4d55679e91e4639b1630d1a38938a1b2d26d5c2ee04d5777d836b15f6de4efb0

Analysis

max time kernel
150s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 18:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

115211c3fff186d88f75d332edf30410N.exe
Size

183KB
MD5

115211c3fff186d88f75d332edf30410
SHA1

716b03eb9ce6a3d850eed5d9ff0640d55e44919a
SHA256

4d55679e91e4639b1630d1a38938a1b2d26d5c2ee04d5777d836b15f6de4efb0
SHA512

4be1acdf65674f4059c40419b720782252b46c092336ed0a3c6a50b05001daa42b5fe85fda0cea3e920169d45e6b1df0f1c065acf6a4018c8ee9e65f3de80053
SSDEEP

3072:69WpQEoTdc6e6kvNDck7Tdc6e6kvNDcksh/UxE9WpQEoTdc6e6kvNDck7Tdc6e6E:nSTdc6e6kvNDck7Tdc6e6kvNDckyUx56

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5148) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
1848	Zombie.exe
4976	_desktop.ini.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	115211c3fff186d88f75d332edf30410N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	115211c3fff186d88f75d332edf30410N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceModel.Web.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsBase.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow Orange.xml.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.XLS.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\bin\serialver.exe.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\glib.md.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINDATAPROVIDER.DLL.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\assets\assets\images\assets_picker-account-addPerson-48.png.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GRAPH.ICO.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.AccessControl.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NL7MODELS000A.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Configuration.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-convert-l1-1-0.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Formatters.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\PGOMESSAGES.XML.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ca.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationProvider.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\glib-lite.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Grace-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.DiagnosticSource.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Sockets.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.AccessControl.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Extensions.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-180.png.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Claims.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Extensions.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN103.XML.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\client_eula.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Luna.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_es.properties.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Office Theme.thmx.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\fontmanager.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-pl.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClientSideProviders.resources.dll.tmp	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1464 wrote to memory of 1848	1464	115211c3fff186d88f75d332edf30410N.exe	84
PID 1464 wrote to memory of 1848	1464	115211c3fff186d88f75d332edf30410N.exe	84
PID 1464 wrote to memory of 1848	1464	115211c3fff186d88f75d332edf30410N.exe	84
PID 1464 wrote to memory of 4976	1464	115211c3fff186d88f75d332edf30410N.exe	83
PID 1464 wrote to memory of 4976	1464	115211c3fff186d88f75d332edf30410N.exe	83
PID 1464 wrote to memory of 4976	1464	115211c3fff186d88f75d332edf30410N.exe	83

C:\Users\Admin\AppData\Local\Temp\115211c3fff186d88f75d332edf30410N.exe
"C:\Users\Admin\AppData\Local\Temp\115211c3fff186d88f75d332edf30410N.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1464
- C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
  "_desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:4976
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:1848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1015551233-1106003478-1645743776-1000\desktop.ini.tmp

Filesize
91KB

MD5
463068e9ba09cb7bf29c3d32f83de076

SHA1
4592adfc000559f85a75ed42aa8f77dc12d10a39

SHA256
01f9ca1cc6a5ce022daf4a3f4a5b0e17b1c2a7a40d5aef17791e34567d1abd25

SHA512
02432963ea78a1d28dcdcd625ba5500f674279447985087d92a74119d800b1e25d16cd8fc2a2b9ab2787b015eb2474ccaac689493eec3a7fb2950a2fdfb16ba4

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
203KB

MD5
f7ddbaae58fa604453e63885d3c30425

SHA1
dd79e0e7991097253ffc5f9902bdcdf59cc68399

SHA256
1c7094fb79d2cc791908deab208df8cdb24b5062ef135940265cef2bc4568e2d

SHA512
e54afbd77f7ac6998e471fc9e74cd65c51e69307861db36ef9c7d776dee049c42d8528bbb4c216b2eb363d94813be10f670faefcd2f18b7b967d75f6dafdd87e

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
83b9ebf8bf6d7e71142329ffb29a2956

SHA1
2034ac2c2bdfad93e747fbfe8a33987270c12919

SHA256
ad2d6dca593219ee58f74967996df0ad348b4483c8508b6934fb153cb8968bcd

SHA512
d4b74ec98d552d747aa11a3ebdf000cf4a4ede9d910f265e04092f6665fcf903e731f17a9fd5de08d4490eb1a4d84823283d252e04ba35e8eb20da9300a6c3bd

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
635KB

MD5
9b399cf4d5263dda59081bc6b6086b4a

SHA1
98abc6b334f6ec0749d5af6a077ba98bb7acb3ab

SHA256
d1bcefd8653531544e567afb07bd6274cdd39eb129250eddfc02fa7cb9fb5a86

SHA512
0148d6c3001d5911dae34abfbb8443ea394df182b8d5fb62c0914e79fae5aeffc54314c5585ffeed8bd99a136680aa18b46221f9b5d080b066ff9bf08ce51d45

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
301KB

MD5
55596c6c1715b613f31504ebe42fc888

SHA1
211448d5d2009fc828538e1dda3d6ac3083b7a59

SHA256
e72d6d185860bdbcc3c5ac4e82f66ee4b7ab338d9b07f77bc4597273fe21c58b

SHA512
85a2004ac885f96d062020e35b0eeebe54ee1fe0076fd4cc8ab8a641c0c59d4d8b014192ae49e2a898505b5481cbb94766640951a59a011e50a2f7ced9b07796

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
280KB

MD5
c46a3fea71a018fed23ce0a2fa350b81

SHA1
65d955aca32b44dd74ecd2ecfe418e2c9fc32103

SHA256
10558f410f11dc4f3795f526fc579afe92e718c3ead2a5a6f6549061f79af91b

SHA512
a570e126bf47bd34ec83fb06f7d51e4d7f7f7890afc73a2ef1a44cadab19fb1be8e5e8e0a0f79f236b29cfd648883b85d82fe87ed48475379b4189f39db2cca0

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
1022KB

MD5
2901e367b1efb42544876160797f45c8

SHA1
56e759e0570ff0a29496f67a514c9621cc789f9c

SHA256
aa4b85078d5729d90755048a5ea971fe0716f1f72f6bf19fa8cdbabb34896d67

SHA512
330328292044eb8d817284851fc82e2c0c6a4aed87d7c3f851c774d1b76e833e073795c1258df30fa3f726181c81722e2c961bd064f152ad6c3d3adb947057f1

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
775KB

MD5
a4de7c905fa82ff16d0e1ea4e2e4e659

SHA1
b5eb411d72c3f9cc8a57abdc94bd3c9a3cc6a0b3

SHA256
20783f2bb54f7379d781bc9c1fce25040a0c0b4a1b70ed9575487187366f8f12

SHA512
a0962e28c5ef835487e14692505a3ea78a47e2d7090b5e17ad1f6bc5c071698a1469109b79fef0a11146514ba3a4a7fa2ddfd720758b1ed0fc8b7c9d587196ac

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
148KB

MD5
878bec438580de942de9378e20ad3c50

SHA1
c95c78a54e010698a2956ad49adcc795d93ba8f5

SHA256
f5bf035600c802032571a7077ed009778b3e955cc96528460adc40cb9286ff5d

SHA512
ae25ea65569fd8b6e003273670ba247284def82d31dc3f20833a99b805c86c14476854e31848db478285121c45f9df1ff7a02989b62809d1177b9d5b06ead03a

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
99KB

MD5
796eaaa0add846645f03abe410d4f6b8

SHA1
989dd6bec834390249252454d2b3e0d00a142c02

SHA256
27a95ce4d36776ab8b036e4e68ce39ddf6e955d5c060e75b8956055739d55515

SHA512
d3faa66b8a8fb9467cefc8b1fe9b9a6947e641e8c6100e70fc66a270451a1b0fc80108488aefa01717125d3aa732b5a96b17c7de338e5227d50965923de265c1

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
104KB

MD5
33237fde48b63ae5c4b75700f76583a0

SHA1
bdbb878e69912eddb424869905ddcce9435ef6da

SHA256
e37973ebe463f08e6c05373b216053eff85fa1a5e548948d32eaac3b485fd94a

SHA512
e4332110d9659775fce303916f26ffa6505c4b44885300d8def98e8098512df0a00ff2fca3dc2ca329ec71e56edb533d08bff2196f245a4da1c9746b0d910297

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
101KB

MD5
68e3d8322f65a59cb7f4f60b97554545

SHA1
2bd489ce48ca32da5660c9a64afe67e4903233c3

SHA256
fbab2ce310bef548faff9cc1d1a359ce1f0678663b5cf62dbf31b964c85757c9

SHA512
88d258389161c9d5702731bdc343bdf04963c5ca779f4d26d0e2d0ad9eebb4004d8ecb0c1a8078d7061d230af37eba7438bc8f79d963865136d2a2c5a9cc2a62

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
102KB

MD5
7f939072c5e6098d7351b81324a3914b

SHA1
63a1c58b5acef5584ad9efb95ada1b01d004945f

SHA256
d8af9de452f0026bbbed1185d3e47474f0b76f5bb06c15f92d66f83112163431

SHA512
a43714ddf23976f5fa222551d17f9235699ef5dcf76b20271abdd4d8019d329b2b055abb7f3bd0f2d09d825082486e72b9599c754bc65af32749fc4dae1e7717

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
104KB

MD5
ce4f6ca79bacd48407240902ca8f3012

SHA1
c0322163173366683090d2cc437a256ef1985268

SHA256
ffeb69f3574609c698ac954fbc930da50c6bceac2c6533b6c4058355bebb46f7

SHA512
75ae6812e73b05ecf31fed3b6290013a4db38535365a2adb14d1cc36dbe93a18d11746732edf6bcfd23dc3355fe903c2c48bd2311168185e77455bc674c66ab4

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
106KB

MD5
4d9cafb0b11ed02d8933900d4b117bbb

SHA1
64817d09ca1586d3f22ece7f5e9a008894afa4d3

SHA256
f079d36146d56ec9483610c5cd3ad839cd53941807f38ae1134b65052d63b2d0

SHA512
656b694a802e51962eca3d330e18704c01147fe3859fac0717fcbec7f1b82d4c852d8f6800781ce89ca0f7482b5f5b7ed7d9715f010066f7436ff08663a4564b

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
100KB

MD5
8057f6fa50d44cfa9ac7e238ffdb174e

SHA1
119334c83a2e8309161db2bdf60b0b30f8095e52

SHA256
d3db8a50164fe4da345ea4fc0c8ae2922247c2eb855e59017c37a46cc990e6f3

SHA512
c3ccaaa3783c6e96b24ca3ce3b7269fc2621c07442f6be7877bff7e4196cad466f6fe1cead247a4ab7442eef9c423d59bfa53a60a7a24d14dc370bb0747a9966

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
102KB

MD5
21c7233ce6e9339bf23b4bbbdc8646c3

SHA1
e44ca79b4a25e44ddc2676ec074e3c3f354eb995

SHA256
4cbab0f306f1f238e8501c52d0354bc0f9d267899f174cc321cd0fb105aecd91

SHA512
1c605aff26b60cb007cc6d3256bc6510ec7f235f69c2ad4bc0caf7d4e9f9ddf0b56fe0117df366ef2f93a1f9782e76b787cbfaf2fa21059a2c754c7cef8fcef3

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
100KB

MD5
f9e0eaec74a72692279c7431da5b74ab

SHA1
711c8e8199ed33c0c74a2df912ba23c45ee0a1c9

SHA256
b7fe1ec6ed2c64321753329b2bd8952a25665906e31af2acb60c2e81386dbc92

SHA512
fa97f9625b72f49ebda268b8be142facbeb0471045e952962b3a5f50442906036f9988e9af3181801bb198fab60d5bec7d52feac8f5775af1dcea40c36754824

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
99KB

MD5
92512f2a684b46c5e00fe55df8e089bf

SHA1
93c532a070c663274828c8c0f4099ccb70191097

SHA256
b73af3621de644b4638a523a78707456b44f5686a5c470e591953c404f662e99

SHA512
af4683b296aa7e657373aa6744c2fb21ff0f0c8f200e22478fe26ab87cf4271c0bb644b0b42a9c1352e2d51cd5d83fa31b38e8fd95a4f871e2ec53c40f6d9d18

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
100KB

MD5
52d353388a0d06ea539a9f643d81cd1d

SHA1
d4a9137c32f8d5a474d07701824624858f990e93

SHA256
33cb98b9096779bd3d0c73128889d54056b343d784429b88ff3563f48862308a

SHA512
bb83c33a4b5a3e6b86fb4a3c9e75207d2e6c8a93f928ca7e512ee105feda7b01e7b1444f3824892a2142a96f900fd4a66aee142452dcf9c803e3a0239639be6d

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
107KB

MD5
82bf18defd7ccfc0715dfbee7a2f1346

SHA1
36eb0963bf474fcb4eee45f3c505f4cc028ea156

SHA256
a25f271960a48742c4594a75355545644b16549d251816692a339f538553aeb9

SHA512
2eeaffbe17f11a208f5119c96fb0b55ea321f600f9c45582b69df7f97b219b3e4e892de7135b11f7dd97a58c31ee4a2638ba17a3179e7915a99c030b3cb0a9d7

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
99KB

MD5
b33715de527f72947fc3e9a841561d36

SHA1
3545dea4cee3a084700c0d6e43eea6ee85dd461f

SHA256
086c05aa858c684d330f365ec0f181de48f6ad1c8a7eb6c38923c8ad48ea4765

SHA512
9c5846e513d39722f7349ff46c19bf83d6b2c378674c66009e0f2f8e79a508d02a6f338a9941e267c8c4c57f110585d59badf7e6a2f60258ed9821344e461fec

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
96KB

MD5
4d74720a527e8c6b65ef67b156ccc1ca

SHA1
e31f243908f82ece9a28962216d6c3df48e34bc9

SHA256
080a1f6d23148ec2a1c59abc5d57524d0a064ededa10b4e0e3f0a25e169a0dfa

SHA512
7b95adb31a498845e3aaca1571163f4b61c9a68408032a49e913b91a47c3150a30a75fcbd8cc54e39327e3d1ffbe9c8ff8fcfd77553b1c3c99056d3972e6854e

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
101KB

MD5
a72bee85a7c2e0ab7ea1ece74e0842c4

SHA1
7e5a0d9480cb31f9d42352cc849e51315d5191bc

SHA256
ce73213afecb3c1ef49b7ac6f28a5262bd9427b65d48aca8f7d95467e002a15f

SHA512
1d9ff7c332e1e8739e9d28a8532ec937c918558ce801eaebfc0b623317b7635c7379fe06a793a5ae3bafce527eeeefa3403127a965c349e7151d4ff99ddbfcef

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
100KB

MD5
4660cb57cb523a5b20d0628ad322e550

SHA1
e28581adad5cc85c088e4995253aeee8faa37960

SHA256
f92385ef30f1bf5f6a3d4cd55a01f3b7ae2e9e7cae83717e082e63259841d615

SHA512
d85d0f2263e28a0dbb7f750217779b14e030b29212ee1a32f49fdd6987ea233382ce8f02a15b17a3b7fdd9a8eefed3c4057bbb030fd158428f51ca211f91ab4d

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
98KB

MD5
fc23479acfb537e8d2b47f147c59c07a

SHA1
c0b6d08d33b15975d5c14174fd0c5b3855155625

SHA256
4ce78500f4cb8b8f1da9e630c83ea9ad39879d338d3127e50935876ac6a7efc7

SHA512
89d0921013ab22c4fac8801acd3e729b51af6070d132f7a90cbfbf28b1d64136b78683e26f3d4434d9c194b52b6212dd029f95fc98aac73b4473949e71b17fa7

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
105KB

MD5
f9ee244144d6e4e85fa6f7458fb5751a

SHA1
40d20a0bb6540fd2fd0e3e9d4450fbb456da4576

SHA256
e7404dfd0bb126d7429aec91cd896b2265701ef5668302af44231580f1cedd99

SHA512
a5f5ef093f11a654264bc0a74d8f928f722b57c0a07eddfdef6cfcbbb293ccb3137a8754ae665ddcc0e84217f5632cf43e10a5a9b15f7f83dd36d0cc5c52794c

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
100KB

MD5
dc2faa01fd446f5bdcd7bb1c19447c26

SHA1
6ac78b8db4d6bd38d958e612d7cbe5ae9b8431c9

SHA256
529960526164dec7b5f7faa3de9718a44a419e2ad566a8c8293514cce00e8785

SHA512
e653e9d738c5251b68c608f4ad9ba76c0ebc6e91f537eb1f0967c4c71a20b35ca3cbf7387a3716941f278a79149728bd89f39f9bb805984c80209244a768b72b

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
101KB

MD5
b569d6e6e9b296cd5d26681f827f8cf6

SHA1
ae3bfb712a4e03942f67d0a3abbd823e78c3edfc

SHA256
fc279217d97d064165c4a3d432c6d640064753c06ac602b78c505433cbf26c77

SHA512
4f15bfe735ec5e7b6cb5cfc939531b6279ee58eaee367c8cbb39067f2b145ddd68f6874232752b20dff18e540df1f1cf064e58c09bd23925dbceecb9100d670b

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
97KB

MD5
e8fba3a4019903ce747ba47504cb4729

SHA1
bfa568e4fc0f764cdc9b12849dd5e3aa8ac6f4dd

SHA256
2764cfbc1ad7a38e1bf332c70bdbcfeb64bc699aeb3ed077203bb873691e8921

SHA512
e5301b73f351164b3c99d95063dc298f0fd6ffa488f9904703a7bfffa4a39a9022972cbd3070522236e4e04bfc40ce818813ba9cb42ed67d1e6056ca5f2aadef

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
99KB

MD5
8cc97e68129439ec9c34bb369d468114

SHA1
c782d1e29d9e36fbf3e6537a3a495c4fea742474

SHA256
49acbf3626bd5fbc756d99266a6a6c1104ef7691d1f7f41894f29fa6739f0745

SHA512
35ebdc3dded9717053707224530b679bbfb81299dc24b2f6accc472d67d1786cc1b814f68bfac76f1d5dce7a05ff2b0428d842988da3df50dcc7c3d485fe5baf

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
101KB

MD5
8681f45448be8f7d747f08ad89d4ab4c

SHA1
038e576ff6944ea85e82c575667a5a77e2d45c18

SHA256
4abf2db95907f6ca646633387840e8ec1244297bf84583a2e58b2e3684dd2be8

SHA512
b4e6ee7d889bc6498c4e4627a665f188f17da32ccb6178a25e9516fbca29452580874b33f96445415683830acd53adc2f86d28a5c688a5c553bbe08b3b5cafd8

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
108KB

MD5
301f87458a539ea98bd218c4c02acb60

SHA1
0b4905e64f785d16206a5e245c655bb5a0d92687

SHA256
81e2758ca83fbfc91ff7a8e83905bc0747cc714527658475e2b247a2fec4fdeb

SHA512
e8a3bfc07532437908e0f75f060b672468228b6b639a800a9782032dce6844210d9cb90ff39163f18b32d8b318f73985541dfd262b7b60a7e4d7dfae01eebaaa

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
109KB

MD5
12f9081bd6690db3844230ef7dffb09c

SHA1
2cf134b02246946abfa7665359d1868b2f7a8265

SHA256
3168e1cb922e9b8b29bc126b11b8d54380470f04a777bfe1fd74eb66c55bf98e

SHA512
55f06d29f5edc8581aa5deb7a29eed84c2aa9bc38df995531c8ca88700f0b11632ef0e254650c36311d44df333d54a5e1adf38f5e27a5e4e883185f995688c97

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
99KB

MD5
b475728c485eb1d8c221af674a97f5ef

SHA1
31a1cdf4ae8a2ad7d208f72cdbc9ec5284f8c994

SHA256
f8df81051ea416975a893495b0a77e792d6ab948c9e987db77eeeb16aa722ae9

SHA512
93a965c5716d3c0a499f03bc2eafc974743f5d18a89887ddfe96f693af047ac34bf508b01934158f7b669162cca064247f2ff661eb8ffab07496b41a8d596f07

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
101KB

MD5
0c670c60bf0600de3aa8b47f9ebd3229

SHA1
6016f7130fef1cbc90a944f499b19c1a8ef2afd9

SHA256
3f1a403ca0e2abe3e29d2744e562f20271d572ff4f64a9d6c2e7c94146ac7bb8

SHA512
f812827d371d62e326e551024f5aaddf7e27bf5485b2f3fac81252a34b4a87b6686e050827329e9b78af907d7f1a43d2f6ca75249ef80adb406026ab48b6d325

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
105KB

MD5
2040653b2756d58056f98100b182b6b5

SHA1
d735edae2f3756893ff634c412bed4cd8871e290

SHA256
6a9b258f5cbaec5199010c27a42f56bd3ba1886d16ca72d2c2529a0ad16b3ce7

SHA512
76fb1a4719f1afd6d36d2c78343a69258c21fc3a90970d26b703ded29963466365bbc162fbe3b9eeb03e4fba49b83cb11618f3339eb9c3dd08e4e54c174aac7c

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
100KB

MD5
f5761320604c70306ceb179dff0c6bb5

SHA1
0dc5fd99724435cd8eac9e45d85d85318ec68175

SHA256
43e6340e4b7e2b534cd0ba8f7a2679bae7dd1903b1c270b9b6adeccb3bbca76d

SHA512
cc76098654fbc82dfa0b057c7329aec85dca75cba595f268f247eac01051bfceaa0ca569e23ffa5121e4a1fac50b61aef4b8224dcc7df5682e28499d38b6ae38

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
101KB

MD5
f2679f82f96548beb0e6bb818d6a0368

SHA1
ae570c01935681c0505f04bd0bf5997d26007a92

SHA256
dbeeb3ccba59de220fb9fe3d50a6b082d546ee7a9acf348656e1590438ee653e

SHA512
ccd116e712e2443c45c06ff5a2e81908238f4f96bf3b1fba4605bf62813c789e91be7e795bb42fd700b2df199b7dbdab20936e82f6396a27c0fd83149aa920f4

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
103KB

MD5
67656fa8511d756066dde3fbebeb7e15

SHA1
27a33f5356e29753b94b8f04b75193852135970a

SHA256
9f213ca7d3a574e80fb00734bc1076735a9a7c55a6d88ecfe4cae05b36169503

SHA512
61b6f57c1f1bc62c659c5f31a3f258ec755ac40154ac4490abab430746a39e84003d99208dbbe9c828221b732e056961825b6aee392b4197917e9adb42dca292

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
100KB

MD5
7bcc9f89eb526083c674219256b802a3

SHA1
e55f268dfa85d9db811ca3bb127f97fca862b920

SHA256
ee805e87a3cbda60fa72c6c1776288dac35b92406138bba8dc92ae1751c0e13a

SHA512
6683844b4c314ba39e64da10f5f28390cd5ae015364536c55e55dfe446336aeb617504b3d25bfcdbc1c28752d99b300662b7d9831059a0e9b8b4b50249f68816

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
91KB

MD5
5a2e53f76c5a02941efc67d5afe87034

SHA1
b63edc6183aeb4e65e5fec24356ffb00edb98b99

SHA256
72ab114f1ad1485a245ea8735bfdb1547586768a75f3b5fd78ad7077b736bb66

SHA512
565c8eb4107444dd60bfca5aa502c55ac8de24c25db9d5bf1e3d4d6fcc0807c60d6e827bca841c41fe18ef929e91478eb25c733339020820dda060d7bd715237

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
101KB

MD5
0ed69a830a42c08c98045bc9a4fa9c86

SHA1
3390d69c41c789ae8395d4e16415f15054375d14

SHA256
bc955f400bfb0be29381334cc85f72a5c7a23dbfb6ea2c585c4a79db53f2a425

SHA512
33a6f4d703ebc0dca7274fa1336cf03f8d3e6c4775d7056b0c6824f2d94ed2b5b0b1cb08a54cd51d2a51e98d0ca2426e02e9514816efd7a407d187f5fdb83d39

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
103KB

MD5
69d3558d7e01a64f4abffea93233afa6

SHA1
8a994d8b070cfe7278d703ff20268772a8bafe5b

SHA256
9d5689622a055d64ea57385885ed4052a6ecc9e6ab8c22d59d8c800ef2ee290e

SHA512
fa520cbc76a7bc2266cb6d74827082d0a2c5053daf1181d1ab029e802874e96f54a1081d408041b4e53d3902e7205160a61b333c73cc6a4db162fc9f757fdbdf

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
97KB

MD5
bb35f92fd3a7e96643a67919732f75fc

SHA1
77c904cbfd2a496cf1c49856a5cff267f12e0170

SHA256
a22fa29994929707e079e9879469415ad01f280f0dcae3fe7f4cdfc63e0bc39a

SHA512
c68852442a12189c9ca72d7ce1ff8dede9d05c3418738dfdf965f9acc00208f401eca969d88c6630785cc79a90dd6c55f3de1d1b567e6fe3dad5c01b446bf003

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
103KB

MD5
8f8282aea9485493cec1c7d0efe3d7a1

SHA1
2706e6e38f1cd4c35214b33a337c5d589a46624d

SHA256
be1032e0489bd41c93b743ef6fe7e8dd9b9108d2ebe34c9d51fc34c34121f6dc

SHA512
b8b8b696cf408f66b02fa5ae145857b914e090099b4108d045862edc0ac65332a7170453669a509d12353b92063ca655806c84a218e946c81a80d09582451bf0

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
99KB

MD5
aceee78e7b4c441544ac3cf0cdc6da5a

SHA1
3a9d7de2fe9115a5ddf799ab8d2bdb9d91304825

SHA256
9e69be794306e2c5b36a5c73c2bfa1910c6129f4b659da97fcee8ccc683e40fc

SHA512
494e467f7eda168414d076306627405fc4c15465ec3918bb9c1bb7ec13de52e9805cecc8d8474fb9a540d4f947a631080f302c4be0ed18bd74dedc7a58a4184b

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
100KB

MD5
862641665c3dc3f2d9bc07ceafa1f35c

SHA1
8355277119d26de6cb8c136970aed52e5e5c2638

SHA256
e2dd90e17785257ff3f1352b7df7ce848a318ed740b276c9e463f22e144c560d

SHA512
d611ded0f95e12fd5defebae060fc163b0ebf6a852c7d59fa043a12d74fb1364f517372b6fa650da7145beaba10268aed720f2029fae6dbc900793dac39696cb

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
99KB

MD5
f60a62f45254fb5959dc211d81b2323d

SHA1
c00ad2cb8ae5d6941a86454fedb909c6ceb3a9a6

SHA256
a9b3a4283763fd166b5b4275d7bdffe0f38b623925dfe46b82bf1bcce3ff52d2

SHA512
f57ef2a43a0b02980fe925713a0f55edbda25138c2c3a7728fbb873b7f20419b4736694fffe366ffaa81c31cbc0839d1923ee8cbdd9d3eea1f474c4e1961172b

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
100KB

MD5
b193a5e85385629a6b236418d338273d

SHA1
2b0b8610fa663b4f04c350948a4591b96154d1ce

SHA256
12880ad13d9626eabc5ea0dd56ce749ff7300497feadf5f0962d381e7d8676a4

SHA512
407fc384c3d290e5725b87b95e2be1fb9e2a8214205ca5abf574639657fd426908596f5d540f04ab96671010775979192701144622c5a499db6929c1702f9d74

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
111KB

MD5
a651ff758576f2e2a22bd40425753d2f

SHA1
179317e81fc75390e15b482a3613ec6ccfcec6ef

SHA256
aa13d9880e7ae3cb0f8d3892413eaf2263f8070bbfdc40163a8738d9dae6b9c7

SHA512
c1426988d33e8e2ce52e8306499db2f9ba849850b22eb38775d53bbd642712e6ff041c1e1d3deb68934025197139fac66a4d85bef752d8d7ac7f3d6b9605e950

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ul-oob.xrm-ms.tmp

Filesize
102KB

MD5
e7f8ff668b694887d48c3ad3c3bdb875

SHA1
83d63aa6785b7ef6adea908d25dbc859ba9ca912

SHA256
ed20ece7e75577fd6b96c4e6be0fd6dd293be0dc1e9c66531061cf5c552daa47

SHA512
7d76f4c72f8ebc591ee6cad6e7fe1c13d37f83a2611548fd925ec3ed2229827c7b67348367652b936c1a024bdf80a7332f530145f3341b805bde3843149a8631

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

Filesize
91KB

MD5
31be1d4ce7101295d77ccba90a7a6a17

SHA1
1227c0896c2bf89a360ce821f7adb06f7b2e3d42

SHA256
c5a6f993ba1fab97d7ac7f7d2f474da4054a1968f94efaba2f23b2d4129847c1

SHA512
3133e5eee7ed19b3ed105c1b3c18eb081cb0d1d9a5a59f7c211f2d244abf1b65f388a4d5dcd09c1f85ac00c5f65ed7eea0475d81c8159c756ace934df878f282

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
91KB

MD5
176b6c40598d4418eb8c2f46787d7cc2

SHA1
49c19c56a2e66738dcb3ee8ab365b18b432ed13e

SHA256
fb16404cfda3fd58143a5af1e938916a643ce3f88e24319f7733bb7116515823

SHA512
4b2635dd2f23f1006e32bf1da3557bedc86daa5209ef39d5b2e2d6579d9ba512849f7b11197a414007434773ce3314f79c8342a74577144cbe2dedd80202fce4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads