7bb7178ced26bf8928f3fe53802485021ec09a26bd76c61bf14380eaa73b78d8

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 06:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8fd7b082b93f996fae9ca4dc20ccb1d0_NeikiAnalytics.exe
Size

154KB
MD5

8fd7b082b93f996fae9ca4dc20ccb1d0
SHA1

a31973b230a397b1e4941bbb8e7b96eeb375695c
SHA256

7bb7178ced26bf8928f3fe53802485021ec09a26bd76c61bf14380eaa73b78d8
SHA512

6b05a97c2b2efdbed2ead7d0e80f42b4737dee9fee80c9669c11f99d2f57e8b7db7b2c8aac92090dbd5c7e2d05e602b0b734751b93ebdad3325aa4d974bb4d86
SSDEEP

3072:6e7WpnhkElEa0NQn0NQye7WpnhkElEa0NQn0NQEXxX1:RqthNqthYhl

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5066) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
3048	Zombie.exe
2456	_Register-Application.ps1.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	8fd7b082b93f996fae9ca4dc20ccb1d0_NeikiAnalytics.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	8fd7b082b93f996fae9ca4dc20ccb1d0_NeikiAnalytics.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationTypes.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Internet Explorer\es-ES\ieinstal.exe.mui.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe.tmp	_Register-Application.ps1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-utility-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-140.png.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.tmp	_Register-Application.ps1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.tmp	_Register-Application.ps1.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-phn.xrm-ms.tmp	_Register-Application.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\EntityPickerIntl.dll.tmp	_Register-Application.ps1.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\glib.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Slice.thmx.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-pl.xrm-ms.tmp	_Register-Application.ps1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL105.XML.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN121.XML.tmp	_Register-Application.ps1.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp	_Register-Application.ps1.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Input.Manipulations.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Xaml.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationTypes.dll.tmp	_Register-Application.ps1.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\th.pak.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\README.txt.tmp	_Register-Application.ps1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Edit.png.tmp	_Register-Application.ps1.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.resources.dll.tmp	_Register-Application.ps1.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md.tmp	_Register-Application.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL106.XML.tmp	_Register-Application.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TellMeOneNote.nrr.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp	_Register-Application.ps1.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.DataSetExtensions.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32ww.msi.16.x-none.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSOCR.DLL.tmp	_Register-Application.ps1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationCore.resources.dll.tmp	_Register-Application.ps1.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\thaidict.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg.tmp	_Register-Application.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	_Register-Application.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp	_Register-Application.ps1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcp120.dll.tmp	_Register-Application.ps1.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClientSideProviders.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.resources.dll.tmp	_Register-Application.ps1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ul-oob.xrm-ms.tmp	_Register-Application.ps1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuin58_64.dll.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipTsf.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Brotli.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xml.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-phn.xrm-ms.tmp	_Register-Application.ps1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.UnmanagedMemoryStream.dll.tmp	_Register-Application.ps1.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ko.pak.tmp	_Register-Application.ps1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-80.png.tmp	_Register-Application.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ppd.xrm-ms.tmp	_Register-Application.ps1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\IGX.DLL.tmp	_Register-Application.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONRES.DLL.tmp	_Register-Application.ps1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN108.XML.tmp	_Register-Application.ps1.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3396 wrote to memory of 3048	3396	8fd7b082b93f996fae9ca4dc20ccb1d0_NeikiAnalytics.exe	81
PID 3396 wrote to memory of 3048	3396	8fd7b082b93f996fae9ca4dc20ccb1d0_NeikiAnalytics.exe	81
PID 3396 wrote to memory of 3048	3396	8fd7b082b93f996fae9ca4dc20ccb1d0_NeikiAnalytics.exe	81
PID 3396 wrote to memory of 2456	3396	8fd7b082b93f996fae9ca4dc20ccb1d0_NeikiAnalytics.exe	82
PID 3396 wrote to memory of 2456	3396	8fd7b082b93f996fae9ca4dc20ccb1d0_NeikiAnalytics.exe	82
PID 3396 wrote to memory of 2456	3396	8fd7b082b93f996fae9ca4dc20ccb1d0_NeikiAnalytics.exe	82

C:\Users\Admin\AppData\Local\Temp\8fd7b082b93f996fae9ca4dc20ccb1d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8fd7b082b93f996fae9ca4dc20ccb1d0_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3396
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:3048
- C:\Users\Admin\AppData\Local\Temp\_Register-Application.ps1.exe
  "_Register-Application.ps1.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:2456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
79KB

MD5
34ffdb6d8d0092185a060726dd82e694

SHA1
2a6c67215d235150aac58f875a49efffeb8bdd6d

SHA256
a84ba73afb8afeba5052bc3daec66c866669370133bf3b9328b4f5b735373c1e

SHA512
a29b6e25a538248af362f2e990da8e3ab786ba9e950f63d8084bfdd51225d0edd5e4efa061fb213cc4ea14c5962de91914a43fb470c8b44bfbde5442e1285500

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
178KB

MD5
9a13ded2c6141e70ea187542aa4de962

SHA1
8a302e783d1d1f6fa9c057818aa319f6822d2fcc

SHA256
cb84132e5726d54514316200de2f94762001b0a81aad8b0c6d4c81511c11121e

SHA512
a013b8271c4244cc0a6f7136228c604b2853073d4f42d85a6e160afcf9ca7f5cf962d63f98b52f327fd9f132c219621799a5673d3c253fe0d1c3f5f9d04462f8

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
144KB

MD5
272efb1b9c1f23544ad558cee622615b

SHA1
0f61733ee4343866507ada51774599b4d1a1c744

SHA256
345ef93e1e88d88d706db8ead39b016db24f6eace04a0362788695c3d8c596c9

SHA512
2b7b027b22a41beba5e86ddee8c220cb7d654ae33cfc27299f7e77fa94cbd0ecc28a6370d6f6b4b34bed8636959e678ac8de007c24a0fc55f1be7c019a30fc39

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
faf879360965fd4a046835865edbbf6c

SHA1
eacb1167d3c98c23f49dd441f72addbc1dc86e0d

SHA256
8d7fb8f7955410d3f616d1c52ec26cd4720bb16139006f1a36faf5b4571a7185

SHA512
d8bea06eff79ebe556ab297ed1884aee0ffc92143c665e66c74c19f0363a11d2ead4165922a49846deb8a89f3feae9e28fce88006d58ddd9bdd3e9cdc4622050

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
3a0e76f3a31d208d16aa68e2ba4ef72c

SHA1
87765dc5d83937eb5e398ed0be325a25f6279aff

SHA256
ca9d5b83757bb21305fb79c721f93f780d6bcac58ddcafc97eda64af871a2e8d

SHA512
bb2cf61231b0b49f8cce9c905afd0a2c5270679323a912b69b77280a487034756a9b9e8816a436340dcbf9842fbf7decd29e9eacef23bc8f141cf8d8ec0b79e8

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
619KB

MD5
d4e04128f318ce9baa78785592509ce5

SHA1
4d129401eba2b37e607ed7c7fdd27a01240daef7

SHA256
155d79f52aeb2f3d9478f6dfc2c03d427b885fed4437ca429a85bb45c19cb8fa

SHA512
843ba70e5e733c84fe72a9679472e061996266d06cc2ed9416d2c4064b29a9a9ac6ac70bff5e45c9ae226069d4bf68444997ad051819661d46c44e41af6717ae

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
1005KB

MD5
eb00dff5ed32c4c5e3cd473e25a52334

SHA1
426631b43f5a6265d87f9485db844329083c6075

SHA256
4fb83234e113143c5274cafea4c42956e5f9ca1edc7986aa192a20392e8a2bfc

SHA512
917658944fa04a387e924a3f5af0ab164ef93bb021ae719990c42aeca53b611b1bfa5c99b6dddf4a29fbe45048c7ec4631e05652f3db0714e23e5a287dc68ae7

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
1009KB

MD5
b02c0bb246e7556e50727e251efe9bcc

SHA1
c906213014cb544aa4b5aa89f55864b8021e9ee2

SHA256
47a47f5cd76d57b6083b01a5173a044006187eb7fcad0ae3900ef13ac913a944

SHA512
bfd8c826507b9afa1f1288c146b12f02ff69b55b7452dcfa4306ad2fd27164ac210bee65676a10c9b22be58e90a9af3263e4be64b006e7963c53a8e4331306d4

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
763KB

MD5
8a88bcf7883de7e3b3b17c7f35f3f939

SHA1
a096c394b63af9b8c01dcca8e8efdc0cd3079f13

SHA256
393e02a9a3e62fb0afc4f05505eb739f4d6b187758241dda15d8d3711aec5012

SHA512
26b0ea4d13ed0c3e4c3c6d35dc75d09b9db03a146f8cd6c7913904217f924124340efe44d8da1732b639bd0984fe82bfe8ae62a21d0fe7261666a1e1da3fd98a

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
132KB

MD5
85820f777509a763690b3bc5b6df7f73

SHA1
f5eb91bd85d384c0d27015215e75e334b248d1aa

SHA256
46498d3586e30087f0ceab0973854ee6937430087d7241f75f3521d7221d43b7

SHA512
2b1ee1de434fd21ade842ef4a16480a57e643b1f47ce3a0aaee79807a35e2e9af3c785e9db7cd11a059f05df9e70351f78b11a59f1653895d3b80570248c4dfd

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
4KB

MD5
e6cb65911f645b425dc2876d54bc36f4

SHA1
a6c3d54fbb02bbd9d7da74bed3559943923b2f66

SHA256
3cf7465ff7f10c9658cb4d6f81458ac23747ad191450b8b311f1d8f674d84a31

SHA512
35d1ced63aa8cd63cd2c3bdb470f7257689b3897da141cb0e208973f22f3b95564d0bde4a494900446abf0560cf96073095fc5e88521df3607f91a2d2069b299

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
86KB

MD5
ffe0adda1ff0c7cee58d4ec41c2e9a63

SHA1
3ba88777baf36839941733d06b05145d3bafc8fc

SHA256
91d59e9ec27346247de7a7c8be6c79380eb488ad23d50ff12aa1ea5638ab4c2d

SHA512
a319e065f9877d294d4ba2454b2b2bc754fca6d4c5ccad73a0e3d268bb7d3b43d89f536509840a8b726442000dfd92b394cb2e014980df14d3125ea1269e0271

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
87KB

MD5
8a8cc5d442c3b1009daa3165783ce4a7

SHA1
5909ec148a14663f1494515b93ba5f315263df03

SHA256
1ca81ff86b9488fa6c5370485d126fee0eb7d1abd31b30930f54763eadb91037

SHA512
ce4fce27315d0f97a0ae75c6095b6a29eda779995fab3a5621620b1b087239420d3cbb7126530aaac37c3344b3ee2ad7d189a58a3705215eb19c5bee0605ab8d

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
80KB

MD5
2a9f08691d58285bbf2e198598f88f88

SHA1
78b14de0ef09cffc7417c1ed06970e17a634ab50

SHA256
3d438a06402e22a40d49131cb993041437f1b3fbd1a3f1d0e31cb61397e9fe53

SHA512
2cbe8c7c823343ce5f83d886a27e0c061c0620907d974e0544dbf824b826335a04d561b5dc09eaacc529332249a87d6ae20c5b987d84bb7bf647bb950f1e6af2

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
84KB

MD5
3daffec0120c22e1e67a9186f0cc8528

SHA1
f10f4eb47e684453fe0fbf2d4668d7afb12145d6

SHA256
4fbdad2f80c139ed8bdbebc12a0d7584cb56df8082037bebcd2f51fdc493bed3

SHA512
0ab54c02c240115e28e2b59b8725441a28ea8d1c0329423d012b78a118990211603a788bf98fa2a048e0748f223b48fb61b9da7da83486e9f419ea1f40e8f84e

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
86KB

MD5
51f901cde83f15458c10ec731d02f7f7

SHA1
ff576163da833cba976558d07cba372fc506fbc3

SHA256
3052c40a81507bad4845d5de2c119ddc6624771a37a6bf56eead4b530f59a8c5

SHA512
d308dd571a6fa7dbf9bb1d52366d14f85963fa4ca7c8b1f6d4294ee921410d56386ea3e9b87245ab1470ca8cc21aacaa575501f23b3cccfe09a37dcf7992b61d

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
87KB

MD5
c85faedab596884999e9f6a3d424dae4

SHA1
d91fc83c8fe7365298abf7c8d5f157cf2e5ad65b

SHA256
5961605b55bad48530cb24d331f36630183c1cfab1b0b67d9f207eee163379c8

SHA512
3911420a74b8ee76058c7185afa8e9152908f0a06f373b00a2f775db0dedd2817508587f5b9ac88673a3f3d3b8b6c2855eaaf453f86cd0e5807a8abd9b7ee92c

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
88KB

MD5
5f488499cf0c7bd6bf3720e5f26f3fa7

SHA1
43d28676d61d0183eb41f90ab11c3f2266b28ed1

SHA256
a86e0ebd92b0760f21b2dfecde977f1ec4dd1a7f09a6bfcb17bc59af3d8c0c46

SHA512
4ff9e2a386478a066e126259bf8356e74d2287d72641b427ffe22773c71066d608a7a4b995238a5056bdc9dfeb4c711c05a02a3fc20b745fc02a53534a2d2ab1

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
84KB

MD5
b3a03e100a90272edaa46b40ac591624

SHA1
ecdafa8a367170dc35b982c3ef20c05f74df2cca

SHA256
e3f47486c951ef5970c37ed710e0e8e8b4e974418b3df91e6bbf4a35773f0be6

SHA512
12e321ae10af752778c855cfb2bd0ab187e59c42bcf2abcfbaa9821419875f5175e51ef9a9897b1b2f87881e49a1485abf22acecd21588d2a8b39bafde968d75

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
84KB

MD5
32d0794ade3d0ed57fa22f728837fbcf

SHA1
5bd30daa69b4294ec6c1b135eb946ecba50dbe38

SHA256
9dce4bf2940b1ee518be0659e05c07a1bcc8fd428d80b637b59da72adcf11309

SHA512
fb7b54c8b0f9c67a5c5b268b807be271b63da4a707df91874a82f7769df31eaf44dbce55cb5bb7773a33d05ad3cb40b987e947221a686c63ace8d03a14deb59a

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
80KB

MD5
5c330294a87f0f714e1d4982171c7546

SHA1
41c1a9c362916511f99495c7dfc7e3cae0f4da07

SHA256
1e5d7d9fca7743dbb3484ce6efd0d90c7b6ed659bf12a58ead8f64d49871223a

SHA512
ae091a74c9ed93076c35e0917735737272038c2a5049e128c862dfde5932825b2093543673e7bb6969bca951f0dd34da07fec3205f25837e9d8389df9b6d0ef1

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
87KB

MD5
b5c76239813e3154cac6f50469a778e0

SHA1
8c236632afc358211ab4e5198154b18759e6878d

SHA256
3247e21e64ddeed329e2aa7b136014e18bb00ce261596f84ed5050b455fa0b7f

SHA512
d9d0ede795179a3c4652318de9af860f6830ac1c3883d550dc3a19b52fd131b55932557b02cef8734db3371a4a8f12b3c02aa0bcaf8a284db51e9e027eba712c

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
88KB

MD5
1f22ceb9b2e20007809b4dbf574e2e6f

SHA1
7de7336407f2e7594fd5368980dc9c9ad3cfba12

SHA256
1e8aa3239001a6add823c4f2f8e0531ab95325af554575f1dd2521fbd20fc8a4

SHA512
7062b73f20fad7942d7367f47a3e88f1c8d2e92a38e2943bebdf164c54d828936bcb3174f81d93e364e3b39815cdd1c8bccef1a24974aaea9e28229333391ff6

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
80KB

MD5
78ba21a0b119d55f36c265ea460e37e3

SHA1
82c4bc134fd3ee95e8c05cdf0776d553c0681024

SHA256
7832d72c1a6c96df6f887643ebca683c7683e82b15c5fb105978e4dc5b6d9c31

SHA512
8b3688ffc0d9a795eca13750c7d4c72c7ddd30538fd7c93af7a13b8e98b9d17ea95c756f1d8b840ae2c1c671431cd5742e6821235313604b6d61ea828046e708

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
86KB

MD5
1a2188f84a8aa095010660055e4d5684

SHA1
e9efbf8dd328a1d00d99bf078fbdfe9d2646de0a

SHA256
2851ea1829ad509d2037a3833afac241afc6c5050dddf584cbe949b99e95b60d

SHA512
c0e512551b25bbdaa60da6cc3e6b1683e6daead90108e5873e04e3df4b56903f92c042a38a690dc2aa3161ba1b160de5ad3b3cdb2bc54b8cd64a1559c7a80e7b

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
88KB

MD5
bbf9178abb1795321835ad3a619f0663

SHA1
67161877cda86d36293ba7b902e4c7746dd0077e

SHA256
3450802e0dad7f038764a8a515d3c6f2203aa6292147edeb82e2f2a3feb80c50

SHA512
29fbc2b1029d4d5aae357e260c1935514526e243ddead454b3633e127633da7b3056fe8c48fd6aca7a62d9707ba1856e487f01f3ee8720e38b9a164645b2e2c5

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
83KB

MD5
9e40e4052d9cc2622a8d281984b2c7f5

SHA1
0c5d587394e3b1d2ae52b52b02f24fa03c8c310c

SHA256
67319280e85f659f67ee7686ffd4ab1ad0b02d5536be8b79a2dfff303251675f

SHA512
94219a761530c2754095b667fe11b0177fa96b7272906b8b4a54e18e53fc7a1442270d084ca9f0f9e4494a60622daf9ddb0a4620b82c2627e99f0215473cd243

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
88KB

MD5
687064b685df1ec7644a7ecb71bd257f

SHA1
6af8a648d95e13c8e87d86a43d6153a9c1c7c359

SHA256
c0d5938cf13243149088bcb5ac5c311ab92ee52add5e107b365ecaf40c3fa627

SHA512
899e9913d774f9f0b105e9eeec333bcf87c08d0fce6635e4a0ebc07379bcd39e2426ac719ff1167134e2cc080d92e5f69ada9c146b08258fd49f9457c12bd58a

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
84KB

MD5
99fcc6c514a3e8149357e17ee0f8e2eb

SHA1
1bd063556d77ad4d4953d1df07f6eb8ad3488426

SHA256
5ee0e488f07d33bca2018fcb354336ffa36077aba69dc6e47ca6c746cf9cf7fd

SHA512
ab09be9c8143a3594dbdbad527b17349c9f6643d33eb166217ce753265c50c10ee6e98f361c2eb0f7c8eac45730c288cb064d6192f799c20d7d5773ca3ace9ac

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
79KB

MD5
58d39c189c9df264ad512e8d646c8542

SHA1
1a7df8aff7ff9e7d6378f241f2cde9ab68170553

SHA256
414733c01846cd12d6536f115515530d5a2c6cf72214e59a02795ea4cb9da92c

SHA512
724240584057c73f1b500eb78220305c4e9a789580297287442589d8016ad44bb71f31bb7cf68e92cfebbe1e7a4ecba5ca31058178ee61d2be03e02be35a9e0c

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
81KB

MD5
0456ac7c81ab89b9f73865a4e8f59a89

SHA1
623e12df9eab0bdf501980722453d31f0180aa15

SHA256
97e49fa8688185fac0f06c536ce4dfa58cb006494b109069e3804b55929558ce

SHA512
6d856e03cd81f494323a1f48fb7849cf62d0881ff3bd7c02141f7ac77e893449fd244a38280c44025931e7ac470ca43699c453bd13333cf54c74cee5631ec916

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
83KB

MD5
38e6c85f305d5e31828e0fb260afcc57

SHA1
cbdd3ad6555e7d71726cf817b5954eb51e11da66

SHA256
64ae4e1e9dd6bf3f1eca162d7ddb37405376eeb7dd521c46203ab5e7348ca5c9

SHA512
12a0d52dc65b1086bd036a6bbacd3aaf71964a2225240b3b8c70f2870e85e240dbf68ba3fe14b050a7139e039dccafcb03f501f0f83a5f0b7b4eefc16165401b

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
84KB

MD5
2b9aface0c0e0806b8bf9e3b0f9f1fde

SHA1
ea06854d6f77d9aad1e54d1f5877b07712919ad5

SHA256
fa113bd3cdba52fdcecb3898344c1230cb538600c62cd2eed28f32850f4d5f31

SHA512
665f5ce52238a319fbfedb2cac7cedd7cff58e72cb04c4f4f40da2c273c99137f282878ce13b89c771274bf1d538cd7f6169110464313b2622c548d9f5b0e249

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
96KB

MD5
8079aba101278237e050a61901a7c232

SHA1
03a3d838bc2735611aac2f5ba5b100ac4f9c36ec

SHA256
df944dbafc49b96826b024976365b1e65dd2b004c13bf56995d4fcd2f4095e29

SHA512
31b2e79308bccec3cf12e065b3befdfe38e75d395b48fb1604420d2ab82c8279f2f86ddbd28dc60b65c9726b77bd1874b31270179440f0763c0b2b55eb9b4c50

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
90KB

MD5
0c66a9a5d3e3a403c85bee399f2c5bfb

SHA1
efe1837935e3f2e73b01b6fc293157243974c1b2

SHA256
51ee87c5bf60731f3c3b608c1209058fac1dd191a6ebcf31150c7978c2c273a6

SHA512
99caa444884a4edd5e5bca0be5710e16ee7ff1f1391642e76e2272792f43fec5512cd0c634f29a434da726c41fe368cedc6e4b84dc8161bfd100a9790fcd4b4f

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
87KB

MD5
496245404f668a5939b9482cfe129097

SHA1
8e5a1de508a56608357807c4966e79a9be64cd88

SHA256
1b3ee6d364e3f1bfe64b2b39a42c275f406ab6468e1c60b964c5b3f0ffb7db6c

SHA512
232e2df629275a18fa159bc8b80c0c2adc2b642594a8faa4084e99d167f1036be69b1ebea5fdc194c1803dc2c6843debbb8920e49ea50f07d7a549406156020d

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
89KB

MD5
86e8872175906df9cc4831f18a437d32

SHA1
893b05e5032a28d32d337788771a9a8c378b0828

SHA256
09fe22992f3f081ba8f55341b31d767f0813dc9195abeecd57172eed7f84ede5

SHA512
7db9d5b13514921127f03c434b499cac380ce318b04446e917fa9bb8a18aa4faed89c1283609534c808bce2a43234a90ce5923437c95ed22f14c83c34930818d

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
89KB

MD5
6c7ca3f509dff29df4510be3d952e6ae

SHA1
4632297e60c3cd847de6828486e224bcab0a3664

SHA256
31af91a677095b886b00d20f0f11488593f02505f9c5ba10b7d6412e87f2d866

SHA512
7ba0b928e3675d3f9fc2a39c5ff2beb4a7fb628d1ea5fb3b866962ab178b7065545829a61fc4af900fb47a0af680adf3421e4b003e28d319ccb2fe75828097ad

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
87KB

MD5
684209d84d53256bf3c8dccc736bad3c

SHA1
3391759d3dc1a7cce0d5d49db35faa68ff0b1a4b

SHA256
079594a578e67e0d23d1d00176ac8c660753d0a2049181160237ac3081538316

SHA512
d1f00d3a348d9757632197ced13fcea98c9388251f9e2e8c6a6c2cc1c804ff09476976d67d71a7dad9cc64d1f955a3baed4b37dca87b2067e78160b01ca14252

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
87KB

MD5
47f90922258461c8b7e39b0a87070523

SHA1
078ba0bd57936aaa1488bf492fbf3938a2bdcc09

SHA256
be236831627aaec4542224d49247375de7a1f30a3918361c1a0444bf3af4325a

SHA512
2a9d0eddaa2614cb1e294756a3eab22c59c73e2a11d16e0a1215a7067e2d5fe7d7ed83eb2302e51b46619e18dfb6d5c79d6288fad218fa886954522f97351838

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
88KB

MD5
be6bca04a342437d69dc296000a664d2

SHA1
5481b231d1552f17a7c839c373083c516110d366

SHA256
523f29b3e096765b3da10f61f373cc24518344a15c317b203b50a5048184fd7d

SHA512
17b65de2a922bef56618d7be8891059c3e80ab37b4957172720d2b0de57fe804a65be59dee62284e8808fac9644c5ceffd91b25321433ec7ee77d3117f48a713

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
91KB

MD5
4a613c8e30052c4d68153a0607d88b0b

SHA1
cad271d9a706ede32b45d1aa57ed14f8104dee69

SHA256
9cfe7bef60b052bc27666749ff7659190e1dc2f8d65063e9d4f38416d4fdd8fe

SHA512
cc53342f5fa9ff854bb9296b9853ad24cd2e83be4dcdff78c7ceb9e23a1c04bca12dc8eea2109880f58aa9ad0b69a93f3f8dcd5543ffdac3fdf19eb49dcbcc1e

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
93KB

MD5
7c6d9f3b55d28fef236d08b5531ea7df

SHA1
0650d8378be86faf7af13db82e0472f6b9352ce2

SHA256
7bdb944a94658a73104dc74472bb1b0e4e18ef744567718cf639dab28560bab8

SHA512
3688e820e3da7459715b89a7a4f9bc01b34a5e8a4f76251ada90f6a3d786d9ba5c1d79613ddbe7494c9f25788778b1c454c2045add52a7284fee3f07c07c607f

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
83KB

MD5
f8e68c5cd0e307450b5a0b3ab3060f03

SHA1
326a4d4444d525897a25993cbd706d6d411e703c

SHA256
5a6db41b235082e0e993d2ac1e53464452ce847dcb79760140372802bc0d308e

SHA512
80187d974e4cbcb8fdf15924dde8f08578c2a3501bd539d222dcd453ff8adf683cd9ed4e66b6750b3db1cfba2baf59f694f99aee9d83790198dffb9bece3244f

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
87KB

MD5
be5cef7da8fc006d41854f44fe13beaf

SHA1
5d1cae7a920382301a262ac33d736a94cd8dc5dd

SHA256
4f46179fe8e1e50a795d9f6b932dbcd2bfaa754a6487b47da0131e5e54095a07

SHA512
6177a102aadb80ba8ab8e8157bd9b85f778014c6dc35d68a3c7ec2851adf25d77ef7015b3fe0c87a26ba0c0825a9517b41e0f41958175b91db84b0e31dad979d

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
85KB

MD5
a0a721fad14a38e3b727ee73ca5b437f

SHA1
69c24886b8a7ccaacc7649d4a6ceb21b16c41f27

SHA256
4d82918032d25ff9156f08e3fd5d1d7772d11cc006f68057a2cf8087d1e380ca

SHA512
59f2fd08fbef1a52e339292713932b0b31f987aeacf4b939e6936620989142d097d001dea879a06ecd88241a589d0a4c9a000b4fa02dcfab635941e2382cb252

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
87KB

MD5
318b9e2f1bdd0cc3778f87c560c8c7ba

SHA1
ae35d0a78ead97baed7ff3c939cd366f0ccfc8dc

SHA256
ed764688efdafb4afe3088eff56b293a08c1f3f8b532e78fe029372b3a05ca47

SHA512
8095853dbf1726c271525102beda1419adaee06a3a5323563547b3a753d36a034c06c3e029d7acb5af7331586b9c77484ca3e6ff7737fbe409fe3d7d068f0c3e

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
85KB

MD5
ce24de7812a776ac06815bb51b744736

SHA1
2b3036fd14cf3ac9ef04b18e2075ffa4475601c8

SHA256
b8f27b92fb7b65962008d83e152acd2a563393e69dc13bb7ef9dc3718f3c3ba9

SHA512
601d97f52aac07e48f45908b445dabbdd9367e738228a14134398027b3a82e55711437e23c475f3112daa98c99791090b94f869ee499a17a5359cb6a160d2502

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
87KB

MD5
01c171f106708d277dbbb7696c7fa53c

SHA1
840bca7baadd92e878200f4281b2fa46eb2019e7

SHA256
4213dc8ee349914c988bd26158fb17d085826d6522bf79974454efdc773fbe75

SHA512
53b0cfe0f713768b016bea53bfe80bf7e9cdedde0f1df0529e0e69bf2057db9d7466f615b5c779800d5c121e439a6c86a3ff7fedee9e89939b30ba38b47d9a0b

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
79KB

MD5
42a4f539bdc96cf2bcfbe536880c0ec1

SHA1
f490feb0d16a56a351e2042c8885402069e093d6

SHA256
0c278cf4d97f90d10243bd46c042ef96a74f2cbeb03f4f5125f44aba701cd810

SHA512
7e3797f1fd5e49c4d7cf24499060c602549872f9dae28161a45d0d7d0dbf999b4b3334ae00b59c40bc843be70247783e8230ee8705dd9916fd88db06dffe86f2

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
95KB

MD5
fc797552a7a13ddf9ffc7d8c23f41dc3

SHA1
47c70a2c81a6712156a43e87730f1b2f123bcd73

SHA256
2f6675981e765a1aa5a69b37c39474427eaa5b7de323e8f3524e9ffc1b09ef57

SHA512
c0562b552c0e82cb157e0b95a8bb076179ca7e2e04a40b131ccc8956ca1f53c88e45930ad7c086200141288ea6a1f5abc297d61bbe7b2b9cbb08754f53b3d537

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
100KB

MD5
189a5a7a24c0b41b0e49070b20a7b3d0

SHA1
998d3d7cc94616aa30c4f4db51b7155e044a847b

SHA256
96f9bca67880d8af9cd9f98256d078942a1cd77c77d7b127b5173217234123d1

SHA512
d4943b07c39931ec2c17d75114d3e4273e9c2cfc4bdf74a2afb294379dee00e007b9f74dba6b890788ab1ede6d663460a5bee7f889be8dd37122aec57f1d27da

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
89KB

MD5
37cf4672f3aaab9f0d35474eabee39a5

SHA1
4c7774c25a383ebd82659db48433d3fbb8fd3122

SHA256
4d35a53acbe0bd7e9f8b929f76dd30f7bb47e45fa83b1311fd2255b36e057ad1

SHA512
0b81f7572e6f25579afc74a07fa116ff4cb21fa3a9eb724d2729c00e3db052f302a704a76c2d9583aeeb39145fc960af1484b8ae9513a26616654580a1c16d20

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
79KB

MD5
8247b6f9296d93ead08069202c823490

SHA1
a5cb57399dd346f0f8ea2d5894b522f2e0be7d74

SHA256
75ae2aa651a383db33fdd7e0e293128424ae2112d9540e2436ccb4ef2271ecef

SHA512
94a10e3ec65f5dbe2f5d46aa397c21766cfcac3d35c49f86893422b4ffadbba231189ee670aac43f6a4c89278a3d79c6eb25700339c31397cb777e65ce5bd4b3

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ppd.xrm-ms.tmp

Filesize
82KB

MD5
f3d57f5e2cb992aebd83f974f24afb15

SHA1
8e480f880632aba73a40ff67921c5b2a3bd9e8b7

SHA256
3eb87c1cc70b790bcb7319691f0e3e86181636042eb7fd21a540c1a4ed1ddd5e

SHA512
71ca5312c08ea22c51bbf12f0c0bb5ce00d5cb27f527e9a688eb6c40029b247f730b7aed55d6e22f75de05aecfd48dd7d20d879e67d3a222d566a892961ebd27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_Register-Application.ps1.exe

Filesize
79KB

MD5
29a032bca3dbf6ff059ea45864d25a03

SHA1
5edcc3e61273b59359d2dc3bb166345052a9dcdf

SHA256
7cac299f840453a1c75307826b38b8eab8e6fa4fdc0272cd02644757e115f384

SHA512
7c15cb120543690efe7e3fabd7e0205a62b45d14af485d3082cb75b18747d827d077ab97ff19e62c546cd939be163217219dd22c1982f48a77091868289eab31

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
75KB

MD5
0d4ceea11d57dcd6ec4d10086ab2bb6a

SHA1
844e86dc7ed0872f30229753dee7018249b6068d

SHA256
9fe2cf16ec00920144c866aa4c13c6749c5f2de51165a54c24118c1cdc4ddb5e

SHA512
6be6f8cff787d8ea358c75c9526f76bc29c3bca573d377a34b75ef5cf136ce632c3858ca1a554e79be80dba663a86c8e31fe508d83f4aafeba18418598008b56

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads