13c59a4ecc3c888405382c7b505b424db32778c3a828dcb075b8cffa6022a09f

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15-04-2024 18:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13c59a4ecc3c888405382c7b505b424db32778c3a828dcb075b8cffa6022a09f.exe
Size

149KB
MD5

3e6e6a35b8811ceb3be81f73c5b036af
SHA1

44e4ef275000160b1f89377bcc21cdc36ecb2804
SHA256

13c59a4ecc3c888405382c7b505b424db32778c3a828dcb075b8cffa6022a09f
SHA512

6dc74b3f24c9cd4439e8a65a2f1be08c43880792aba0d4c0db0a5be6b817f1d5ab93081d6c7ae017f6df98443c158c1df382399b81439c8a10bb5570d7cdca89
SSDEEP

1536:W7ZDpApYbWjnWf05PG0PG26IvxvWyCUyC/7ZDpApYbWjnWf05PG0PG26IvxvWyCt:6DWpDWYPxPTJe49DWpDWYPxPTJe48

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (2485) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
4348	Zombie.exe
4416	_.arguments.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	13c59a4ecc3c888405382c7b505b424db32778c3a828dcb075b8cffa6022a09f.exe
File created	C:\Windows\SysWOW64\Zombie.exe	13c59a4ecc3c888405382c7b505b424db32778c3a828dcb075b8cffa6022a09f.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.ReaderWriter.dll.tmp	_.arguments.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsound.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\deploy.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	_.arguments.exe
File created	C:\Program Files\CopyRequest.rtf.tmp	_.arguments.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.DataContractSerialization.dll.tmp	_.arguments.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\zh-CN.pak.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationClient.resources.dll.tmp	_.arguments.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	_.arguments.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp	_.arguments.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt.tmp	_.arguments.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.Xml.dll.tmp	_.arguments.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\kinit.exe.tmp	_.arguments.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationProvider.resources.dll.tmp	_.arguments.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationFramework.resources.dll.tmp	_.arguments.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dcpr.dll.tmp	_.arguments.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.tmp	_.arguments.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	_.arguments.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Claims.dll.tmp	_.arguments.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsBase.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\mesa3d.md.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\tzmappings.tmp	_.arguments.exe
File opened for modification	C:\Program Files\dotnet\host\fxr\7.0.16\hostfxr.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.dll.tmp	_.arguments.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\psfont.properties.ja.tmp	_.arguments.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.AccessControl.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NetworkInformation.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Input.Manipulations.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.Editors.dll.tmp	_.arguments.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Primitives.resources.dll.tmp	_.arguments.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_fr.properties.tmp	_.arguments.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	_.arguments.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.resources.dll.tmp	_.arguments.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClientSideProviders.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\Microsoft.VisualBasic.Forms.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\ReachFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Input.Manipulations.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\host\fxr\6.0.27\hostfxr.dll.tmp	_.arguments.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	_.arguments.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.dll.tmp	_.arguments.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encodings.Web.dll.tmp	_.arguments.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Immutable.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.DataSetExtensions.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Mail.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsFormsIntegration.resources.dll.tmp	_.arguments.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp	_.arguments.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\jopt-simple.md.tmp	_.arguments.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3476 wrote to memory of 4348	3476	13c59a4ecc3c888405382c7b505b424db32778c3a828dcb075b8cffa6022a09f.exe	84
PID 3476 wrote to memory of 4348	3476	13c59a4ecc3c888405382c7b505b424db32778c3a828dcb075b8cffa6022a09f.exe	84
PID 3476 wrote to memory of 4348	3476	13c59a4ecc3c888405382c7b505b424db32778c3a828dcb075b8cffa6022a09f.exe	84
PID 3476 wrote to memory of 4416	3476	13c59a4ecc3c888405382c7b505b424db32778c3a828dcb075b8cffa6022a09f.exe	83
PID 3476 wrote to memory of 4416	3476	13c59a4ecc3c888405382c7b505b424db32778c3a828dcb075b8cffa6022a09f.exe	83
PID 3476 wrote to memory of 4416	3476	13c59a4ecc3c888405382c7b505b424db32778c3a828dcb075b8cffa6022a09f.exe	83

C:\Users\Admin\AppData\Local\Temp\13c59a4ecc3c888405382c7b505b424db32778c3a828dcb075b8cffa6022a09f.exe
"C:\Users\Admin\AppData\Local\Temp\13c59a4ecc3c888405382c7b505b424db32778c3a828dcb075b8cffa6022a09f.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3476
- C:\Users\Admin\AppData\Local\Temp\_.arguments.exe
  "_.arguments.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:4416
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:4348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3198953144-1466794930-246379610-1000\desktop.ini.tmp

Filesize
75KB

MD5
d23d4a46ea6c67eaed460a2c252fc752

SHA1
b53396bd93ac17977689d35e21e37ee74e4aa238

SHA256
0c8a70e4e6ee68764ab40e36e618cf057892b1b08a7c50a7356fc02095fad449

SHA512
fe67664382144b11917401a38cc7c99580cc6d3c8863c05ca593e4b1addb1f7773ea1d062084ebd0350b7fc21c2764b28f8dc9ce956292b849b6b58178c3e53a

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
186KB

MD5
c24e0c7e31258a784e1d1bce400273e3

SHA1
77e5671780d0d9ccc3ae65f4dca6c8c6a98d782a

SHA256
cf8579dea71016569374e42ef99d2d137318ee0fda1010c86148d3ffc2da9ee3

SHA512
9000c753d2d826bd956fd62a0b9d5e80bce1781f86c8f8705f0a796f5df7c3048636a4005a507c26fed8ca3168af3c842a791eb0549b4f9d1217f8cf52b2fd17

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
173KB

MD5
e1a56f9560ee0f076b17ae936a3520e3

SHA1
5cc24644f2d717ce2de294095d259797df9530e8

SHA256
5cde628f717ceef0434482cad2400e090cc905d07a0b8cd0eb89183862791bce

SHA512
7a338fbd6b100c70b76dabab7d8c9732568d428eeb19e162b400a1eb0c301b559441ef3107b95b959b0d5c3c393fa15598f6910bcefae6d7c5c7364619da4cac

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
139KB

MD5
e17e45ebb555681b2cfb2ab0c34e2a80

SHA1
8c86400fe784506cc2dca6dbd4de387c75814d4c

SHA256
3e9f70ab262929710d731c1c728d0594735a903d5b89cf3ef2c5219b7d9e4412

SHA512
22c52153185940e8cba068abc6a36fe7e217f30cee9c52d2145a371efebcd6c32b0016a950eaddde0fbc982caffc91a5f8f4f2c8e19938a5003c0d04333f6aea

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
8f5dec2671a0edc3a4e4e5f655e79f9e

SHA1
564c89d4f7170a1988de84a70fe745ea24a383c4

SHA256
283fcc467da1561d6a18e72e759d6b5e7a31cd6d05bd57239767861dc640fcb8

SHA512
64346e410ebd251030cc98028bd7e9f85b402a650c635a8ee5e073902d2701ce3cd800d194252a135b79d2c6d8c9b631b759958d549dd6b2d1df5762124ddf68

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
79fdf2e81984903fdb5b8bdb3e4069ab

SHA1
2ad8e138c73be33cadbd4362b41a2994d224ead6

SHA256
bacb3db6d6ba94aea92f416c0c08c3c3c0ec0fac2b8d12d8ea1cd4af8f273b64

SHA512
445003563c2450781aa8dfd14e2acb57e324a61b29f5bf7f1f2c3057b57779252e17e5a6980ed85001737c5a0c50f8d11008fd6c59930519900fb754188043e4

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
618KB

MD5
3a41cc1007fae1b2dbd441aa3da77417

SHA1
e87150b91d948a1d28c5564d981efd9252a4c85a

SHA256
25ab8f1ede5e2ab245f9e7cf2529231aacf2752939622c3fc2ce0675f297fdcc

SHA512
f27f13758c4e2e5a4f62f9363fb4c259cbe85dcab144fcd9c791021e3b64dd780a2c83b0a5334668826e3ec9d47b407a297b7fe9ab647ea4002300af287eed29

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
1005KB

MD5
84e18901752497e9c6d93111ae1c71f7

SHA1
42246e5665e6500c7ff6bec94bd8ef72142b6d0f

SHA256
86b822098ef3f31118f69f2633df5f0069f943e8ccb1b9a8bc473460c3665a9c

SHA512
b6ba111ae51820a833b7888781041dae15d0a1bb6cb7be74acab09de6832bdf40b0df9276514c7d315b1e3ad856c57321477fe92c39cb0c8e06de53fbf4d83e5

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
1005KB

MD5
21f263861a46a1e64f4f89627ae6cf29

SHA1
22959367c0e5096eb1ab3aebfa4a66638e4669b9

SHA256
72dba9292b4849e2b4a9b7962fa87555c2fda0139d23b52ffbd9b7ba4d9f346f

SHA512
27b762fd42ca6e4a5798ec062ce656c8c3156bc0d70e3db3c3ae3828094a66197c3441bf2811b3d663b18dbf1e8effc4c5f7b084fa652f1a0878e6eca2f73938

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
758KB

MD5
b352cbe6eab57ed7999a5a918224db6f

SHA1
0126b75df7a54a9ed83df8e9a9d96cd913fcd0ff

SHA256
3ee635f2e6468d38fc3681aa55efa525bb7b85649566ad9dcce044ab8866221c

SHA512
e97f0e75628f24a1d458f42468e7e55e2690e0b0291e4abee175bf20c28c081a5a7abd2ec28cc300d1771d5375e5750739a22042da4dd4523e65a92cc6ee5045

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
72KB

MD5
d3302aa3969a3ab5cea6dce927b6430d

SHA1
9b0309755b5dfafdf63e9a90966d5c5c26001cb7

SHA256
823f06b9deaa833e4c028d661aad9ed33761300b2c7c9391403ff9cdf9a80707

SHA512
0803b5861df3a33f2cf879f1db2ba1967f8dadd6dacfcf21d10c4a4beb33668c4067f62ec1db6c56b5ce6cf5a8bd3e622d23c71a45b272213593cb9249b6ad69

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
81KB

MD5
d3417c8caf229244cef1a415ba816936

SHA1
bdb7bb52d12dc62ca4e462f4725a6f32e868aa08

SHA256
d26c5abb2fd7dcb56b35f125bc9ae556b06a271068cdf0c6de26ec0307b0f9a4

SHA512
fedc52526d90296257d2dc1d52288079421de735c31858b1c9e61932fa5200b048536611dd0e5d2354ba00788dda2099b7b53dfc7b8107be4412c726e2d2e0b9

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
87KB

MD5
edcb26ba77e9fc966ca50d2a147379db

SHA1
9b8e8d8931661b19a3c596b2b73a5132772a2b1f

SHA256
ac38d7bc901cf4ba0c7fb1c6a7e9e752c68f6f5a7554a9828cb3de7493c710e7

SHA512
1bbe471a59df2149d18d167e25aef22b2573bbff6958e5305daffd6e54185d7092dd33d68431b888eac3c07d98deeafa82081d2e03a157f3fc0a89dadb8db876

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
84KB

MD5
462b893e6c322f61e6f6413e332fc2ac

SHA1
44b7beb0162bba6869f4addcdeabf2af58524783

SHA256
8a568f2b73d01e7033ede277194b3e7250a0c6407283714d76dac0dd6c1c3fcd

SHA512
6577a925b1a9c04267417586d0ff5f73126fca54c15064f1f724b8b16b86472df0c4ec3251e9ad07a38d32f81f0081f9e4f25dffce9386f127a118286dc613cf

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
85KB

MD5
40614cc340444874044313627b2bcd4a

SHA1
64eb995ef04417068cebd8bebb280eee7631900b

SHA256
a16b3617225c3e07d4faefa8b3d9201f8b946d4221a57a977c1176b43fd85600

SHA512
24c50d42fe92244424c4a545740a747a480d71393bf517c4809528a4b2c7f3ddda13aa3800e0efd2b5f63e0dd880223f37a502aaed152040f8ca134d4fd33b28

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
86KB

MD5
43c3a28ec15a71705f1725fa48a9737c

SHA1
9926a222a15bd8c66695cf8818106904d092a146

SHA256
760b2d7be8bfbd5acb5270ffe300981491a650078943e5d98e6597d0b3cddcc0

SHA512
70f883cc543bea3c77337bcd095a26d5278028b00f74c9fb703dcd7397a1c9fc6a78252caa336c4bc46b2fe83a7fd4d0e38045a0f5f80f7b7bbe2058766372bb

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
87KB

MD5
f1b85c49a435dacfec724db66e914486

SHA1
13e37cf936320e7cbbd7d29ad75dc0be8062466c

SHA256
c64106628b662c02cfd74cb5346433225213b12eb773c352a67e00103ec855c2

SHA512
e5828bda68d5cbdd79a7885458b522002d92daa03c863c7e2782c8140887fa5ce89f43a268f57fdda4adb71d42b3752dabc93183ccb42aeefa7876afd4e82de2

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
89KB

MD5
987f8aaa3e4d823212e4128b8e4c56e5

SHA1
c4d018fea18b56af5aa2136e3b6f402eb497f537

SHA256
c16cd34ad72f95b5426d3c427868b4c22d37e520a656482f6258be8c63e0f374

SHA512
2662011713273f8b49747981c37951c635d9a07e8d20f8f830a9e967bae6264450a19850fcb70abbf0a6b301812137e3095a2706d0b1e2bae4902c50a0d130fc

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
80KB

MD5
cc3b3d75ea2110f0c926a33139b060a2

SHA1
1bfb2c9b257f09e66375a2853a9001060af9137e

SHA256
2ef7947234cb7ffa1d503f32d8e5a917d5233facbeda51205549d8101c9530c5

SHA512
4dac10fe4655f4bb92dfe83b5dacfa4ae885e16b8542cc0d89df4bcf0141446b2e64194cf7d6cd079d4335b105b61001335894e40b87b65468b042f537a55037

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
84KB

MD5
c904d9d3c8b32e2de88eb7c425b1e4f5

SHA1
5bb00af58d536d3b6bcc82b8b6e3018d47ec81d4

SHA256
e8b5ba870738962d89ea54020e9e9e3440d836bb09995cc3b2ee72583f661fb4

SHA512
85ad02405d35ebe9df34518b0b0a3dd7b8efda3b65bb7b25fbc32a16e778d94c863a7e5be76fdc7844d4eae73701f1f4fefba9d631c1d20effd706f8dd62567f

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
82KB

MD5
608785acc50bf683ffd3e77b66c5ece8

SHA1
ca3676a25792c89eadd0b64210110b4a989b6a12

SHA256
b30143485828160b3bcad7ac3bf6f4064906f0a6efec4898a4331dc171b1b61d

SHA512
e698dc4d9cd69885caa377a217dbc824d7fa2fc4ad627fd17535c671f6c7bb0860d9832b06c30ecec23a96f6ff30690643f739decd4856162e659822ef66279e

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
82KB

MD5
9afd58b202e494b9e34b915299db9cd7

SHA1
9f7247022b44214782a35b4d9bc1d25f8c943f3c

SHA256
452cfbc56d4a9c170bc51274ca6db1f4ada16087597d6999d6b81d21b1ea1bf5

SHA512
90848b5531027bd22ccac52ed2582997b83b0243bbc9a1eea30d43b4ed3a6d1611cd7b1cddd2570cdffd0472234396ecd7b73afd0c1f88eb81c414661fe9a5ec

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
80KB

MD5
983e38296a9a76adaec8732fd8f7f1f0

SHA1
e22b3d16a2a38a0bc3aea286657b08ac7401bb7b

SHA256
9ab8f720a7055cc6061bb59deec1967a22ab2742674824825ade423831720baa

SHA512
9737f6925354856002766f02b6d585ffccc12e51271fcec078c55ecb12aefb7ae15437d46a6412e22e7617a7a7190d6f75e4c0fb5d828911d4e2c3888cbb4826

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
84KB

MD5
8fd53df591847a20a6fec6714c680c7c

SHA1
fa7347cce0372fdfda73c4bed32319d8dbb3266c

SHA256
14b2a1175bf60d1e6959fe93bf8f3fa4501342e68044c3cf984b8d687c032085

SHA512
8c747a1b04ddc16f5d4d6ede49a7df79a017998ecd3a0c834e8a4e4dc9dfdd28256533184f800a70baa564dbc1c9dbc71f0a35cf3e61af80844a7309b6a037f5

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
81KB

MD5
7a6c66f3b4c2b6af9d8abc2aa8866f9a

SHA1
2fa6f254ad1c420f704b201a45d99f6ea1dafeed

SHA256
ef637c9edb6616038c11e1c98cbf8865e19470a0b276fe5d7cd025027d83ae04

SHA512
824bd9a897ef23f8c7cc4693319b9300c2461e2d32f39ac0edf1452abc82452be53a87d142a8fa05d54cbffc2e3397aad0bd860904241904840a80dc66101b8f

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
82KB

MD5
7028af013823abc45cd89ba5a87030fc

SHA1
de096d26c328c8e40e6935a27a09bae30c6892c1

SHA256
60d109752d3c690471cd373f1e00306ecf2b5bbda3dbe3c7a9f9636a1569524f

SHA512
fbd907aa76b7d6fc3986505e4c5f8094de887c11cb3e13d47d7f8214777d5b0a6c11dd109a3d166f8275e3f32e3a4b4844250de98b198c742af6313838a9e3bb

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
20KB

MD5
2f060696d5d3386595279646a7cbaba8

SHA1
11bc04b68a80cfe05ed0b3f13d77135cdda27e34

SHA256
d01c08fb49daa2317d9e7065165281de6250be65a837920fe62e27faf567adfe

SHA512
2734a1d99130232704c0819a8ccde2dc4bf6209e36775989c2defbb7901858141199ed0347737f5574df778b500a40b8fd16e542272273f21c908f3513d492ec

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
82KB

MD5
4faef5a7e71f09863843dde7423ad83a

SHA1
55bf1cb93200b7d74e04daa1f6f41f7ed0423470

SHA256
af5c95549e314c061b14e0edc059c00b128912135a3116a2b2194c7f564162e3

SHA512
41804fdcaa99b40e60796ab047b361562b3fef49ce61b4facf3dd7b894805eb20bb93ba9347cd4a09ac3174b9c24d460b21fda22f3f46200f9ddea8b62d8a052

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
80KB

MD5
d548260f7ed108bbbdff352a58f95578

SHA1
1bf03b7cecd1b0992477138e43ca1f0a79e2805e

SHA256
145c512e5a4eb4cd5c5b59dd073a5c7ddaef16ba12732ceba5765619fa1e0318

SHA512
0b31522d5fc5d3ef541f0648214e281ab48184a108b98baa105b56dce0f9906593dece5bd6bfe031bc6ca33ec4437e6706876b4412399adc15828434b06a61f2

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
84KB

MD5
de4a783e4227999d8c578737ed26bf4f

SHA1
93ac55d5b821bdb8fcabb64b1f6d882dfd7ef244

SHA256
9b5cb5cdb66f20c1433e3388cc425aa630027152e998289dc321ba49e1040f06

SHA512
4ede45b260df30fe869949b6c8f2958c81f1d932ef361617ce01cfe13cc19eb89def160c8807baf2cba0a888856662d77deae35d2b5d7c2896ae98638669a239

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
84KB

MD5
520ec0ba4249610fb3a82cf3aff41e23

SHA1
b58724a5d4f4d53eecb92ec802dded19be67b924

SHA256
9819ab2df3dc08cc349b7f530349aeac2f3defc3c38547ff6d9cc84068509bb3

SHA512
6fd31c2141de8a0ff7ee661191149a83f45d1d02575c8e7ca6f654130e6037eef7678e030d5e8bccc96adbc8eba66c083076cf7811aae6cf1dd0c6aa3e59786a

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
92KB

MD5
07362a80ad8cbd950d086826a9062875

SHA1
ab48c1c833035f826bb3765dc40c5a0cf08cd1eb

SHA256
de040a83e9a4d88f34ef8677f892c6fb1b6c26fc12899efed91ac7d40967c521

SHA512
48a9b2c9efb7769199421b4169044991e07d207cfbc9a7a76af304ab8c898a06477e57e2baab97c2a7d4892b249bc4f696f628d070b080fea2a61e576df4daf2

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
85KB

MD5
0843d792830b28fa440df316095f2c8a

SHA1
a58e797898ebe570e64e43fc96db272321c367c0

SHA256
bcd2b8fcb2039c48dcfac95c5207103702ed4932bf8561b191f82576b9f5fafc

SHA512
e4acae4de3f1820835322aa4ed35e299b72235a19b23ef09d96ea1eaaf9dae947fe5f236d24230ad30bfe3ab0ee9e73c26d0a2a4e7b18496ea9901f06db44a17

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
92KB

MD5
383b3e0e24324ac8e7278e23706d9447

SHA1
09c144a21617ee7e8ac2d7b38a915360a04d69a1

SHA256
8227d76337adfb522d64f8f2bc8c14dc530a38c5aab8a1eafb374ad58eaf51a0

SHA512
d6592c522b57d7b9934dd0fd378f2ea055724596f5b27b299a9f6affdc1f71f279b1f5b42bd1f186896b7fc982269ce066dacf2cf3575c12644d5f0c9d1344ef

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
84KB

MD5
e7deaa78969b296347de83cf0cd11236

SHA1
c0e1962f9c3629060c8d25e02d96fff74721efd9

SHA256
afd0e8f177763e2ebeb68e4e02a4087338610be8b544c390edeb7025ce1c665c

SHA512
5ef24b897b28ef2f1772ba5a13566d569ecc4de905170d71f9f04d9453e6ff4be482e3232874cc5708fb08fc6dabb1cc4a0c5f51be5f28adeda76f10a318d86a

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
83KB

MD5
58d96338b57884d956fb7392b054426c

SHA1
5bc3532a661df161b6ff497a3494365d277ddf27

SHA256
33b17866008a508981c1bef011078a31d0c302ff07675d4790d77921bdede43d

SHA512
c1eba295099de1931190fd767f5a20ce94243ecd0818df470aae7c63ce666252c9d87e441684dc0c45c83a1c12c908d3faef1833eb2b1236afb24bb4b52120eb

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
84KB

MD5
553a9a64afff7a4709661731ec150e90

SHA1
21385a9104ee6b54b9d79fc6f6f19f45c5e9755a

SHA256
4155fe147dc571b0462ec9b037ea0b9f53631f53553e6038f8aa562e5295fb4a

SHA512
333edff546c923f84f21d22bf65838cba78fd90317eb0be901b6b90773257dc99936a515fc4c1adeaed49fb05763f1f0078f6fd6e9f9def9bcb8fbf92b66d621

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
83KB

MD5
2af2f3d4718b7f34a4827a5d16a69bb4

SHA1
c56e7cf61476530836807f6a95f9c5731fc94ea3

SHA256
cca1989ca2ca651ac1143ae8c0a33865004c67a9f2688b74fe6d8e363dde4bb3

SHA512
6b750a8d6caff6ba25e058b9886afc20a93c256dc49bd3725f22fcfeded71c504bfe9dcd6bdd4dd7c13728cb0bbd41a34353128704cb9136c91c58198bbb16fa

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
84KB

MD5
5453ec1d8051a70113cd03b7da38c001

SHA1
32af6b25193e62f6de9b716d1daad543c4222de6

SHA256
895fe638c2bb8c7e8c8830638f0a39f0ea5e858b29cec0afc7b9dc3c5f511879

SHA512
37b1a8ed4cbc5e50ed8bd1b8af628f6888cf242f37a68d6f77f00fcff91c60ea9cbd9a692eaa2470ca21a054e05711f7df803d2c4646f5c7156db6c3ed2c783f

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
92KB

MD5
ef2a2f62f2c9df0182c30e8220e78879

SHA1
cacf6333dfef06b1c67354963e75c14a34330ef1

SHA256
494bdd6fb1dc5444c772d6163ea14c925008099f7bbfec10c7632f1625c4e708

SHA512
088ec665f56d9582dbf5ecd7f97332e9789e2162f6a186b8f2f535ce15100b3f6668f7271c8308b1a4f09cfba1763af87979f1fd5242c691729dd49839f8a1df

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
82KB

MD5
4d1520b385a12165f51a6f4a519eabab

SHA1
70b980cf564fd19d1b322456442f9cee3ed37c88

SHA256
c7c67d0a18bffc590ecdb1fee0721f61ba9a92315efeb01227a67d07ecf60a62

SHA512
0544d07d101940ef8334c9a24a8e392ec3b68d8cf138a4b08817996d69514c5076add68806b15a51a96fd7cf90a9df7ee4c2e015681f05bbb34db9707fe45614

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
82KB

MD5
8e542f5831761adbc71715fbbd3ef490

SHA1
b742c0cd1a4aec1b35499e6a52aaaa38b1410522

SHA256
e661b0f5b045fe631699a6a769e7fe9223c0c4e774c509885858b919799b28ab

SHA512
3deae44a422091ab35bc2ef11b40bf4472bf0d0e48431b475e2253ebb013b017762ed9d258fcb1231163e4b2e9d619ee2799a947541d4d17b55c00e94742e60a

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
85KB

MD5
afbe82a0b13d12484816623088ece4b9

SHA1
abb2ba5c4b1d8784c55c5c51ed0e111cb621e1e6

SHA256
f385f49cd77cd47b5360457b6895985f324a90b376f42f69fe223ef9187439d7

SHA512
73a444000f54dce6ce40b81c2268b2cf30a535f522a85600f3ad9c0866997a4077e14c2f4a13b811508426fda47ea9edb55919407b56cc10b63cb77c96265a5b

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
85KB

MD5
14176179e30d8ad093a9d0be93f20ac0

SHA1
83ce437800503a6de4010fd3b7fc16d6debf0b0c

SHA256
f05e0c935a29ee1ce5c6240eb176e8f76a1df1abaf0349c17fac6491535ae039

SHA512
1b13b74a2067bced8040a908dd7341d5c725698c889da2d3dcfbc4591de7d5837cec86beb39634779b6dca1344fbf7b8f98e46f8122db9015f6d5270e43fb117

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
86KB

MD5
280a37da685dd7529f30b61ba4d9b03f

SHA1
6f3e1ea1712457aa4e16c4e289e900c8ead5f4a1

SHA256
34a70d7fd6c21e26055ca5b6011c9ade1a51da0eca703f311db2abb3b0667fbe

SHA512
f223a96451ad717eb220011e5d18a16922a1462917bc982446e8c8f31a3c9943f25c7dcb3498f552101a0eb275e9cb764b81c0a492b94567f9d32d3555aaa19e

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
80KB

MD5
3c0cfdc97cecddf010c54a88d8ad3415

SHA1
9a29eb5cb3b3cafaf5593077b9fa35c6f6101874

SHA256
cd7fc60646b6dbecaab7aa643dd1569a843767fb7c4f7fd49bf789ed9e5dbc82

SHA512
b57c4ec24e09373fa2863c27d75bfd5fd9904e26d7ee4ec9adad4227fc33f86cfee3765aa226b4b1f77164d5972d9d1967a2001acf1acf03b722fe42793e980b

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
84KB

MD5
f3280b6b3c3693efd57be598319ed30e

SHA1
1a40e95e7ee6896e0be2b18867e77258258874c8

SHA256
6d57e915c4f3eaa65d8448e64f65cb2ddb29976bc18d75a3e664bb48e0d3752e

SHA512
d97b9fcec69d63c0494fbe5bced090d62626849fa86020ef8b4a4d28ac4e312b04841bbcd13ee41172b0b71aed656fabbcab0aa0636f1c69f6373fad317018ab

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
80KB

MD5
a95136284d915cca22dfc9caa842e6cb

SHA1
519254c8c7409b67ab4b67a1cc8e03d0b773b9b2

SHA256
38f9f1ad8f40ab1b986c3ff4c0091d5096b534e0ca864343f8781dc03d7c8b35

SHA512
e55fa8089a2f03929ed9e8e9c172bf0e76c52260bd8c615911d9d45b6f5bdb61138c9b6013b95d2cecec582acbeedf4416dc48d45ef63cba1dc951d529c791c7

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
82KB

MD5
338a289fc90ee77863c1f621b0346378

SHA1
edc8c5c89ddfe1b82f9f0d24806ab9181d5bcaf0

SHA256
f67215a1c3349fd3c05522cd735f653c7d396b72ca7df4f33a9cbe45d55315ba

SHA512
c15b8dd90ca7118e48d3cd796660e53422aa3de9d04a7f76523e9fccacf70f362b27383242f12cd01728fe701dffd712718e73511f26fdc82cf6442d773253a6

Download Submit
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Debug.dll.tmp

Filesize
90KB

MD5
4a21be01e82ba818d8c995d6a4a1605b

SHA1
0b7aa004e7fcdfb8a73e63ce67a1826d134e7f1a

SHA256
8da7d31eef6596cce576c2b9a064956cdec84ffb12400147c0adc0d028630c48

SHA512
b18a8d01417f09a76b3aadcf2d0920fcf733d195bcec3ef3f0635b5839f054c1fc9f1aba624d7ed7d98c866850d51e03cbe37165a0ad19cae6d290305ee978e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_.arguments.exe

Filesize
74KB

MD5
e42e46ceea4052cf0385ee366a705f0f

SHA1
705722a8fe883662448c4a14a5d3458a63838461

SHA256
be982ad2408bbbf0b1b7e5f0d7c151b6f89947a6bb6696de4cdacf6bec2fe597

SHA512
4ba6f9a11ef39e97a09f861fc227c568ac4bc224381892f8e58ba26641cf8db0ccb248d138718f499e1685ef3d0cbe3deb3058925596adc390ea2a2f5fa923d3

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
74KB

MD5
556e27a8b0798677738c4f503c444606

SHA1
9317306dddbd58849bf30e54b13dfc9c5fcdd5fe

SHA256
2b056f620b694d8c8f1f59c5293f78babc3272208d506bb9180f552595da058d

SHA512
3f1db9995607da3dda67a83781e96e020239bad88850d34bef2729a3382a812c57a02e3b2ac2eda648969dc4dfb74e229fc0070d8073d5b36213cbda25d66f70

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads