
SHA256 ca38c878833b91033bb5d3c70ddb0e7fc452ee6abf0cdf86b5b174d8136a04ba
SHA512 fb94f490c3c8c4fcf7f7a760c0d080edbbfa812029faac3eaff740f1ec1315fe3b8649ab8f04b58fa7ea212a56e924d4172453f50f8d9a7c9bb89c790bb0dbab

C:\Users\Admin\AppData\Local\Temp\_Configure Java.lnk.exe

MD5 ea3655362a50a03ab224bb8199e577ed
SHA1 cd00afb51707b5083d60e71d2ad58091cdb3788b
SHA256 9deb47e424174635040b2101208e3d42eb81ce700c0cce2e355e1819401e80c5
SHA512 da5e03c60bc48996e9f6a253e9f16ecfe7277d656c326d976e858f820e9ed26e422f2e740f958cc2bf87798cf37bd3af1996483f061f8a921e931aead9231505

memory/4220-14-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-940901362-3608833189-1915618603-1000\desktop.ini.tmp

MD5 ebcda252e62e1f925ed3137ffb64eae0
SHA1 a5a6067c42360f41e507882c61d23ad00ae88d74
SHA256 9033e55404c996d09d94aa0b65eed405fc05790c4be9079bf0412c5cd3ada941
SHA512 3da46ca6234178d3ea3e50784c8ea8737cc91e46a5786e1318ded810335ed6d78671cf9939f3ccb9a6a17d61b07d62ecfe2179899e38ecb371451afc28daefb2

C:\$Recycle.Bin\S-1-5-21-940901362-3608833189-1915618603-1000\desktop.ini.exe.tmp

MD5 249878ebfdf3ab6468a3bce6c7cf6a58
SHA1 0aa3306429f51abd1f9e5de58264d4f5ec58f675
SHA256 66e284844f18b441cf041c9fc4f9a8ace0c839be1f2b5ee7f2e4709df6b040a4
SHA512 442c4f673404b9cd9a123b48e7c8ed984b164c7f08a74f9aa416616767074dcbf1f5e17013279e6f09cd43c865e98be95965e8db5b6cff9be11fb52dade2944c

C:\Program Files\7-Zip\7-zip.chm.exe

MD5 48a08ed4d985e19d6795b12e282d09f8
SHA1 9c42d17afec366d55c321e80d32c345cff875322
SHA256 f6b9869fb875a44a844ac8c524a5f611bdc7a1712e8174f7ccae7cf50cd84d2d
SHA512 6f7a9a9e834e6630b7f53b648c7005154784b24b5fff33fe9bd765ed78419181fb795f3e979f5f303ede241ae61cd7940438e3fd761bcd2e376c73bb291f0ebc

C:\Program Files\7-Zip\7-zip.dll.exe

MD5 75a25cb5f0d3804bc5d15f83bbcc4b83
SHA1 0c0ce6c99152d24cd59824d9ae5442ab89cd9e1e
SHA256 40ba0efba28cf8a808d80a23f2404c9d2c2410ffc72072709938493bc22d6e06
SHA512 b79ccf288d37bebd8d267316685ce6fa217b8bcf72be5f25d8afe98ee2ce4466c4b78968d52ecbf30153f7cd1498f0d102b9655fbc4e41b7fbb7244933f7381f

C:\Program Files\7-Zip\7z.dll.tmp

MD5 ee5d8a2c224b8d517546fb0b189c9456
SHA1 dd988cfd7c76934f62fd7f33cd6d1ecb1ec5a57f
SHA256 85ef0d7da9efb8a1a6ca1a229b9c5774266ef226ad6f9e06757d4fcff88707bc
SHA512 5f4cf0b4c2fe5b4594f5a66de46b4f40927cccb264bd1480da59405611dd92222df6288678f22b2ba0ee0492800aeeb071cfa79f8921f91bea5751cc8f987091

C:\Program Files\7-Zip\7-zip32.dll.exe

MD5 3c73d0280f525f74d9c8fb2a5c2397f0
SHA1 754070ff6d625e62dd244d6e3303ca0b96ca9ddd
SHA256 fa16db8885ee14f6d5ba555d09434bc18348f91211331fa91867011b429b7b02
SHA512 7c9fe53ef4c10a5f8e8d14d4bc77ccf86b3a3a647a43edf7a52391bcba9f1b59618fbdc952e439aacca97f7230104d616ad60ce23a1653ff2608d7e05f489ff7

C:\Program Files\7-Zip\7z.dll.tmp

MD5 abbe1c459d86241dd832325c4a144e7a
SHA1 18eda6d233c0e9422df1047f3dd1b00bad1575b7
SHA256 a47b6597ecf2813ae9f1958dabe808b6394566a51d0e7aab084dd41b8e097443
SHA512 233938e5a5705bdd40411228b53101a3fcc46df29678c1dbcf1773baaf7a6f6dfaf85a71ae1fa5761923e3baad0aacaa60692621df7e333281745047c8377a41

C:\Program Files\7-Zip\7z.exe

MD5 16feba7043b3f6c51ffa6ddc1a8f5822
SHA1 c48af8af3d605d78b600a1ee93e4fe2b749aaa95
SHA256 e6239f32c3cea797fee2250c330226ffe539616a75b13677f8357d0df0de1875
SHA512 cbbe1a6785328b6eb6c0de1c0fbb84828c27899eb6aa089db335ce2e2a0fdaf084fde61c687d4fff6a5f1c98901b0d8d7e104e86b0e324081a4e146897542e59

C:\Program Files\7-Zip\7zFM.exe.tmp

MD5 922e75557b48b7cf54bc368393ce9de3
SHA1 8b970e1d0b24a41581375dec8a4e814b5550af7b
SHA256 106034ff0b0f3a44f9b805be56fb1a8c5eb0124647adafc08b26539a40df0b99
SHA512 cde9c74e3eed57daf851deb76f6929443027a8ed27f2d3c6c275aefe60367e493ac775ede3cd2c01e272bc616dcfb9eea9d82f61cdb8040d2fb35e840d3f3dd0

C:\Program Files\7-Zip\7zG.exe

MD5 104b7f16dcc2d6c85ad684b7311b8d3c
SHA1 26f794f8723e4504437756b6a7298244d014630b
SHA256 6ad9f7530f2526fd10c0fde2fdea9e10eec1e531fbcf5369c14aa5d82071db56
SHA512 fc3e723cac1c995d59dda2a1d19b15af31aeadf0da81eda2ad9d831484d8dd09e6db484f84846f34883d5198ef5e9ada64ff7677edbc8a71fcaab46dc4083a7a

C:\Program Files\7-Zip\Lang\af.txt.exe

MD5 8c6da6a61ce5ab8506ee9f77c03f0a67
SHA1 5b0d7e73f467ff99eaf7c84fb22790f09468b7b8
SHA256 1b453441508a923360f86af0572ea4898aeab2d38e3090369ab51e1d2ed33719
SHA512 e57366a9fe25a759349f13b71c70255296f4f33aad5aad0144a2d4e8c10d3a59b38d5a62445f4dc20e7db9b7fe99cc5cd8aa2c7dc6b3bcf8515fd353dc0e08da

C:\Program Files\7-Zip\Lang\an.txt.exe

MD5 42b39734fe04c96faa18a3c38e4e2238
SHA1 d6117f95710cf2f60dc8c293284973d366545e15
SHA256 f59f6ae387892bdab677f9534d27795fb45f6578c785155099c2607ebfe0d442
SHA512 06f39f06adb4976119f6152f64924d733c6f3ec2866c9d6c2725a3694be73ea9ba5043b3482c41ff4ba5fca61bbd3d029c165af8f4adbe85ee2ba1dafe625f02

C:\Program Files\7-Zip\Lang\ar.txt.exe

MD5 357bf04b651a226558a3379a55dba05e
SHA1 475473783be6df0e140e0302ec8a9d371ad7c9e1
SHA256 4652789f30282e484102adabb7ada38d46cf4b49dfe0bc521ca91c737552b71a
SHA512 5c71ead7f9ced4bb6a2d46d8eaebe3c26fd9ebd19615260819f9bbb9090cd0b2adac68224af0e53765ba56fe024731ca0d078f19948782c4b390cdb4b67a178c

C:\Program Files\7-Zip\Lang\ast.txt.exe

MD5 3a69218bcc7d36110bced128996b8450
SHA1 3a4e7d7325f874ffd653fdbba45cfd7e4d38065f
SHA256 ede82776b1c7eb1d8da50efa20097d769eda7faf73f2c4cba93abfa00856d156
SHA512 00b1b631d0f2743f9961206e6c7b69ae20d8c41b3349f343bb023f092357c233e0d663d12820b5d06d4d32dc7d0212dbaa8e49eda606e62c39c8869720d1b82c

C:\Program Files\7-Zip\Lang\az.txt.exe

MD5 3253a298cfc806e25f80961a1bf33f72
SHA1 0c889b1f2fb9af330082addb24db6af3efb1097c
SHA256 e2a8f2e3fd213a50b4c3356aab048760452f48ef80a087f418448232939ce2f1
SHA512 25ae0f6a469ee7ab977b818397b7b1ccb0d591869505dc7287d5a77b029809ea199ae169e464a1d4d00ac25e5c9ffcf05c7134cb64386e0a2206e2879513be02

C:\Program Files\7-Zip\Lang\ba.txt.exe

MD5 822837416773ba811cbc9aca637d6d33
SHA1 0492c62e723e9ba9fb7e9659deb6ecd563f9ce2b
SHA256 3a5f18911691aa032a33a2d9b891e8111a5eadfec65885000168d0bb98293caa
SHA512 6bd9695d45197a0912377545745fddd2613d98e0aa86d7cada6a0a62b9590a226f69faa4ce9ab579373fe7a01d61be0cfaa312d2bdecf8691b6acc583b35ba96

C:\Program Files\7-Zip\Lang\et.txt.tmp

MD5 833ed07678c4dcdc080a9c61a810c4bd
SHA1 eb2b0c89514aedee60252dd47f43afa045ac9da3
SHA256 4a5999de5959dd3d55b5e306e6d323152e306a940b5638b3fc3a61a7e6483e1d
SHA512 47c3d33ae198ce6726b706ad40e0cd2873a4cc3e5cc3682240ca11a7abf26832206cf57441dd273af6239910a3d0c40b48562de9f3ea4a111c94c71def9dc893

C:\Program Files\7-Zip\Lang\eu.txt.tmp

MD5 c3a60f3a9c8a4a34490a80d33c0ffcd2
SHA1 01ab1a20abd13f86360c6a76f9184fc85b50d2e6
SHA256 36bfc22a74a7c92284b837ba2fd52011991b7347692735d233da13762b821271
SHA512 c647d89dd6e1d2ab3d1edd23802888187ce8956329d23e0f36397d052466ef1307d368e52a5e30fb9b354e038a0300b643fcb3e5a58fe6db1833e7504368ec6e

C:\Program Files\7-Zip\Lang\fa.txt.tmp

MD5 79968a17d7df7596abb3eb9f12c6e2da
SHA1 05fa5103e70abf539af9bef6475ca864021a5b5a
SHA256 aa2047e0c0ea62df2530e053b7c1c4b2d04962d2a5f2883324f13816fdd97dfb
SHA512 e1004536e89f0ce1b9ebd31bcb2507806908788ed78c25620d80fdce756a82d2af19cadae25b40da34b565eed205afd59c9707a22a827f1855848b0a08b2da13

C:\Program Files\7-Zip\Lang\fr.txt.tmp

MD5 e8147f1ac5e91b524ea335a3bd24f9f4
SHA1 2dcdd100ade126f6fe835f3b000b5b0c3705e5d1
SHA256 05651305ffb223c062ea6ed008797b0c0809d1410353c17419c5a8fcb88771d4
SHA512 216ce6d9083e6b16ee1130533047482f98ad2720835889f725d0d5a0101f479dc20bd68e417f2ccd4404a079a5c0819098111eb63c23127d1dd01860ce2eae67

C:\Program Files\7-Zip\Lang\fur.txt.tmp

MD5 36992215f7decc6953cb7c269de05a14
SHA1 e1511d0c3509b0b06d54426060218d1a3c97ab8b
SHA256 7b474eb42265c8cb1b9c1abe2e51347d8e0bb29b62ae639f8087560a084b030b
SHA512 d002f7b1fcb558dd78c5778d56018e5ec05e7556e9318e68a6a745dfde7bea23f3d72fac5a075f032a6b1f3a1a0741dec11dff7d498bf30bc10876fe4eab787a

C:\Program Files\7-Zip\Lang\gl.txt.tmp

MD5 c754799d0c54f38fa4c25971d118e090
SHA1 587575925cc319c024c3981083896c603a2bb254
SHA256 6fde1e49e29e294d49280fc6c607b073f68c975c1f07e4716a97e02d423a168c
SHA512 42caaca8b9fc9a88abd9b94cbc1b47b9cb37a1fa484aa04ac6db03d31f51a927d5dd9ef5cfefb87acabfded6dc3ba788b6e7e7bec4e4cf7eaf2ea8080efe2100

C:\Program Files\7-Zip\Lang\gu.txt.tmp

MD5 0949d9d89af53979bd00cb389cd37517
SHA1 5ad000d2c55290c3423219206a42e7746ac2330d
SHA256 8c4958470307ca6184a544f84d10bb327efcb0f9becc5222d03caa48d60bc813
SHA512 1e91584e3889ff300fc65678c62f6003d443dda0109d728de868b4f1818984438179209dbaad653652cda588c37bfaaaabe8f11fb53e6f1093a04961bb60897b

C:\Program Files\7-Zip\Lang\hi.txt.tmp

MD5 e5c7b47c73692cca9d07e57d29a9460b
SHA1 c2ff60b7c4207a9e4b617dd5fa4cb99a591e0d02
SHA256 b62a8f0f7aea53330c8beb60e305d6ebddddaf27cb020f6b16c63609f58a801b
SHA512 4728bfcc5e78bca88cf3e24ff8ea8cb405e4c95262976fadcd3eeed8b36f1e81d1b6766feee8bd742baea95f7d53ef7e91cb9ab5f44a5a8cfc3fe072afb1791a

C:\Program Files\7-Zip\Lang\hu.txt.tmp

MD5 1321302fe95194d06d988354533f581a
SHA1 17cebfc4d6448aa6f652d31780f115e1718f0040
SHA256 a42925cfa4e9411ade1217a00e3e1c3808752cc65940707657650c7945c7d50e
SHA512 cb36f0ed9e91f86dcce605d4e30d05eba36b8c37b7d16a2083667be99563b251b02297322c5520f8aa589ad0f04a3340cf3fff7745a01faadb928981554de123

C:\Program Files\7-Zip\Lang\hy.txt.tmp

MD5 8c7274872cd2b1b0b50dd9aad4fb227b
SHA1 5904fe25b08d0552e2b14036cd9883d583b542f4
SHA256 cccd33810519e9f3d1eebd0a2d85a64b2c0de1c452f0bca6a7dc9c9faad05412
SHA512 1cd4ea9e468d680a7fc22e2be0d8e3541cd935ae6a5f5f5472ba6fc7677923b360adbb5ddb9cf6f14d566c6c1a4e5d5f569b6b6d3a5db1126c3bdacc931ad8d0

C:\Program Files\7-Zip\Lang\is.txt.tmp

MD5 275032c169bee37681855dc5a6e22e25
SHA1 7e6183f09d377fbca68f6ea31dd5f2e73dec14ed
SHA256 4f4c2ba262f897824316dfd0095dba0052c53f51e6dc6977352b4493348e9d71
SHA512 72be7e2d951e6eb8bd9662f67e2f884fb19a9372b42b0ef44e0cd6588ff8b00f418503dd4e6d41373a1eed025f497bc806e8f04a2e8ede95953c30b6d3104c29

C:\Program Files\7-Zip\Lang\ja.txt.tmp

MD5 1cee4387c9b031eb0d95cb68bdd46efc
SHA1 ae5531ef3430669ca7cb63d08742caa467c0121d
SHA256 515d3e6c39438b706acb755a6ce6de97ab8607e43fae40c428a089600f0d1712
SHA512 07a98fa6c2686a14a8489c9cfa89d0f3ab7e196419876ccd0b2893b92aa84648361ca3b605b8c90ea1a5553f85a4a3ac151e27ce4e2d3c3c0f5238b068131126

C:\Program Files\7-Zip\Lang\ka.txt.tmp

MD5 c5fddde61dea63c984164872b48ed846
SHA1 13ef24d5ec7f6c0fd6d7fb80f874a59c43d992e8
SHA256 d1a4f956f5d81ff9f35d25b2b06142cbb38ff149efafe059ca257d1eea2a95f0
SHA512 5ddefe603cbc2db8201ea7754b0a42b644b6db742204ceae9b5eb7a9996aa7ecb02da68271e708fa773787be545406d6243c6b4daa5ee37f0f39ed813a79f415

C:\Program Files\7-Zip\Lang\kaa.txt.tmp

MD5 1401ce67491618c43e1f4cb08375b52b
SHA1 dd705ee586f847d2f898202aac29e603b519c09e
SHA256 1c4eee73314accbc6bfc894062eadc0615c562ca57b070fc12a847e938f0b824
SHA512 990bdc3ba8b2248620da312a50043d15b3f7b3a61cc73ea9f2275450e0c484fd1c21fc3d1fe79b4bab5787f7d584d4ee6ec23a3c249d16a0a064996d544f5787

C:\Program Files\7-Zip\Lang\kab.txt.tmp

MD5 1d95ac094f21b4008066a1b395c80206
SHA1 1cbcfcab61b4b6a44adbbc44698a47c5f2ec9e3b
SHA256 d441b337a035ffc759d36f5fc5b86427ca8d2324f4d99af7436250073c28be24
SHA512 977072be11cf8d1b8dbd94709b0800e6362cf93d93ab0e56d769df791c12bf1fb2e20f46569d85d91903283d6426aad6d9a23755b0c6164b13cf5957e454c35b

C:\Program Files\7-Zip\Lang\ko.txt.tmp

MD5 f0027b6d9ad5766614a31e69fa981ea9
SHA1 f6a4c98c2d37e2298eda07840a18a3bbb57fb6b4
SHA256 d50378a4de4aa9bf1dc271b013ddd2baed94b20ac429ca3968856bbc889f569c
SHA512 c024bfaf81317bcb27fef4b725220a653ecb8816119bc1bf6458bcc826e3e65e4e8e70b9bc00296ef86d5489118dd8a0ef3f50f062b4ad15945c967fa2acbd16

C:\Program Files\7-Zip\Lang\ku.txt.tmp

MD5 70aa6381944354ae9d6d276ad20ebb83
SHA1 e117863ef0fa5002632142bd4ca2773571c289c7
SHA256 74af76569b8299eaaf4dd975206ae356e4da59cdc2b671d9de63b6dd0fa34d5f
SHA512 f28e073a9413c9177f5d1581480d0ba17f2ac2719432b028310f4b7838db0842453b3656eca3113b61cdbcb3d1187e6dc3e71de2db1f6e1aa5c6c6a2546b265a

C:\Program Files\7-Zip\Lang\ky.txt.tmp

MD5 5560f4582cc39e71c082531247dcd691
SHA1 ac4f803ae93b55fabe808a0d6b87fcf63d1ace68
SHA256 67d26913d20353f1dcd443fef49607ecd96495efc730f2d866be282baa9634c2
SHA512 5ec61f955088f7b6554af62d77ed89fa3fcb4c52fef93cf27a08b7305582645d2d86d89e1614e1b5186a636e3527383863c6af276d5bfbfdb7edbd3f91728254

C:\Program Files\7-Zip\Lang\lij.txt.tmp

MD5 f87a2a70ae70c757194619c67e1044db
SHA1 293c659d82859f91c8c13c478152205d8a7ce997
SHA256 9adb71452658eee1ee2e9e399e7abd6805fac3aaa2832f1d0b131b7593dd0147
SHA512 7cae9b2dd10f164b1c47370825e1fff7a541f99d0dacdb6dc9e3f6b13ed70d259b1001628dd64252c8da8021d913ccf2a95097a9bdcadddb60e7edf4ca45519e

C:\Program Files\7-Zip\Lang\lt.txt.tmp

MD5 dc4010d6349d25fce71265981010ae1a
SHA1 dd5add83c4e08986ba5e6dc6183e965acb20d884
SHA256 57097a1b03f4637ccfb4b8a000f9bc98b0576857718710795f4d2503aea6df16
SHA512 a1b6c208432c662d49a9f0a20536f62634a0e7ec7c5f679f507430980452c20d15ea29bc308684b62592406d56f8846d20ac19a7764b8e4b6707594372d691c5

C:\Program Files\7-Zip\Lang\lv.txt.tmp

MD5 8c3c6d9caa9088d92b32c31c90128348
SHA1 ef3a13380b423775849de3fa32523a4c1b747b33
SHA256 93856fac42767c02b4822778047546fad06d3cc99d23a2a90a8064eeca76e039
SHA512 3850954aa3a606829468daede2d749d0f06f2d3054879115fc0c1e21359b10b805a6babfee51939e7a040bc708eda44553d1bba9f3b6670dbb662e4846fc2b63

C:\Program Files\7-Zip\Lang\mn.txt.tmp

MD5 77607369ba668fa659d1f0c17afee8fc
SHA1 47bbcbf6ffe59b7dbc1e43812c10eb90ad11b62c
SHA256 ae9b7b1d3521122960501b5625b0cac0bd89db55967555f97c13c2845397778e
SHA512 be2f2592f719e39eeb0cdaae465b9fd3170f9d8234870387ee44b8d9795d17b8580371cf80cd24e1a9daff1b90e3213e51e97370b444a3c472b16b2569b255e7

C:\Program Files\7-Zip\Lang\mng.txt.tmp

MD5 6d35806db1c6f7d90e5d53ee84648115
SHA1 ee6ad1d4d27f7945b8272083e03dd0518057684a
SHA256 47a18d69d5ff3082808b048c3004beb5ec5f1513bb78f42687b59465b78ec58d
SHA512 003a8b3bce2c81603401b8cee84b335f7bb6ea3820de07e2ced805f332c2735db14635af9429917da552ce6e8f3bad3ea14900166b20caacf9dc836a0473f10c

C:\Program Files\7-Zip\Lang\mng2.txt.tmp

MD5 01d226660fa6feeb367b4d0b99c2942e
SHA1 968f35b81eca2180eb0ce2cccf311484d3125758
SHA256 8c3a1f711697e2a93dd289a7476c69fbe96ab51e3dd0d83d17b9805e392e8298
SHA512 97ad212973ab64930b8741e60f3b95eeb9a9299bff112842a386b0d44627d600df2caf168594209f821904c86091bb1bdac70c89cf0df177bb9d3b3371f9896c

C:\Program Files\7-Zip\Lang\nb.txt.tmp

MD5 cee9ab0b8c1b9d4d8d42bb11b1eca644
SHA1 3d73d5ada080f64b43197a77a7cbd583972dbcdd
SHA256 6f68806fbdaa56b3d26fb852f61bfd8595a6ab6a2b1eb7e3c6c3f099f75aafee
SHA512 336fc62ba32d738756cff2ce5b1ce4061bec0be7c72b3a03c08f48b0485e5264caa98584bb437bfa9b97e3875e606e99e025bb6db878d8d9d5382e0c2ad46c5f

C:\Program Files\7-Zip\Lang\ne.txt.tmp

MD5 d907cca07919cab48e6e0ccded635a01
SHA1 a80912ec94c0e13120d77721d2a64c87ea0412c3
SHA256 c9ff09684075ef6cd80395df05c94b0a2229ae3c54e9ceeb3faa30e1d6ba2273
SHA512 b51b5a1412a6b956bce6ab14e4f847925106798fc896907cbe97158a35ba80d1c12a83888d357b409f24863b8e2222ac4eb8cb41cfa0aa9afff0ebe6d5103eef

C:\Program Files\7-Zip\Lang\nn.txt.tmp

MD5 982f59a8d80c08dee0173adfa92ccd6f
SHA1 34195c2c21b2113a45d9ce827e6f9493d3fc592e
SHA256 a6fd024bd003578f2163f5802fa40056b6e312c35b107a1a1e96ce572bf5016a
SHA512 4d4dad30305d8c5829ac98791d2587cdd39f0175e3c0c30ab41daee4a78cffdbfd590ff382c524938205520c254e01ce233180b603e7a0ac7ec23c1f9cbab613

C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

MD5 bf4a7f15c5345c9300d8ae73f8df8585
SHA1 91d75abed4764639565a8437d1e3c57e6e7e1216
SHA256 9905f5cf2c5bf08d8d80904f9df23552205e5eed148f53cbb21622873ccb3604
SHA512 91f1a52e0df5e88b15d1aa12846082436403424373fac7af556e51a5c804804de036e163df6d03d2f7f872bbbf6d2906f6a7fbddf2ab43a2aafdad734a30fff2

C:\Program Files\7-Zip\Lang\pl.txt.tmp

MD5 8bfc6bfd0ec6d5b9b954c8b3346b3da0
SHA1 dfe7d63850c10197fd01dc6ef684af1bea151be7
SHA256 ed25019e0925b8d7dc350fa42091957d01b4ab0c33e997850e2478dc23c1af9f
SHA512 94c52fe277c2b200142092a2a45a866266d6ca721b3b65a8592304254aef71fd6d7783675040d40c5271b9211035240e27a8d2af0ca77f2f38cad717c220c3f2

C:\Program Files\7-Zip\Lang\pt.txt.tmp

MD5 a0b357123589cec2a72c300d45df333b
SHA1 870ba857d6e29942ea29cb4cd965e3b4fba3aab2
SHA256 b736c186306f2c5e8b8d937c8114d45acc7f573cafcbec35c0d11e864aa720a4
SHA512 394359fb0a2cb6821ef7800a66d68e62fb7d410743b8b7f4ed9adf4e9a7bbf0d94781cdd453ffd57771afb788b3b731e3b7c43285d0abc721dacbe645d71edbf

C:\Program Files\7-Zip\Lang\ro.txt.tmp

MD5 471c4bc19af56ec7a85777301411d8f1
SHA1 96dfa40e227912f78ccbad4997360f932a10b00d
SHA256 149fb375e3c773d036554435dfe32a77a28f36c633617123e453118a48c03a6f
SHA512 69b5289d69f9e108bb4df17b7660442d9da27af94ddf9f9ff4920da4b5f5e1036618ef7e81ec0248640c1755435db2043fd034c8ac01abe266ab638c82e78a5a

C:\Program Files\7-Zip\Lang\ru.txt.tmp

MD5 aedb0348e4cd0e8cd2fe2555c2e76afa
SHA1 aeea620c4322989b8833528261cd68a8d5a51a84
SHA256 ce60f78f2bf37d54b360784c3865ca201719cd4de4a1af5501fca7e2c9522d1a
SHA512 f2189451301ecde6d203fd28275950d95fbfeb0e89cf78cffb7c063dc0255c7c40eda9df5e66baec21556f3361ff4249e185399aec74499211be39b4a4a9b553

C:\Program Files\7-Zip\Lang\sa.txt.tmp

MD5 46079d7b7b78c3667b61906b4ad76521
SHA1 2b0fd29fb367af7803684d180a31867a3fdfb612
SHA256 520af964cfb40eaf04c04ed8a8ea184834fa55e783e4ccae374ff08de8d4144d
SHA512 b93997a963a2fd4b8074c2a547d154d46b7bbf127d42541b6f610a6a62237c9e3a1b3321ae614875887db61da9183be99f0e4cd9456105302e4444b96e33bcc7

C:\Program Files\7-Zip\Lang\si.txt.tmp

MD5 ee07c1851233d2f75d2c9cb5c6bab170
SHA1 60aedf7a208c016c7ff9f7c80f88a49a2d8104d2
SHA256 c2c36d49240a52d6c00e69f75e8443681e7b8f24437887f843daed1895baccef
SHA512 44c04834e83844ef9ccd5e9c107b0c479d27156bf6025843417aa7f6733f36391bb3e13cee0b1d0eec8dd8356ac4f52ee0b3fcb4a7ccb32fab37c6fbd73d4fef

C:\Program Files\7-Zip\Lang\sk.txt.tmp

MD5 8f37ba0ab9b2a2d2fd0b37475897ee23
SHA1 c17ed9870d209ef88fe60a9715bdf45d3a9601ba
SHA256 96a3b25ec2e3258519c3268adc33c55d1a7e1aefc3e163aac0294bc06af16c69
SHA512 09d7398f58933a1982bb0c5f08eb7d17a2d72a596028e12336b446feaaac4de08b2deeb334362ce3746fbe795122cde7f478d74f561cf188f4dba5e265f055b1

C:\Program Files\7-Zip\Lang\sl.txt.tmp

MD5 634b204987e3b98541f8b5c879018806
SHA1 e5dbdc94a8a90ae000cbb653902dd0a977463a26
SHA256 05c2e5ed76072c3f293303c6d79bb27780dd0f2fd2343ee939d865015517115d
SHA512 faaee96c6cd4ced8e7c08c29356d3eeef98e06acbba291b64a28b0321a3212fa432a4c601a7f7b11802b0a0094b5b2cabafb83df2135f1c141cf72b25e2a632e

C:\Program Files\7-Zip\Lang\sv.txt.tmp

MD5 8d63646302332af5bac055ebe5212aee
SHA1 98e50698b4c55babfb416f5268cdb940aa4bb967
SHA256 2edc32e35ab9700558bff14262c6628b45427c70f011e3a6b404667f05104af1
SHA512 dfb5b5e58a8ff09b0e73f5f56720cd542cebd92ea726168cd568df3543c5f32b4ff7247815784fdcaf4d3696be7e1d4b5cb8356ad29410fb28d5be8f8f7b672a

C:\Program Files\7-Zip\Lang\ta.txt.tmp

MD5 4014aba8f066c610834568c67645cc4f
SHA1 7c789c32a6b2b4d89434a22368b5fe6d402680a8
SHA256 0b985e597f5c9f45be2276b7819885b6fa6ff3082665e30c4314be7f7316849b
SHA512 022910526664597da78e59c047dec6c9bfb0cd751fda90c64acbf71db6a5886c4504a89fd00e875c63c8e78a00f4cdc1196d67eead356ed09f21271e47e136ff

C:\Program Files\7-Zip\Lang\sw.txt.tmp

MD5 29284a5e708509ac7016e021a3ea2cfe
SHA1 79430624d182f0941fc3bef43198130534b6e704
SHA256 b6cf662ca6995408ab87e4fdc3f8b028fda453b1f64c161816105fa46d3bfc5d
SHA512 624badbf6a1a9f986e6b6e06d104d7e314be4ecaa819405d81aa61046e569cc2533a3460846db68d9add12b67d51de7210ffc05eadc2df6a9ec43897d5bec30d

C:\Program Files\7-Zip\Lang\th.txt.tmp

MD5 4e51ccc855cf49d3c2aec3dc6ea0cc52
SHA1 3ffeeb24604f0657a27efce47220859f2e9349e2
SHA256 db4aa7d33cc48125b70a9b371a5e2fc6abfad5d3fb6cd19eb7d14b21a2b3975d
SHA512 abb3a248e9d600aeb497a9d93d0c778b7b9e705dd6e40300232c1a4e6b4ec5c189901e43bffc02aef5871532dced0add3e7c726e3b97f03f0584a98962657282

C:\Program Files\7-Zip\Lang\ug.txt.tmp

MD5 47218de94b392e821ad021e2f6134ea5
SHA1 5f3bdf4073fdf1b48347af3df2afd246d121dbe0
SHA256 9ae8f40de7cfc6cda138f68facb6cb2a09bfa24007706376f93b3577197d2953
SHA512 9a4fe0286830342a02541782df1e8c2661302038e82487890534475813f0fba28527a2ed726d753766c25d996cdbf51d179b34799a2211536d71bd404faead10

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp

MD5 b425280506e3ddf88935a452bbcd2104
SHA1 1c447a428a76adea7ca2692d53339ff80f23b6f3
SHA256 090a9b8d990daca2033a3fe4165fc601b379beb300358246e2bccbae77dca388
SHA512 3ae6103aea64717dac1b1dd74b7c71d384f1080b6437c9d75f7fb9f2d2a7fd98b5c95e58947195c138bdce36324710b2aaf694819229c580abb7e668cfdffcb1