d6d9997bbce78327ca8098190d38906b3630b074ecf45fa9a85895578ae8a960

Analysis

max time kernel
149s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30/06/2024, 02:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d6d9997bbce78327ca8098190d38906b3630b074ecf45fa9a85895578ae8a960.exe
Size

128KB
MD5

32ab8cfdffa4c831088740403f694169
SHA1

59ec0e9df4d64c1cdc798cde39743ae47f6a7702
SHA256

d6d9997bbce78327ca8098190d38906b3630b074ecf45fa9a85895578ae8a960
SHA512

091e4ab349ab8a9e6e4794ba5a3bad5122b4982bd9e33f392a9c1c3f120f3fc0907ffad8331fe89f7355ab10fe6edfb53d20431ad2a81fcf98a599a141df9cfb
SSDEEP

3072:9QWpze+eJfFpsJOfFpsJYuflgZhZNQWpze+eJfFpsJOfFpsJYuflgZhZm:Lpe+eylOpe+eylh

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5231) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
3412	_MS.MSTORE.12.1033.hxn.exe
3480	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	d6d9997bbce78327ca8098190d38906b3630b074ecf45fa9a85895578ae8a960.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	d6d9997bbce78327ca8098190d38906b3630b074ecf45fa9a85895578ae8a960.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\.version.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\sawindbg.dll.tmp	_MS.MSTORE.12.1033.hxn.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmic.exe.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	_MS.MSTORE.12.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClientSideProviders.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Input.Manipulations.resources.dll.tmp	_MS.MSTORE.12.1033.hxn.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AdeModule.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL120.XML.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\public_suffix.md.tmp	_MS.MSTORE.12.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ppd.xrm-ms.tmp	_MS.MSTORE.12.1033.hxn.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_pt_BR.properties.tmp	_MS.MSTORE.12.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-oob.xrm-ms.tmp	_MS.MSTORE.12.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ppd.xrm-ms.tmp	_MS.MSTORE.12.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul.xrm-ms.tmp	_MS.MSTORE.12.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PenImc_cor3.dll.tmp	_MS.MSTORE.12.1033.hxn.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	_MS.MSTORE.12.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Core.dll.tmp	_MS.MSTORE.12.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Specialized.dll.tmp	_MS.MSTORE.12.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\DirectWriteForwarder.dll.tmp	_MS.MSTORE.12.1033.hxn.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\lcms.md.tmp	_MS.MSTORE.12.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-ul-oob.xrm-ms.tmp	_MS.MSTORE.12.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN011.XML.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Reader.dll.tmp	_MS.MSTORE.12.1033.hxn.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fr.pak.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemCore.dll.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\lv.pak.tmp	_MS.MSTORE.12.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ppd.xrm-ms.tmp	_MS.MSTORE.12.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHART.DLL.tmp	_MS.MSTORE.12.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLEX.DAT.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	_MS.MSTORE.12.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.dll.tmp	_MS.MSTORE.12.1033.hxn.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	_MS.MSTORE.12.1033.hxn.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	_MS.MSTORE.12.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-oob.xrm-ms.tmp	_MS.MSTORE.12.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationUI.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp	_MS.MSTORE.12.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.wordmui.msi.16.en-us.xml.tmp	_MS.MSTORE.12.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\index.win32.bundle.map.tmp	_MS.MSTORE.12.1033.hxn.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\LICENSE.txt.tmp	_MS.MSTORE.12.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-pl.xrm-ms.tmp	_MS.MSTORE.12.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\CalibriL.ttf.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.tmp	_MS.MSTORE.12.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Controls.Ribbon.resources.dll.tmp	_MS.MSTORE.12.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemData.dll.tmp	_MS.MSTORE.12.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\TYPE.WAV.tmp	_MS.MSTORE.12.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Primitives.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ppd.xrm-ms.tmp	_MS.MSTORE.12.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ppd.xrm-ms.tmp	_MS.MSTORE.12.1033.hxn.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TextWriterTraceListener.dll.tmp	_MS.MSTORE.12.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\mr.pak.tmp	_MS.MSTORE.12.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 644 wrote to memory of 3412	644	d6d9997bbce78327ca8098190d38906b3630b074ecf45fa9a85895578ae8a960.exe	80
PID 644 wrote to memory of 3412	644	d6d9997bbce78327ca8098190d38906b3630b074ecf45fa9a85895578ae8a960.exe	80
PID 644 wrote to memory of 3412	644	d6d9997bbce78327ca8098190d38906b3630b074ecf45fa9a85895578ae8a960.exe	80
PID 644 wrote to memory of 3480	644	d6d9997bbce78327ca8098190d38906b3630b074ecf45fa9a85895578ae8a960.exe	81
PID 644 wrote to memory of 3480	644	d6d9997bbce78327ca8098190d38906b3630b074ecf45fa9a85895578ae8a960.exe	81
PID 644 wrote to memory of 3480	644	d6d9997bbce78327ca8098190d38906b3630b074ecf45fa9a85895578ae8a960.exe	81

C:\Users\Admin\AppData\Local\Temp\d6d9997bbce78327ca8098190d38906b3630b074ecf45fa9a85895578ae8a960.exe
"C:\Users\Admin\AppData\Local\Temp\d6d9997bbce78327ca8098190d38906b3630b074ecf45fa9a85895578ae8a960.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:644
- C:\Users\Admin\AppData\Local\Temp\_MS.MSTORE.12.1033.hxn.exe
  "_MS.MSTORE.12.1033.hxn.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:3412
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:3480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.exe.tmp

Filesize
128KB

MD5
862fbf9b4456ee45a83981fdc418efa4

SHA1
c9cdbdab1605e6caa8d5463b2bc6d7817141bfcb

SHA256
d7422f27acf13bfd10287aaa97e2d66fcf23d50988742ce5d21a100d45ad29ed

SHA512
65bf6d5e1ce9746a563561a5127e0d74d355d304efe01659fd933411f55593e98a2e7aa259a36ff57a2a041cd01f857eaf3307eef675aabe462c241ceac2e4e0

Download Submit
C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
63KB

MD5
aaf28f6317b2064288a26be74595d19d

SHA1
a36cf296655919155e56fa4a0814382d95fcb209

SHA256
bf03799616606e2266f0d8b5c402a711e00435c899fa6a865e2fa95eb216d7b9

SHA512
e3560a1e835cf0e67af29201d2b0359d83d1e702cc8a58a840ee0de36db79098e2238f3c9542371b142faa78878bb185550a3cdaa1d42aee3c1395f22cc01368

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
176KB

MD5
e4c6cda9cfb6312b934e2fa3dc405595

SHA1
4472cd5b3e586b6bd34ecf0fc7b548fb1edf9ff6

SHA256
8082212ec0067337150681a6e5a272e5392c89c0dec549e84cc6609697622beb

SHA512
82e7a1e83750c4845d4a6bf903a97c531eebf43eea6609c390f70b01932f563181d9822fc637b058a0130df57e83c877894c47fce2005e4c069b26f7820440ba

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
129KB

MD5
592b50506a36c51d92ae62c52e30b347

SHA1
23c528008e835d1b847edbe32c711e674de06476

SHA256
ae9242c0be2225a2135ef9de7ce51f51d5a865f8783b94b9c436dfcc7c473424

SHA512
7d535acfbad2156986e912ff3d6a859aebc685cd07f74ff9a782801eca6697a80009feee7406d16a69d383e117e43af3f47ded8d521934390eecd99570defde2

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
0d6a0f11bdbd8e4c562b3f86919fae7d

SHA1
968e3486174fed9bad2d77fa7139cb1fa866dd0e

SHA256
f35fd6dd0eb7c0a3032dbe65c8a32a6e78ffd41491c02cbffbd092275a23ee2e

SHA512
69014c02702dae57fb1ef01c53819511c93ce4fabd2d625554e699504ad3d9cbd2cfc58ff281ba4a56fc429136ac84704f3a4fb66fb2ca99854664f7c033a1af

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
273KB

MD5
e7def42cbc5e76b278593c1d2cc3f52f

SHA1
9722a96feb48d4681e6e77871ec97e2666bbc211

SHA256
7f6009b7c3735593487bb82f1725c7f300c199e76523218708f48204686b6b14

SHA512
11a596abf19226c231ae39ed6bc09be136064c83e8e1aeade0e29874b9f679250c2d74fc9ce3cc0e06cc49b90844d879272a6fa637f331021f1ab93d5ad6ec59

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
994KB

MD5
1f532e20501e630312da57893e19a80d

SHA1
3d7b3e0a136e5cf39dd3977258691127cde03dd0

SHA256
1623b396528e9d004dec0ace478c8d9639193f1b08b49d2038e171f05650ecc5

SHA512
a42f62be3cfaa3a5198a0bbf0d5118b88df553ef60f67fbc4403d9e3077bf0c2c140ecc0f31af45b3430e627c0861f0e1b7048bcf29738dfbcbc39563006b6d7

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
748KB

MD5
91481d3d845e9aee079d5a1473c8dd57

SHA1
b5ae371b53a7f8d09bff7332e66675f7dbb33d5e

SHA256
5f708a7cb140b48fec3339f0cc2dbf7bbe55eb1a672fe40a2185300103965bf8

SHA512
b2b0dee2bf001fc9ac599b0006c16dc3a77fc53dc64f2556266e64c48fabdf744ac5cd7d05d95a3601178ee7c3f557272705d7436fb89cebfc16b84ad837b792

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
74KB

MD5
fefd7417a4a1b7976754be3578709484

SHA1
8398481e58afb6fd760c7d9b2366f7974eb9b577

SHA256
bc80b9ed3d496ca130f1da0ba1d5af93858290ea896c647b2170511f4375521c

SHA512
a2618f73b94b1efd43f72205948f3708a1cd1e6f8ce99f636f698db81f0880a4cbf058a1ba9d72996bcbeef831306c7f39f7883754b8724bbb375503327a74a9

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
72KB

MD5
6e9c49badc6e4462a4fa9af077879dba

SHA1
301a3a730a42696e757ac39ef13b6bfea3150a6c

SHA256
9f37f2986361b8212d0c1ee16ea787b153180273ac83f65503b57351a0bfc0be

SHA512
847e783a4375404d605164a57b70206e2da09ad1ff91cc9e4f95cb976e77151208782c7b401f5ad5d7cb2dc8ee99c1bbe53d570e9cf9cf3dff5aacc8a244082c

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
68KB

MD5
4d8c96f4477f753b5a359bad37e117a1

SHA1
2f85a8ab61a2cc846198cf474853dc31851c9147

SHA256
7efe811973cfa94e393185592be4b3ce17cefba58ce46c5a18ce5b206611f41e

SHA512
d9d4adb03162db9afb337c6146c11df6e5010f6911a1487c616c99305ff7d6aecb8dcfa8b53bacfe31ed04f949089b37330f2222394d07f30aa869466227b54a

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
73KB

MD5
01a94c6a7959a0caccf63564bbf7ef0b

SHA1
8da3860da5f03d11114a7c0c47fcaba007681c83

SHA256
e29d2b4ec18fa21afcbe62044afca7f83daf318b152a1506b781d375a4e4e399

SHA512
27d97559ea6d4ab3bafcc7e42bb760af921e2154a254981e78617b284012fe6af0473ad31af1ee0904a2bcae9f33601c666cc5018a8a3b7c852ffd5a86ee7d4c

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
76KB

MD5
28b26ff23938b85014343a97b7095bc1

SHA1
881b0389fd9eda23f914741a107fd2ad92b7c60d

SHA256
5660d5e9e9bd1efb6b486ec88b9264e2106a565ef10a809bb2f2e75471d02aae

SHA512
810cf48f42c88553f17e3d324866ca0ca06ff661edbd117a6d1e489838f2bf9751dac7053e7e8c19afd982db7f2c7ac930684948febfd65f54094df134224a36

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
79KB

MD5
408ee1bd5b82a5bc914f7128c07d4e47

SHA1
0fb3008e29f72525240d7d8c337730a2bd5f26ee

SHA256
92731a379ec128ee184867613d85e9c495d116f06fbd0ebd7f1724848cb19b96

SHA512
b81036465193309c799ca88182a0dac47317ef75428e9c96e34ffc427f199a7257d0b2942920dda27616d20432afa54757cafb75389ac48b450f937729f27fdd

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
69KB

MD5
49410ccf2e67bbd6bc7680b9592605b5

SHA1
54e3efc780787a13408030c6095a04262ad4bdb8

SHA256
977130dae80adb7e97b8b6baac4c7a3a9350878a95a44704d99cc4ef813eaa4a

SHA512
6b891fd2aa6ca05ef319350816cb97bb2558ecf18f7c7f5e0525c4d58b9a6bbad87b6db3fcdd9dff2b08f5936b9b44ec33df1f9ffc50fe65432a5317015c0104

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
72KB

MD5
87b56a39b1b81b1b3c9cbf484a069e88

SHA1
20c7ddb7bf1e4f3009eaf0b0b9c0c5317704fb52

SHA256
cd1db6c1faab9404c4d8f6b5fc2aa9750db8446d04a227c45f843d43c5bda920

SHA512
6b141de6f486a84a332b1de13d236b3fc8b21ea57eaef2edb140ad7d5ef183a0930a998051a31b27bbd85d08c549c9b90cab20d8e1853b1324479edc00e6a536

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
74KB

MD5
63b3033565c2ecbf25247d93bea0958a

SHA1
3746d1c4ce32ea67bd723c96ef5d2135ca82289b

SHA256
5b19ba4cdb8ddd74e5478d250804009e978d929015a8a887a9b7d0bca0664c75

SHA512
70e07d502d0a1277a509736b8aa0aa9c8268e47aadc84c38e2e74e5b1a4fe2421b06a09b39c434d356e5852ef1df9cfac4cc8b705916c4f0012699aa6fd857e3

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
72KB

MD5
437831a16b5bd4d5f15a0fb7b24ed3f5

SHA1
20859e724c4f7eb00768e95ff27be6a2dce34268

SHA256
d0f55f3b6574d2b0c035170eca11e039fb81181946f3483efc1bab7efcb6952a

SHA512
d8fbe89abf61e7c3e3aeb5b4bd2f10ad5223800f12c1ee520aa26a197c0756d843a15de228bd33309408c2b3dda5c1f991a50522d8fd0634b302854644c08712

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
80KB

MD5
69693d67fcc850c58b6b97fecbc1af5f

SHA1
760dcdcfb5be51cb676406d6d3e1ba54fc23db93

SHA256
72487181e767ab325e5ba104828acae05b39867d73133fe458b54f7a5d1a4110

SHA512
f3171887e14661dafd21554df6cc1bd6bd90118f152477db75efa26ae948f58d8a07f78791efa3a3d848bb7d849d112e4d480264b6a4b5fa0067d0bc307fc491

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
72KB

MD5
bb8051a88b01b080bc8fe38c0bd7dce5

SHA1
7cb320fcc6bb940c3a9150000dcecc3acba61e34

SHA256
997f55dad6c68d1432362274259fb7b8c2c25331c7dc728bbd4cd65bdeb299a1

SHA512
89fe7ffd43a03bb910548a2dfbba6210652adbf49eeba0ee7024517aba3bd2555f4fe9a5ba31606bab59f94f4b8e2c5f76af94ceb90d2ca2e7cba52edca4cef8

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
74KB

MD5
cbad1da628727a81212dd718448c8582

SHA1
8d6e9f7b0389a97ca5da7624cbe325e59ddddb76

SHA256
115cfa9ca14c00737e5aa8880062dcca784e338f94ba9c77f653a70337da804f

SHA512
710cd38d089c8e728239c44b9c0ad9791b0262c60c152d92e1d1d15201e371da93ddac79cb38f112cf96f25789c0fb56140f492530dd00320d0bafe0a46bbd73

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
71KB

MD5
a17686a66513adda80dafa372fefaafa

SHA1
eac455246d518660e8bed36721a02723c03354b7

SHA256
98c879bfc2a5a5838e58255af2fc3d4e011a1d80b33badb1a9c312e070d7122c

SHA512
ae3c961122187a432dc4312268ab7f28bbac0fb0ac597d4c12bb30dc3e1bdb0329d535bc7f26a8ea02bd4503344b1451b746b3ba4a8cd7f2501fcc449bf5cd32

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
72KB

MD5
d17e0504f7b0fe6fa68cbd015ae6b138

SHA1
8fba9711362da8ee64db606e46b12dc1891c209b

SHA256
0a409963da1665747686ea6ee5b44b2a8e9310242b47ccf638dbb1662075a179

SHA512
1f5c1d12851498890c8b5c0025afb0e9196a6d9562d70a2d1339042367696a3e11ac36b8c61b44207b2580524d16ff9a520354458c2a134506d5520ba4029b61

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
20KB

MD5
bb8a2daead6b220f1ab5be1db32ae0ec

SHA1
6ab4a91cf97ad593714fb937ef141241735d1a60

SHA256
527eac8d31fb84a7f8bb85794a9d403c78edddbe3e2b1b3861d89ce5c6bc5bd0

SHA512
9e21ed09948ec41424ca9a7ac542f8f3331710b66dfde86e8d83097a4ee21ffda86c1954a9f8a8718be25feeaaadfe86d5b088914bdfae94b8660c3e285b822f

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
72KB

MD5
c79d9ef1cd6c2164d8d09d5ac58ffd1d

SHA1
5327674e6a3011b30cba49ef724735e37e19ebf7

SHA256
505f9b3c94909ef0d1385ef09f40bea82b982931fd4bb86563c01f4ea84d9541

SHA512
7d252b452d613ea114aeac58e374ef0a64b39a8faa5a9461c83f409e04b95c56218594273324162abeaa2aec6a44d275b985cf27d715c538ea88b4da0cbae767

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
71KB

MD5
1b11f6c70c2c41506c9af61be54f0a68

SHA1
7b817f5ae62d1c9a4579d0888715a29af176ca4c

SHA256
1cabad9a46d97e53824d553495c30c8035e4e3e825ef74b5a3f78dc031491948

SHA512
e47206ea9588a1ff25655dd4328f2e10b51a22b868f7cac9df9664ebe08d0089dff4da53a6458e93c54933cd5dfe6ed5877af7a5fca8a5f94ed7c2fed69e60df

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
70KB

MD5
8209a8a347f4665727b51349abbf72ac

SHA1
db5f4ba6a429ce35da0af53e66e56379defbc5a1

SHA256
ad06e7d2efa25435201b2de7b283e4707e38e06d8627079a8b3e70e67ab61651

SHA512
af801c655bd852d39bacc5f2e9a6aa507514942a2c4282b16ef4a31f9e1ef1ea6cf357d4071d253a5541abb80de51f9cfd38adabd596aa919cc8e01c58ff24f8

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
73KB

MD5
6d744ab291a9ee8dfb440218d6d902c6

SHA1
33169377acf302f0e4c14fb52cb46aa486b6cf9f

SHA256
e0b8749d7663636d90135e3bd0dddc86c171a93a33642dda06579ce633603b3c

SHA512
88cd6579aa6bd62ee2280a6f08745a404db712b90348602f46dd897e9621a1284d6732eca2509ce61818d4feea145dd2507c0cb8ba6a557eeaab0f5dcd684d6f

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
81KB

MD5
639ab344102bebae72db746101918bc4

SHA1
f51850da70799c591756192dce3773952bf87ed1

SHA256
4065a639eccac0f58a504f5906005c1dcce5214707dee687323c94d435b1f6d1

SHA512
224fa2659a85699a7a0e14f42b6797dd8169b88bacb6534d302f2a2ef673e421d8ae7e08ed6e8f93441f0425c3b55e55b1ccef1c50f428e652180c531c5bd95c

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
72KB

MD5
c5db72f17247447a486564c379cd0557

SHA1
3aeb492bf8ff13639a350d31b8f7335b83b5dbde

SHA256
136910796d8ffac25039c8013ec79095f664a19355ad6358e1a5bd109cd8b9ab

SHA512
26a7dde7eb38e3ff48e9a26a0a9001afcf09624f7e97d95ce854dc2c42e05db6f1e83c53a90ccc3078a18c80c6547e8a2496ba6f0560c3339e9b3af57191755d

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
78KB

MD5
f2fb0ed0da6a881b37b5d2dc456ea8c0

SHA1
a82c8c2df5e173af80d01e650fa1ab8900d8c89d

SHA256
d1d4529ac5a839bd4bb803edc0597d6dcfd656ec138f987eef979a2913fdb678

SHA512
1e26145cdc2db0dec3bbef454fa3469a0bfdef49cce8a15568defb8e57251eee172ad558171b6300552f3daff0991fc1b0f9c5305abd9ec759ec551d67da3e56

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
72KB

MD5
d117b4636e4eb59768921ba67b2a16dc

SHA1
85011b3ff484945c3aa36b518bdaa8002177e196

SHA256
58a7948f331b7bdcff6b02db087ec2661a7eb251a4b187b0d4108a4e3c28113d

SHA512
db6bdc3e57a37ed44932890a83cb9495eccc49daa3309831f40596d622113d16a41b5a8dc08258deeb6f04a514cced9d19b0c9e61e9c391987b51e8ad288a760

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
74KB

MD5
bca8236a082b9822a3f13da0c33c19c9

SHA1
e1792538e105605cd50d79d3a71b63222d82862b

SHA256
3edf74fb6381361a1d1ad028798d11db5561aaa52af1acf4a29f2409ea9101d3

SHA512
646ab190dc23288ace28111a966894456a2c31af129864afb7286128fa195ed7dec06828ca75095ebd4adc98f866e1e43c54aae08a5b9ffd6c7c3905b37c17d3

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
72KB

MD5
e2c562844ac10f5e9537115816b6726f

SHA1
5b39d3898cc9965af1c325fc8619a0c5d675dbdd

SHA256
9823bab099d77864cd1658b64997502c92e83409b7ef84c9cae8c1583a036ee3

SHA512
acd77120197dced49c6b29435619796ad3aa95770a294c235a098979f366a2f96efc1515b3556254403cdfceefeadf0c010b18c0b5d3383486fecc754393836f

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
73KB

MD5
322ffe763f3ba63d961390e36d31a933

SHA1
e7ad7b8b22671b35c76d41a3b09ee6b43cf7c6e0

SHA256
c40119a57e810b9ae8b866e1e30120d439f5f80231e124d102eaec0677a9e5c6

SHA512
83f448bb46c953033586198a6d88153ce805591901671321926801f6e46b027baf37c2feb9c5c3c2a3127f19f9ae4dc71c80d30d787cfc8b6a69e0ab01bc765a

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
82KB

MD5
171d5ea2528fe17e79e0248eb9262118

SHA1
ac76d1b81fe2e17e7338933c2f2b752db0d5575f

SHA256
65db834ef546104a1e7bfc01f66c36053beba57cd0b9f3bcc9a9f4f04166f00a

SHA512
7e5aac621ed8cd83a68e5c9728935597b96d5a2907af1994c2c644970b360c1ca48840e306b1061fc62e18dc65d1d6ec4f30e86178a986c93926f31bd9951c1f

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
74KB

MD5
3d538088df6e2be494bf227b301c9eca

SHA1
aca4146867742111e3d2d5563122992c8eb9213c

SHA256
f0a802b581dbab06caf5c271209cec5ad5e81494ff509808554bd3956f7e5e53

SHA512
97c0ea7ff58b18116cfaf82d706a3d5a64e142ae986a52f2606fbe2c7721681ea3fd986270dd795c7d44ee4d42e89c45b8efee98c14abfa98e0d48414d464a56

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
74KB

MD5
0f0b1e9a506b10c4464f8a544e9871d2

SHA1
c761ee5462a164a4bb43d26f065947b38e9bf335

SHA256
577b30c8d1746f31fc8a8952de5c712695bb9db46d2c60c34779dc071a1019e3

SHA512
c02fe46f13ea9b355108666e1df63f0e597f85f56db95982b5518ff8c9c6b6f4d08e505de39e95b66569e61a3bb73220e6c129e1299cd3f1ad222551062b2d48

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
70KB

MD5
788b9e1331c52e07b18c8059b2744ffb

SHA1
f19e64e30c7969aee7e134818989156addffc7b2

SHA256
04bf779cd992abf30a9474d709631a200154ccdc44ff00dbca3cfde33cc027fc

SHA512
d6ff8ec041e9e8ebcd0d65f6adab3ff51ea438e214ec30708b6578b05b7decc9105b8ce7351f61286b43f278ccc980feae9212147fc452506e7f0e5fd0af6f14

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
76KB

MD5
e5c0e8e134c4d0edfe696ac60c773aed

SHA1
587df38d4fafde1992354d657fd9024fbe1fea75

SHA256
1f8d26ba26ed6fb6932babd6755364ae957ee23c8a2dca77bbf11ad6ac8328a2

SHA512
a0c8f30cdbedcfeb4ba4951835b16c9e789d35980d10df304472ff0a3e6854d2d62f954b6ce20a2f51cdcdde4cf9395b389beab4c200168492269d53f413640d

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
73KB

MD5
a65c4f2b9a9570977b2009b7dac612c5

SHA1
676d410e72766a32e36cf32424801145e8fd496e

SHA256
6fdfea0efe34582de4ffb0e84db127f1e62acb9f1f0974aa5117b36d073203c4

SHA512
43bc9eee4290eef91bca6a980371c88f2c59b687602411e8a722bf379e0bc1feba7b793fdcaf6384a51ac73955292c8194a110de6232cb92d4485fd9a3d70241

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
73KB

MD5
2d26029e9b917fa5ce7b915be1d84865

SHA1
da9176c8a818528bbff5dad30ed09a35c6c99179

SHA256
e5c8a8f1eab09443933e0494d9f5d2460a9579d504e4203eb29871e11a8d6638

SHA512
21be8e3d9611a6d119f3daf5274d25112f9a527728fabbb01cf3a71dba9f0001091293fe63ef9c0f6903cfe3edee314a9254eda4d1884f12fab50ebfb8ed15ea

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
72KB

MD5
46959ed6f4fba511f66f17a6b8ed74a2

SHA1
8956aba03c98c54d542053783be44547a0bda668

SHA256
fd3e12b54d366079e4ea52f6c5256e2bce0e913c6971ce0550ed431cc4c6eca2

SHA512
586e2a273d50ec9cc03da6c9e047932a939c01e41b9cb03f1752055e352f920622bc765f1750078dd49ed2a94e0013251b6546531074120a2f672366a7440242

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
83KB

MD5
43e37c9a407b8b2d11cd2ed452554c85

SHA1
2654323d3353ee81845479c8a0ab9466a7c1a61d

SHA256
946f619979a4ba37135f483789025003ed14f61eebb2165e0dd275b6a4e139a8

SHA512
3b86f36173232bf98ace64e15e27242db1ae92d62b82f9c5a7daf7cf6d8f3a3084caf6d0877c134e3906d9a5636d01bc5aa63737731b202932d43fe86ec78856

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
84KB

MD5
157a6ca921243bd0277067b9c0291ffc

SHA1
a776bac11773a8516cb8d29fa62d0ebd1745604a

SHA256
a74766c6f04bd23a9b1351d1b27f7a0a5c1ec13a0179ce874e33b37e04cc65e8

SHA512
57a814f52ccc0677109ce68183ae059c8d26bf4dad200f450f80616277af30e30296e236794fe677ad718053ac5ae72ff464428f7368a9059de88a14ecf3278d

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
74KB

MD5
1935b2288c06928b71a86bf2be026be1

SHA1
0917f3ae749d31d67aef75185083a09dc786b153

SHA256
3a127502ca144411c546398cb9b1f1de1f40e153b07c9beea0df828c1e645006

SHA512
be79a025f51b9d215f2bf6fe0cea3758166398599de2eb97124bc760bb67e88c7a4042a07708a7dc424632aa2df3f17bc85263886db9ea64d7d2235f2f987446

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
77KB

MD5
229dd11b1783fdbe4920db1f82443f1a

SHA1
6cf5dab0f0293aa345623db648374f88aef2881c

SHA256
e93f3cddc11592282a58897be8b842e916c4287cfe56e640f2b8ff4e5809ef16

SHA512
e9048e6f8adabf21961b60f12af62a137da6f246e6a3d5063540bbce1657ea212be028953a529da0298fffba5b4ee1cac1f219aeccf5e314ef73c0a371d8bd69

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
63KB

MD5
6d997f59e0ffb19a6f62dafe5ab1cbb5

SHA1
c0a9469b6e50221f85c0791de1d075dc67bcb602

SHA256
0dc0bca0aa277572c98006e7ccc4b79b50c8b66a002692feb616a614d8ffb6b7

SHA512
528fb0854b54842cf9b6d032ee844bed9438a4ac5b2fed0f51e1068876bf4f187a0b71c3e327ca562ee3b966621a34ab39c39e73aeb5dcb82648199fe981496c

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt.tmp

Filesize
74KB

MD5
92c3267ae910d28a954bfcda15be1760

SHA1
f6a175785354cb20e9073315467fb8235eaac111

SHA256
587c06f37e0804fa1dd1e668ef9843601b0b9ed33e4b7b6c8f1500e52656f522

SHA512
21398da2c32e2909528ae4142b0d9a052d06a9f44079d877b621d5e3dfac876b5be41471cff26c885c5929ea55f61db77974eaf68371ff2e3590ce5073e05c4d

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp

Filesize
72KB

MD5
0b1b52340d0341c019ad7c51bf1a38b1

SHA1
11c6cb4c59e54de942bf6e1b3beca1039ca4cf94

SHA256
04e099c962fa264547a77cc465ecac9daed2174729a06aa244894126dfad357c

SHA512
de87397f0db22b575a0515564299277c595d92165be28bdec4dbaddefb9e4cd90e94d041310a47511ab5c1fd51dc7d2e0597dea80f83d07f0ba5573c20473a1a

Download Submit
C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

Filesize
73KB

MD5
7c538eb991922178dd02367e22265f06

SHA1
29bfbbc0c8f5276d6168ec5a391ffcb31b3a1c71

SHA256
6e0b60c68892dc36edf5f0253c85096db4e538fc98aa1b34b2ece1812693a077

SHA512
2abd5616792f97c2f61ab9db1e42a66528564a1e37bcf1e9f08d10cf90ad4707a8744e2cab57acc3be06e7a98f487d89364568a306180e4c516f5063944f6707

Download Submit
C:\Program Files\7-Zip\Lang\pt.txt.tmp

Filesize
73KB

MD5
a75dfefc0fc9a2b60ec17401ed8f7dae

SHA1
d1f6aedf57b5de64ee5c4a942af0b1cd44f7ad0f

SHA256
858ddfba6320341d0607744ba9a4f51a26e1d6ce5766f941efdfc0d3cd340719

SHA512
d3aa485c02944c734efb859bbce14705ea2386b9504a587869e7287bcdca2a51580d6c3e21b511f011a8cf1369a8480359b27822b6c04f682d117d370489c726

Download Submit
C:\Program Files\7-Zip\Lang\ro.txt.tmp

Filesize
71KB

MD5
f9af9603bd99d85565980ee7423e26ae

SHA1
0b6e6fd3ef7c7ec01617d6c00dd2134f7af36ff5

SHA256
6f6f62e48fa0b5285d81b5a4449112d1e5a5d6216be676fa8fa00eb91fab9682

SHA512
9b800925bfe7eab07d8561d11bde8c9ed9d10c78f06183fae16072ac67402c7fa60ef5ed337c0fb3b988fff8ab55494379d695526f037faf1bd295d931ab2208

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp

Filesize
73KB

MD5
8145da35f66419d5b79161f442b00b00

SHA1
3ff2f56974ee0285372d161733746d4716fee360

SHA256
30cdf60cc507a298e2f77b4569f628d2a13d89ab82a9b9d4a9dbc8e2f25e93f5

SHA512
29a364067c62d539c684ea3bfb534ccadd9cf926d24a22e6bba78ea4e2130a255dabbcafc8b9bcf6a7fe6bf37a2efb5275a236bf659b78d54d1a677d57a92782

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MS.MSTORE.12.1033.hxn.exe

Filesize
64KB

MD5
6ddb008a6aac549d643398ea903ef864

SHA1
0f3f1ab39cd3be8505982b385167725917b2ee1d

SHA256
7291ea16658b2068ee2b82cc17a7bbdce56304eabae287209bd2a03960ed7ff6

SHA512
0501df2fd71c01a4b8ca8b199703da1eb697f2374d798d73be8824409721ae996cc82af702e1f0ff9ad5cab083be3d7e3d72d878058d94529dbd9e2d16f08067

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
63KB

MD5
c29202b13e6c635855444ab15c2161fb

SHA1
001c8e1f5a95631a86eb225dd3fb211fd4a9b110

SHA256
1110db359de700d0759af18202f3f6eb8da24fe91bc4c6cf910031d729f631e2

SHA512
992963aa0c57aed22d1b635e35611196424c63f8de96e8fd2bde61b4def1ab720b2f97195ed5182fbf50c22ecec24d6a2ab79d0686a65c6a412f4a5cef671201

Download Submit
memory/644-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3480-11-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads