a5e06bb3a091a3a78d013ae9033b2f2932509465a02ba9f861e77ac9b7e774e1

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 14:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cb4b193fa780fdfacb924e8ac9f12580_NeikiAnalytics.exe
Size

168KB
MD5

cb4b193fa780fdfacb924e8ac9f12580
SHA1

c53a8a5e5003e89396fe891d0809730c1d5a51d4
SHA256

a5e06bb3a091a3a78d013ae9033b2f2932509465a02ba9f861e77ac9b7e774e1
SHA512

cec5880acae5da8ea076e5f2b7584bef06897071bab4e529f3428d3ada992536cf49c16327773ec1760d1a1bdcda673b0c447e0b151eebfebeaffcb1bafc8eb3
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eKZke7WpMaxeb0CYJ97lEYNR73e+eKZz:RqKvb0CYJ973e+eKZvqKvb0CYJ973e+d

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5029) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
2844	Zombie.exe
1588	_AutoIt Window Info (x86).lnk.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	cb4b193fa780fdfacb924e8ac9f12580_NeikiAnalytics.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	cb4b193fa780fdfacb924e8ac9f12580_NeikiAnalytics.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Dallas.OAuthClient.dll.tmp	_AutoIt Window Info (x86).lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSQRY32.EXE.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Windows.dll.tmp	_AutoIt Window Info (x86).lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe.manifest.tmp	_AutoIt Window Info (x86).lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.resources.dll.tmp	_AutoIt Window Info (x86).lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.Editors.dll.tmp	_AutoIt Window Info (x86).lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Ping.dll.tmp	_AutoIt Window Info (x86).lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-phn.xrm-ms.tmp	_AutoIt Window Info (x86).lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL001.XML.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Content.xml.tmp	_AutoIt Window Info (x86).lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-debug-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Extensions.dll.tmp	_AutoIt Window Info (x86).lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office15\pkeyconfig-office.xrm-ms.tmp	_AutoIt Window Info (x86).lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Common.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\csi.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.resources.dll.tmp	_AutoIt Window Info (x86).lnk.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\w2k_lsa_auth.dll.tmp	_AutoIt Window Info (x86).lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ppd.xrm-ms.tmp	_AutoIt Window Info (x86).lnk.exe
File created	C:\Program Files\Java\jre-1.8\bin\WindowsAccessBridge-64.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ul-oob.xrm-ms.tmp	_AutoIt Window Info (x86).lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN081.XML.tmp	_AutoIt Window Info (x86).lnk.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jli.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	_AutoIt Window Info (x86).lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ja.pak.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jpeg.md.tmp	_AutoIt Window Info (x86).lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSOCR.DLL.tmp	_AutoIt Window Info (x86).lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN026.XML.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClient.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationTypes.resources.dll.tmp	_AutoIt Window Info (x86).lnk.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\mojo_core.dll.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	_AutoIt Window Info (x86).lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ppd.xrm-ms.tmp	_AutoIt Window Info (x86).lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ppd.xrm-ms.tmp	_AutoIt Window Info (x86).lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorrc.dll.tmp	_AutoIt Window Info (x86).lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Json.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\ThirdPartyNotices.txt.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ul-oob.xrm-ms.tmp	_AutoIt Window Info (x86).lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationProvider.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\DocumentFormat.OpenXml.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.tmp	_AutoIt Window Info (x86).lnk.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-handle-l1-1-0.dll.tmp	_AutoIt Window Info (x86).lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Xaml.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe.tmp	_AutoIt Window Info (x86).lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Sockets.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Design.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	_AutoIt Window Info (x86).lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.dll.tmp	_AutoIt Window Info (x86).lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Storage.XmlSerializers.dll.tmp	_AutoIt Window Info (x86).lnk.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1844 wrote to memory of 2844	1844	cb4b193fa780fdfacb924e8ac9f12580_NeikiAnalytics.exe	82
PID 1844 wrote to memory of 2844	1844	cb4b193fa780fdfacb924e8ac9f12580_NeikiAnalytics.exe	82
PID 1844 wrote to memory of 2844	1844	cb4b193fa780fdfacb924e8ac9f12580_NeikiAnalytics.exe	82
PID 1844 wrote to memory of 1588	1844	cb4b193fa780fdfacb924e8ac9f12580_NeikiAnalytics.exe	83
PID 1844 wrote to memory of 1588	1844	cb4b193fa780fdfacb924e8ac9f12580_NeikiAnalytics.exe	83
PID 1844 wrote to memory of 1588	1844	cb4b193fa780fdfacb924e8ac9f12580_NeikiAnalytics.exe	83

C:\Users\Admin\AppData\Local\Temp\cb4b193fa780fdfacb924e8ac9f12580_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\cb4b193fa780fdfacb924e8ac9f12580_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1844
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:2844
- C:\Users\Admin\AppData\Local\Temp\_AutoIt Window Info (x86).lnk.exe
  "_AutoIt Window Info (x86).lnk.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:1588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
83KB

MD5
210fba6185d4d2de8ae61ad4c76ce7a5

SHA1
a18ed2e96c2bdb86702dc2eea975a0bc95810992

SHA256
32a093f4a04f01cbeca28bce49525c95a0fe083311e8b8629abbe440a41210aa

SHA512
55b2aa1f50eed28714b7ba50c8a900961798a658e03bab7b453a4caf433036b3dde5f26e56aa6fc7b53e71fc33dcc9b4ec32d567aa98339e359fc5d5d6711db4

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
195KB

MD5
77badf507c0a04a31fecc90b61eb2b0a

SHA1
108274b5d0131cab4f5831e711c9e6fe8537db88

SHA256
e3420e0d23722e753622cea347a168b178a0af8233327d2c1e3704f27422b918

SHA512
d5a2a15d23df0877a54cb8318daf65b43a6986e51e0807a15df12c96e0e374cec1906007beb0f28e9eaa379ac3bf3806ba8e38491adc8e44c1ccdc969162b166

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.1MB

MD5
c85907f4daab5cb6d738248602fd560e

SHA1
f00d1627bcae40d51b62bbf8cf982134593a117e

SHA256
177fd5c5c31adfc589f4ac3f76faeaffe1db005e46dc2d9591edbf810072fedd

SHA512
35f65d4a89dba1c1f29f167ab2541dae640f46e91deb39c43e7a3125ac65367d7718bf208bf71c3af2497adb751d7c23faf9ca626967351a8279b2ee5e241bac

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
065aa191ac1c273b6c54592936921997

SHA1
d1886b3013facaa956c86c46adc24f357ddae940

SHA256
4a0395f79d21f4edf5cbb9be0fb872394ee32a891e853bcb9d2ec83b6dbdbcae

SHA512
2c66ac0bd19c1ac30ff9d8e6749c1524323825fabc3fba8b6c370114fe647166f3e87a1fc8409c184071ca317466c2a3f7aec21550c8b41d64b21f166d6e41a8

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
627KB

MD5
4da8fb0b4b5c0e88fa8dd19b960a9bc4

SHA1
fe1e3df51d8fbce8e3899be711bcf732b682a03f

SHA256
32c6026471903c0bb31bb9cd1e11b2f6ad5729bb22000427b877ddde04816c97

SHA512
b9d33d7a3d74adab0e7f4cbcc95ab43fe75936dca9b072eea6d47c1d77de09bf38cf55faa741e5c276d2057e787d6c4797a8ffc5a467a87322f5e386a4a82ce0

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
294KB

MD5
18dab8203362b101e50e73b544666ee8

SHA1
4c21909ebff653425de143d6667b33781f6520fa

SHA256
134c1bb4f2382126e6ba9d33c46b324414fda46143951422dec9fe9d4fda7e9c

SHA512
5e4e0e7c8ab4c83cf70e0e4a5540213a173c0b996962bf25342c9f0cee6cb15285ffb07cb86306ecddff6b83ab13b6beac8aaed99ed0c2e9d250796fd04a4f84

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
1015KB

MD5
868239df57f865a1f18980bbd5645e1c

SHA1
e4d620048e86a281ff874e7494a472f8fbfc06dd

SHA256
934d9393fb376a00c2188812c6b60cbf2d98b4a945ce187bbeb2bb0c76638e43

SHA512
44a609d4602722c7a331c8468a1c4fa6e877830cfb1869e872fdcb8a31bb95374080f128243235825c77b2b292a1c04514309ae34b3c7ed7ebae0d70beea65d5

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
769KB

MD5
d84135414cfb5f0395719546a2adef6c

SHA1
057633d430fc54d752194c2716e35e778a077c5a

SHA256
a476b3c816193f527dade8db1fd3aba5e76c571262a3f5ca7e68cfa24d0b8413

SHA512
b805195eb4a1c42178036d4dd5b85adc955503e8ca3d7095a820cf0603e895b9ea4790f6caf97e5776040d2b24b437fa92a698435e5c0f8f98ba47549ad9392d

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
142KB

MD5
37838239c274ffb7f58981e15e945339

SHA1
d4e972adeb218ad771824abc79bad9e48a1b2156

SHA256
da0c53b560f62e52e55e08fa5e5ce493553c7c1c4b05da2deac21c1531fdc29d

SHA512
613f1b7610d508ea8d0f5b9adeb92e970b3d01009c0181b916a0a7db35c1ab8c2453b09f0bac3327df4d645c378ed5f02952bdb8c095326bddafaa2905ced092

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
95KB

MD5
82c7f7819e38a35880c74531a33ef831

SHA1
55e6e385c26de94522c953a2d5fee77a028dd8a0

SHA256
8520b469dd6c14effc0c41e3b85a5705aaad884076327d3938462e929fce95dc

SHA512
4d88f2f724b5768c7d17c3ee56b595dfc8a63eb0940a2be82dfc0c9b6826de9b5b8009915c8c18619efb85ef37037c300e363f9730b5aac31107c80015f91ced

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
92KB

MD5
7c909996284ef7ecd87eb5d08df84b80

SHA1
4a99b68789a1343babb3d051f8e3d9ca977eacd9

SHA256
2a0d17ee6509cd7890f61c45a108bb9442a6bf93942c9634ec466f4c68d5397f

SHA512
fd8199a754952521ddb9715e88c80f2fb0255d6bd35d51aac5bdad3c8f99bbf7b80e66142e4d4a366eb0b30f0663a26c33063843c4ce5b3074fef2a711f23f4f

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
96KB

MD5
8e73e8f9649f6fb24db265c68e832306

SHA1
ee5d0677ba36a2ec024985106991a9ebede94600

SHA256
5e2ed8f6bb8503bbb46dd77df4fa8a8ab7e721c4b886fd87ff04da75a761fa75

SHA512
42af39ecebb1d6cfeb0017219a91926a9aea0843bf78775b84261af19031ec09f9b531e339d8fc42c3f680de981dbcfab11bb8cba8caa5c2e2f276e1b1d3fb25

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
95KB

MD5
e19e3f57e5bc04440968f48d5fb0b146

SHA1
89ff710e5f1b1baabda82a2a83b27e7a4352f7b4

SHA256
03b1d6a42fa67269fa09f36d19e5bb50416e317080eec8f3e5a92a9171c3d38e

SHA512
246f843fea8083a841e8b5578de1c48c8c57ffa52add72429070f9852447fe88274a2cb963bc6fa4c98fd373107cd7fa56966f65c8357f9dc9a466611f18d6f9

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
100KB

MD5
54fb44dbf836ce9f6bb737fcdf129ac1

SHA1
7779d61c0da3ca09aced1f038569f3f61ddd426e

SHA256
35896e0af1e731b90ca6b8e8763a9c9b20696f917698f6629dd93740f609defc

SHA512
51264e808fd1253b44e81e56ac3b444fed4fa95fd4d90fb024d314ee43287e70ad3cd5bc8bc1a44ff82530b8a7757791e1b69cb4b6e9f5136be45ab78db100b4

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
90KB

MD5
9eb51bfbcd670202d3f427c67b39df84

SHA1
c2b7848115705b10f3956868707961fa0413206e

SHA256
9013ccff043149cd65e15f73bfddbfad6ae771ed1b8c87191fbe4f0d438dc457

SHA512
3a2f352a3f2619278cc2981f6aaf9429fd90214ca52cc3be1c82ba19ed8ff8ac204fb0395d277443003a850059ca8236a7a76f59775db53e70ca680ad1678e69

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
94KB

MD5
a1c22ad8776b6e3de544769eda901e2e

SHA1
e4b0b52b8177fa4f814fb87771a74a12509f7cc8

SHA256
05a46aa44910cb63b0277fa1d18bbafa62b319fb3a73a1a6646964f456614600

SHA512
2027c218131fdbc8c87a0ffe333e32c01faa617c31c213b6a48d5d171d0466fb5364699f22f91e2e5e28478885ddc7fe12f0cd62e2bbb886547e3eab383bc0c3

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
96KB

MD5
b56c79edd6c561c3d926c94dfe2c7fb1

SHA1
a5a95146523423bc7d16cbe578869f0a7b959594

SHA256
b8dd413fa9e40be9c04d25f01c47e4f5b4ca8fcfdd6c191c0de53bc7f080c70e

SHA512
92aa019de51163ae57673545c5947460a1c16c530810bad5eef57ecfe62a2550a145cde4833a385dbd290aabb2b93b47787862173442cac61f7b21f575344acb

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
83KB

MD5
06f5f49fd8a99efbd386a85ec2e57f58

SHA1
023d997d01fdb05976861dd131278a04ff9ed563

SHA256
17d1628d4a40e3fff2e9e61eecc3a1454cfa6644ef274ff9d6de3c5c86107fc4

SHA512
ce0181f2081b20811fa51a0e15d638b6737d0ace4e954fcd0762596c48b76aa75e9a5f9db28149680960b4e364b8850c639fb681e7c0aed08553c2545060a785

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
83KB

MD5
ec353de80783b223955aa8f56cc67df2

SHA1
2cb484408a556facc49cde91cb41de73c6aec347

SHA256
0f2018e9229eebbc1d3bef1308e9dadd066571a18d307e66778fcf97e2a5912c

SHA512
8c86755bd4d4f2cd935f1ff894af804ee4ccaebf02bf5f8f84abdacf01b5d5c020bf37ad2d03365b3c7e408e2dbea1664f00258904c8dd792d39cdddb78514f2

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
93KB

MD5
42ccb9a7ddfea758f6813f5f2cfacec2

SHA1
a2cb93a13f27ae47c902997e12403de7c6abf201

SHA256
97229bd2f173f7fbaa7ad496aa91087d78eb041479eb186642a00e7b955183a3

SHA512
0b818807ad3235595d866ef85b32c735b33eed5ee196bc996da62e0f8685afd7221e3927f59e6f93718921eb79a062c1fc4c766b110dd57887055e43f946a866

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
94KB

MD5
20bac30f23a40fc07fe646af47c2cddf

SHA1
b12450c2220d8c07244004c4f0019fb2ee260ac4

SHA256
3c135ab692285845ad8f3df2d3900e4ef984a9d12c35fdf9a91f20aa1f2c03c6

SHA512
a2fe908f397aa5d817981d0d9f7f6cd843ea42fc4e22a5f02c6cbf16e792ec911e4347802683d078d92dad22a0f353f36a9dc43ce84874bcc30bdd5254258f70

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
101KB

MD5
a891ebf12938b2a01e18e6d07ece5955

SHA1
a075083cbed257a4f647da089ed4f64a05385cf3

SHA256
50683770196b87f7938003bc5f97d1f184bff461c2b59cd021f73e4e6a5a3739

SHA512
a651c321fff587b10516a5fcd51c84a388f4e895da17d5f2498e417c8d37a9d3f1c847987fcf3e083ec52add5949dfce5c9e4c08c9ce1837902757131e65eb71

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
90KB

MD5
5f08fbc1f23019fbf2e1ec8641d7420f

SHA1
fa0df193e8c87a111b1c9edfe8f7cac4fe99f924

SHA256
c0fb9a71cc7b7964f64c02334527e450950ab5c000702304524a2c024a832ba0

SHA512
8ea41e9760ff8b2d7b536a130f42c67c395129b064ffe987ac6e4e33d94a405df482404694346f6a94b45098c8cd5f57dab0cf323ec289188ca25278cc93bdbb

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
95KB

MD5
c458cd961b45d1c87bad5ec75cc717a9

SHA1
cd6bc95e5162faad15d50b5d1413df78e514a0d9

SHA256
8e19d82bc0d493bb44bf3058a45614796f17ba30a7f9fe4daa9efcab3179c6c0

SHA512
bf46b360d4d1217c0adaaf48b3cdb2481e19d18a495cf71bfb29d73ac1ea42a1f29ba4818c24ac216eb2cef673b38093e9da6f1c487b5594460277e708c40a7f

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
92KB

MD5
a97e447f4b49bde78c757d24c73ebdf7

SHA1
94e7e3e4a5e3cad122479494db964ea136fc7c3f

SHA256
d380bb0300f71fd26951463af879e9cd958f908e1ba095d6c77eb4c73a8088a2

SHA512
be0d2355cc046e6bca902163efe2b1bededa95cb77a9d8d6cd868276680eabb16f47c1ec3f9e56005cff375c4ce272a2b8d119ecb1ed02f8de1b3621edbc1734

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
94KB

MD5
ea0cab78bc11f1515c1999f1cf5b91de

SHA1
0b4b02177b07b6b731347ccc343c1cd694544ee6

SHA256
a7e4d47010ed25c8ea6863d9ce7b5a968807a009ebfc96ffa5e5635936bc5b68

SHA512
959cb87227d1975eae3bceccb571c45f1236a8b13fd1ef7382f7b28881d60acafdb9722e0255f5f50c7f285d5d57568964192403d0c0f9d5421bd56ba0ccb088

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
92KB

MD5
04f217fc1996e53367a84b1a7d5feb87

SHA1
01de7f0a13541e0aec9936555c4710c385e14951

SHA256
659277c2a5d26fee96e3cc0b2b4ef70508ecfb1f66646ea70ff3b053027f6510

SHA512
da6892a20d78183b243930338b23e9172174aef533f3c4f6752d5d52bd5befe95ebcf21eb17bca9c7c909693f2c78f94ac19e0948912c4c2cbf5eaa8b0018918

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
98KB

MD5
d18c9b7b1f5f8996f515fae047a7ddc7

SHA1
8141549dc1507243e418b2b51e55cd89ec3fac8a

SHA256
058ac40cd3a771908da09c7b2d9f31f15f0017dfb391fb41c5f8873344804627

SHA512
c41833b445d4ec5b19e01c932086a8a02294187b5305dd497646b71caddee784cbb5ce7fbcc424ca01d0c80a86afd958d29bb404f4c7261b1373194aeced3eac

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
94KB

MD5
3af460ea5344e0cc2d3948dff45c32b2

SHA1
9d92f52df2f05206817aa4345dc2952ba545eab3

SHA256
3e3e8209ea3025dcdba7c452276d2d461ebb0f3e49263b134c615cfa5b272be8

SHA512
298176078e387b5742dfc3df7b646d96e6c110999768dbcde8f7e9b339225d83ef947240ba10446f3c221a98aebb882114d1f1a836e9d34924e7a7ad8a896367

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
94KB

MD5
43a97eb97e3fb8c44745809cf953da78

SHA1
d84b064bd601909778ba320ba32fcf6304317eb2

SHA256
a901377ef453c27ed443528b70a727b6865f989c19e72d6e95b563948889d909

SHA512
543d43721fcc6ba1306ba27b3fb8b80c0dce9ef8fcdc004177106156f8a41ab55bcc7d40a64389e2e826e478f06a071e436ed80716e333e30322d4d381176e33

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
102KB

MD5
f9dbbc7e69bfb077700e1c04362a8f6d

SHA1
c8858084db2a0408ccfc6bea55ee9489e5a7cb00

SHA256
2853c2a31ea9d54c7b622b349325f2be0eca102298d93995828030ece6dea880

SHA512
5b5ca51831c1b0ae70d57c2e686493f4531af7b0f60f5a07bd3bcab04e87849dc25fd0f39322a5a5b09c18e339249df528d28145ad0866897a154e1830fe942f

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
102KB

MD5
cfba9b2a137804a59a43196e13b9f85e

SHA1
4558b337a582ef51602b79a94ba0eb1e90dcff0d

SHA256
55a4a3ae5758c06b460942d466c2b11ffc0945b0e93007311eb0d04cbf3c1581

SHA512
30ecbb321f90b9697e0305eabeaf88cef95fdbd4f1d5ee90979d4131de067605679067a7164a6a2963d12a5faa3e1a92d1b034fac3e9bffae802179859e46d8b

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
94KB

MD5
6a843c05acb11ada2141bfe65f9906c5

SHA1
88caeb1f7b9b72329acb44d774c9134ddc6dbcb1

SHA256
7866ec3b8b89b19525e9e0507cb0b32bf12631835a285b874c6c8dd4abdf826a

SHA512
2741cd7ce7e38511b1d3b70e1bf113aa167a23ad73cff4beb38ea3392821fb6cc8ead6e0d1d47675bd66e98488c7cc55960bb226fe0b6ab45b6bc32d622f504a

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
93KB

MD5
a22d77491c340d4a481187eec5e7e775

SHA1
9e531f37ce0bb9a77d0fddf06e11e863d90edeca

SHA256
fa04b5b81ddb835e2b950857ebf2838332e120bdcc6c1e73c2c1ba7bbe36bc65

SHA512
b9cc945295a9e0ddf97016c41d1afead703dde4af4bf9dd9d5b2dd364220d0959bf9d34199217588c5b5f743e608eac90903ac90f21dc9b17c4e20293b67dbb6

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
93KB

MD5
821b485508716f9a2f1dadf85f33cf53

SHA1
718ff0beb455bcd653fa062d203220edb5711751

SHA256
bdd49cb9e37d51197035d50a7efebb426b0da5ca0bd3291b8ac8a7c0ccea3f4d

SHA512
8d90d9021fc4c20ea4bc542396c3fe26ff9a3f9ff0e7fc9ed6ce4f62873469e817ff5d96a0757fe9d91e07071cffeb9d5d1aef5a9a233c418804110a7bdc24c4

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
95KB

MD5
db139c0304bb5b9bc538642e5a08ffe4

SHA1
955555e7ed5b7dfaa2a56ecff99a8ad17fb678f2

SHA256
c273896aa6f8b572fde5b06bb55df3899dec51980be532303ffbb6904eaf98d7

SHA512
8213a006c4d4079eddb913885f6e8115cfd2519be5c1447dee9736e201f005d1a58015047dacc397a1b4885a35de568061bef8b1b06c3b8cc1b12cc6ade6005d

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
93KB

MD5
4c9360bf202ad3546eb3918f708a4df5

SHA1
10c0c6b6e0e10b1efe9807ffc2a1a428f34536ce

SHA256
5880d3d08f078d2d97011d9dc7386cb5042ddf7b1837eed82aac0b26d8dcd9cc

SHA512
2fd26bec58f0b3095d1878dce3494ca0eb174947d51b01f7618d59b570d878c130c0f9d89a36cfb35840c86eebd990bc6f7656a99607914fa098c55969469f7f

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
93KB

MD5
3ba30c3a669d1d0997d1934b6288b0d9

SHA1
56a84ff5067812725e16a26109e577b09a43ea62

SHA256
241bb7948420be9ceab69601966ee5addba44aa858bc72996ae3a7913c21e11a

SHA512
0a3fe5406aa086feab23710a0e3b34cde856473bb44787dbdca9f0fb3d6f2052c878f6a2f2cf527d1d73caba15164a2d3a0f3c3ae24318c8649d7675224b8b8f

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
91KB

MD5
8259779c3a71ddcfba6303142c6ce53e

SHA1
1de6f37f7c4f178e3b8ce46dc751348af9156a6f

SHA256
486bc6f90adfa9bbd6632e3fbb540e038df576a0c453cbe0da39f74ea96b4222

SHA512
9a182616d237989fd7d5baeafa6edc4ad0883eccda1fcadc1136446ab0690bafefdf149fab9fb7a42f83d1e11ffe6b29edf125d93f4475521bd77427d5e99641

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
93KB

MD5
2715c86844597afe14c219fb5f10ec2c

SHA1
d768569b4045db8a7013402f0a3fbb1a4ec83c6b

SHA256
e9afff850f0b580c4adb9e518b5b8eb5241e5f7655461def47f38b6d37d9ae44

SHA512
a5db0f0550d141127a0f561c750f2db2255c6197d0a8e16219722ef1e8a810a1e57ceba6d2322cc3ebe3d3c005946a663d0104e0053506ce806c789dea44421f

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
85KB

MD5
e4184f1056075df8bc2bddfee642d807

SHA1
25a541f2d2c3d8da51c97c61f5ea91e54bd7dae0

SHA256
a7badd76ec68b6bb3378d6fdc4e70618c75e6f12f92fcc1bf15db63e1ead8394

SHA512
379fb0116a928b5ef66051b956624b882ca4f1280eed4f26be10f042f30e6d765b0d1377b6bcb798008d73c69e6b14c4fca1339fbf5972082cabec387858ed77

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
93KB

MD5
8824c80861a4d4a10209651895999eeb

SHA1
fba347a1730feafe7643935fc9d84e498e17ccf2

SHA256
9f0584585e99c8730944174171c03948521b1674e26b28f2ac7729ef63627ddc

SHA512
37d02938eafba8baea59b13880498c5108637db522d59f1943b4e3d3332d72297f8b3c5ddf5d134ab4fd20a4e00f4ddd976b7774a6c387dafe5ea60579dd2607

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
84KB

MD5
a0c7fb6cd1b96720b3f5682524f77d56

SHA1
42894a762ecae067becbeaa287544fba618bcafb

SHA256
8d66dc71d5692e52036e2a6f5aa18d84e3612c146abae6597e793a6377602964

SHA512
11edc97a09d4bdc64a5ca4375aef944fd3db2b8734a7e0b90ce947a570977881fb03cdbb976df6003916c5be24fb35a7eb628ee17234bb471c9a23a43fb1bd53

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
94KB

MD5
1b9a75ed94a691608101f18b6bebe4df

SHA1
0f93d089a665afa7dc1965a8331f0eafefa20798

SHA256
baf14b24892bd624254555a93af6fa8fb207b875c877d9fe68db95451ba307d2

SHA512
9beab8f12dff4483a107f85a69664114ba5fc048d7ff29aad6089a20c49379fca97569fd2c4ba32cd4edde3f4e3b611924d55ca1be7863ec4d4fa733853d78c4

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
90KB

MD5
66ac36166c9cea9368c471e0689f2589

SHA1
26e7b7782914ad8fe2e421a9835750023c6191a5

SHA256
2151a9d08de1822aa3ae46061d6fb66ec0400c165c52359a0f336d2b022a10b8

SHA512
88a34c0d45845d22030ede37d634e6764592bb29e869733e7c2371710bbe3a524a08a2f49906809d633f001ae96d01ddc55380a33a837ef3c26dcd138c4a0427

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
91KB

MD5
c39b663ecf23c2a9bd8a7befffad6228

SHA1
c360a5b1a36f3919715a42ca42f8d038267357cf

SHA256
e879ad30750353572ec2aed640084ba4f0f62b34e348a56641bda8a80cb73c2a

SHA512
f0307580c048b707777c437948962733a7b474cb7adb45e66662f779615fb4dfff0babb4a2b37d4779b251808864beea5ff3aa6c93c436c439603b16114cb081

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
102KB

MD5
86e0082f5fdafabc2d0714f8b9ae0b15

SHA1
2ab7543ceaa455924d091ecc2c1112eeb1454324

SHA256
909eca1d5c7e5c536acef1deac23e4f52c72da5f8492a928cf356ef8cc98f1a1

SHA512
b507742ffd489768b7d4eb7cd08f6d789467a8fcc2c31f903757ab8ad5234794eb285ac5a33618663815567855ce90e5df25972a931314dc596833354272d28d

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
93KB

MD5
4b5c3d46fde2b734c32acf8ff29f8311

SHA1
7f00a935a518c5f534aad32d09c8ff9c52e0749e

SHA256
8e721471edfa5879f12049ed55f5a32eebd0c84e4a1456ca0efd01ca7c3e9100

SHA512
e6e57e8ba40c8ba81f0cb90ff18c12c13ba21b9c7ceaacaf2730ab2dc8de0536736effd4f26e5cab38642cdd62926d5fa74f59c0b4a02a5e68e4f2a7393449dd

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
88KB

MD5
bb6cd2a507acab6bd2ae7a6cad5dd428

SHA1
3d67434945a98fcd112e612a8c7fd81380c707a4

SHA256
553b048ddd3a4e17a4b2adb03bc324613ff9b15217cdf7dcb582dc2d487d89c6

SHA512
53d985da1adfc60d7610bbd1018c0e161b8cf701d4b2df3f081357a45ced34512af31377adf65ce3e391f1bb944ec74a4b6167bf693203152bcdf4f83733d54e

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
91KB

MD5
2c4c255f8aef26cd0870e3a81e7d6009

SHA1
9045d2559f585dde6b65b335f18d39c3ed388908

SHA256
a973b8d6ab4e1a1e6adf2f7fa9184aaea1b18405463a9090531894af40b33490

SHA512
6810901b5803e16af6135c06ba38a742558db6f8d0a6411bb840679a02c6b5c596192250f70a5288ef08556cdcb38aeff7e9f778a94e7c6c17bd90a5e7ec0d39

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
96KB

MD5
3ba2614579a84dcda1077b2a995451ea

SHA1
143977bc17dd62b497d2088a21830b65180878a3

SHA256
7564b9fc72e1486dbb60140bfe22595ccde2eb10e54b19b525a10344abd9e83d

SHA512
e2bf33819f63248d426614ec7f12b09d3839fcbfe65fe9fbf8875e1b03859ed3e0cff360a38e167fd780692d1651145bc97e766d65a44fbb922fd5f8b2c9b542

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
88KB

MD5
bb883602a2d9bad26ef7bc5306a01ed5

SHA1
9489878ea0d7667d9d321667c15ead24a5a9ed3d

SHA256
d2c3d8f1771c649fa7a5012eb8e8dcac6684a68d3e9b1a0091071497d43f0078

SHA512
616a8074950e1ae6fd3c934535f88c9bdb4fac7d337bea1d4ed10782ca543a5ca474644ff8c3ace45f7dc69861d471f6f5352289e7f4d19f21026cf05aa1c8ad

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
99KB

MD5
391f0a808528bf00376257c17065e988

SHA1
2353dba17c1905037535b58f4eeb741c9a6b33c8

SHA256
e2329ebc91e19d08bfdb7a0a59ecf943092747940966777ab5b9a9cbe2f4544b

SHA512
21a8961e77a8fcddd6bc43809c67ca58ad03ec75a6ec879eafe9121ca72a8d29883eae9242ee952eb85311cfaab591c9e2f31a26e158148ec09ddc4105e2068f

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt.tmp

Filesize
94KB

MD5
7046fa78f3dfb75fb7ca60237b727570

SHA1
632dd70ecf5f2ac5085d5db583787e83bf39d245

SHA256
9ca710e9368aa78b7b7d43a6beed5bc5e90a478b5fb2e6db438dc3131a86f3fa

SHA512
6e752d4ef0a8bfd5b9464f4c8103cfc353915656d4ac62570a97fb76801cf44bb53384c179d7815b575f58f2532be3da20c1d223f01056a253b1c74ec9755f75

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp

Filesize
93KB

MD5
9631781ef0b31d94a997d3f12a982a9f

SHA1
0c3e501c45284a5facd52c80c31a5742975eaf09

SHA256
cd218b3954fdf62679fe51b0644b16e9fce3fee1a5b17f4708ececef54b91ccf

SHA512
a8316b5e63d4219aacc460a5ba5e40d3c16af5e978536f41928b392bf3b833a4040f83da7d36d24671b01ac0994b746411e69b9116c23554d3e6d9dccd9b58bb

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
85KB

MD5
a059e5718634fcaa5c3f89236309d1af

SHA1
6441773803c1850ae93d5e3920f3461e196a152e

SHA256
28ccb6370bc60fac5e9c658de798ef0fd82b60a69e46e06d2dd8b2fe000f05cd

SHA512
487e815bee3144391a7b77c0fb5972345c757728d7a7f6312dfcfa635a370f039e433c2fd268b2f9a1044cf948716965ad1b664c301e598e9100c1e918560cc4

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul.xrm-ms.tmp

Filesize
92KB

MD5
9ba084dba3f933f8cb92ca5ad2d4f82b

SHA1
f0842c6b550c869e7bca4c42eff09ccf7686c637

SHA256
53ab7370f95480c1f23966cdd9a361a2bed5b5a4b7a6ac0e3320a25219c9c199

SHA512
6e53cac8565c98c7568873030d8092f5a2ef0232d3287387e72ed6da41341b59bba31cd96ab4554f272603f39f24d9b0b995b5e3369d230e7f2b3b18eda5a9ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_AutoIt Window Info (x86).lnk.exe

Filesize
85KB

MD5
58b085d522a8ac8e98a1138119d4b4c2

SHA1
1bace3f23f3a6a5e08ab6fde4b667485324f9867

SHA256
b5d22fed54ad3647cde59e7279c6807189fd2b29a6e6bf363ab8669e47839e57

SHA512
5aac9ebc67cd15a7c7daedc42cfee4b5cae7f512d2aa19c90597d497245c702805ce03b275addd80eb5648b855b48ef6e6e92230c83b3f010f49418fd6a1fdaf

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
83KB

MD5
508ad98eae717a38d2b1a93e94acb669

SHA1
bf8948e881196f46e220066108dff4fc5cc630c5

SHA256
15684e8448db7a88016c65d164d875258944130b2db92d82c2a32b3db81073c6

SHA512
f6bbbc9674dedccd619512ba210362262a6bf0c8e271cd928b4b63cad2268df8c1e4a5e48812c6791b62debde230b991a1a7d392b8834ce69cd2b032d6684610

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads