0404aaf3db50f598df52d94ee6467bafe112d716e5fc115f679a54827bcde79a

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08/06/2024, 18:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0404aaf3db50f598df52d94ee6467bafe112d716e5fc115f679a54827bcde79a.exe
Size

102KB
MD5

3849e49ef3b144bae62ed368cd5af480
SHA1

1ff08735c7ebfbf821e200630b2f0c748bbe53e5
SHA256

0404aaf3db50f598df52d94ee6467bafe112d716e5fc115f679a54827bcde79a
SHA512

b455a3ea02b1649669219c4dd992922ca54262d4406cacbd73baa0d636cc0f5920143e53ec5eca3baaa68e0c1d53afa09cebe3642f58400faf2b449e26196116
SSDEEP

768:W7BlpppARFbhWJQi87BlpppARFbhWJQiiTQbzjrY/+TQbzjrY/G:W7ZppApHi87ZppApHiq

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5255) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
4916	_OfficeIntegrator.ps1.exe
4004	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	0404aaf3db50f598df52d94ee6467bafe112d716e5fc115f679a54827bcde79a.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	0404aaf3db50f598df52d94ee6467bafe112d716e5fc115f679a54827bcde79a.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	_OfficeIntegrator.ps1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.config.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Configuration.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.DataContractSerialization.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.ProtectedData.dll.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\jpeg.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-synch-l1-2-0.dll.tmp	_OfficeIntegrator.ps1.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationClient.resources.dll.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ppd.xrm-ms.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\YEAR.XSL.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-80.png.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\HintBarEllipses.16.White.png.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	_OfficeIntegrator.ps1.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClientSideProviders.resources.dll.tmp	_OfficeIntegrator.ps1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\MSO20SKYPEWIN32.DLL.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiBold.ttf.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\Java\jre-1.8\lib\resources.jar.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-80.png.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYM.TTF.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Primitives.dll.tmp	_OfficeIntegrator.ps1.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebClient.dll.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationFramework.resources.dll.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\management.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-pl.xrm-ms.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationUI.dll.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoCanary.png.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\jsse.jar.tmp	_OfficeIntegrator.ps1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ul-oob.xrm-ms.tmp	_OfficeIntegrator.ps1.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationUI.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\bcel.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN001.XML.tmp	_OfficeIntegrator.ps1.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-80.png.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.DLL.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AdeModule.dll.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	_OfficeIntegrator.ps1.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\libEGL.dll.tmp	_OfficeIntegrator.ps1.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\PYCC.pf.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\Java\jre-1.8\bin\gstreamer-lite.dll.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Xaml.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\ReachFramework.resources.dll.tmp	_OfficeIntegrator.ps1.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.resources.dll.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\ExportImport.shtml.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\3082\MSO.ACL.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbProvider.dll.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\PGOMESSAGES.XML.tmp	_OfficeIntegrator.ps1.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4824 wrote to memory of 4916	4824	0404aaf3db50f598df52d94ee6467bafe112d716e5fc115f679a54827bcde79a.exe	81
PID 4824 wrote to memory of 4916	4824	0404aaf3db50f598df52d94ee6467bafe112d716e5fc115f679a54827bcde79a.exe	81
PID 4824 wrote to memory of 4916	4824	0404aaf3db50f598df52d94ee6467bafe112d716e5fc115f679a54827bcde79a.exe	81
PID 4824 wrote to memory of 4004	4824	0404aaf3db50f598df52d94ee6467bafe112d716e5fc115f679a54827bcde79a.exe	82
PID 4824 wrote to memory of 4004	4824	0404aaf3db50f598df52d94ee6467bafe112d716e5fc115f679a54827bcde79a.exe	82
PID 4824 wrote to memory of 4004	4824	0404aaf3db50f598df52d94ee6467bafe112d716e5fc115f679a54827bcde79a.exe	82

C:\Users\Admin\AppData\Local\Temp\0404aaf3db50f598df52d94ee6467bafe112d716e5fc115f679a54827bcde79a.exe
"C:\Users\Admin\AppData\Local\Temp\0404aaf3db50f598df52d94ee6467bafe112d716e5fc115f679a54827bcde79a.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4824
- C:\Users\Admin\AppData\Local\Temp\_OfficeIntegrator.ps1.exe
  "_OfficeIntegrator.ps1.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:4916
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:4004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.exe

Filesize
56KB

MD5
e6feb81696aba549c63fbb5342862517

SHA1
c8bb826cf83e2f85ed9742e19ab14b7145651a58

SHA256
a4c2e4e78ba0837ff9b1733bb1f5ab22d61db29ce60a8d17f0db51f1694f996d

SHA512
2f972201a2bf3b1ec174b16c8437e034d9eef4e03b5a3793305f333ecef1e79f4fb13a563c19f8662ec7c450a45b7453cb673b10ba7452804c9e81d8e1642d96

Download Submit
C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.exe.tmp

Filesize
102KB

MD5
9caa75c1d41baaeb40140ed0289c8d68

SHA1
54aa7ad8a51183ff2cebb3b489fd9e89e58610bd

SHA256
6db30de4ef294f0151aa20eb2c3c946232a010338716bde0d538d69103cfb894

SHA512
53344026394a2dafb031ee651a0a494dfcace8d580014533e1b2ae1e049906ccac4f8aeb166f749a7df0cf0d662b9c3f983fe74391470c7303afd7f5baad4363

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
168KB

MD5
58085be98b546c5c49b4eccedb79dae3

SHA1
3fb98cc8f501cc4fc5ab11fb6824e5ab814b46f5

SHA256
180f887ebcb7cabedc906ba51d2102ceafc38bc09dc3829c70f7b2ffb025d388

SHA512
f851f19bcb4d56a82feeaa1430dad9c7357e4b0f49eb41b07ab8985aa52bb5c57021eee716cc9eca6cf214149cdeb2600183b138898c895c502f242332f29087

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
168KB

MD5
88220aa2fa3034bbca85fef0e91c9991

SHA1
c9184a68080e15d3aa43fd5f31fbbd0f6671ee3c

SHA256
353ea98338b40d91e5fc4c4d19effa2e50517352622a00947192ca852e244ac7

SHA512
221df466489430b0295c6716665450a665da411b4b3f5018758b7a579859356333937319b8fe445843a3651925102dc1b117dbda2f9de4524415d62073791488

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
155KB

MD5
0188b8c9a8e54e7c8916d641481cbe00

SHA1
8d7efb8c9361aa173ff27e104920fb7dbc40b340

SHA256
a33520055d13e1154dec02c4ff1eb7766b75372b5e1c38bd994e9cf6bdc002ed

SHA512
ae054aa069864092b47aab7916426310a2d3e94c60e2b5ddb806b2338d380385c1d26041547b04a5f1bfedb3ac43d9f429bc7b9ff4cb902ac922e09cbb70e87b

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
121KB

MD5
d0f0457e3dfbeb93d83da0ab09ab3f6c

SHA1
d36b98f35910dbf2c370c77adbed86a1f16644a0

SHA256
6173c3fe2c254421d30df36e576fc65483e37d9b334a42d2341484b9480e754e

SHA512
ed1b3b6c4cab5f0a5a5e1809db9a216531ef88635e44d128c97b45259d8a9e54f660ea76ba95c66bcf286f601c172bfddb18bd4a452b7224eac33ed167c96c4a

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
56KB

MD5
aabcbfea6b0e8436f620b25184d2b8e4

SHA1
66688744934a5c8cf5d759788208ccc962f41a9e

SHA256
e9aa9e0cc206ccbd202f739d4b231dc7d1bd40ac7be5ac302643c81803e1c5f2

SHA512
ca8190491f14e2d6ff956d8cf5db0c83b56d8a3ce2d252f0a8ec146c3554ab3f46a1816e5b68ca1567e9b8f734918b9c8d9af484656cc4fb4f01f4824f79a855

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
39ff8638cce98fdc9a666bff7c90cb37

SHA1
f9b8cf3e0b68e6a3d0eea9f4898d04beafee9eb4

SHA256
136898c18298584d854201400bee08ccf3601b99eba6f8d41cbeb5388a92b213

SHA512
c8e0de9d323d2d517692fd46da56b3e452404e62303bb79454ea6a85c15ebbb14b100e571437e9868c79644defa3c1fc3a78c3dee2a91ee2c0e6879fab18c445

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
600KB

MD5
0054f276ff4aff2aee121fe670dd0f44

SHA1
47b98eb1a8b249b5b8f2a1b05cd7241b9fbfb2f5

SHA256
a04e9076bf5184d887370e81bb42547fc6064f30e7103506d0fb8f29c977d7a9

SHA512
ef1501a3eabc1cd8825878a8d0366936cf377de9d1057a357f3d66eb11944cf0d0fca0b2f06edabca4bd7c06424344a7c07a558ba5212bddbe7157cafac60e8f

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
255KB

MD5
4e2356854d482e353312c05a865e07ef

SHA1
67e6d8b4fc0232f32c8cf32468d528fbed965e3c

SHA256
2f40b1cc214426970e6feef2ac40c605338ec3d4ea23500b27368ec2a7b531c0

SHA512
107a07b1b6c2c50618b842d6de24765be3a94fe9955d5d271c3bee0cdadb658e4ef5e74319fcf71a205cec9f75faba72c7ae926277b335a6be7155db74e62305

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
234KB

MD5
e57ce065df8dd88154dfd200fe788c7f

SHA1
d31d09e898acf431609b63982c369d55425c12f3

SHA256
8a732f72cae847782a1db81ccf01c9663378da4154f067a4d9c5b62c1396e1c5

SHA512
d9948e6e18d4869578a4ad6dbce2b26f06653595896fe21cd93a48534fe2fc9ab95ed07789f886a4f563fb43fc4e8fb6da434f0faa2e54e8ac64e82a5385a102

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
986KB

MD5
5ad30e4cf7967794d4a723315d762ea5

SHA1
5360992b0236d3d8e657187f4e24ae59aac9030a

SHA256
82affc63352cc463fba7deb201e9833f5aad55ad665b2b2697d98245076c095b

SHA512
f0bd437a89b65b1aa5e447c2a761bf20eaff07ee8169650a0827cef1a37ac6a5b1cfb9d56f9073a82a5853d3fc7a64c38656b2d214fe41443fd7654861c264f7

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
740KB

MD5
455501cb840415bab089bf4988cd53f8

SHA1
a59202f146727ca35a0a328a946397503c8a56d3

SHA256
f2f1c06b1395cfed121ff7f9da17a89344fd45dee58e73bd550d2e07f230ad1b

SHA512
d74d3de8e016918f7814c3580c56b5d61520aeaa799ac3e0ff2e24a76fcb57a42d6bed5b9862ef8b36cd0617996288b4ce8dbd93f76eb0d5099f684c30a34169

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
66KB

MD5
e16155ac130b24fe2fd09d43705c08b3

SHA1
2f3e2ef8923cf6b40c8023b05a36387901e23576

SHA256
058ceacd4d8ff9770c480724c2cf78708b8de80d486fd8a471cfea2d856c7cf5

SHA512
fb96a2b64c964db0a4a7d9de6d0d4c438d660e7c75e6750699279402dcc91fdc3307037ff01c0fb75e088319f5b5e895b1db89217560bbdb58963ef145d621c2

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
24KB

MD5
51855e64bca4f5fbe79c1e0601a022e4

SHA1
2bfab2738f81b483be46dfd2d881dfc58bada4e3

SHA256
fe466dcd259764a0e0affa44994b827b2fc997e4867533a083b38206b0907fb8

SHA512
cedbc5de3b7be75afc0043380e7ef9c3161bd4bf9c490f70fb16a3bd69f22083adef005b3d01a0aac14e7d3b065a67e070e1ec12a130128dc0b22369b1b51407

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
63KB

MD5
9b4cf087d35b2284a6092ef8e5776714

SHA1
accbfd8a7e8637549253ccbcef539f76609466bf

SHA256
24cde6e7a9f29acd4b4d7e7c7858659504852fefe3fb539dc754a106e313016f

SHA512
764a86eb6987768642894b74e61c71aba0fe15b495673b55372cb272319c170de5e8488d3f8f6e7a87b43cc4fb4c46ceb41b4398c86d65a3716cdd3dcd364c33

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
58KB

MD5
bb5f2390c2a5f8a5c75b3337f68584db

SHA1
64ff6e7ab5b45bb27b650d53fbc2d9268a298b50

SHA256
1328bc0da517147584b668d7f2f03e5d4bbdc359597c51b661f569e656c5d59c

SHA512
23492a05db1f8eacd75226078c7235e564a7839eba7bfac03e0c85f9d38cfbb7f6f76ed088f36dc199b2219aa1c034b973fcb6cd70293345f1c3a903eeb2f375

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
56KB

MD5
ea73c2e0ce21b82ff6e61666c30d710d

SHA1
302a79866212993f3b4cad1456ab924802b68575

SHA256
ed354d3f1aea62fee2209dc27a7d5720023d4529563b46be4ca5a2c1c517d98a

SHA512
7608883801d5ade52855424365c61fbb29aa7247a475fc50e1204c1958b9dff703af43434129e957ff4e25b9c16fff5e14809f8451315ef26cc5bf084ba27da3

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
65KB

MD5
daf324b977c49aba08fef748fce94bbe

SHA1
4e45b1047e51bde1c08a255b3b9371bd25013496

SHA256
978561fc92b30eacae0edc87968154e84bfc8b813bcdbe447a20cd9716014a7c

SHA512
26cacad4488b2cad26f61b2f25993401e90a673df6b9b3809416dc4dedf6e604e96c0bb920a564c074f22e8d1b457f5b15dbbaad6b20be7630112b1304856239

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
69KB

MD5
780a92d922ac71f6bf5f6e75a85fc77a

SHA1
232794d21ed2020d872564c64554ada4581fc336

SHA256
6d2dc01acb5b73fac6e2d1b67d74f17127d4a7bcc82b5db144087e944ac0e73f

SHA512
8a73941dba213301723efa35bd53236c83351fbbed4eb2b4615d6f2bda6bc6604c077a7553c48a9923d0f97e6032dc1234edbaaa2abeea70019d2ce4e31f1caf

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
71KB

MD5
d9e885b0ffeb49bd31fa2cfafabe57d0

SHA1
2fba4977fe9da1697fc54394f30aeed4e02ca99d

SHA256
d73956794657ad5b09b9c3a66a05c55ed53bc8c2ae69d62e22abdfcb6ffb6e00

SHA512
4cb5523047f65a4b8071b2f1b7b1ddb620ea50dedc18da5a0cd27497f5583580f5db0c2148e6a472d18da63c3d0278c37655eb8f4cc864161a29d633f09e7bfe

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
65KB

MD5
30717120c6660b147bbf52cad9914eb5

SHA1
00312f65453d64a3a745279020ae026e7749a185

SHA256
7e63ea1e2769f1af23c1f978c6c5d5381bc749037455d82e39e28c48ca4f9394

SHA512
7dafe9833453065dd7bfa92693cfa6c88c57d38edb0eade3d43eecf8c89a0c76bfee55c7f7c98ade2e90cf869fa1a23001aeb0b82ab3dba213f89dd6d7b1397c

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
44KB

MD5
f9e4022b2ec021082536c3b8d9c72397

SHA1
dff2dc74186688a8c7ee6af8496ae2f608fbe3fc

SHA256
a1152a0f3d3b167484ef363a12682709f653eb4aafca1607e288d97d5b273330

SHA512
d8afa887ead01107205465987b5552acb02e4f62cbed11a7bb7790aa4d51f8ffadd9e885b43082772cdb332d35001aa21009615b49a624a8f2e021dbc0368a1d

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
64KB

MD5
19da8b6bfcf569b415bf0ded7ce68793

SHA1
32dd207352fd07e6217bc1ae8a91938958fc4d9f

SHA256
591cfd10cee1f46b746253777b15022004c184d25d83572a77889322a8d69c95

SHA512
d71fef792c7016864ec318e66285d54d364f0455924429a5fbc9ccaf189c38a64697720f344fcd553f66c3bc2da19310211aafc40b260496b0a7f80d52caa439

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
65KB

MD5
1acc5afb1a9707c85e1528ab0e371bd7

SHA1
f28d4324ae2db6b6c4673ac46b7bc9b20cecced8

SHA256
8bd13718ebc8033c157d3888120f378496c0302f3a13f2864b55be8045e45b95

SHA512
fca16aa82bcafe325f73dabe9f969065144ca76b05a051daa620099b78d77fc184807a3d0a702cab959e5ee462782d4623f7daf0c5c34b466d241156377f0328

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
62KB

MD5
bbd8fd3cb949381df720933b3bc66d24

SHA1
15649dfd8288bbbc3ee9f5644c988c274660a601

SHA256
1fe2d4eef7525a2291d6a16273369e338940a138b8810787f3c83fe2367547fe

SHA512
38db3523062e858649ba051b57ce530c1b405146315de7ac74f3973cbebe70c450465d769751052b436efb1a47a50c2ac6a103860bd854004a1795bf7b1b9176

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
64KB

MD5
594879c89fed15922904ca123dbae561

SHA1
a57c2f0d34800e12c04251646dd869211f53ee85

SHA256
2310b9b81984fbf3b84e5ef313e6076f70188de0031152482a190ecc312da376

SHA512
7371c02a47f347c72093f3d676941547e0423ad0a478509183ef9ba3eec42cd99f27889d60258cc6ac714c7dea3802b6a951a8a875b67e9e75782fe5bb3df888

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
56KB

MD5
d33429a5429db00c59401bbfd3c57487

SHA1
f67b2df7b6282aca7b12e92a5e40be4f65d84764

SHA256
e651b3405629d752fcaa32ef015a584ae887e5242a7e03d4aa93b8ec26b2864c

SHA512
e7944b51366ddd6cd74900ac1fef84fd6a73a1af668e5e5ee7ea67ea2cc45205dfa661c52729ed004140810df182a6748b90145fc56f356e4005dd75c5ede3a0

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
66KB

MD5
1a5df223d722664f0f42d9703d0161ca

SHA1
b5f351851832df217ab39a7ed616498b96d62a3c

SHA256
a5b7ec73599236f5cccee347326d60cd0aef39ce8add52960782b03c1da03c85

SHA512
ddced430f8065c316ac1af48f121d0c802b793a068fe33385249c3967813c11d873f55a92ff5ffde20d075377c21b4b41e8d9cf68fe87144215e17db1f873d1e

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
65KB

MD5
8262ae1d159529bc8f226bbf2e9facac

SHA1
048e3c9911706cb7a1037a47a7164c2724d8afc0

SHA256
02be5daa4ca0c3ff5f40f7b7f94335644228cb3fb74200d7297f9e164b48f548

SHA512
8a1f1e9370ee777ab3f3fc7bbd5dc1498364a319cfe58e4af2e2aac06b37a834c90d1d4fa8ef07e1afd365e725baa69e5722fa0200a25902f6c9b11943297e45

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
63KB

MD5
997616d99101ed43ea72bdd1f2649930

SHA1
16842f63454cdf4409467925360ab42dc725dc55

SHA256
fa235289615ceb5f9b578b6fa7380aa18652cd0a80fbf1628eb9f80046d0c4e9

SHA512
2e5df859ce7b18ac4d86bf22d2850b609bd11e2441733827c96cb0dfb819d06956870c178155424728c39b6e259b4178487935a48eba39b51034a5c698bfc740

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
46KB

MD5
ab118fe6fc6dc5b3dc748be979f08a26

SHA1
26b0520e306f02bb33652086f2330561f33926b1

SHA256
a3d751b4f56834f21f8d1d20e57ebe2158a98f669f159f14cae474ecbc2180a0

SHA512
310439190e544a9c71c73f8171ca1d0cd6011ffa2b2fa9c7ea6b5eba6879934b47267b5ee3e9fa243f54dde1b3dbf9afaffb2684cda33fec61f34e82a8b21f82

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
66KB

MD5
3c7db624f33e24babb124af58d45f5cb

SHA1
31108eee8d3ca491d06a834f941db48bd54c72e8

SHA256
2f332434bdbd56aa56322c7bff0147de4d1be138893a6660fa0d1a6a2d11c3f6

SHA512
a4f33d377e8822b5c11d06a356dde7ffa1917026654846a5dec0e23cd149a6a6934285733a25515add89b2102191842c89e4d910b31489b3c53a0f6218ce5f85

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
63KB

MD5
e41cea8cb5c8275cab58ead5075437fd

SHA1
f8d97398d1185e445ba81a79bdf43a1d54f8210b

SHA256
458fd09a72f5c25a5c61ba0529917f2108d965f15d8eb1440e8614b27cde3964

SHA512
b53ce98c22e812abd7250bec9982bb1ce3e3b4e6187ce792c46c147c81ea37e0a957bf5c2ea608c0f2574b9267858da162968ce6abb9031606ae3c7ff37ebfd6

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
56KB

MD5
f216f6bdc712ba688ab79fc8f80f10af

SHA1
75d0059482f44656176648d55a178ca65cf0dc7f

SHA256
a2a3ec30c1f3efbc15c8a77edaf9539130dd5c580663c61f0aba5e3375204c22

SHA512
7922634d68a3d29f3453b39fed507d68405056956809ecb5de228e962ede69196aff249b2b448d8831e62e499a8c90f30f4be5061e99b3e8c4d74bd4568cac1d

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
56KB

MD5
45b75565ce723422921e2692b714cf87

SHA1
e3bee939fae7cd09c36a8eb3c6700c0a7622a9b0

SHA256
86e166986c8436e813eab631f367728e89ea73b2030c50e5f3a6c7a042e5c509

SHA512
075bb0638beef08214983156996c31b2d66ed1de721a3abd57c72733ea921e405b4bab225c34269ae571361c7ca3a9cafaad4193c2f17226633e46037161bd07

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
73KB

MD5
3a5f526a2dd917052fea18fd60fc9d4e

SHA1
0624eafe1c43bf4fe9ee7b3a1a6023873e17827f

SHA256
ab438594a0d25a266c931266c05cf0d14c23884f22297ff1cb0da29ca1605827

SHA512
5cec254bda6712a3fa637d07d2e49baaa5a083e348689aa16171a640ac2b79a40b0b118ecd76d5bdff7204b59b777700ca8fa7b965d2aedbf8e05addab1f716e

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
70KB

MD5
7a7cf983332be010f378747cc03b0f1a

SHA1
1501deccd8ba08c53969183c88a107d45a4b852c

SHA256
3d6e965422a96279c2cdc97cd9304b16b0b11f160c50ed145562a5928bde447d

SHA512
0a20a782eef517586cdc0eafed24d2fd86df6bf369a07e6adf72e6c73e4e999dd248abf84339021a32ab7d2eba95e0ad949b7ea68a0d2ef51d24bdc26bf1ed04

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
56KB

MD5
975e726daa3a603a5c4bd3dd1507a3ee

SHA1
9dcec30aa8a351ddf4b46de5e7aa3c8f23b58d4a

SHA256
cb13257daacf11fb2ea2531687fc6617d57bac705f001402e87696f31578230b

SHA512
6161e3e667364713b0a939b2abec318a575f70817bcfc41668a6401ad7c4f2ca02bd667aa41856652e664fbbbdb477ef80de1c5d5ffea57fe32475bb90702bbd

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
56KB

MD5
7a6a74ab7dd125b61c573231760107cc

SHA1
c75e0f365dd411027026080e864f2f5b68df438a

SHA256
f2cc0dd6883a8e13b580d36471eba501a98015e8194515443e8c920456a816e0

SHA512
de3fbe0d240eae10dbe68ebc6b3f0c4530240f764ceb21834d4d9bdd89f852666bd8fb20b8ab8bd46d4d0df7d5fdf216defc82e096a85a9fa3f63239bbe0f8b9

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
56KB

MD5
2114139d2aec8cbec980949aeabeb676

SHA1
90c86e9261176ee214b3b699443c65305e6ebb04

SHA256
8700fa019fb1a648b60804acb69da4689fb4d9a4358af690c3ffb80ce19af6d8

SHA512
87b9c357ccdd5e3a96c1207c72c34c935f9b3b423f9543a2f89f0ef28bed231a12be9aa09d2be669528cbe08da6598486fecb6790129746458d49f33e56de282

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
58KB

MD5
6eb164fdbcc7f50961664e6c395f3dc0

SHA1
d2d758074a29f1812635b084e6be78f2b3edfe4f

SHA256
f013e457f0d38151cbe253bdfb716c69cf68bcfe6d9e2217d0c9fe204dad885f

SHA512
fb25300ba6672afb957c5f7c0d49b94e5a60855de668e7d1191b9957f50bd332d6071b8570edf3cd1c8ad34790d4ed1ea49c105d771928363803740794455e15

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
56KB

MD5
069cd2fde162a617f9442454448739ad

SHA1
1b239e980b6204039b0eb5033d667adc7ed85715

SHA256
64771b675e326e30e75cdbf45463cd45a5373b0eaf490752e443b320d11c7bb8

SHA512
024a79129a87196d56314232575d67f7ff5bb3aec8cb6f6ff8a59b147b1a12e425fc1e43c030f3b393d1b3f2a4fe5b96a9f2de1a47a94e665f47aa0b7029d55a

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
56KB

MD5
60c55c9ea0fd844a1a8e3966b2b44e55

SHA1
dd0eaa005ac2bec27916a5122615f14de3639b71

SHA256
88769e4eb9e00669bd2059ea4266f1a5179ce51586924b5f40c94cf8c4081ee3

SHA512
21238c3070b2cd07dc99d010b490d81fb5b3001af34a02aaab33f06d8d0e147ee7a69455b78a46a4da4da37aa27f7fc1888cdc769f1efaa95b28679640a5c31f

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
56KB

MD5
2af628a28c169e317c6fe5df634e48fc

SHA1
94e5615300439be330820e9649c66e5f13f522ad

SHA256
459e968b828826750ed7eb5099ca8130272b57d5add0ec1e3e044d455111f4f1

SHA512
6baa081353bcd98968edda9445ea8061847b1d74c2fdf2ca2c91ddbf790631fa8b6d136c49fcd928afecc8e0ad9313fd8becfbc1aa009773e255d8e811903c82

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
56KB

MD5
33f4f36cae768dfafd2ccecab8a720ca

SHA1
aae12556bfef73f47defd71ecac6042d0007a5c9

SHA256
f3a96da53d6dff90e1bdfa649136cab0330f2763ea0e1aa97d2f1f664a410bfc

SHA512
0a0c0f1b8d273e05ad39d3363affc9d9fdc52780c546e112a2d75d708467aab05a9fbbfe00bc6325ea890dc5bcb64c253a116e7ad0da7bb55371dcea25b4a087

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
58KB

MD5
1f2c1436a610ef5b3fe470e517dc70a6

SHA1
a171cdb4e1db6fc3457e15d6429d6ed20fd34698

SHA256
c059854cdbb71c023a94a4fae8e4f99c3e52b73704b7c00ef3b38fb1cafc88ae

SHA512
1c31f14751606e3d0784802a9c86df1fe89946741fc75026d95c4f6267e1563c6a0adb9e7a45d5747429066f0d8092666c859a696ce3547ebe3176a2b8e992d3

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
51KB

MD5
efa2c0e994237f529abe8e15fb855c5e

SHA1
e1d561dddc6033edaaa65f9f932650b603486638

SHA256
b21afcba554313f58ae085227b453ffce6a0cfb5e0042701952b9754886d17cd

SHA512
716d7dc1714012867b300858e2604a64191a190cd7e70fa890c22a1fc51881a262b264040f0596fca3bef74607fa3c0f1777ea3f7ba4a99dae248b89bf9fce31

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
68KB

MD5
146db3d344be7be5f5e8039f7cced8db

SHA1
b8c06baac5172d9b7deff4f068b8a3f391478de3

SHA256
9c033a404b5d133ab8ce430f6dbb20656f32cc41bd0469d122535de1e6c528ad

SHA512
916729f4887c6f045de3c09e2007796e238df97817a1c1f3012094fc0170ba20322e561d366c6bddad50bdd0442794b39e467ed58b8c183f48b46579d5bda20d

Download Submit
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Controls.Ribbon.resources.dll.tmp

Filesize
64KB

MD5
d08c3a30be469c4d01a1e11d4e2cc419

SHA1
685ad23cf51437f6d68c85175ca5d3eac5c44f7b

SHA256
508c15c5a4125edba57fcdd75b921242ed797ab4ffe3a01a2da4ff84780bb7cb

SHA512
dec925d02be9cf991ca5e6883f1529bc1d22ba2c6cc602142ff043123acd2013fea51beba73e86ffe94a20e2a2a061c1eb1de4e847b2a94888d54ea9aa73a5f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_OfficeIntegrator.ps1.exe

Filesize
56KB

MD5
cc9520da317ff3dc13a591d9379a31de

SHA1
33f8f7f06c426acf0fb7c85da830e9a8d080bfb6

SHA256
4a3a2745269d9e51b587d0acf010e60495299979b576b776453dbc72a92a9460

SHA512
7a5c67653949fb338ad78448fd5367a5b8e64c174fae3037a361a53cebf221b939670a84d8f6dfb437297702af8a83574a00e4d2222a0ee59d581b9022ed23e0

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
46KB

MD5
909a3b163c88a1f5021f815b56141dd3

SHA1
07422307431737b7a9f039c005fab4e025ddc9fe

SHA256
68c37ff92e5f88a42f400aa817effa44b4fca1c046d8a9838b6cda6877522758

SHA512
61738d71eaab1059b1f5ee0bf76c09afef95bd8195a2f80570169a5a15cee013f7b1754d544ed4bed5c74301cf00ffa1d11a0de184f62d3c8b828bb14ca0f045

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads