ca1ca4bd00569316346c5e8a563ce06c4710ba25f91d3501cc43ae1be27d7ef8

Analysis

max time kernel
151s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/04/2024, 02:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca1ca4bd00569316346c5e8a563ce06c4710ba25f91d3501cc43ae1be27d7ef8.exe
Size

141KB
MD5

b50b25a5ec4a93e7f940f325766db898
SHA1

e2c2dde09c5e2445e1526f81217aec1afadb3019
SHA256

ca1ca4bd00569316346c5e8a563ce06c4710ba25f91d3501cc43ae1be27d7ef8
SHA512

07f3b54980008602065ab57ceeb44203c197e7f656d1bf291a74664616ce09914ebf42197ed53225dcaf6b23b635a805de8678325dd3509fc3784157754ce79b
SSDEEP

1536:W7ZhA7pApvOsOKjC0YSilpFpfkJOM2kJOMIsKsc696k7ZhA7pApvOsOKjC0YSilc:6e7WpXYvndke7WpXYvndE

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1391) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
4732	_RecoveryDrive.lnk.exe
4824	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	ca1ca4bd00569316346c5e8a563ce06c4710ba25f91d3501cc43ae1be27d7ef8.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	ca1ca4bd00569316346c5e8a563ce06c4710ba25f91d3501cc43ae1be27d7ef8.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	_RecoveryDrive.lnk.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	_RecoveryDrive.lnk.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.tmp	_RecoveryDrive.lnk.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.WebSockets.dll.tmp	_RecoveryDrive.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\PresentationFramework.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.dll.tmp	_RecoveryDrive.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\WindowsFormsIntegration.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Forms.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Collections.dll.tmp	_RecoveryDrive.lnk.exe
File created	C:\Program Files\AddBlock.odp.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XmlSerializer.dll.tmp	_RecoveryDrive.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\UIAutomationTypes.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp	_RecoveryDrive.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.Algorithms.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\WindowsBase.resources.dll.tmp	_RecoveryDrive.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\System.Xaml.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 6.0.25 (x64).swidtag.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt.tmp	_RecoveryDrive.lnk.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	_RecoveryDrive.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Web.HttpUtility.dll.tmp	_RecoveryDrive.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\System.Windows.Input.Manipulations.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.Linq.dll.tmp	_RecoveryDrive.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Resources.Extensions.dll.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp	_RecoveryDrive.lnk.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	_RecoveryDrive.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\ReachFramework.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\PresentationCore.resources.dll.tmp	_RecoveryDrive.lnk.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp	_RecoveryDrive.lnk.exe
File opened for modification	C:\Program Files\7-Zip\Lang\si.txt.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.tmp	_RecoveryDrive.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\hostpolicy.dll.tmp	_RecoveryDrive.lnk.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll.tmp	_RecoveryDrive.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\UIAutomationClient.resources.dll.tmp	_RecoveryDrive.lnk.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.TextWriterTraceListener.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\clrjit.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\UIAutomationClient.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	_RecoveryDrive.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ReachFramework.dll.tmp	_RecoveryDrive.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\WindowsFormsIntegration.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\UIAutomationClientSideProviders.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\UIAutomationClientSideProviders.dll.tmp	_RecoveryDrive.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\PresentationUI.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\System.Windows.Forms.Design.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Serialization.dll.tmp	_RecoveryDrive.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\System.Windows.Forms.Design.resources.dll.tmp	_RecoveryDrive.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\System.Windows.Input.Manipulations.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\PresentationFramework.resources.dll.tmp	_RecoveryDrive.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\PresentationCore.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\WindowsBase.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.WebProxy.dll.tmp	_RecoveryDrive.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Numerics.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	_RecoveryDrive.lnk.exe
File opened for modification	C:\Program Files\dotnet\LICENSE.txt.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\mscorrc.dll.tmp	_RecoveryDrive.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Text.Encoding.Extensions.dll.tmp	_RecoveryDrive.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Configuration.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.FileSystem.Watcher.dll.tmp	_RecoveryDrive.lnk.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4596 wrote to memory of 4732	4596	ca1ca4bd00569316346c5e8a563ce06c4710ba25f91d3501cc43ae1be27d7ef8.exe	91
PID 4596 wrote to memory of 4732	4596	ca1ca4bd00569316346c5e8a563ce06c4710ba25f91d3501cc43ae1be27d7ef8.exe	91
PID 4596 wrote to memory of 4732	4596	ca1ca4bd00569316346c5e8a563ce06c4710ba25f91d3501cc43ae1be27d7ef8.exe	91
PID 4596 wrote to memory of 4824	4596	ca1ca4bd00569316346c5e8a563ce06c4710ba25f91d3501cc43ae1be27d7ef8.exe	92
PID 4596 wrote to memory of 4824	4596	ca1ca4bd00569316346c5e8a563ce06c4710ba25f91d3501cc43ae1be27d7ef8.exe	92
PID 4596 wrote to memory of 4824	4596	ca1ca4bd00569316346c5e8a563ce06c4710ba25f91d3501cc43ae1be27d7ef8.exe	92

C:\Users\Admin\AppData\Local\Temp\ca1ca4bd00569316346c5e8a563ce06c4710ba25f91d3501cc43ae1be27d7ef8.exe
"C:\Users\Admin\AppData\Local\Temp\ca1ca4bd00569316346c5e8a563ce06c4710ba25f91d3501cc43ae1be27d7ef8.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4596
- C:\Users\Admin\AppData\Local\Temp\_RecoveryDrive.lnk.exe
  "_RecoveryDrive.lnk.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:4732
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:4824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3792 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
1⤵
PID:3580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
71KB

MD5
fa6d5234ac341d34628e0b9a85fbccdf

SHA1
77bed25afba83946fc4afffc0052e051cae85c57

SHA256
746851b039bcb76b80fbe22c8064307f80016b87e94cdcecbc700e121d20d63c

SHA512
ba5e33e3d2b52a144dc151c6be1ae628b71694c15f5c4d867d92dfdb6e0a9979e14927024ce5b41d954a90a08557e1309767aa3e8f9ba504ac1cba7964263302

Download Submit
C:\DumpStack.log.tmp.tmp

Filesize
79KB

MD5
e90aa43bba29a6bc036e82b6a44aa22b

SHA1
71d07b1a7d7cff3d57f4506d91ad7921b8c0814e

SHA256
7857cafc30bc1d2c8750170d66357b67cdaa44e9c443af6e94ecf81532876b31

SHA512
1834f71e7aa235e4d1ee5270dd35d4f9580ed5d915b7f9889890a2b0324ade24c92a422bc5e044520e200e710d299cc997d98d7df61ab7369576ab6445720c2b

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
184KB

MD5
e8721f414f7d02265f03554dc25ba895

SHA1
7d9a32e06d02da4c86050c0a87a51d31f0800a0e

SHA256
3f77d909de6fa2fa7861eed3082da0efe137d3e96ed874f9079c5f39018bc486

SHA512
c6650edb4f06ce833a0e9c4dda3d56f8bb4069f0258be66f32a3033c6002276201f086dceca7ed2d3e4a822ee01a01697d0b3d62afbb98ab3d9732ecafad6107

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
68KB

MD5
926ff82301662ace5b5e94d2ced67214

SHA1
00638b18e47fd87b4a13f6deeb92bba2a44dff04

SHA256
39fadc6399cc7cd876108772284982334af66b1304bb2564ad0a97e91eed969b

SHA512
a554b9d27c0829487f1e12dd3d8dabf1c51e6e434717c254dcd005c294dcd4ee82f309660bb9dffa294e5dbcdd994c39932024f0825a2de7c97305e64b906998

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
adba0a9f66d1e72100c558648380d3df

SHA1
f856859e48331eca852561b2973ce8122cf5dbab

SHA256
d79d78b1c4103e507a374dba50381ba39dfcbcb8f43a3125756751dee8806f7a

SHA512
f58f3edc8fb4420adead784c8d2391dc3433a9ba7119f6a2573396ce576c18001d1761acc5ccdaeccb12a883cb7d1ddb9b18a7c69d2fd913ab97058fd068c416

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
500KB

MD5
d2d06320468ea2472643b86747b99ff3

SHA1
36835c6a49c0da7237a46e709bc146ab7b9494f8

SHA256
fef3d09026f6b3a8916c1d3c2ecfb9fec544f5dd44a8bc0e4e17978c5e4a4572

SHA512
ba2877c1356eac3ac27d8d8060f79dec32b14398aa0ddba4282f4a9186b51a21101269b23c38168faa2aa6c6ef6bed1ae92cf9ed0198811ce5e11b2e53cfa024

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
615KB

MD5
0912c3bbb87930d0b92e9c6caa9edd96

SHA1
83d790d816301e011852afcdc8e61f40d7038a0d

SHA256
2371e6dad4503d92b1141caec1fa6b8804d122e254283e092964870e45de6269

SHA512
2e9b29571fbacdcb8d3af617ccbd8aeada403c1f03985240b57bea6497184d31afd4382820b0a717ca34dde5bec845e80e6592f6c638e72c6eb02461e7873e87

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
68KB

MD5
7c41106dfa0b37aaf895bd552a73ddcf

SHA1
e7afe7c82287aaac808cdf8ec8c11d8153c5939a

SHA256
05dd594ee2cd0c84ac2161d881d59ac39e5165e6864af78208725f7cf1b4882f

SHA512
aa7d9e6c72c523349e6dbcf266d4743e9f423e3cfbdcbf1527119b3c8693647b5bb6a424a1fe77408c65182362424ccc98f3eb6271d9db0021f57ee7354ad625

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
281KB

MD5
8950efb121cb57afec2321e9c073aa61

SHA1
ead4969e46b44fe3964ac85d8615672ed7c8f990

SHA256
e35b36038ace47e20ce5a76762094b194fdbcf838772d6c17e178c132c339a03

SHA512
07c5193deb9399ebfdced77393d8ac14fd92497e4898bc214eb6d1978dc1c85ce7cf66979b424784debfebc4f10e4872c7ccee2fa946277493d6d5931a0ef2ed

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
260KB

MD5
6c82a2fb0cd05b1bf0eb1638c8c9bbe1

SHA1
088513c31bd43b8da32737f5246076ba92c000d7

SHA256
b796c140bde43ffe05801ba2599f4772ca87a46a5c080d0763260cd4f32d3597

SHA512
d503e730de35bc186141823229f778f042c87d96481b3c5a2a5fa06babb3df014fed1f4a2b960efa7af5de80c6f1a50d622636d152693829f65f8f8c8314bae4

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
999KB

MD5
8c2cc087e7c1642e51578345546d428f

SHA1
d4dc17d5dba6e93a4fee950a62ad0bd78411b831

SHA256
5a4dc2940b0e2af289080fabfd8c0d7c8e6e09d7cf8db13ed462710201d5186e

SHA512
50d30d4fdbd81fbc5b3f928a83b4efc83c32613a148179dda3d41081acec03fd1cdcd86884fcda1ec2c4e0c0d716461fef1dec81878aa16cd040fb1f3cb9a77c

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
755KB

MD5
1399aff7af17fdc349a7f482924a44ae

SHA1
f7ad2c3de7603fc87a80858494df1a86d9c365f0

SHA256
21c0ada5b8e49a25c20325b8e2d4061b050394fcaf25fc9fb2e124c22c16b2d2

SHA512
308a867b56a39480b86e5701966481229e4ee1a65c86b5600ad20d775882ee27075f51d5fd6a9801edf7ccb4847c11e4c28c0ca953071f5ad98f2fdde7ab97e4

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
128KB

MD5
75c0bb0ba06a1d2bdb36a96686e05f04

SHA1
8461aa50ce92559cbde50ad7d0883fce7ac9627c

SHA256
ec5be72aceb7e6e46be05e9e4c804715e051f8d1ec27a75257df1da0048201b5

SHA512
cddea320c85c29c512b77e3ed1c630760e770a9ac038c6ceb71c24aa345eb28fc946ff346b90ab740b2c14b10a22e858fca5d8887cd9d41a9c705352c43d9a63

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
79KB

MD5
6afa16cb839bf22d6703b32e66d3a33e

SHA1
e23e6b2e8419aa462bf5747ac37e7a925ca3618f

SHA256
28226d076528f31137ef852120ec3f7a4b65ac2c0ed2ae4bdba88682e5c0012f

SHA512
71dbe7ae9b447f860553f88a128845e97f428c507e1495824a98ad908226eaa7a8034eb8e31c2bb0f702a77ba888db78eec59ca20dfb46f1e4b673c214f77bc9

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
84KB

MD5
2ade035507f3c9a286809c86cccb68ff

SHA1
8df5a02b51d19356a59154eb2aafa3d794368a4f

SHA256
dc7a386f0a4fb0d0e7b6279d4a48330473a51d4b39b1d5b4d122efac5ebef8f8

SHA512
c625cbe7b2330acdcbaf0e33f35011c9719e61caf5cc1e14253dc4278dcda2adf89736a2723f2688e3e975f398ba4a5c0130bd47c8e181ce7e60165cd026c3b6

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
76KB

MD5
7a20cbd68e77ab09dd7d9737c60185c4

SHA1
9e3c1b9fe4ebd31e596800659fe2f13ea17501ea

SHA256
5841faeafb21f73fa43c17edbd58c5835a6b5d1e756b470a7e246c3f8abfaec7

SHA512
51478d9a13ea4af9fc82863b257b271577328efcaf515d30e12e0585b318c1db4a016df41a5658c61d330c9a7b8e0ce4f59746ceb06f5b7aba4c0d8c44bd37eb

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
80KB

MD5
1ab679280d6d204821e7d6d12e6ba08a

SHA1
74abf26aff972ea57df25b2a4447fd13a59bcf3f

SHA256
79a4a34f7f894b0fbf07ad89fcb94c5d7b244f95c65638a3502196f449452d1a

SHA512
c161ee70e7c3f37bf0173c4c407691c4f7d69c202acfa91ce393bd5e99ca9f6cd851fca2f4a6ad50da795fbeb9de6710f05edc5035e4527b9adc764d21b3b23f

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
86KB

MD5
884825739fc111c3afbed4106316125a

SHA1
e0af30b19d769c7362c8f3299bea931d95e9ee76

SHA256
09001e5d554d64ee9800875380170b367c3871d58bf79f1209f6d2a5a8908e3f

SHA512
524fa11bc5774685675215984e59ab24ba29df62cb12f59522a76862f39e54ee227535a2c57deca1255676e9d963e758edd906603c585db5a57bf9c43d86d180

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
76KB

MD5
6f847f2f3c4c7cdfec25445648aa5b1f

SHA1
9929779d37d303b616c1c36dc54a70c3173f8fda

SHA256
0f082411bd580a3129f659111455b3b53ca3aaf9ab7b568d74dc62609356c727

SHA512
dd66c727bfd0f30096ce45068298263ba3e0b1606a07b8384820d8952500534ff0eb628e07c834af6269cd02089ac3d5fc2a5773bc98c9c84aa59dd7b007ab25

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
80KB

MD5
61752fc03a7a65b9e9c7ca382334f715

SHA1
a5ae30dfcffa4dd9def72002b07a2a8e394c1158

SHA256
2655f50110b79652b2365dda9b109bcedbacca18b3b40e01920e49060f6957f9

SHA512
12be4782b1b8f033315bf6cd2b351cd6316a2e29da9db6c7c1abdadaae4053fd6ca248fc7587b666054e9c0d2d5d3988785d5f95ab2744d36952af5cbcee35d0

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
79KB

MD5
f2b4cec290f01ee74d51761dad4f04f1

SHA1
80b50802606326c691d685d23ac2bba119e76eed

SHA256
7dda0993265e66a7c0e15750d42b9a40160b8ad4c174939e63bddab71b552150

SHA512
cbf45db0561248a00398f2fdc87a54295b2c279bad92398bb9885c51d99c2582c983eea3023fef8e440c85fb30ac140f5493402fb2349c635caf8e1eac57a923

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
81KB

MD5
ae2a74368b70bae6844854e044980ede

SHA1
1d2df0fba2f64921a83c97a0a26c670abb72c31d

SHA256
bdfc4dfe142a2aca5a6fef48f3553bfbc05210b4d3b7ba4970db175b61caf86d

SHA512
329ccc561b3878d5ea4a9f8e41b489cb360678ff7cf083403d0c4db0ae27d79e5e251f22152ad16e582bfa316dcebad48ba29a02c4255b2cc5550a0923dbdcac

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
78KB

MD5
2a0319e50659a989437254f1fee9feb5

SHA1
6483ae9b2b8cfe3ab3a8eea74f03833ce3ff1c05

SHA256
7e38f1905486192eb8b7118812158cfd1430b8e72d719445312aba1fe3f92ff5

SHA512
c4b2f7f80bae53898f2c22a0a945f02f3c7166c39bed6561f3626f89c9071b897c1107375ac1b193a986795465d7fb910cd266555a085fecca8b7f304e3966e9

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
76KB

MD5
329481d3bb6d2baa52342a712338308f

SHA1
e1bb72962464e8a3bbdb643438d27ed514882b57

SHA256
3d99e4a14a66009d1bb934e1c890379ab25654a96e6234e111294535038a2032

SHA512
516392cf00f117c97755283596fc575ab40df24b486391a62949df72aaa645b226170ff05bd8d7c554316106046e17825e4c135c616c5e7978a59f499069f099

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
82KB

MD5
768b1bb1ab659bdff0ccd58e3da08c8e

SHA1
211d2f288032d5314efb348eb40c41495f618147

SHA256
dab62c7fa65eeabdf6e91f12a463938de161de12759ada076e05d965d8ae280c

SHA512
c36c78d243273ffc5233bd1c65d3b9a295ac5fa50f4e21e4b1e1437a607bf643f90ed8598f94939c99dfe866908394e814407f22dc7635b4eb5d7a23508fea16

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
81KB

MD5
5419aaa05133d0d400f49a058afb82cc

SHA1
701bbab2ffed277e5fcd8cfe984fdc195779c6db

SHA256
e69b6b53e9332ee53c940fe2bbf45b4ca810311f73db4548d9425594c10b1b01

SHA512
64e30ba0b2d1d61bd84fbdc734cb328d382cc2031445fd3045b72dca92936ade80c050b30ae1c27ede7d36c09be0d6e21343c27e9791661526b9cf5129b087f5

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
76KB

MD5
15ccb866d7f52f16cb7ab09e8bb97f3e

SHA1
68b54a13be7ab80e40160961391fab681f637916

SHA256
c422fe4d8999835edaa8490870cb156d489df5b66424a663a4b8b79614ae06ad

SHA512
695f1a5df956c4c40f899f26ede4e0c7802a998ae22736eefd1ca1400288f9fae49d5997add2ed1f6bbe28a7d2977aef01af360083702781d65f8cf7f86aab86

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
77KB

MD5
61b2b900d03f9779ef07f34bf6d33ea3

SHA1
e99fed9c055c5ab73f8c7b50abb0ea2083a84fd4

SHA256
c36e53d2145da10136d50277342d90f77ffe0ac6d3aab2509fe5b9aea87202dd

SHA512
21f3a17787633bd4e7f4f9dfa2bf360839ba372dd48601b1e8be8cead16bea9d3cf8302c9aed2d446648b3d2837e3b7d4ab6c08b9e83b285ec5f9e1e72b42538

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
77KB

MD5
719c2e0ba98920fa824ad5e44ee56eba

SHA1
f60a83fb14ccd24f302348a5016eff17e49bd4b5

SHA256
7a49adf6e15ff36fae4be45a71800e29ecc1689220dd93103877bcc6bfa1007b

SHA512
098abf8a66e3ee64defc36614b1fe01475e314ac5cd3ef06ffdbb869b2c21a696aa0b19b4e1848ad40fb6af3b1eac2c969ae3761b6f995f2866abb15ef2ff6ed

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
81KB

MD5
07b5c120b51e84b10d9bf0c6fb33bda6

SHA1
a6388994afd242294f3a978ee14cbd5e9f21ec93

SHA256
cff66b91058f8d3c53ab604a172c4cdefe38fba200c54ad9f050fd51c86028fe

SHA512
8ad2f7b1994a8226d44b1f9e4b4281ba85db412ad212ee49ea7aa4e36dda70101e05e3a80939ce27bd661ce4ec69305c1a6992e613c6bc19637d69fd7edb29fa

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
68KB

MD5
50e1473fd2837aaf830f05523bb96287

SHA1
0c7472da22d3c946365c5e140932d0e3dbe6c01d

SHA256
cbf3396df5bd7dc5403051891f293656ba1b0a2c28e73e5931db17e98bbc41e1

SHA512
d126e29e0551db1af02d317aafefc77a7984ada4b1f1024c7b0b190f2d5c1c32f7c707fe5974060e735c270b0fe49590c1f108955d616995f9386f9b7df4a7e1

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
82KB

MD5
0cbd55e52ae4d489fddca3a9ff797465

SHA1
99d837dacfc0ec59b3a415faa60a133851918e33

SHA256
180e4c854beecd9037c43c8e0a2ba248658895e726903ff9b3a953fec6b5fbdd

SHA512
781d85ba2d9e76c46a35547150ce92e89e10a1907321951264a61031920ca1483ffddbafc97e69259bcf9d17abd437490c48cb2b16ae3e900b6e3d8e32bed1bf

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
86KB

MD5
8ab70018f55674e2deb6e298f00b601d

SHA1
3a46ec92fd292b70f53406e86837c2777b906b59

SHA256
efa87ab435a29e642a76375c450d79a853362b7fde3d0970faff4dabcec81598

SHA512
7050e80d9a50aa2e033aee7d65ec99d8887858b997fb722845e09542bdd47c49d833005e9767159e7a265ddd94174c202d943e349b2aee5ac3211172487d1b00

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
83KB

MD5
b76032181114c5227eddd48e6969f33d

SHA1
aaa68a99a97014f05e6cb1172562bf4fa1854ee4

SHA256
ca7eba63889573e16c34c283b9f0cde41a1d88d89ebcec22a5d0022dbc17cf96

SHA512
45924f4561f78b9a97d179c14474ac5c5c34304f59990160aa79971f68e806bef39c25ca8689e525b5b8f4329604380b0fe79ffbc3ac7eab0755ac42d272edfc

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
80KB

MD5
1a49ac75b13909a7eaebee42f47e2097

SHA1
1e591bf0bc4231552ea2514aa2e598d736ea8d78

SHA256
e0f46e7a734ee3b29498239ec91ea81e32fc939eb02972700a584198cd910e85

SHA512
a294bb5dc3fa511baf5fa04d916e42621ab826b8a66778817b854b9a2ae3bea7b5b75268141c31d6e604fb49326f6d6325d65b8d6925afed0b5f67119c98c821

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
79KB

MD5
aea695d42181f5577fca554091ea39b5

SHA1
57c271c52febbc00255cf164f0e255fa1d5fc47d

SHA256
a81ac547ae406019bc2febf817816653de4396dd352a1ec5a3214d876124b028

SHA512
a09350e6ee07bc2ce6d39ab892cd25f50a1dd78438834c3acfa858023748bb9331c1e3c32a2f1a617f1c776085d1041279596bfa42fe637db59f344d24df561e

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
80KB

MD5
d0b9e54f7ca0bbb3b4da35d090f8764f

SHA1
d03c0c1350ec549d9861befcffa3938d6329ebf2

SHA256
39d1ab87c7fdeb63c4ee0f50f78f4dd2e6a1fe44ce6f8d8f445dc2d146158a65

SHA512
aa1a5abdf8ad276a3cef623f8c06a48bc527e7f55e77eb635f5ce57e1b87a091d0c7f3c98c797e685fc0261c18fe7d3cfd2ee58cfc2eeb2cdc250e857e6f6508

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
71KB

MD5
4d82a3f8231a2b0be2e40a557d60b803

SHA1
f2af62080696066695c25454a1d8ca325ae9688f

SHA256
d6b9f93dfad1e603920615676a4fe1ac81356a451c31fd54570966c36780c675

SHA512
bd7ba197cdddd1d65b5f66165f6ff4c902a21170f7fb437f6dc9537523a9c85351d24f5bc8311a8e995713238dd0a9eb162def948334c5cccae7be29dcc8e82b

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
83KB

MD5
6854a37426ed0684853a59a91c7ce49e

SHA1
d06c595d8c7c43224bee72ecc7c0199e2aff43da

SHA256
41413b0d58cd90ad9ca48a83ef9ee67a7e88b2b81f3e13275d825a923831560c

SHA512
030e7b49d959e7e7ec532fbc53f8c1ee1a714b458dc247d25dc93edb0b9de5004a7246f33dc5a39ecdf71e931ff3ce76c22d9f226ead9ca9e4b6bc0c7b588f2d

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
79KB

MD5
d86d78b6f6f2bf3875aa47c528dd5295

SHA1
6e2b372d16a22559419ce9143292ce376fe07046

SHA256
b466dfeece65add2295539f89424960c96c352e37ef8d334b7cb7b010a7cabc6

SHA512
a5d709b3390ac6c786c30f4367ec035f17b5fd911b3ab23323dae19738ade3acad2a8d12d1592c90f4c44ae679ca60211da49bd108f682c5056a834d9f193cff

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
71KB

MD5
d581c36bf88f8789cc8fc3264cfcc0cd

SHA1
7cbc75277bfa2493a29365d37a891fb3e2105978

SHA256
911723517725cfff6adaadc173cb12a7371ef46bbb31b1e3e72f54f2de2a3882

SHA512
8d3e4ed261695d7aec5852c4d8f2056179fefa102747216bbb4f669a97dd5cdf361be56d289aa920cf38553f36c2f5b7e7d1e745f3d67f8e94d02712465458c4

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
83KB

MD5
fc75f80381338c1e9153b323a744ff3c

SHA1
066ab652a7e107bdf566d65f6d0e3ffb1e012c58

SHA256
ed6891fb70fe4d80fd4f9e84a8884409bb8fd4be323ce7c79c319c9d45cd013e

SHA512
eeaa0d6fc55dea05d7d5a6c216183062e5781511266b7c8b36b47533c1fef1ea389432f224a14cb9e47b51781ccb8ab9de014f4786f2297739b5367dd4f87c65

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
77KB

MD5
558e7812701ef57f651f6b6fbad1dddb

SHA1
53655ad8917fa2bda7a4162484f1367503192417

SHA256
767805c3f325269bd893545791914817a70d6616249c4dc3d148577f8e42b415

SHA512
70659bb4751dc3523177adaa4c083046f84151016561ed7080aa82fa293c2c6bf7400f6b634de1ae6b7a18c6e1a7a10ad4a1ce7b5566b093859ed14f29fd35ba

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
80KB

MD5
4b8f016c695715e82938ec4f59a80075

SHA1
138ff7e6019be986788fa5cbf0f0b4895f1635cd

SHA256
f42f9f78abf75f163d14efdf7c9dd76a19c5528fc9068b1503dbc3ddd499dfef

SHA512
7572f6655459e518d038609636fbdb4e7135cbfa36824b71f1c0901717fed65530703b39c100e3507b9cc07fa9a94bbdb2795cfe45dbadbdcbffb7f8f491bca9

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
76KB

MD5
8c409137397d7855ad9b55639ba07806

SHA1
0e2f775ce6a220b9032a113216c3ad7cf2cd7c11

SHA256
2499e1f1907c54b913d1715618d2bbc48c77358f7ab7957f27e8caca1162a435

SHA512
efae65bb653e686ebc291c0cf129e7ec67bc5364b0e3afa01b7dc9bbfc9efcadfc64380e4e721ec0911d725355ddf1eb23535e7ee38d6297cc80c25edc4b0f58

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
80KB

MD5
1a2a42fde0330736f3e372e1c915cd7d

SHA1
6e118a885cb8b60323b7240c995224147d4b000b

SHA256
20fbe632d1800b3c7d57b95766326e31cf726a2e8f94db4606d667683c51237b

SHA512
2a91c777a01582fa1db88216cf6cdd6ecb6e409526be7b0db8c00efcd4016f699b6096c31cee1afcfe0875b2b31922783a7dd1012b448f01d4e3fc1d6af3d63e

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
79KB

MD5
142526e00d3f032a24fdf4ca8b94aea5

SHA1
983e85f11970019de6394f09556c36e36829a9aa

SHA256
725636ceb573fb30d07f2d724260bd5f5b59d0d2e8ee64eb49f451eeefd99c30

SHA512
5e78880ba265fe2732125537389087577ba23f76fcfa881410d7ea59c449ebb4e533ffa9d36096d589e9c26d7e579f7026225961ad083c440ddca1d543d2fdf0

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
89KB

MD5
036e662586099a7e410035a2d01aa71f

SHA1
e020a45277f3564ba05c501897434813787792ac

SHA256
94f2c76ddba03663e8988551dc6aa2c73eac24276196b4c5e05f09bc226c1fb1

SHA512
7dd9322c3f6a7a532650f21699d624a2ec311e82a9f975f758f978a4a18ea3f054201623a874994949bbced2b56ef503aea73976a3d48feceab3300d4115d4bd

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
71KB

MD5
a0fd7e03e03686b4e101e1920ac258eb

SHA1
677202f8407b89ec7e6a7bf4b2340f52dff2bf09

SHA256
fe05acf2fbf1d5c77ce1564b15c0361ca4f0b652d3c76efa9e63adb6dfe03626

SHA512
c357f633c7429904534dc9e26889b8db0530056d9d6fa98f4bfeb605a1ca82899fb61b46579b7ca48ddd83945442da8441150c768c709f1f1c739298ee3ec3af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_RecoveryDrive.lnk.exe

Filesize
71KB

MD5
9a98e618e5232eb7b22f5e557b5b4341

SHA1
a6cf59323230e2319b82dfe02ae0918cf379fd26

SHA256
3fa971e329877803574bf44d14e45c93bd7c2180d173a4fae8431ac27ea3cbeb

SHA512
13c15362e85a4f0d12358e872809d86784e13276190b477f1fc6fbc87ad10879c5dd5e20d093d7d640d17b001e19fb592184a41d1c3ee0971fe7bf098d916bf8

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
69KB

MD5
9628cc538bdbdbdeb6721ccd4dc5d509

SHA1
b211582ab0c79acb4534e7d69a0cc7977da77e86

SHA256
a676c26cfd6038059a0e5e61ecd0910ce3b828495cda34add6c2a08d5e326902

SHA512
880eb17f4edb1d51c07173b345772566f03ed04249c774a2b4d46c8780df77b889ce75425e91348ad0b967246ffeee33b7014048ef915dc90cfdba302fdaa916

Download Submit
C:\odt\config.xml.tmp

Filesize
72KB

MD5
c4ccb5451ea1bac5223db768687e9f13

SHA1
a5bba9ee2727bd02865f2e5c931cae24472f19c2

SHA256
04de477b0acb0a234060edd2e9813944a4aa2b3d7cfe81af9604db01a351d190

SHA512
7f165f177066a3388ad7d80f9e8c12dc9e6959327437f8cf31990ca93ecd47ba300db26e7eca9f1a217d3e795a3bcb7343fc5608f7ae52a35688735d4db3d7d3

Download Submit
C:\odt\office2016setup.exe.tmp

Filesize
5.1MB

MD5
0562bad1ef9383349b75db96d3d525ef

SHA1
6cd5b78f8004465400f27d5a724e14196f885706

SHA256
a456fd0a7d2fc8aabdca396f9445ea5ded338caed30343a35d40e634ddb6544f

SHA512
24bde708f58afd902ee237bfd1bd2c4b7c730faeb9b1bf18fcd5531906959f8ec921cf1a5e2d7a5214b184fe0aabc594584b7c0c1df0ad33682a38e07001db7c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads