Malware Analysis Report

2025-08-05 15:06

Sample ID 250519-q2dpsahj9w
Target 68396e809bb0435da33975c0913773263bfa9ff5cad7861f034336604f387f76
SHA256 68396e809bb0435da33975c0913773263bfa9ff5cad7861f034336604f387f76
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

68396e809bb0435da33975c0913773263bfa9ff5cad7861f034336604f387f76

Threat Level: Likely malicious

The file 68396e809bb0435da33975c0913773263bfa9ff5cad7861f034336604f387f76 was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (5250) files with added filename extension

Executes dropped EXE

Drops file in System32 directory

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-05-19 13:45

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-05-19 13:45

Reported

2025-05-19 13:47

Platform

win10v2004-20250502-en

Max time kernel

149s

Max time network

139s

Command Line

"C:\Users\Admin\AppData\Local\Temp\68396e809bb0435da33975c0913773263bfa9ff5cad7861f034336604f387f76.exe"

Signatures

Renames multiple (5250) files with added filename extension

ransomware

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\Zombie.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\68396e809bb0435da33975c0913773263bfa9ff5cad7861f034336604f387f76.exe N/A
File opened for modification C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\68396e809bb0435da33975c0913773263bfa9ff5cad7861f034336604f387f76.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ul-oob.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\PGOMESSAGES.XML.tmp C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libssl-1_1-x64.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Handles.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.Net.WebSockets.Client.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\currency.data.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsym.ttf.tmp C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdb.exe.tmp C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\dt_socket.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt-br.txt.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\System\ado\msado15.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\Microsoft.VisualBasic.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\System.Windows.Controls.Ribbon.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_pt_BR.properties.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\he\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A
File created C:\Program Files\Google\Chrome\Application\133.0.6943.60\VisualElements\SmallLogo.png.tmp C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Templates\1033\OriginLetter.Dotx.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\ru\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\BCSRuntimeRes.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\react-native-win32.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GOTHICB.TTF.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javaw.exe.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD.HXS.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\jfr\default.jfc.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.SPClient.Interfaces.DLL.tmp C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GB.XSL.tmp C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OSFPROXY.DLL.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsFormsIntegration.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Google\Chrome\Application\133.0.6943.60\133.0.6943.60.manifest.tmp C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-phn.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.PPT.tmp C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL107.XML.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationTypes.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\java.security.tmp C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jsse.jar.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.ProgressiveProcessing.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.XmlSerializers.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ExpenseReport.xltx.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.ServicePoint.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\68396e809bb0435da33975c0913773263bfa9ff5cad7861f034336604f387f76.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Zombie.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\68396e809bb0435da33975c0913773263bfa9ff5cad7861f034336604f387f76.exe

"C:\Users\Admin\AppData\Local\Temp\68396e809bb0435da33975c0913773263bfa9ff5cad7861f034336604f387f76.exe"

C:\Windows\SysWOW64\Zombie.exe

"C:\Windows\system32\Zombie.exe"

C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe

"_Adobe Acrobat.lnk.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
FR 23.192.237.220:443 www.bing.com tcp
FR 23.192.237.220:443 www.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 c.pki.goog udp
GB 216.58.201.99:80 c.pki.goog tcp

Files

C:\Windows\SysWOW64\Zombie.exe

MD5 ba33915eff6a8a64483fcbd41b3a4319
SHA1 69c3cf6203899feb740fddc36903aa45ac658d1c
SHA256 9832a0f657621439c28c6b1aad76a687ee46015a8f95d2076ff6654ae641a22a
SHA512 b379695c8b6cebeaef908ef8349ce97eaa410bd91f94a7fce7b21db9a371f3578aeebe1507ac32e1d6da3fd155cb17961baf4f19bbc07f50671763a9430c0bd6

C:\Users\Admin\AppData\Local\Temp\_Adobe Acrobat.lnk.exe

MD5 b471a503f0726a7e1be89ce7d0b8e042
SHA1 3d8b8632859816d7dabdccdf3ebeb2b0e0e175f9
SHA256 70babc681d859a4da2bc63449522dd30dbbefd3374e82334e70c0c240cca696b
SHA512 1c3280eefa69f5ba7e2e05857bb2211bf45546f9c681122458a8e02bfbe9706eb90969d838e054feb1d4e6a3c8164e3a60ccc498784f4d9b70a1b2c933b49904

C:\$Recycle.Bin\S-1-5-21-343936533-1262634978-1863872812-1000\desktop.ini.tmp

MD5 3c8a3d48eb700bb92bd75e1c7b6da649
SHA1 705276d93ac80a068772d450c4b633f7b7586495
SHA256 b2bea68a018ecbcce857032b1e380315d4d24e822f82dcd38b2752c291c39395
SHA512 27899685af8bdb530d54ab83134ae87bbdb8c58e01758c4c7c2e4efb55997678fbafe634b5831954754dd73b4b3214e0b11a5453e731838ca7e1a669ddbf7390

C:\$Recycle.Bin\S-1-5-21-343936533-1262634978-1863872812-1000\desktop.ini.exe.tmp

MD5 94f314fe4ca5d457a565c115acdfb2b0
SHA1 a63492609ffc10e515a1e724752896bcca1b6ece
SHA256 728631aa55a4662612d60cab7f087d12cc8b3c1498892df45f9aea9d088d430f
SHA512 295f23b957c4fb59d6abf7e9e9eee82527fa2564168945acda40f85275b9d28ec325129fc2f61f56b4c5ecc50036adc07ccf79d4fb3b878cc9d47908b67995b6

C:\73606aa2173bf79693c8b74b\2010_x64.log.html.exe

MD5 787e8fa2b98e4693eae80306dbae3895
SHA1 00816129d42856ac40e1e073d550b4e830477f2d
SHA256 ca3fd1da0d2cbb153acbd00d621d89060483684b9aacc7771fa346c331806f46
SHA512 8f7f49a0cc806bc2aa22471c7d6fe5c095aedfefb9ad7d0e97702b5a5efbbeb65c5372b1c9342622d9fe63032761922cf906974d97ae7631c683caf8e7452c26

C:\f21fae8705b262c53286e8\2010_x86.log.html.tmp

MD5 41b06ac975742b369fef6af02af3159b
SHA1 b255d7c3249df5f01def9372b052b3c89431fd9c
SHA256 26d4ae8f0d73162b7fe082fddbaf982ec3eef85d8b64815485ce09aeb11cdca8
SHA512 6ff6af07886be56448ef624d12b8982ea708b38f443ed973f8d3b8ea866a55e749e66e3d6b1247108c1e875e163018011d56491af19136f0f7e540270bc4c174

C:\f21fae8705b262c53286e8\2010_x86.log.html.tmp

MD5 5400235b55925870118ac585d35bc8ce
SHA1 3405937e9dfcb32045bf725b43ffd73a9ebc270c
SHA256 045d19c0d451f0e46b1a8ea01f7606baa50ace8cabc9a78954cd1ad6b903f147
SHA512 4e9832ce5113c1003f3be5f4eeaa0d4e9761f44b2fcda7498f7380f48483e6205bd61390c13a7eb295e64d0e5a7011976b568edd28b9dbf1318fd60ca9723d19

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 6214a01bc6b817fa3b5d575575110de1
SHA1 0c966f85b2774e4e1fc27b38c13e69134681a355
SHA256 105b528eeb4d916fbb1538e12b6f7abb4f34fd7e1243faddca3afad23a7e1462
SHA512 00f45e331ad01357e3e667ea8bdb8cbd91d21c7756e24c2b45ad1647d8a6572d75353589d799fd9986960e849655d0a6d3515987872820fd1bb5fec7bfc82433

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 4c775ec5a5241eddb4c2d4de0e8a6da5
SHA1 ce0bc84fb9293668b6b8c6aa1d9e4d084d2265d7
SHA256 4db4f412c3e9928e71d1b4e5c0b849d4e64626ff92353fe4172634dc15a91511
SHA512 94a518f813cc5ebd9d0e8123d16d9bdbe2f3c9d306261ed26800d3b7693186ee7c87bb1f856f00f1b9eb2b8778557bc01c8b01140442b1ee21e61d6a4d6a449d

C:\Program Files\7-Zip\7z.dll.tmp

MD5 d38f83d6c0d2bfc2232f300329bfb353
SHA1 624a1a0c89f1c19852d88f21f421049522bfa3dc
SHA256 ae3fe9e83cb60d7394737ec93a8a80acc5c3637918c2843ff7e48a1eb9fc2d52
SHA512 e5d525f953f172de43e22217514ce70036051bea3a614c5fd832b4aadcc9dc7bac8ff26e6b064bc556534a435e7a79d812121a9a862512f584ef96f954c1aa65

C:\Program Files\7-Zip\7z.exe

MD5 5774a3aeac6ac6f6d40687c261607415
SHA1 6a0a234424a195272a7a572f3e771852b55e5f14
SHA256 c962af4b26e0aa35534794c6723bc954475473530339e4fdc27d6712fee4449d
SHA512 617fc7cc5ebe557c9fc55d8447de5b11efdc9327aa9d4c5358aad393cc58c8879993f7600a178df093720f585a8ed81e0dbd93172f2b62f472823b3fc983f8c8

C:\Program Files\7-Zip\7z.sfx.tmp

MD5 644af51f7e70a7419e8773a857249ed3
SHA1 af684a297c2e6f7d898efa3e686e2755b55c9127
SHA256 d9b7a1d4f6693c14487c03d5415b715ce90b054a66afa55b0ba4d25ff3eb717b
SHA512 18816ff2fefae71d733e73711e2667335199d8796aa2b869fcb6a157606bdabdf326c3c9b263aced271a4e52e3aa4dc321d80940c8716cac0cf09f643b592369

C:\Program Files\7-Zip\7zCon.sfx.tmp

MD5 1e2f34863daa6bfe4a1ceec44fe9c64e
SHA1 b0b34771bd7666a66d11ae7a1b096d453b34bad5
SHA256 06805a785ee700686e196d1c32548afbf934ac8fbd286972bc20e809da323b09
SHA512 be2e4203b5da2ac4835954eda4145cbe8026a120d0df1650afa96ca09ad2ca7e90b982f7879e59c73f9a1373e6e0f8c065eca7860e855d58660426e26e67a192

C:\Program Files\7-Zip\7zFM.exe.tmp

MD5 c94b38d2d849d23d848c402b892d6fb6
SHA1 9566885ac47b5727da372f72375dce604231e688
SHA256 1548ee5818afcf6e47d11d7486079b81688a2e5168961b9a15b12580ab991a09
SHA512 8b8cb04774acd3aef9992e6573c9cdf8b972cb82c4d7aa1da536afc05f3467b4029e4f15655bc9badafc358a8b8d488ab16ea90291a51506753930a2f36b1117

C:\Program Files\7-Zip\7zG.exe.tmp

MD5 5e374511e0c9a81d99fcea528414e2e2
SHA1 b71d9a17cc4ce7bc5f526f0b3abf3d9a4875e59b
SHA256 fec7fe0eef0ca4b6288c68b8c7e79ea99b60f784ec6159aaf05c8213e3f83c4f
SHA512 eed100d66152d138a6a70991abe684411acc5262709bfad7df968904a2e6628ca268c2227c4692041e45b8e3003a6efe83b398abdfe6a3204a3b5f024f18dc29

C:\Program Files\7-Zip\descript.ion.tmp

MD5 0c2fa56314ec8dfb647aac5013a06196
SHA1 abfc9ea63f29d03001db5752d1a61eff5ec70ce1
SHA256 edfb39191f5839cd663676255df78e16319a175404ea53b253eae1413f3ba150
SHA512 1f9e79dca9c54c0c0d0e27e89a6b9cc2446706b48c4e98fc4da647a54ff3a63169831f36339bbc19d7fafdd0fdf21433581ac733bc61ebb4a94b65d5c67e72e2

C:\Program Files\7-Zip\History.txt.tmp

MD5 5e91c40bcba1df868008fc66a6bc0608
SHA1 6806b88e5eaab44a579054538eac326ed9a01d74
SHA256 00a2433384fe39b6ac7548933dee0efd3c53813bba65e977f3c6d29a29b0b6fb
SHA512 ec6b66d0b53443b656b99ec8122830834d91fda7acaa55be2c8043b0afe2ff5d714e2f52e50312e8726938cf000f77ee8ca0df14e1e14ef05383977596c323bf

C:\Program Files\7-Zip\Lang\af.txt.tmp

MD5 45db64acc0944af0cd5fea8b0bc96a35
SHA1 47e21d684ea38d717350b606f1bad8603a3872fd
SHA256 0bc91df015b0475ee21dbc1cdde84915cb5cdadf9e791520e9ec872ba6c9e745
SHA512 8fde9f92019b99fac7c972de59e32110a694edafa46f569be46b08222146eff42fec65749f189741c67f969e501d4dfc9626fd480272157aebda8a0e258b6515

C:\Program Files\7-Zip\Lang\ast.txt.tmp

MD5 7db9a4558b992c4e74771bc83f5863c4
SHA1 2c4c68d3a8f7fbfd4e71c9bd692d7c92a0d5296b
SHA256 9dd34733ae89808e91204be094729fa318d826dfc152edee6796a0d4d3d81713
SHA512 3e100e4189465f3e1ed51c65518ba622d313b8e23aacaae3b32b5abb1fb24fa9dade576607c42b87f6c8d5a34c82c48a28da8e8fd36caa255f1245f25d90ea41

C:\Program Files\7-Zip\Lang\az.txt.tmp

MD5 1f65ab2ae3e156127b3932d821fead67
SHA1 13dbba6c4e1f61314c428e38503a14a2dd7d4dc6
SHA256 ac6f714ea9eda26dbbe448796b1a5879fb44cb1c7d54e3a0a258e6f1e1f07278
SHA512 2886ac3e40750cc346cf02dd4df20c811cc677272c218e8444489d4d57302a3d331dd0edbca1845a169aae06b3e02c900b5e808be449cfca6afdefac17113feb

C:\Program Files\7-Zip\Lang\ba.txt.tmp

MD5 b02e02195fad180aa3ef6d809a1fd990
SHA1 7b17b0a58087bb4c2d90ce97a56bd25112c16d68
SHA256 c55edbae4792e89ec1c2ac575527af8dba1129ea163c63844375324fbd531ce8
SHA512 25ee4cc06b94f2fbaa09042866a8f1e1a68eead7fabe12bc21e79bd920c3cce660a3595b621075730f94a42fb097925e980dffe1a2c28de60912f5234657b198

C:\Program Files\7-Zip\Lang\bg.txt.tmp

MD5 46c697529abf1c492e8fa95eda9c55b7
SHA1 bef8ae6630ed0f6b1ec1486c0e56387f340cd62a
SHA256 9c8ab5bef7c27172f21adf9829dddaa12b99fd41511ddce9edc9f4574d7748b7
SHA512 66ee7a0e93c8b7e2498eed25094c76d9c1530093d91a5eae95618f01a13eef3527a5e1411de3d74b94b95664d568b840d10bf24996bdbfa204da674818618ef3

C:\Program Files\7-Zip\Lang\bn.txt.tmp

MD5 4354b534e3f212f79bf23fd454bbb599
SHA1 4fc2b29aed857577e8aa05979d9f2622d861d3c8
SHA256 cc8b3915920ae315a3f113a22242756f00d7c00518aa1d2ea6dccc2cd4f7f8cf
SHA512 5a51e5ae26b85f4a8095fc1ef9deb91113a776d654db131b8f16cd9859ffbd281e6f6cdf7354bbc6737e520e68810dc1f7b989982aa2135320e114f2ea4543bc

C:\Program Files\7-Zip\Lang\cs.txt.tmp

MD5 9f1fcdc852495085b2e3c4144ee3d2ab
SHA1 a29209458ac4de0fa2b7c1c4f79e46042ed457b6
SHA256 5abb75441883a02d761ab0d3db16a150c19db608b7755c65a5d41df14dc27621
SHA512 17cf91512ddf4d0bbc7d607d42985b8698233e9984324f449a551ac07527090c7fe6e7be7eaee91bf6d821ab65b51c83cc71f41d721aa25beb7cbe9d224bb2cb

C:\Program Files\7-Zip\Lang\cy.txt.tmp

MD5 829707ef72430147d504c080b564d59c
SHA1 58d3c48e2b7ebcead056e2c26eba5b020a0e9de0
SHA256 18d84e5c58ba8dc712470530691f286dd43394888095a85e03cdb54ac210319e
SHA512 7fdc8be2792e0bccebd41fa688903b6ed0f935cd3d00a99714a8555bba613fdc41c1b666918f3a5a94dfd9f50eafd35917c98edfce0af213516a7ac02d73c8a3

C:\Program Files\7-Zip\Lang\da.txt.tmp

MD5 5468071329197fd8889d5eb4384354f8
SHA1 af0bc4555a79fd0312c64ed2bafddea10a605d0e
SHA256 afc5e14f2f318f353e6b2cd6b97dcabb148b804189cecac5c4ae81a0a1921f7e
SHA512 b57dfed1e4b710acc94b5787725f25b157c834f739a82501bc89f302abd14ea78ae3dd52e4aaf9a0578225370f8ef225589534ef9fec192f96e2428349f6965e

C:\Program Files\7-Zip\Lang\de.txt.tmp

MD5 41eba153b6e79fb9215b42dba69c302d
SHA1 cff76b349e88bac5144de8106fc802cad11ff229
SHA256 36d8ef482195b42b3d23d156a5a653efc9b84df014e87d1f5cf47a6b880e470d
SHA512 fa233b788286043f00e18077caa1b7ee484efadf4854cb9d4c1387af9d8c6562d55860e4a2a062834254292726235ea6b6d027274f67cefba82605432679aeae

C:\Program Files\7-Zip\Lang\en.ttt.tmp

MD5 af4f1a9b409295d490b571b63680fc36
SHA1 54b96a49a2deb3e01693b85fe498bf429f923477
SHA256 4ebe144f564da3dd9f4d6a5d93409acb4dd42c93b73d242db55c3c8df36a9442
SHA512 f7d0e82cfe776ec1d5750780e6a83a5b6d2d9c6d7d974b8567b2e2de02c41843f52089089d6fc67ecabcf1bcd0af718ac7afa043bb852d1df8a136091dc20e59

C:\Program Files\7-Zip\Lang\eu.txt.tmp

MD5 6e9201bc75145c5199cabfbcebe5f4e3
SHA1 0fd927476d6e97955fccdd3cd149236c2addc1eb
SHA256 d92769c9aa0c7b8d9f0853074f11f7fca74c96a862cbe0476de6e7af62c59000
SHA512 90c8bc99434a90987f79108a7e5361766250a585a0f22c038da549eb1451397b4b27ac68b6264f475326bc4ba68f7e2fbc25a34ded41771f2b793baca986e79f

C:\Program Files\7-Zip\Lang\ext.txt.tmp

MD5 2b0407a5a56df4821cfa4ab202f1a18a
SHA1 43eb72bcd34a6234dd4a7a47a63cb50b1f82044b
SHA256 ef197b44641a80468268721f30adfe5b9d136655b54cfc8c1297ac19b0cd1451
SHA512 d42b8d0ce9959dba2af5bcf6ca4446696e522d2178ffa9857a0b9313ba2863ed84bec4b50afcb54753cd304547431148e17aeaf7e92e1d313bdf2b25817079bd

C:\Program Files\7-Zip\Lang\fur.txt.tmp

MD5 e2844dd7ac49f7d499f0317a6e8c5bc4
SHA1 5a965854bf77b220a05e392847125ca2ca4fd885
SHA256 f6318fa3cda2a2ec8953de27510685c68b57149a6decfb98edbe6f2334bd47de
SHA512 2c5748aee5c9d4e5d937af495ebac7381a35690b5f7d47e5850714c20a3953e6a0aaaf0b27fb02d8f47d123391711c4a6d4283e4f6cd35ae50523a4a7a427cbb

C:\Program Files\7-Zip\Lang\ga.txt.tmp

MD5 607e82a2da20e28a4aa5836f29334f36
SHA1 8cd513d44f1ee1023eee09b3c81f5579581b0ed3
SHA256 ed5366b2207b6a4780c980486fe14e58db97a434741536e9d4415bfb2b83f453
SHA512 0b6570ad2bef570c6ea0cf2194a08a89072a049ad9f0bda7951865c35fea9135231a6c2f6bccfcfe02365834271d76f593088dbd70593e17a4fc6bc5b78486f7

C:\Program Files\7-Zip\Lang\gu.txt.tmp

MD5 aa652d09e8ffc47f5107095a8b9854f8
SHA1 1571c3b6220e1ec243a435d83458ee2adfcb88dc
SHA256 4031da39639a3f6db89cf63eb0c23c01dcb70d8a483d93f4338886dbde9a4094
SHA512 e961e826d9cd2c05742501149dacb2590a6ecafb2a193232d12e0fea445263c6328068df4932f6fcf908fb9795789e77e959aaffe4c07f2078bc5af86e30dc1c

C:\Program Files\7-Zip\Lang\hi.txt.tmp

MD5 0afa5652bbb78fa3cb4fc16b488ba5e9
SHA1 ec8a8e55a576b59fb4029f8ebde51d548207a284
SHA256 d30d586bdbb91c012ebacba8fcf6894e0ba2b5eae348ff4252e908e3997bd520
SHA512 5f7fad33a48125b522994a108864b26d0c4964f8ebffbdf181b0957a1f65c6240a497a701119860dc46a26122e14e67f4419232b32e0a54f4cae248e9337dea6

C:\Program Files\7-Zip\Lang\hr.txt.tmp

MD5 f13811243c572ab6d21d96337d93cc65
SHA1 b5d9287e003a42c21bd3ecd349635099bf3a7040
SHA256 2ef5c261f1b00decda27136c8bc0889b4e245053479331fa6ef8a9d5e50c4b3a
SHA512 74b2ea5330ba686d5a41b06df81b049d76b480f7a33d004014a9f2932ce49586595ba7e8453ccc239b8e197f65eba5c6a6dd44f727fb48d20cb4e7214153f907

C:\Program Files\7-Zip\Lang\id.txt.tmp

MD5 53fea6bc03611a56f698f56ab023d6ff
SHA1 0206613a77c99dcbb5db1f88f1ce85c5fb9bc7ea
SHA256 209d2f885d214f1477cea25d307c2d3116c3f981d602bf38a4175ff0ff7d0e8c
SHA512 8f797a7e6da4c78a0af22871d85a13759628f6032559fa958daa21931768234c8644c86f36c18ff4204a9abb41d525ba536868b460a174429b4e52dbb4f4cad9

C:\Program Files\7-Zip\Lang\kaa.txt.tmp

MD5 086c08c447c8aaeaa03523ba3f9b4ecb
SHA1 8431ddd7de1917c686cf7e46daa431553833f1d0
SHA256 a803177ae42a80b1028b4f803fa1063ef7ce77d301367f9266d522ef946b587a
SHA512 417a444725c192bf39c36561aa2d4584cf2571e6d755c7ca853d8a3d07ebaba3fdcd5c0ba206665614a16f5553711c88ba4e73a8b050bd46b3cc3feb908522c6

C:\Program Files\7-Zip\Lang\ko.txt.tmp

MD5 1266e8e03e5d4c46f12bfb493b113ad8
SHA1 0705a255a10e46e6e92402216ada043c1d5ae659
SHA256 e00c82b052b91fb36395420a75809c2fab93ad352567607be0b3659db627c582
SHA512 7202cc07368728e488aeee2a1ad643a4cf9807f8db8f79533c9a9c6dc191469e4ef0aa03d34262122818b318887a32ff88ab8346db61835c9cbffa0ddae13bf8

C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

MD5 617fdd6668c9a03147ea5bf8b0faf01f
SHA1 df7b9ce7ff3cf52ad5ecb14b81034931f87034cc
SHA256 6380867679860a2edac999dfcf9f98e542c31fb8719439461db2dfe60610ca2b
SHA512 e585544ae226bec65aac0f5710dde38416b18043b77e980537ab8df3f9d3f58ef7ab5b3b223d90f25dae9bbed7d0581418066d76f404dc9ad41e762dd5d52ad6

C:\Program Files\7-Zip\Lang\ku.txt.tmp

MD5 1b81a2e8224a5c826e2da6fc4e5b0adb
SHA1 02c149303498eeb612af5236cfb8d3c4b2cef7f2
SHA256 6a881efb1e16fd7e80e073d4e51634ae158ddd2e45beeab1b17604ccf3f537fd
SHA512 ffdc20a84c40d9d620d960c49fcb46d8f5fe0843f1dc8de04a7aa820831f6375a9ae0e3836b320da86540af4eadb8c784d2cb03135db49b9256c4e7fd8eb542b

C:\Program Files\7-Zip\Lang\ky.txt.tmp

MD5 134e4b62ce4942652ea7b247c42c41a1
SHA1 cc5613c34ba4fe1afcf7f9aee9ff48480cd0ba18
SHA256 2a2fa77994dbd78475cd1d2d8b587271f7bcbcfa81f085aaf2be222b9a430aa7
SHA512 bab4156a2548c71afadcab111864e597b45ef345ef440c59005bb391c01d6f5c177eab3ff071e4acd1232d9ab005325234ef08fd2a00bfa9c69ad27bd0e91f1f

C:\Program Files\7-Zip\Lang\lij.txt.tmp

MD5 fd58202f0bc2ec92aeb0661e7e877daa
SHA1 a960ea87ad1ea6136b7bf65d82196432305706fa
SHA256 d1248e1bd3a1a6f683032d781b5b265b8f18b240f9a86e9646af4dae204657ad
SHA512 19bf6fd17770a3a5ca1bd7a632c70c7ae621580571d782e527c50bfac271d8258d79ec00decf7630981cacfc82374910c1e18c41326d2d03e610055e44d3e971

C:\Program Files\7-Zip\Lang\mk.txt.tmp

MD5 5aa90efe663c81d38f1c6e79675f9156
SHA1 25617c4ea6b4e8f9c9c0ddd16c647ba7e381a9f5
SHA256 2a0f6bdfe4d3386f129cc16fc18055b04ddfdd5dfae9bd416522851ac1a262e8
SHA512 3bf256782c9ecec6324e9e56157a134d645a77f260a9255734d1a9b7d4db3ceba0d34a129129e7633e8b630932578c841808ef11e115b960e1cb10bb36755e2a

C:\Program Files\7-Zip\Lang\mng.txt.tmp

MD5 721abb9580caec4adb624b5ecface0a7
SHA1 5bd2cfd0c2f222d2293550d53ffa5cb990134903
SHA256 ed6a09ab31237a99c2b388e374c6157b896f1f9fd1bda48b9cfd13a78966ec5e
SHA512 821a7fd5c1da0588d7c344aea3e8cfc050cfa5f64120c00ead5f387eeb1cf8d10c0c319ad11aae744354df1b88f32b37b33b31df206b2210ef42664890665e9a

C:\Program Files\7-Zip\Lang\mng2.txt.tmp

MD5 7804a07a28bc65e3a532202f33bddfc4
SHA1 0bdbd9099ed71efec2a102a763fd33e2616a0734
SHA256 972bdd1705850f3f2b9da05d59580bef50c4ea8a13745a19bc9f67b1e45bda12
SHA512 7eca81a4de7ab409c13bad49fd5c3f828381fb9d07c96117ce7f46a357c2095d1968b3330b20484c8dd8e900db91a859148fb880f53a7754d37e61eb47b953d5

C:\Program Files\7-Zip\Lang\mr.txt.tmp

MD5 74901c686529fb5a2713a4fb1154f4a2
SHA1 677bca02baff6346615585aeb9638703d38370bc
SHA256 3c7d108cba6cf8dc9b2bde2ea95fbece78dc22ac3e5a9ca94b1c4f1da72b9e33
SHA512 a451974e32c38b53326496cb10e2efe6afd8068b851dd4bbc67d31a66df71a5d4196b3aaac7a5edc0188d9043475d56eb3df2f380f9eb7508ec755f0e2333873

C:\Program Files\7-Zip\Lang\nb.txt.tmp

MD5 8574a5390913edc6e8f78ad302f97c20
SHA1 fb64b132b9e5c7b0496930366de0a277a56702bb
SHA256 c0752a6984b32acf430f3cdb4fbaed30ffb638b001b914638ae8832e554991f5
SHA512 87fde2046104f7b3a0016da332f25bd4a56836c7a56ee8612bb84bc3f0a04606ca8cebc0e43339fca60634abcd99d46eb65652c6a802042d55cbfbf13536ab1a

C:\Program Files\7-Zip\Lang\ne.txt.tmp

MD5 76468104ea471d5373d55578928ab4f6
SHA1 4b878642b24aa9515043c08a17f5bd9e2ec8ae1e
SHA256 01cfa64d155f3c5ab033c163d12fd43eeb691399f024d951b1924c03e6a6ae2d
SHA512 9de5ba77c258cdb9a81bea217337fe9018123a83ef9e14cebe7d985cbd0212474d577ec77a8e6e9b79c470328e5c942d6a85af12f7521b4273c474c8435f7869

C:\Program Files\7-Zip\Lang\nn.txt.tmp

MD5 e3bcd02b46813a10a531687f20aff21b
SHA1 fdbf1cae42c26fd0631228dfa4f33f579abc78d5
SHA256 df88490628808169a58bd09d05f8ab36e077d5fecdecb4b38b36bde4e1b0eaad
SHA512 0418a3bfceabd0a1c6c938e1a078e122d0d9ba3eb7a8afdce908aa2474f4862c26b229aca93e09283677a9f5d0031c24d27311fabeb0851069eb1a7ba1d1f2a1

C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

MD5 da8458ef2b4203e3546f8abd6e3498ef
SHA1 1c5c1571456ade60fc6453ed22d936dfbcece29a
SHA256 84ab0328584e4773ea9e138049721348fe0836f5bd527e2c36fd07d1f8787aa6
SHA512 40c245068a80c62e0de507c63b6c161a126aa2f815f5edcf3b35723a26f4aaeb948c74421ff5cd5c345ddbac9d039a7e9638ff34ca089b62e7327f8a699c1625

C:\Program Files\7-Zip\Lang\pl.txt.tmp

MD5 bd336084d60cd40a71a47d01e2b474ee
SHA1 627e14a8cf68652a1f5962d55bcfef7118847c96
SHA256 317e20cbb836312110b2cbd555fa93a19f4fbe1e6f989b288c85f0c872781512
SHA512 2492bd73db5c927cf3a8e97645ed1a104d56ec799a56a5c7ba587dd9cfedc6070c92055cde42192ff763ec747f5eb027e4ca0e76871f844fac9675db43bfa7c7

C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

MD5 3ac1f1663e1ca8cd267c78256d84c11b
SHA1 da72cdcacf1aa4b9192b28e86e492df163462be2
SHA256 a85440fef7b9ff349db886a42e1c6859a19fbaa5a7d1f64ed1fdad2b163cb81b
SHA512 312d15b8ead756728fa498540bedeb0b004214324df8ea1dfb8bc3c192e25dd5db22c69e63206a9f3d6af107e798146cc140be44bbe08a8f10d0153b8689b0e4

C:\Program Files\7-Zip\Lang\pt.txt.tmp

MD5 8a33e4f8fc9662934fef45c605844375
SHA1 e6e8cfb2caede3dfa7cd5d56d4ebcccd5303209c
SHA256 639b58cc609279e4c9e60083522e95955b9510dbab1d10a2639f8706d783b32b
SHA512 a7225a86fbdada3cb4fcb013ff6cb595d455c416a486d3d43497cd1cff8ce9798957058d5eddd7304e032b069c8e2d8fc68a34ff1b01d60b97691393af98daf4

C:\Program Files\7-Zip\Lang\ro.txt.tmp

MD5 e16565815d634af730f7c1827d54905f
SHA1 bc72174d9cc555f35e8487da1fcf311d2accd55f
SHA256 9e0a22932f7054b32deac7045351639aef461d130cc4d169ec9470408b942a55
SHA512 f76ba22fae5590fe986904f8f8c73b0ebb090d73bdd790e88b5ef30547f6af46c8e55f395672e5c6658ffa06e7506aba9083caf2b728a1dd49b1e68c380b7177

C:\Program Files\7-Zip\Lang\sa.txt.tmp

MD5 c63cdee5d3886237068f1fb0a35238d0
SHA1 195d6a7af9b2526e130787e3ce899674c5fca5e8
SHA256 bf18002fa836667e5c296fa6719a3b557950766626bb4312060c1cd4ae1a0e63
SHA512 0d5b93eaa57a7632b41742e48d6268d2a4302a2fe7fd5277ca13b8160bc7f79f7005da72c7d0b0f84eeb894f5ab5c78073b9d86fb981456174aa05d4d5456db1

memory/2940-1219-0x0000000000400000-0x0000000000407000-memory.dmp

C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui.tmp

MD5 7a3dd52235064f1a28d719313a6b4cbf
SHA1 c2f904e419bfe85a59ed4dddc1f252a42d1cb692
SHA256 68bf4f46e49cd49138271062c83a8a8c8809d702f824bde8b73dd01711eae7a2
SHA512 b9d998baf7aafb7e8c95f98b5e85b7222671f6b71348a10bd3c6d5ea1e20ed16d929d26aa835d23a388c83866f6fcef0a65059e3efc99debcf1a6c9b1ea78241