97e8e5b070203fc141c6e3028099da00b39f9bd552c7db18a86c24c0b6b890e4

Analysis

max time kernel
149s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 01:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

97e8e5b070203fc141c6e3028099da00b39f9bd552c7db18a86c24c0b6b890e4.exe
Size

107KB
MD5

9ed1585628a52200e21dfeee80d2ed1d
SHA1

0c779a33b6c3dff292e57d3ca9ad2f880e18cacf
SHA256

97e8e5b070203fc141c6e3028099da00b39f9bd552c7db18a86c24c0b6b890e4
SHA512

24475fef298a158665a41c118697d2eb660334fa2562f7286b3118d5883a6c9117e175baebf8bad8e42115160a17de44e9061bf8559655c534b2a968fede0b69
SSDEEP

3072:9QWpze+eJfFpsJOfFpsJju8QWpze+eJfFpsJOfFpsJjuyPxPC:Lpe+e4uspe+e4uyPxPC

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1787) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
4068	_desktop.ini.exe
5116	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	97e8e5b070203fc141c6e3028099da00b39f9bd552c7db18a86c24c0b6b890e4.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	97e8e5b070203fc141c6e3028099da00b39f9bd552c7db18a86c24c0b6b890e4.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Design.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClient.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\ReachFramework.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.ReaderWriter.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceModel.Web.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.FileVersionInfo.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\License.txt.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\tpcps.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.SystemEvents.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationCore.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ReachFramework.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClient.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Metadata.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationFramework.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationProvider.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsBase.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.DispatchProxy.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.HttpUtility.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationProvider.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ca.pak.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XDocument.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Primitives.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\es.pak.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Calendars.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Xaml.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Design.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsFormsIntegration.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationProvider.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Xaml.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.SystemEvents.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationUI.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Xaml.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.FileSystem.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Concurrent.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Immutable.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.AppContext.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationClient.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlSerializer.dll.tmp	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 4068	2292	97e8e5b070203fc141c6e3028099da00b39f9bd552c7db18a86c24c0b6b890e4.exe	86
PID 2292 wrote to memory of 4068	2292	97e8e5b070203fc141c6e3028099da00b39f9bd552c7db18a86c24c0b6b890e4.exe	86
PID 2292 wrote to memory of 4068	2292	97e8e5b070203fc141c6e3028099da00b39f9bd552c7db18a86c24c0b6b890e4.exe	86
PID 2292 wrote to memory of 5116	2292	97e8e5b070203fc141c6e3028099da00b39f9bd552c7db18a86c24c0b6b890e4.exe	87
PID 2292 wrote to memory of 5116	2292	97e8e5b070203fc141c6e3028099da00b39f9bd552c7db18a86c24c0b6b890e4.exe	87
PID 2292 wrote to memory of 5116	2292	97e8e5b070203fc141c6e3028099da00b39f9bd552c7db18a86c24c0b6b890e4.exe	87

C:\Users\Admin\AppData\Local\Temp\97e8e5b070203fc141c6e3028099da00b39f9bd552c7db18a86c24c0b6b890e4.exe
"C:\Users\Admin\AppData\Local\Temp\97e8e5b070203fc141c6e3028099da00b39f9bd552c7db18a86c24c0b6b890e4.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
  "_desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:4068
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:5116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2480455240-981575606-1030659066-1000\desktop.ini.tmp

Filesize
54KB

MD5
0f7aff7256398dbaf50b8fd46ff2bda0

SHA1
acd675c748c91514e565c12c89ba7899e3132e07

SHA256
0730557b95e5d08dc1e4900e66e86c59083d473ff2bfb06d68c0a683b7c8452a

SHA512
acc97de78ceb6f80c26545791f73b715f147ee02a959e1f15c55d9f9a6aae89940fb9b40637e8169d2fba71f5291dc07a4569472ea79470f8af546623ba9eb45

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
166KB

MD5
fb8a3b8a1b87d798b33a9f10cce3b1c0

SHA1
e1a0486b1b37a4e70474161d6871972c193fc9ba

SHA256
f4095ac5cf198a66b870b0e3f64d20aee496254ad67eddd3fc42e2493f936be4

SHA512
3bbb66404bf52f37410b145d6c56981b447603aad3da76526988507f998ac5b32ff791e5abeed3fae39653a8b5c49109a6a5dd87eb563a7fc27c49ea3475bf48

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
153KB

MD5
bd4e888d46ec4803cec659293c947633

SHA1
eede009d12659b165ffe974fb34339ce125f25e2

SHA256
85e9d57955f0e7f9a802aac1af9dd61568bb55fab8fffc8b8000d5c8f32dcfeb

SHA512
bb0c2769b6d7cb9cdee27c12ae867eba93dda65e9c0b153b827e361dad30eed4b2b43e0ede02797cdbeebe76fe803ef67b4393183c0ef6bb42d3d11da6f5c932

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
119KB

MD5
2a570f90017b6419c60c5d6609eceed7

SHA1
b109d4097f5a808cb9a54f3f1855119d45d9c208

SHA256
228039de294e15dd7148d7f71a7dbb6922fd1d55d7953bf844fd162bbb6b06d6

SHA512
7d904340a2df72ee5d98e6a373ffe6871d01bb8399fc15c4de7ba726bfe4f853dac838c83b3ed238137f677a251e94bdf234fa8f3efefd3a78d62a73b0f261a8

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
4d711334e420727f2c649b06bdb0da9e

SHA1
48b5644864efac783293c7df90fd815337d8f6fc

SHA256
7943f2fc1f37ad520386f5ca2dc4e4a8ad452b5f493eab440af6724f5ac4e73c

SHA512
6b04fca9a7ef17ec4cf6a628a090e1e5ecfbf6349284f56a73a3b5c7f2469b15442724eb334cbf92cf3fbf912ddaf0a312e0eeaadc46204448ef698af99f41ce

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
598KB

MD5
c193779e7d6b15b090a0e4626fcfe68f

SHA1
a48756c34e626062809cace0b46f87c217569e9e

SHA256
71c8ee4ef2de8034ba3018af51414b14ae0997db576eab7db3a2d1c057a592b7

SHA512
785e45642469664646ebbf84eb2199ec7428aa09361e04a9fc54b489345f802fe4f4b373d22e10b14279f3e674b7e6047261299a2f4157e23625e6b744c80d5f

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
242KB

MD5
77adfaee8c50a395227b28871d0cd3f4

SHA1
4150235d0825841a78ae501f24132270db549ba8

SHA256
8bbdc4616cae410ff1e497e371d8094d47a0b692c86291409ef2162f668089a5

SHA512
c66d7794aa1072aee69982104895ef14757058f982603a5c637b05602ff6fef9a8e39c8a8ace48009c6b330459420020827b3e173d4d354faf7f0d2cdbce1b97

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
984KB

MD5
a52d93e439f347d5a3947a22e28578b5

SHA1
f04107f8b197e562ed296cdfaf313d89b2f208db

SHA256
c94bce18438e58b45655863c7d41c1212e030c949d078ba55d5aa5659e0db585

SHA512
610389aef2f9b9c3ab0acb37d14df7371c821df08a350e713787c6fff9979434cf62ff2dcfafb3e4afa239d910ecd2fc7332ff46a71e26798a41e2b3f1898730

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
738KB

MD5
a88183c0721df3c0f0f3d2f621a79920

SHA1
065ae95f8465f2d74664a7d53819af6de5835e49

SHA256
1812baebcd2592db76f72b23bab2422f436459a1bc20ef4a48c9a18f962baaec

SHA512
77317c9558c514cb87d9e23d0414ef0d791d4640d2cb31fd667e5c8d8e244f02ced4649432be22130dcf7d3814abb6012bb38f47ae024d3a7acb7661e867a92f

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
61KB

MD5
b0023e587a307883b34f1fcb1f6604c7

SHA1
8c05ef018df39446e2e5428a53edf2b2c68de8f7

SHA256
491a8f16135b1cdc86397c7d4216b8c347d27470016bd683f7699a50d1363e40

SHA512
2d7f68f7561ea53b96dd20a20c38c772b89f7ec69a5b04427cf53e9c038e79c2a310488805ecb38b9d978e74d224d2bd46b9ea0d14a1e56f3f1b0dd0813678c9

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
66KB

MD5
85bd25c79042cdbb6f6629d2e96634f7

SHA1
32e5bd66f11cfc580769b31563566231904da210

SHA256
1cf522b03926712883ab7ab624c53b96a7e05ede2ac299dad73b1b42ee8c0298

SHA512
d7a8e5cac081d998819272572cbb2503db84d88502192d69147b32f2ccdd4240872e444ecfa4a7c6d756a51c866c6dc951abc5c52d49f68dda18051d04f78b5d

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
62KB

MD5
eed21631f3f5d19308e2a38e30d5c940

SHA1
adc1a49488180ea5ca8a84fb3b93219af43a4d82

SHA256
6f68ba61b33b794ad2a68ca3faa8fa7de94cfa679f401d68aeb676671a8b1ddb

SHA512
a685c843b3a4e6ab6bf96efe5b910def8c8037de3b48186f9eafd9470f27ad6127f2263d5a96074a19ddbd0db9912d6d6b6c82a1d1e188fe8da864ed4c453bad

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
67KB

MD5
806f5b8832431b460a2c08078dd321e2

SHA1
1815e9f73bd0bdfa430a2811eaae84bc5672ed7a

SHA256
7cb38d963d525c15149f34469357241e474de0e81a851b72a99c3fa317183487

SHA512
4d4eb95fca576808df45e594ab2d4ea962c81fcf081bb7d220ec7c8fbec183b38e681fdab4b5a8ce8fb3e458bf28fa5f393e1b2bb1746c5a8205e862c2f0b1ca

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
68KB

MD5
6a8b4ec03567d37f6ee1c71493d26d70

SHA1
4b8411ca06d72e43536d4652e0d6fcad6f0b8bb5

SHA256
9647c32e3bc4efbdc60b4f662858fc98bfa88044c8fa0741726abc6fbebfdd39

SHA512
7bffcfb91067ed19a689d429f0a86ea36db7cd69dfd9959ea2a5c9336b8dab4123fa61883245460f0745fcb9290a913071cc0371220adf3e02c514d0b7ac2a44

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
58KB

MD5
69523d171bc4f6d4500bc05a320036f7

SHA1
cb4e74661c704c94749b0ced458ee64ac7dbaa57

SHA256
659d68c35c5e406f77227df7f666f3bc24c16e05ffb48b752a08db71182d051b

SHA512
1e7c6fe568b3148359edb00113d27311b1d02971b7277afd946a58a20814b57b56b8577b91ecbbe3fc75e909636772d272838f8da5a4996ba14569fd83860d05

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
54KB

MD5
c725511eb916f42c6486666d7642aa4c

SHA1
c5c16dd1d56a9f62840e677e2aa0204dfcda70bb

SHA256
3e78d360a631709f3f495e4d47241a6c4ef8ced7eb5b56d3712f53851d3c0b17

SHA512
abbecc847df50c9b4b03c90d733fc7e98d7869b4c2e90285c4a299f25de3f14866e65f4d6a8f7a5ded6ffce07e4f91ac94e15c02b0275b551781d6971ca35667

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
70KB

MD5
1b76a31b68b50e0d62c74af8a805bba3

SHA1
eac1afd362b7beef4969f834ea7da3a8ef4ce75b

SHA256
36d08f2c91bc549456f59c9ef89b94768199c28633692ebe69ef6f7568e5fbfd

SHA512
c5f70ecf3787bbdcc161da8eb679c4ddbb33033201aa6bcffccb98f9f9516228a0222bc5236694acf380eceeca8a152b09e481d3d575d3baa39ce8f2be35d2d1

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
64KB

MD5
99b3bd4328667c2b354c6349d674c7ad

SHA1
2a24656518d483f692efd3bf7e7498c52e6268f4

SHA256
9828212b93730a348243eecce9a56bf8aec0874ad4aa62d918b52e975326154f

SHA512
e9a01cff9f9beb1d18436ac057a01393bed08d846cccce38374cbfe5724e603e3b065294ed70b576f9b98d70d40baf0be0f30e7205fe6bb360a5a419a01d7c30

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
62KB

MD5
ef0d7a03f9a9861c5caf325f24ac14bc

SHA1
bde754f9f5f5b84d1d6bb80a6d69e9b57aae8a6d

SHA256
9f79a9516ad90ac425738dd67b8cd49d9fced66c355d0b5c3f88c1ead27b675d

SHA512
c8a7ce383ba32415f5b3fcffa9a089d7db4df558532c90bf4041fe9996da62ccb5e60340ce5519b3fd79714197d0f2bd72dea2897937b713089bac7f2948c16a

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
61KB

MD5
6255d4c8be35899c7748c6b60174347f

SHA1
2052fe63d58a3bac3e2584dfe31bf5e3ae474071

SHA256
f22163b00bd0e9fbd65c99a15868852b2726b218332ed092dec8e04282b5d01a

SHA512
c15f1ca9cfc9af6581aca53c47ffff145fac541d8432b63b7e78a2a6bd2e44be5a4714a309d970ae99205a9a30c22fac8380633d7cb21379c21a3a2df3f3bbf1

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
66KB

MD5
2e579173ce4c9696e0d8212a646bd21b

SHA1
64685a2d5a81d25778c6f887f97c5705ed401826

SHA256
c1ca983c9cf4333a08ee303ec9e3b395ec73e29a669bd757c99fa74d61900e07

SHA512
223a2b1de6f52e5ddf6b83d35c26b1527895e9760fb8e78ecda18ee32405200bf0a489e209d8d2187cc113fed657c2a24a231844506b933c5407506a719f7c33

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
63KB

MD5
f6c0c25f87a4e88287eb64a302bd278b

SHA1
a265b44331a311d2a4755eafde024b95a7386320

SHA256
0ffface2f06c752041c2eac902481761b4db97a307db832896ffecc6ad6a9495

SHA512
2c9512f0a68c9e728267eb7aaa34794cc2128e6f541aa1fac2914cf0e70f30f7daf9e71ed0e075d7733604855c26dc1c0f4946cd066bcf2d25a5d72773e92fd0

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
62KB

MD5
27ca4387e6b0b6308ac65ca6978c646e

SHA1
799787c136e594fe672d4d085f9f97a5905b9917

SHA256
c98a90bf95cd0a03f3defb4dc9f2197f9e1523054119febd83a1f0bedaf96703

SHA512
035a114af830c1aa717ca1913b110300e6cae0a9774778847415bdfc381523b1629a0178bae86e4b65dfdf9a983e98513a8d407e0523b713dd58356b4a43fd50

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
63KB

MD5
cff3de69496e0d60894f89dc1a6f87d5

SHA1
4d48ae81dbeca1945ef9e9c3584928fa97fc8602

SHA256
3c6e79425d927626c4fa9953d62cc16620b8c1a5dc9f105d64c9ed1241f0c40f

SHA512
e8fbf71946e82ce2dc7c23a1710021b6e5807d8d2922849f8a34666bd5584132cd8bbf96d0e8debd46243c547cd00786bea274a7480f546528d78861341ef105

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
71KB

MD5
a54a201f293cadb07566f310d4276ee2

SHA1
d5dd1bb5adeef55f3e090391c164cd874dd13f8d

SHA256
fb2cad3aab03b792bcdde56f302a1b60451bccdaeba56997a8a9851e05c5d016

SHA512
59edff583996c098cddf4d014c8719276808cdd271b32b9e66f8ca6bc0a16f1b15b50a59d3fa77ccf9f09ae1675db381a0dca4b621f61f3ae4d1ea60fdfd89f3

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
65KB

MD5
04ae8a4348069e9dcafbe982488a3698

SHA1
ed431702a9bc3ff7eaada2edcf1b7c7e7d809e03

SHA256
17380373d357f4d6b77d21918f25c331d588914d8f5512c6906f842785045893

SHA512
2006b153d0cacaed46fa8b8da37c3b4896a42e76b46ae62154f3e4151569fb1efcf5f45323d8429e55c4600a46e0a9880383744caf7965861ff4555c3c3ef67b

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
71KB

MD5
7c492c889784746fe5eb48566b43df33

SHA1
a44b554a519879e353ab4c5bccdea4beed05dc18

SHA256
127af128da3a2eabef990ab9971883ff4785b0dde0cd860d1ea5149ba674651e

SHA512
1e4ebbf431ae4c79be2dc9d87f5b7188dc8128f84eb7c74be252ea0a16ad437d9264b9902bf40c6bf42a2d628b6a6a4636d11bde7a63e81c416bbe3df319a2b4

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
61KB

MD5
28b96e6fb3c9c820ebcbe554173f03d7

SHA1
22a7f086427edb180cd220e5ebed9e80406ea9c5

SHA256
e2d2997884ffba4fb677ed834331d9ee84db5694bb2a564a7077ca9d8dc400b0

SHA512
fd924a990e7887f673e73149a744f1c70cf927bed8b55c2e5b49ecdf880d3cdaed02a66ab3e7d8e2f1e8e7a824b88e26016af71e019aa78f19e57dea6bf443d7

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
54KB

MD5
f60b9a0c0a463a699e54be7ad0ee808d

SHA1
25d48ed1e474513909c58cf0fa80c41364fc0395

SHA256
c017ce89b2df9fc82e7e84123b2efd808d63acc49307c672b1a1adbda169fd02

SHA512
4a7e7921696aa87457125f24ae20499cb2797467ba679db3992a93ffc3daf6c7467f8c41202b794c7dd9a803f2ed3d86970e0846c7b15cd5495f0af2089c560c

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
66KB

MD5
a4e0326b3c32deca80f5c35d2c6022f5

SHA1
da0aefbb8279ccc1da49e9bccfdf2037ffd9ecc1

SHA256
05812bc5665901d24c4d7619f643b4fe0003bba47833a5c19461bbed16f611b6

SHA512
c5ec3f713ecc41239497760e5e085384c21cc08621031bbe902654d31606e079397511b13ac95f8f6426429cb94d922952c0f1c454f2a049321fa7a800806b23

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
62KB

MD5
5199672371e156894cbc6ecf17c759ff

SHA1
f956727a1f1a867e38d9d978d3eb24b6bc4ac5a1

SHA256
7141c09497d555735db3abddd10c65bdfadcba11e51c670bac55ba34ca961e6d

SHA512
1e81d9db6f52d3f146def1f90d61ddb9339a368105daa0a8bb4066e799e6421664094358bfb7e7a68e3456c5bd5900fb92267e4296e2137a7aab96067595ac03

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
62KB

MD5
4ffb42fc3bea892b03b0a81ae24f55cd

SHA1
a184b69ea613d1a4e8c957dbecce87c9391dc602

SHA256
ef5b71cd8fe599fb2de4cb767beccaafcf1941a5b43dbd594d78253847fa58f8

SHA512
7f4126f5110ce7b3129f6efddbf0de64647835eb7fe71529f52ea3ce8f8b498d105fe73758c07efad40930353df52f5d9564865229331a8b59085d8603896e38

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
63KB

MD5
f8898c914fc7107cb3b31a74eb8b3811

SHA1
450535b86ea1440a82afe8c52874d8e454ea4b2a

SHA256
5fb17527fbf30c5593601cc2a8ed1ac1345d1cb82fcf424b7c446819c76d1d1f

SHA512
4bd2a6f687639132edcb498296ba7fa6eabcfd23b89fc610334db7c656545b1a933a21567b5c10f629d0c492df3521c428bd2d4261ceb5d74e5d2e2adc15d5d2

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
72KB

MD5
12e64b9a3c6458795843364246c0829e

SHA1
d3e1b43a7357703f4a5339214ba60f5ca0763352

SHA256
1f9888538bcd16a3cf6113b989b5511851bb6677f03f5422aad8111cc711d3d9

SHA512
d89c4239595b47556eb05bd714f92fc5a436d7e184b6913ad70654e28f8458c921d2b01fd50725076da427135e688c30b6bff6f73ffb6602ec63f73045f02ad3

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
62KB

MD5
2383771ee4ffb38dc431e69a3dc273ec

SHA1
421f78318057cdffa18074cdea729a3dba412fee

SHA256
d41ff368dc1825540ba309a4a3a6da55de051f68b4a470b80d2de2deb9f843a5

SHA512
fdc5ead4edfdd74d1004d85abd62cd4b8e5a02247de826088c4307ca1b4cebc5e3bb09349e8f61a69827d97044714adf1eb6fd6c95016836009ea065ad28a244

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
64KB

MD5
7941b983266173eb0f09f36cd5733fd8

SHA1
c886334916e3ff06e83f3ff7ee4ac800dd14ade6

SHA256
7e8bb8a72b25676d5ab0d4e40fb9e2c7f5c0cbc43031aba5185fbd3623bacb1a

SHA512
a90f103df91786c02a7e580fbf7a0a8148ccc5a7677c76ee70f13aa5e35af0b706636108e104b04894baab71940ef2bfaea0e8f70e11225cf96e344a75c427e2

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
59KB

MD5
3cc76cc492f5ad51f62f968fa1493542

SHA1
f53ff58d45adf950fce4e76f0ad6abce557fe0bc

SHA256
a34672fb4c967a1ff6d3af486c302655de712e85cdcde1c9242b782ccad94677

SHA512
c75e132ec5151b201eed4dc860754d6a5368685040cc48e4eaee39b71f911f207131a0e17bc2014d9d3624d0483df88214b5309ad6aac4140f615a6757ad7452

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
65KB

MD5
35ae8eed2d4aba46ce463b90c42d8e5f

SHA1
8d685b794952486fb35079fb13436ce954be951d

SHA256
c4a708206bc93341271fe18f74a30e68b5efda937917c9763111618b733115b3

SHA512
7fbf45bf7c01fefce9450f9e1b642386354f808195acfb9ea6da8212b0a6dcd67be3550498d79d2ec2d51112b8ec2c54569b4da3963d2336cbae94bdc94c8f47

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
60KB

MD5
56bd4172d0fa55504f08507c54fa84ac

SHA1
a580cbdf7d8eb24111c6ee0e1f080a73064234cf

SHA256
2fd0aa8615d308b2734467c04e036d8ca04991627a74aed5554565ea5815ce8f

SHA512
04c20bf1a697b0682e2853db4cc5efb88620d7d674419595b8ba4e4727c1af0ad0abf3cda4fad5f6f23b57288b1f8e9cf0b908c9f2f189504d730078a42ae1d4

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
52KB

MD5
d62129c2ded0c9d149303827149451f5

SHA1
e894ada8e5fdc12ec9563a0dfcb039a22bc59c96

SHA256
485f57527686c1456fb2bf5e5385bdcb03b9cb64354eb9b5bb8d3217f5770b10

SHA512
fbbe4decab657568c4011d9839865a790f1afea866d947d4b2fb0ca963afbf02adc4503e699f2df3ccc5c0655886bd1fb9b2ea50eb13290f40e0a7711a3e475b

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
62KB

MD5
ff4ed9c06ced07828b14aa1eba50d149

SHA1
4a558b1c5abb17c0d11c7e1cf1318d6e333a0951

SHA256
c90963875eb1af601c9a5eb9ca8eab79caf3f9867c4574aeb76ba41bb4d8cfdf

SHA512
817bd922b477185bdc90fcbcb65e6f07aa8486608420a20cd2eb6821084a9d643a2e49cd4636ee4591ab18f5ed74f6ecd9d3634799446f8ce271340772a08b75

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
56KB

MD5
f74709d698ecab2bc7b4047c371afdac

SHA1
e3662ab886d38a6b97a709ddbc1156513472e26a

SHA256
2fa6d428c0f48c90132ab27fd21b81aa148ffd1fe8ab834ba6f7bb2f459a39f1

SHA512
0a2d7b48f22c804d00ec41b996739f64e12c1161181f92538455b470bf77396520a5f6786647c6628990dc327bb77ae4ac0b94910c552e7bc98609bbd15b4c8c

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
75KB

MD5
a120a903cafdae34718acef0a6b35af2

SHA1
a08347bad50a28c0b8957be80c2d6c00c4a7973c

SHA256
d7d76302489edfdce4cb318eb90a95bdc16d7d395f3a3c7c413ade508a1c9bc6

SHA512
b21e4bcb5ffcd29a64996a191b87e9880949b700e200d05d75f89532247ab05dacb375ca371d3e26e97f61873f2b55e1b45df4aa44966f8fc48661bb254a482c

Download Submit
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Principal.dll.tmp

Filesize
69KB

MD5
9442f0d752a086d900cc8e0ae0718e5f

SHA1
a57c7430ef85f8bd29c1efdd0e3dbce20baa04b7

SHA256
546d47eb3957670627f491f88497589938cc2ec641842ea428e68356791cd767

SHA512
36573bee4f0f1018d8025cee09c4623a9e786b67018cc05d714532853de7289e7d5d8fba26331077c4b6aaa992d624523ea81ad93538cc86d8f62cb9c23d1902

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

Filesize
54KB

MD5
7921a17bc8214e0badaa210a00001ff1

SHA1
0fa4a36ef02afb441efef5b2a967659f247ea705

SHA256
ccbad1a5bd9bca4a845e2a97489516c4c95ba416649c69f9a24f15f7c754efeb

SHA512
05721318d14fe50d0364350f9af2b75e3f615b4c50bfb2af963258169cd138ca67368a4db5ec2b0addc652c1a7bb944de92716c1f3f5bfb483da0c2330b94c19

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
53KB

MD5
4017e510ecd63b678066f19a63285be4

SHA1
92085f97d4c5d75746684a22b28d1a439e94c934

SHA256
a53da376866bf38254987654695ee6ecc2d5fd9493bcfce46fa7fdb17936c97c

SHA512
aaac0d95c5609bb2601271a236379da663ab37db693bc28e03eeb41446780536bed6497c46e143efb889a107809e1c421764fadb61d4dc57fdacb7678f9e6f6d

Download Submit
memory/2292-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2292-1265-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads