9226a2af80360c3bc95c04ecef943075777a8b20fc4c7b91aa4610e91a00e6c2

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 00:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9226a2af80360c3bc95c04ecef943075777a8b20fc4c7b91aa4610e91a00e6c2.exe
Size

166KB
MD5

d692f8207363a7be473e8646c3abc554
SHA1

1cb043afff7ef5dd1b33d2eeb6dc73fe1e59b2b0
SHA256

9226a2af80360c3bc95c04ecef943075777a8b20fc4c7b91aa4610e91a00e6c2
SHA512

e08a2b8e4c23b2ec3b255071673f4831879f4fba05cd400922cb88e57a5206facf26ab0a03fbc2c737892e2ef2f1afcc6b6e4411e02143a611b73f84b4ee3ce0
SSDEEP

768:/7BlpQpARFbhWGUKBb4JxobNH3bG3bnEXBwzEXBw17BlpQpARFbhWGUKBb4Jxob0:/7ZQpAp+KBpbNX4F7ZQpAp+KBpbNX4z

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1670) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
2028	Zombie.exe
4236	_MicrosoftWordpad.xml.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	9226a2af80360c3bc95c04ecef943075777a8b20fc4c7b91aa4610e91a00e6c2.exe
File created	C:\Windows\SysWOW64\Zombie.exe	9226a2af80360c3bc95c04ecef943075777a8b20fc4c7b91aa4610e91a00e6c2.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui.tmp	_MicrosoftWordpad.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.deps.json.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Dataflow.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationTypes.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp	_MicrosoftWordpad.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsFormsIntegration.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll.tmp	_MicrosoftWordpad.xml.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp	_MicrosoftWordpad.xml.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.tmp	_MicrosoftWordpad.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Memory.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll.tmp	_MicrosoftWordpad.xml.exe
File opened for modification	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	_MicrosoftWordpad.xml.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	_MicrosoftWordpad.xml.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	_MicrosoftWordpad.xml.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	_MicrosoftWordpad.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Formatters.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Primitives.resources.dll.tmp	_MicrosoftWordpad.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrjit.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Brotli.dll.tmp	_MicrosoftWordpad.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationProvider.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	_MicrosoftWordpad.xml.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationTypes.resources.dll.tmp	_MicrosoftWordpad.xml.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tracing.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Primitives.resources.dll.tmp	_MicrosoftWordpad.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\.version.exe.tmp	_MicrosoftWordpad.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ObjectModel.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Extensions.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationUI.resources.dll.tmp	_MicrosoftWordpad.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClient.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationFramework.resources.dll.tmp	_MicrosoftWordpad.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\netstandard.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Native.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ObjectModel.dll.tmp	_MicrosoftWordpad.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.Messages.dll.tmp	_MicrosoftWordpad.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClient.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Input.Manipulations.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.dll.tmp	_MicrosoftWordpad.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.DiagnosticSource.dll.tmp	_MicrosoftWordpad.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemData.dll.tmp	_MicrosoftWordpad.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationCore.resources.dll.tmp	_MicrosoftWordpad.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Xaml.resources.dll.tmp	_MicrosoftWordpad.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationProvider.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	_MicrosoftWordpad.xml.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Primitives.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Metadata.dll.tmp	_MicrosoftWordpad.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Writer.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Xaml.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Primitives.resources.dll.tmp	_MicrosoftWordpad.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	_MicrosoftWordpad.xml.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.tmp	_MicrosoftWordpad.xml.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1744 wrote to memory of 2028	1744	9226a2af80360c3bc95c04ecef943075777a8b20fc4c7b91aa4610e91a00e6c2.exe	86
PID 1744 wrote to memory of 2028	1744	9226a2af80360c3bc95c04ecef943075777a8b20fc4c7b91aa4610e91a00e6c2.exe	86
PID 1744 wrote to memory of 2028	1744	9226a2af80360c3bc95c04ecef943075777a8b20fc4c7b91aa4610e91a00e6c2.exe	86
PID 1744 wrote to memory of 4236	1744	9226a2af80360c3bc95c04ecef943075777a8b20fc4c7b91aa4610e91a00e6c2.exe	85
PID 1744 wrote to memory of 4236	1744	9226a2af80360c3bc95c04ecef943075777a8b20fc4c7b91aa4610e91a00e6c2.exe	85
PID 1744 wrote to memory of 4236	1744	9226a2af80360c3bc95c04ecef943075777a8b20fc4c7b91aa4610e91a00e6c2.exe	85

C:\Users\Admin\AppData\Local\Temp\9226a2af80360c3bc95c04ecef943075777a8b20fc4c7b91aa4610e91a00e6c2.exe
"C:\Users\Admin\AppData\Local\Temp\9226a2af80360c3bc95c04ecef943075777a8b20fc4c7b91aa4610e91a00e6c2.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1744
- C:\Users\Admin\AppData\Local\Temp\_MicrosoftWordpad.xml.exe
  "_MicrosoftWordpad.xml.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:4236
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:2028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3642458265-1901903390-453309326-1000\desktop.ini.exe.tmp

Filesize
167KB

MD5
73e29ddd9874d15d873a83d54733fb76

SHA1
a244b2dd29262e638032dbeaf5c4f45112329111

SHA256
4dc7d595aee4877ae0b500714a061426dc2001fb58ad23db478d12c9e78c46e4

SHA512
89937a96b1fc9ef9e7d0bf763ebd2bdb711201aaf30d662f987f604aa0ff5dcccd06136ff01d1f988c9a3e1967c2ddf0beccd49b75455cf5794090eafa02ed7e

Download Submit
C:\$Recycle.Bin\S-1-5-21-3642458265-1901903390-453309326-1000\desktop.ini.tmp

Filesize
84KB

MD5
79fc96680f904755b14481f4aa272e07

SHA1
7473aebe1bbcd60072e112917a26103454424313

SHA256
ec4b3b8d2774105b4a56b628817bf159537920b9652a45baa25aca87a192c538

SHA512
017f012f1a0bb5d14165f0f2324f6eb9ef56fa30fbdda03ab52dc081ec201d0b5839a8f80908898a0a633a08218806e709258f8474e188c0d348d56ffba39567

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
196KB

MD5
fbf39c81ca6ec50e3eda1a3a3cfc4314

SHA1
8c07b19844e352c82b30701ea39501e1dbff1a24

SHA256
8a3bf882d6c39c389698a6c5724129602056a62449115161dd913b8cc4b37323

SHA512
f70d8c1a670c70ba53f507a54ca3215eef3373bb5da5f23f6d254985007114aabe0785c1b24d314896881424af1e04e13a6c7476aff7ee390ca88fe0c575f92e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
181KB

MD5
e2088f184ba12276606bd63cc946d269

SHA1
e973f1b1fa70181574aad1155caa8ee5699c2a18

SHA256
de21881064e22f2f4d776482121edb309e6b8ab1012389c4ec40ed19c539c7e0

SHA512
03050426a9a96ddbc0131dae55c2e13c2a954ca7277b7d518fc685a0ddf4cc905a2f7b19fa78dd6ab3f6f89ef95ec42a141fe63ca8527e956b51511d00eabc05

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
149KB

MD5
df6c85fe4ea0f58b9ce3698e2e2bf223

SHA1
b49d950b4fb3d5011c8bc7e5a97ee049025ff8e0

SHA256
66a20d245635600ce60c9e1842ecf04ad7cff0cee66b88b24424bd34acb12fc4

SHA512
8d4d0931645a56cd5f031bf414d0e4cbb27e51282e33141efff667baad338b1bee9cf1190a0917d32ac29dc7b4e1ea19a51e29ee09c8d5bc7181ec71e4fdd34f

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
9514a2ec6bf15bbac452bbb062bf8fa5

SHA1
ecf03a7bea57d308b4f94e6037b630a4dc5288fd

SHA256
7390029489332940cba77d8218bfa06bd691b8e38f592187ee6353b6df3a2981

SHA512
ed6565ae28443aa6eba079406662a7c1d95a915ed723cc5d16a87b90c757b84d344eb43bc450a82c161cb77046e8d32cba2793149fea2d03c4b34e1398d3d967

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
5aa6a6d16a3607bf8ad498566a1457f0

SHA1
72577af786c29c3e65d81b005d874d4111b22100

SHA256
2e270d08ae77e1793f6780bfa7100530c5e4a96936808665e9d6a24a76d782e7

SHA512
7a21fa1983f5914f59a746b0c946cc7750ccded7f942c3c94b10141cc9d68c6359dd5e3769ebd12a4ef122645f0c2f2ac2efd62eadc619df844dba873d5d9e51

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
628KB

MD5
1f438e6b31a95ced158284292ba382e0

SHA1
81c8c355bad03e9da68efb3fcac9f0e1b93a127c

SHA256
7d781558def7b7b7d5e5313e6fe85d6724e00271ab89080b293cf313b25c1891

SHA512
4bdde87e49d3569b31ae246836574e5254fef5090285825eeeaa7212c466a804b412b86239fdb80a2cf480786b87334a71dd789ea55771b7e684065ba213e021

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
293KB

MD5
2a1c6356d789fa2390f7a1009e666ec3

SHA1
e4ef3078a309c7a4dda5d2020773624e2aa670fd

SHA256
08226e2aa0f70b51a7b2862f8ae40e3d24d5f42c1de1afcd5f81e29e5e0a539d

SHA512
6028207c1a55c30224bca420c508ad9f3e75cb30dedf18cf457fabe49011e4bf0cba4518e5e45ba42fcc5f6a631537224868fa9cddf515d49a22bc0bf15a629f

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
88KB

MD5
7dceafa6b29f0e51b7c6f5849bfd9e5c

SHA1
83ec6e4cfe5b1fa00e11ab03f4044033772c2c80

SHA256
ab13843aca34f4b178df834eb9a95117db382725f10ec89debeede5361eab684

SHA512
69218d60222ae5e3113a4cc6267c6b9c0cd557b01a6b95d032f3d2530f13cc0491fd905ec220bf36f68c8748905e55f2a09db1d4ad3b275289a5aa7a4a517b8a

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
272KB

MD5
064816d4cd08f7e4eb055b90ef7b078b

SHA1
0bfa971be6f010ebed94306334538cef1b1e165a

SHA256
287c1f38759340e97d07fdae56d576a4392f00a3120151b8128197abb784636d

SHA512
fd0e222e82bf2db0b4cac7c7f6617ff2fc56ded8fcaa270ca0c26c2245d6924161f3350247b62563cbb30a996595c61db9f40ee21b5fd0f07cbb9ba376634ab6

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
100KB

MD5
02254e85c73490c6307dd6a67fdf7502

SHA1
46fd39ea0ef22103b1623220a78ff9ebba4bce01

SHA256
ab6ed3cef0100a888dd6061057b134a81f01b035834815dec1fc2baccd39e542

SHA512
e18719ff2dd5627895c8e44fa41594aaba7d71f509558f36895cc98a66f32396817e66dbc118a45b906be8f3e76801f6c2fd37c0d07f3c17a04767c387362f0f

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
768KB

MD5
c007677f52aac63bcf2d382408c4b6e6

SHA1
447de18566b5cd07d8a6bbef51dae8a51f8d725e

SHA256
549900091e9eb932063095bf1a3b3a51f51c50d6ba7feac490e8401593bf5efe

SHA512
084061bd50b959840a4bc4a8fcc93003c9b6f5e128c4ffb689a649964e063ee17c1d79d9dcde623450d1652a2999d9d2711feb768e20a40523974047eea4011a

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
768KB

MD5
d47cf712df0e72e21b503d402fb50bf7

SHA1
5f44d7f09fd8d063912be04bc5807f7fcaf99bf8

SHA256
05c8434e08be46745e005a9a07d028187135d08392a3073aad7d520a94d51367

SHA512
632477e32697aac545a938bb64765ad0a66385c6fc167b2acef89e6c0b15acc40f960e65cf0ee28cc654a32ff478900751b8b9352c379ffc22e86a0a9cc2dc42

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
141KB

MD5
07ee2ff6fc93d6c4fc43dc8adf5d51d1

SHA1
e4990f01dd643d9e7091f7f77c91e5e7430ebc12

SHA256
24524ccfccd3dc727cfc63bc2cc2d10301ba1a3feadca9e3a9d183f954d5168a

SHA512
eb60fc5d31ad1a56bd3fe77bf1e1dc5795d34fdf4ed6a61a356fef7003fd7daccc2c1249dc389ae9d4f2b43c42b24a331200ba81142beebd50a4bd459eff44b8

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
94KB

MD5
00c775264e62e6afc46924a54d27a55b

SHA1
b330830992c958fb565a8cb956fc4fb0dbeb8a8b

SHA256
77883bb2ec7ce40cd70404f41bbc174cbdd0f87014285b4c6e275e730573c4c0

SHA512
0b59e421b6e2949354522562a6aefe61daec9a014b7686aef83dae030faf34e5d8fc6707a3e50a45e7494a5f7a95a87144df3e389130e425ee970edeaaa22b1d

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
91KB

MD5
c6416c534344f3e74f3acee3bcb1dc21

SHA1
3b0c8740cfb72105373287b87402a17decf5d2b5

SHA256
d3669ac2e63320bb7bd42eed2c1f9ace405987752d721d856af0242a72521877

SHA512
bd6c4f41ece7125cf7e824ca8f8208277494e525807196ed1bf5ad4a5121a6033ba7f705183eb6eb486d3fe0d23b596379a81b6409f481d6f7b226d9d81f1058

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
94KB

MD5
4906539087fbf17df9102be72c8337d1

SHA1
876fa31f7713835badf9f882b58f6ccbe7a37833

SHA256
0b3c0b1d5b0fdaa7b74ab5ed90ad362fea161258734758665c00c4a0af666a28

SHA512
2e8fcdf38c8e7c321cce8c94ad2ffa1c8afc77ef1c698895adaeb0ed4e5504fb38cdd6eca4be3930374ed4d8379d0839bb42c8aaffe7f760c4870efab96535c9

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
89KB

MD5
9a11f772ed77be6b9b17ce8cce2dc5d9

SHA1
13c15110f3dddd9bee32637d4397ec7d7d095299

SHA256
c32d61889c803ca3cd122769dfc6e6c1943b41adb451139ecf71579a54d02998

SHA512
88dc8e6aebb3dcb04f9277ed9905a94c78631fd6c5352800c918786995e55669bdec85bdab8a311606bab272a6d25dd3ffcf1bc52ba01b3d624c67b58853166e

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
91KB

MD5
14d5edbe457d8c1d2f993398c0a5a26b

SHA1
1b9b4205f0d50004dd69cf84025a72b55e732b83

SHA256
b2aaf4e7ac41c78862e4bae7d11ad72d18e22f7bcdaa99a8404371820ca9071d

SHA512
f4d110310093dfd3bd9e9c428ebbe0eaa6a14c2053e670a840c819fbe6724174cc94517bb89a37eb37edc6bc45ed52740763c2bf374d027ad4cb705217938ed3

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
93KB

MD5
d7cd727926c4e0496a37c58d1f2e0be1

SHA1
255993e45d3e1bfb69f258188a8a137a779a345e

SHA256
5760e53717dcf97f74b7b818fc24998cda62c7f169c6ef2d0ea05dabf8277a3f

SHA512
13e072464240d58909577c49f5448dc30ecb080d6d287742652945fe356e2db6cc83a36dc90f48e939da9aac4adab30565195daf47732762d1facaee65945038

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
97KB

MD5
2efe9dab737854f158dba260e363b113

SHA1
46ea8ac128bdd7110aece6b24335d0a233f0e728

SHA256
247f9e30c5ab63f760d0191311d91c78ce599615bb7c02466be285d87f9f21f5

SHA512
8691f35b7fa5d85d90162b207eb9110e3c0415472039f9037fc07251de530873c05a86aac508bd0f81852a976725b29058227549a91b239e13e0037c640c612a

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
99KB

MD5
91bb4712ade034b5ba91434f5bd11fe3

SHA1
003570ac0be982c0957d0920a149050629dba9c2

SHA256
58d2798634694e541227635fe4f6ec8690996dd2b5139d78f2619483eb0f9b4f

SHA512
55c9164664f2391c5eea0abf497f594a2066b201dd3d9c5595c5aa37e4be76c7d623b9803673f248ef95743a63411dc6d871a3352b154db3b082dfa231d60ffd

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
87KB

MD5
75dae7c4ecdb42f59b00a462270525b7

SHA1
684871fa9ef8cb195be1923a21da40fce3b884f9

SHA256
52f46ff273838ff564751fdaa7f4f000a62a626625ec3257c34b00c8351f7dce

SHA512
1560513482c4090516ba7740195355d75294a485d79aabbd573bd8d09271068af40bf5acd5639dfc2008edec411150b33bdbdeb3f9bd647418c0217e244d5eb5

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
91KB

MD5
13280f8c9b86c83b8a27d7fa280666ab

SHA1
e3f8be41d1e73200ebb8ec28001095510d3220c9

SHA256
d7d74404a92dc2867137b1361a3992c50967f2cae4b99949808f671bb333be66

SHA512
d1296eafae36adfca8a011cbb33c40d287c06ada01da839f37ecf0ee9a5d4b4879aa830861567b2574634ab678bcb1022687e1f0cb43a8ea4dc8f837ec834d4d

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
93KB

MD5
5c7af04e11d7f53df20ad598fa46b5f3

SHA1
f48a8282d8b17f345c7ae4553744ccd292a5e235

SHA256
45bd4137e1330c15f890bf82dab3b2d0cd68feb1becf1273f859ef502951ed44

SHA512
a347f9934a5f0045aa05b698a594011030f14e5fc676f0a589da12a675d98f1f714795c00a288d8ca50d357efa0ab1ad3b7b43e25fcfa5fbd7283c129acb2945

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
89KB

MD5
813fbf33cf9713d857428ee8c258c380

SHA1
c092b98e119b9cc35506124aa4a2fd9bc06f7499

SHA256
fcb63f9043b00cc0d372b30210b33f50adeb65d25243a39b2cd177434abb6701

SHA512
81d3f1b4ec7433b75b7ed503cae847c05bfac0d74e8dd3b0ef9c48822c359a2b4cc436d5548debd2e9e515cd0d9cb9b6ca952be5d107703c9c9f2733a695a0a2

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
90KB

MD5
519c55fd9c5ed6a80d6bd8a94a46ac50

SHA1
6e5d8e2249a5f95caad19cb1173f40ce33fc2fdf

SHA256
13006eec467ef8c92ed34be47f11449396371e92dbbb61113cb905b7a4570f3e

SHA512
ad66f0da9e5220ecda530cd8fc7946e8afd0d96ae0149e468f3e64043613913c6bba9275381a0e4fcf8d291ad148319e6a776097a4b2f3903bd59cbac9995bc2

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
91KB

MD5
9c50a01a9beca010537c8f226e21151c

SHA1
49879cb0c77317e4e0ab15be20776846e9c1d560

SHA256
76fb1167130af1466e61de82bb62f0f7ecbc038de7df72c6f6f55477f85f4699

SHA512
0409a13cc1339c35bcd8c0b3096d5a88d00e6a3a7cdaea4a002511216de91844f7ae6d6c5e76ea26ee8eb59e630e33f2ad6264352289221aeba4d6ebe6c8c65b

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
90KB

MD5
25cf96f5ef0fba8783a4cf85ea87a6d6

SHA1
21cd15ffd57e8486b98d4d29aaaedce457bf3c2b

SHA256
a519b9f267daada8cc05266e0e75867112f254daa32f1ef099d1767fe176cc78

SHA512
7979e4c99c05854ac8f23af0ff29c1866c2b3322b3e243f5fb98f27546b0925a70dc4a1aae5d8959f630be95235f260ae12a04d10922c6b5a628140eecdec8d0

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
92KB

MD5
768947272f6633548814698c7645e616

SHA1
e06501ea3276ef326d55895d3c1cf82d65207586

SHA256
c9e105967becd2e189e4f11097862a3c52d6630a0e1813bf8f0ef72acefc1a0e

SHA512
aeda1b4d2e07496a5a4ddf42be4a016b8c0c10c767c6b1f933917734cca106498592702f67fedae0e747d62484d0b88bd69db0939a70f1adbe0b93a106162f3a

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
93KB

MD5
7ab52fe1726bf291efb13e93b1caefb4

SHA1
ac9126829320587fe92a1d502aec4a916f6339f8

SHA256
86ba3324281a82aa8e6a4cbe25a56c9bfaa7e1780d969707c48510ba801afb5c

SHA512
b316b0df32c0497d4cc799313f4aab9a317e771afb8038f03e1e22856f91f19a80d2db8e048e410eca59a3676bd9a6f9f02c513b8f7ef2e6024bf90857ee0427

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
89KB

MD5
567b0553fdef031638c5a47821b153b8

SHA1
6d1b7eba48bd4db7b1bc9c5196373f1ca486200b

SHA256
7bbee3f5f565cc4f32c7b3770ba2b12d4e5e4a0262c3af02448552d12b6ddc84

SHA512
1e0acdad33731880d75671157e5899308adcadd814273f629427cd6006cd739fcdffd3fddf456b1168620a2bf8eb4de10fea9f7042820c6f57e7584fc9eec63b

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
97KB

MD5
7936338c890ef110e7af349ea2075c7b

SHA1
3342fcd15dba75b76d3545e2466a1723eb60fc42

SHA256
5b6be75acb78a72f29ff8e33c89d1c2c0f9c1f0c03fb44f60fbc3f2a1bb97f2f

SHA512
078c6d958a147fa2655e28bb6b64561ca1de107e281b45bbf4a328022c014d7afa45728ad1df7d9a5398c85a5c9d1adf6bccc03529587d6a2bfc3fd9c3ee883b

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
93KB

MD5
8dedebc9d57a15b011287dcef4c92343

SHA1
b101499b3db8561f28a790378c41fb0272330909

SHA256
d8647cec8450bbb2659e0a42aca4eaa9562c35ca03454f2f1e183b9d49f77dc4

SHA512
97e89f71651e34cff45a6fb6ce1ddfbd44e734db1e9fa896077af872ec4e8bb2fd0c6f056045fdd14d7a66defff2b198cbd9719f9b844992180a1a342ec36eb5

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
94KB

MD5
3d15ffb48ee0c47f29158256c1f7dc84

SHA1
7d029b2a58958968c954ad046c7a6a883f80fbbd

SHA256
01b2b3dab0ef99a3382b241317af85763d569e4f305c2bcd401f30000e632fb2

SHA512
fccb91b52a7a0a1f1f3804f5b1eeef83c8ee4a4ea41bf57640235f943f29cdb63a6a7c610e7036c72b5e8d4f7f6f240f8cecacdc16b3f36f2035063c30631fdf

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
90KB

MD5
177b140c53e79955dc75e170c18c8c85

SHA1
fa2992cdb2f44b27d071761c3a3cc940bcb2a434

SHA256
1265c1c16f92079194a792908881f6108a5268c481888b721d4e5c6c57b86060

SHA512
48e849bce04b955ab491eecf22a7fbe6b18d0549df22263a703a941d4d2f4ca012deadba1da496f80755397a9aae8dccedae8b563b42ca185c3e5a93414ae53a

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
92KB

MD5
3ef3ed3cab064322a78d828e0aa274e4

SHA1
40e466d171aa4b714fbc819624add8d74115eda0

SHA256
d0e85c8121f47802c76db8b65bcebac7824952f3c6ff95b0eed32fcdba942188

SHA512
4e5900e2996f4efd19166da5d3721187ca060683acada829bc90c328bfe8af6ba803347ff246db35d7e19a726bff2eaa77203fd3f489256c0f67ee7241fd1a01

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
91KB

MD5
b992c458c3ef710af37160eb3b324776

SHA1
20628a29d48b0cdf2526eeadb3215dc4dd35b05d

SHA256
f8c46851a4923a5a6d63a68175741fd8f98bfa3d3464e541a700a62a574eaec1

SHA512
75857492236efce23a966964fd4348804c605873786b91bb8a41f089cba423a7f114d4591a2cb160c1849f416d8e2cb0bc0a05cd7315810d656724472d7b1b32

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
101KB

MD5
29f3740c13f4fb062d13a7d7f5c4ebbe

SHA1
5771fba35d6ac88c216729a35a1344ca8a2fbe6b

SHA256
19a58c2ed21d0dc8309b4b75954d0a0c584cb9cb41b59847186038138b002e99

SHA512
8ac0c23ce35d64fd2a6d281754fdc9ba45f85f29986aedbb87e1018668fac94e36f65c5281baecad3ce3b5465a5767bbca0c570515443b9fb44e5c0e8749d914

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
95KB

MD5
d7d3c1adfecc2d9dc53d22c8bf7e9ca1

SHA1
9c222e026e2505ec11cb99b5826e4a5dbb925e96

SHA256
9f693c7d57c7ff2384f5f2634084aa68c402fe12ca3baec64d0fc62c7ea6861d

SHA512
8287dfeb17564898078503506b64ce58b8f3dc5f3b078ab0512fa2e7f8ce8abc8fb0e7340712821b901a4c64d32a0b5776a0774bf8910f01b56b1e8520179d44

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
101KB

MD5
6fe4d68c063b38f03295b1ede9b726d6

SHA1
27e3b5a9d10c73b20a9ca81b658c2495dc237ab7

SHA256
bf5e2ec643d6f0d647760b2907e03d6ff9c3e02022a6f28e13a2971468881aa0

SHA512
659609c02b8c3a4cd94ae498e2ecf4fcdf88691d454f3e19df603c41950b039be6d2ac32692ebb7402f3de1e91efecd6c9a75646a04169ae77bdc2a47687c353

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
92KB

MD5
744a9c33fd745b38d9e63a006cd3943d

SHA1
a8562da5b4a2f1843245f2d8f25bd8d0d22c88fa

SHA256
2a958cd53aa399af2adc3b05f4da10cc18deb11d3a20df5680659b593878c7fa

SHA512
171edd24509e722629e4b647909081d8de76ef52a792df3635414904d809c0887c8004f86ec92471d91d77eb56b66acfa516c2e5c20c0d16bbe3146e0f36aa02

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
98KB

MD5
247bd0107b3eca6b564deb51fad0a3a1

SHA1
96c07603e7408528e5540d99b6495cb5f8da12d2

SHA256
29fe770abe931a6315b2bfbd1ae5a00747a35c5d0ebcaec096419731444e0307

SHA512
a2c92e7ca6ac27f17925ebb535464ed66d52cdcd13ac96cc63e08be1c384b19d451aad5bf581d0720400dc2255bcad8cae72a8ceedbd2848b6aa938bca27a30a

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
92KB

MD5
005b21cf8f3764b3bc838d84b2f7dd6a

SHA1
e9341bd7c1ab2ef48eb76a386f3e20171bdf3aa8

SHA256
753bff817866860d94d688e55518d403289c82215a1abfad10150ad5debc2385

SHA512
1122910b8c2f34869c5cfedb5e279b59e0189a874b33a6d31a8e778d80be2c146bd19bf0f30f90a0603e8754d4667e2b676c583d196cc0046adb9f6406a54dba

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
92KB

MD5
724f15065ad07740acc01c148e98afc8

SHA1
330dddce9e7ccef0ddf38322c45fca33c0e13a7e

SHA256
807f24b33766d2c3d15f5c1a5c7162cacc625165de68f338eb60be2a4f7c375e

SHA512
f1ed4cd2fba32627de28d9e2ce37d1795c372e02cc97801579a5279ba8c5b2330c62ed2525881c7b051212d7ecb7bfa220e6fc6949802e30043e5a1644313457

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
96KB

MD5
d2ff6cd6e8b284be9fc1cfd847c9e20b

SHA1
2e78bfd38b85e000502b89be0c84376c918977e4

SHA256
5d0118527c1e8077ffabf8feabeb278df3525cdbb032b5b07d7fabd711014400

SHA512
1898fd7bceb319662ddbc0001f3da06769fe99db7f33b09ca909fae7a8c8c76f3faa62c280dd2237d85ef83ae46ce0d140f111d02bcb2ab830dee9b889b16d8d

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
92KB

MD5
933d227fbc24d495a50092e91e828c59

SHA1
f39d3b49b6c382313a9f3fd007f83fb727abba1c

SHA256
bd2faf0ca68e16d2236d8d502bc9ec6c9f01c523593e47ecdcc256a27ab84887

SHA512
1ac676ba972969a1cd62ea7a45e6f417adb1aa948b4f042b7af2b2d83d157952847698106fab33cd0706bdbae3960066b3282325a5a5c6324ffc6ed3c3e1b203

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
92KB

MD5
07a5e5089b14d2b49319b43034f17842

SHA1
a103e8067726fadf836a9eaf8a6bf32ec5ddb59d

SHA256
fad6edcc4a43b1cd17154413a2687b8b2fc0381f1a7d660d1100804f0b0829cf

SHA512
8b2211da98a98591c7d08f4d19a402bcd29d3eed04dd26ae1d6bb0da6733f3c6b1207868f2c35008417c98c1e17b0d6877d72ef8f6e2954905344385e3a7d9a4

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
94KB

MD5
d34e58f084217436e88cc8714a3c5a73

SHA1
2f9c930b8d5df5e0c3f35a1ddc30f2c402866bec

SHA256
63d658bce42763839e1d0dce8d0cf8113ecd36bf7300227587dc94f5ace10fd5

SHA512
b1e599cef3ff7ce043ffff55a5d715c674f0e88cb1b09eb6bf1c00cbfeb4a72099393097459171b0f1637189d3b86ca6b013925154fedc389b45bf50d8b628ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MicrosoftWordpad.xml.exe

Filesize
84KB

MD5
eaed5446de7d318f212ca72400360466

SHA1
c8293d21266948c60739231a3d9f860eb14f9396

SHA256
32c6b609ac689fe49dc3bb2bea82914702bafacdeee605021c21fdfc33438a59

SHA512
7fcd3b311288d2fb011e07523b3c2ed7573fc74b664f4e7a665662d050da90bc1b695aeb96ba9284afdb58c943a165ce2ac24fee821eb29e5b4d897278f09717

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
82KB

MD5
44fc726f9591782cde14d704243be33d

SHA1
b1b0efdb8ccaa3c451614a0da06843960bd26bb4

SHA256
9ebc77fc2bccb9b32c3350f48b7a827ccdbfb316f9cb962d9aa6eee6d27c3918

SHA512
aa3e6d8f4840f596038ee67481100cf2bd5bc96f0e2e0ded32b3cc096f412eec107ade2aaa8abaf2864a11717aba07645a7248bf3d38f1bc85ae039d64d0712b

Download Submit
memory/1744-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1744-1314-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads