370b1016153cb4dd29c435916ae4e618f155c2aac805eed0f97f1e625f277286

Analysis

max time kernel
150s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 22:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

48a59cc1821a2b63a834a881c1e1e4e0_NeikiAnalytics.exe
Size

145KB
MD5

48a59cc1821a2b63a834a881c1e1e4e0
SHA1

4175341dcceb2cc3403d5ec5a59631386a520f71
SHA256

370b1016153cb4dd29c435916ae4e618f155c2aac805eed0f97f1e625f277286
SHA512

d47451de5faf403fc12446cbdb64e98f6fe32a47cc305e58f66b6408c157da9798c6cb159765752f7f0a369ce2bf40f54fbb2d6653bf14c99ec488dae6d984df
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eKZMe7WpMaxeb0CYJ97lEYNR73e+eKZ1:RqKvb0CYJ973e+eKZXqKvb0CYJ973e+T

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5136) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
1144	Zombie.exe
5068	_2.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	48a59cc1821a2b63a834a881c1e1e4e0_NeikiAnalytics.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	48a59cc1821a2b63a834a881c1e1e4e0_NeikiAnalytics.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-pl.xrm-ms.tmp	_2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ppd.xrm-ms.tmp	_2.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp	_2.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	_2.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationTypes.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ssv.dll.tmp	_2.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_TW.properties.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\ODBCMESSAGES.XML.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN011.XML.tmp	_2.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	_2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationTypes.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	_2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-180.png.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL116.XML.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	_2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordbi.dll.tmp	_2.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Extensions.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsBase.resources.dll.tmp	_2.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\local_policy.jar.tmp	_2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RInt.16.msi.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	_2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.Design.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Internet Explorer\it-IT\iexplore.exe.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.dll.tmp	_2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationProvider.resources.dll.tmp	_2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	_2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ppd.xrm-ms.tmp	_2.exe
File opened for modification	C:\Program Files\7-Zip\Lang\va.txt.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-2-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN110.XML.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui.tmp	_2.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunmscapi.jar.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root.xrm-ms.tmp	_2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOADFPS.DLL.tmp	Zombie.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ExcelNaiveBayesCommandRanker.txt.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Authorization.dll.tmp	_2.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Xaml.resources.dll.tmp	_2.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	_2.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\bcel.md.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_F_COL.HXK.tmp	_2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONDIRECTX.DLL.tmp	_2.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\jni_md.h.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Client\C2R64.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ppd.xrm-ms.tmp	_2.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libffi.md.tmp	_2.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\thaidict.md.tmp	_2.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Registry.dll.tmp	_2.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.resources.dll.tmp	_2.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\thaidict.md.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Office Theme.thmx.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul-oob.xrm-ms.tmp	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 1144	2880	48a59cc1821a2b63a834a881c1e1e4e0_NeikiAnalytics.exe	83
PID 2880 wrote to memory of 1144	2880	48a59cc1821a2b63a834a881c1e1e4e0_NeikiAnalytics.exe	83
PID 2880 wrote to memory of 1144	2880	48a59cc1821a2b63a834a881c1e1e4e0_NeikiAnalytics.exe	83
PID 2880 wrote to memory of 5068	2880	48a59cc1821a2b63a834a881c1e1e4e0_NeikiAnalytics.exe	84
PID 2880 wrote to memory of 5068	2880	48a59cc1821a2b63a834a881c1e1e4e0_NeikiAnalytics.exe	84
PID 2880 wrote to memory of 5068	2880	48a59cc1821a2b63a834a881c1e1e4e0_NeikiAnalytics.exe	84

C:\Users\Admin\AppData\Local\Temp\48a59cc1821a2b63a834a881c1e1e4e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\48a59cc1821a2b63a834a881c1e1e4e0_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:1144
- C:\Users\Admin\AppData\Local\Temp\_2.exe
  "_2.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:5068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.exe.tmp

Filesize
145KB

MD5
837ae321d120343eba6d26b98901cbc0

SHA1
d01939b597a97980b5d286d415e14931b8d34abc

SHA256
a8adcc62122e0f52ffc0f563e3d963a3c989709d7250e566150c782775887111

SHA512
bdfb1f86c1bee2b80ce3683c78ceb8a44fa6c597a91e214ae6391fab45e823244c6d16e67d576963d9eef9f764e0541044daf79c87f7203e0b536b788c857d5a

Download Submit
C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
72KB

MD5
cecc27cdbb1be8f97cceef143766fde8

SHA1
c9cccd837e96a5de05917176802649ff51b5b0b4

SHA256
b13da53cddb99d58e5fc598907ede3b0716827dc466c01013b10c063e76b789b

SHA512
9a750b4975e6c69cf22c1076ecba21aea71d245e2f22e338b91227df5945314502794186b48a80e79606b49cb67e8eab26f4c52a90a7b6b413c43d12e67e3bd0

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
184KB

MD5
6039fce123ec12e288680fc0b5b0186b

SHA1
5719260dbb93b5ba49e203c2c5688e78d727e1f7

SHA256
0c733a296dc8215f6d028cc861b2341107a3477e44efbb17486ec2b0baebaa76

SHA512
83a8727a272a1880d8be7ccb86d365a35207abb1143634925fd7c748be29d06ba95314f56d6e24fb58ce63a7125226309a9ecc576a3e23e95b216eee85cf5ae2

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
172KB

MD5
31650f1283e420bc2429016469a518e7

SHA1
99b32f4c2aacd23a6b400c083916faf1ac26fc6e

SHA256
b254dbb0152de45d5491273c3c0d21d89a8b3d6e0902d3c6a1d5c3c96d7b8a59

SHA512
065d22599b1fa2ba922aae007db0e5f10f98d26f3ddbbc8e161404441950afb71a3acfa00ce843fb77ea2358b37ba056b9c7791e6e283f9fdd32f0ce3aaad9eb

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
617KB

MD5
7fffa6423916bd310949b006ad22453d

SHA1
e8c2607b9bf498ee8e8bab83950f908ddf0837bb

SHA256
01f02b127228fb1d046cd27086b17c24f7ce0ef9e897a908a01ac2144cb6b5fe

SHA512
7ee1bea72fbfff6e98f4656c8f848f6e5bbb331360074386077df89cb3b68012b4345b4c22b0ec840b34d11b27806d6ec65bd1bb75c3ac75370aa474f610d1ac

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
261KB

MD5
457f0f8441d4f892f4c160740c733254

SHA1
20cbfb4dc70ac6efb31c8141a7ed25635e0b2a34

SHA256
08fad43fa5b1cdf39bfeb8751f1e355216e94e713ef5440f5991439aebeb8b4e

SHA512
c55cb347836a8cf5e63bfccfa5ccdd6d199e56cbb8cda8f5dfd2a8f078bf8cfd24fa926b4450c494836eec523a5a3ffe4f03c7b689e75b3a46ae0df5916bc8b5

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
1003KB

MD5
3261e9cb9c9dbab1899f844f9b5e0d33

SHA1
8c98dd387a764113ff360355e759d46b7eb5ced1

SHA256
68412b8a4e0b331b15a095105c73019a67b440384469345d8c9ce3e6891a25c8

SHA512
57e190510e2c7847b8901a951d334d947d87d68f5b17ff2c62b30e1d23170717a38a9bb13950be72719649095498ed949aad5fe04310baddd70376da423f0a47

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
757KB

MD5
e1304bc63de8ef1ab03b95e6bb097e4a

SHA1
03a3a8f1629855f9d53ebf2d963b163a8f65e82f

SHA256
eaf63848e58c2c5fa1393fe32bcc35ac51ec435ade06530f72e55e92f9085a4b

SHA512
080813c2e52a19c7a3449d5988e71a35c9a4847f5fde76e0869b6ad4180c5bbc95dce2df9b13b8bbce35623c2bd0620d702b053e018db805fd3e89b2d8c42d0f

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
130KB

MD5
f7734e5da50684aa992f20fdd99c0daa

SHA1
68005e07cb6e03d9677b30c26ce28e43ef3513ea

SHA256
3364211fd817cdbb7715528e1cac3f037ab99c9f22457a311748a70d4f15091d

SHA512
c2ffa2039b9d338f075161d1c2b968e20972d04d8871c1744d92d164f955ac2ed541723432501b490d7e5f1913cbdfacb2ae18574b558a9c2a4429528127a375

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.exe

Filesize
83KB

MD5
5e8be2915b775e8ddbbfb3c212ad8ea6

SHA1
4fa2b93cac942e30a189363cd2b3864b0965296f

SHA256
340c05dcbad43e14fa4fe7d9591ca70dfc028afcbe37d54a51e1a0d4273c8672

SHA512
043fd61179e9911467c3c281b328a7327f9ec68bfeb9553088956a412e6ac9b0397a13e7fa4d1aa37fdecd107052725ee0926126ffff02de07b6c9798d596e5b

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.exe

Filesize
80KB

MD5
c3a42d14e4008b8b5b112b877b6bba49

SHA1
4397ec568bb40a272cca4ee269e6086c7e28b229

SHA256
65fbefecfea0b2ad382a5153247fc8975a7819649f7add051735214a47c4853c

SHA512
05b3833d6576d54bdf93f231d1864fc5f3793db4bdf74c1b5f73a768380732dd508b004cac2cd8dacba6a6b35886a84ecd3ca6db1a70f600e820ac84e916babf

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.exe

Filesize
85KB

MD5
402a5534c48bef4b5f844f2074f813ee

SHA1
6840ef898e98d81642b261500557d3ff53a4a292

SHA256
53882238eb55ddbfd7cff5fe5aaa1c23af3ace4b774ea0810db5a380e4694dd8

SHA512
4d09fba184a5cafd91b870cb8f9962c4e97ab54ea4700f8232fa77b1ebdae1389829e63f71876d42d632d8c21ac0d185d83f6c15338a33f9a81973890ae4b7c0

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
82KB

MD5
389d2fed108f6d04f5a9b61005261d80

SHA1
5eea1ba2c284463fc880929ba988e822069d13c7

SHA256
1d114cc27ae46d55bfe9524ccb05f4e739cd148d7d21a46bd9a6338e5d229c1f

SHA512
9e3d378c433620c1342f20f3c863e18c88b5fe25fa172fb06c6a7ab09403199729722caa202a10a976e31ad8410cf0fa2b3221e3ab9f83a58187e0a57f1e5f98

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
89KB

MD5
8162a8cb63eb2c79d77e4c4670494847

SHA1
024c96a618518c3c03572b50f524f61ff5b29262

SHA256
4c7d90ecb924df278be51fe6993728222421132db3956b6f298dc5b953acdf34

SHA512
4162f553ef0c11e5c2c2883e81c2f21175fd20b08ca7b7a27c928d3ffcd58660c5138d80fd6509e29b80f5481d03f24e0086577512ce9d5a45b24a18d46358de

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
81KB

MD5
6243d2f8ad0623cf23f1ef109f40527b

SHA1
e8383c8a946a4aa63c2bd509d93fb57fb1bf52ce

SHA256
276b95d4aada1380af1f4e1eb1334f520c3ce5c19233c27671ac0986344ea6ce

SHA512
d46e6812ab84f1fc0e7f1c7ee61c6afe88558ec6f03aecca90ac3e7201fe4c7c4bc266d34214a214264d8463c2750ec6ae77e41cac14bf464a859c0b9f44db01

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
78KB

MD5
5b6d5838b0abb82ae3ba52a9aef7e377

SHA1
bbd737bb562b7150438de380bfc66135d492f8fb

SHA256
4bf34f1b9a74625f5b6517e51a68cfd8db96d5a1f1b42ca07c9ea5e2d3793364

SHA512
e247a1cc8e2eef6fef27ce92651b3c5c313523eb570d67b51fd7a8677c9048fc48b0ddac6aa723478173ecc885a85aef8fd9e69b95d255c931281e446b2140d9

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
82KB

MD5
2db14d4f0ff24e0ddf7c6a50812de9c7

SHA1
c4466c2c615ab2f5128f17245096ad0682c39d29

SHA256
99a6b9cf5984052c8c038a864688217c683ff8a03ed29a0d0fa2831bb81983a5

SHA512
a1a0299c02621a58c183fb4af16bb0b2899fe5ee30e0ce4a0e751c3f83681046e16180b95b53daabd0a1f87c55e9b7eede776433351e558328d05e2b006d055a

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
79KB

MD5
0b1ea0d59a2d22cf0990aed3375bd41e

SHA1
4849bb3a8fe01ea044adb1202ac284bf5c213a4c

SHA256
e2cc6e95863b4cc4766d761ee5b40832b8b02d54e1cf79b50005dda9399817c7

SHA512
1836abd56cf56d25072b283eb997ff31c3cec3e79afe006a0c587501995ffe141b9349aea1eab1f9d2987e1f663f104f413baf2afca1f00813276020443f2f6d

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
80KB

MD5
4f1f36a3e7e2dd55870eba0bd88870a0

SHA1
8bf5da2cb0e86734a8262fb02525dbb18e892d1b

SHA256
ac0cd34bb7eea4e1f13294db6826a404a83f0892cfe86ce63900d537b6e3db75

SHA512
14b5d8d7936598a69d089088954027c8980f43b04951f793fe644fcd5900af37bff16db8579ea1ed0344e1fc6014ce88b7a54f76248dcebe5944aecab6d872c6

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
80KB

MD5
f41988f46250f7ddafc69152966e6f26

SHA1
718230080f7faf4df18c14106d4f08904e486669

SHA256
835dbe804fff8cb4ba8c11992dd7632ab00743d0734a261799dc2de098246bce

SHA512
07e934f178a33af3d3fe47c9a3fed485211488bc43110048916c5f13d5499aa82111e05ba6cfa524d66497b24110c69c2aa7685b373767fc3ca1abd713f2faa1

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
86KB

MD5
7da4d65c7dc0f70a3b6d37cdd35b7908

SHA1
821f1ce52be9671e6e84cec7b60499b18372b5cf

SHA256
b1e4bc3096010e51df74c35d303d020461ab6c59a537d64764e5f66c42235f24

SHA512
f971006c90cb5ad5ef1d487666df2998b31c94f91174e9dbe0ea27026b32b41fa69e3d4c5feae08a6febf80f48688716c761ddb397c1503a5c57011e3ef68ae3

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
82KB

MD5
3c785e76226be95d1e79a3efa728b4f0

SHA1
b632afb0ce94ea362a99ada995ed05e6a5b6cbf1

SHA256
9ef1a69b5998c42f6e3f6aac7dc5efbcbfa87e4a458cfaef0e64e3036dba3c94

SHA512
ff6fa9f283d2be628eaa64c9d75f7ca0a0a062c24cec5eee88f8b0064a3d03e03dd393fabc0fffdd9f067edb7efed91c124a9766ba48ee19110e36dce8f9a844

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
79KB

MD5
e25411f06b4b2e72390b51168512da80

SHA1
789fa87f6e47999552132dbb54542714fa50ec4c

SHA256
db5407c2cca37640f95af15588970a73101cbb1a3bc8c0777096ca476b370129

SHA512
82156c2718318c03469f2928439acef89a00916387e2d3f88f1d266ca6c02c7220923c6c5d62d7ce5689677a5903e1bcd12a51a65aa59e388554919492e52488

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
81KB

MD5
a120d54c793edfd253fa4119c40ee804

SHA1
28b8f66d6cd5e17e5ea5b8e51b994b234d2f5447

SHA256
8146df2a6ea6d7629d1287791157f03f082be5deecba2538df08b74537f7867f

SHA512
0b51767f0dfdb689f7380f905069c8ea2ec0f07b9b2c6b809dde7206ac647cad61414da7ea2f60904845f9e6e125958e29e875400cb00fa96c2ed22f2cbe12be

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
90KB

MD5
a8b4d355cdcccb79e0a34a322d2a4596

SHA1
de0b3a6f545c0457a59b8d0f19820185def69eee

SHA256
f37a2881249bc78a23cd0850783558bfac192e1508717f16d910e01974230533

SHA512
65d009fd2e96c4b3733ae93acc16942a8208526e38a92f3ed381f659c47c3b735f8799c6cf7d83f49611f2c9d6a264752fd3ed6d8a94ab8869c9dcc6bfa65e28

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
84KB

MD5
5d556bcffdc9e5cb70ce108bf6830c72

SHA1
ff3d32913c3d595eebb22b17053a49b899db16cb

SHA256
4c7827b527d9e12b2ef2f98f178c4db06a521d52f017e86b7e73b73068d72caa

SHA512
56284339254e7fb760d76e6e8342563669567a53b8651de796677958d92f99f6fbccc6e699e51605e3196736c66d1d788cf423afd912c96123ce20f668ae26f1

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
81KB

MD5
6f06568aa3164d69c31682275aeda3f6

SHA1
8e43f0e43ff2b1eac15f56455dbb8e64528ed03e

SHA256
592eb1a90aed99b0dad61cfeb53137d041f5d4ca3be05b676e9ba6a93cb98419

SHA512
d8a72103ca07035965a138eebea59e06be096240c31c2a0fcc8d49fb79d08b54a823175d9d8626dfbfd14414a5b753a9a03c7e745f186251543d246f8b7bd430

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
83KB

MD5
b2489886c4cc5a69408f6ef118779896

SHA1
00528720243a17d9e980f6a9c9b7e48060724be4

SHA256
7712619181485747c05ef01a033baf1b897a793be14d4b0c39e750c627c8792a

SHA512
38b71c77baeac516f30c48d59650835154365365756008359281c93880e28f6936cb5a852fc52104694f4dde83ac724de90dd3d4f8cc0f5ddf62a9cd182faa99

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
81KB

MD5
e4501cfcc19abe909be886e6646d8fce

SHA1
f17aaecab16a6c1a214d41467e891d5177802b25

SHA256
c8735a09551e90d7531f73fa824ef251298d0ff6d66160a481536942ee31beef

SHA512
1a0f8bed372b9407d2d8d4bb63a23ee42ddb9693331a377939aedce0da529796c4973662c8522bff622657221b3d60e04980cc24b4ab2a3f67018d7f9312f892

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
85KB

MD5
2c560a7bb1e0534cb94883e04c9c515d

SHA1
02abf7b362201a08655c6e6d382be6d1624946a4

SHA256
ad2ba414dc6b6d50d3b00927b356b330e0b199ed92f468e877717175a6beb3f3

SHA512
90afc044cb4b42236bd400b185c9223b366336196a9de48dde7ef5dd3f1f6db80a24d4c48b1a8186e3f31b2fb74bd3bb7ac2f6457f0a34e8bb063e88923d8938

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
91KB

MD5
6768a0dcd8474b13f00e3ee5c5835458

SHA1
e88b0fdb28b5358009885d44524cdcfa84af0858

SHA256
149ad91c012d2419837df921afafb5b19c69e5d173b6c932426d5c3346789574

SHA512
6e1033783731844b32cc25b1618fdb625cc82d39db5389a2144b6eda40fa23d5c300e61512fcf6737c00eea1b7e93e1757ab380a630b85737594ad651efe57db

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
81KB

MD5
0ec832e507ea19ec0b0f32caef0db407

SHA1
9d07a6b78a35ce925a1064b61a75a68a1fc62137

SHA256
036f5b2827bb2ea266c7aafbf5ff4ea5898fc22152eeb97779f40b90e8f7c7ba

SHA512
eca586fa4f5cdabd2a5233ce50210840ca701d9e2972bd7f59954c8ec62ad901c9b683520ca71208ddf4275ca4244c36ff9d566cb7fb9cd125b9efa9fe3b501e

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
83KB

MD5
3e9c6527fbd09e569804869de8f8170d

SHA1
689981aa6df4154620a09f17e48a72a8b804f4cb

SHA256
3171df7036bfde615409d92a9a86401b27e6469c4f79516311b2bd5bf9df1342

SHA512
8ae0545b27ad761f5e9cd97c1cc798bda5eb1ac2ea31bf2ece5c9138cb8d91bcaccdfd83389d66aeb8b19c0082badee4660dc1ee118404ae7c9fd116a47eed9f

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
85KB

MD5
936c0ff61fc6373201452eb85011d718

SHA1
a039f7645df276315ab87c93cb6bfd8bcea0d2a7

SHA256
91c13c21b96c9cdab03b4abeb79dd1d8ac4ce3ea666bce25b6349726035abd32

SHA512
a617c5856187a320a689fde4fdabfa7e87fabb31c8d25af049b9a4f4faf8ce9f7591c3e31ad5152e80e76e6fca5bae62e721e9d1c79af2f1f1139c6ddfaae1ab

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
78KB

MD5
5d28192ca72d90c88866077237f414ce

SHA1
66a22d0dfb756e997688cfdf8997c8b570e0902f

SHA256
f4e6fa441f1fa71523e0b087cadf6ea5b8ac502a7d96379c697d02c6f50567bb

SHA512
3134825874523a5f62b2872b1e31611b4295dea04211cab9fdd2c99ccf303d0196954acdb4b89f79c7ee3e470de610d7965ec681c87ecf13f946379e97acbad1

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
85KB

MD5
8e62dcccec94d5b010f0b662187dd954

SHA1
58fa51f3daa2af5dd0d134d71a8c66aedb7aeaed

SHA256
d8134255d5554bc7fe24142f10bd569bf39e37397d66dc01daaa003504be5e7a

SHA512
d323457ffee6814642ae97011f8cfc1677e261591a05ecb83980899edce9ed93add735785bd2f5d38954385942aa023b027802d8d68cb64523e4892c0a6ae916

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
82KB

MD5
c12f151c591f0c84c3aaba8f0f2644ff

SHA1
62f4c6db2db8bfae766ed3f920219d1099fae041

SHA256
c7464629b2dc999de80507dd8a6bff1d77231b70da0a16ef3c254a1eb7cbcfad

SHA512
f2b93b03549358a96d7288e80600d52f82d67dc3fd0a8f6182315ae459cb1a4879fec77843d58e680a060ca5ba0dc19f23b1d686efeeb9af78bbd67a04937101

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
77KB

MD5
63593e6816730bab460e6c9485b9d374

SHA1
74ed11325bc59841a0f1eea4aeb041093d75a0cc

SHA256
e5ec0e390770abdc717499779937d52139f9c57db0c0a7a124d5e964fbfc4d39

SHA512
712bd58e1c1f71cc0038f6cbddd8b17b463158f2b8f228fce1fa053410047f93eb30228b49d61b1a2ad8afaf9788d063175ee3fb2162d9d366684fe6bdfee3cb

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
81KB

MD5
ba3c9b17cd51411d6ff3300795feda8d

SHA1
c8900253baf0c70520c9d1fe6f18a842ae100ea0

SHA256
8adac4942a3343a40b5c3720aa7a7bdf22bb3beebc44344ba1a3620ac9138827

SHA512
0e5edf4d1d22804e1d3518ea49609101a865d2b55180fe9118ff9bea5adb5a658f433e8e578fb89715cf1a83a6bdb29e5e65bb1a0086d59a9a4d3758141ab28a

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
93KB

MD5
8a46690500b3870fd026688670aef925

SHA1
60819cbcc532178001d5a6a2e4c84fcfc2cae7b7

SHA256
4da1d8e1d05eacb6ff53d7c7174fda42a2855e384e8ce8a329432b20c307343b

SHA512
cf081a994a1a144173767a060e6b282a5fa5c42bba576cd6c446b80bcf7e8d1f7c2f46d028fe059b8247382d4e032b4113574169886a35e79c160acc0718fa9b

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
94KB

MD5
dd4f093bcf5f7819b36f871490d747ac

SHA1
be773489b0302788fa87e75357860976636299d0

SHA256
30b0273820773e3d950ea42f62af0263c87a4a9eca4d3f815a0be9c919f2544f

SHA512
307580c44917a4ab896618d3428dbc951559fe641988d3fd7eb0ae7199040d3fbb9aee02d40b77173a990f8605050596b8e551e2e3870a88369b575e78af8d74

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
83KB

MD5
24660cb6b744b96cb589bff7e35312f5

SHA1
90edd4831a42102177824645355bff08ced64001

SHA256
db5b2d046f20da9037ed4b9d9eb004aaf1a1401ae40320ae01ec0133c5ce508d

SHA512
ad9d39bc60f297e9cb31f5880fdc0f81e120a560398cfafa38566ba430a4f8d3f3bd3158378a4652330fb5bc1374b6aad1e784eccd3415fa949252228cb7bdeb

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
72KB

MD5
f5fc391da7b82a54a43deccbcffeda6f

SHA1
14de4f765e81581adbc454a252bebc999b02df55

SHA256
aaa6b1f505694a8e6bdc82028de0b8cef67a0d2fbea9289e825c40df2052f433

SHA512
aab8a43bbc77a425acb5d413088bb5d8bb25fc5eb241ea003a895eadb92a5a2960a9c73ad76fd0a7684e2f7c72f0cc69e6a267150a4fcfcb94c1b1f875d956ab

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
85KB

MD5
1a71883cc39375086f80b2cbbc71994d

SHA1
3f6163b59338f43f2b4c0b276f43cfc2d92962aa

SHA256
534d6e4ae8b848cd80fe2225cb888e61bad8d1198260641be4b70141b70c3c81

SHA512
1706dcaf3783418e84c2a823701aadc130fb250d45ff770e467578b0ed456f8577b34665d94b0c43f7074b92d3c363695e0e4afb6cc44be056e6ae044d777050

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
77KB

MD5
4ecff1e7047a638ee7fb89a4c8d4b2b2

SHA1
0454584bc40f5ae388996c2a53dd6d99d0884a62

SHA256
d3d0d838ca30df8ae487cea5c263b8b8170658244026854af5e63788b6cd4af4

SHA512
7b7a580296a362dd65a069e68dd78815359272a41f3df581c8b9199fcc9a9d100ccd6810b795924315f0b1b74cc769c6c01c3dc6fee95c17140d4bee51c70927

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
87KB

MD5
2ee653e983d4d06701825d5e31420dc0

SHA1
5c0fe90457de37d1abf22f87a27ce296e349947f

SHA256
173fedffcae79d1147c4750e6c2475d20bd9cebd48129dfec766a5251e1d5a3b

SHA512
92d62ee8e402dbb67247841b11cf21d974e18a39239f627260d83116abd625b90e96b00a1723fe620980c1197a94e429fdeaff90a301638b573f2dbace04da26

Download Submit
C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

Filesize
83KB

MD5
02625b58c09fc29a1659e2fd5ed9878c

SHA1
4f1eefd3327a534f90c47fb2714c83abba177bf6

SHA256
693a9520b886cbdd8cc56d3d7b11fab3e1e4594f9a4424e41a98a76280992cb4

SHA512
10155e845ef54b39f8e2b6dd773654e8d09b6d7eedf3b3d5fa9d436ed5bc4485de78403012cc29a0dfd3da309b029fedf84ccb7532a36a9161bf6c39965410b5

Download Submit
C:\Program Files\7-Zip\Lang\ro.txt.tmp

Filesize
80KB

MD5
e52eb8c8a0879cfd7583980099b28c1c

SHA1
8f36a6ffb729885f7eced75084b7fc4c2703c1cf

SHA256
580a5796f2655e096a759d57e8e4694e5e8ff8e9dcae33477e9d776812fcbb17

SHA512
c743bbc24f772399606b2165a4138a063d7edbff8b80f5eacb46e5ea8bb1271f5eab22099de76924159cadc5ab4863b3035909849876e49f51c8a66960ce1c42

Download Submit
C:\Program Files\7-Zip\Lang\ru.txt.tmp

Filesize
88KB

MD5
1f75bb182feaedd5d81c3cee16d8bbf0

SHA1
883630795e8da6d6f4be32e1a0956fa2072437e7

SHA256
c69e7b17a6cda3981733f752158696cafd4a54ddd9b60defe4816bc0a1815469

SHA512
1d54ee8b529e7b5c0d435687c8867535c695b85bc4d46dcb7f1e1254bf87860bac08c01d70cca72edb36fbd34f4a3f1d2d2dde180eb3108e472046d05674497d

Download Submit
C:\Program Files\7-Zip\Lang\sa.txt.tmp

Filesize
92KB

MD5
3a9aa6058b65e2604015bbbcbfb5d57e

SHA1
2677698228c7b1483cf539a85a1ed5d76fd3947c

SHA256
47922e63233533810b465929f51c3d3d0bfba17add0a5c33a14e85ba12d07a17

SHA512
f3cf796cf7065b74f984b79a917b217d4760cd0cc36867c1e3bee79b7e982a120e09c4ec81f23aec39aaf9faeb02f3bc69e584e80eb4c6d5926c87c2fa16533a

Download Submit
C:\Program Files\7-Zip\Lang\si.txt.tmp

Filesize
92KB

MD5
1f87445a6822ce9c8c54f4c36f6ae895

SHA1
30ea62b920a55be166bca19110712dd24998c56f

SHA256
d4708b189ff28b9b645685302a54ff3ffd56ab6fd15f2391611b8ba7fe271fd0

SHA512
88ea9c4a8e540ed85a290875d65e6c05688f450d17568bc973fb6dc74287e42a52fd57822be24e354a92a647a51072e1f26974063df70f44f77ee7c439f1785a

Download Submit
C:\Program Files\7-Zip\Lang\sk.txt.tmp

Filesize
82KB

MD5
8d68ef228cfae530289cc53c2cb2ef48

SHA1
0b23bb95678bd12f967c2b135e98e0df46da69ba

SHA256
8ad2b3a29babf5e11adfed791b62b246c26ede3b729a18096f7b1a1336e9d35d

SHA512
a64a96b2f0fbb4c4dd095922240d7885c3756ff79b145235b8e234feadf6d8639a87c1de8f6bec856c6166d9e74fdde5c626207c79dab8d1e4aec7ec1c1415c6

Download Submit
C:\Program Files\7-Zip\Lang\sl.txt.tmp

Filesize
82KB

MD5
8ce6f3af1eae34f01148aee8ff908a34

SHA1
12ca249aeb7233c346c59a429bac7af2b4a0d916

SHA256
37e26cb06cb96ce89038c7adf2967da132429fd618502f3b5e85dc6f7184f2f0

SHA512
6434516e41642c9321e00a07ad9d1c98383326ba62d3350a83f92cd45fe054a46594d4e6b625bf39fe2cc0f8e5dcbb8158298eec7386c61d8c713d5a5b2cde71

Download Submit
C:\Program Files\7-Zip\Lang\sq.txt.tmp

Filesize
78KB

MD5
a16dcc76cd485506bf71967174632c13

SHA1
2eb5aa65f7383a5e6892f5a498020d2a7eb82f9e

SHA256
82794d19238a28be4a5d52de865a449dd1762944de2364dd7f52cb9a3dcd6397

SHA512
d9c9c3ba2e9892949d9ffec40765b12c22fdb4710f6f4e05a1b74203072922f34d6ad97af37538d6afae38a67990935387081f175e0d083fa6df52f2c3bc9e23

Download Submit
C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp

Filesize
83KB

MD5
2116df1a5a664a555d2a0be7d8fa8d4e

SHA1
74a717a60b6e4ce2d919e1d35cad84592d894f83

SHA256
1f3d757efe81ce81587991b9a45ab2ae52edcb1746905ca8a2594f64291655d9

SHA512
4b5669243f1b387c47a32575e1cb85a9e40b317a227ab7cfc9b843fcd4564b8a0ef169a608a9752f302fa651c8fc78df24e45cdda7ee431d4e5c4fb55097b134

Download Submit
C:\Program Files\7-Zip\Lang\sv.txt.tmp

Filesize
82KB

MD5
0ce39892aead77a7f86e0eb897264576

SHA1
fc3b7e5585406c2d6928a926e555528ea0a41162

SHA256
92e4dc3a2372200c88a671f97b2684e36bbf6680a07861ecb86f41ec68e9996b

SHA512
bb202b772b12e50d69573a808e371a97b21432d15f3abedf8b035675cf4eee561dc6b96403066d72ee02f2a45e54cfad492541888ba2c95d2d528a1f59afcb1e

Download Submit
C:\Program Files\7-Zip\Lang\sv.txt.tmp

Filesize
82KB

MD5
bb2e72e2b9d009bc64361f5577d4d0a0

SHA1
35e90e13a58b90d021aa7072713213d560b64dd0

SHA256
3e48b69ef3f5d1d446ce78b41e863b7f8ce7dd4ca42038b56f38006d48e6a7e5

SHA512
7bcb52caad9fca45b6a9b45b41051ec7ee42aa2677ac717149b49a1448cad2079885268736a0a3dadc8affd8f99dc5700f68246226a0a65bbaf3b8969c3b1ee9

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp

Filesize
84KB

MD5
f0c26b04db292d0e1d3472013338b0cb

SHA1
096517e9bf363a6a60e8e4683630e6edf887dec1

SHA256
54da5a9b50167f486783a3b5967ae92a6ec12855b5b725001ff7153160a80a0b

SHA512
6226c60746c178d74a2128bc3d2943300725e5411697f3f55a8c5bf19619f874f93016614d4947a257c39c8d678f43fca95987685158f9c79d17bd24cedecc99

Download Submit
C:\Users\Admin\AppData\Local\Temp\_2.exe

Filesize
73KB

MD5
58c1a430951ecba353654d8efb368738

SHA1
424f5948dc7d578d023333febe1252a768fb8ba9

SHA256
c5f6b5ad15ff8603dc4ea9b219f28b2687aafac0e1596d7695e99c3cfb11cf2b

SHA512
c7ba3d77d16619e09b4ea5b982293efad6b34af063ec03593ee1af2fad521e192e61b9d7070b6ab521d5823663e0b6d093b639858e519fdfb7048bf0d7ad0d01

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
72KB

MD5
803ae30abb37fb00c45c7b13db8a4d8e

SHA1
b06b76729a25750d8ec541472c9ac45bbc6f10d2

SHA256
a0b70d779f0c9fa796d299ace73e17b2003cb57f69458b72ab93a85bd27cc07e

SHA512
b6f700ca5ad5f9177abcb87efbf756ec0054438f2028556a77a6bcd41f01dd1f9b37b3348555a55db9521ef179b23b3f422accf453dcba207f2d6d820df75e16

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads