910092a3dbf2d67b4f09da87897781da716f9b94afece41b5c4f23cf0ff4e10e

Analysis

max time kernel
149s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08/06/2024, 01:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1afbf2ce31b157382be0dde94adf1ca0.exe
Size

94KB
MD5

1afbf2ce31b157382be0dde94adf1ca0
SHA1

3e4a3aec9e5a4ee948bf73b4e03798f852785583
SHA256

910092a3dbf2d67b4f09da87897781da716f9b94afece41b5c4f23cf0ff4e10e
SHA512

6c62f5afe6ab5147fe7523caa253770cb294e34b44e531f5fc66b4ec83e43e99c9e79f7e43cf886bf727d6d1b627d003bb920e1c11578525bc620bd40ca09358
SSDEEP

1536:/7ZQpApze+eJfFpsJOfFpsJm7ZQpApze+eJfFpsJOfFpsJ+X9q:9QWpze+eJfFpsJOfFpsJKQWpze+eJfFo

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5362) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
532	_.files.exe
3644	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	1afbf2ce31b157382be0dde94adf1ca0.exe
File created	C:\Windows\SysWOW64\Zombie.exe	1afbf2ce31b157382be0dde94adf1ca0.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Classic.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationFramework.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL026.XML.tmp	_.files.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\MySite.ico.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Xaml.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Input.Manipulations.resources.dll.tmp	_.files.exe
File created	C:\Program Files\Java\jdk-1.8\include\jvmti.h.tmp	_.files.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-oob.xrm-ms.tmp	_.files.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sqlpdw.xsl.tmp	_.files.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.tmp	_.files.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\VCRUNTIME140_APP.DLL.tmp	_.files.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	_.files.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.AccessControl.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationFramework.resources.dll.tmp	_.files.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL108.XML.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jdwp.dll.tmp	_.files.exe
File created	C:\Program Files\Java\jre8\lib\deployment.config.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-140.png.exe.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationTypes.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationProvider.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\nb.pak.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\security\javaws.policy.tmp	_.files.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-180.png.tmp	_.files.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Design.resources.dll.tmp	_.files.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui.tmp	_.files.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md.tmp	_.files.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md.tmp	_.files.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ppd.xrm-ms.tmp	_.files.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-synch-l1-2-0.dll.tmp	_.files.exe
File created	C:\Program Files\Java\jre-1.8\lib\charsets.jar.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrjit.dll.tmp	_.files.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	_.files.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c.tmp	_.files.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.bfc.tmp	_.files.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ssvagent.exe.tmp	_.files.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md.tmp	_.files.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime2019_eula.txt.tmp	_.files.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-100.png.exe.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll.tmp	_.files.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationCore.resources.dll.tmp	_.files.exe
File opened for modification	C:\Program Files\FindPush.snd.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\tzdb.dat.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\FUNCRES.XLAM.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationCore.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Xaml.resources.dll.tmp	_.files.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WordInterProviderRanker.bin.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ppd.xrm-ms.tmp	_.files.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp	_.files.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Xaml.resources.dll.tmp	_.files.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\content-types.properties.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ul.xrm-ms.tmp	_.files.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ppd.xrm-ms.tmp	_.files.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 3644	1684	1afbf2ce31b157382be0dde94adf1ca0.exe	82
PID 1684 wrote to memory of 532	1684	1afbf2ce31b157382be0dde94adf1ca0.exe	81
PID 1684 wrote to memory of 3644	1684	1afbf2ce31b157382be0dde94adf1ca0.exe	82
PID 1684 wrote to memory of 3644	1684	1afbf2ce31b157382be0dde94adf1ca0.exe	82
PID 1684 wrote to memory of 532	1684	1afbf2ce31b157382be0dde94adf1ca0.exe	81
PID 1684 wrote to memory of 532	1684	1afbf2ce31b157382be0dde94adf1ca0.exe	81

C:\Users\Admin\AppData\Local\Temp\1afbf2ce31b157382be0dde94adf1ca0.exe
"C:\Users\Admin\AppData\Local\Temp\1afbf2ce31b157382be0dde94adf1ca0.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Users\Admin\AppData\Local\Temp\_.files.exe
  "_.files.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:532
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:3644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.exe

Filesize
48KB

MD5
b7b7c5d8b8aa1d499c49461c4ef39b6d

SHA1
4f155e9dc0357aad7dac0a1ffbb39130ed133dd9

SHA256
d63ce50b177a520282491e0c55723d7e5872ecb5b89d5d10093a6795a07c19b4

SHA512
e2694825b223879b5d36b080da9604b8d099e567b67d1e82bc765b6cb9de57a0d2c900aa607461e38eee36900c7b19ddba340e4bebba219c10e0745747f46d58

Download Submit
C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.exe.tmp

Filesize
95KB

MD5
86dcb70049bede7b9e4142470f29f696

SHA1
549af777ca599e5e3ae7907bc372834ef5b76867

SHA256
c287214f02698392075111c84cd1b0ec2455992a283979b7af1af99d0aab7e8a

SHA512
fc4c691e57257a86268f435375fd7afd55a0ec2546fb302efdfa45ec5da91445747bd054d00a8a534213994b02dbb9b6f350da4e5610b5cb2e100a10f3aa5d03

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
160KB

MD5
73cf61a78f6f764473ad2dbd0d95f098

SHA1
c03157bbcf3b40fd4400118a5d597a383cea5c3a

SHA256
0f983eb76b5c7268579c133c0cac13e5d2445bc318b7010cf8115c25d3ee362d

SHA512
34de1b5cab74fc25f5cbe076e1b61a80bad703bf18f90ea08108bc91540f65b8822e57c14d4fe86e13b4d0be0d4d11a2767912c5c649d7a3ae65ad25f1af6e98

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
147KB

MD5
ca964e1bfa7d5d96999a92cc9d065889

SHA1
9dd97ca83b60ba97fbd0c954351d31e58a672b72

SHA256
813458500fe406904a08200c67c4aa361faaf3492673b35618c7ab5cdd76199d

SHA512
b8f6de2f98c762ef568a5da87b9cb838ffe84959a51af68d89a55f5eb6d7bcefb510f100334f62343ea32fbd2695420c705bc4fead4f11af1a22d901c62f3d16

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
328d34d3698cf7225b4dbf881bc8072c

SHA1
c3065f6bea4e0bc8a475a2fcf0da5c398bc8f0ed

SHA256
b9120639e87180731bac82a1bd396090516cfd63151588e614380de25d286efb

SHA512
8e13512de776bbd4c41adc0c2bb10c86cf7c7cf2d6b9d54f174d2cc9330bfaaf5609af43cf422f13e4a17d010ceafb90c1f726571a02880ccf33b837d16bcc29

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
592KB

MD5
845a5f4574234c5494ce9a90dfcf6d0c

SHA1
ae496f679a1c428a9658817691202897ddedc078

SHA256
74d79bc022bf39fc54fae6a5b59bd85a4cf6294c18c6df4976f3ca6775ed575b

SHA512
b960c36a5916b2e871aed863f828da08e8611435a44f04396c08ff96f4f710d059ff255902cc9da90fa122e996863594f4223667efed30ce16d52f6a2af614ee

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
978KB

MD5
84ef5a7fbe55466b16440821ffa7bade

SHA1
c822cfa33e9886f9f78d61fb63ec6b49b2b31a0b

SHA256
55f6008bb47037a5c5eda35a70ee069937b31ce915cff3b0360c34af17c21765

SHA512
529acf6b78a128a1f6fda2c8181b1e120e3a0c2c39056b9522426ea035eea8ad04413461ff20963d0a7ba9d51699a341d8dbaf00bc4ed94dc0bf9ef91e83a8b0

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
732KB

MD5
d915234d038e151765ae5eeba1f1ecc6

SHA1
ac1363f9fb2d48ab5fc59a7524849849f74cf61b

SHA256
2ff26754af94f8b4583fa14ae3124ea8775bdd07f440e514e5dd9988ca9344c1

SHA512
e3830f34e6d915281905f08e8a9dbf5bfbd8653548e30a434907f06eb39e5c31e96071bad3d595db50c8c324a432c1ae84167e4c50bd4835ba8dc9684d005732

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
104KB

MD5
d795e387e8fb64f4ce5a8b267f623c13

SHA1
1a1e5649c275149826b5a231a82378cc0e2dc69f

SHA256
8a4551400e887e8e96a94aa36532f09801a33ddb3bee9083c2c59a5c700fb9f9

SHA512
7ac3290a5bf024c96de9f14e125caa70c59996d442cfe16f596ff7abbabab6c351ca51b0773a0b52bb9de82690853806b5cbb8917e347ccd3546639f5db3a1c6

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
57KB

MD5
03c89378eefd16580d971ba4da3ba7ea

SHA1
8d23e98d5ef687b438a6a3714956ebbb2f915d3d

SHA256
c5dbd437d56d2fe34fbe8d0bc93bbbfd3fcfe9a53ca6e814fece9d021867f5cf

SHA512
1206038a73029a7067fee63f7be1417d95e4477b6f2ed01d6614235580e1766c3cc9feeb77d94dce5182cee9eb38f1bbd495a4f5e5454f722dc14f04dbd2cda3

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
54KB

MD5
4e0e72a16a8a453ba1ceb7bd05ca4b84

SHA1
e605fb61fbdaa9c149f289eff35bc029d8216835

SHA256
97a8d127789cb4d862308a9d86708c20e4378a09d91f5567402fa8e16cd6ae75

SHA512
74ca9ee449b125573437d17f6e44c5e4a3d808112295c712e810bed627a4787f5d693967f27f7c4e1addd09ea5cebd1e1a14d5f0231f2d2bb5747b5518abe565

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
60KB

MD5
b5c42df5dcfcde5a532c60a24d565c0d

SHA1
e8e6199151cb0a9a8af9b271327a66d1162505f0

SHA256
e9e5a9a0b1326990175359f84a8f1e70e897b2758e126b8a72ca288fe372f862

SHA512
5f76806b74120ca8dcf6a71a6ae48fff8cf5ce76ac1da411fff8c583d52b11d65d487d79b3fffe5475dae21601930e9f8abe0939ed8d4a4644585f8f7fa8c1a3

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
53KB

MD5
7e9eca51aec34cc3894486f9910aa5d4

SHA1
5cb4be7c1476b1d48360108f2e9cdda4126542a3

SHA256
ef4ee7cd88f95126321596bc2d7e2fb181cf053021e7a15097fc0daec4911b28

SHA512
c48f596b4ce5ad64a23466e2e6aeaece13a8a99650c9dec89ca9795af233bfd7526bd8981904eb3e285fe2d12b7c24e80f96472256c3266ec8c28dd04e9ada0c

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
57KB

MD5
fcce5d7931dfa0bcd50ece76e9ada2a2

SHA1
e18b00831120564a39e99618eead05e2158c7d92

SHA256
1d2d9a37d2a5c087f5aa311066be64741cd3c3c701809e459a5ba9d22bbb4410

SHA512
ac78e69b2ecb92efcbf60b27f6e9da1a01da5d96e6510010bd40b876b7859f9096f79f93bcbeaa831b5d2276b97466e809cd72c8029f4b72fbd885a50ab7be07

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
59KB

MD5
923a1416082bd80b2e011775ecebeea8

SHA1
c701c17e3daa1d76bf6b5681ef3c12c6b6d35662

SHA256
ed48fe24af4a8bebe5d44ee3861d1aad6ce530b33ff38e3605c3619df62f3028

SHA512
3ca1aa051db112abc6b5562bb740253f8343dc98a729ccec880c589e7d9369e9cd3da256996847890ee694d9905934cdbfa2f1d4b8654f0bf9ff4594cfc37cdc

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
60KB

MD5
0103ba32a41d4b67dc6d76837606932f

SHA1
2d097ac170b3c99223c936760a28941ba26d959f

SHA256
b329ae8a90ca6fca55ab963af9643cd8808683069c29b88d87e7843a6d440711

SHA512
64c62ac0ef9a1a9abcd01c9005350fd6c9df21d9e45f0b2c1b3dfafa558ce55baa1af518cd5846d291db3e5976172285fff5d66585ca6aab07af71c80214b30c

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
62KB

MD5
6724fc3d51e14d5125e0b29e10bb9c9b

SHA1
2d9bf218165139eda17cd8c57f2e239b08c4306c

SHA256
cf29dec8c0432f25833b83650ba6998e2d44b718113b17e58cb1baf7ff48883e

SHA512
2f8d18e94ba6149288284e9c599534cd7874fdd2844e33eae54127c92f9177c08abf3fd4452547a3af7538df86fa3b66f01f0da5f46b82b4d5816af061fca761

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
53KB

MD5
0c7a739c8624691bc8a4520242581031

SHA1
e55bc8840f931333eb6b7d43c64732bf8de97330

SHA256
2babdee175cc755927f40a53e344737593f37764525dc2e555551330c6604144

SHA512
419263d208d9c575881d8911fd26a8aa81d51befca4a6b34e7ee711fb7612e67e40822f15fe29cc7b786706c7b19408b8ea37bad161d94015dae46df25a8d84a

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
57KB

MD5
6c72fe4a0c42e23a3d4e44fb9cfefde3

SHA1
312393ffc22affb1f573a270b65122ace0377b35

SHA256
d5c284a1b0024783e1341b139a270b55092867ed9bdf87d5eb2228be33ad5f36

SHA512
c65e68b5131734ead313dedeeb45cf5187fc9e6cdbda53216227c78949c70c45a68dcefbcce433967501bc6afa8308f2afcad8e8fd26428ae17b3b8130c6bfe9

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
58KB

MD5
a9fa0376b4c59b7898ebb8828f9e828a

SHA1
5e4753bb11603debefeb7b97db7953dab3269701

SHA256
ac39b6585139124f33874b5ac9e3716d937fbc453fab613cc3852d09976d31c8

SHA512
99d4aba371458da73d9b3c993ad3a53d605f95a2010bbed8392de0c9f154f04332f2e6e6af5fe0818dc2cbd55b4852572c74eae62f954f971d5a1f81cfa7818f

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
56KB

MD5
2796d992284b537c303126fdc97cab14

SHA1
267318a3b88284c878398087f0b6ddeecba51737

SHA256
b64bcc87ad77c05794de81b528f1c7143b7660a62e72bf2dd64c6de26cdc09ef

SHA512
73b2340c0756b8a339427425cf142503024e06b6ce603ca3f5e50dc3ff7f29292676741f4a31376a72a83faedf53e9532faa52bdee5da4801cbc9c5be5f0673d

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
56KB

MD5
b220330b7aa01e69d0663a4db58ea77d

SHA1
6c066f88f94c10d122f446711c3c846a29e99696

SHA256
9b530052ef04a670d21f69252903e8dfda80d9f28f2e36df90c765137f367215

SHA512
1a1cbef2a2f09d0c07ba95a2cf739905141fcbe4a19477525f5dfe3f8c7ebfc306839867abe8b20c37b7f58d74a770b68c99756095ac9689897fec1344787b85

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
57KB

MD5
d5d9706de04bc39ecabc80ea23b71b74

SHA1
39274a185c7c9684ee1aee8fadcfb5274472e5b5

SHA256
3a1f7d29831d4370cbe90cfba34d6bca300bdfbd4bff19fd58a31560e0ebfbb7

SHA512
fe0bb2ccdcad676102304381908159d95394a182f5df03497c14a52062ca7afd306594f961cd10885cf6b3e9ea8a5b182c2c97433a98578b7bd22564db8dd2aa

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
64KB

MD5
45c76fc2cab82cf74b3b4e244cfffd2a

SHA1
9ad02f0b12d916fd780a08dfbc441e410116451a

SHA256
dc5d831424fe597c6e64501fc7b417156f7595b9b3b9cfc0da5b32847f0a3f34

SHA512
722158809d72f6f4a62d2302aa807f0b23c44a994e304f17506403520245a18ae5e3966f625d82ab6145825ddabe61e4a94ad0491b7b15798f0dbe45b719b32a

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
55KB

MD5
82929538d87c85bc236775959353f361

SHA1
f70575be796ca12486867b650dda96761f029a31

SHA256
7c7a5b8cb78d4b292e1f08e5389e18027266092acfc2f8b705409d44052f6278

SHA512
8a2aa2764c8582fe625bd8a034875f1f62185ebd65a07d2a0ea269a1b5db1b800a3eb686281eac85e72cb24a5fad0b1496386e2dcc666a3250194f9d8a6d1bfe

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
53KB

MD5
124e99c7eaf74c67fb4a60233490d276

SHA1
c507a3bc0d715e1b59e243bd30e3aa8280a39500

SHA256
ec9975e09b9c69962c6291f8e381248b2105031b2a75e3b4bcaabd0f7d7d630f

SHA512
394aeb5b3ae406612064dfd30636306ed3576501cea9127b1f5b52c707b8bafc53974b6a4d45e55d28b5db53db90111979686b003419e089752b892d6fff5124

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
57KB

MD5
6e0af752d69b14164e908100e89883c0

SHA1
9a91a97a6cc0fb40f026ab39edaddddee7930567

SHA256
37b797e6df1496b3dacabd9dccc0c1dc1a1a8fb57c662c1c07cac1a982b384e7

SHA512
6570e66f4ace0800714e490fbc6c7e96b9ceb1aaa26ec44ac643ecee93cec7d9e3c4b210fd73729409bb57d00a69dd08254da29c63697a137a0b8826134e0da2

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
54KB

MD5
04cd07547493c586a38d2d932ea3e6b9

SHA1
e763fe73f909b89bb54dffe4c8e39f4fdef41b07

SHA256
5cb5f5c9e263f40e35bf615615295223f9ef3cfa74f795f963f5a31cf98eba13

SHA512
70900561bd201a0b26bde95ed791a41ccd4b3d4e3b77a14b2c62af593c9b4e27a8529a4c50fd209cddcaff2cd42349d13b03af0438b56d3563f343913588724d

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
56KB

MD5
5eba0da526c589cef372901b27a061d5

SHA1
0ddc76a9ef1c383319293322055e02e3260ccaf4

SHA256
73e0807d87e76c6b1f02aeede53654487a29940972c9f8c13ecd41a11bb3b98d

SHA512
554c4d9ed059e9a5e4392a5b361768821703a5231d9a7c640212770a9ac866542610d9f3827835b013c9fb6abd92499623c601cb1cba3db00096c7c6616beba7

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
55KB

MD5
4188813d3775aaa555a21f547b24ba8d

SHA1
7c572b86cb593d15c67e2d55dc5425771a5b033f

SHA256
1d66daa71de3076fb25a4203853f912180ec6427c76d86098bf2f470a1596cff

SHA512
02e5d8ef439da80a7c8592eadda2f632c1c5575608bf5aebb1ae90745d5e3123343901bcb7f5e1bb53c5a3097f9766e3dd333120f82efd9d71d039c67d4b7b0d

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
61KB

MD5
fec80f6a9a2e346f888dda15d643d287

SHA1
885388041755166248f7129c79d51d041ca13c48

SHA256
c71bef376b4988425f9e478a589edcf3b9ff05e69e33622180be23c09d17c48b

SHA512
ebf10542ae75d1fde6cc10a43ed6b8276ecee174892f8a1f3bebb142238032e3d17e52b2373bdc23e10bbd0a4d4be82f1bc04467c7e7f280d3693199ffd4dc38

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
55KB

MD5
72dea5076cecbd3369c11023c3de4f8a

SHA1
c8b2236dae16608fb58b0e3174b074493d8bcb6a

SHA256
7aa95147576e1b828766347afc5eb713b2cacad342316f9e928e4e6c97eb53b5

SHA512
c9899a849ce648c76e21a9470c8027d289e8df583b492bd7326cbeb59f6c8ad6b881f8706d5ea17aacf9e2d14913ba1261a0f3235dd6b895209db7b2cb119ce7

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
53KB

MD5
5b0f581e0113abf5f4f4cefd0cf9a2ff

SHA1
2bf2581c056dcaea7b368c9e1dd9af84d017019b

SHA256
18c695d1479f294e0cd283702137d6aeed83662915b6710800fec101a3ccde47

SHA512
b9606720dfd9480911fe2b0b8f27bdb207e092023e37b829849844f3413e47bd1ea1190f64c55f159ea6ff65f3b1f18fddf9f532a5a7bac058cea3fb5d20c3a8

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
54KB

MD5
fbf91fed94e74f0f39bcab10e1c3d9b9

SHA1
e13dc380d4f799a975344d279e7baa45ecbf4879

SHA256
0ada322d9a90cdb9c76370601f47911c795aa8da85779d9ff5196ca242797bd6

SHA512
fc709620a1057231958f71edae742d9b9c76bd349e6725e859b7db527cc6495d95111b7f7c710161a9adfee984793be31ce26c71174f425a0211c32e5d3f484f

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
57KB

MD5
ba4af41e7075a90a221906bc507255db

SHA1
31a9de36bed42b0ebcc42bc247aa4e8d293431b9

SHA256
2c68d98d7c2b9894805e19a0c01aa6292f755149fca5e801a4da1f83efe71112

SHA512
7efaa89ce9ccee3f4e117b33200e8212884e157b614d5f641f2978fd2bbbbe2c704c33f51a022c657a323f29cf0e03b6d684009fed473c9834ca86641f0f0865

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
65KB

MD5
fb6a0999b6b9d2f1dd939a1f4c294fd1

SHA1
cae114722e42f2f99fcad1db88be01c10b737eba

SHA256
d2fe6364bdac9f7a6e39ba3afd066254ec187cb5d896efa415f98d2705b08778

SHA512
53b53ec6a6515ffb7f2a4aaca9b9f00513108b827cafe2928513949b511c95ca7c761df5c7e90c49445b05b683e10943a6143b20dd5320d40e4865d49322d3bc

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
59KB

MD5
7c3fd8ffec59b9f59caf98f949cedef8

SHA1
7f7ec97f645331baa8dcd216d76670f76eac1b2e

SHA256
8485fa715b82394b8ee9d4af0c55c1f4eaf2443f3c01ea1d4bbf097413387f7e

SHA512
2ccdf56d28f25f718973a3aada278eb6741e26891cb91ed88d47ac002fff541d39d19dfb379dc6cf18debd6ef50986cc61ac7ea03d0d4e840b5a395f86332995

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
55KB

MD5
52dc0cc3ed4237ed9817422f85d0337f

SHA1
e8a81a51479afe5c1795e41cc6346de2b3f55b20

SHA256
40c71a554dc9e1b98032f24ddcda9fb216edc9db22dedf1462f3d93cba04acd2

SHA512
f3649c3fc0956dd846fcb25fbb7f0e5b48d7d973e7b412f280f9809353cda603987860907a7d0d3cb5ff01e7565f5172e0d3103843f702afa01c4a917b7df0e0

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
56KB

MD5
96137f6cd1d5c32b04c4f3c72fc1b56c

SHA1
26af4157818c4f104e2f228b2c12c23f06e17412

SHA256
ecb68041314287e10993aa7c2355022213ed0bdfa82b553aee2d56f0baacdd3f

SHA512
8bca64fe5c0a58a0d539e00bd20736a3b8f164000d6a03324038b06ee71d7894eb4b253db8e948097435c53e8334f292e39fec8e8dca73904af8c18d7167e572

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
56KB

MD5
e5c52d236a05afbbd2ae7cdedcbe828f

SHA1
cbd519e6144edddd9a6af747cd9722725f99c585

SHA256
bc10628ee8c3014189242d97818f33b775897104de6469568560df9392ae9927

SHA512
22eedbc1e71e709df7cb16f24374fecb1fa7083f25f90af5472a26ca487541f9b0c67c100280610ab87f46c30f6f4822adce4a1f401654c3054771a35995e8c6

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
56KB

MD5
02e268479c70ef6555df0436b7b3c219

SHA1
754da03813136a52208480ab52f5ff9e8beccd3f

SHA256
84db0686f039d8a4f00d511553d89b5cb41f04ef696bf9d66d3f46d8d0f6e53f

SHA512
dcbdea7c97f7a279cf3731d1f9d3f76b0ce0e2ac15df2fe9fdefec88e74b6e6f605381131428c2f2ca66b1427c8c7f63aa366ab4371153283fb720ca8766654e

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
57KB

MD5
62f3c336daa3e42010675624f2d712e7

SHA1
284ee7fad9c8869ea57fe822e7029d35d6181ae3

SHA256
c4b84b09b2cec2cc3468e9a3764d3e2675beb7ba5f09fc882d876df4948223a1

SHA512
a0069395bddfb7983850d70e68585df77454b05fa1f75e0716f0a7616c39f6c5334071543dbb26668bb3737e028ada914b1e9524e8e9b667ffca987c21f11d7d

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
65KB

MD5
b376cf74590e75e033734a4b9fb25a0b

SHA1
168eb27b22c688290ae95b2e7fdb2cb0c77e494c

SHA256
f2c0f2638eb0c26a188d29daa25635bc454f0d9ffd6b5a983cac887c682bceda

SHA512
d3d6b8e5ee0e661bda8aed7091ef292b0bf633c9493cc41a4b43dffa6925ad51b151a862f76c65d19e0f239917295b0ed9d563d50adb6f67e03c424064743eca

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
47KB

MD5
736d59ec1adc89db2c3ce92c9eb97a18

SHA1
a36ba6c3290b2c4eede960eefc0f3265f42f472c

SHA256
19a57b20e1e9b4ce76f7b3b3c418226523a290450e5265515f4ad7b8530da0bc

SHA512
6d26a1a447b24460f8215d3908bd76bb1767fd05c525d7af30e5cccad0dfc60bfca0365117d00299239c43b8e3fdac007c3db787b12098bee61669ffe91db410

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
57KB

MD5
2718bfe33d4ce50da46b690ff6e6bd2d

SHA1
291fdac933545589393d6b0214bdc1d06c60180e

SHA256
2497b2bd76963d9e13d155c0602ed9cf7e9720402589cf425b6ba66597ef9aaf

SHA512
b98764d1d0ac9a905b02001964a82d5cabb4802fab68cd1489b789383bc4aa61b58b1d440e62730a1e9574b3fc2f23a432e38c1ecf7244ff7662f461ecd0c091

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
58KB

MD5
4683436edcab1992116501bf5fbd0b69

SHA1
72402e59515f193bf929fd406d954aca96830a23

SHA256
142b56f3a351be2c61b0b84c709e06bf9d7f8ec0b3df9221196c48956f67152a

SHA512
b37f81e26ff8a3d9d41ac556f7ee3e9de31a9fa848061ca8c9bd696fcdfd00ecfc23054c3e81e156465cbab3acec5b4462daf3da6473abc91bb778076e3c899d

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
58KB

MD5
376c8011c15edf6dd1ec42ea4dde692e

SHA1
7e770375f868910915841e566da8d0cca9b282db

SHA256
065e1df2db34be70b0f668c9b3ab649b81c986eaf9e87b643098f9a95093bf18

SHA512
781de1a8bfb30df9ed13ece8f09737bca7b9a9299c941968517c7764d477834a16d9c23c273920adbab937001a77f0dc05faae873e15175e6623a627304fa3d0

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
52KB

MD5
ce489043f2d1dfcd2798c919b99e2c4d

SHA1
9aae1ea8b5fd3ff20c798c4eb534f7e4ccf16882

SHA256
d7adf519e8eae76e8f3c8e149458931a4ea1855fa1c0997cbbfe23443e848647

SHA512
892c89d08a848a05d416b6f46e1b8471911e9f183f55319faa4f90077b3f4de7bae279f4b32631380292d9ddf2c16fa822452fb0950ebc1b270dcbaef51072e1

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
54KB

MD5
53bb5bfbdbe2d96dff68052ccc95a5b5

SHA1
3e1244f8eb7d6705ea3c4314585f0fe8b225ea7c

SHA256
d5479a15c496d5d6c43f6c3d1e8e903c64a2392914d438cb9d2065d5b0b4edb2

SHA512
9ed3474c35d0dcf8461f45f2fec9b917b8a62d066c73d115f9fee04b2eeb51d078831119fb6ce960735eea24ab4407e34909ee0662ea01e360cb0d7542b78c76

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
56KB

MD5
4f88e7a910c352258273d260bd1af54b

SHA1
1a76b55c424c696d755449906ba091c63f1463be

SHA256
03e5146c111c146cfbfc216cec43a7a5aa46089b99a9cde828241d5ff61ad6ed

SHA512
c405ddfe8c79c8b626e4aae979590548651363b84ddcdf82d24f40fbef6b79e45de4de43d06eb8e12a2375e8e63164eb5aeaa87078e60ed7302948e9e3a87496

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
53KB

MD5
4f01a1c961dd3e1f80226275eeff1847

SHA1
5ef9e6b83c05c45dea3294b4d1cbcf9d4a4a02be

SHA256
f5fc6a39034c423055fbbf0f1bbeccd042c0ecb1fc17966343839787387a4c88

SHA512
e5d9b129c5827c156ecfc728bf2ea272be98758d38010672b88da7b0dac69b84cda578afcda06a4928f41115e584bfeab6fc17f1bf105233bf83cbdfa28e8141

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
66KB

MD5
ac4e454555e728c8b4d36e91fc027830

SHA1
390a5eb360c50473b8f3df57c3c09d3145067e30

SHA256
54c05c545fa1accb023a6638507cde5bd2c070bfd9ed0bb59280fc31676f4174

SHA512
bcfd4a5d44fd059cf56a5160bbfd4f963f2e1248157e4e1194c33ccd021b19d2e5c51c73f2ef09ecf57dbcd28f216eff105ade28cbdf426bf569a61c47ccf5ab

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
69KB

MD5
51d465bcd7aae62a254032410613353c

SHA1
7052d35a3bf6fa158d33b4cce79c5e3aee438eb7

SHA256
2a863a655d43902dbcdf88f316cf021e8e26aee968556729344a25b7c63b386d

SHA512
251db6f4de38dccd236455094626f22346acee5e40fd2cc906f889239afea97f8e97ddc77e4eda1ab5923f734360a13e40a45f2c1fd41b887c2352b004f2e9fe

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
53KB

MD5
9d593bc607c1b1649abafcc9d7efa1ea

SHA1
b15e4b05d607c127aa6c6c9ecd07f3186a15ec55

SHA256
edafc2f95ec35e061be4b8ad2bcac7a18d2d8458a552bf36ea06e9d98066f3e0

SHA512
759de628cced7d90054a442701704147e5151a36376f9050e3c57493498b4c99e8b53727c20ae0103acaf393c95687b8d30c28bcfd639aca863a7f6866b84461

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
48KB

MD5
fb5df6f0290fb68dc039590c9f56f59a

SHA1
6bdb349949720a760b10fe7a380276796c3461e6

SHA256
5818188db8f0deb208132c3b7342babfe933af805192be21efaf8c6499f5cbf7

SHA512
62fcda1fcb82dd4f10e7cb29ef7b833604d2d2d5684fef869f465ab1e80896a718b408eec9c26b25de63f1bb70a521daeaac4b18ecbc43b7540cf5fe27f2aff6

Download Submit
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationProvider.resources.dll.tmp

Filesize
61KB

MD5
2e8afdbb5280e4ee755341aaa0875736

SHA1
06a439f27a46794675cc055adfc0652d0f4bff15

SHA256
131f6dd980a751d82dd1efc2c708aa0f19b9cebd565e7c7879d70851ca800b69

SHA512
759affd0241686cc03a78b54c2b5c6f1d6aed68090634b6acda5b2a3f933d7589b19b5e32e346b69c37571a7c4830b1e2fe51744c17533b0bbd1a33be5153683

Download Submit
C:\Users\Admin\AppData\Local\Temp\_.files.exe

Filesize
47KB

MD5
2f84e7dd1439507555c8219c7a4d1810

SHA1
56aec2f8ff6c727cfe0256249f255f77349c9855

SHA256
a4f0de2a62c3a387eaa8e89ad87d2b8a273d52df6d009e31634438079be78a78

SHA512
d647cec340fc32b70d9fc326dcc78ce6705708ff4b13272e6008dbecc07671c42c6682d840952a2bba54d8ade7730c5469424e89e65e0dc60a4c469359e43edb

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
46KB

MD5
452aad9d34884c3bb6f937506a6da106

SHA1
38d18b8f9e184c7cfead2b540918df505badd3af

SHA256
f7bab11c2deeaf4c2c8c22ad76a1ab2eaebe0ce2bef16867e2b2c573062b2439

SHA512
15ca280a5ca7773bb0e0195b6580b719eeff75ad39b876cfd37d42d07053703524693396e6e3174c1cdbe551fd578270939b633a6362f1ab1eeba25e4ecc3ec3

Download Submit
memory/532-14-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1684-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads