44ed9374c61304fbfdc54eea7cfe271ccc0a853dffc0bf833e2d4430899b699a

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 23:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

469061ad5c3d4bc4a9cea130a3896080_NeikiAnalytics.exe
Size

261KB
MD5

469061ad5c3d4bc4a9cea130a3896080
SHA1

44cd6d7d434f8d9378625f41500dd8cda646415f
SHA256

44ed9374c61304fbfdc54eea7cfe271ccc0a853dffc0bf833e2d4430899b699a
SHA512

5cb46266cc4d0adcc8e5488fb802562cfa52f521318b606706f1bd5c989e1ca21828ffafcd7020067a921b7cf2121aa77523cb74f00a33d9c8fb2fbd90d0fc6c
SSDEEP

1536:/7ZQpApUsKiXBvzwvzXJvlwJvlI7ZQpApUsKiXBvzwvzXJvlwJvltbu:9QWpngTJdwJdIQWpngTJdwJdtbu

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4869) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
2560	_analyticsevents.dat.exe
1624	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	469061ad5c3d4bc4a9cea130a3896080_NeikiAnalytics.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	469061ad5c3d4bc4a9cea130a3896080_NeikiAnalytics.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ul-oob.xrm-ms.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ppd.xrm-ms.tmp	_analyticsevents.dat.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Expressions.dll.tmp	_analyticsevents.dat.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Controls.Ribbon.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationCore.resources.dll.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-pl.xrm-ms.tmp	_analyticsevents.dat.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_K_COL.HXK.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-pl.xrm-ms.tmp	_analyticsevents.dat.exe
File created	C:\Program Files\Microsoft Office\root\Office16\InstallerMainShell.tlb.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationTypes.resources.dll.tmp	_analyticsevents.dat.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_pt_BR.properties.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Primitives.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.ServicePoint.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstat.exe.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClient.resources.dll.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\Logo.png.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.XDocument.dll.tmp	_analyticsevents.dat.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7cm_fr.dub.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Json.dll.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationProvider.resources.dll.tmp	_analyticsevents.dat.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationCore.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\SFMESSAGES.XML.tmp	_analyticsevents.dat.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Extensions.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-oob.xrm-ms.tmp	_analyticsevents.dat.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ul-oob.xrm-ms.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.runtimeconfig.json.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationFramework.resources.dll.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\currency.data.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-140.png.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Core.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationUI.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Integration\Integrator.exe.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\logging.properties.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Office.dll.tmp	_analyticsevents.dat.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\include\jvmti.h.tmp	_analyticsevents.dat.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\IVY.DLL.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	_analyticsevents.dat.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\cacerts.pem.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Xaml.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\zip.dll.tmp	_analyticsevents.dat.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ppd.xrm-ms.tmp	_analyticsevents.dat.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ul-oob.xrm-ms.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-phn.xrm-ms.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md.tmp	_analyticsevents.dat.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\Microsoft.VisualBasic.Forms.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jsse.jar.tmp	_analyticsevents.dat.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-pl.xrm-ms.tmp	_analyticsevents.dat.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 2560	2176	469061ad5c3d4bc4a9cea130a3896080_NeikiAnalytics.exe	83
PID 2176 wrote to memory of 2560	2176	469061ad5c3d4bc4a9cea130a3896080_NeikiAnalytics.exe	83
PID 2176 wrote to memory of 2560	2176	469061ad5c3d4bc4a9cea130a3896080_NeikiAnalytics.exe	83
PID 2176 wrote to memory of 1624	2176	469061ad5c3d4bc4a9cea130a3896080_NeikiAnalytics.exe	84
PID 2176 wrote to memory of 1624	2176	469061ad5c3d4bc4a9cea130a3896080_NeikiAnalytics.exe	84
PID 2176 wrote to memory of 1624	2176	469061ad5c3d4bc4a9cea130a3896080_NeikiAnalytics.exe	84

C:\Users\Admin\AppData\Local\Temp\469061ad5c3d4bc4a9cea130a3896080_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\469061ad5c3d4bc4a9cea130a3896080_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Users\Admin\AppData\Local\Temp\_analyticsevents.dat.exe
  "_analyticsevents.dat.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:2560
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:1624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

Filesize
133KB

MD5
08bb82988c60aa915b075a1a4db57aed

SHA1
d07435ce98a3d23eab52194f8a02975095f69f0e

SHA256
3a19ffbe2151cc1108599760d3dca8ddc45b889a49939c1c1bf11c8d803c220e

SHA512
bd92a7109d0a6da28b1f82f628611eb3e2c30a65069a53f672aaa497f4652eb0e54226f9d1c4418026b6b5e8435e66cc3f38a53651742beb94073f0e135bc56c

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
241KB

MD5
6eb076db483a0f5daa14413e9dd23e55

SHA1
e3c09c1992751dad394c5dcf686293265ada7193

SHA256
fc6db4f4e213aa58c216c3ca9041c295f767e957cf3ac6fcd8190cf43d71524b

SHA512
fe5d057f4a470afd604c2e9810addacc117a04322bb5277c6720c016d4ab4064cd70d610e9b73c0bbe457ce7eca1cbfa515b09884135066fcbc67f7b3d23d227

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
197KB

MD5
317108d96b850ac6dd13f96ba8ffbfd6

SHA1
a680fa32ef5cce42d83c2464764cf2e5b3fe8520

SHA256
89388be08da6e1051f25a6cd0db2543d6c65e8793bbf7d67c23f97bc4588085b

SHA512
8fed4b74956bf7f70b1fee0338ded00cf67a322f640eff2ce7b6963494286936f5bf9c16c6cc9339f46708dac8595ca2fddd0874de11753cdf72861804b0c33b

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.9MB

MD5
b2118847b2a906c95c6c0febd38d45ca

SHA1
23e7a155a7aa8f5bbb2cc89ecc58e62cd3977c3e

SHA256
ecfc6c8e24bdb226fff5e53aa066797357acd31356d9342bcf12d03b775d646c

SHA512
c74f9475dd104167c6f9a070d2fab44035455eda35123775cfd8810b454913a9cdced4fef431e024156ee80a1ae773927d45b069a4c5031cbb676750d0d75a76

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
676KB

MD5
1e1e8d4fcfcd80cf4bc1fc1cf33eec9c

SHA1
4faff5f44e032b5bfe9d6394ad180aca64edeb4b

SHA256
c3e43df9b6910abd134b5251979e462cef2c0409c07a9d3e704967d67c275ea1

SHA512
d816089f7531d80d5d34bcca0370c95c62b7d4d274481057eb32dd7dc784077f53e64fbddd294ed6227c9614ac0434fe7b7c093b41099cdc26b020ef0cf8c4db

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
321KB

MD5
51586fe261f110daa10db8bdd15e3ccf

SHA1
75ace1102852b96b752caaad08cf684a2fd45292

SHA256
566279d13c18014361818336d30f7cbe8bfbd767962203d3dcb61f1eddca22f9

SHA512
338321d83ae4e4bc8e85a281e884b75d0c57951d7bd556d57bc409d57607d800d74330dd27a1a9008bca39491d2990bce4c65d69664270a79d48fe7dbc3d5665

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
185KB

MD5
acb9c924c705709325d946b9e712f72d

SHA1
ec1199f7ed4c6c6fa196079943550dfd9b30814e

SHA256
1f9eb832036291583664b18be9ca3f59d91af90046562c7af421a8dccac71374

SHA512
3405c6a39ca7fcd41d723b71eac170bdd155974518c578823049c388d8797141a8f56acdd44a2db5570647d88f4bdf1735bf3f1b0f6309643a49eda4d20b400b

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.exe

Filesize
138KB

MD5
e1200d5b991d8ed89ed466e52d9a2965

SHA1
bc6de014f455e780c4c67f3f01d2b2401d0ca280

SHA256
a6bebc2f15c4b46551dbdee166a3fcd1cfcf2cadb6ad9d6c204551daf2f55ec0

SHA512
f648eccf5dffe131e795693e08763e8c3e2eaeb863fc437d09c72de80ff26d4a2def740604cc70748e83d113b15240b7377684fabeee6511547d4b4246128f62

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
137KB

MD5
aa947c3718eebce89f788e8408915aea

SHA1
3c89c436fbd112bb8f517dbe5b4c11833eac61b7

SHA256
98c9655a8a1c27bb3d549e8ab30a40c3b0d7636d03e98d7160737e05ed040bbb

SHA512
4786c577147df8f0aa42e0ea6f04e08c603c8b74b9565be78745cf4e1dcb5d28bafdcb03830b1c024af249b194574e769054f653383780fdaf22f62bade13eab

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
144KB

MD5
42415d05b2ff12ff4029d64bd936cea4

SHA1
7c17542e201d79963c063040666d49cbf8bc98ae

SHA256
c62a35202a53273b733b7acb204166ee101be7dfde3475157627714dc126b5cc

SHA512
ee626d9b80122ea4c91e041581216c399c7b1236e72a9247385058bbed603b71ef9ae466910377bf486146d0740094630f4879d931809f4ec922b9398e516802

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
145KB

MD5
22917f4792e5edb7b724a4fb6a39db7e

SHA1
6f030e519dce04be46542ddc82576d23f8e217c7

SHA256
fe9d4143e9d45efd8837b2f4610c2fe4de6c67eefc15f0aa19e9fd42681e5373

SHA512
79c1efc4534020f2d6754422d7443d9a619d59fe16002c978ea98d29285390435ef64c5e6e6220ba6ac68329f8f59e9b75fe09c4e2caf1402758fefadd2df86a

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
141KB

MD5
5b7d84ac6358e81059d37061d2f26976

SHA1
63445a8c94d3ccbad9c174fe98a376c993f571ea

SHA256
5802220fe188c54f1a788d42a7e03084cad74cd4839160f47e65aa76d1a6ad1e

SHA512
81a14b205e8d2cd077d9d0719ab66461d2bb4e83cca8e74c6cb1b60e057d3c84108ebbcdf685f7cc7460a4811ffc2ab4107d27926cc4ec78adf9235c9e4646d6

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
139KB

MD5
21e66fd62285904c02d7b5552520d4cf

SHA1
69cc1387c3309f38da4c2be2341bfd7d1cda9a25

SHA256
726ca3570b0a0521d89f3aedbacccfd29597f9a2387c161f8fd33719bae2c112

SHA512
80a5afb33ead6cee11b810a565fdcecf383f06493f29cbba8a93a05ee1d56280ffa575920a60c988212cd6db9a7318218f8cd5ef566d9ded5b206d7909dba662

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
133KB

MD5
2028e924d9dba9436bcd2e07bd24c4c2

SHA1
7209b642597aa6bc50a56d79efc43dcfbcbc6a9b

SHA256
994e45588cba00c1e301c48aa650b0453549b488e2adeec583d2e623e15e565d

SHA512
ed6f870661d48db795fd4ac5400db8aedf3e6d6a6d08b56cadb9902de26e58fe5d4c763c6f3231e2357d2e9c9080c38a731b670dde4f178f7eafc6514e5d987b

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
140KB

MD5
d179aaff90ebda0f5ca50a817cc0c1a1

SHA1
4e715d401af06f3564ecfe745d1ecbaa39f2f5e8

SHA256
d4bb2e83cbc43c9aa33b0a7c8fa8a6474db5084b835ef7e69e9957f3fe26d991

SHA512
fad16c5c144b129c7a856da459a032fb5ab14957fdf45a5b2e41289b183ceae76775908e489a9a84d185279ae1652649d0843b653f89acd409780bf455a20f7e

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
149KB

MD5
0e13393807263c494e6c624316a47b05

SHA1
d0b1f01254ff494fbe5be5bdd01c3f3795ea8f07

SHA256
8e44a47cc664ddec04eae84b4eee4c3188a40571daa5cbfb7a7003bec11be8ce

SHA512
5241fb92f5f11cab36e39f3f9b8007ed372708a557c038b837442deece82e0670607ef6ccf6fa46022fdb861694d7bf0d62c0ce68f7726d69ddf9fc4d224f669

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
128KB

MD5
4c906cedb71bf158e72488621575972b

SHA1
162567dfcae5b87f3934fa49e178071b4fe390fe

SHA256
659b234345f3e52998d85f69b1c857cef41419e86ef1c263ab185268c7748398

SHA512
8926cb1d3f24d6bd085bca23507598e918851db74ca6f101180e0a1b81c927cb0bb199a5b01186afd0c1913c6ec38493d6ccba07789e5be69e4ecf03bdeef756

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
141KB

MD5
6db51efe69e5faf11560fccb5773927b

SHA1
4a3eb6d614c94b9b65efd31afc4ef6ca50ef7da3

SHA256
ced524991e6ca1c42a68d94c9879fe78e791c7ccabb3ee054b9c76d7f84df218

SHA512
277b5211cdb957b5e4dc70dd016fcc2b78f20df1f916a666fd3f4135cfc2b2078ea5e1ec7215095c372170a98b0a4b2383c0a98653d176c194c7b4a54497783a

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
141KB

MD5
8c776c010d0e0604b2dd1864c84bd885

SHA1
1adddb5cbc5f43525fac6ba3da8e9e92c0b3bea9

SHA256
a5f8b0c37b3ba072b4601c3289827d51c19804104fede1e2b25e5f79a4b19e61

SHA512
bdf103baf0f149596930f67351f24b5f5e64c4e49e40687671feaef7910291953051e97c3d26196e1a4b18d64de3a3003488c26901875cb9c1cdccad384d91af

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
135KB

MD5
c7fa6d66dd5a6e8dcc5aca069238f4d2

SHA1
ba8a1fb26082633a3d667d3517bd49680a0807e2

SHA256
65a8d6c49d1993c43233b2a1d53c8d24058ca473dae8eb8152744825c42533e2

SHA512
8a34c706f5ad42ca827cf7e0cd3441cdb32ad22de95da26d1251a7ce41efa5f8b34815f7d9a06b9103e3c29226c17c1ac45817ff5593ed9db4dffcbba62c886e

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
134KB

MD5
0501cae6b841a3ba6c3d23d3064c1bbc

SHA1
6c64cbc289de5e6bb55a50457671cc9300d2a7f8

SHA256
812a376fd91426d6ad57126733002cb7afb30f758b688373768842bc5250628f

SHA512
9b463bd4119dc89decce682e550ec2ef672ebb6bb9d8f47eba748d7e0b5365895d9c77fa1b6dcaa475453156009a5ee98855048c01b260eb6e1a5cdbd7ef145f

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
136KB

MD5
456b7a34f19df36fbf264e8ad779c9c5

SHA1
aa82a5112163e92c4180d7295c230d0a4ddc23ad

SHA256
7e6a65aa4eeff0f498161cf6fdad8af023449d9f901516d7facd6cb30acde309

SHA512
27afae0db977ef4a47947421727617906bb27ab89d129e0032377e3d621f950fa971b7c8f574ee65489048cc529cd9852f3534b8501b4e3232924cde8b766910

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
132KB

MD5
9766e99f67208f4285b88a156583f0a5

SHA1
8d6c8bf04f34e91a82ee27ede7dbcd9895b49da0

SHA256
bcb2c7575ab01eb9682fe708d21dc6894d5beb7233769d2966760aa097e5137d

SHA512
ba599e3bb84a582e01537ae975f98a42cc6ea16be2ee3100c2eff65d8bf2576d3d336334fe7e21a5bdef995fc7dc991357f7949b1b6faa2b2ab3d0aabff428b8

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
145KB

MD5
ade087a7fa1609486d772b3b382c8437

SHA1
108f510c458963c423ed63bde28ba045ad50e0a4

SHA256
95ec68d80c88b60de2c142f10217152b12cd59f98ad6b717f6d282ca0265c2f0

SHA512
42b6bb7a3716fb295c57fd256b8467c50aa428df8282908587ac5ad0c0b67492b339bc0ee0ca8395efef9037caff19c7e05bc31bf89b3a256685485f530667fd

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
143KB

MD5
0b1594bf58490fc875d435f95377d784

SHA1
72b0698500124a24c2df8a7da0c2df97b6ef9626

SHA256
23f7e96705701fc82e6aedcb5cc24683d90db13fc6995d7e58c878685d00fe71

SHA512
b59c3a13722c8a1e10e117f477deba6c4fe84924d93f1c665cdd133b1b541bd1268dd33892d39eeca085d3c1d2d0d421a1689f6d1d86208dadd5334896b5954f

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
150KB

MD5
eee8e62ed6a21164e41d9a144a1fae44

SHA1
8205679d1706c7d2c2fbdc8f022a55f62ce59ce4

SHA256
eca512f03f019c96f1b976540308ba0b291ea9b8963cc6d45e8e759297edc8e4

SHA512
1f20ee92afa9eee3ba0adb2b0d185dd4aee88dd60a33c487b3e191b61fd117cdbd76b92f45889b7ded62e8377aae1786a566388defe7ff633b46a2f2d398dcbe

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
142KB

MD5
1cdf2fc5adfc2b06c6baa42c5ddc9218

SHA1
085a52c62517ac893f8e08474cd273a1db92a290

SHA256
030522bb9a5254721894a6c1150a4687ccc5402ffa8c9e6763966cd91661feb4

SHA512
6303957e9c9f2c454d079314027c65cbb6d1dabbb4df0559cdf4e57e71c9eb564b98a612376a716122a78cfb3968dfe9eae48998d9bec24c786921725fd34f4a

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
136KB

MD5
6f1d9b39464000702d8e81b8c0bebbb8

SHA1
161e7f683b099f1a4e2d5cb61c80d5b72afbd473

SHA256
aa006f8fae626892e3582abdcd973edb978674c994d44a57862593bfdc5638ba

SHA512
779077c57ca29953c20306bbf2c875c7f39fe7d3678d9ff6c5e325db4030d7c6230732c281bf1d7810f076e32570ff8958c92b92c4c6bee088bdb677dcd2bce5

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
84KB

MD5
0e4f0c2e991b31cf97438e47fd8b6564

SHA1
211bb8137ace0155bc0ddeae941afd8ddbdb3826

SHA256
5311c581c5ec52251ff958e18388fa14dce7083ff5175965f8631ebda2715e10

SHA512
16766fafcd82b70fa0b8f7256b9b1f558655a8ec665533e8248152836fabe7635d42960277779535c94e43fcd0304221b024dadff4665ea8b12c3de174a5150e

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
142KB

MD5
2bd8e28f848cebb80671b6b12ad704ab

SHA1
259383b096fab5c82b1f19a7e1ad06e4addce080

SHA256
02a301930ed738aa1581f30844d52c995f62aeeed7d92524f418d3155308bc5d

SHA512
8616bee2cd9f85f557dbb0782c5bbf9adf6cfe30e2c33f89e36b4243e0ddceed1a472c50b57264523721927bf6e79295f06adc1fd8f8f1777bb422decf4b8ebf

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
141KB

MD5
631c986d4290b1f9ba5843a7aeacb991

SHA1
7ceb6b2834a13607d2f0bdb7c09d36d8264d60d2

SHA256
b9db42cd4a70e541496fbfda7d8f03e046c2aa473ca9735748f65e1b4db11cca

SHA512
382f6cc6ed1250ebef27fad57ee6fdf78cdf614b0b858c2c23b5c5e8479e7d174ebdc04536a496ef18d057f214f928445e790b7d5133153f2660a5825799a156

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
137KB

MD5
9771ce3f9a56650578408696d180f462

SHA1
2ec95617dccfc24b2e28a610f03a9603ad8cdb33

SHA256
77c6e66b93bbe830d5074c38d3c9b1c5e66a8d76b5201125b78ffacd049a8ba5

SHA512
fb6afb98ed365aa6a88a66585c01fdbcc0aa99efbea6f53d842a35c4ba467f1449f4a3fb0418ca74076b69244508fe48e6dede7fe93a4c2b969163378199dcab

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
140KB

MD5
e69326f3b5c263334aafbdbce58dd935

SHA1
77df283c87035a7201699e15ae3d9d064b79b5a7

SHA256
f55c925f90e0a8fa51a6715d0b9b4d8205a1294a56e5d3e9d32fb6aa2ccd9371

SHA512
89809c10ee965e270593a5952e67197be75be368948cb768ac3f8fade9000047578e7729e4d61d61750d2bd315565deaf926b06990c561eaaaf4b1b66bf88a8b

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
150KB

MD5
9c1b52691b9bbfc9706b69e6068b051a

SHA1
0ef71b8e4ff107bbd16fbb03a33f0607b43f3f97

SHA256
6ca088a6e8d2f7dbe2fa23381b593b05b18b0f3b116f6bfe4d101c76ddcbc7a5

SHA512
175e807cdf72a010b6004b0a9ee6fa5ca524759ad2695b7a10f790074103d74ca84301839b94d376196cf58b1f96cd877ce173179d51a82d78828e52f3087b70

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
128KB

MD5
bfb15cc3415c6b454244a67507c27240

SHA1
5ddeaf58cbc347b5738edc332a4f0c266e42dcae

SHA256
0bab4c43a96c47b24548ee0bafa94d29a6d4e88fc9f95d0798c68a9a3534aaa5

SHA512
d20b093b2273fb2922c30e4f17c5ecbda97b8e07aff9ec59178d99a84a6bc4a4abadf4ce5a6d51b8f069436d800973f87dea1871cb0433409c77bb7bf66ba40f

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
141KB

MD5
8fb9486d3c56306e6a5842cce55d6949

SHA1
187d5d69825c317922712d33abcad92ef485765a

SHA256
13cdf26bab9cfb0c485c6132157e3d5d9bd11103a16a0704d4e83e0f5e6b6d53

SHA512
f71d7aab835174fcd51dc60c1b42f48e4c411acd8121c083ee18ee3db9515f696dd23d02a3783daa09c808246deca8433b8bbe61f32c391a38e1d491e39e6919

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
138KB

MD5
0aadd8f9d7018a53c8b5009029473fb6

SHA1
5938cbc73c01a5b74c14cc8b15a6a7451a4cbfbb

SHA256
5802ce17ec210b0a8bf2a5e48bca8bc02df38f748660ac58c506f3b999cfbb0f

SHA512
4b4004804e64beec1072745451755b444b67e480b4ba225a9e1707d7774f7584dfdbbf144197e57034507b98194431180f87418d7c6f73ff794676e72db1a0f3

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
140KB

MD5
8b8f9a73e64e3da5cbf44b7bf695a095

SHA1
a77307bcea1e66bb44227fc965d0a6e22c2cede4

SHA256
9ffa8e7e8909e321b035fbde19ace51e37357cde1c9a579070c680d26fc32e20

SHA512
610e378fb794fa274139aa2c808073176027eb4b885c2fd62f119ff03200db84f13197ff7eff329008aacb98afc578aa0b512f8e4dcc67e11c3275122cb0f6bb

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
144KB

MD5
12b8efde37d8026fb380b8540427c86f

SHA1
a7b4002f256845788412ab6035b8e95590ac70c6

SHA256
8a0d5efd45e1b3e3f4ce55834c51750c8530a5f990b1f97b798c5c370015edde

SHA512
a6a90a15253e06219dc5a1f571bd9aa84197fe00ab2852403f26e04784b9ddcd9f1a3c7b7a32d88d09f2a3c1fbe2fc9bd438e143d604b6a7012ca8a7fae262fd

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
140KB

MD5
5767a6489a468f06f7befdded083962b

SHA1
1b3ea8aa0fe6bcffd03f309f6d59bcb38a16f559

SHA256
288d181775e8d83bb1478c07a70925f506bb9bea4f01926bb1c4c75f8343e295

SHA512
13f31e85e3c1f80539cb30c5b277d2e99cc0fe088fe7af1ad667fc4302852473d23f461ab221a8a6014a59500ab56e645e4e191200a43fc05ac6379d0ee8d7b8

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
128KB

MD5
2df8b9e5e7018918a5a0ab9016200aa4

SHA1
96449186af29c297f2d0861f4d966be7238f1960

SHA256
16dc8ee87b397e229e8f221636d4114232a1edaed93208bf1c299b760fd2ab42

SHA512
19c234956332b55487cdcb974a00866eb6ebeeefd144b158d55c0d30255d74b713ac7a1e6d5844ec0564699ad5b9d94a6c68953d38901782ed9481382bef260c

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
141KB

MD5
5fe38ece97445ea41a4ffeaee1024b85

SHA1
edaff13b399ba00354d8395eeb35a1f10e177da2

SHA256
f6dbea5c6e91cc0cdea23336988fb2e0d852c9112e55e792d5493e527a58c19d

SHA512
ac40350054118852156f1ea77613d2908fe37355d67abd836a89d54cbd2ce8eb96e40593c4635f2460cbc63da30ea2a79ef08ef90f0071dcba836e6b48b1858b

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
148KB

MD5
edfc3a2dae8ea7f2a00d67d3864c4f80

SHA1
966e15bc22958978558695ca8788f45cecaf7246

SHA256
837487b13ba8c0aa29313853aa8c6d6e557d732beea8e85f8843fb70fb303cda

SHA512
085b8c3b59941245068fb880d9bcca1f27a70bc1a1db5ad9d4ebfb36f89322287d64f2bdfd100ac0bafffc85cfae525742f890585f8242788ba593aece556bf0

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
153KB

MD5
0c38ae79c3a7e7dfb184f589192e0888

SHA1
fbaffdd28429a59d3c3254ee36f0fba6fdeb21a9

SHA256
31a408edbabafce89aea4c95ca52c9b89bab966ba3207e0cdf73ffb273f9947d

SHA512
a29d75c9f86492c285bedbe039f705c373dada337731a741df8656de5ee332e1a84092d113f409bcb9cad697a87f4ad074b7bd53e31997aaaf3c64d18c2c60ba

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
137KB

MD5
23fd4b7bc5bf0e24d08667e31aba4e6c

SHA1
d8dcfb830209ba832b90e95eefebda32a4c389e7

SHA256
d6b751e1811edac4410caebc9f59733757b5b4772308eaeb9dd070a0dc5569fa

SHA512
d505e1640a99ca1585cf56fc1077a3eb7310363e97270ae19c37d681799c9ff9b2beec62f23bfc0190bfeb2278d0a9e1ffb5375a3371f6df6b5970c1e024ed82

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
138KB

MD5
b21ed44cf34f914a92fdcb8372b4b2e6

SHA1
23d7b0e79f41ae58044966b229924d768011f027

SHA256
fe7dae21748127024660f4799d4391a3f9f753f32c18609ee383f6be9e0caed2

SHA512
7b7fde94190a811677732ffe2620860e15ea499e732de8e1d9a8de56d5e9c057a50ef2fd1bb238fed4bbbbd449b0524e97259deb36e56ea4420c58f975f62866

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
145KB

MD5
f4b6abeb80c6b382d7878f0841af82a8

SHA1
c1b33370d649fa6fef6207c8e3f8af66d338dc8c

SHA256
cf50fff53b33a2a652849150ada0fad45f015773d93a0cdefe58b4a644aaeffb

SHA512
27ab8e0e65de7386fb6d206c779d8d0c7182edf645ca9382c6968f276f5b06e1b976cfd1501ce8ff8fe666741110319e49e06e7c417c624ebde6c6b6b4166bd9

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
142KB

MD5
32a8e3faa7842d798787cfed319fe246

SHA1
778e7f1486648d16c6a1201a2c9f537b45d643d9

SHA256
197cb96340d5a2dba682edc61f731f55abeed43f2916528f34210e95793942e9

SHA512
a6021e6248fef67182d0011f318841a568e66d88be8528b576a5b0af4c223fedbdc3ec9cc42a902885258ba4248f54aac1b5d152c83ecf0665867e5bcd2f1580

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
132KB

MD5
21b4c72466da5d9f0c381f5af4acc3cc

SHA1
19cda53a3c92b4c64293b22d2d83f3a0a99c2c05

SHA256
4690c1ccc47ae2d72324141a9e193e7f111fa8c8510add46aec2b5286641853c

SHA512
d584d0c4de208f34b88ac3406e19694beef136eb33311856f308e854d6efeb931814df5a0f1cdc915233774c8968323ed1707d6c6de9706025858040e4915b5d

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
142KB

MD5
098d267d7f1338f5cc8d872dd0accf05

SHA1
f88b636256f8f05defed27801ee16ebb9441d17b

SHA256
3b3680148f69cd5a9ad11fa880026bcfbfe2290c9335aadc22ad3fa135bc0bf4

SHA512
865d45b75103ae1b1470ba23ac3dd302cefa2aa1c878ba5d1ec13f9acc99ba63af632f777a4c1f7150a1c0af3c25f8bf2a513bd7ed5d56e430e645e858fd7531

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp

Filesize
141KB

MD5
b215b07147528dfb123367767b832ee5

SHA1
aa77aacd45e1b8ecc07997b3c3a210796a09f220

SHA256
45281d41a2326ee7615222a246421826f62778fdf74a55be17622edfbceacdc0

SHA512
27c07583b6eb3058e3207ac0dfe6f50fdb119cb34b8311fdc0dc886715ebdcdefd1e272ae5dfa58158eb0fd1cac1c88a84a50a7ebe5d881964cefff288c08c8a

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-pl.xrm-ms.tmp

Filesize
138KB

MD5
efde46f8abb28759f5a77a466c6c442e

SHA1
c16452de13a031fecb1cf54e0637b5523faba576

SHA256
41242bd624d6b051598856cc6a48fc12a893aa4ceba384f1b01a37a5f2e75109

SHA512
3f44179480cfb22b0d3db0eb980c88b884914e0968bf76567005f38ada09332570a266ee8ad1ca7402e18fdacd1926dc0391dc7c4081ca244b942638c63b33b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_analyticsevents.dat.exe

Filesize
132KB

MD5
cb60cc276a05f22281545d743cee09b6

SHA1
e9cd11a23eaa9f357c21b28711a42818887fedb8

SHA256
1dfe0b91fd56994ecb42f9f454d36edc98a4e68ac37fa9fa36a272fa5fd1c3f6

SHA512
d9c4d3ac664db4bc5c08b323252f78c3398de74cf07c9b030b53ea7aee815354a2530c24e973e775b98bdb7f61b3f0e633388e24df6f8b7289c48770ffa65aa5

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
128KB

MD5
e8668118771321552ca06e92bc76242e

SHA1
828a8ae50dab74e3ffacad475c9f0f6e90a630a2

SHA256
bef0e3ac0b91439da962577615cdd61a11c55bac3ba59ec24f87234e75e947fd

SHA512
78a16c59a7aa696f297e1891c229f3e1ba176c2623b0e5b7bb7ef7def01c93ebde95030ab856ce81b0e92aa0d6362347199310cdee7066a1c9cda87d68d17dfc

Download Submit
memory/2176-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2176-2373-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads