21e26af8248441c85f8b0422aace41f5c59974f899b0730cd6e46392fca51d08

Analysis

max time kernel
149s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 08:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa0deaa6aebaeabf551d14c3ba537140_NeikiAnalytics.exe
Size

257KB
MD5

aa0deaa6aebaeabf551d14c3ba537140
SHA1

bafb903673647afe23a1ae5bde0f99416086f93f
SHA256

21e26af8248441c85f8b0422aace41f5c59974f899b0730cd6e46392fca51d08
SHA512

46caaba37a7c8038a546c7114a04c666cf52f20229fa05d24582126f5d4408f424df54fb0f651c395dd830ddd2e5008bdc11862da8a2392ee69cd40fc90d14fd
SSDEEP

1536:/7ZQpApUsKiXBvzwvzXJvlwJvlD7ZQpApUsKiXBvzwvzXJvlwJvla:9QWpngTJdwJdhQWpngTJdwJda

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4873) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
4632	Zombie.exe
2200	_Hx.hxn.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	aa0deaa6aebaeabf551d14c3ba537140_NeikiAnalytics.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	aa0deaa6aebaeabf551d14c3ba537140_NeikiAnalytics.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre-1.8\lib\fontconfig.bfc.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-phn.xrm-ms.tmp	_Hx.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Console.dll.tmp	_Hx.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Linq.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XPath.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jpeg.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CAMERA.WAV.tmp	_Hx.hxn.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	_Hx.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	_Hx.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Xaml.resources.dll.tmp	_Hx.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-140.png.tmp	_Hx.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero2.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Ion Boardroom.thmx.tmp	_Hx.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsBase.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.resources.dll.tmp	_Hx.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\XLLEX.DLL.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\FilterModule.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f33\FA000000033.tmp	_Hx.hxn.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	_Hx.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ppd.xrm-ms.tmp	_Hx.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\SIST02.XSL.tmp	_Hx.hxn.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\LICENSE.tmp	_Hx.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\mscss7es.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_M365_eula.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-140.png.tmp	Zombie.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\vk_swiftshader.dll.tmp	_Hx.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3102-0000-1000-0000000FF1CE.xml.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ul-oob.xrm-ms.tmp	_Hx.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ja.properties.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\AugLoop\third-party-notices.txt.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000050\FA000000050.exe.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	_Hx.hxn.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\splashscreen.dll.tmp	_Hx.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Xaml.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AugLoop\third-party-notices.txt.tmp	_Hx.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\amazonredshiftodbc_sb64.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL108.XML.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Core.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Primitives.resources.dll.tmp	_Hx.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RIntLoc.en-us.16.msi.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ul-oob.xrm-ms.tmp	_Hx.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteFreeR_Bypass-ppd.xrm-ms.tmp	_Hx.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ppd.xrm-ms.tmp	_Hx.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Core.dll.tmp	_Hx.hxn.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-profile-l1-1-0.dll.tmp	_Hx.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationProvider.resources.dll.tmp	_Hx.hxn.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-180.png.tmp	_Hx.hxn.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-pl.xrm-ms.tmp	_Hx.hxn.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\OMML2MML.XSL.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1012 wrote to memory of 4632	1012	aa0deaa6aebaeabf551d14c3ba537140_NeikiAnalytics.exe	82
PID 1012 wrote to memory of 4632	1012	aa0deaa6aebaeabf551d14c3ba537140_NeikiAnalytics.exe	82
PID 1012 wrote to memory of 4632	1012	aa0deaa6aebaeabf551d14c3ba537140_NeikiAnalytics.exe	82
PID 1012 wrote to memory of 2200	1012	aa0deaa6aebaeabf551d14c3ba537140_NeikiAnalytics.exe	83
PID 1012 wrote to memory of 2200	1012	aa0deaa6aebaeabf551d14c3ba537140_NeikiAnalytics.exe	83
PID 1012 wrote to memory of 2200	1012	aa0deaa6aebaeabf551d14c3ba537140_NeikiAnalytics.exe	83

C:\Users\Admin\AppData\Local\Temp\aa0deaa6aebaeabf551d14c3ba537140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\aa0deaa6aebaeabf551d14c3ba537140_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1012
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:4632
- C:\Users\Admin\AppData\Local\Temp\_Hx.hxn.exe
  "_Hx.hxn.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:2200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.exe.tmp

Filesize
257KB

MD5
16269f1ba3b62a36d2d9d2b01aaa30cc

SHA1
eeeb876aa9499595e55cd24ffc7420f03b33fe69

SHA256
69797386a621ca05b308d4e93f6b1f1cb6cf0d127beb75bebc080b2f0f0d373a

SHA512
2fe654001fcd16515fe9ee0eb5d69abc6f22324282fe9327f59cbaf6117f36b4b9a04eff15ca2fe13207a6f09e8ef152032b8fe5f78bbf96d6f7d0e3e397a416

Download Submit
C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

Filesize
129KB

MD5
3e934f44e86be573f0dbc2bd24654c50

SHA1
520f44a6950ef8fce9079ce27c7897f8b19c6450

SHA256
3a32bd22316c1d6f6cf43f6ff9bbfc522d2eb7cc7a6f7c2eebe7537994da00c6

SHA512
93f718ec9e9e32cb5f52dd78c6535c10a344930d0c53942f4e7b24b386508e85c16f974a2af92c2a422db1d0496a6d3e821f920926765d693910769a0b16d45e

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
241KB

MD5
a4573dbea9556f9a0bd768e8c2f64145

SHA1
fca7a43dbd144bd09be63d8b993c5f277aafd72f

SHA256
0dcc18ac19eba45237940f09f58d2ace743a8aba2ed1bb3ae00751254a8ef05d

SHA512
3587dbeb65c93e558ef50405dc13bd616350ffda5bfabe52ffc522eb9c60e4791e3d89d7c6173ddd41b39b2f05993135387319b592e8ab27d5726eeb18230179

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
228KB

MD5
20d35e46b016d2179ad0fe57e14e0511

SHA1
088e4c3901778bce12bd8d1a6044a60f2ef12ade

SHA256
fe8f37d80baa1222551ab45095d357e6429b78ecc205dccd4ff3e5d5932c5793

SHA512
ae15384c67cb543d4d38a8db91b52e225ebfc0ae947c28ba50697926008c01cc4e0431f50a22dc6cf4782a5d653fc05115a4ec1ee55be5107613ee4868b0f252

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
194KB

MD5
a4f3e989bf1eb19f75104793c52797ee

SHA1
62a3d4db6223c0963c186c0b0ed9982ccdb492e7

SHA256
01e415744d64f9d443f139a6666a7e64df35bd7af16e8e9a093bb94b3cab63de

SHA512
5ce6ab7af4d35dc168bcf77f34bfd206b2b84f82f06c57f69f50ec5771ff19ed7a4670bd453b49af4d2db13ab0701405dd00e1254ad5565893a22587ccb46d68

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.9MB

MD5
c554c30bbb7f235420dade0257c060e5

SHA1
18ed841dd179a31af4084cd9d4c33eb0be17ce2a

SHA256
bbf2caeecaba3d85edd9053361e2d5746948293f3b98c2ac777cb3aab35fa76e

SHA512
95a6f2ce3676b208f358ce3be87fed5b1d9d59d36ba963b6514472e32f79c616275daf31c1f196ca9ac00601ea56c62490620d15133c414e3bae7c09d3a61f79

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
673KB

MD5
9f2c7c5616416f7d4d3a678465024c84

SHA1
de864fa8424a9a34a32df5779de9a78ac580fee2

SHA256
60d06e9b7a5c14e9b8dc24f63ed97c651e9dc1d5a734c8116227b166ff4d8159

SHA512
40e1fa2ce7f24aa21a4fc4ee1e9d5d7d114a0097d467835b449a57e97c4536b4de16a1e3eff4c7094c022e990f803823996f60613175574247713918d61299f8

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
338KB

MD5
a305a90429c77a2eb426686a64c62493

SHA1
ad349644cddf41e6ae390e6de6afbc24df02725c

SHA256
d525a49a6475f5f407d16104c58d46b7cd96691b2b363b87dce294c4b69df744

SHA512
9903168899788d3f0d4ac8251444d79cb7f8aaf2c0e002a88776ad0c191b9216a42ae96cfd3cbb7741deef751009eac0ef43fe8736c0f42922f8c5579a2b6b17

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
1.0MB

MD5
61a272bbbc1e3aa369ffbadd8c37905d

SHA1
521327f26a445d47e4b74aa8507323e38b60cbc8

SHA256
c8e937fd62d9e12e126333decc8752a616e39de35b4729507b4f76b5351841dc

SHA512
719b2083693d2190aebc38250a1455862847fcb3fce0ee96092b68d8c3083e19fd05ba15f28ef841a788c48db67a371dfdf877258def4dffec34006e7053557d

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
813KB

MD5
98e262e9a989bc0d0f0c39b7ba8265f6

SHA1
50c0782c84e6eadc85c2248f0cfc1817438b68cb

SHA256
bd09b98aca6932fc17703dec2c0cc06d1bbbeb8f40c5c67974048551096711ef

SHA512
c578cabbf6b68257f744781b0a70330a39890fd0a4cf145e7f52e800b9e8610e01782c0a29ace5dc86ca737fa551e0fb892ea8bc73ff7f8df45bb8f655467f6c

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
185KB

MD5
ee6848161a71fc6030e1cede17e57bb7

SHA1
d6e605619102294e3f33eb4a63f7b68513c74f15

SHA256
3780156609e9f6c0ff92e9e740829321d6ca0f069e128f0ea4057fb2fe05a7d5

SHA512
9a757a34c36ad770c58881e0786e11e1143f0a4d661119458ca5adf7611c69e2df1f64b68cac8ed111c105c799b945a96d84feeecf67abb288d776699875821c

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
139KB

MD5
fbe00cc5fa9495ad086ce50c02dfe383

SHA1
7f5587c8d955e137359c41a33c4f66facf606b4b

SHA256
a3df9709a2a181dd55b57ab164126eb5a2cfdd43ed24238a9531b40b65f22a0d

SHA512
72df101bce0e457ca0d583fcf23997059943059ef36cd80abfebe7bd7a31a5a9a0037c7299b9736bdf94045255ac37540fb22cac6959ce27954e2608239acbdc

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
136KB

MD5
4270904f27b1b82d310604ed14369bd2

SHA1
1953eb690a972442f2e51bf1b9a758255ac22698

SHA256
6ef004f7657485f980846662baca985ff4ac10bdc9bfc97674e42d6ff440f6e0

SHA512
ca8f5bf0deb64e86ead5b4de684b832018b0a6b662a1587e2977c780c815693e50fb9d592dfd6dbcd0ca5ce65efc6276f003a674448efec523f5b3ad177a216f

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
141KB

MD5
725c322c3d0277be85824398f35b6aaa

SHA1
7acd4a6dbd6b67486f207b1e12355b8ff7770727

SHA256
b2a16ca9fa7837ac6eff654b118d8b9102164cfcfdac7242151ed67c502b552b

SHA512
ee5ec0e9dbdc5da7171e0907cb08c1ecb4a9ac65ccd611814000438c220de1d880e056548fc2d70cbeb92b981ea583e754a95c5243791e2be41d18ae6a3a80c9

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
140KB

MD5
76a54172e38e8dab7e4344b5d6af6454

SHA1
f696310eacf8caf67a9f42037266653ef11ce1e4

SHA256
41c086a43ae86d0760aaf32634a4d0920863e0d6e4dc68c331fd866496f5ac49

SHA512
3b1754b01e9cb25b87a75d79bba902b4b32add791d1145a462926dd989908d0cdb0129e3f05e96d0cd8d418a26f13b46df9ee0cc06c2f29ebe5070ff292eed17

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
140KB

MD5
afc55c84aaea33dc7cdf5907e0415755

SHA1
2ca281ec74f5d2e7a87ff43a4bca97460a17fb35

SHA256
21302610ecf5da6fb2e7d14a64b2c5d7e8110d283533a777ee55a822dba1bba2

SHA512
2aba9672cd8f4cd2d80ed541b7f63ee80b96b2d81c63cab12cb5c67e7a980708c06732bb90122ab270a0e518c1e9da5acd7b99d57f7c92915078d4f0f14bffa5

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
142KB

MD5
d1f8e371f466460ed107d88be30c708e

SHA1
5ac81604aa79639d46bd4ddbb0d4d96db5b44e65

SHA256
fc1643690b8cbad087185fe742a970e381624e72612e292cdc8172a8387cd97b

SHA512
b67248ece3b794b6948a6b4bafa7ea5a3101a35f22f617327f6daa96dae900511aed617a3459dfd1fcbd79443172ded5c97e0f116ccd279c98f54a7266064ce1

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
134KB

MD5
6bd8033ff28479d35dcf2d9db4ce9e30

SHA1
4adc64616655089b2e8c63cf411c35d27793c1ae

SHA256
9115f0dd078c0e5aa62b0886a3f30e7da6a1eea6cd77401556740188bfa46c41

SHA512
9585a96743998c18c81d833cdc56db8cb75928b87fd055644f8badaebb33994efd709ddc3e56d4b14dd404bd6ef0a5aa4442efc01aa79e0731e076ba37e8d227

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
139KB

MD5
df7068e8bc9e4be4b9bf7fa81fe140f9

SHA1
44ba95f697dae9bf789a73115353d4df08dd74d0

SHA256
ade710026bc6ab8cdaa94fc3e3b27159f802eef17c3a2a103e5a98656ab76c1c

SHA512
b42d09a806cea930b904180dbd19b232f6a91f4608bbda37052f57e0f1da0fe44bbf01e4d6bb8f87355fc257f7cb70b01daee1a28ab40f64a6e043a8afcc2a05

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
137KB

MD5
9c1d78ca18cf043ac3360c1f09503ef2

SHA1
b6655455f1aa60ee7d8bda9f6ecafe104c92af14

SHA256
a8eb5b82b44db38cdfc4b3e53d8de93e26ac0b60b48f27eb07781b259fa8a164

SHA512
4f563a3a8d67ed335f884ae23aaeda692d117098344ab963e2915e9275a54a17065e9d497e67be96adb953928845f797fa34c92d097ac943c52e229ff6872664

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
137KB

MD5
ec8d52e21762b9769b107bc369b8839f

SHA1
70f14f818bb263b6382c025454ac5a7f5ce376c0

SHA256
18d5e4a83d87ffbef31fab844dcc78a798275d3d0b2c7974fc7726155ac17601

SHA512
8608c501fe90c3da82209045536678a4d73529e04cfefa93189b8eb220f215420f2e1d0a448a1aa6689aae8876513e519c6485adec8845eca6ec2cfa43aed21e

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
138KB

MD5
b352a37b2616378909c789a01cbc26cd

SHA1
f139d811aff5992e70da15e42a271a47e73ecf42

SHA256
73443ec9b34fad594b82ca4802801df40da3afb2ef8d0e36789885ef86dd1ca5

SHA512
d33535cf6c9bc593ed68060931a8adaf965aa3e2a1dd545e29b631c335e3989543891242376420cf2f3139c9a648a3a75196ffb1977384e4dd14aaf6211dbc12

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
144KB

MD5
822e2a4d03a07a931f926010d222f749

SHA1
7d4d900265ee7f2b8b2c8a2f7b9b939602f306c4

SHA256
e3633a10d91982c40df66c54c353d60776c07b6fc11d9871086e921ff8000eb1

SHA512
a74df76389262d23e5b1fe2e218f09a012635c7c721018dadaa22ade94b957b25c0193aae43f73cbc2fd4dc762c356ac4771c0e8acf2e5ba2585946698d3693f

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
139KB

MD5
2e298cc592e35890e9f6e82924e54619

SHA1
08f311c26a996b9b9c1e13d23bba5c45bc696363

SHA256
0396acffa45b53e91479c31a2a80ac09f30e595f5965582cdb5e82ec7c77f6da

SHA512
ea1c17e91b45db23790327417e5ba9ecca483dd1c28986b5050ff020d0037b345679c60e679a0d89b4254e82c355ed9685650391d3f238001a3757e82e4b7cd6

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
137KB

MD5
df255eff7e970bc2743b760ce7c956c3

SHA1
6e8af1c845899a6fc29d067a13042e8a9307706a

SHA256
c2de842e1793a5c9a77cf21efc343df6fb6e0a435b6db5dcae934573b590d311

SHA512
cf047a41c5d94ac4e90a12e7f21b823ad4f37f7acd9735c1c7e56c6fecd6853eab8474aca631a01ea45c4afc168a4df7846c29365340244945c78ca12258e706

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
138KB

MD5
15f34499e6b400add34360eb856d2914

SHA1
936039db10819e76cf146918594192c6a45a544c

SHA256
eb00e176d549a65c58d598485c0512b05e22f635aab1f9c0524f699d549ea7a5

SHA512
21edb6915eb01d0e0e540ee665e3496bb0d1487108af831b774b7d65b306fa2fb295db87b391b0047d437a23401a1b4d5d971fb7a7e0ed0c1a036bd91504ed14

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
136KB

MD5
fc442f1bdc33619acca4e4e63c9d17ea

SHA1
3567736c368437cc2d32737303f46d1b10886bce

SHA256
d2ed80a75a44d5deeee82c528c7d70d230242033790a88cfb5f36e9e8bd6c0c6

SHA512
25a5f7afacca02ceabc09e923f475c4eecced25d9bf1c05b2ef57f96f292969f3b693d42daa947e496a46212bbe41422cd047acc381b468d2447744ba979b42f

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
138KB

MD5
222c92124938bc8fba7b7bde82f26acc

SHA1
e51c6f01947560a774829a48cb78dae4ed89d076

SHA256
8992b59844a42c2686932468279ecf87fde5fe521fff30a6748e1aaf6c7f5300

SHA512
c8c87a29abe18f5a91696bbcd0f2f84cac667de26fcf5bfbf2e3f4c5d742d21b035d8f7da2cfd226d208061c7e91f2fc23ecd7cf6af2cc194662629e6e90a6b0

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
145KB

MD5
5e369e8aeaf9fb6942d6d83ba5fcad8a

SHA1
5724582887e74998b4c433771da4b5d72946a6ca

SHA256
14b8bc2df28d3c05e4f0143da7775c77489b6e090dedc288221c49b19d842008

SHA512
41d3b5328c569d66d92bb6a20b31414b24154814b1bbb935c2c5dd6a46dae90f93cd2d577b16d6a6619f9d0bd0f827fef6b1a483549b992c0bd9805d34b75f4b

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
139KB

MD5
d5ebec3d460cfd978dcc9ff23f1d0f65

SHA1
185a5b35b624998f39426b09ac4e747f52e0f57d

SHA256
4c1bca0243ddcf10f8eb0c8eb7cea1f57dee8015be0cba5540f2b002623c3d0a

SHA512
533a199cc51e9a1a1b82e72229708cc60c6d17a083f3308153c24bd71362549afbf50f4ab387e80345cd9009f6d31704cb059304a820e3d41beec715a64ca6f5

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
136KB

MD5
00f87d6375d1923d625020b1ca73dcc3

SHA1
4b868c2efee21263d4a9398f02ec8cda4ab01f9f

SHA256
9213dbcd5e192c5d80509efae0544db468aa41df07919d69aa01c8dfe6831ee3

SHA512
6afd15557ba5780943241015b482f1a55d22a8bdafee16ae60e4d89977a8b3c4bbd2d58783ca436845ff846bc1cf7f676edd59f21dcc46efa7ba9f8d9f95f0b7

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
139KB

MD5
a761252ca7afda981885215b518a9c9a

SHA1
6b183e9ae4491a6bd7a763057d52ebe93fabf3a5

SHA256
931dd15e577dde9e7ebbf1f6ef73dc600aa3d04e375b4952ea5f70f0d7263974

SHA512
53d04e2717272a4b83b8656f1576e80a937c1587cc4a249416218cc0a37e10076c4459bdace01ccb7d19f4d2ae2ce592360f37ee22158a3ce96ba00bc2cfb03d

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
142KB

MD5
ba2c369b9dbd7a30c63258bb5d6e86fe

SHA1
d8c1a338c58139ddb99fb3c21aa3bd956ca4bc48

SHA256
df1d3a7f7d629c3f8a0ba6e7d02f2cf625b2d98cdc07a390f7d4ed0076ed5c83

SHA512
ae653d9044516676dfe93b9b11c9c99f5e1646d0ec1376b8724a771d93c641b73e6718312ae3f4de366f0cc532f9fc3807d999daa582c6f8ef89e416d7307811

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
136KB

MD5
d3999d5f62e0d54c3298e67c5e51852c

SHA1
68e22cd352153d2724fb64b7709e55560c3bd2d2

SHA256
c32c9a6aa1d53eac8d376422c23c612a5a8b4738db222e8405380dc5ce6417a7

SHA512
13b36d65e0399fb5fafc0dad379a37d9c9fcc49f2b841ccf28f8355c1baa83e5664ed114be3b0cd859d56e5997a2de157b648423a2dd9bb4bc975035d439cd60

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
137KB

MD5
15953055f8507e28fe8ba08229a2266c

SHA1
98d65c7e82974547bedd4ca945015477002e6edc

SHA256
c51c96db95b132bc8e0a5ec87b6962866b5371ae9565ac89c6c6b06680750dab

SHA512
c4a7f5109f12e048a73c6865fc7e964b12a6a42a0cc00f32bb12c6c72a529f014562ea07f0e943469c4ac8ff64e6ba6673664564ef2ab3e57342896fc0897505

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
146KB

MD5
5d17fdc0111226aef24501e068316c97

SHA1
de164a6e10fc8a12989b42c2e0ad6faf3be5adcf

SHA256
ff0e8a9ec5477b0239b3d7fe8b4f4e03122982c081641e83471e82a068c6a154

SHA512
4c1e9277edf3033cdb30d7fb4eca063f59eff03f6a879b156dcc139a885a084c3b0ecee3a4ccd4462e270e5d9f343085d87bfa7c2e353d8755dd5f9462cc80ec

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
136KB

MD5
4533c6287dce121886d1dc9513468a49

SHA1
4cde6333f4637a1e177a621a14fabc4e323102c8

SHA256
ac900199b88c647da8061028004df43f90e7e6cf6f411034131cfb77c8418d06

SHA512
55ab25579eaf2e36537ddb75da131845e21690efb7b4c68b7db3e2783772594c79d776d493b5a5cdba5d107def28d990d9b2f09cd0e598ce4ee09744dee430ee

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
139KB

MD5
df64dcf1bbf7f71743796dbcb251c35f

SHA1
12d3d73ce94f8433d3997e1f9c8d8792b752d8f3

SHA256
60a35115f5d5a514af8daa494e6ab5e5e1cc0b15634d499ceed81f80cfb712db

SHA512
415f3766aac648f7f311ab867fcf939268b541f471e53659c64f6c523f3894400bd556bad9698543909cb97b74d73d58971fd746dbaffa03e281a56cc54c8ffb

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
139KB

MD5
2cc60c4a48bdcf91815810e2c8080774

SHA1
8545ee0615234093eeeae32a1e18bca8d45ad93f

SHA256
34f7c702acfdce658e2c758ad2f3a1cfd0898a5919d4d5483066ff309457f89b

SHA512
d8cdc5dcec021f7172b1b5a1c6ff3fdbdab8e5beb2aea3d0004133b967124dcf72aa1d9e4a68fe1bdb9f4c3aa6f7f666de69d340af817b4cd42076a974b9b3a4

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
141KB

MD5
3005e698f5f15a52355d87b14e81c7ee

SHA1
800ee5223f6fcaf829e4053cc9e39e6b974e6830

SHA256
e947f429a20d00bf8a90bb86f80082f83e78dfe2b7c7b36751700b2f149a398a

SHA512
b5c989ea1ea2f0cfde5c7b8fcad90fcf37f454be27b61d4bde18435c22e4b2c45e1ba539f4661fafb82433a55fc06903bf44855acfb922b11f3afcbdb3e5fb8f

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
129KB

MD5
c1c8da0e2e4feea2d68f4689bde982c1

SHA1
eb05acadf277f7e3a08af1cdad3b4140fc371692

SHA256
91f81c12c8ee673a3eedb8e273e01d1aca99f689057af256284d315627fd3dc0

SHA512
22d7b9af1c31d98d9460dd1cc63f27bdd110a67556d6b16e57863f9f0243f016fee3eb44c9aa588e49f4315ae494bab419fa0383e79aaff84395f581f5df6700

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
141KB

MD5
2eae9ed1b1cf75801ddcd7beb9f6e1c4

SHA1
0a20f35ad14cfc6c6ef1b464a2b91066dbecdcd5

SHA256
2a61d0ca62d7a05856990c813dc7ce3ef53329def89e953bff81447cc5d512e8

SHA512
c08e6845de899d73c778f10cbfb75890842efc978cc9babcf428185e16db48fea62c77016b8492d851fb018038fa58025d7ea4dceb70722742fdc5c6628da666

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
136KB

MD5
56a539cd69db2c2aa945288a59776d0c

SHA1
dd5c3cb871e44e36658067ed3c8ee142c82b12f5

SHA256
d19f30edca53f9fd8398ce240202703695e0c99be5f2a01bc041ef624fccabd6

SHA512
192176d146ab1a9bbcc3c129c4ca960fde1de15022e662acda5d7f2e6c413e98031ddf085028a7cdb09a49a7ef677ad8fe945aaaefec69448685ad282a8351bd

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
138KB

MD5
71b693b707a154b06c798d007ab5c407

SHA1
05b3fade97e80ba445c8090ce7b260088f97e3ba

SHA256
7b9652f375fde24260b7df3033a2f19c840917804331050eeec5e9e6a10240c1

SHA512
27c0e2b20d10e4d08560f7ff23e9c9d71c4171e389366452dba9f1cdfb952343e2455a09362c588fdbbc9faa92eceeb915ba8e0a433a7f7033e69ffd6a426a6f

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
137KB

MD5
6bf686d551e4ee4e50e0edb9988abeec

SHA1
575205dd45818b79b09b188395965e92bd733630

SHA256
a4083d15c57958f07a7f6958d55c60b68428b70e69e9d34f38aabcd0fc1cc4b9

SHA512
0f6269657f687fde62fa15a39f6897b0ad5f93af9eb66b8045d16a1511fb25a22bd27b99769b42779dbfde0a66a64f57379c7b50c525a3db32a30b981c95bee4

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
137KB

MD5
8e202c682020b2cfc3b2c0a2f1cb36ce

SHA1
792ae15a7a11c6b468f462eb145adbc363b108e7

SHA256
a966faf93860e064247ddac0cf333762348ac64514d4e97cdd691a177dbaf06a

SHA512
cd94ffb5c11c4e8a3415f8a72473045ac3d5b69b8e98cc0b166c3fb2d51b681afaa7da7944d74d0bacf847bd4c0f37643ee9c78626a78c11f4d30aab38a12d5e

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
150KB

MD5
d7d5b331c402448efbd1e397e122a98d

SHA1
0f5879566214b48dcd23848c9ab3d8fcc60a7e2d

SHA256
fef5b97bfc897030c99c0c4c9a3ca3686b0297132fefbf51510f453b728155db

SHA512
345d19b6eb5520f3cc7c35b8cbf41c60098bfe317007435a534abbf27a004eb26e5c25fc7dc2fbb441ad06a4062d9f14b0d9caee508f19630ef69c001c2f538f

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
128KB

MD5
d0f8c3acb4c7da3ef144365837599b78

SHA1
b878f01cbe0f52e39d576904c6eb3a8fb2782173

SHA256
3abbcc68337b5cef62efe5f7719572df901a5870422e3a7e07b7df757ae2426f

SHA512
8de65b95fdbf17df13b4ff719cbbeaa8ce63c1c6e2e49afa47de2eb4d4a35a1e1f59e5e414e4e19af01313239571fdb39bc0453d632b444a3fee265c4ef06845

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
133KB

MD5
04eb411fea9febcea99164cdfdc28267

SHA1
e3ff815bc7b7ad52d4d791c365b83ffe46660773

SHA256
e1712a9a0a221ae8bbbcd1a0ceab91fe15c9aa406de2e2b17f93cf8066f6226b

SHA512
1a620d09af2f544ceaffdfcfff2aaed378c2e6c11894b0767ff07793b1bc78e17a90f105879157c0c01ac6cf16415e66795a7cfb6185ccf36606468fa9630fd0

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
134KB

MD5
dc2151b8071d93e48a1093b7319b7ca3

SHA1
3a96bf78a8bb2a2eb4ab9b8971c4d3f92978ec71

SHA256
8ab2b5fef9bb0d6ebbf75fe2f1b173cc8e67b76c631f11c37bbbfbf20c7889b9

SHA512
5f1ead56019f14963a2ad6696c42d36776d4eb31a77df65a729f0529e64f1a48bceae63399fd359f414a6851b8f34e3db592ad24d14ce31ff1209c186e453cfc

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
134KB

MD5
82894c0a261310ea7431a4cb6a677d73

SHA1
5d74b5d93b4af8a52854f0de1b9c1101a1b4ec16

SHA256
d6d980e3c58fcda400335b3cece8b47e376a697b6d3fc83097a3b290f584a688

SHA512
b2d61cd202eb1e6fa53ae8e33b8956d4ba1eb9d5e3faad772faeb123c37028d1db60194f4e8d411e6b541dcbe13f4fb1da278b6b80f5c1746b4d952242a9bdc5

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
142KB

MD5
96738942c83d2dd2cbf4538c58210fcb

SHA1
6d8529e5a915a98cd3264ed266e2eee3459b013c

SHA256
d80a90f254b5e0b59f3507d76a17db5dedba5a287edd4708fad3c8b7afb4a104

SHA512
559559f62786334c60959417f0cf0018060ebc7da981ed8e847021aaf4b455ef9e0871d309e90b3cdfdebd124e7846106a160faff2643aeeeb847b285d0ce4b4

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
129KB

MD5
0babe95721ab72a6900cd25736727962

SHA1
cccd39d1f620fb6599e73696c8aa904bb7cecb04

SHA256
aa66b163911884e7701f8269c9079a8093a9caceb68d16afde2b3452497cee16

SHA512
c8edd0023750bceb2c94d983a21aad51200c8cb2691d9fbb9028eedbd3b1aaf56760f32eb6e09bc2e52b13e1c850b4bc8d7342e4cc77298d43de89f6abb98009

Download Submit
C:\Program Files\Java\jdk-1.8\legal\jdk\libpng.md.tmp

Filesize
135KB

MD5
a30050aff4e195ec433b7eff0258125f

SHA1
77c82e236c91c4b91a234e225d4d4b87aaa0b074

SHA256
bb93460122cbf4575c76ab03c702de66dcf23dcedeeb55f386299524215afc64

SHA512
854bedd029515a71b4ec95349a8e939097e999be6720bce50de4e6753a7f5a613a110ca9bd46bb78ec45ab486e247cfae119a40eb16cc02e0b008ff6700dec09

Download Submit
C:\Users\Admin\AppData\Local\Temp\_Hx.hxn.exe

Filesize
129KB

MD5
4d00608f75dc4dad5dbfae41ffb544f1

SHA1
ecebb1f1366e8b20339852ea2e01a39e667e2cd9

SHA256
d6d77e41b47da0507a254d4ad5040b10f9ca379998db96ee6a73c83d9ad2f001

SHA512
d490325fdf995873ea4432964ecf5681d5cb9d2f73a942a485c237fe04e6dda84758bc058914421d215cbb7b0ae6e04adee44020527bf13479cd3237d1f819e5

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
128KB

MD5
6e47167afecfbecd98613cdfc69699de

SHA1
80634698ca65811bf0fa3d1e68d8939789d06a4d

SHA256
9ec5b4582552cc2c4e9b6b8a61ea08e12cc082a4c4135ef0651aec7cbe4ae674

SHA512
eb43685a4b63307555c379af4b812dc2b0b0ab6dc5d8f07d30fa733296f2758896bdbb425e44dd1231d99ab95c18a806f1e57204b3df701dd32ce362c016becd

Download Submit
memory/1012-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2200-10-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads