Malware Analysis Report

2025-06-16 06:28

Sample ID 250529-n3yega1vgy
Target 27f2d3a6a7b8c3350eef06d7749748eb295a9a30f995212800a18f7c38e68779
SHA256 27f2d3a6a7b8c3350eef06d7749748eb295a9a30f995212800a18f7c38e68779
Tags
cosmu discovery ransomware worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

27f2d3a6a7b8c3350eef06d7749748eb295a9a30f995212800a18f7c38e68779

Threat Level: Known bad

The file 27f2d3a6a7b8c3350eef06d7749748eb295a9a30f995212800a18f7c38e68779 was found to be: Known bad.

Malicious Activity Summary

cosmu discovery ransomware worm

Detects Cosmu payload

Cosmu family

Cosmu

Renames multiple (5229) files with added filename extension

Renames multiple (5406) files with added filename extension

Executes dropped EXE

Drops file in System32 directory

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-05-29 11:55

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-05-29 11:55

Reported

2025-05-29 11:58

Platform

win10v2004-20250502-en

Max time kernel

150s

Max time network

138s

Command Line

"C:\Users\Admin\AppData\Local\Temp\27f2d3a6a7b8c3350eef06d7749748eb295a9a30f995212800a18f7c38e68779.exe"

Signatures

Cosmu

worm cosmu

Cosmu family

cosmu

Detects Cosmu payload

Description Indicator Process Target
N/A N/A N/A N/A

Renames multiple (5229) files with added filename extension

ransomware

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
N/A N/A C:\Windows\SysWOW64\Zombie.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\27f2d3a6a7b8c3350eef06d7749748eb295a9a30f995212800a18f7c38e68779.exe N/A
File created C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\27f2d3a6a7b8c3350eef06d7749748eb295a9a30f995212800a18f7c38e68779.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-pl.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\FPA_f14\FA000000014.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Registry.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ppd.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-pl.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-100.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\APPLAUSE.WAV.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Templates\1033\RedAndBlackLetter.dotx.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\pt-BR\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-pl.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Internet Explorer\images\bing.ico.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jni.h.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\asm.md.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\Configuration\card_expiration_terms_dict.txt.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hi.txt.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.PerformanceCounter.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\7-Zip\Lang\af.txt.exe.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrjit.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.IO.Compression.Native.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationFramework.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\ecc.md.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-pl.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ppd.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\it\System.Windows.Forms.Design.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\j2pcsc.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\access-bridge-64.jar.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\Microsoft Office\Office16\OSPP.HTM.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Client\vccorlib140.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ul-oob.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-pl.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-pl.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsBase.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk-1.8\javafx-src.zip.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\27f2d3a6a7b8c3350eef06d7749748eb295a9a30f995212800a18f7c38e68779.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Zombie.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\27f2d3a6a7b8c3350eef06d7749748eb295a9a30f995212800a18f7c38e68779.exe

"C:\Users\Admin\AppData\Local\Temp\27f2d3a6a7b8c3350eef06d7749748eb295a9a30f995212800a18f7c38e68779.exe"

C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe

"_Firefox.lnk.exe"

C:\Windows\SysWOW64\Zombie.exe

"C:\Windows\system32\Zombie.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 c.pki.goog udp
NL 142.250.27.94:80 c.pki.goog tcp

Files

C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe

MD5 0301e10eb45a29e7f4ffee78c35aa990
SHA1 387294bc106af74c0e33c5abf77b76cec6504915
SHA256 5fce53d77a59e91a86624bb7da9c75efc065cf8af26f5c2212c7d6c8f9f22ece
SHA512 8b889c87fb7e356d40a1102a1aaaf62639c65040bfae840a91f866784b92ce2da850de6b7d2b4bdf321805e18c3959b7e83d5bb12d12904c123cf51d51979c7c

C:\$Recycle.Bin\S-1-5-21-3623617754-4043701611-775564599-1000\desktop.ini.tmp

MD5 ac913b75c45237ca0fad38029fa35800
SHA1 cb3ade4baa4da044975b218761a3b5bd496e1610
SHA256 97561c9944d29fa03add805e899b2d2b62452eb706fab3afc02794931dfce16e
SHA512 d1de8fad0f1b0d9f3d6e97c94747034173da6ae862f06be04f69ddbb6f38dfe2b7d0e3ce333c5601b6b23461a8cbed739a46fc6411902226e854b1cb85f508ea

C:\Windows\SysWOW64\Zombie.exe

MD5 2d996b76f9784fb7c002438b08c953f6
SHA1 794c1dda5822abb8b903731575dad373cb903bc8
SHA256 9aca87944d41454641aa119583ca284840e6bb1c17b80746caf44aa018207398
SHA512 45b5b8b162aa374384dda596a99f23c9bb27dd0daab12c48333af122c634f86150c4f562c48790e70a3a88d32315433190b77bcbb72b230cf028cf0ad3fc62a2

C:\b96a7bef2438b67e1aee\2010_x86.log.html.tmp

MD5 a3cde21163268bed566dde177345eed7
SHA1 faa56f28214cebd4745bef7e7fcb989ec6440564
SHA256 2f2d32d1b3dc3d872797dec3e40474692a62534e7f0058179ac0f872294d26b7
SHA512 4f4db93f7dc479a18833fbdad56564894095cbec821de339850ef1f09a6a98e5c99c32e4df3c87af64b3a0e373f60031e70887c52d9be8487a4023eae6f22cd3

C:\Program Files\7-Zip\7-zip32.dll.tmp

MD5 74a558a50e079264cead9c7aada939c1
SHA1 a732b7956c7c3cd14c8e1f99f62efcb6b6ba2fc3
SHA256 2c51441945cd19bd270d3a3f8b37aea69274cad6897b13489a1eeb8ea8f115c6
SHA512 fe38c30a08e3f2cbe1266b1020a5a2a4937664fa6690693d728af19c0c85d7bb800d20837600d3ab97fa8367d79b955b11ba65f8c4eea3ba9c8a3f8ad73828af

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 3b1812c928f66c1f3c89f300c3c2bddd
SHA1 3bddc9b28418ba20bfcf1d38e020beb8da4039c5
SHA256 48a67a8ed690563991e456be1118daa154ef78163fb972d9f920736304d3f59d
SHA512 57a73d12c17b36df077e17a413b0f025aeb54a52f198c548fe11f7390297938aa2d2936f482c7a65859ecc77ca11bd6b041f83552a2bb35a7fe715854347b9a4

C:\Program Files\7-Zip\7z.exe.tmp

MD5 3d116d92a6802720cc693f3dd628d93b
SHA1 a777fb1ce1b2dbc97bf99cef5ad2ae752b921bf2
SHA256 62be95de3ce09623c9bd5e7b9a73447c44373e60135af904a8178c2f64fd55e6
SHA512 552962f547e27e79a0a47ed553a89a70433d498c9d9a99a7d4a4b135257d4d0a28e1c37a75dd1b714bf328dedf6def034ec5b8cfd28465096b902a3a2e71b8b6

C:\Program Files\7-Zip\7z.sfx.tmp

MD5 9683bf82c73a46870c2595497cd5e5c1
SHA1 157ad7a9a4b6411a895bcf92b982ccf3b579c9f2
SHA256 05db247863aff776362e80d0fe4c54b6600528c4e1b1db06f0a00215553eb7f5
SHA512 7cb42ac42b4a7ef098d85aaaf68e1295b7018a63f9f277185cca44e89d673c2659f902b00768aa8d4e2123b34dde58b01737ecee0abbeb9b38b062e15c06ea4f

C:\Program Files\7-Zip\7zFM.exe.tmp

MD5 7df7932b6f2b9837d0c9414a9428ef84
SHA1 e935332f47975f6d8e76d381ba2e6afe03e7fa72
SHA256 4362b99c62aebfde58d0b7b44edd6452d5b4b505c8295887df5696c9f5aec5d7
SHA512 2ea711c4a6a77c560df32c6dff4cfea443bed4ef706adaba3012e5d788e10820e0a0c06fc379ce172a63d95db66604b38e8d6fba525fb6844dfd2c03a9339a5a

C:\Program Files\7-Zip\7zG.exe.tmp

MD5 57ccdf5768b2bd62245aa38ce73da8e5
SHA1 c3bc19adc32fb6f0291afb870ca1e2026f0f1198
SHA256 67c567757b23d845656322c5bd435f8a76c0fd397b5be6316684634ec424b1fe
SHA512 048753add381774bbe5cf726ceecea1d943b5e64fabb9b1250c6f87df757a0226ff62b81dda42794353b54bda29c0fd33b6907f417e773ad0369895800f568fb

C:\Program Files\7-Zip\Lang\an.txt.exe

MD5 2ade1dc6d12fe2a4e2c9da48cedd58c2
SHA1 661d627fbf2b4661de6eb5cf86792880b2e4df51
SHA256 f711ddf0c4d98a6d46b44cb36c88bf80f32ab8f0a0eeb546d9d49afd915a0f92
SHA512 68fc414a5f712c1b290fd6cbdd417926ed315015ddb6d2448e0023da80bc3a1831c144de759eaa22fae156d08e93bde4b750643bc7eab335fa7afff6c2a998be

C:\Program Files\7-Zip\Lang\bg.txt.tmp

MD5 127c98a05609a8a4ce64265e7b8b2943
SHA1 737b06363899d1e27e58f71902d61000eeda2856
SHA256 73547c98156d14de860e2ac3444478bc7ab3daa63bbe9bb137fa954d0eb8595d
SHA512 01fc692d0166db82fa019fa5824f758170c46128432f427b0978120a3c8354f3acb8b2e7b3307159f00a551c13825125f9fc7cda7ccd015687625a1bd8bd1e7f

C:\Program Files\7-Zip\Lang\bn.txt.tmp

MD5 529361a9aa9593ecb71d70f76267bc3f
SHA1 a413f33274700ab6eca4747d10b2f1d7b0169b93
SHA256 94ef579fd1ccc01a160881c1ea7267be24d914e38f0f7850ceb291693b23d62a
SHA512 09a7642cbf229d685fcea06b690f39c110f8807edc98f6b8956ed0b8f8c599ee4fde46bba8f893976e19a460623caad9ed859378d63a7dc3e0d4396a0559b93a

C:\Program Files\7-Zip\Lang\da.txt.tmp

MD5 f51f6a005cb3983a4e37b56c4c4c5f4f
SHA1 bdaf038d05669619ce9d5d09963d46226aa8de35
SHA256 b8f5440fd956d81edf3b19af5b1ae57b05a2ce56902dc4eae4bca6263fe952b5
SHA512 b770986b058406e3ed344f53d2f35b43a33801340d999eeabbca2a476c9c00aabb75f58e6c2956b13ed7364a0e1df43d616165bd33b5c34bda09f86958957bf3

C:\Program Files\7-Zip\Lang\es.txt.tmp

MD5 e67ee4ccd12c53fc4b20fb6c78797ad5
SHA1 4f5d538cda927c2a916dfbe04d83aa2ae51b5d8a
SHA256 cde9c22ee26060ae3c19ed9e74df44e598a4d758a1bfb364eb3801b7cc8b2eff
SHA512 f17b384e64550fc02d795c3a62be7bc5dfa434950951d530f1f55bb26e75beef0d3f2b678d468b8c676b5f25ed0c93b5f4b6e3c469ff4ccfb4a0c0a479e77e9c

C:\Program Files\7-Zip\Lang\fur.txt.tmp

MD5 acd1a8d8b54ea7828423b742665382c3
SHA1 cbb4b0d600c8ab8789eeb12d50943bd2b7effb9b
SHA256 13e2bf8099b918b786c7d1fbbd9da0aec4fa4f6fe304524f4618a0c42d859f2b
SHA512 b59d65267ad0ca1afb2bb81e746f37bd03105e11a0581c8bf625a7c79b23be1bd251c2f0d1e8c5530e9bb8c9eadaf246fa96016a5fb2318235c33caf035f1d6e

C:\Program Files\7-Zip\Lang\it.txt.tmp

MD5 e1ea02239d9a090067ba289f6934868f
SHA1 89289065058423d7d39dc87df73d0486e851056d
SHA256 13a6a053d7f95b1a47ab61691b1a9daefe97b3426d98b009dd174b71c177ac7e
SHA512 8e82ea4b941ab250059773103f48b5cac2feb92d9727631e2d8a1d55d1f702a833a65f6e87412f64526018e836e4c46709e25d0c6c476ccf19785ed204271b2c

C:\Program Files\7-Zip\Lang\ja.txt.tmp

MD5 15e55a43b0712e393196f92e89ef6846
SHA1 8f8a4af9829247e3760a7632573f3e09d0625f41
SHA256 1cd217cde0e158eca2c3bbdcd12922281709fa8f7f16b8230de64dfa5f9a10cf
SHA512 b691e4fd5758d71f5ada3d0f75e2ae9b7665790954194bb1c856a2c6072d6f3fdd1383b4a74f86e41b2d16875de4dec44806bba0d8a82c8142025d9fe0bc4d9a

C:\Program Files\7-Zip\Lang\ky.txt.tmp

MD5 668a8e9ce370c716636f502c20a52833
SHA1 a230eff335c9d6d18e33d28248abd3ca0f8159c4
SHA256 900be2ba5e0cef99e019016980c11464faac968be548c44a121b760ff7eec3a7
SHA512 0cd7bbd746fbed7c4705012124a1eee26b9c21e627a7799d5992d465c2a6a74d550f845d368108e6350850765e26776e541d6707d22fec0088fbad42b0b013de

C:\Program Files\7-Zip\Lang\mng2.txt.tmp

MD5 54e79daafc5222b4d73b17b9b7394add
SHA1 87d694a3b55870375a3fc9556044612f2adb796d
SHA256 a72ff297ab214c1b0cba1836027ec03360d235fdafaf4db72ac13fd0d83629e0
SHA512 8c15236aa5ce5132188026d47dc9d506c15b0e7c0976c6a56713ffa47be2aa35653514ecd27418d35817a3d7d401aa0701a01bc332646bc861d51fd92967594e

C:\Program Files\7-Zip\Lang\ms.txt.tmp

MD5 cbee1ab814f08d542a6528b33f34a968
SHA1 ed4339f446cc9207614e71b673d2a87a08f95854
SHA256 34343210b78ae95bae7463383b0b758e8e0e05054a7eec135879785a2be5935d
SHA512 3c5a3a2fd58f364e13544e5855ae7cc71648211f8882cd299b801f99366eff3ddf458f012124cf5978e0524b35dcbdbaa36af0704a9933f9ba3f28112a9db7fd

C:\Program Files\7-Zip\Lang\ne.txt.tmp

MD5 7d6a6ebc7aaf8f744cb7c1a0304b859d
SHA1 66c25fae5b846e66ab5c1b0cda7583233eb51454
SHA256 d9de4dcec43c388717b420d3320e72162b936dad1fa14ceb9f19847cb69b772e
SHA512 f5460db648993d7183a9042cea78386bda1052cc2848ba3b48836a5a6e83071da3de760d1aa13e84c47e41a35cca44ba6a3e1844200df8f4460da5339ea07485

C:\Program Files\7-Zip\Lang\nb.txt.tmp

MD5 fc94da43e67d2f2428bb5d793fca68b5
SHA1 75ebcd339ed3a3ad607706e7179d68d94507e54f
SHA256 257c07a846274198662f6cb05c35a1b376f188a34f9ca8ebf88ec2e0b3220ff4
SHA512 c6c0ec9accd724095477129cb6617582a5e77a26e4dd2cce5b769af8dc3b59622fcf2ad03695fda7195d9c983d62443d5f59fd2deb63fb17338b9cc50482cc22

C:\Program Files\7-Zip\Lang\mng.txt.tmp

MD5 acfbda87fdf6d7e1af78259f8a7fd444
SHA1 e8be3759cf3de4d02c950af973460bc77aeff807
SHA256 391b8a9d8e47b53d1e2eeb2ee3de2dffa7af6ea1214e489bbcd6ce083975ffad
SHA512 ddad06bd51691b6a6b07482c2be69220d93d781447c0a7880655647339a16e48bc53aa160f432ffec95115489c2dae11c1b8ee78a1df80ec18344c637da516cb

C:\Program Files\7-Zip\Lang\mk.txt.tmp

MD5 ddfacec88f7b63cbd1026bd7a7312cb4
SHA1 95bc6041d4b82c6fc9ad42581f95c4a2cfc5d455
SHA256 54e242c42af5949cec329805c9c2fa5499638b4170cfb46bf7ed08826ef0c43c
SHA512 3ec3c05a7975145895c455e1439e43a8b0037eeca227e443f7c6a7a30d3a7831bb86e9ca2e65a7753f6459604385402cef5ca9eba08e13b08173ea44b63e0f71

C:\Program Files\7-Zip\Lang\lv.txt.tmp

MD5 01c77e4bd9608462b0435b435e8f7178
SHA1 504de482be981bc3c1bda6993606f47fd21fb0e6
SHA256 ae45b197872aa7a50b5704557106815619090dc6eefdc87f25d1a32418aadf84
SHA512 d6630a84ca2b1a571f46c1513ef58f4ef077eeef08745010ad739b225aa6f149da53df096ed3e55c445eb3f05d05f87d31410e815644d98a35dca185cb432bdd

C:\Program Files\7-Zip\Lang\lt.txt.tmp

MD5 ee366dceca0cb5cf9bca8a1404806f06
SHA1 e98bca736f16a3e89533c7ffb96777ae77b8619c
SHA256 61e2c866a641ff3eba271ba2537b88bbbf1aa095bd2f7ae2d854bb07d5b27529
SHA512 bf52198c9c1fb110c7ddc52fa555fd04159d0379807b7515bba39a51bede399281183bbb2782cfe33a36971e3a2ca98ccd84b0795f57e65ccd875e439b315ec2

C:\Program Files\7-Zip\Lang\ku.txt.tmp

MD5 14c9272819befac6f1e033313ebc5721
SHA1 17835acbc8ccc53781675b8cc66f4b4f6e8aee00
SHA256 18e6368fffc1f6be7c00dd80e62df269ed8a02e0c15a4312d7531b8501f474d4
SHA512 fc65a78ad942c57372e2bedc213dee3644f6534003231261fec07b46a3a544f765295e53918da00975fc2519c145ccaa278acf891e464884044e0f56121c2cb0

C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

MD5 09320daf30701febe345f05c7d8a8d94
SHA1 e5bf4f81c3955697e80a73ca4439a95b01052365
SHA256 31da1d3e54604657047e6cf038cadfcfae46c21292770ec310926b7a43bfd269
SHA512 55e9e620e18ee0b53b91b8e3968a599d64c652ee767b3b5bddb9f084d9b251c0ea8276c2e6e41aae3ba56ba00b606876c9d32f6bf7ceb0710638662e0223ce27

C:\Program Files\7-Zip\Lang\ko.txt.tmp

MD5 c70bc5d0df449d78603c072d3ab52823
SHA1 3210da9420b131d896bd3ba89d05b2c221621385
SHA256 42ea0d79e970a6c68428df92dcb887970080f6bb2473d23936238d2d09dac624
SHA512 3d22bab5cd9134cd2d85f769911228f458fb1c5d0cba3345570f70dbfa19532aca910d17492cd0fa3cb8b4d270f249cab19386e26fe5a2acf47ab71900bca5b8

C:\Program Files\7-Zip\Lang\kk.txt.tmp

MD5 84420145d5fdd7b2257146576b079001
SHA1 f591182604a896a601c48f25688a3f037bde5044
SHA256 8f28fb6da37e3715b856c36e84fdda1b2e8cf03deaaf566bc021e20bb9d3d258
SHA512 7f06fd159d185dc63cced9f8f68f4d3074887242d1418aabc5d60745cfb750c3f946ffa71ca50dca82904028633161e546987463118c099f6c221ede8151394c

C:\Program Files\7-Zip\Lang\kab.txt.tmp

MD5 1d0dbcc857a4af33eb9ea1f21642347e
SHA1 093a580b8aa4fe061bab1c7a6139ab18de716f1e
SHA256 1da44431d01e340f66710fb2df9a04af1d86690809c94bc5693c8094f723da1b
SHA512 4820b47aca7f360949652f3dc94c565e523a02c7573addf019165e2a71876425ab549c8379e0b3e149b1d074efa6a9fedbaf5ea9ee69c4fb2abffa1e591c0eda

C:\Program Files\7-Zip\Lang\io.txt.tmp

MD5 60cf2755241c9e7d159429c519848a1c
SHA1 76b140e6cf1f99375b337cc21796a378c7eb483c
SHA256 2ef41a1bec5a64d2c3cef4ea6d7dd7edef3b751ae6d06dd480a15bfd171b4572
SHA512 a78b79a2e4d8fddea71c7102a071b21b564a6f37f0798d15b30b8d859352405bec01f47a392fedc7a57f8e80542da95f3c28be2ae92967bda22a587695cec5b2

C:\Program Files\7-Zip\Lang\id.txt.tmp

MD5 ca6fe7515af4a340581a350baf0e044c
SHA1 7b08cb1a7461f64f0114f5ce7c64db57548a70f1
SHA256 98f082e508611b0db81cd54a9dc79c4b955dc16c8f3ebd4afd4b99703375a9df
SHA512 0f4bfdb7b285c188eb88b73c212aed541c97772ed7c602602198719d0fd99348805bbaebc59c12ebe2b20a35b1a321e21dfef0f038e3ad72a8aa93dcd7e1c7e7

C:\Program Files\7-Zip\Lang\hy.txt.tmp

MD5 f281ecc3c537c1b6cc5fb6a6ee6e8aee
SHA1 4d1265212bdff0d647d99998bd06e2d3b7d8af93
SHA256 7f31a751bcd5ab103f3e073ffc8aa323e957a153b56785a9ee425999683a9e9c
SHA512 98d2b169bc75c8a5de58521a9e55f652359b55d0bbfac7fb14e16e71127cbee5482c91f952a191de4cdfb11269ef0f3a4d5becec67ab4a20ca32c923af4949e8

C:\Program Files\7-Zip\Lang\hu.txt.tmp

MD5 022a568124bd64ebfed79254d1142971
SHA1 5074e1ca0a831d714883bb0a258d1c2161d6e39c
SHA256 23d1a6674770d0088b23a9a5a4916ff76b09c9f34048c4f5e7c31b9bd7567a6a
SHA512 87b7961e3e541eb0566d8b64da98e33dbece3155fbf373d347016b45f62f6fe68c36ebbfd37f1c0e560bd2cec09a52b56494b9a7bd1ee096a1cea22696399bc0

C:\Program Files\7-Zip\Lang\hi.txt.tmp

MD5 3554d4af9413f748382537c02c4255be
SHA1 0140488f04b53eda8b5571bb4ebd0baeb39b991b
SHA256 c6d62debe88ad623926bd55a55652e98859c95e89aad87b8cfb3763745d6f75b
SHA512 4804a511954bb636b4ccf9fe182baba42ebe34e19fb5a98b76cabd9186fc0f266c1e7037cc659b4d303ffe131d5b7f716e19908b8e6c8c6fdb24481b09d8e3ed

C:\Program Files\7-Zip\Lang\he.txt.tmp

MD5 cfbc8e0f55a64659f9256532efdfd2a8
SHA1 aff2fe71380b31f17c0ee43e5a4bcfabe6d9cd67
SHA256 f9ae5e9eb8207cf26e26a21e683fa396d00fa93aa72c5d05fc29933e04f88338
SHA512 9579e38a0c59c6bbee1a5595d3d0716ec05e2badb5edd6fd05b91d7137f48ba0e7095c4e870775eb8686f641df8876e9b4830a3c3f30636b42cd45128bc4817d

C:\Program Files\7-Zip\Lang\fr.txt.tmp

MD5 856aa0ae3d1d0d76e6a33bc0129a6673
SHA1 48afac55f3a1ef06879e43294adc54de31a70274
SHA256 352e7cf4bedfcf4eecf573d776960f8adc59af66991fbfce0abffee3f5f3e0ff
SHA512 e2c2a80af741443bc2de44ddeb977b86b204c6ce081e26e46c320700e47051be18dcfaa998540d3e0f0f623189cefbed06efdf29e3dda22d068a7eb5c069090b

C:\Program Files\7-Zip\Lang\fi.txt.tmp

MD5 608bd9ec6df90838f96e89c9e5a41dbe
SHA1 b58f2b7fcd094ee6d19255bcfd674cb821df55e5
SHA256 dd008fba8633dbfeb5b3b6680878030eefe2482cf380eac94e4051a6482b8d53
SHA512 f6abb2f5dbf09acdfb42d21a77443b66f58d2c7347628133fc36741c3e568ad81ac5bf593ca99507b810ffe98f99b456a2a36b7f9c3ba5c614141f078c43511c

C:\Program Files\7-Zip\Lang\fa.txt.tmp

MD5 0984088bc589678db6d0f88b3d2d386f
SHA1 fd1f090d385dfb0ab0c108b07134bd3bd67c77eb
SHA256 e329779a5d49fea37f3cac47590c55f810b4af04ae3f0b7250d756aa856e52b0
SHA512 17234b16e6e022698b61714d6936accab086ea2c4c8c3c10ff7f0da7894f419600ac074fa59c4649cf051d763f7420aa8e4a3cc5d3c11918e116764fdd5c6ff7

C:\Program Files\7-Zip\Lang\eu.txt.tmp

MD5 7638fcca5908b990014f2359f909a387
SHA1 2e31318b4c4a241eb805108a64f7f4d5e70d0af3
SHA256 00358baffb5ccb3205107eba8ed4efa722491ccc751291a831fe256fe5c022a8
SHA512 282b8193c62dbb402227ee9dec6c36766772d06fb3e882741907763189adc615a38f7bdc7f837504e609ba087b80794c10769ae0f4bc7ad7a8503eb720fb6b38

C:\Program Files\7-Zip\Lang\et.txt.tmp

MD5 a513a937bc38515e64ded1d8edb41fd7
SHA1 ed590999e4180e81d10c2fac5eea3ef94002c5b0
SHA256 12aba4a7727634307b31832f966337980d360cdc247030f5a73f1a46b1cf06e4
SHA512 25587d49b6688fd61a6465e86fc479b734009cf45838fa2ea8033ff4bbb4cd0e95417b78e942a70be331b589cb01fb895d462e71c1c44f977717dffd6216748a

C:\Program Files\7-Zip\Lang\eo.txt.tmp

MD5 b8a6067464b8115c8ef7f17e99b82209
SHA1 b33d1462616974d808677a6bffb09cc6e46666bc
SHA256 f858fed74933f9e2878ab1108dd2e5d01dc07768249ca3f7415e2e48d7dec783
SHA512 5f3833f9c35c8a1f22a77790b8901f280b9c218b7d9fb9bdce892cfdbd63c6b6028e95c0245933fa0147b405d5eb4b0f24736383d80d2cd3ae9b8ae6f830a9f2

C:\Program Files\7-Zip\Lang\eo.txt.tmp

MD5 846c44921c2ae0a7be10139b60e4ffbc
SHA1 03f9c2bf83255d45cd6bf878b3d8e83f09ae72c9
SHA256 a6e4b4a6205c1fce8eaea344b2a3884a7c2953fa9ecf83e717da1da8d45a12ae
SHA512 b0bdc2eed18cea6f4a4d110d95c0addeee2b0626f17364b6672ea106eb49712f113bf1444ce759dd89305176e31262b21a9e0851e66ec76f56519438c8ca8ea6

C:\Program Files\7-Zip\Lang\el.txt.tmp

MD5 8ebbafba8320d55133a7ed7bf228e60f
SHA1 323cd3cc8fc6b1a9b3443425a3d0045bdf293f71
SHA256 3f343c19b4e744e685ec688bf982aeb39c325340c9364db5e33d979db50ffec0
SHA512 9ffeeb562d152bd2bbd2d49e261578f3b7d36b1f44f9b5ccc1af00bb383cc5b28e5656c7f3520c7bc163d2ee21d38969fe672ebe51f193f300631c6b2b2af4af

C:\Program Files\7-Zip\Lang\de.txt.tmp

MD5 8e2e7363f9224715ac88d55073757922
SHA1 2936153b797a2c218e570e3351b12d56c28ab2c9
SHA256 6b3f05b78b65fceec7d4f715feac63679067f446fc35609a790b6f71336b4a3a
SHA512 f6a549c0ae49382f7d534f6d077d5ac6cec8bff2654105b892be8fef26ff8f927e79beb42b1ba624a45ebee84ce868d989235822997e4a482d9b8198b81198f5

C:\Program Files\7-Zip\Lang\cy.txt.tmp

MD5 936925b5d136882e95c9b7682a2dc2b8
SHA1 e85aa3b6cc7abdb48af523bd1d31a0ab0f03ae20
SHA256 9bdb39ed1281b139568020557367984e5ae532c970b8698514801668ab23fd3a
SHA512 9f885830ca429a844d581a42022554d976e4fa51a73741f7d3426d9ac09d98dc6020aa1818fd47d94e3808891bf6479007a705fc6f816df7db556f8db6b57439

C:\Program Files\7-Zip\Lang\cs.txt.tmp

MD5 7feba254919e0e39231e399404587da1
SHA1 ee4e4a3b81368ddeb95c4c4d952d66d0cbc96c8b
SHA256 b3d94c9b97f12760e6cbb6ac527f271f53ad19c10f9db33a6fab30c939f6e734
SHA512 fc148df3aab6976eab84bdd49a20a1d6ee4d176417c182822c0498508da0d23e5818357a864a9809574fe274702498c8d2ea47f52c43120e6c8d3d8cb7c53194

C:\Program Files\7-Zip\Lang\co.txt.tmp

MD5 8f1b9a600aa2c38c6a51d80e85031eb8
SHA1 e13f40f511cf86d485fc954b0ca521e4b1dd51f7
SHA256 0000262f321ab873e7f5b7e75033706737fa6602346a36fc1d669635e062bc98
SHA512 ca159bfa84a2b8de305454c40ac21c226b0505e5671142caa357ea260c5f56dd56c465c4f26377e5f39c42ffd56ec5c7a4ac9ba38f8b4dbf3cbbd7dd9654516b

C:\Program Files\7-Zip\Lang\ca.txt.tmp

MD5 aaca88bc0ce8c0ede7137c9258167fdf
SHA1 fabbc248989226b00972d39301fea672eb9c0de5
SHA256 99340f15487c473c54194718d8d9f97f9c6db9c0dda0db2c47be7817dbbef0cb
SHA512 0789dd5f4e572a50fa0c0a865affc7e39fa21d2db6562015d9d2b68e73b8411a0c9de17287ef7d1efb0dee63772b28671edfeb433db45287e3cbe62f5cbb9067

C:\Program Files\7-Zip\Lang\be.txt.tmp

MD5 5197b3af4c905ea01b42dae0d8c7819b
SHA1 131ce31b0582507935cd2c827e21741be581829a
SHA256 7f138e0fd2208037fc743c1a2aa40d636ae21fc2f6ac8846fa0e6813e06be09f
SHA512 29b260f906c98602438749091c601ba0457e2fba339a0a68ea3d7f7e400aaa646767d9238f4366dec7720154198c61c8e0af77652c48073c30bc462fd3bf1035

C:\Program Files\7-Zip\Lang\ba.txt.tmp

MD5 421e79bac600a5693125a246bb3805d6
SHA1 a6489c6d5620bc954ef5510731f69083a27ddd16
SHA256 e1570e0588e2d9057f2c510d59a503a62b66ecb87dc8db098637efde30ea733a
SHA512 178a8ef687fc7f4ce5397e4b4689abc61f6cfe5dd417f977b8f621c45eb80ba266cbf1443fa0fa8cd40cae8d47837f2ce7ec7dbe251b1e75ad93eea47bed4e93

C:\Program Files\7-Zip\Lang\ar.txt.exe

MD5 e3a69d1fc683d9b252e84ffec14cad31
SHA1 cce9c6a0fd240f46060c37d02093eab00735b684
SHA256 b705354d4d4bcc70c06d465a5553aff4900eb91f82c1837f195cd33607917f41
SHA512 f4c3ff0548b1e7861db05d603b7832f895adc9b69262e4cc1bfe03cf74802a4d5418b6a0c0ec54ea7b2bdc6c30ae3d6626b77a510dd81ce71a25b0db7687501d

C:\Program Files\7-Zip\Lang\af.txt.exe

MD5 d5448e9da2d2812fd24fd0863c02f84e
SHA1 790ce1253ac086a996ee1a900a1c66eb97482a1e
SHA256 6b5c659508e8c56c29fd6290fd737908ab64eac1c8dadfa9896a19c1d6c1b251
SHA512 d3390cae1ce3c218a673a6cb4d89b997cf040251daf320925de3cc600d8906cb0ab0ddb65e7985837071a8fd6878bcc16c2d9b6cf4325c2fd8d252d696049e85

memory/3648-1214-0x0000000000400000-0x0000000000407000-memory.dmp

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md.tmp

MD5 e50840e1b52725db758ebc949f682e20
SHA1 41aba50c923055fca4f9453236033737d45f3e57
SHA256 9610cae2af2cb139caa0cbde8715c7bead7ffb1418f19901924a634dd607fdd7
SHA512 07164a4113124f50974d2e194c188056857e3ef2c90128b0938c385ebbca2438f56af288ece4b0ac0e566248e768a003da22edd8bd6f4bfbcee61695ecd6c2b3

Analysis: behavioral2

Detonation Overview

Submitted

2025-05-29 11:55

Reported

2025-05-29 11:58

Platform

win11-20250502-en

Max time kernel

149s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\27f2d3a6a7b8c3350eef06d7749748eb295a9a30f995212800a18f7c38e68779.exe"

Signatures

Cosmu

worm cosmu

Cosmu family

cosmu

Detects Cosmu payload

Description Indicator Process Target
N/A N/A N/A N/A

Renames multiple (5406) files with added filename extension

ransomware

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
N/A N/A C:\Windows\SysWOW64\Zombie.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\27f2d3a6a7b8c3350eef06d7749748eb295a9a30f995212800a18f7c38e68779.exe N/A
File opened for modification C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\27f2d3a6a7b8c3350eef06d7749748eb295a9a30f995212800a18f7c38e68779.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\lib\tzmappings.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SFBAPPSDK.DLL.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceProcess.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-pl.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\javafx\glib.md.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunpkcs11.jar.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-pl.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\zh-Hant\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ppd.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\flat_officeFontsPreview.ttf.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Fonts\private\CalibriLI.ttf.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.CoreLib.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.Configuration.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jce.jar.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ul-oob.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL095.XML.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.Security.SecureString.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Primitives.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\PresentationCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCONTROL.DLL.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.Reflection.Emit.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-pl.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\mecontrol.png.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEERR.DLL.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\System\ado\msado15.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\Google\Chrome\Application\133.0.6943.60\Locales\es.pak.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-stil.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-pl.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ul-phn.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuuc58_64.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Requests.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\MS.WPG.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.Numerics.Vectors.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.Transactions.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ppd.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ppd.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-100.png.exe.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\msvcp140.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ppd.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsBase.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\it\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\colorimaging.md.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\WIND.WAV.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Zombie.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\27f2d3a6a7b8c3350eef06d7749748eb295a9a30f995212800a18f7c38e68779.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\27f2d3a6a7b8c3350eef06d7749748eb295a9a30f995212800a18f7c38e68779.exe

"C:\Users\Admin\AppData\Local\Temp\27f2d3a6a7b8c3350eef06d7749748eb295a9a30f995212800a18f7c38e68779.exe"

C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe

"_Firefox.lnk.exe"

C:\Windows\SysWOW64\Zombie.exe

"C:\Windows\system32\Zombie.exe"

Network

Files

C:\Windows\SysWOW64\Zombie.exe

MD5 2d996b76f9784fb7c002438b08c953f6
SHA1 794c1dda5822abb8b903731575dad373cb903bc8
SHA256 9aca87944d41454641aa119583ca284840e6bb1c17b80746caf44aa018207398
SHA512 45b5b8b162aa374384dda596a99f23c9bb27dd0daab12c48333af122c634f86150c4f562c48790e70a3a88d32315433190b77bcbb72b230cf028cf0ad3fc62a2

C:\aaeb8717235f01237de7ca\2010_x64.log.html.tmp

MD5 7d5cf607ec9b40d0fe311e360c3034ae
SHA1 886d10ca486e29336e57b60a0ec679eb6c2c39a5
SHA256 a6c6f599c8cdba5d3dc9b329e396b57793c23a3922be9386edb8a59c940dec44
SHA512 efa9a9bdb933f516ec6347a065533477dad7aaea7a09947e9feafc28fa83124f9370607e0003719e3a4ca32766b7a37ef4fe4b3685a7ab0c323854c0dbd4a60e

C:\$Recycle.Bin\S-1-5-21-1178639776-3244803473-3821071008-1000\desktop.ini.exe

MD5 a58de59d8c6a8af1695095651b794270
SHA1 4503aeda5fe0d63bc6949ee1c0780a66d15843a5
SHA256 fda9b7ca4bd51ac1c740039915f771240ccdc776c310e37b2b42ec1a0761b7f0
SHA512 ef7e7ad983ab5d1af935243206e2ebd3ab92e3936347760a7637c1d41d96bb00c6e5574d375a40e8b0e8dc98d6395d517254ae9aac667253c275747d0c77e419

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 bfe523e5f0a9936c7005196cbcaeefd4
SHA1 0a1ad69e7aa2aba2205cd4d877916feae8771595
SHA256 58fafb351e501ce25a795a35854e5d5dbfd85e430868b2014e37f856dc2fa384
SHA512 9b172b8dabd3734815b214913a18c9dbef9fb55e33df0624ef7dd062817c2a427326d165a2b64d431f25153fbc095ff5ce1c5e15118cee2da49b811be7ac1e8d

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 664062d38dfd7a0e15eed19bea39766c
SHA1 f9f3f9e5012e7472c5acea323ae7ab33c078be38
SHA256 aa468f9b95b9984aa99137d18a500cd44ccd77462f48f0583ab134f24c944f0e
SHA512 1416497f30626eefb5319025f8ef69445067f3cb37c615b793cdfebd2e528f6c56d20187c10369ac3ac7044bebb7e0b4ebe594016e8928c0aab9e6ea4d831d78

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 2a05f93adb839ec708a894efa8a95b5d
SHA1 3bf5057e30099787fd9a1020501dc43b93d199fe
SHA256 6da4797b4c05981aed0db59d7825dcd12774f7b2030d8921ebd8b9ab539ae34a
SHA512 e39b806e21caaae73a2e562885f17c7322d509f1c4b144fab4b72756d37dcef9817c2247bb51fe6b0622c9779230d963e2e843ca5cfe818d158aed0e1a7f5332

C:\$Recycle.Bin\S-1-5-21-1178639776-3244803473-3821071008-1000\desktop.ini.exe.tmp

MD5 1237cc7ab27ee7a15798390e4dbdf341
SHA1 6ecb4b84aa0eea5c39c9a5c4e97ecf32235e0dec
SHA256 979e4113466521b087cbadb9c7ed557ad38e992f0a0655ccb636979d96a705c2
SHA512 e73ecc6a15aeb5792d2b4d78ead4da100bc6eca1d681d6959673921a38a6fde273f148fdf6fa3fea0c3939eb4c5b6d38095273064923a947ec30327d3c89e330

C:\Users\Admin\AppData\Local\Temp\_Firefox.lnk.exe

MD5 0301e10eb45a29e7f4ffee78c35aa990
SHA1 387294bc106af74c0e33c5abf77b76cec6504915
SHA256 5fce53d77a59e91a86624bb7da9c75efc065cf8af26f5c2212c7d6c8f9f22ece
SHA512 8b889c87fb7e356d40a1102a1aaaf62639c65040bfae840a91f866784b92ce2da850de6b7d2b4bdf321805e18c3959b7e83d5bb12d12904c123cf51d51979c7c

C:\Program Files\7-Zip\7z.exe.tmp

MD5 d2d2f67b791f83debb98e0cc7d00f8a8
SHA1 822d10d58d9cca291648627d93df0ea44273970f
SHA256 a1805421eadabe993674c29c956e57bc3a00e58ce3f0d11d2a9e604c1322caad
SHA512 a172e05e911b249ddc66490c6f47570aea9a7f3203e72b643724b3cebede7200e99bf99259d6dc9bac9f67f331cb1cdad453fd388306ce8610b176fb1e659996

C:\Program Files\7-Zip\7zG.exe.tmp

MD5 c7f1c8849517388c0c6b08e2ac61518d
SHA1 e8c9f47ef07ef1652a4e3ef1524da9d7fce7a9d9
SHA256 03c41b6bfc4d4d6206fd291c6bc70ba4123cad81d5137f2f9983c4d7f0b2e22d
SHA512 43e278f695bb2cf3232235ab49efa749dca407052aa6e0cab5aa1e4332d98cb0411cb2fa1f45353592305f72c1ad8074ee7da23f95811a35caecc4bb13cf7199

C:\Program Files\7-Zip\Lang\af.txt.tmp

MD5 a9e06be731a340970a33ef88a65ce4a3
SHA1 742f54d4fada78e620b8f14b0f4096a6093796d9
SHA256 8726153d4c7c4f75f5942222ba2793273042a4a6274d2cb7910febe37b8c7fa9
SHA512 339b72143ea2785f93e1c6fabc28bf79597dd810abb0c0e0c04ee419afc6a4f0c00756abe9676a60f0b03ea456d293d7a631428127c77f092873a470803cfea0

C:\Program Files\7-Zip\Lang\co.txt.tmp

MD5 f7757402cb5706b88ea130a0ba25b78f
SHA1 79dd338f93ed139929d599543ba80ba435650e53
SHA256 74d6cb7376c25f282ec2fa60db737a27c2522e6dba6aa9774ed9be41617a4f68
SHA512 3fd220db65c77ee66b2def9f9c7ecb6571e7a5f6a13f642ceef146bd572d83e92e3c4cedfb49eb51b3e1f8e180ae3f3badb18adc400daf42cfbd82a1a08bf6e7

C:\Program Files\7-Zip\Lang\cs.txt.tmp

MD5 155f233523681fc1634c5da463847de2
SHA1 2eb0db303b483a586561f212575e8d8a173e9489
SHA256 40b91d4343e6d84ba3a98eb623e13aaec244ef169339e55326f99f1b73dc34b0
SHA512 d4ca9c9a14679a6a9ce5ce7e320efef987fe45159e13050db87433dec230f497e5539f8eccc4729978284f3d498b6cae5b1ae8476934d50a80a021dddc62f61e

C:\Program Files\7-Zip\Lang\fa.txt.tmp

MD5 6a17c08ca4292726e553563a1c1f34aa
SHA1 3d9fabffe274bf2e6f0d40905251768bbebd7b39
SHA256 97e749a6ad998125f5780b904bc86e74ed7595856ba86c9a0e01cf2e0eed1099
SHA512 d9ed8438b49fc0bbdb85e09c1b48720c86c94f85e48615acfcd3ec43b9994443a0ed3c7d3504af87a0739b1d18aed8e275d671e90ba99f4fee675da4b0d5b2ae

C:\Program Files\7-Zip\Lang\hu.txt.tmp

MD5 7d2349e014f8f894b1a39459c434b70e
SHA1 8dd6834b445281634b9a65e6737373dd08146a02
SHA256 607fb3474c9bd93d11108c25eaf8341a933a36af989598587de1c4414dad4cdd
SHA512 2847a8486633680d4538509b9b5fd405491ecd9b16e8c32346e9937624c0fdff8daff1f7a1f2efb52db6eef789e79dc6c685b02b6f3a0b2a4055dc0784d2a7f9

C:\Program Files\7-Zip\Lang\ku.txt.tmp

MD5 4c75e5b8cf3fde098834f340e85a146c
SHA1 c1601de2f1ee1e7834872ebd19101b5eac2de078
SHA256 3d15945ef68858926c261d60ecc395abeabd57facd28837a65e0a19288cdcdba
SHA512 1c03b9bde22b0cc0876a81ce91c3c672fad6f5b51cb7b7beb1599ac0cb10edc6ccfa6765cbf8ef840b1aa5520fc9fa0f7461ee5bb910c7e10b42361784232d67

C:\Program Files\7-Zip\Lang\mng.txt.tmp

MD5 db6ec1115853ee5d1a31152f320194c2
SHA1 4bd7d714c89d38f16ee87972707068c97479f528
SHA256 e064c91ea8328d6518638b988c848f6e6097f86dc8bb01f3976ce11061d34fe2
SHA512 a1ee012959b60a051551ad6215829a8bc5b021882f5c724c7d169f64bd166988dcf16f20c7e9a54a403e8d31510a131e7bad4c241d25037b7693800fff097cb8

C:\Program Files\7-Zip\Lang\mn.txt.tmp

MD5 95a6b886addfef75c32aac35dc0aa98e
SHA1 0b8c08657676368a5f9a53c638747f4b1973b082
SHA256 b13880b59ae851593d1bd40e6e6c256d92eaf72db34cdb73355ea650f9a46c69
SHA512 c702436f2176ae2cd6c827082cc8f01b04719f0df18be76f4f2c6f0e44538a1f1b5bf9f785b8ea3085cfed1aab5129d2977d07ee0680a0d2ed74426149d264c6

C:\Program Files\7-Zip\Lang\mk.txt.tmp

MD5 4c392d0385568471146a701391ce75c2
SHA1 629632844f323d94c38a566d1c75faf7f5202daa
SHA256 2e8e8b33e06f79f4637f832f29f3d63428148490bd8ec42d681b25485801e394
SHA512 946353b521a3367aaef661757314ad57978bf7b7be34c3b328e4ad352d2208474d94a5d9a9349a2d5161294c4a24488b9097957253bb885ebea7ff7d348df170

C:\Program Files\7-Zip\Lang\lv.txt.tmp

MD5 0ea7837a9d4ec4d9c86d8eb954637c1d
SHA1 2020a751f2ca28a8103029bc975ee826bb71588d
SHA256 b09ab9f3372e2eccde782724f674a3c9ce6bc3b692c2b3d67394510a1aff6df4
SHA512 1ad4b547f376c6456ccdd4ab8c7cc6f977a2ae34d69bca06af8d1be425b4bd42bed5ff81a76d4f957a173be8079a718bebc1962b52d16713826b5ebae5e64193

C:\Program Files\7-Zip\Lang\lt.txt.tmp

MD5 ab7d1f5bbc92577dd373dd124431156e
SHA1 1fa216391aab660d198dd310b926a9e9e07b353f
SHA256 69e024dd95242f7a6009de7903bd7f3d9e18e725262b61fec7459a69bd144ae7
SHA512 5ac655daba62b5f324825522fbf8ac7a232e150d3f7b0cf9eec88f3fd451bc693a3c583f19c629f9ebe9f3db93f0cfaf728312a55106df81cb046bd9bc3fb1d7

C:\Program Files\7-Zip\Lang\lij.txt.tmp

MD5 8e5530ac9bf90eb087809b20f937a576
SHA1 dfbbeff742255a697c10e6d84d5e596b5c37dee2
SHA256 42936d277f2f9b6290dc8cd40d394485a8e8a5b4e05a7785ceffc0d6b564cd51
SHA512 41c25ee26fc0fcbbd69b43c95aecfd271e4d5a6a65c6a70b4ff925cf57d480bdb849644680998b4d11c3ada234b871d6a746bc0c9d4969d7d657ff210c5aba27

C:\Program Files\7-Zip\Lang\ky.txt.tmp

MD5 10f9ce42b9add01b6b1e70f5e4b6526f
SHA1 372d613acfecca892e2e5e474420d702851c2825
SHA256 027e1a127c581ef4d61f636e7f7dc5bbad5b648a9ecdc4577d97bccce48d194f
SHA512 1705adbca59b469f8f8e7d1289506e96b0fc2137466d7edb1298801603571774ad1d7582ffbb6a3e4067fc6646896087782a8497d7cbc77b06070577da87b00b

C:\Program Files\7-Zip\Lang\ko.txt.tmp

MD5 96b57dbfce40f980f7bbe9f5b85a1b9f
SHA1 2b18aa6a3cc067726e8a7da614bb90093ca52613
SHA256 9ab905779515ff26325c8d4809a509cc3bdd6c6cfcc8f4608c3313c61c5c511c
SHA512 09e8192df99101d3481efcd09e2aabec6ab6d1d0b72b2dbfac6d8473b6629aea7717c1c34161e07063a1572315354f06c56ab2c25aa993400bed3f713893ba61

C:\Program Files\7-Zip\Lang\kk.txt.tmp

MD5 f28b9f463735508c9ab4dd5e2740fb6a
SHA1 fcf019d049db009ac7db7cfff43471cf5d1aba66
SHA256 e5a1e058a8d57aede05a9218581764ef73580c91f24ad7a8e9896f76aa14df87
SHA512 9a06a6618a6177a012726c0d13ab0205d9e52175a24cbb46e306c9b0cf20a61ea4f5598f6faaa3efa1fbfe185b1bd805471cdac093c48c2a8bd43f560b1c8704

C:\Program Files\7-Zip\Lang\kab.txt.tmp

MD5 d6ffc35678382b77dbc750567c47988d
SHA1 5de0339f9e7b235a08fc646043cdbd1d883bd6ab
SHA256 bfc03b5d4167883fbec77c0f931a86b924c297b5817c76c4e909bfd580ac6db0
SHA512 ee2a0336f0a1b4f53d1da79f6d5c7ce38b491ce9787384fada7bd45378054de8ac55aba9cdd289a01d7692c91886b4ad84802c5c74ca3d5f76735f9e3dd0dfee

C:\Program Files\7-Zip\Lang\ka.txt.tmp

MD5 fa6c35e71373a8e3233ab73b35e47bbe
SHA1 8f8c06d2d76c9dbbc54eb58f59a83a7115d4900d
SHA256 690dbdec904aca8a9bf1ca81d1b3063f0a94c7bfb35194a99912cd3efcddc01d
SHA512 e3fccf303584bbf9402838dd36102e47f88fc7166f4708a44d076a066be42a83c4f49b21aca691a0e8579d560e466b82d10caabff7d114c1ee0259f0fb84ee44

C:\Program Files\7-Zip\Lang\it.txt.tmp

MD5 4b6d802ecf151089063e2ed57ba6a6d8
SHA1 7bf9147391179554a50f2ab6a67baea4dd30126e
SHA256 d6230a7bc520dce07f75b83d481d2a99ff47fe9cf15d6af5080f753b4a548464
SHA512 51845fb0facc345ae0cc94963ae413c493b9771051dbde48952227052e7a6bb7d2302eff3ed0038a1763933bbeaf43bac1a7a7aa95759a5f5908471ef5faa519

C:\Program Files\7-Zip\Lang\io.txt.tmp

MD5 8469022d002aa15aeaaed0bc200ed812
SHA1 856e66bd4e6bf039abc0d71fdb9d88a7e946548b
SHA256 c88bb1d63241f43332a6634cc63ccee6e035ebdfc57635664f879fcd04baff39
SHA512 bf4d0830aa7f3bb07c24311fffa05ea49e730eb9b22ae259d1ab56d16f5b82cf4522c5980326c07eaf7161886e095cae190980fbb53bb98aed707e544fdec510

C:\Program Files\7-Zip\Lang\nl.txt.tmp

MD5 30af6644601541a3cd9d2317872ecb22
SHA1 403e08ad72dd4a4174fd5fdea25763b1bdde72d2
SHA256 909ff55b5508b8ba8db76752aaf6c4e8ee1914571b397bfefc88cd59efccf9b6
SHA512 0f40f1adf142e4c4e31270c8ae28663cb3c6bb6c8d266498310e0fcf80bb820b5ef339c3eae15b0bd9f23e5a050d797d597b6db91ab93de2b783b87baef91057

C:\Program Files\7-Zip\Lang\ms.txt.tmp

MD5 64aaf1b852977dcc5573412fe1fef895
SHA1 c4d6cb1a52941c24d63d8b2a26efa1502ca82a19
SHA256 bf2c505841f9b0fabade91a5c31fb4a45f38b49a94c6e81034af7397b37e1e2a
SHA512 07b614cd7d9e00c09ca1de9b097bbf93daf29a27f1c81ebf1cc941b4bf615ba658d8a6045f8f0b9fb31251fcdc518d4d8131312e68a276d86cccb2963bb5e865

C:\Program Files\7-Zip\Lang\mr.txt.tmp

MD5 b52b454bf34045bde0eec2a6f33a5bef
SHA1 fd1b7fbe56c6b306dd48c54512bdc06c07b23e6a
SHA256 621afd24ef2b1bcf2d61314866cdf7cb56d69e6e21a6b581de05fe7df4017173
SHA512 44ae89693f3f7b3d85d481556e92627996ad68b20f685d6f97d6416fc39b18eeb2c7d69c3f8266af6e1fb24d43b78f44a4db3916135ecdfd4cc34600b066c21c

C:\Program Files\7-Zip\Lang\mng2.txt.tmp

MD5 ee505abfbb5dce541e2fe71326913afa
SHA1 bfc22a0974e9011b28c63a66e06a4547ef040f75
SHA256 cd10499bdc5c41b2d7d479ba550ed8eb190f9edade23b6abc1cc1a38291d0478
SHA512 fd234652553f329d69b93ed8a0e566b5e0630bea7a3a99c5e1cd82541a0db8e61a2d8e4bbf10161a67450d2de2aecd55caabce4e56580ab3218bc691a4cdfbb9

C:\Program Files\7-Zip\Lang\hy.txt.tmp

MD5 5e4b62bc3836d1f704112fbea316e884
SHA1 2deb4db7bd9d146cbb14b14eae31976f595575e5
SHA256 2af4179eb7cfec1d0dc8ac2a60401a433659821761a5e3ef7719a3f1539fb5ca
SHA512 e34234e55164fd69414b4c698a501e916f7cf69831349313f5026c8ea06a3ad2b94c149df4f3f173981447e8e09287f8674a16e83e06e77b040f190a41039722

C:\Program Files\7-Zip\Lang\gu.txt.tmp

MD5 7e0010020b45263f24c6f157e066f477
SHA1 c47dc124e4e1d4a7c193917500b2a85a8834ac03
SHA256 cc952e2c3a22816799c6430775aed4fc0b26cbf76183b6af7bdb7b96596baf41
SHA512 d64925082f6d617bab19d26cdba961520cd565e4afa39d1badea490d6d1c956da1ea57a5a81e5ca09b47a091fcd116e527b31703a38773fc3cfe9cb926f1d42d

C:\Program Files\7-Zip\Lang\fy.txt.tmp

MD5 b773f062843e0e9de35439ad5f4890a6
SHA1 71b11b658ab7a82acb7f02e8dd511d7835e415aa
SHA256 0cfa6a3014502edfdbd8a4b589fc9eb55f7f6164db832e3bde0d1278fe11b190
SHA512 654b3989e286c43031ee59f09d047db5210c88be3cff1e163e4350378701b76e58061b7350c4beec7cecd32d0d291726238cb7ee8794de5a964915399041a9bc

C:\Program Files\7-Zip\Lang\fr.txt.tmp

MD5 edf560b25fd1678dda5ec734db1897f0
SHA1 c5309302fb8a4e65805bacd76945593e5f34f835
SHA256 f7ef5bf93002d249212a73e1d92464e816e387b5c8cbfec3d1e4a486ff77a663
SHA512 1ee9e9dd277354f258d735b21bda4fe298f75cb7125caa06474958239764d685ec770470f6bb8ebdcb14c5918e2ee8cff74264be8234a29f638c0d0ce535031d

C:\Program Files\7-Zip\Lang\fi.txt.tmp

MD5 cee046ea4cf23ae29a4e5d5c375ed1e1
SHA1 0e9cc7372aa89e2faa3d6ae95c8135a5e42fff73
SHA256 2460f0c3b93b077bfa044069e95c82e234a73d716749f963b2ecf86be0227183
SHA512 b8784e811e657842ad5db6b829b5c08fe86c155c623e161d6e4c989643597aa6ed88ee69117008b5724b5ba2d01e21f74e23bfd85768d3f8b0260780d4879da0

C:\Program Files\7-Zip\Lang\ext.txt.tmp

MD5 eb312594f9c6b1edae8e2561f0be169a
SHA1 0e38319d6b448f1849af1344c20d86027ba8f433
SHA256 5c321842a265c7ef4ac7f1c8ef324e3e713fe5673bb92797c2ff90e0a38464e6
SHA512 5e462ec97af99fbcb543bcb9254af2c056d04f26ee95470aaa04adf65875a13c3436a57e4db1a4fc3a2cd9ffe0a5536eb902fdda1fa36f1e5f1750c42845f0e2

C:\Program Files\7-Zip\Lang\eu.txt.tmp

MD5 63dc89ae69c3714eb90011d68bd823df
SHA1 4be4ffd6e7d5bed29351e0adc609c7a548ee3043
SHA256 b8ee0d6c23c11b56763b517fd210a564c571a795a005e76fff1d34e6ce09057b
SHA512 d034b2df2198ca9abfa3bd9efe98e718b6b8aed40aa1b479e47f7f64fe6f91a8c31f59a995e6f33e5db2f15370289f952532b48a250f5c8b25a538a89b2be2b1

C:\Program Files\7-Zip\Lang\et.txt.tmp

MD5 ad1094fd037938c15e5fc90a92b6818a
SHA1 27e62b34e7b23adb7e3e914fe67ff88c8b2f3ce8
SHA256 089253f6c16dc4335bc2128e22e900cce8c90c17bd16e9b45c04f83dff44adeb
SHA512 24a16cdc4b74389e330a0ae2ae4aba044742fdc1fd9639b127159572c971f310f01e0eb4413e7e5cfbd5ef42a439c31de36feeddd7e639665956e0f19f5a0cff

C:\Program Files\7-Zip\Lang\es.txt.tmp

MD5 9ed8ded1cb028f444bbfd8af1945452f
SHA1 555873bdba15c09617ea2e25c0398dcc49dab550
SHA256 dcf16eafd2d566b4f4efd601cd7658080b21158de8285560613fdd2c5196223c
SHA512 b6f0aa3ca63d37c25e7cb58d05a1f92b20f4348487e7331801650a51308671a5a7244bc431f0125d4433f0af6382b0cf96bc972b7c09b82f0c942a32af9c8878

C:\Program Files\7-Zip\Lang\eo.txt.tmp

MD5 87b5554ccf7fd20535f099980ce4969f
SHA1 1b8867d688469c509a5ffcc08263b34f69ee56c1
SHA256 1ee322b5e4a1aabbada0cb42b6e54900f94dfefff483f4b738301df7c21849ad
SHA512 d100525dab05ad1251a2423005fac36209a02f274ba1d4846f4888bdde0913627278842493d443e8ce0a9df9e501778d938e30d8d680c6c6a0aec7c9017300b9

C:\Program Files\7-Zip\Lang\en.ttt.tmp

MD5 f1ed80b4f65b609b9dfa51728f915be8
SHA1 b8e11c2bf01d793d67d6b3a2766127807f752809
SHA256 c58c61be8871428d155e8a759cf53eee02a61104e257b58668bc5862c60dd966
SHA512 47d0deb58349d9aa71b3ba1290623bfe9b23beb623cf3c7209b116ca18ce238804e28c87c51d5a3f60c138921d8e1096d9b35c585134b855cd86aa5cb4ca9e70

C:\Program Files\7-Zip\Lang\el.txt.tmp

MD5 bb4755f78bf20f9724a87de9a018a0cc
SHA1 5b456ec07a092b247a28bddd9a8225617f6b3d24
SHA256 231494cd1f28688cff2b3e4c12058b11aff68fe77c892cf17185f8db1648cee5
SHA512 ea5311f0aa48e97824e4b06f97a0a796a66d5d9fe029992465ec9552828b4a5af92e62673cb00bc033ac20602e5a63489687c93b09f90914ca1231c2d913a786

C:\Program Files\7-Zip\Lang\da.txt.tmp

MD5 23367a577c8cf4aac62ce31e3373accd
SHA1 028d177e2b1d4f2ca46afac3e88ff3bb2b089065
SHA256 f5a42f79cecbda773cc08e70cb901487aa97f6f893a99a43713d90ea179a0f8e
SHA512 d7b4e867e1ff8b2ae4378a34d3abac1ed0e707bd580619e251a8ca60f8008a6cffc823b8e1334074882a9e7d23c199e7efd886d4fa07cb478a3ee4504e2ce84f

C:\Program Files\7-Zip\Lang\cs.txt.tmp

MD5 f876fbb5d0a0fbb2d49dffa774906cb9
SHA1 9b5cf1db60999a48c7d251b39a1f8dcee0ede850
SHA256 d58050fcb1f88a9035820691846f2cc6122af8a5d0abe34caac63bed13f0ddb1
SHA512 5aed4a3e484f4a5a87aff50248c8892d7459e8ef16ddd7fbcd743eee882cce51382905a1193bf1ebc24cb747a6d15ec070a5c66f472933fa29624253ab4f878b

C:\Program Files\7-Zip\Lang\ca.txt.tmp

MD5 b714bf9c3605318a58921547a914b3c9
SHA1 267873b2f721317fc37e8114a06c3779bec9f7a1
SHA256 9841ced236c50b711bbc9f0704d4dc1178f179c007646d1d5db4e31b20a6f738
SHA512 766328747a1aeff9f561b14e0a192c4d8b9cc0db2f3ef779d4d0f352c15891a2a94b0f02b0f7d94aed1ef41a9b8424099c260a628ad3e201a5d9c42de0bba028

C:\Program Files\7-Zip\Lang\br.txt.tmp

MD5 9ff5796c1ce4bb0fe4d7dd908f9dd303
SHA1 80c472c9f5684c75311a9d47b5aec52f8842c1ab
SHA256 dca4cb0792d1acbb5299ca8904d8b2cb8d85e0e46f67c86c07a512bb74380d2a
SHA512 2bac29631bfb0e5732437102193d80039de0a34a85be876f121e4359fe1be6f990e1a5fa8693f85446a9702f053f147e085ba874a6f618bfbbb05cfeb15739e6

C:\Program Files\7-Zip\Lang\bg.txt.tmp

MD5 afa4789c1b85dc1bd8e50984ce22788a
SHA1 ca2b2b177484e4aeb942517bf5ef5b7b9ae679f1
SHA256 bcb14301f224859cbae52a828f3f39e20a1ec59855446776c9aea53b394ce56e
SHA512 1c56f9a1c6721b4c1cd68d0d5b64898748bf6fc1adb426123015abec17adb08c8876f47caace2fdce0287323c68ba8439ad2ca5d7b263179b8d1b983b0a34ec1

C:\Program Files\7-Zip\Lang\be.txt.tmp

MD5 883a4f9d5a9a71afb491aa37069189a3
SHA1 d99410afcd16bac31f1531c697f6d38fa46c7b74
SHA256 b3b7d7a35979b09193cbeab466d2a0de9b3788459184532038c1eb106f4a0389
SHA512 0218d719530564956bb6719110733f366d3f750a8fb22fe851e5b280b71e63276372f61f253fa50ae5bd8cdc15b32e8d0feb9d325cf100e3292c1cb3b4cdee45

C:\Program Files\7-Zip\Lang\ba.txt.tmp

MD5 07ace2c8f602f7c65f3a9209a9ece892
SHA1 746e0d91be6c1da7205958aca35a36ce73904827
SHA256 df21261ee6ef3ec257347f1264d911ec6bd6303f7102405f2d94186d48c73ee7
SHA512 906691345dad1480be1b7391b3e385651a9b9665934602caa61666ed0807fa2a82e05dd4e845ade45fae797e98f42484fbed4a9979843182ac28d28269b831d3

C:\Program Files\7-Zip\Lang\ast.txt.tmp

MD5 0ffdce43cea85ef7595cda0efd6fb494
SHA1 30113b63af05cd818c19146a75bb0a7147cb1230
SHA256 08b44948d572f1d7f86234d2430964e9920b0d164990110b6029c61dd5125037
SHA512 736b75d32c18ac68ff7df52ec1dbc53f27c5b6c8faef28bdc775a67df2fdbf703c9c543aa833d35a9f3e75a6cafb4f651e0f5fc8e44d8606fb0ab4981edcaf0a

C:\Program Files\7-Zip\Lang\an.txt.tmp

MD5 3854c43a33be374890b8686879534993
SHA1 a1e9c956a3b96691b8dab8d8fb29bb6ef38839bf
SHA256 fd90369eb1a8ef132683de667f511533fda13ed18d15af3a946982575b09ea9a
SHA512 435a438ee2990baac87148634b263db378ff597a896a7579921796be02f566adf90cb3087e2846f691102a0b31b9790c5086ddee85338ff06c2f232eeaa17c69

C:\Program Files\7-Zip\History.txt.tmp

MD5 e121b4c9f9e4e477e8c640211111d48e
SHA1 e81fb77b8ac27703cecccb1cfe6f40ab24d682fc
SHA256 b3c5f676114900fedf09901aeee62a5311b21cb42835e91aa110eaf01675b0ea
SHA512 9f8817cd90cb99895f2d832b1b8e298a303f7cca0a78e9832b090b41fd879ad20b5cda5da82923489a6a5720e2e62adfe0d9882e349bf9a3534416d059435b90

C:\Program Files\7-Zip\descript.ion.tmp

MD5 6f596e837d313d286d86387c813a2529
SHA1 05e61f695bf99d354b5f6ff84d3191369b4ed3b8
SHA256 9ee2e01cca2e331dbe22507f4c99c1726e5a6599fb0c9f8f586bdfaa03659e98
SHA512 5a89fdb207632a20b4f45e942cfb9819af9f7b77a30d9e47cc27f9f9dd1616090cefc989d0680683c135855b49c2128278480e1c16c93b3eb5a1e85e6680465d

memory/2884-1842-0x0000000000400000-0x0000000000407000-memory.dmp

C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties.tmp

MD5 2babca3810e09587877b47db41847aa4
SHA1 58222741a67400d8d6bbdb8533048bf0aaac85f8
SHA256 f2d1978577457a54347326b236c01c0b4e4e75b2c65e8ec5443ffddc06f27d54
SHA512 e1eec637bbac72d88defecc327b040ee0e8e5a730abfccc02beda75f67adff3626a79de44629e7f0a497eeff0c15499ba962cc3c303cf71dcf43a49293e1ba3c