Malware Analysis Report

2025-08-10 20:09

Sample ID 250518-n4apss1qt5
Target beb293f4a6ced1f02205c358590cdce6df6832ecec72d6283d8cc45b42b76bf6
SHA256 beb293f4a6ced1f02205c358590cdce6df6832ecec72d6283d8cc45b42b76bf6
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

beb293f4a6ced1f02205c358590cdce6df6832ecec72d6283d8cc45b42b76bf6

Threat Level: Likely malicious

The file beb293f4a6ced1f02205c358590cdce6df6832ecec72d6283d8cc45b42b76bf6 was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (5419) files with added filename extension

Renames multiple (5238) files with added filename extension

Executes dropped EXE

Drops file in System32 directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-05-18 11:56

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-05-18 11:56

Reported

2025-05-18 11:59

Platform

win10v2004-20250502-en

Max time kernel

150s

Max time network

141s

Command Line

"C:\Users\Admin\AppData\Local\Temp\beb293f4a6ced1f02205c358590cdce6df6832ecec72d6283d8cc45b42b76bf6.exe"

Signatures

Renames multiple (5238) files with added filename extension

ransomware

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
N/A N/A C:\Windows\SysWOW64\Zombie.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\beb293f4a6ced1f02205c358590cdce6df6832ecec72d6283d8cc45b42b76bf6.exe N/A
File opened for modification C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\beb293f4a6ced1f02205c358590cdce6df6832ecec72d6283d8cc45b42b76bf6.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\PenImc_cor3.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Google\Chrome\Application\133.0.6943.60\Locales\de.pak.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Facet.thmx.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-pl.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-phn.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\LHANDW.TTF.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Primitives.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\CT_ROOTS.XML.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL083.XML.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\comments.win32.tpn.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.Collections.Immutable.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.CLIENT.CORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-80.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sfodbc_sb64.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Fonts\private\FREESCPT.TTF.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Google\Chrome\Application\133.0.6943.60\Locales\ms.pak.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\MSIPC\zh-TW\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\jawt_md.h.exe.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IGX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\WINWORD.VisualElementsManifest.xml.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.Resources.Reader.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\es\System.Windows.Forms.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Google\Chrome\Application\133.0.6943.60\Locales\sl.pak.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ul-oob.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-1-0.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.Text.RegularExpressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-pl.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\powerpnt.exe.manifest.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\sqmapi.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\133.0.6943.60\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\BLANK.ONE.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.Interfaces.DLL.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote.gpd.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\wordmui.msi.16.en-us.tree.dat.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\AssetLibrary.ico.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.Primitives.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.Net.WebClient.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\beb293f4a6ced1f02205c358590cdce6df6832ecec72d6283d8cc45b42b76bf6.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Zombie.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\beb293f4a6ced1f02205c358590cdce6df6832ecec72d6283d8cc45b42b76bf6.exe

"C:\Users\Admin\AppData\Local\Temp\beb293f4a6ced1f02205c358590cdce6df6832ecec72d6283d8cc45b42b76bf6.exe"

C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe

"_Access.lnk.exe"

C:\Windows\SysWOW64\Zombie.exe

"C:\Windows\system32\Zombie.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
GB 2.18.27.82:443 www.bing.com tcp
GB 2.18.27.82:443 www.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp

Files

C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe

MD5 959dc082d7d58fb8653bb5e95cd3677a
SHA1 23e2249efddd89d1dc4f6d0defa7b778f26407ea
SHA256 4aa3daac4e556fdc1685d6b646217b6ac1f34a96bb05fd3781015958c32adf75
SHA512 5a13a997fee530f55b3115753d638d7a3d1620ab92aa7f9e0883b74217ce4ee01fda20e7a42c9135f90be8d6e3e97193607467c0adcf768257811538d3eed2b3

C:\Windows\SysWOW64\Zombie.exe

MD5 229d7d6c64dffbdf649b205df66ed1fd
SHA1 53f7936d7dc02c59c08136bf29f60dc46e766d92
SHA256 4f8fff1eade9ef26fef0881e27fae158da5a8fc2bc6ce0128ba10d6e34780cf8
SHA512 fb04bb96a7918419fe0f47a5a93d825abbcbc4a597f3b7a302dcb169d5593343713429d75b356cc75bd80bc8ba91d63ffb1a5f180d9029acd4462bc799839f58

C:\$Recycle.Bin\S-1-5-21-3690492401-2005096563-3427069815-1000\desktop.ini.tmp

MD5 7ba44fbfa9af54efb1366da3b6302ee4
SHA1 c8fdd0ab637f98cc477bc3aae040fea135ede2c1
SHA256 a5039a020ed544734a6fb81e2c45d0136bad5e07bdbc413594679e31d11abb14
SHA512 cb10cb4e1aa72cece280d4b08f2279637dc2e20f8cc7f3ba130db017f7506520babd169869238745d0ccae5a7afaac56dde8fcc348b6a46ed7ee66539540d49b

C:\acb97a917c2e38db15e8394019\2010_x86.log.html.exe

MD5 4a124c94bf33e8e1813f0bf48dc7f95c
SHA1 ccc7ce4971d364698652a1eb26a1cb3f48d647cd
SHA256 3d136856c75fb40b0914fed6bfdd0ab3b142809bffab3398a6cbc55ba1f8ae9f
SHA512 c98a6c992ca3d1fc925e2500c196ac5357fa79a8bf1871d791846ebf45a8088cb8d83f047fc00c34940428adaa4bf81d84e18b232e97405130db02cb44edb8d3

C:\f32c6debfbe15d219b06a854\2010_x64.log.html.tmp

MD5 10e2de0bb4f815d2599e7bae0d2616fd
SHA1 17775b9ab10be526aaeae3714b9a32356db9ba86
SHA256 ef386c85b5fe4c75af08fc5867ed34896b668b1abda1bb39aa716dcc922db855
SHA512 00f347280fa35a892e3e284a630bc60a0f20bf9a69d57bfcd9c7a688000872a0a14dc0ba10a1f8b29dbab8dd8fadc3c03180f6bc0320782867ee21a17eb56de7

C:\Program Files\7-Zip\7-zip.chm.exe

MD5 eff5549ef70bf2ec5bbb713f22df2c08
SHA1 5adbe2b159a4da7ef97c8774e3c6e4a994248986
SHA256 c96df370add014c86cf59ed73fd41e674a79a3625ce40f88a6e907f71495eb63
SHA512 305eb5418056482565927273811e268ef76b0e3947aa375803de818766e01dadeaa41e6cc5ae6c6e3373849b052bc9c555dde4b940f0222afe19ddf997596fa3

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 76a7f7c3d1408a0d14427b81d9bc3828
SHA1 9923c3531a05222de6bb616ea3fbcd6f7834d32b
SHA256 c696c6a4b60dc7db79719c43f690e8772828846225f5bb99d967adee8441c8e1
SHA512 33a46cd7457929007f601eab7e70615bc85a0e66befe34988ae8d3ab8f0a8b95cf79bfb0a3b1ae0da32f923d2091bd29c3f3259b0942cb11886a864031e01202

C:\Program Files\7-Zip\7z.dll.tmp

MD5 ca02332b7da0e677d0b41141d7563bf6
SHA1 9cab350b880289c32d5d229418ac452e1f7f6866
SHA256 190de20ff7f9d7b814461f15008e65116604ffdbc1a51e36403a8061da6a8d83
SHA512 702dfb64b3935efb19f5614af2f0744d217343ffd11471ceb478c4a0271c1c10dbedc874050e88bd81dcfac31c4b4e9a7db7aa633e1c77fe4528bf687f33173a

C:\Program Files\7-Zip\7z.dll.tmp

MD5 29d8c066686c14f0ed0ddcc905d9f728
SHA1 489492c79b6b125aca780215c1af11bb77a0fad7
SHA256 2b284172ca997303cb8ed472fe220d027e470f7e89869a90384c94c1c98c4274
SHA512 ff601eafe5bc79f722b16e73f71b3c9cbf8f468843c5d294ef0ad867f2e61621bc722b5a886c4aa7a2577e605ee5f952295cb237dac87c6dd1380c76fca0770d

C:\Program Files\7-Zip\7z.exe

MD5 accad42aa7958fc8b8fe6f292ab4a8c6
SHA1 052b2758b986194282a499aec23017fdd811e388
SHA256 aa75456a94f62f6d7ccb3d651e3e5fe3a3878f9c0230a5d4617db1fa072f196f
SHA512 bf90785f6c08f2ed7ca4c8bc96138c2d275989057c8dbfb8ec9cad958e5a11b2acc2f093bfa127cd85876e4fa536c4bbc27688d8c3caed8f9602024b66b32a11

C:\Program Files\7-Zip\7z.sfx.tmp

MD5 b5a0e5e37cfb03c1b1e0ae1ce36bb998
SHA1 dbe6f8d72f930840146fa8be0e24cdbc6859f71f
SHA256 e49af57785ec0e4e0de3aec41ce75b455dee402c4527ad498397cebeb7af270c
SHA512 176aac0a7103d229ed802250691a0b9bde8809b544b49adf2a3bde07b8089da1d6e85f1d6b7775bd170a72ca75aeae8999c7b87c75158856fa9b910a75e12947

C:\Program Files\7-Zip\7z.sfx.tmp

MD5 1762eb4dc08e86697e768fd75808d85e
SHA1 5272910ec8b79b4d805ab272b8d0f1da6c994cbf
SHA256 4d3705be7ffe8856931d0b41037deedd7e9100c6efb39ccab7a893c0840f7abc
SHA512 acd123f9befaa6f78d2caa8797a85e285d9e9655f3617d8c1ac3b8cdcaacf7da794ca4d0b807b95dd4f0b0664ce4bbc688b898adb93f17746829c7a8cbca449e

C:\Program Files\7-Zip\7zFM.exe.tmp

MD5 c0d41a168bfa81e5fdf1d3eadf872c7f
SHA1 c7c1e4be45415b263ff0bd0f80fa9cd55f4f7992
SHA256 00ddf27cf182607e1bf7d3b7d3d38a11af1abeb448c96fb5262164a83c4cd093
SHA512 e959f0b102dcd0e7eec4d759188d3466b9ef44382c437a2b0e40d4a9d364b3e7def58f1db464d756886f26cf9a53e4cb4f7573c7db5c6daf3efbdec2d5d8832b

C:\Program Files\7-Zip\7zG.exe.tmp

MD5 aa6877e27732c4c830f239c9e9899686
SHA1 e379804c13110296dd8e216307b2e0affa8be036
SHA256 02bde217dbf432c5ec8528f5ded6113240415677de667924784df3f0a152e1bb
SHA512 63db3f57c67ded6a6578b1025b29655077107f9082e992f47606973ad517bef9f8490a4d4fcf31e7b2e512f1cc7f64fa6220771f79b2efa83e1413867ef12a6b

C:\Program Files\7-Zip\History.txt.tmp

MD5 d7edf57ed745447b96c49f6c61600c90
SHA1 1102009ab7ce9ae54492cba0fb5a361ab75d1b70
SHA256 80bb16c857efe4bc9d72217c1220cf03877c713b68b5ae7a3863c75985685c84
SHA512 600b77451b73d8c664c874350ddd7fa5a6785617a38861ce35b48f64359a446f625e027ca69ae20d87e4e620303c784217d67c70a4618a58ab9a95f9e6fb43e5

C:\Program Files\7-Zip\Lang\af.txt.tmp

MD5 666289c57d8ee87e6edee87b48f169f4
SHA1 8e71dbf7b9bdd279519b1e35f24dc2e145f72482
SHA256 a946341e4c74dcff1a7420531dc29a80c871ca1c120fb68c7b495c34426dfc07
SHA512 bf18e984284413d624b753e940735a7c8e691285425bd8027ce94df45dffd5fb9cd3023c897d5c794c28233cb4d80441a13edb33fb08db376c146ca093a4e810

C:\Program Files\7-Zip\Lang\co.txt.tmp

MD5 41117c3cde8427302db1f58327c9daf7
SHA1 49382e276b1701efb95bdb6af3514aaea35ae1ae
SHA256 8f1b61257028d159cddbf067c0212de2dcde9938261f817cc518ac5b1c79f14f
SHA512 59c8292b11a6f179f40775003db3aab53e8881c90cdce8ff12c2fe4f37193547db298ac29b362c8fc4c2fcdd1dcb065cdddb9197cc8f991f4d1a4c63c6889ec3

C:\Program Files\7-Zip\Lang\cs.txt.tmp

MD5 130b72e0034e00a132bf766944aabea5
SHA1 4ba969ed2372412426905b22d345576e5f886407
SHA256 0c6396468f7e748e29726ea5edbd547583593c74f8d2aee1c43c11e95ab93c83
SHA512 fca1d1cdd54fb05650e9148ef05dbfc4ff219ad6b901ec67c9671dc6c0e10ead78535d2b0c21e5200dab6d2a9147b82f78188ccc32164957dc55bd0677ea2021

C:\Program Files\7-Zip\Lang\da.txt.tmp

MD5 bdb54e40f027528626269e54f3ef6cc0
SHA1 556917a806e6677eb107b721eca27ada0530d66e
SHA256 5b983256df232d5bfc1b786dbff677ab5f4df1df603fd8e86ebc61083dc2b269
SHA512 ab4943873fde27fe99f5ef5a9d1c9e88acb2c437a81a0af910f0d30701f63ffc7bbb4d2b9b1f0ee9efe005f2c114d989ccbb2a8e947e4f85ec7515ecdf8d2871

C:\Program Files\7-Zip\Lang\el.txt.tmp

MD5 af6441665f83f2bb5b431417713391d7
SHA1 12606481ad33fe19d5a4e16b4dc2abba8ddb75f4
SHA256 7114980ec95d4e571535aa9c7b956840b06620399214d898dc1ab7d29e2f2b61
SHA512 3fa2d09a799b4dfd66199267dcf0d750d75e18910a92bcf28f65308222905c5296cb01244ba7614f7e7b30180da54a1ce39c3fbcf5e949c9da4473aa115e20f9

C:\Program Files\7-Zip\Lang\en.ttt.tmp

MD5 c7ef4dbeba1cf367b846200af374d527
SHA1 ee3f41becf1096fffab8d4076ca1040346c7f320
SHA256 a3e55b177cc02cc8556f9c7a3a76cf7e5515c6caf3800f9883c87c4a53bdc5bc
SHA512 66a670981e4dd77ec1cf06c461a8faeab65987ad7adb46cfc0612563c87cb32d1eb2c3c5d28e0f32f476f811a8da0655f30e9492a571ce29fca22cac48ea2eff

C:\Program Files\7-Zip\Lang\eo.txt.tmp

MD5 25d1939aab8a09fdbfe2b50a0ad94a2c
SHA1 af90be8ad67e8d6e915724de3c45b9d92aa3249f
SHA256 c9766f7cc95ab42508b1737020fb77ee97df2361bc442f5e812e4955f17436c5
SHA512 298fd850f9021a665c76619c7b0d7edcdbf1b9adf2354349731637f460552e58d6c4437cbc91b1d15e5f701cd3094f22856414f855074aebc46f99f8d97df3a8

C:\Program Files\7-Zip\Lang\et.txt.tmp

MD5 bff9365e40519314ca50c78860198ff7
SHA1 8ce6776f4dff6cd2f9c0413e960708dddf5d387c
SHA256 cea03e80492b3745af7901fda243ee7180a939cf490f7ff042d453c58278471a
SHA512 ed959d0a5bd780dd8f6a1c1baebc4a5570699290e5983af87fd079f425ad0977f7394e04a26fc8cabb3dd3dc3646e376dd90bccfc232ff17354840e16ed04d65

C:\Program Files\7-Zip\Lang\eu.txt.tmp

MD5 3849e92c9b41512900735271dfd61e97
SHA1 89f8337f550299e51c2f3196f708b3508e8f2e88
SHA256 4b9c95f6b94fd73a3a937748b2d3b651104767a2a6c4418f596d34c590ac0b15
SHA512 005ec826dbdc7c83e4243b47476cae83863ed6be86aa97f0505798f19402511d9e006f74ef7a6fb266d360d9563a17b11d9bf8cb58ee47124247a7205fb6d2ab

C:\Program Files\7-Zip\Lang\ext.txt.tmp

MD5 fb15159202ed9eb36aeffb52ed0fbe44
SHA1 77c849ea6aa51d6bef0fc0f1c3b9693bc6d1cc2c
SHA256 86a930560b8095d8c8c47e61718ddfd83254f4426e92c7eb164f09d48a071009
SHA512 5ef08a669c3d7978877911c9c266b2aa410f0d313b4858d93ebc1b9265ba66b4e41fb4f0fb05851c0cc58779ba2a5336f6541dbda2536eccdd35e15bbfb81470

C:\Program Files\7-Zip\Lang\fa.txt.tmp

MD5 2478bf3b806263e71aad9cc118a6176a
SHA1 a7524880438f326c5edd0138fcb7d26e2af0c8a4
SHA256 4bd9e8744add669a9ae90c88d1bfc615508640aa74ddc4b3f7c89475642d65ef
SHA512 b63e41c35b2ec99b60c6914092dece69cfb133ec934f293589791214927ee0d33c0200bf21598ac49a6ffc589c0bb5fd9e090d92dab4f88e741659a5cdaff81d

C:\Program Files\7-Zip\Lang\fr.txt.tmp

MD5 023053325fd3afe904ce0cfc53b83419
SHA1 4c4aeadacceee82bf6361e856645ddf807c1e984
SHA256 3369e107b6aeef5884c3723a46b6b63cc1e148cbb378f2e8e3d6b8d621ac11d1
SHA512 5e965f59d7630cba3bdbc8b619964f380d18f5495ad944f601eb2f2552bbf314fbded1e0fa9cd4c8e5c437a19f85cf7545dde8121139c3f421aa16ea0c086c2c

C:\Program Files\7-Zip\Lang\gl.txt.tmp

MD5 bb687bc28e8c7bd02477759e04b067c2
SHA1 5cea7214d00821fb847026415e432da75d6dfa8f
SHA256 2fb8e1201fdd9d3a29c88336cb83913ab17e33df3df33f0250ebd612f06eca35
SHA512 f970466601050a132b7c8df87f57c130f1beb00e545745c680432de1df5efb869ded7e82b5d756279a77c16654fb33c00b41eb4bab2a006bc83c2888dff093aa

C:\Program Files\7-Zip\Lang\he.txt.tmp

MD5 d66a03ce063855657c29856bab2bf472
SHA1 f6bdf5bf76de0bf9ba932a07e3577ab5522fe6b4
SHA256 6017a09eb3f629fced0ada40ed51ce15efa80ad4059a568fd90f4e57b989c3f0
SHA512 1f056f860c188a0f5cf4fa1bf4fe932ea38f8957a389fdfca3b91a1e8054f3ecb1a253306d142273d79dafac718595ef2d8568ab9e1158b06d6dea3510779ee1

C:\Program Files\7-Zip\Lang\hr.txt.tmp

MD5 8323674b8370c7ef081638ee2ce6146b
SHA1 789efe39d831db6880f36f75406fcde574453b8d
SHA256 32e52be09b60104b13fa12d3f4865a1d3413c66f26acff54e68a37e0274d57f2
SHA512 f04e9a3876210c654ca06ddbf2f6fae2708f7c6054846b5f96677a1d69dd05bc457ac9c6ed5d2fcc62a03f7606ee17f9c0ffcfe96affa8e6f506f84364aaabac

C:\Program Files\7-Zip\Lang\hu.txt.tmp

MD5 96ce7cccc599e51542ad85260feedf49
SHA1 3735c31620d876fa3cf53cac6b5bf435b69bc0e9
SHA256 e68216f988b7d72f68b51a718bc8bc2e5a2bc49d7c1719e2bf33977618c4c999
SHA512 a306564386bb685abe38c73ff4dce594523285ac155ef58ed7b847d1056e30c2fe7b772cba34188caeef8371c4ef504874a2b6a589dbf9d54b99438e1664a001

C:\Program Files\7-Zip\Lang\hy.txt.tmp

MD5 dd0ab46fb0755651bcab3eeea77a18d7
SHA1 acedbf6ea9af66242cec52af9d726dbc5bfe0d54
SHA256 4259f6f3fd68916b929b1061997333c3246e2f82787861f51288167f20b4de4f
SHA512 4efd387a5602c826e3bc42a9efc59a328aad266892279739f60b283c4fc4fda6dc83facf73e6f06d8eeb98cf74dbab8b15056353912df9231b63e7bfe59315f1

C:\Program Files\7-Zip\Lang\io.txt.tmp

MD5 96d1b09a734749ecc7860716eee8c168
SHA1 822accce416c056d0aa3bcc24608cb43c195f8d1
SHA256 08e137b88c0f48d63709065c838c62cf9334ce4793456b86e478c5d28cb0b4db
SHA512 90e612c11ea055c1f4f794d4ad7e1dc15e650e715752c65d36dca1116fecca71b96110e1bf5bbdd185b53e357834cec2fdad03a2e127fa9ee641883ff98a4de1

C:\Program Files\7-Zip\Lang\ja.txt.tmp

MD5 88554df5a48ad43fe7e1d948a278e67b
SHA1 f30e847cbf673ff76bfab1b161369217e0e739d5
SHA256 3a04a484a8651ba0f8c6b05460dfd53afec96ca8342c5b563f37002454c28d3c
SHA512 d5f2988f3d5775ee412628b6eb138c0640419775c1ed8afcebb15198dffc3a6b4c382834daf5329490d1a7e32b89102a843ca2721915b11ded59f070bbde32c5

C:\Program Files\7-Zip\Lang\ka.txt.tmp

MD5 c4b121fcf0a1aa6a6f8482f6db95210c
SHA1 1f007b7ec6bc18884dacad84bec2b428581967f1
SHA256 62303eac60ed8dd8e70843bc8d8fe12c72dca7545b93c5d330db09a8ec29bb8c
SHA512 885997d67ad7a5de5a05fbb2d79e39948bbee4d3057feeedc54b491b5444f18f1565f95020e70517468d48608336e958be39caa9e70f2c11d8a274a948f636b7

C:\Program Files\7-Zip\Lang\kaa.txt.tmp

MD5 24db679077f57bb877fdc5ec8cd9bf77
SHA1 2c18136b99c045cb14775e55e5482c4d45f8d5b2
SHA256 d298799f94dad0078874f6bd08864082e6e8d8f00ac7e9a9017098765881e153
SHA512 e85edb549f1b55feacf295478a73b8ac4d11391d9746569c9e3a0c45c9457d58f6c0e41e7fde788bcdd17b2ed167e46826187ef7fd5bd5140f674601eb0890bd

C:\Program Files\7-Zip\Lang\kk.txt.tmp

MD5 7ed6de3c840d06c255c42b24850fd282
SHA1 d0deb91619c8130ee3f24818fcdd1baa4fa06321
SHA256 6b52d09ee7d885833f1b9f104c14720611a8eca4b2574d68b53013264818cafa
SHA512 fd6cc61be937b87bb955ae14066d457d1bce51db15c2c92d92d5dd9682c41eede3e1b00b47c57fb778ed68ff1b017b0a81de8850b8575bd1e68ae19417f8e7c4

C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

MD5 562e7e06d1b2a173826bd2a5274a0373
SHA1 1d281f2b4de733cea3c5cb15110ed879f854136b
SHA256 31451a68af49cf7fb20c4e613a98e8b52bb66ef94c8384eefe9d5d8e3fa14cfb
SHA512 47ad70b17f0a98cc257c4b98af559b35700a32f6b964ad5ba9b2453b3283c6de894f564dfa64254670c1a9f162316cff32e473a8186afb1ad6461ea0013bdb5f

C:\Program Files\7-Zip\Lang\ky.txt.tmp

MD5 402a194688f4a71742ef2c36b44d5be2
SHA1 49c991e3dbf19a2b34f47e87d4d2c88c75757891
SHA256 94545aa1023c76a99e80b0340d706c93a5fe6f9d6c914c78d6fcb81432450b1f
SHA512 daa168e2cf7936ae1a775c39f84b6a1aaed8bb32185c1204e8d71e502dc95cc64f0cca840398593c63b718cae1d157b8dedbbd5f7856c11afdd8a4411f07ddc2

C:\Program Files\7-Zip\Lang\lij.txt.tmp

MD5 e8160ff1084d7343ef22190b8f610f42
SHA1 ae542c2e84361ce829e3b173babbf08359810fcb
SHA256 f0c83afef1d76d712f9f07d68de89d416f84d54d14048cf7263cd7e8f2f812da
SHA512 a1d6e12469c99561e3cc3a745813256e34661538e97e22277a4575b90b032fe8b7d1983f5839b4a09f1b0171317029cbf02970dc0cd6d41e8b8415607454fbe6

C:\Program Files\7-Zip\Lang\lt.txt.tmp

MD5 0ab710bd2d9236bf9293f1b32ad119d9
SHA1 f25c1983320557bf151c0a299eefec17ca6d02a6
SHA256 c61a2cf56e3a7943158cf4ead407882f4795dce9330d74dce0d087bc91eca68a
SHA512 3d9ea210282442249bdd4651bed8d3ed36fd48c802c3a1faf88e4040c16cd6837293251535b0ce8c48049b2e9645c6a5057a87cff7e2263e72952595ba10e16a

C:\Program Files\7-Zip\Lang\lv.txt.tmp

MD5 1fccf416c9b40e50f8aa234b167905b6
SHA1 1fe4916e9d07f95f7a3efd35ab53a23fb5886faf
SHA256 20f0653fab55bc5f6123eaa13f74365292683e93f824999f5cc34920f1a41855
SHA512 0388583d84b5d3be1e484c04e809be58a2591e54d12fb58af4d4a390b303b669eca370290739ace6a57c6b92b20a7211567200f3123350048f28e2023d267dcd

C:\Program Files\7-Zip\Lang\mng.txt.tmp

MD5 5c62ba2ad2d422ccdc3088d8b728f13b
SHA1 b90f3cc7616dc79d9693a0f267567344227f3a8a
SHA256 abbb452a5069ff2ab9b722b42c892d9a3701704e1814c97a2c7c82e54e80dd83
SHA512 0f85328d797ab5d830f9785b4299fac9b916af1c7733d6949b22e31894a48aacc0306bc23f0edc436603ad3afb2424d9f3815e40dc1cd0e80a542c21af9849bf

C:\Program Files\7-Zip\Lang\mng2.txt.tmp

MD5 8c3d7486f06e696e9e454807a474ba2d
SHA1 6200a9e1571a96d237134227801ee7ab3cd81950
SHA256 4dcb2d5de2cb563de71694ff4d096f5a20fb271be7a50432272b9e5d1befbd91
SHA512 b61793692bbd964fe14bdb863bf2e7f4c7f3d422c791dae0b6d7ac1b2fafdff4038e248b8ca9a0ec43457a2e339b6f88c1ae4db96c6d64e01d3596cb854dad9f

C:\Program Files\7-Zip\Lang\mr.txt.tmp

MD5 371ac881f7a49a51042adde1af9a3f98
SHA1 a6c4213e584d37c19531ce83ae529dfb8fa66ff0
SHA256 daf7fd12899a9ca1dcf90130fdd3c12cf869ccb0e590e77a8b7df0e27675c82a
SHA512 0af8b914c2715f476f9de26a9d0be42e6956e8e78257c0d63c6231c3352df17cba83ab21020e2f68392336c7fa046f8b50e76740bb4cfd156b6cc3767712b7bb

C:\Program Files\7-Zip\Lang\nn.txt.tmp

MD5 5481ffb06d76ab586de274f6b0d28dab
SHA1 2ef46c7a90de7277f8b64c857293147ccbb51e9d
SHA256 b236dfbd8f7f07d154b35ff357d2da2c000d06b5e8bb00fcc6d3f9cc2a332207
SHA512 a2bc02e79204a46bdbb9001598fa06d5c31d878384bf2a895ffedac39902fa413da5d80bdf78ed4615e41ae0243bb53788474d671f341edfc97dcc0d5342867e

C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

MD5 7186c2133d68320974adfacfc9c6dcbb
SHA1 8b5acf1bc86224151ce6687cfbe335e160c80efa
SHA256 0fbf33a3115b822b63e1009d51a8b050587a580d51be167d2153aab88d35e9f3
SHA512 cbbf3020256676c43ef4e2a7aa33cbec221327d9e59cc430d5bc2aaa3e5f22b25943fdb55e5fd9fb8143c13a3871a7a6e526690dfad7d0fc3c05c0d4a1726837

C:\Program Files\7-Zip\Lang\ps.txt.tmp

MD5 6a6175f500e13acf5a6d57b67804d1f2
SHA1 02c17132b75bb3705226242dfc2f162ccfb19566
SHA256 76648a8b263a7bb605fba67c88f30e85af72555d33fec917b63a792e8880cb95
SHA512 28d6d5700e90abd4a3f3c511c3d5245e1dbed9aa4e4714196ffed66c425a3705c580eb6c8dc2c8c519c79d0b2a43812f99e20bcd48ce2e8b0308695a06207aa3

C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

MD5 f529060cc1ecc038395b093f3647794e
SHA1 69a15de9464482531ec4397225cdae0f66762969
SHA256 92b082df7df609f53227c4a7a85d3065f0fe0b30d6f394adead1274fca82c7f6
SHA512 f98a5f5e13622ef99957cbafed38e5fae01884bb89baaadac2705b612e35118e137c0d86d61a92a07d451592f976c732c310f0f099c1eaca5b12af067b9aee9b

C:\Program Files\7-Zip\Lang\pt.txt.tmp

MD5 dce22fc475df88fd28ebe63374f5aef2
SHA1 338f14838bd6d6c1fc92c87adb7b079fd2bd7dec
SHA256 9e6fac18f071b9eab037bf5f82ee08d11c26e83d29f9192b5c44013803248951
SHA512 56f22b4d4b7e6ac65d04fc11a24dd136ae6aedbbd697861a11559426ef402c9039c67d7719423bf3e2ef6c64de848e929c649af4a463ba754e1c0fb7410e6846

C:\Program Files\7-Zip\Lang\ro.txt.tmp

MD5 feec72d0365d0e4c37b608a99adff8bf
SHA1 02cc229a4257df238723ce83d2d3197a5b7aec44
SHA256 40284140d5351713cd2c1caf6793554783092e24adf48c40bd5ba55ded658301
SHA512 a7c0cf8e04bca768d539d23e972bea9749cdacec4a4c39117c7ad492d929bd2e81113d0c25cec526b269cf4199b668b56fb45903249680832c844d056eeb3d36

C:\Program Files\7-Zip\Lang\sa.txt.tmp

MD5 9984e4255240234374982606cab08bce
SHA1 7fa11e15236d2bb283787133b0548fe4b9da6bca
SHA256 6325dc7978f052fda7136a07e8dc107428252cb119e96170254f576acc348a85
SHA512 6c091cf3c3805c51d23812a9b4e70ce2daf6fe60d96edacf5a8f1e2502a3e8974d2e020a220de650f33831f708ec956e5fa5333ad76e93bdd73c4f2af803e591

C:\Program Files\7-Zip\Lang\sk.txt.tmp

MD5 e3b4a9c926b8dfc84878271e04879b9a
SHA1 bc085da20031a410aef7cedd7f7ad454cf158dce
SHA256 e2dd1c0f9d7f84c4b8cc543b8031628f5931c7e8467f3a9c7e20aefa95acb043
SHA512 4dd6effbe696a179b6e447a07448a75967ea355a0ccddc0aae10cf6ff92800990f8f77457978cd3853209237a875bb6fecbe449186ac6279ef8278f6aa56c73d

memory/112-1184-0x0000000000400000-0x0000000000407000-memory.dmp

C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationTypes.resources.dll.tmp

MD5 99dd2a53d4741359d60138b68dba21db
SHA1 d4f3be5d603e6c4544cbfc2633683fc1baee42c5
SHA256 20d3acd7f872235d0e7172fcb5cbd813043114f02d29c7f571dd44f4fbda7aa8
SHA512 3bf3a3bea25cfa5394d8b72997670191bd9fd6bf6ebcbdb7986942923a42a7539a423313b0d23cdec9bdedb61caa38a98fe4f04f04066e54577aaf2be1cd1397

Analysis: behavioral2

Detonation Overview

Submitted

2025-05-18 11:56

Reported

2025-05-18 11:59

Platform

win11-20250502-en

Max time kernel

150s

Max time network

130s

Command Line

"C:\Users\Admin\AppData\Local\Temp\beb293f4a6ced1f02205c358590cdce6df6832ecec72d6283d8cc45b42b76bf6.exe"

Signatures

Renames multiple (5419) files with added filename extension

ransomware

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
N/A N/A C:\Windows\SysWOW64\Zombie.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\beb293f4a6ced1f02205c358590cdce6df6832ecec72d6283d8cc45b42b76bf6.exe N/A
File opened for modification C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\beb293f4a6ced1f02205c358590cdce6df6832ecec72d6283d8cc45b42b76bf6.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Google\Chrome\Application\133.0.6943.60\libGLESv2.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\Content.xml.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Controls.Ribbon.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\it\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gl.txt.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\IEEE2006OfficeOnline.xsl.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\osmia32.msi.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.TypeConverter.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\tr\WindowsFormsIntegration.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\zh-Hant\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File created C:\Program Files\Google\Chrome\Application\133.0.6943.60\Locales\nb.pak.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\blacklist.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\7-Zip\7zFM.exe.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.ResourceManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\adojavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Xaml.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsFormsIntegration.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-180.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ul-oob.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessVDI2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\OFFSYMT.TTF.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.Security.Cryptography.X509Certificates.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.proofing.msi.16.en-us.xml.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ANTQUAI.TTF.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-oob.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ppd.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN105.XML.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\io.txt.tmp C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationUI.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\it\PresentationFramework.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\System.Windows.Forms.Design.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Zombie.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\beb293f4a6ced1f02205c358590cdce6df6832ecec72d6283d8cc45b42b76bf6.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\beb293f4a6ced1f02205c358590cdce6df6832ecec72d6283d8cc45b42b76bf6.exe

"C:\Users\Admin\AppData\Local\Temp\beb293f4a6ced1f02205c358590cdce6df6832ecec72d6283d8cc45b42b76bf6.exe"

C:\Windows\SysWOW64\Zombie.exe

"C:\Windows\system32\Zombie.exe"

C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe

"_Access.lnk.exe"

Network

Country Destination Domain Proto
GB 2.18.27.76:443 www.bing.com tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
GB 142.250.178.3:80 c.pki.goog tcp

Files

C:\Users\Admin\AppData\Local\Temp\_Access.lnk.exe

MD5 959dc082d7d58fb8653bb5e95cd3677a
SHA1 23e2249efddd89d1dc4f6d0defa7b778f26407ea
SHA256 4aa3daac4e556fdc1685d6b646217b6ac1f34a96bb05fd3781015958c32adf75
SHA512 5a13a997fee530f55b3115753d638d7a3d1620ab92aa7f9e0883b74217ce4ee01fda20e7a42c9135f90be8d6e3e97193607467c0adcf768257811538d3eed2b3

C:\Windows\SysWOW64\Zombie.exe

MD5 229d7d6c64dffbdf649b205df66ed1fd
SHA1 53f7936d7dc02c59c08136bf29f60dc46e766d92
SHA256 4f8fff1eade9ef26fef0881e27fae158da5a8fc2bc6ce0128ba10d6e34780cf8
SHA512 fb04bb96a7918419fe0f47a5a93d825abbcbc4a597f3b7a302dcb169d5593343713429d75b356cc75bd80bc8ba91d63ffb1a5f180d9029acd4462bc799839f58

C:\$Recycle.Bin\S-1-5-21-1178639776-3244803473-3821071008-1000\desktop.ini.tmp

MD5 3dfddb86525d1210cbf90f10a407a58e
SHA1 c6745896f403f6f72ec136d877a9a84862f2fa9e
SHA256 1bc2e9d40989f52e4a124f7e81834141ea1d445ea0cb516e09d4fbc7dff8e5d4
SHA512 396cc53863beb710d5aaeb7ecc7a98bff3f31e8f29744ef9f330af3bb63a9afdd11be1e671086095efd7bb08b80eab4b7c401e8965b7b4f2c43ddc45356de5e3

C:\$Recycle.Bin\S-1-5-21-1178639776-3244803473-3821071008-1000\desktop.ini.exe.tmp

MD5 abc1b275751d9b2254fce89edde76ee3
SHA1 03d7732b18fcdd09ef64b028019969d5bf11ed14
SHA256 248e68b1d1e0fc820bbab212754fed0a2179a9c82354477033ba99b2588fd6c3
SHA512 aca69b9611c3fe9fa741bd9def309db73ef4298a2b62b627eb0bd48e25d22498b6b6f58a8545ae52d187d8e169f3ac5557e749309ace922f2ccbb95e933541c6

C:\aaeb8717235f01237de7ca\2010_x64.log.html.exe

MD5 c527f9340bbe090caa896aef307baba7
SHA1 e4c0e40e9bee63d18dba7d89132a3b32ab440907
SHA256 0a3a1e181466c92680063e5fd7f042982f3e3710aced9143c8d1850d300155ab
SHA512 ff7d2fd78cb4914d46c8caa2dc5c9865bee91f185cdae2428ea97604a7d5f6de3d72951511eacea8d9ca21c62f27b42a8759216fead54bf2bc2c04943f3d4261

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 a08012cdd9f767371b44595272967285
SHA1 de4fc939283b24dde59d094369c1a3055b2c122b
SHA256 fa65fc623536b3cbe96554a0b689677ce6745f4c1bbb60792a42b18e2712189e
SHA512 6bb7590ffbc2ea664c2466c170f41c8606410f05af796c03020a095863051e333f3792954047a9a1dd8d352614474a2e578709f44b2c9f856f29880bcac014b1

C:\Program Files\7-Zip\7z.dll.tmp

MD5 772d9c2e8ca33f4620be2d858f39129b
SHA1 2f00ba2549f782b1a0759d4b7ddc277081e5ab08
SHA256 a1b97905a8352b3902e24c1c98f4a545897a57773989fee4df94a73aca250ff2
SHA512 3d37cc87b03ec02241341f394ebe2631ab0474ccd6e9a9c78f85f42c132da19d1736005591017a6e77d4a5e95fc20aa27d8a9be8c4a6bacdfe587ca012c932aa

C:\Program Files\7-Zip\7z.dll.tmp

MD5 71fae435e9dd0258ad285f60e1dea930
SHA1 0a4a940cb8d786afa9bda2d00e48563df55f94e9
SHA256 daf8582e892136bf52a349d0475fa55f7197d78420f57a10943d146743a6ca6e
SHA512 5ee4b83ebfed94e0d5ffea6bc5a5fd3b6f758ab797ef8000b4ac944e9f03c8f8dae1e79a37ca50ba3fa7680057d13e909a7ebf9fae0a46014053baaa303a0b5b

C:\Program Files\7-Zip\7z.exe.tmp

MD5 e6119661695776e542ccd5ee1db41db2
SHA1 ecdd277728addff6fd407b2df4ce4c77db5ca9ec
SHA256 9147f0a731d44f2cc2bd9987c6056ed4a898d6f0f712d0f1d4a3f36580cf7841
SHA512 d4b04560c48de66453f17a9170a5a659426cd3a21b4e134bd971b304df4e2860d1cc1f271b9d25e849936ce597d09a6de4525c3db5f7a17e76e3597f2812d259

C:\Program Files\7-Zip\7zFM.exe.tmp

MD5 890e5466b9d363fd96cda801946771e6
SHA1 b07055c1c36627fe180b75ad885501388224ca1c
SHA256 1cbc709bcb073994bc585e01ed756ca7441a1dc7aa1a4d655803799d53cf9b69
SHA512 2d4a136dad201ac75fa3f20f59982870edbcf094f0b6f45f52ca5f8d26faea4603f2eac34ee8c316bc17f7ea788dbd147a0d36c07757017468e786f2995adf6e

C:\Program Files\7-Zip\7zG.exe.tmp

MD5 cbd832429145fcf8c8725ed855875351
SHA1 cacf41fb4d00858883d72ffe2ff3264cd9d30ab7
SHA256 d83450caab76db13808d43015d194c3d7f157a88f738351160b1e7d51f9f60e0
SHA512 25bbf7cacb77209ac6311d2f0aba5c7e964127e3193977103bb5e9c04d85e290e4e607ad60f27ac4b2d77b2e28a2d751939920c548f68b2e92a71f7e1ebd3914

C:\Program Files\7-Zip\Lang\af.txt.exe

MD5 a5f72e24998183e4bb5001c7c1e7a98a
SHA1 497eeb4780b676571afe72fe7062c1c2cd9b2975
SHA256 8e5c41eaf35f303c459aeaa709bf50eac1ff8b69e094d1bf79883fa72d3d4a2d
SHA512 1c52ba816b6835c6d79547979a9a5be6971129ae7a9dc250e61e9d65f41647750650e99e901fa131c9f3e1bc087aa4e25e485ead6f3e571198ab0f031bebe07b

C:\Program Files\7-Zip\Lang\an.txt.exe

MD5 b6d8adc514a97d2d38bbf3ea229bbab8
SHA1 366fdb317d749a4d67cf5b091ad3ed2f806dccad
SHA256 4f1fbbf969748bff5816814626c988d0af749fca72da8933bfea715c163ed031
SHA512 dfd95a1a5fa70005c162c17bb1e79ffb749b29c6894985295ea3df923d1a941162c35affe9e6b2b268c1143f0e6d76593f14cfc758422bafd0b682d29db88ffc

C:\Program Files\7-Zip\Lang\ar.txt.exe

MD5 4554907bffb9a0c75a520b32a085c300
SHA1 e8d6dc12f49ec20b640689f6ef5ca5a10d668530
SHA256 c549708a6cf5b997ec1ae06e5239a6203642e91982d4c520a67427e8f4aa6036
SHA512 b9609fd81e4d8907200f61e7c25e4ee8fb1dc3ab8546ddbbcd407644f7db18eca5c3c0bd92a06c91c60e4605e3c3d4d85ae703273973a304531fea7fa10239f6

C:\Program Files\7-Zip\Lang\ast.txt.exe

MD5 76c06c025835461a3fce543b4f86f4ae
SHA1 779fdc4a2991d46376067786fbe9b96eab73e883
SHA256 94efadcac5a541de289cb78d06f4782ad6980c615f37b050d67076362404f3e6
SHA512 82c801215d8c7a7e37d207b7d3c1206693e859b983d8effc57ec881b01413f505aafb74e13aa8ef65e057c7d4aa6cc76b0b5962437bd8e880598bd74215655fb

C:\Program Files\7-Zip\Lang\az.txt.exe

MD5 aa10bc788e13f7ee9b3236b1c80ca7a4
SHA1 450bfdd9726c123f9ccdec0e28c6550aa6281208
SHA256 23e1949f839e04af72ed7baa18f91362af2bdbbf224eb22b92a1d701ed831448
SHA512 69c0c4ef54a748d39c9dfddbac54a99c80c36e23754ba455305623414a0f3150b3f175af13177a77ab5de4b44b23e821b72c5ab08b6e9642d2ebb355736263da

C:\Program Files\7-Zip\Lang\br.txt.tmp

MD5 a0357e47772324e028a2ba1ba6c219a3
SHA1 ec4a6f816ea551b4d4b221ef06f05719230a87da
SHA256 4e5ea02af45b21e24e33249b4d532c0aa4003bd5ae30bda9ac9e3026643c1f31
SHA512 b4d6bca491ec7022459f07c1a225128eac280bac3379e88f1ff73b3702de807e7c965a36671e227ae635e88efb26b219bf7de09b346dee7c21c8407548ffb7af

C:\Program Files\7-Zip\Lang\co.txt.tmp

MD5 ea8045d7ca2a896e83f53b733bff4c64
SHA1 5f6451f90a6d5878c2210ce030ec64e7facdd82c
SHA256 9cfb2c633a0b67af8aa20af80fe6c4e2b99110fd60f649e2cec4e77ee9988000
SHA512 f42ba019d3af48876555f7e1b736fdba812ef0e40ff97024549aeb6588f5741ad7c58faad6009f726f3543041484bdfc397914d52c1e155aa201b77a201bdf36

C:\Program Files\7-Zip\Lang\cs.txt.tmp

MD5 0a2dfdd335c4f24c02fa292715884e10
SHA1 c7035df1d2b9936937fe0e23d0dd88babbc39638
SHA256 d084118dee409ae22f54ed67d1e742d07a98db2adf0f39f13e2f6a3032617df4
SHA512 b1fa35946f36d889f46a74ee54fa68d41362630c4b742a9d9cbd4cfb717946e7b75a0b4436918dd6177c419c4d79eb24112b1982f0e0e299590701f496ba8818

C:\Program Files\7-Zip\Lang\cy.txt.tmp

MD5 fb06f24f2fcd3eb2829262e9337c548c
SHA1 347f3cbfb95cfae1f86548370299c0b6960605ca
SHA256 3f053ae44318c5aba18d434d3a70b2df7ccf466bf77b4a2a82f38c66301f427a
SHA512 cf0fadd1c828823bb0aa1d3518c725e921b653e2680ff6a4682e39aa2be88b87a7ab822dc73a5b39a1c620ff3e699a8dc5f7439c8beafd7234f9ea0d936aa404

C:\Program Files\7-Zip\Lang\da.txt.tmp

MD5 d64741520843be7c17326ccd6ebd2e08
SHA1 838b7c11682eab95d7df72110686b3a2f195d1c5
SHA256 3cd15dff8281733a0ec21827029c82b3c1033fe4bf93427a7ccd71534ff4a0e6
SHA512 f5809c51c54dac12669a4954a217d3f56bfddf659cff06cf62bcb4620e6c0b5e46e8328143ac49cad115295a75f4e17adea4033c42ece18b51dad6e19cc00692

C:\Program Files\7-Zip\Lang\el.txt.tmp

MD5 e3a6d2dc1e11f9e0c73dd7a18ca46146
SHA1 ddeaadedb4780d2c45ceed3ca80e1301421d7dff
SHA256 ba6b52115ddccff1bcaa0e494fa5b5f3490af75acaba006b945832409b75cbaf
SHA512 2d8bc85aaba353bd8f2ae6ed27ef188c2dc33edc08ac0adf308a308b68838d107e0aca09e301f0d7c7bca6e09a053631752e1d4214827c753edfd715b3a7b623

C:\Program Files\7-Zip\Lang\en.ttt.tmp

MD5 d686e33caeacf1a9dfd78a019c5dc38b
SHA1 0c04bbbd001db121d7973c1ecb9c4037ebb7a281
SHA256 2c8712998dcf3ee2e605b326ac50904982e2249d07c8948649f4e3f051d756db
SHA512 d139453f5206bb4a15de4146332c45439bb221f38e0d3f5aa198120d2237e8f41cbc81ff5ddc82a05563d55db3282597412c0d8be8e677d3bdd35668de17319f

C:\Program Files\7-Zip\Lang\eo.txt.tmp

MD5 3f7949ed411e54a51505457f12ca6acb
SHA1 e04b9c155b20d63f31e26b83b2cf1fb33c6d3bfa
SHA256 518138c2ef23719c6348ad47ca98bb0d739b7465ac62b739d8cc14043ba192e3
SHA512 e7b201cb8d3c9db0d4843173b0055dae394e8b3fcae058c7effaf269402dd93467cb723915b3db99649b6daeab1664488f54856928add0824fca734e983b73fe

C:\Program Files\7-Zip\Lang\et.txt.tmp

MD5 e65be71e4067af20c1af1f6e24ffd0d3
SHA1 d0beab9c4e4f956da75ead865d0d40e9fe2ad332
SHA256 7d89b64ad972037718c0d996e54b5ed143a9a9bc2bbdafe1327bf0e4ce595e86
SHA512 c2039f918d5aea14f5838aa7984abb4985d85ad7f1f8b0f5b06af6bf51a6ac04c0130f5da54805cda8d1ab3f09ea02c88780ddd82528e4b5b1666267fe48d90f

C:\Program Files\7-Zip\Lang\ext.txt.tmp

MD5 af922b86c239c278b41f554acf6f517c
SHA1 6d13c22558e57071fae581f09d4e650d0654ae30
SHA256 7768a36624c1e22fb00d5002407037f89f588abe23a8c023d83d9c57249e7b46
SHA512 59abb2dc92d952ee95cfdc0764b4dcd31143f4ddcbe9687fcc7ecaa4908d741800d496ae05a71eb6adb7b03585bca174e72d3a070e7f37d83c305c63daefcd77

C:\Program Files\7-Zip\Lang\fa.txt.tmp

MD5 3655c79dbc135b6f755c11a0e44e83e3
SHA1 1c3c24743f416c2abf1295b686ce442c8a219c5d
SHA256 ceabe9d939689aa0a62fa048f6dd8478aeea129a39b2fcd5353e36f446e393fa
SHA512 bceb692838cdbc7e365be60da92820f1c30ac6f0fa7bb30b160d8dcb8652705037622daed32fbc7813bec331b14c0b9aaf8bac20820a944bc252b0724a39a67e

C:\Program Files\7-Zip\Lang\fi.txt.tmp

MD5 cdce49851e5eedc3631ddeb4527105d2
SHA1 e0676754f554a457382cc2253a321da169a7ff41
SHA256 0cf86b067451a2277b543deffbf51a5d8d406d1376b135d929d905f4711d74c7
SHA512 be7c5188b14b18dced24c3e20eb525fa09f91c7927df519f882b74b13a82d9436667f95a7410dc355cb2bfe6df617c482a86aa127cedb3e9f3ea5a4887437e19

C:\Program Files\7-Zip\Lang\fur.txt.tmp

MD5 9e7f7c34d0b961d13095975b6335a6f0
SHA1 64173816a26b7ca5a14ea9401f5e54e6f27bf7b6
SHA256 2a4080d5148013efea5f24e2c250213d03ad15b4bfef781cb6e2ef527e845574
SHA512 b9462bb519dabaa510e277b498a4d8d79cd27946e5f28514ae43466cc65c66951f642a23baf3474a68c967d475795941233c1b78021d7b16c4d7f4e218758657

C:\Program Files\7-Zip\Lang\ga.txt.tmp

MD5 ad106ea759fc4bdc63d1d3c73e005d30
SHA1 9fa61e3396210d534cf182d9c4a473b980202d97
SHA256 b945b2af42e40929830e0695ab1ac035e2869fb338c71ae690e386ae44a765a9
SHA512 e43555fc4f11bc5e2890b262675c558bedc327f3c735b85e45a02ed9b2323ee85778ea088c76b80629da55750e65cb17ef1b2093db11c4fafc6ff44a4e2b7ded

C:\Program Files\7-Zip\Lang\gl.txt.tmp

MD5 7e3f69b85a624e18b0a7dc3e618ff006
SHA1 ca90eded333706caf639b9dd9d92bed0b0862521
SHA256 7aa458b0f6b6f98b9b82fd3ed80368488e2d059eb61320eb642a5d1b45da051c
SHA512 b959ebbe60918e1d688c55f99c02d6bb989db76da7c0f34a46be41a8bdc42820be193c045389de9a0f13ffc031252fd1861533fd1a800014cbf32ecf8e519720

C:\Program Files\7-Zip\Lang\gu.txt.tmp

MD5 4a94f6c7405a2430f2a95bb3d2f7cbcf
SHA1 1cd7ff91841e016aa8530d5353fcc2e873edb480
SHA256 fcb9eaf5222803bf2fbb4423252234f7b728dd1cad02091b905c73425e29b519
SHA512 4afbf1fcf6548df460272ae1ee3699e5bf13a508d35ed4a8a27ac778cdb2e77e28a14a3f2976d7da5bb6077674e4c0241fbdb76122d0dccfc035a635b0a108d3

C:\Program Files\7-Zip\Lang\hi.txt.tmp

MD5 4e83fd1435816817e378cf19b40da7c8
SHA1 6f73e6fe7b6d9b7d636bedfb577c7da7e0672215
SHA256 5c2376894095afc9d1bdcbfe8dba4569909aba4ae766d000598c5cc6f569529c
SHA512 463f932b430fd7ebf9d21c4ab0a63f1c4922dfe76fc3df8373d7d85d9fbc137d017b24c66c0f1c8960ecf08eb8f349b8f32f1a81e83aa8e2bb293e0fd9593b4b

C:\Program Files\7-Zip\Lang\hr.txt.tmp

MD5 01c1f1eb4dd20ab9b8662378bfe15729
SHA1 1f9381311520e19dd315844580a00dd99a20b711
SHA256 ce568a2fc75e28bee4075e356c3ce4b00429309464e7b640c0ce4fd9dc95193f
SHA512 e2acc2ba10b03d96aa25ff26f8f756bbd4821a96c57e1b09b300cac1245823d21eb0a4105d395e4f82ea0d92797dd88f7936dfe475f126118a5c4ecbf8dda2c8

C:\Program Files\7-Zip\Lang\hy.txt.tmp

MD5 3de9ae9aa8e85f4bca435765535b07ef
SHA1 9a44dbdd1f785f8638f94bf3321213ca87bc4d3a
SHA256 16516af13ed4f957b1693f3ff8a5166e3feb39928cb52c175c368ba844dbce84
SHA512 d458efe144010ab8dd4ff1dc7197717f4d9cc5647fdf4c8f4b1d3d6705178463fd6470fff26451addcd9468c7c326ece24ed19813c89d6e3185a92de2a9edd11

C:\Program Files\7-Zip\Lang\io.txt.tmp

MD5 1660edb8a4031ab1a973b53b945bc95a
SHA1 4440ac9bd4af0dbb86ea71b61e92e936e0b25ea6
SHA256 bb64c08a83e79b564b6474757dbce33077b3d153418f6e3d81e04b271dfcb186
SHA512 6db3f5237054b8c70889fe2578d95ce14beb0a04c92933d30fe7fd01883a0b49a7f31b4e85976e64bee0015c5ea3bceed3068477d202f840edc810111cc9c03d

C:\Program Files\7-Zip\Lang\ja.txt.tmp

MD5 810598b280b919e77b53a092ee2c45b5
SHA1 9d8e616c4385be7bad52b129ef5162b71ca68965
SHA256 e3ba3e623ae10bc2b6823a28169ca6b8cf3925b9bc8845b41408f7baa1ef7334
SHA512 9dc194e65caf94af3273ba5e923b6772f420ee4c7b1669dcc3c9ac8a3ff84562b283fb1292d89496788d76abf184b454d5999046c238e7b65afa62d8b32749e3

C:\Program Files\7-Zip\Lang\ka.txt.tmp

MD5 f3f03c7d2450f6c15d55cdbf62ef1ecb
SHA1 f04822a47b11fee1a1c2d617cfced633c7844a27
SHA256 234f41afdb191e63f39a02948b7445deeceafac83de1b0b09f762501f31e5712
SHA512 115b05d8140d8a38cb5242137998befb76928e2b9c4dff67f696ee674228409978f5edab5967367cef8164ebee8272bce116f475905db002137faf92c61ee40c

C:\Program Files\7-Zip\Lang\ko.txt.tmp

MD5 bfb3d6ba87912c85aa15502e497afdbc
SHA1 691c128773b832fe54d4a849d246395694ca0092
SHA256 e5212225af525d73fbf0986faee0091d72d7f87f5805b4c6f5c2bfe0ec4f6da8
SHA512 51cfb275cdb5f78ffde105e0e30e83c4fe498117ba3b7bab7e97b2599d206c6a335352db2e0130734454cae31704a578cb6891f53cac6f35af77df4ebedfb84f

C:\Program Files\7-Zip\Lang\ku.txt.tmp

MD5 ab12b70196d815588d369ad81c871660
SHA1 8fb4917c1893240b0de596418b1d360faaf97f3c
SHA256 b790a4b040db853e1c33c34bf69334e6d8941ddb8d13a588e39aec9f4a9e5401
SHA512 c7eaca4ded96d729f3fbbbe38bbefb69ef11f60f98d681afafa9c5c500bbdf47032eba25659c062c64671cef53c941277705757a3256f7c4d1f9ea28233b68b0

C:\Program Files\7-Zip\Lang\lv.txt.tmp

MD5 e773a85c9232fcf59258009ed81c8e8c
SHA1 1dc848b102bc2e60eac87b0a7c4ac67b053b8e6d
SHA256 bbe1938865994e00067189864309907ba68e9ec74f0686937ab34c948df1bf4d
SHA512 3ed608716197c4c790c4d28cbf485382db1ad160079c3c7bd6f5073acaba217e603090302e533ece7e79272219a65287a78b5db14ea599d7b6e7e468683ebd6b

C:\Program Files\7-Zip\Lang\mng.txt.tmp

MD5 07929e69604590151917b08b98dbb1bf
SHA1 9581eeb8597d95b01eeeac24dbc15ec2172f67dd
SHA256 2efb5a6c30d123c749374fc4e841ad195eaca20c641d5fcd0b58765e32eb877b
SHA512 e8e64beb2dd777a859a6bf75d3badcebd0d82d6d242c801996c3694de7760c2ff42410a79c7084a06103d6c623ac7da79202dea3d045a458ba9af323f4990fb1

C:\Program Files\7-Zip\Lang\mng2.txt.tmp

MD5 8bc436249e446dd8c3ea3d87fa1f2c90
SHA1 2779f920fc91ff6543a605f2d7eb0f4ffb0fd2b1
SHA256 db5385ff709344f0868ba7ed5648c81a011663cbaada4b873dd49dc5e666b5b4
SHA512 fe0a5b40f4a1290f53b98e66b41460c59c58c360eb55552ae50613d5ab39b7b99bb099b83a097cdf2411179010a4c6a3ff45861ecb2360305056b3a9f3cc19a5

C:\Program Files\7-Zip\Lang\ms.txt.tmp

MD5 ddf73f656a37b11e2ce35ae9ec3bb0dd
SHA1 ec2536437f56922b003281649357389cea95ef8f
SHA256 156cec1acee17836b9e997a2acfb1c5e6ccbcb6999bb2b11d712f086981de7ea
SHA512 4e2604d7406ae08a0c4b80f2deaf9d9cadfb76709bb0d39e509df6c213cb9cc19d785dcaf16cb03909013432c1722d0085c1ea3dc81c047e7e63c471e339c9f2

C:\Program Files\7-Zip\Lang\ne.txt.tmp

MD5 8112d455c6133a43c4f68545497db090
SHA1 384b65d4d8ba64baf41df77c73ce170c0c5f2390
SHA256 c035456e7659b810bd23bf768cdcd2a8155eb46a6587b4bf7ab93a9e63231e57
SHA512 d0d4d313b193d6498e02f281ce50b77bf9c4cce5e974e4f9b68a64f57b635ab273323bcb1cbd09ae67fbc3c8f9ebe853beda030853eb25aa7c545e100e85bcd4

C:\Program Files\7-Zip\Lang\nl.txt.tmp

MD5 5c45526a151194d376d40303f0835154
SHA1 174b49fef21d795cf773bd6f3829bd4318eeb814
SHA256 6db3c1007d2a1105cbf86306009b2fd934876d3ebcc65d8aa7216e823b184d24
SHA512 57548f45f1e0a956eba6b08feb902979f334f309be596fddaaf82ea42153d5ab7b097a24503d21aec230592536becef05575e6e0d4269b2b10c03aa12edcbcd5

C:\Program Files\7-Zip\Lang\nn.txt.tmp

MD5 32538a5d50a48720ca1a2f1d9ee2d4e1
SHA1 396be0bdcfdf3d6fc2468f1bbb19f072013b3161
SHA256 b24daeaa788be4fd5cb17b2f368d1b01890195fd085b8bba12c419397cd35c2e
SHA512 eda56da1c99d7b2aa3ee16e392a19a06ebd5a69f8a6183b611826642a8c7b113fcd034a3be70218fea1b0ba5d77574cf36b17e8432ca5d1c7956d5346e7a412f

C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

MD5 ec5707fe774d8ba114c60b1644780621
SHA1 f3bdfcd2c3fce7def7a292ec20eed3c541ab5a93
SHA256 a3780e3dd7db254e4eccb59700fca9e48caf1b09907a390a739d6bd8cc388b16
SHA512 4326c946c379cd9ca95b224d47598cda8bc13876de9c1cdfa16a42b1b8d62bb6718222b3e2ec9a150c1a0f5ff8ae6913d89a5803740c441c78734f412a616dbf

C:\Program Files\7-Zip\Lang\pt.txt.tmp

MD5 2ae6405f0fc452e1bcb8b2f2452a29b6
SHA1 c60e1a90138afd34699befa0c32200bc379fba10
SHA256 5c0b36cca75eeef814dde63f22e4a3328bd02d6e672bfa15d1a73a1aabf329cc
SHA512 5e9d11c1d5d58bcfbc2a986a73b7de23d0ff6d72fc34656229d2bff144f2c82da313d826df826c78b8db0f1d04ea8b8d983e9118d356f1c3736fb00ee6a1d4c1

C:\Program Files\7-Zip\Lang\ru.txt.tmp

MD5 9288392200a953d869fe632941531ff1
SHA1 61dae6406451f6251c407b013970d9361700d80c
SHA256 90f49170eb11067cc123f33b3703136700ad83961cdd381221f751c4e18863d3
SHA512 f7fccaae4c5977a82b68806355ef7a097ea0350c234e125b4d5f266d390d6f05cc82993bb25a1a1fbe16c3f9e731459d75267fbc32dae96efd1d8461e525f8a9

C:\Program Files\7-Zip\Lang\si.txt.tmp

MD5 8e2f2c70811fefcd9d0a5023f5881e86
SHA1 b2012cd4592c6e38c6ceba0fda5ab6f65823e9f9
SHA256 f64731bb2fb97da1b735d8d61edfaebc543db953845aee795b4f9b31ac1a0489
SHA512 f67bcd6a7cb35475e05c9d85d231c582d3a147c8d3a1a143091af46055f731a082bb1dd4b208b9d592a6897d1f46162c502768a3314f7179f5abcf0088b90636

C:\Program Files\7-Zip\Lang\sl.txt.tmp

MD5 466d72ee0b93f2b79765d496e9173293
SHA1 bd9557aa705af9afcf311a491281a497526208ae
SHA256 c35c1bc64a9ee42f62efd6f557bb4c3630fc2969f46aeede22335997df64548f
SHA512 6a73d7ea0cf36ec62a31739e8f9797a92ccd72b1609989dbf91a9be4941457b5f943d7d65184cf96df888f051929b7287e494946b932e2464aecb9eae88759a8

C:\Program Files\7-Zip\Lang\sq.txt.tmp

MD5 53488e89f637502b3adbc491099f8c8c
SHA1 d0cd1b4ef67d26ca223cc2038de45ddc489a7f96
SHA256 a9f778fbbbe12c2b71eeaa079b78f099abbe265246a4a4986feee2bf469891f3
SHA512 bf80909367932f8e93bcad6cb9f563cea58c8c65bbaaa04ddd6f8189c0c0616981b2bc501c00996af638c773a0a5c1524d75c2c1812d1d4c29876973d330abd3

C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp

MD5 8715c4547cf8396ea991fbfc402b768e
SHA1 cee1233335dbeecbebb6798c2e1e76a86734e52b
SHA256 ad1a293cac6e55688db4813c228ccf72b665dfcae926dbfc4f8cb44f1da5961e
SHA512 8561a8bd52e71815a3742a7cf8d2915ba0561f1ad0f7ba0d2a4d78a6a5118e7e9b22dd242907aca513ec9430e1348b4dc527164e740c281a3f1b4ed17de64b19

C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp

MD5 6878f6263642bb880c804d3c01f2e089
SHA1 86689d354df3fb3c744efdfe2c66251eae7b8f8b
SHA256 357af26d5bb77a2dc70446431defa93c93e6b6b73c025245ed63768411b70f37
SHA512 3970f91c1e41fb33708abf8a398d663da7cf81d16a3e40e5c8238d6b6defddc4805425320a8756bf70b8d3dc7e81a21eaeb7b54fc222295892af81ff646bbb85

C:\Program Files\7-Zip\Lang\sv.txt.tmp

MD5 18131d78f84b9c98b6e596ed40447770
SHA1 ffba82c53e434a12a5a30c673c5368d431a5d571
SHA256 485f05a15d0f2d1ee76b96f91703c11c4a90cf186225f6613b5e34b0f733ac44
SHA512 7383f26a568f4ff5b11dde19a097ea50b7d46524f5c7df7c76e1b6a126dbf1034c05c9f43604a9b32c2716b521d1e2b62020c93c8214fade66c1bd1fa3767d1c

C:\Program Files\7-Zip\Lang\ta.txt.tmp

MD5 badc6040f2dce20b5a98515456601b53
SHA1 46ffddd684a1ba21f0cbbcd3a9d0958c3fa6e410
SHA256 a57824a43730dee7a46f4aae920b996b5753b5b01306efd380a60c24bfdf5320
SHA512 5096d4118c6d2905d5ff5db0999599194f3cf9683315e8bf615032fa84fadcabca70da2c5343b9cc90d829bba5431b4a2c52b6dff7454ae7655c470d8a63380f

C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.tmp

MD5 ef2141ba7c3855d125662b69f34df2bf
SHA1 c40a62455827aef0127af63f1fdd58ddae4efdc7
SHA256 5b47ba4224f6514c9db10f8e8f5c9ce69d7543a9c69f3d427837e4da4310d97f
SHA512 dc1d01ce57f24fe1e868997528b82ce679320e12a4b90cfea4b1ac5d32c0f232d46970def88325235a70b68849cdb8097a9a6111a5ab837e6198939d18e602ac

memory/5472-1720-0x0000000000400000-0x0000000000407000-memory.dmp