54ab1f17ccce8a813ece616bdf8f79d084a000003cea00e0912a203a9bb936ec

Analysis

max time kernel
120s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 09:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79fe17c073006c04098645b74ac03a10N.exe
Size

191KB
MD5

79fe17c073006c04098645b74ac03a10
SHA1

3b74dbfc7d5fb24ae399068f9f360c68ca6f81c3
SHA256

54ab1f17ccce8a813ece616bdf8f79d084a000003cea00e0912a203a9bb936ec
SHA512

8882f8c3b853fc07e28db6777ad377df78cd3b4c1eb5526071cfba8492cfcebdb7ce91c7d3887c99648e45fe2a1b009d47c1a7bffeb7f2a91c69f29d5ba7048e
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBi:PqFF2Ie+eFa0oqFF2Ie+eFa00

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4273) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
3144	Zombie.exe
1580	_MS.GROOVE.12.1033.hxn.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	79fe17c073006c04098645b74ac03a10N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	79fe17c073006c04098645b74ac03a10N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp	_MS.GROOVE.12.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Concurrent.dll.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\VisualElements\SmallLogoBeta.png.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\release.tmp	_MS.GROOVE.12.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-pl.xrm-ms.tmp	_MS.GROOVE.12.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.Extensions.dll.tmp	_MS.GROOVE.12.1033.hxn.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\psfont.properties.ja.tmp	_MS.GROOVE.12.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	_MS.GROOVE.12.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.dll.tmp	_MS.GROOVE.12.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsFormsIntegration.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-pl.xrm-ms.tmp	_MS.GROOVE.12.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClient.dll.tmp	_MS.GROOVE.12.1033.hxn.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\lib\deployment.config.tmp	_MS.GROOVE.12.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\Office16\OSPP.HTM.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ul-oob.xrm-ms.tmp	_MS.GROOVE.12.1033.hxn.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp	_MS.GROOVE.12.1033.hxn.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe.tmp	_MS.GROOVE.12.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ppd.xrm-ms.tmp	_MS.GROOVE.12.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH.HXS.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.tmp	_MS.GROOVE.12.1033.hxn.exe
File created	C:\Program Files\Java\jre-1.8\bin\t2k.dll.tmp	_MS.GROOVE.12.1033.hxn.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\deploy\messages_de.properties.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-convert-l1-1-0.dll.tmp	_MS.GROOVE.12.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Milk Glass.eftx.tmp	_MS.GROOVE.12.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymk.ttf.tmp	_MS.GROOVE.12.1033.hxn.exe
File opened for modification	C:\Program Files\7-Zip\History.txt.tmp	_MS.GROOVE.12.1033.hxn.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\sRGB.pf.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\classlist.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryDashboard.xltx.tmp	_MS.GROOVE.12.1033.hxn.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\LINEAR_RGB.pf.tmp	_MS.GROOVE.12.1033.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatching.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationCore.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.resources.dll.tmp	_MS.GROOVE.12.1033.hxn.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\freebxml.md.tmp	_MS.GROOVE.12.1033.hxn.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Paper.xml.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp	_MS.GROOVE.12.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-2-0.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.Windows.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationTypes.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationUI.resources.dll.tmp	_MS.GROOVE.12.1033.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_F_COL.HXK.tmp	_MS.GROOVE.12.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Primitives.resources.dll.tmp	_MS.GROOVE.12.1033.hxn.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\currency.data.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Median.xml.tmp	_MS.GROOVE.12.1033.hxn.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3908 wrote to memory of 3144	3908	79fe17c073006c04098645b74ac03a10N.exe	87
PID 3908 wrote to memory of 3144	3908	79fe17c073006c04098645b74ac03a10N.exe	87
PID 3908 wrote to memory of 3144	3908	79fe17c073006c04098645b74ac03a10N.exe	87
PID 3908 wrote to memory of 1580	3908	79fe17c073006c04098645b74ac03a10N.exe	86
PID 3908 wrote to memory of 1580	3908	79fe17c073006c04098645b74ac03a10N.exe	86
PID 3908 wrote to memory of 1580	3908	79fe17c073006c04098645b74ac03a10N.exe	86

C:\Users\Admin\AppData\Local\Temp\79fe17c073006c04098645b74ac03a10N.exe
"C:\Users\Admin\AppData\Local\Temp\79fe17c073006c04098645b74ac03a10N.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3908
- C:\Users\Admin\AppData\Local\Temp\_MS.GROOVE.12.1033.hxn.exe
  "_MS.GROOVE.12.1033.hxn.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:1580
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:3144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2636447293-1148739154-93880854-1000\desktop.ini.exe.tmp

Filesize
191KB

MD5
771afe84d24cba917e42ab17384f6c56

SHA1
c53189c27d7b1bc8f3cfb04ce4111ed369805e10

SHA256
b56e7a6045a04f5f263d6eba4b601d7bac3e2c6c5274f116b5e3ab735f639c89

SHA512
48ab7d6977048e8428254581ebe4d2648061de579c0a18de564ce5eb30e66b584c114db91681c483f6735012ece448b6fd161c69cee01ae685a5fac416e07bfb

Download Submit
C:\$Recycle.Bin\S-1-5-21-2636447293-1148739154-93880854-1000\desktop.ini.tmp

Filesize
95KB

MD5
13f5dc7d9be401b430582c6bc588e4ee

SHA1
c7c48db90570d2fb48056def65e47ca879c895a1

SHA256
909956521c1bd9ca9552661f02cdbe44187447ed856e1b5c9d1d32584f37eff2

SHA512
dc0caa8de92c66bb10f4336400078aa500b9767809275fcb6c17af3df3ff0423d963adef16a7a18916e3ed67b4ce39e49e0855472a6c6093f54c6779af2d4af3

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
207KB

MD5
9db81215cd2ab5c80989a5c177215fd3

SHA1
d6dc761cb9de006e1e964ebec75fa9af5d2b48e1

SHA256
af4a1e972cf2128401365b40d253fcb50ee95ba7fb4fed5a0fc94d94708a42a9

SHA512
2e71916c9d9dac97fdd47e3579fd76a5a70151611e414bd39b780181d6d9c134707157f7d6f6cbf74271ad78dd2b4abd9b817ab8bedf2176cd0d7419fb401523

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
192KB

MD5
9823aa38a0c1ca7ff1e8015bed90ef1f

SHA1
26d72d62b3fafdb25bf9c2251199698300540759

SHA256
e989c02d577ffd4a6a2a3f4fbd179be82a4efff833c515135aef4b06bf57b86b

SHA512
01905c8d89db501da0d5b1a10b2330f7784ba93ae234200b2b4240a9751691c2983e759132d3ec5a6a214fe1b159852016737c15db388d24438ff0aed7e88244

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.9MB

MD5
6fe7e34bedae3ba20e01dc6ee3a3f794

SHA1
bf794234a75b2502b7d278fc7bb3d839bb9da334

SHA256
3a8627937ad66fdb8f2682efbf850e70443ad028b2c403543a145439e7cab8eb

SHA512
c35911ddd621e466638d22ec9495b21c31e981da7526a679c5382e71c23b98b80955ed9fd7bc4873409e09fdbe8ff9c18798a5f2e561d1549157b5c342f6e814

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
639KB

MD5
760caa9b65f6af9a346976c5373494f2

SHA1
3d958a6a197e43cb7ed65268a726165fc32af738

SHA256
2ab79493342f48fad8a6aba508b7c0cb0867a8e6a5e33b7f031dbbea7e26b693

SHA512
c68bc6f6a3223e7cbc9a2d69024f0f09c4aa3278939b73a62745ae82bd2d1c748900f8cc5f201cb3be360acd38bdf3cb3bfff1cdf0476de9352e966cebcdee5d

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
304KB

MD5
00767d9fa59283e12d6f82fe54c2822d

SHA1
64c9896b8da904453491f9c377afcd1468133bc6

SHA256
8ff8a40f0e390b80a6603cd39d413a53f152aec8774d012b10fb8978666b9b57

SHA512
5d7a835d2a40cb507a46580ca64dbc4d3d18d45d0af64663e099761d696d7685258d3f0fcd167c00a43e323f2f280185150c8904d581650888eb9557681915d4

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
1.0MB

MD5
13f0ce4daeac778417001dcb3c01cb25

SHA1
c54f5cb49477f745cfb0c67f866c23c0e5cd53c6

SHA256
90d064f4cd9909b3efb9efb41a9e994486d783e3daec76ef035b4146d1458a06

SHA512
4fccff4130987b7c220faf329c7ee6feb99fb7c156c6cb7efa0fb0c46f9039299d4bff58f14ad9c15ee859d290fc5c0a10c28ce9e7ea2a54a1049de3c6a4e50b

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
779KB

MD5
dd4116f4db51062b65cbdf3668809e79

SHA1
180b04c1cea4202bb31ae6c26207ad10a1471079

SHA256
f1c35e4b69670e77786d2ff27dbf539c28b8163f0039f3db455004629f92582a

SHA512
fa331f9d470376d3c753301b387e721f62bcb34da4a08379615a5a48f9c3aa8c07b95173780caba00a2ab1cf7a61a03f1022d97ebcca99714f22f29d11b4d48b

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
152KB

MD5
5145a16694d84ba43bf03823664c3cd2

SHA1
b6b035b3f713706ecee534547f83d1e9e4add36c

SHA256
65054322b17cc5f027836c9bea8ef172d07074d71e224211e81b9b6a8259719b

SHA512
d31033046b0707fc4b7be9e400ef64ab5fc7e3320ee3aae29f04bf20cf80cd9d4ec1f9688e9eea36e9b69c90f62d3d28220fb0880c22e1c85758d3c374c35c94

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
105KB

MD5
79192155d8b67f750d82cb2f9ca236e9

SHA1
2dd752a4ff45b8e3bfeaa0fd7dafa03a3d33d4f8

SHA256
0521829d3a8f155b284f9b88b11548ac1c09669f47c84064f87d76f4b0a55941

SHA512
c572651d58e8a0b7de74bd8ffe5056ed20432717811735b4901039b21d128e1c5e3758506aa287346837d7534542fedcc07f3715b3c222ec99a7ec1369e118c5

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
100KB

MD5
86484f7764cf382d90671570aafd2ca7

SHA1
46e71929dc696241bcef4d2328ff403270abbd99

SHA256
39b5ff229c8ed1eb15b843bcca05f29ef09d686effeca6d4552d9198981879a9

SHA512
3021e5372e3327b0c3c91276a544331a2982ed073ea33f54dc62d0049567ee88dd647665f52355cee09d672ef5505dcd13767a01ac38d8e41bcf965aebe624a7

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
104KB

MD5
61df17d397111b5dfa7cacc98fd29c6f

SHA1
6985d83cf7b0aef21f49ac2e1629e7e8e950f263

SHA256
e3b282b821b79f3cbddfbaeef8b0d8463dcf8a26aa63658b1b907435b9a693e1

SHA512
1bf0412105fe0c16d826f813c092c9d3be24daa6dc0752f8a31b5a890dfa82664276c06f7d79bf0e1be21d6a550407e6927bf38d0075a8ed62ffc6a299b55602

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
106KB

MD5
6acb61c20b5c39223895781fedd05222

SHA1
85e862c5e4516c795f294fdcbb41806606538a71

SHA256
52f6f45da39bc2cbe9aa4d215bf7027c74c0b7578bfc1d2ce1779bc28f136182

SHA512
4824302ab302c31c5402d7f7d1fc29dbe56d47ed6c6d8bd884926c71533a45f48462e6364c219a188e01285d4aca81997c8400c3ac2754406a510f0bb7fb75f2

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
107KB

MD5
192b210455e32ef60e0f71acf14babb2

SHA1
7c615a43a3380f08e4c75fae3973cd2acb110aa7

SHA256
9554f8bc24645cb1a0117c2fc75b3b5667c6b23258d9a9c67b37b478200fb3ad

SHA512
07173d1a898fce4df355d2101ce0a6197cd15d4d404fcedaedd5c61ead165b58643afe94b43e4e2046a180748a86cd676961863c529df8dbd29240c3d28e9b59

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
109KB

MD5
7c3055b1e57d42e95e54de23f6a650b4

SHA1
c1959a8b4b22ff9f46ba092d94bfc4ac3d48c4dd

SHA256
0a9625fe14172ee966acf706ab148bdf2b2ab6cf5afeb11be9d4295823bdacce

SHA512
d0dcf52547b1e7c4b05b96deb4979d093eb07c5ff3bcf72371c421ffff95e2aef1450772112401e9d841b4fea9d3daa7845a9ace3ecc3ec1905cdcbb2465c485

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
100KB

MD5
b8bffecd072858e06305d7ede7357b40

SHA1
1bd9743bd67ca3b1f92f39cdb51a68f6d5d15a2f

SHA256
84c7781ef28da93757843c8139c38191658344f1a8f390ddccdaf4d6873741a0

SHA512
110376d12cf6f014fc05acd8b632aae390e59754a6c6ede9b33c7cd73c238bf7e4f8cc26ecae64fdbacc5456352c2f9f217fe2ee306201640ab2704df2792ccf

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
104KB

MD5
feaaa4bffb5faf3d94fdd1e951430052

SHA1
f4dab324a619a3660d2cc9c51f24bc02d963e219

SHA256
2b92589376a63dbf7f7e3440c22d1f1d3534027b39a07be995a61ddb0add3b61

SHA512
9803a9a38d96ad2e0c1ed4797bb404ed40839dbcc8634794eabdd90c1681eeeb86e970eeb464351e920dae7b8a19d11ec928c07553b746c337d3d8209c5f814c

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
95KB

MD5
d9c789fde423e5911ab6a6492692fdfc

SHA1
c38d7c097329b529dc182595d35ddc161e7746f1

SHA256
95b3cd4708415b265a179350c1afd546eeec5b12f1b3c00c14d9e887e1437b48

SHA512
3d3353001690c78f5f7ad60ed91e2471e2234afddda783e707303f97499c1888d16609015ce238ba870ded98cc5f183e9a6e9b7a35a8b78b5ee2ee6d9dc3612f

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
104KB

MD5
67f7b20e085d7908dcc4df415da4546d

SHA1
e2fe905f784303060b9c3d0fc62276a5460fe795

SHA256
40e270af98034b98d5d9a05e7d4e2de772ea5d643cb691a697f340e1695e47f3

SHA512
5ebcc307ddac6af046192a6c18ff0afc0a755b877b674db34cb2f3f54bec716dc93b4a7535cca0079e162ce06278b53e741327fd036052a8454d6a72bd4dcd3a

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
112KB

MD5
230249d86df5fa56cbc37fd5afd00a8e

SHA1
28af24be20d2563bffafd3d1de5082ca217c143c

SHA256
03ef4a944b2e9007f4a0459e8952effac067b5bf3f98b033b12b445a7976d0ab

SHA512
03001fe15299065ceb6abbed3689c13d969e6ca6e91ae512fcf34e8487287f92ad97c4721c1ff62d307ddb2c909427e0542bbfb313862923c3d7b4876ae56665

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
103KB

MD5
c78ca6ca5c757c7fe49b1489b7d8bc0a

SHA1
18ac07575d49b9fd11bb1ec6f8fdb52586c7b938

SHA256
9d5f35df1af72a7f09d71466ec757e29535e0d719ab7ee82b6039389eab6ef65

SHA512
ceb4a6512ea9975f4e070a675d5e5e456b0cb25ce4adec247ee842617490be888cf0f14be1c3e7dd5498eedbdb28909189f67cb441fd3d47f9c2e786e2ab2a49

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
101KB

MD5
83eb6e6ebe1d036d1fc968f325dd8eef

SHA1
bf921f80dbf4f324d78dd67ca9ca00485378b5f0

SHA256
591513d72a9c6dff14376f8adf34c862fb73ad824b6c3981d79696a3d85f56e5

SHA512
c7ba51c4b870719ac91caa143498b5007447dad7b23dc3bd1ec9f74c7ed5d28665f40df65acc56fc2f9ce1e209e16c0f4d724c1416fa277055495e940b7f579a

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
105KB

MD5
14cc8cbad3d55cbb2e1c0cda627d5b20

SHA1
2580ca9424857f6dd63b322b0a334c101e505a10

SHA256
80ec4581ebdb8761ac6f475188418cf2bee049941a0748326797464987537b6d

SHA512
0e5ac5257a18a5b3fa40015b102a2f7faff85c0c85b133258d86e225f16f4ee09675959f07225a2e4c05ec0dbcd7ad4dc5d1dd50d89fac2d68399cfb5156b005

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
102KB

MD5
4eadf232668f8882c3320f7799d309a2

SHA1
385dcfad2a0eaf6c5ae914816aefebea69ea7284

SHA256
7e69e694b77feb50bc2869171013d3a8ff71d8d0c14c39f51a3b1b977bfc2813

SHA512
82286cbea1bd1b71fb3ec5a93a07f3d13c77749509e4463f1938934a5402867fb0e8cacf161e3b94dbcc4156adb6e819a7785cd20589faa5dcba858bcefede7e

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
104KB

MD5
c0258ee621abf10db9c3feed744f7972

SHA1
e465ef3fe97233be6a020224661efe130347f234

SHA256
bf704489c04ad59c0230a649e9d3e62c84e8ca483861b1e7b68d31e36e7cd01a

SHA512
c08bd0a76bca37b6f06c8eeb68e859fec09af82b54bf1778f8157bc5ba402b1ab40971b9e85e9d46f30c0612a94186f89e79762b042ea49649b1c293ff7f0d44

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
102KB

MD5
8d96a9614dc63e71e25bd8bb81e0063c

SHA1
a970bfee44b207157a6ca05e803c6beac5ba6d14

SHA256
e4fa6f58ed7e9f81d68b8d5746c5067bc278cdc9d46f6fab07191914614a6a63

SHA512
b10027b396a3e66ff893cf3177456ecb9d47ede72ebefc64c07a91ce227339e99e5d4df69ac02b7420756d166a0025d5b5418e71c2ecdd0e1968b02dee57db38

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
104KB

MD5
75b086faee53f67bb7ff1b9947ee70c6

SHA1
b52b93513070ca0bc21a267de71aa5b5245660b3

SHA256
10d86d4b66cc48e0b0a51d4159a283ed5b47e7a031f2b00561b6662469519efd

SHA512
6cb2fb7cf771a9cb0915420aa898ecc8077d52aeecb7af6e7572f52879d4e3fc28dd3c2cfd3b9da623fea752aa855450f24cc96916f9a37298eea13e26111301

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
95KB

MD5
c809823a9c2ee76ad403a6b6aaa5f331

SHA1
cec9ba25629ae9f5f372e441bef49811b8aa0c0a

SHA256
686a5528d502abeeacc1f2616200386ba0541cae5149386aaa99cb7759b0eb17

SHA512
9567134ee71f8a4fb719ed258e9b5399f02d6710715e57040e2fd69425302af3716d14ddfcc0a176e9f8a46b798f0da8ec55f08708cfb28a9ec396f895e5c563

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
24KB

MD5
438059e7e198bc65ba2ae1d82e9907c4

SHA1
a7375dd055ddf2101f1abbdfeb1c067e91feca77

SHA256
235accff2275d2a58913a9e7059e9a84fc5ac451b677454f045ca04138a3bd40

SHA512
c79dec46545671056f63b2f981b0da4165dce4c6e1a507cc0bb094cc59c7123a4da2b0ee7508222c2952bf373822dfffcad7248a104461dc2d5796581d771d79

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
104KB

MD5
dfb2ba74463eea4035750ec909c1774e

SHA1
e897274679090e8cc045ad62abcc2bcde31aa646

SHA256
13e42a26946251ace3fe0523f9a7e84660aaf38769ce2c2d5d003775930d961e

SHA512
126a530df0a10c0f4f085cd638361cd8472dc5f97ed241f21c7902005a91a9aada51bf6788e343cf95b74086d83082fd90b3e307f1f8ba8ec91ec002ddeee703

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
105KB

MD5
63d5c27b6118e92ca12b484de94260be

SHA1
da746371b6b792424d695d32ed309eb7f732923b

SHA256
af377279df744a171b3c914e5cff5d23bcffe5d471491be4dc48e052f45a5cfc

SHA512
c2105ca63e62a496a28d467ed51d1f2cfc77b060fc077cfe75d2febbb40e0169e79e5e3f261a7e4e0b4186646ee2d2abecc274fa3723add8b1f3976dd68518b1

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
107KB

MD5
45294e7b450b7655c77c0568248e69f7

SHA1
f782c0cb514ffe5c50a268974d294dae86582fd7

SHA256
56f5e261550299ca98c4c4a922bac672ee4284cc06002d0368000f19f162bb49

SHA512
9d8b7628747ac40957359aa883a4ed073e22e1d8c5d1bc2d3ad38ab4db5020cd5da27f38091d9bec8ec0ac5c99c9abf5ab3c42a82a35227234deadd4a5e4fad0

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
113KB

MD5
b154ce022f1b9ad1218f62c56cb9e47f

SHA1
eb25c4ddca492fe0ea431b97ad4f290fc3fcced9

SHA256
f5af2485e68172e85b5255d0f9c09de87abc9a4150498bd06cfa05d2b206cd04

SHA512
7920456b4e199c3937b595ee6d71794105c9dfa2290dd2bdc2ad03ee4c1c71ad20829ea3b6652abddc433b69c30665aa9bb0146a7c60cf82f675259583be8541

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
104KB

MD5
9d07484eb6cc624bb1f067fe1f461659

SHA1
a3c79e91cf14e174f47eca8e843fb139e8898150

SHA256
02661a01387474cf282a2fd25b33ea7933ea4d6bedcff775ee7e858aaca1ab20

SHA512
03959c40d2d044dc708ca35fc72009fd79e778cea6f6a7d5ded6dd56605ccc5333c1235a487a0733afb9ce2431c0ba526098f85ab30cb5e77f3cd9edcbdbf5f6

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
105KB

MD5
988cb3124cda2c4499f1229c69967d1d

SHA1
bc69fccd8a849d9e46a47243333e92ca1376467b

SHA256
56721c2a5754a81b4ec1589682bb243c015a139aa2b9f8b9c335d57927af76cb

SHA512
90cd4610fce8a995b3f17558d15c66189dd4e8ef764bceb0d60daab03565328e48437a636724f5f774a7dec7d0dce8bf864896bfc9329928155f0293dcc5f556

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
104KB

MD5
cbd078905b424414491804a4283fb6df

SHA1
b58aca5c3f9f806221a211480abf786e6b557b6c

SHA256
5803beb8e81d31c1d9f988a1bf8831afa408ecc7f74ee34f226f8cc6377d424f

SHA512
dbda8042722745188d17088102002f82da22f8c5f27d26273635dad6cab55435ddf719d4788b6c9627ab926fe98262e666b83fbe575d8332ea124fc8c472e1bc

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
104KB

MD5
3101212fa91475f165143714563a7044

SHA1
7b74a45a32037d0c56c210e4512e3b2854dc5d01

SHA256
fd61ea7b3d420d59b1f5950b9c7f6021588a3a90bd65c590a1f0cedfdf212826

SHA512
08a6f9c557aac1c0f8f91fa7a32c9fb4c2de18074d4148fa39695fe9abb71172fa13de14346026e9ed385dc239b36ca548dba539288feaed9c9c049e2bc7b22e

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
105KB

MD5
34c0afd7bafb56fb9ee914ae84c2bca9

SHA1
900b9530647c593374c41beafe7fec4fb36fb72c

SHA256
1e493df5bb6d4cc24a85de1849dc44310d227ff74933234390fd3dffceac67b3

SHA512
d1b7a4accb1b84c6d2f64ac16876d5031b3851869b3539c6d48cc9c63406db0e0b88e56d5fc8cd36a90c691cd9016d138374c0cfdf73eadd1b0c4e71b408c6af

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
107KB

MD5
64d88003af43bbbafd396eb82bf17a10

SHA1
0a896105b1ec46f22c1001f1c513c12993c3d789

SHA256
f348640fe46bf5fa478036d0b965986a743fdd33036a99fadce58d7ac3b39f87

SHA512
96ba249c708671084d0de1fdcecf78bc9a218d27176e64725b37c52bb3f95fe594bb4f721c9028d5474b9124bd8520eac615d0751f8f3ea8e84216662783c685

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
112KB

MD5
7c6421d180ce0c374bdf37e5dc57222b

SHA1
35bc5bfdf78c39cfc6c8606a341fbc143d93634a

SHA256
769d1bfc10a670f5465862efbe9d9b2276046d639d2bb8a13af37dfbc75a733d

SHA512
f2676ac79728b2ca798d2a3fd2037cf2faf400a377a88f50cc989dbeedb3f4aaedaae807df69ac35999eaf84950e6ce1bbb872b7e41627221752a5ea807a67b3

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
103KB

MD5
d8aa83974399a9047d085e79fb9c5b13

SHA1
a15a7358532533db0885462cff461a0722481b21

SHA256
0aec9fd680ada0587cd7a169dc98fd2f58af2cdf84d2f17d801f1969b8692533

SHA512
0c5ea1f425a622a878c18e6f28fdc6acb3603edf764f5b7f909c9f1973bb8de34c1a1319613aae40ca8d8b20fc6b30665d32457ee4e718195af600f505e398f3

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
104KB

MD5
c3bc0da4f2d161e1b3fc7e6c17c2d4ca

SHA1
ba37f539aa18ec5b201fe432bfc4eb7443724732

SHA256
6d8b6f49eeb0a124f9cc8c3b726d98c6b6b5c8f85eccaf95dd3ad76e716f18c7

SHA512
19c032b0bd7c7fb3ed382770c60fc25a78c082c3178ffe9b9131d5dca1861b4ab28836ba9d42a60b2f90e3fb7eee29dcb04f1bf4aaa2be07159f1190a53bafd2

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
106KB

MD5
67de5a4f5eb575d5c9f38a92ffe3f21a

SHA1
6c4ede246ba644649baf5971adb5c83e674664b0

SHA256
ffbec5444e06500fc1a919a1bc618e6df3ada529d6f61ff59f3ba7dad0522027

SHA512
7759ebd0ede4e7274eb2f98fa86f61077c7dfe3f30d82d94fe454879457e4500f09bb690b3e7a50bce209fb91fe47971e1393c6845e28c55c4960e60077b3a62

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
107KB

MD5
928bceda9ae1178838be30370fb0d012

SHA1
a651344436a033215dfddd8c8e7bc19a5e255afe

SHA256
c3d0c28e2ed5b1438cd2660caf4d733800ea6a6fd2e42b1b36ac3bf348aac0d7

SHA512
1f74bf1da9ee4a65e2bc6e24f38e1bd7248a7529c65a5fe672250bb1234b031d131e79c14db968e65efb6bd552bc3180ea69b003027e168e015b7a81e0a2954b

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
101KB

MD5
f96d76899d833ae4bc2ad9c566befac3

SHA1
ea5a528fd686636975458f166ae1a0c8a8140186

SHA256
c83e72b72aff97e9fd5532ac82d9eabf0c69051db88ae16b03af34ee5a0feaca

SHA512
f18679c0412e7e4332a909be01ceee32dfc3e20f7548ca3117adfa9a91d6a1dfa0861334505324db227683a14aa8c603d2b28ed35cb46c93f893e083df5d816a

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
103KB

MD5
136d529009c803970d672f2890debaaf

SHA1
b24e56b3d4b9ba411123666cee5e4cd749017134

SHA256
2628f149f177b996caee7f5a5c3cc09140968e54ecbe87dede819c8c94ec3b89

SHA512
8fce24e3c8bd65f19a59062376a63703306c44827c10a8183eca6dd77d725bb954f8ba89c9aafa9ccfcb11cc167f0f300ee89311555bea9b8b4226590a196745

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
115KB

MD5
ff4454b3421cb1afc61e075dfc5b322b

SHA1
5048db64d8af45d1bb838fa04720fefa13b83820

SHA256
9d7b6c93b3e15e38c41db6b2ffd194c080a6c43535fc539ac19767a9a790d5dd

SHA512
265d479b6a10cff5eb1b24f5dace320d6ad9613c1d928a5d677aa0ad19af69954516f075e6ed1ebda440fe73f882d6e8f28a64d7aa2b25036d922cd04e401066

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
117KB

MD5
be1f13c35c3545898376811e28d6a4fe

SHA1
bc237679a8b8f06aba005b02341396f63128ce70

SHA256
8324240d65ccf61c7e054c04d7a9e82be47f3dcddbf92d97db245199d3239dc2

SHA512
2352b1350736a686c1638ca0f271ff890a3bd2913bc89f2f229772820469ca561061faba8edb81d3379729fc586cb66792acea39b16dc9f1c81bd0b580591a64

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
106KB

MD5
e4b1c552ea3a7444764078ce96046079

SHA1
9e70d558c846790420de6063d36f3a3083fca696

SHA256
17791ab6aa1646bc430202e9a4745238ed39870ddc98fb09e50a1940b65fe9ee

SHA512
b5c80d0b127dd2010091ad2b65702bed244860e0ae4af01b7b8ff1e4ef077708b0b093d3406507e0581a9b247871e411f899a353da1a601f0cd50f0675211167

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
95KB

MD5
429b2c802c3e641c03ce7f82d0f3bf1d

SHA1
4525abc9cdf3712d3efef50c208eb80d9658b59c

SHA256
9fa3100792b9d554bde123044ceb631b482268b202d9b03948583ae98425ef2a

SHA512
0df5c2c0c4d3073cffcf34301f75ae48cb8078a080a3faeb2b19a7915f7e28fe6738314a44f481277b5f4c3b13d55ea65fdd3ccbd0dd3b42a399b8ede5477149

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-pl.xrm-ms.tmp

Filesize
106KB

MD5
5d4a9c90e19cb1baf8f6c79437a058e0

SHA1
5bc044d85823c2729b93ca285ae3a75d8b474bf6

SHA256
05c8d2b0f9fe47c50895d2d1fa8c78edf478104fa216f88bf189526959b1017e

SHA512
d27ade0c00b613b84d3265e505917493d95db07c254b7f77299580c6f1b3821f89a6ae77e8f1f855848a6c101ea5f4992c043c07d7d5fd42c151b206c715ed14

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MS.GROOVE.12.1033.hxn.exe

Filesize
95KB

MD5
ac10aba676df05798de39dc08a1132b2

SHA1
8bffc6fc0680813959169f8b0df9e846e198cf32

SHA256
5c27ea79528e8b0b7642aad77358115aa4af75d7d50aa2d23c3600827b5deb77

SHA512
42ff7279188a83a9d0d33fee2dc2e9fd33e130a22309b7434bb052ea44720e214df86c9f9e70c05d728984b973a546587e242ad37d4ffee27cd1b5ca13782f11

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
95KB

MD5
57a74f79236e1e9aa2a848f9897df29e

SHA1
8a36eb0fa7d982e968251f5faf8d733492eecc6e

SHA256
7d7ffa6f5fee9fce25e8ee6885a1693c5902129e3d2f65b831041ad1238fdeb0

SHA512
4f47732c1822102f3d1d59780d5e483c5be9f7711b4b6329bca9e754eb45efe26a4a5f6f73cb9b67622391cba05dd78e290865380c568e545f655b76ce38561a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads