63aa8a49c27fbf7e4f1148eb794939d916da28a491f1ca2064c9e44b3fa985eb

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 21:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63aa8a49c27fbf7e4f1148eb794939d916da28a491f1ca2064c9e44b3fa985eb.exe
Size

221KB
MD5

3729dcb1d01b0efc189b0fb446910936
SHA1

0b0a0cae17d9bcf01ec6a1a7ca4a17763999cb0c
SHA256

63aa8a49c27fbf7e4f1148eb794939d916da28a491f1ca2064c9e44b3fa985eb
SHA512

d3cf4f756275e3afb766ad18a25367d1a793e824dcfbfb5fa8c012debf0f8288c67e31e9a24ed8f4ebca29d28689377d1d3be3b881dd5f083131f5872182b963
SSDEEP

3072:6rWpcOPxPke+e3fFpsJOfFpsJbgE2GEJdwJdXgZrWpcOPxPke+e3fFpsJOfFpsJC:tFPxPke+eI2GRgAFPxPke+eI2GRgl

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4864) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
4764	_desktop.ini.exe
3520	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	63aa8a49c27fbf7e4f1148eb794939d916da28a491f1ca2064c9e44b3fa985eb.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	63aa8a49c27fbf7e4f1148eb794939d916da28a491f1ca2064c9e44b3fa985eb.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-string-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Primitives.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.PerformanceCounter.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClient.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN111.XML.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\officestoragehost.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-heap-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationProvider.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsBase.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\v8_context_snapshot.bin.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClientSideProviders.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXT.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\JitV.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.Client.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.Lightweight.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-100.png.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-pl.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Core.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encodings.Web.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\en-GB.pak.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Metadata.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\offsymsl.ttf.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\jpeg_fx.md.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Primitives.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\snmp.acl.template.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\verify.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.config.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Channels.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatching.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-80.png.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\NL7MODELS0009.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.Messages.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer_eula.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-timezone-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-util-l1-1-0.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemui.msi.16.en-us.xml.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\cpprestsdk.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationUI.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_F_COL.HXK.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_TW.properties.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash.gif.tmp	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4396 wrote to memory of 4764	4396	63aa8a49c27fbf7e4f1148eb794939d916da28a491f1ca2064c9e44b3fa985eb.exe	83
PID 4396 wrote to memory of 4764	4396	63aa8a49c27fbf7e4f1148eb794939d916da28a491f1ca2064c9e44b3fa985eb.exe	83
PID 4396 wrote to memory of 4764	4396	63aa8a49c27fbf7e4f1148eb794939d916da28a491f1ca2064c9e44b3fa985eb.exe	83
PID 4396 wrote to memory of 3520	4396	63aa8a49c27fbf7e4f1148eb794939d916da28a491f1ca2064c9e44b3fa985eb.exe	84
PID 4396 wrote to memory of 3520	4396	63aa8a49c27fbf7e4f1148eb794939d916da28a491f1ca2064c9e44b3fa985eb.exe	84
PID 4396 wrote to memory of 3520	4396	63aa8a49c27fbf7e4f1148eb794939d916da28a491f1ca2064c9e44b3fa985eb.exe	84

C:\Users\Admin\AppData\Local\Temp\63aa8a49c27fbf7e4f1148eb794939d916da28a491f1ca2064c9e44b3fa985eb.exe
"C:\Users\Admin\AppData\Local\Temp\63aa8a49c27fbf7e4f1148eb794939d916da28a491f1ca2064c9e44b3fa985eb.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4396
- C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
  "_desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:4764
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:3520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

Filesize
113KB

MD5
d1d975ca81c69dafd3ea2c319943e165

SHA1
4502332e117f523d2c26ac903f6304194627ca04

SHA256
c24cc55e4c2a30cb404c35e46a0d4db09fc2a040031f44389a524cf9432c32a1

SHA512
ea6822ca25d90cd7cdd4494056ea21b848fa6a524419d444838699d2619d1c5d10ef7301c7142a2ef8d489c18d61e1438c1eadbe138ea4fc139a3b1a653931fa

Download Submit
C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp.tmp

Filesize
215KB

MD5
0c5cd8d38a5b4cd6535a0416c3467b82

SHA1
bb3a81fd57276871f45351045575fcfb65f7ef1b

SHA256
ca5e26628b83dfae395d839893401f576b24a31962d9559d2e377f3389552364

SHA512
a4c62d45a75b427111dc7090450c52923f2a3c0d92a1aa1ecc4a06e57bd848a6365e6f7a6040a8988c8e3d598bd92408abe0904ce25c295a98837839ba4a676a

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
225KB

MD5
0cdbb17928e688f8651b6020beac0e2c

SHA1
2f2114d5fd6677b2fe7973874080dcbf961406f7

SHA256
97128dd3b9c47fc5da01cde0959b5eaa9b3470e83161299414f7f594eda7474d

SHA512
e1df6efbe57cbd5885ff35f3505f9f46587d5b585cc79519480d2947a3161350ba9c7216a564792339463e4d1a7b55e0e5bfbdc9ce58dd100d0ca739c4a26dbf

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
172KB

MD5
c134712738b75495865278cb67d05b1c

SHA1
34be27424fe6863250c1a062fb51bc17521b21f2

SHA256
baea4f773d2fb09e058a6fb4a28352b544640f8cd0a5f975664ac21cb6c1d047

SHA512
7fe444ae18d6d8a69bb43dd7b84d3d3812c60f53b245d7ff801b661f6c96184ebc0ee0dfdf862724593f1a62fb72164b3cc342748e15da3660b8d35c62acdc34

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.9MB

MD5
6a8016a22be2f9040ec0d7545debf78f

SHA1
273d2e71d8170b3257da37b950e26a86d70dc8f4

SHA256
9edfcf6629fc87c750ef52356373e566729e2eea2a4d07ba89af7b846d17d660

SHA512
cbd6d80e387ce7fb64f16a864dd42548bdc31ee142fefb1540d211f624449432c3626f4bf5a042a375825b711fa8de33af36cff3af32c0ca440f721fd98a434f

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
657KB

MD5
25deed2f2c8b2c31e4cc87e7642e3d71

SHA1
ef666f975c44c89f2cc5bb8298a81d50aad18b7d

SHA256
efe0f46d8241250676d13aa0be5e2c5cda9b43d41f130c71d0e3212ffd0645b0

SHA512
64fb8a8893786897935c59789a88abdcf1d08bbac6dbbb5cd86b1f1907f91a06104cf9e2e90044b4ddfd6f661a433a58e78909a75bddd97fae976e28d67a0848

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
301KB

MD5
aa3f7ea6d7f7464dc30ee54d940b60d0

SHA1
eba84ef159ebf6cb00faecf433397f07dd7450cf

SHA256
81e134a27a4c524b3f793ebad63648f7996df00564f5624566961ea3f91f4cd9

SHA512
cef54d209170a8fcc155af21fabf33fd9d1fc8b49847f63db6e0bce3a8068690db9dd5105382badaccf4f550617db1e119e23717aeb060d8a27f8dc43b5691f4

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
1.0MB

MD5
79911cec5b8d44a8033b19e5cf0e65bc

SHA1
794ca692202afebc3729de49c251c299c614b9e4

SHA256
bf82dde1fd646a66a8bc0796417992c63c19b622f4228fe20f9162ba6151acff

SHA512
a6b7dbcb2ab7366bb7b4203f57f115dd413cec064d0e1b69dc3a549db58d746d453b68416dd3f5aa6d7f53d925fa54a449dff3ba0cc579e983ec5a1f701d7f76

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
791KB

MD5
9d52b50d5dfbf75540485445447db099

SHA1
a7752d23650572fe0c98434dddb2b7d2c157177f

SHA256
d0bc60517f67d1354ae140a32b256dee93bb989076fafda96bd3a873685b6e26

SHA512
705b37c830603883c1f26f6bbf9173296ca6c9b1aab5506131518de3efb12869c688bc6806033290ecce21b05b690848ca05a06c028d7a0c44fb8d933e1eff8e

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
170KB

MD5
cdc46d91860cb1c7c2338245a4a166d8

SHA1
c69042be840fa3a1955117a26514ff0ab68fcafc

SHA256
dbabd032a8c71e0d58e4f0f6f7911c262b5510194b09b2e717148caa332eb359

SHA512
a0dd9a475acd83bf85b60bc3e83fbf28727a82a161113366557dafbb46c8a19bbbf3466472744cc1b4354137ec558686c897b38bb7b5f3dc38bf43a570227719

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
123KB

MD5
1d86fda67562b122e8bda871883b0989

SHA1
434bc25fbca8e9f84d6b8f0f6ce3efce329ca9a2

SHA256
8d9284af6487b90358ae922994cc41d0a59c6060a04801ddc57a926066d7a961

SHA512
1c6aa76f296cc721fae7a9cf68a845670177fbd687bb1000c704d6c6cd24f18325a84c165e2bc338fd3be1946c81e0c2e397935c1af2705768bf494482709966

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
120KB

MD5
4433d197f44d6b15942c16dd67b94159

SHA1
9f8dbff1386a1977924d37d5e3f124c2d9e24dd6

SHA256
d24266320a4d3ed8dfad6f727d2f4947fda5703d71aa69670977b35930bae8f0

SHA512
0d76115690e0fcf860269e958b2af5929c8a30dde3d58971c950d4bdb74cebdb1fcea29e408dd882dbed63a60cbc5e2ed0c847e4438ab8148bf2c2d293b127f2

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
124KB

MD5
8fabf091aedafee41ea3ab4231fb582a

SHA1
b02833a83ffb81d3b5ad50bd65d8638531c8d00a

SHA256
2f4620d7a42ab7a9edc99290adef23ddbc9b5aa6bed510baddb347e1e3b77639

SHA512
b44a25cb6b96371da0ec1be917060efa0ee93f6ccbfc5088dbcf6a668bef6156908a870b12f5a219c269d76fafb7fa6e5f96cf67acfc79d713faf8904bde34f3

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
126KB

MD5
cf64449b24870b88244f104422b9af89

SHA1
6af5c10ef94db92b54cb070fccd3f9aad319f512

SHA256
f84ed6ab43de4d31028e8b92474b75d8443de81ffb948922865d44b91ffdef83

SHA512
095aaf269a24f6a542cbec42cf6e4399ce5f1a448c6d31563e8eb768cef6ed9bd559dd8153dea9c0c3aeb7fe6474d885839792c609303e429fc49674068e0ec2

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
118KB

MD5
789ebf571d6c84f95a909b551ab5ad25

SHA1
74db735baac92d3ecf4cc6734cfa2d9e928f0873

SHA256
c7cde84da69e6b1bfcdc60ee329804904c8cb2be50f50723064ac2b8181e0e7e

SHA512
5860b69f2923de9198bc9b9ca589767ab42d6d754a7f72e6e825123ea42f6cee4a0fb239a660551546cda02cfc837e2433e6e4dd15d5292147bba802f9c10815

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
123KB

MD5
18cec11236edadeaa63116040abdb8ae

SHA1
3f8ea4ac10ad227add5a79734251629730abd4d4

SHA256
5ba42325f83991501971b1d1bb6b7f597d0a22912f308fbec563c3c85aea504d

SHA512
5afc4aa37b19d9bac1d601781b3bb99cdc1fb3a11650c6180842d37f9b1f063a322a6e970f8372ef5ec4ba6a4b431727c0143d232b89935b919487aa0c3ee3f3

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
116KB

MD5
77a68bd2eb41b6d4eb2c9f88bc7e3e63

SHA1
b8e7361245cdac2fa5e1a15a592ed3ef1d7d6a39

SHA256
8cb714e6597706863d9da3230982226c1b8f6c9495140709fda577ff615116b6

SHA512
be706c81f32c1138496719846bf9549b0be962a770e35debe6516aa6c32c4b806bce6c46b55b15992fd4486bdc82b4ac8d8e01cee5f50df2c6ff43e9fe12d087

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
113KB

MD5
3102656c37738319b6674e7b973b40ca

SHA1
ae4896985ed72db0111176be601de9ae9bcc6ebc

SHA256
c2e2f15342ac1515a79a2bb2dc0341aa83bd89a928780558f058858a9655ac6e

SHA512
fcbfbacc6df9f3571de0614619a7ae9b9ebc697df9c2024c36b7c5f90f9ea9cc772474aa5bc4c42158ffa21de04b03737d8d3edc60b944715e94d0f5f1eab9fc

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
121KB

MD5
a6133c1e8c73d9bf02a42a5c1b427727

SHA1
04bde6bc4e3af49422fce36695606d1837eaace8

SHA256
ccd3a79eb740fe58b82bb01d43eb037f42ba23023cbd45fceb99a8df74094101

SHA512
df9c3ec4ac1894b71868aeed87b1cf4c411ecf698effe74ef48023e4f927fa5e12cdb9ae13fef27572d4d6ac9159a443ef9360769d49710fe2d1da8b91516306

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
121KB

MD5
9ce09dd134ae57a7a1cb5dbca168e2c4

SHA1
6566b74956335e0e2af194f12cad0675a4a66960

SHA256
3339f683b3c184483a83edf2ab9f5f92b8af6c29e86f69e79982a0c5c786739e

SHA512
48e102d19696595fb3f9a773809feffc6dd7f66dda662114a845d164ab8a52b7d4b71ca775ec311920fe21634c35f514c547e4a4558636551bce3a9c910571fa

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
123KB

MD5
e4762cb34432a3df353ccf2d4f486f74

SHA1
44dbb89256223e4a0a73990d47060ae4a33b9b49

SHA256
4c66ecdbf403765d39085566c8dd14c9602de0463d718281ca10625e2d8bbcf0

SHA512
3b76d9fe032a633a86cb9ca14841b4a1349f86b02ed0f9b4b474158b990a539c90475569f67bff97256d214630a6077c0736cb83c3fe9d1b344e77d8d5e224da

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
123KB

MD5
c5ab170d519a2001c80a287af19681ca

SHA1
c688c987afe8bbc7d878b9347fc18822224dbf99

SHA256
fda5d90109937b82ca4aa6a4abe17ae0321b1bcbfd7879d95ec83df5aaa9b606

SHA512
5ff359311005ff77ed35c5c60d49a615ecbb2a9fbc0752812fc375ab7da1b553c27b9e2e2b6bd963155a6c57554e64f4f7efbb9a2317991398db0ee247bbc3a9

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
120KB

MD5
ad40e30b283a284de1ac3e013a6d2f55

SHA1
3854f77943ac216dd95352da462f9dab6abd6860

SHA256
4f13e000db6c1e1407a09281897513ee910fa854a153f5a94bb41eeb903dfad0

SHA512
18821de39174a3184c86a83d3f3ec4b7bee5aabdf16015d92c18062bf3d2c7cdba082dbaccf29984665ad23d1b6226003d08e4c33908a0c712d92bad1d6f7fe5

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
121KB

MD5
7d4420497b175e6eb76f0fb48ca1cd6a

SHA1
f0cc3e0168a4d52dee819f8a5a52772e53a7eec1

SHA256
7fc5d7e59f5ecbe7e80dd649089f344933e92ccbc1879c253327bb85b2402ff3

SHA512
b69bb8da9183f6378c6e92ce60cbc8262401a49e2274a9f4df54784fb226364b8a4f6ab43106e9218bca8f83e39103dcf1247705befdc6c6b578528fa0e7f446

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
115KB

MD5
f6d1dea374ee882cace5fad0a945115e

SHA1
d4d6c01bdb8a75e3035dcd6991bfddcf916ca29f

SHA256
c907eb0c7fa535ca9e6e81f9516e33e86f39acffe1caf0ac55f0ed1b25538a61

SHA512
9c8823fbb04f52525502f5edabaabd705a9c76be4d062f94a081477524599ae79dbefd419ccc52f2a4ef654a92fa16e4635d3c85e6e1e7be50b4e847ff4fb191

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
126KB

MD5
04a1ffd71cb29a6628c89487144662ed

SHA1
3ffc6a8b2c6615f7faeb94332601c7b44b9fc56d

SHA256
c474291a500d512bcb27624a8f56fa323aad35d394d7ddafa967ce2e183c26f2

SHA512
a1e91a0511e14b5df8013a4a5ebc79a9241cd5da5b172c98c428e186d355e556dea7d679f59942c570dac84427eb1695a25f53bdd10648320b447144f3aef0c1

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
122KB

MD5
afe2632637b37cecb3827f8c5e04c609

SHA1
dc787d2c17c0ab6a0959d9853e2adc1403bb19af

SHA256
2a0ac8121050d057b4b9d3eabb28c30e08bd6d97c3ae62b83c02e453c2e3707c

SHA512
bb43b6d81f374513cb7d0147cd991f54f8fe1577fdc78edd7b6404677adbd71b529d9d74f7c4650e6ef4febabbb9baba2c11e1fba1bcc77132e8ee40e36c6677

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
117KB

MD5
06dbebdf54641ff44eb8e4e941144c20

SHA1
2ab5f870f1ff08cb604729610ac43ae4e0d7fd22

SHA256
35c52845235975baccbd948293d19bfc4388a2123db953edeaac79f4b5a2b4d4

SHA512
79cd222129fcb9e5ce986b698d7a88a7c9d662fc77b0a81cf33c5c95c8ee1a19fb508d5a9d3de96a9e389d4f715d15de71fb4525a162052a5fe752d1f6c3c60c

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
119KB

MD5
9ec001394b3af6071d5cee3543a91e10

SHA1
cbbd2b9ffe4382cb32d9da8e1971d1c6080d24a4

SHA256
85e66af94e3f7f0081351dbf1e34c7e9f889ddae7a63c44828563318b5eca62b

SHA512
309cffbb6b45542beb0ec75448d90cdd825ea0916adfb2f45bfe45e5adeb5c65e1cb545aaab2c4fcddae7c4be7ca380c6d36cedcd27615a36dc6162b2721e264

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
115KB

MD5
30b04fffc53f2ec0343719296a138dd4

SHA1
819b6316e8ebb1ce98f4ba0015fc53c85dd5347d

SHA256
6079f2033a99045cbf71e070db6d00491d37a479c70ed7ce880e2d4b1c4e97b2

SHA512
1143e195c2a11ffac8ca520eb89cbeac1e626ffc571afe0086df2833e39b6ffe15140f064eb736a144c8252ef72065056ab1f36a2e6c842027ac01faca9eece7

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
117KB

MD5
ee03dd3c558c4d8bd4410c31f1824a9d

SHA1
dfec98b63ae2bd99ea3ccab2d205194b91145f25

SHA256
c1648358d79990e8d0cac87067ac9415db50ed8f25ffe28b3e20719668f2c841

SHA512
75745dd384355077b4672665f4f764d244cebc28a9565fef86f4550b9165cc0fb14e4dafd75a2d59ccbe3c9bcb16b81923a16aa7dbfffb3bdad82ded7c36fac6

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
124KB

MD5
825f5125ec877aa8f891de478bc67b66

SHA1
5be9bd514a4f779ef3bc9068d147194d4512edd3

SHA256
8f3c7777738e1c206d9fbe4662854d8c0c8afeda85d4d064c52df7bc7bc4b149

SHA512
057c582e1bf3d03da48b3c556e18383e02c192240768803941dc30af38f10f564f501c8c874b24a97810395d0178305c27b48d354c34f4d4c226f1ad931d4257

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
121KB

MD5
9a26de76761919caf1ac071576e67728

SHA1
8420a8b120519da3ff0514608e166ebc4ae813ae

SHA256
01f94663a872f65ee99849872a9d237d6bed171817428e88ca3c6f3a9c1e0f0e

SHA512
b33ad5b9730c94aa46278567c944254ff35563b5cd5e51fef48969e5c06dd34f53cc6ebe6f5ea51cc9e0edde95e858e1bc3d539fd60193a688773658fd471b80

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
117KB

MD5
2a498b4437e4618616c96d1ef85d75d7

SHA1
f5f12e2631b0aff8c84b51fa7a52fb04a7b51525

SHA256
b1bdb224717a13128dd936eaefc23e6a2ced5a153f6931f953aeeee955c4ea66

SHA512
ec497c2e3e5cc3bb241876781d192586243147d850ab1a8ff05f4d083427cfdd70f1e9f00c8e7d5f2ddfef0c2fb1e53addad1c346bbb14298b9dc9388fe2c404

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
127KB

MD5
b81811e7097addb17fae4772a4206641

SHA1
91d27b698089af4c64d69015924e2de25a6a539f

SHA256
ca7fbbaec87767f50f5c29e8007f331f51ae1c1e78ae4ebd9465859056380ac2

SHA512
795188560df93086705d418ddcc628e7004f4821337cb6c5f121d18daa0bcc6494a4897e8b2cdf08d39c8c0752a754afb7ee372ec23f3725092edf5e0ff174c1

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
121KB

MD5
3f698cacae8e2996df9e15364751fc58

SHA1
f04d02dbcb484ffe2363963bff048cfe4c3610f8

SHA256
9f593096cbdcf5536edc0564849942eac05822c3f993e0be2f1fef6547d1a0a0

SHA512
38983911c10f59d5b3c0d2f2fcd325b8a49fc2a3e3b09d489ac8afe9e9cf19d54d1c1d1546f7c2a09ab23e3abcc3d154b27e1e8ddcfab6df3c959d51d6ec30e7

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
123KB

MD5
72eff6229e14d62fc8af11eccf70064f

SHA1
d4d0d82eb0e0a5c6cff8b06025d748691d8ff2c9

SHA256
c200ac59c49b3ad8d951cbba9d0da1699f11215abda57c68620306d2629d0643

SHA512
af21ae4264bd2438c5479dcc288a8abf42428b00f3e2c63f9844b1386b4cf7f7e548a9b1e3c119ade939c642a0448414d0c0639f1d291f1c96fe6796218d01e3

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
131KB

MD5
f0913718697cc7f31e5b6eb6c8e989ed

SHA1
f68f793a04f5477d0b3314d1e01f228947197db0

SHA256
d6f3244794a4fdb73ae4be9e59cd1c2fb3e19a699b7100302fdc260446f9cee3

SHA512
32ba8aae4bac8db796da50fc12286f2c8d664f3532d86de82989a5a9d9ea38be761524aa8406201ce17dbb0ac19597d6df68226b7d814bed4fb6025308e01faa

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
121KB

MD5
0fbc866435707fd220bf1d2d147ba346

SHA1
77fbc8c029b79a7e51a161a445ac8e88beda62e6

SHA256
7f8e5cc83999fc133ea6e56ee8b450ff56bf8aadddcb4548b0a9816a5785c224

SHA512
ec121782ca454388b323c2d9c7b93ca460cd271017c588a23a71fc1d64ff0365c4cf535884f2d78307cbe49aca1c208603219693e28c567fb80f81d1efea1fdb

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
121KB

MD5
3d543be6e91a957b10ea2a24d87820d2

SHA1
8dc013275aba91db3e6fafdb98d22433782917a4

SHA256
b1467da6e049d76230233c332a1c808b084f10d4613506ded3b821e9d3360798

SHA512
0bf887a7b8d5f57c44048208cdd28082958d843e127335e9f4666d362b5e1833c6f6f6e54f17754792200581afabbe27d4a7d4d58a68cf5c3af5c593fd43d7d2

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
123KB

MD5
acfb6cb9ba60ce4a2a27930a69d19366

SHA1
eba3f799351bc643d60eca36ae9fab28c412a40c

SHA256
f469d1563ac96490a32f71134817841bb2fd5ca0269d25e303480da18be328e8

SHA512
439fa47ffb0bd313b892be1a706ceb911ddeac69282f85166d76619c824ef244c2cbe3977b2a2c174d70dca3792ffa95e637d060a84c7531109c68abf0ef2c1f

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
113KB

MD5
306bc5783982f59dfd364918f026370f

SHA1
d2c638f855e8dfdbc20d760ae9da0234d196224e

SHA256
f9baf89a3577af4d91b4520910bf42e6d238a6b66f52e85ae18cc11d65bbc1da

SHA512
3b3b9138a4c8bb5c3ed6aa04047ca6ca4ce6369f5556d9bf4761388ce0c65c3a65da571fc9f81d5bff356c3470c5451bc509561c0aa41638b97bf2e4bc2de483

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
120KB

MD5
1f7e978632512f380e9bf55d1318fa6c

SHA1
143ff425cecb70dcc9ce45adba835c964c320ccc

SHA256
76ef5d90258fbbff9717e382ddb4503c1292bdca656e093ecdabf1ab4ccb2182

SHA512
b654725af82b8a52bee6ebd86ecafc5f5e8a790a2957cd4eef39535c608828793aa0b47bbe73d9eb116c6adc61212526d7f56fa53baff513ff26f42e524ad5b1

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
121KB

MD5
6b66c8df9a8183d7bc41a9466a1ef2d5

SHA1
030de3f6f83902a49c485f5e488429651ef2c6e9

SHA256
4b6b2d8989d42be5414e0520c667e3de8327eaf4b7db29b33cbf1db75d70308f

SHA512
b0ee3f6f2ed78f26a28359e47ee2b8eb5d6d17dcda2d3272e409736a042bc3ed985b94d24ded7cb372d0c18a8ea62589887c693d45a8e6cbbd4a5fe5351bdbc6

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
133KB

MD5
3fbdd49176e0d724f7017c5d1472e5ef

SHA1
43010f80f7a816e79fe348c78f84da33d94df315

SHA256
044eac141100c45d147f35958c0f13347aa870241d2947cf856babab29ec5402

SHA512
6d3fce1b8938b08bbe2ca1dcee8a1e46fcb479bb68c6f0d3117c9d82cf89ca7513206386ed62a044b9ccf0b45b4921551fda39c7784270f76308d7914d1e74a3

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
128KB

MD5
2b3aae308dc6ed424a610f1b16337b87

SHA1
b67ba536351cf19af7ac898789cff70de669e958

SHA256
5183155e6a941f91db41bf6f67bff61dccd45747cd5e2b65e663528618cb8070

SHA512
df61bf3f41cf2cbcaf265e6f2d47a19bf9d21bf7820e26d6d30fe3dcf60e470c9565376b33942ebd39002e1d5318e879515a3c6c407ca0b74df83fc9e456ec68

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
113KB

MD5
640ab59e5b56f098fdba3d3141aab532

SHA1
1936d5b9d346e6892d69b0668ca1f011a41aa28f

SHA256
ff2ce7e7580104e7e037a82781d9481faa538f4ab4bbde4c6147a831d6eddb8b

SHA512
fb5784ce712de73651256029fcc6cbeaadda3a47c0619d6dc868c2b32c57f0ff750428d24a29d280f0b70e370142e88f2fa1e51f16661e8072cddaa2cf1c0b6f

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
113KB

MD5
6a7e4eb17374bbdcd89e6246451b8a4c

SHA1
a775a64bae459ead96072515b546084079cc436b

SHA256
4e9d1dd8bd4871b4800915c13ec0f09e3a81644fc2557a3de2bc1ad10589d5d0

SHA512
2c0f63b12b172bd4a4b9c9edcf9281d8a5ddce7721b8deee2de92661b4c032b6b97eb683c5f7e0a18c620ebb34f402ff4458a9551177287ad489d8b347b699e0

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
121KB

MD5
88f6e93b413c802136d1aa3caaf138a5

SHA1
4221a1024ee36daff429e069dc51dd5e3dd062c0

SHA256
269a901e3d747737357f3836430994e4e506b0773ccb8ff9ca3aaf198f0f3156

SHA512
8bca72f5801dd5096a26907ff48384123c01f093c21cc889d0fc7c6df4220db2375a6ec99217bfea105f09fdfa9c270778f1cfef6b8eddf9efa32c98df7a77fd

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
117KB

MD5
7254ba23ce9d8d6db34cce47c18fb36d

SHA1
439e437c4528ba424939ffcf83071303c87114f7

SHA256
291740904074cf8588f9927666fedb3c1da0fce8d3a99f1d5f7716e68d6772dd

SHA512
23075c8544d85e98a1e04ec9d5736a98126fa1c33ab9b523f8536e9c3e366be20afa4a89344a0aac2f697e85729d7c1bbc7da46b767ffb6cf9ed91e2c6a939a9

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
127KB

MD5
831512b7529c5b79b9beaf96b0d548bb

SHA1
a0fe7f0a06cf29a7d43a1c7d9ebe56a649d5c419

SHA256
8d916055b173577c646b123dc97a2da0c5dba6351d022f9a7e34c6118ef90314

SHA512
b864eb591344404b88de530e482adf0cda38c6beec95d26ebd623b2ff394b1aafbbe83ccc6dda7c990a2797140d2705bd4e98b709d6efbcc9c16986fd80dbca7

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
113KB

MD5
dd81e9843b142f1a05303f4a49cf1e43

SHA1
84a1b829fea7f48ef774de6f10eaa324633b4ded

SHA256
2b9e76c2526113ea6790282ce0b089d413ce58ac2c43918817597e478238ab9f

SHA512
4fdb3d4ef366b5bf1dc788c013d913214978a3285ab14fd9dcf0c9f4d8edd6665b5ee02c676b2ea6105e27c288b08cb40423f79d932df4d23934ab668182d4ad

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ShapeCollector.exe.mui.tmp

Filesize
134KB

MD5
3e4f139b26e41e1c43f40d93d69ca62b

SHA1
0524edf9bdae22cd5ef7e0b6e2b020dc0713517f

SHA256
d3ddc0de12b250a77b3f23321e5c038eb6bf5038c2723165ff2c210117b76413

SHA512
fe30cc086fff06e6020be8e22b02995183b9bf1f45a7ea039db049f8fd5165f99f656b9d6ceb274ddb61591d3dd26569a32aa30a2c69786049f54f43d4198374

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

Filesize
113KB

MD5
d433386cd3da88daf3223d104fe929a1

SHA1
e5ed55f6db5f859c78a5dc0b8f55f7ae34adfaa2

SHA256
f06a45446d86dcee4a4f71bd5af4ffb00a807db52acad37fb0fe270449e7bd09

SHA512
756f5e10ae2b5d3fb48a3b0c962ba4b7e134b2827641e8416fc5f17fb75da8ecd322be4cf385e6ffa4dc3d58636d1d7a77ac3f12f08e05de2b2d51d98b843672

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
107KB

MD5
0b3e5a1d32e84bfcb3cb8d7faebccafc

SHA1
cc9934215e5c9cab605601bdda9dd732b5ef7e5e

SHA256
49bc4cbb91d1d4f325fc3058c8f443a18420f7c1c2b03e28f0b3909405f52b2d

SHA512
6ea94d6eafdfde92c01b74f6080f773a4d43bf23028b90894d3ef89f838940af97b96c087f91f9bd36a27fe4e2f14da8e1fc2a777c0e087efd2cf7a8c881aa1d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads