fbcd8e385d8596f95f1250423f6bdb92e6e68e2c8ba9825fa94c4cf85a38af41

Analysis

max time kernel
150s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 08:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4d9f0b0034596c06f175c7c22bed8960_NeikiAnalytics.exe
Size

79KB
MD5

4d9f0b0034596c06f175c7c22bed8960
SHA1

b23525d7423737f43b130e4d6099504a7acd4e79
SHA256

fbcd8e385d8596f95f1250423f6bdb92e6e68e2c8ba9825fa94c4cf85a38af41
SHA512

18a532f4e360b8fd9aa12192b5220c1e86fe8c9870dd23c5e3685ea72df2923b9ce132019d112b61fe29afc7c0f35577b026820ad7aa544bf1fc8fa93e2db988
SSDEEP

384:yBs7Br5xjL8AgA71Fbhvhw/Bs7Br5xjL8AgA71Fbhvhw8:/7BlpQpARFbhn7BlpQpARFbhn

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5148) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
3000	Zombie.exe
4908	_ChocolateyInstall.ps1.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	4d9f0b0034596c06f175c7c22bed8960_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\Zombie.exe	4d9f0b0034596c06f175c7c22bed8960_NeikiAnalytics.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Concurrent.dll.tmp	_ChocolateyInstall.ps1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\ReachFramework.resources.dll.tmp	_ChocolateyInstall.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-pl.xrm-ms.tmp	_ChocolateyInstall.ps1.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationUI.resources.dll.tmp	_ChocolateyInstall.ps1.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ul-oob.xrm-ms.tmp	_ChocolateyInstall.ps1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART3.BDR.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	_ChocolateyInstall.ps1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.NonGeneric.dll.tmp	_ChocolateyInstall.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClientSideProviders.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Design.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationProvider.resources.dll.tmp	_ChocolateyInstall.ps1.exe
File created	C:\Program Files\Java\jre-1.8\bin\gstreamer-lite.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jli.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp	_ChocolateyInstall.ps1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL089.XML.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-interlocked-l1-1-0.dll.tmp	_ChocolateyInstall.ps1.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.ZipFile.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-pl.xrm-ms.tmp	_ChocolateyInstall.ps1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-oob.xrm-ms.tmp	_ChocolateyInstall.ps1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-oob.xrm-ms.tmp	_ChocolateyInstall.ps1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	_ChocolateyInstall.ps1.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.16.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\ReachFramework.resources.dll.tmp	_ChocolateyInstall.ps1.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\cldr.md.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-file-l1-2-0.dll.tmp	_ChocolateyInstall.ps1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Csp.dll.tmp	_ChocolateyInstall.ps1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClient.resources.dll.tmp	_ChocolateyInstall.ps1.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp	_ChocolateyInstall.ps1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-phn.xrm-ms.tmp	_ChocolateyInstall.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	_ChocolateyInstall.ps1.exe
File opened for modification	C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp	_ChocolateyInstall.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ul-oob.xrm-ms.tmp	_ChocolateyInstall.ps1.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.CodePages.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationUI.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp	_ChocolateyInstall.ps1.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\JavaAccessBridge-64.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	_ChocolateyInstall.ps1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\CT_ROOTS.XML.tmp	_ChocolateyInstall.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mce.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ONFILTER.DLL.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp	_ChocolateyInstall.ps1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Xaml.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Input.Manipulations.resources.dll.tmp	_ChocolateyInstall.ps1.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationFramework.resources.dll.tmp	_ChocolateyInstall.ps1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000C.DLL.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\CLVIEW.EXE.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART11.BDR.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationCore.resources.dll.tmp	_ChocolateyInstall.ps1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	_ChocolateyInstall.ps1.exe
File created	C:\Program Files\Java\jdk-1.8\lib\packager.jar.tmp	_ChocolateyInstall.ps1.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\deploy.dll.tmp	_ChocolateyInstall.ps1.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 5032 wrote to memory of 3000	5032	4d9f0b0034596c06f175c7c22bed8960_NeikiAnalytics.exe	82
PID 5032 wrote to memory of 3000	5032	4d9f0b0034596c06f175c7c22bed8960_NeikiAnalytics.exe	82
PID 5032 wrote to memory of 3000	5032	4d9f0b0034596c06f175c7c22bed8960_NeikiAnalytics.exe	82
PID 5032 wrote to memory of 4908	5032	4d9f0b0034596c06f175c7c22bed8960_NeikiAnalytics.exe	83
PID 5032 wrote to memory of 4908	5032	4d9f0b0034596c06f175c7c22bed8960_NeikiAnalytics.exe	83
PID 5032 wrote to memory of 4908	5032	4d9f0b0034596c06f175c7c22bed8960_NeikiAnalytics.exe	83

C:\Users\Admin\AppData\Local\Temp\4d9f0b0034596c06f175c7c22bed8960_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4d9f0b0034596c06f175c7c22bed8960_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:5032
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:3000
- C:\Users\Admin\AppData\Local\Temp\_ChocolateyInstall.ps1.exe
  "_ChocolateyInstall.ps1.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:4908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.exe.tmp

Filesize
79KB

MD5
9e3e02b7bc341dfea2dfef4c1f703a91

SHA1
9bea4e6e03d9565b783e9446acafa910813bfeaa

SHA256
31f7943a13f0764d471db2ede1766728cd8d18f68eb7e9dea6582831b7194d19

SHA512
209e1dd6c969598187ba29e9f87bdbcc0cb24cf738b5537c2b8fc6156d6096223528309a6c61b5a8c140b413bb53812c1ed5e32e72f6a77eb2c9a34dc700698f

Download Submit
C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
39KB

MD5
35ea3a5d42a3db5b0cf862a894ccbc03

SHA1
1e17a06c2e4232af8d0b174b7d3ee3320cfe15c3

SHA256
b90b301dcd6328606fca264df00e5cd0ef5e7b203011204afb01425773c3875a

SHA512
e240c41f843b54b647b4c6f98334375d679d0e338a90242955531da0a179a765a36c324672be84cd8a07fc9e5729d5719576d255cf812e51c2dffb39abce2d88

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
152KB

MD5
d16f355cf512b723b0d90d98160c6f46

SHA1
fad0c8973b6a11de463d15aea4bf4646cb5f3fc2

SHA256
b9b4b0c3ce96aefc24bd9f5d92a97a34fdead075be93591bcc73a0d68d222e0d

SHA512
6776c3b33ad6eeb582739e6164bc05ca26eaac5c2968a761db1c602781666f021739d36dee9ada49ec1e5628af7a9f5071f3b049f75154e636dd1104ab85f536

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
138KB

MD5
9d7376ff95c08db948648b7ccf2a07c2

SHA1
2c14adac941d1ad6333998124f74045faafdcf81

SHA256
da5929ccedb6ad95a920865cc2800adf9173f8033cd8553fdcfcce9896bee854

SHA512
ef365874f17b938c44d8c47afd0762f1e6139fbcafefb94d93f4e9f76327c59ed781905ebe4580a053e71eb590e4fccd298cd050d3f0bd056f50be6b8fcf84b4

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
104KB

MD5
1b8ba93aceb29b968bbce14c111120a0

SHA1
cc575f1158b3d53227406048a636850a3ff275ef

SHA256
5281692c271c344764d65211d0f25b0ba407787da4dedd95bb851672950d8b0f

SHA512
25bae210754929e31e751b51b457df073b01564bc7264da1998dbd5b6eb2da12bc7ae6f18d09396f04f60230bca0ce44a7919cc6a3a61c77f618e15ef7288ef8

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
0ddff57ae5c74447060e2f3b083dc11c

SHA1
6e7b643aa9e8c79e75f81ab8b04a60e673f54ef8

SHA256
f2c23684dfb721803252d22cb0ebc3484772be5573ba4edb1d9d5ff7e16cfefd

SHA512
9b492127e106cb2f5c67290f2dadb9ab386248b3084e985e25f4d6a32f7183e6037c714eeac348585fa3e0b2b93285983e06f779d74e6021ca5412f4a8165527

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
583KB

MD5
dc5d801318a81ed87e1dcfd26f1b1834

SHA1
5bf7cb128da93911f81837ebcf0c6957ffc4ca30

SHA256
b41498fc314bd3600531b0bf5fc346b64e2021bf2f8378e59116b9ada491bf37

SHA512
930e3a06ec0abcf58f3824b4d3278c6340522722bdf45f8fba5b47ab942a8c0b6ef33dd21da1cfc2bb23cd820396f2ba56df0f0886c24efd4cba02174e035865

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
228KB

MD5
d69d73ad176e86fd5f126f202fe37716

SHA1
cf3664e63794a0de90802d848bd53ff2e6897930

SHA256
c3ab8493ec90baaf79f591b524c7514c1400cebe6572968e0f2d77e9e9c5c640

SHA512
85dbc77590e9c924ff0f301dabeeb1d732505c3a83d6f37512326a08e9d75be0194b1d7313afa63169d6f0200e840808f32f3c15550e8067baaf11865c08a213

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
970KB

MD5
70f53d0794145c420e8b7f2e39657910

SHA1
20779b66a9e28d619461f768689ea499c5090a9c

SHA256
880f83d8ce565ff83591c808592e48f3497ccfe94902f9e69c8bca31d02e1764

SHA512
c5e12b6aedd59c6022bd316f601f2c26972d8e343a02c6fdc23ac298d79c07b49540c3a9a54a126adaba0c4a80f92bc04b600d6cd200d727f265664c03f3b4b7

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
723KB

MD5
31627d08bb31dab84d38230b2709731b

SHA1
b1ee5deab565e8eb3b941f85614f7d64206806cc

SHA256
e8c98e330689768989e1ae92338bbdb67fcda028da224c98201d8c97777ea3e2

SHA512
40d7681a3f5355e192ea1cc327ae2e2bb90dc649b18b3ac885e6160f070fba31076a41af4564270ade984d872a989f4f1c1f16ba256a60a16fbe289755a863d5

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
96KB

MD5
4e8d3fff3eb45f6cc578b2f2ca7ce588

SHA1
608c267b4f24154f017c770b6e400b9c0af8c229

SHA256
0457985fc1c71c35dae020369e93ab445929d07072b0efc88385e57b19ee0d59

SHA512
abec61deb96c9b7d7a854c651d09d92d6c60004646de45a753c7ad5b8118906a8102bc944bcaa605c903fd2d9e488775151b75ce8fcaf512b4752596dc86d185

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
49KB

MD5
7d0c6993c61a2415574914b5dcb08aab

SHA1
299f94b8ecf46b6b56569acf113dbc9a7c92504a

SHA256
1effa800041a9c0dafd1f9b81346dce5dc710612933a2e2ebb4e684779e0ccaa

SHA512
b72812141e97f7294abd4bec75feec7416bebe6c324ecc66067dd0f9d542ccb196fedb0acb91818b9ee380abc620d327b87151c42c42208b901a079a8e824809

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
39KB

MD5
8bf3996e9aa2ecbe0d74ece3eec95dce

SHA1
ef2f71eea1c43347a095f006e560dc84dc1ecb91

SHA256
548e341031e039baa236c5438dc88f4bb6ce7a716aead60dff5eb42d9639bc8c

SHA512
795749d57d8e4fd2170be25f192ec528620a15440c2f1e6d534f8a1130bff4424e85651a6dcdd09fd8df6c7d216c49d15505927d50af6aa453a628f95de3445a

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
44KB

MD5
6da55bb66bcf5ced4c2d24a1ef42e2e2

SHA1
c025e4fa6fd752caacf69c01696412668581abd8

SHA256
08df357797b10f5ef9383e31df6814851ec382b2ae5eab3933f421b8fc876406

SHA512
195d1d1553e33e3d7b75705e5036d21b4c75e4882b516c328052fcd3d7107c95c3bfe832f14aacc9aa719a6a2526192668f60ca447ba0ee1ae4fbf3a4ae708ac

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
52KB

MD5
2e708020c8c7aab37c815088b7b6771f

SHA1
1a55f269a62d8a487afd5f110d1157d38fd19f7c

SHA256
6bdf2497f4b24db0f64976323621e0063e9be819972d4b7f18ca9b9602dce785

SHA512
4e24caa3b78aa60bac293eb9c261fee424c434d9b4b1da11256c00790f8d8291eab62ad44184ac0075e27eed387e2c2866b8d55d95b80ba2b39428edf110f670

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
54KB

MD5
a1e1b209464f17c9e3beb24e01069757

SHA1
4c6e588837571f62455667c8a6212e9e31c77e1c

SHA256
799747593dd545f6db616ad4087959dcc2a79c0648565184168d5dd58d67c758

SHA512
09d806e5501b59aa7a346f6072f5bbb0f61b02eb38d919da492295491c04721f6367f43818368f7aa5aa68f938d8bc405ad6c1466ebf1b62ae73073122753dab

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
44KB

MD5
9ed6a8fe2eba63bd3c9f4aed39f33c9f

SHA1
56ca11d087fb64bdfbac353533066491b754a3f4

SHA256
8cad21cadefcc41088c3098810276027450bd144abcc05713bbeecc1bd1de525

SHA512
2fcffed7664c0f38bc6fa82551422b3106907f39dfe5ed605436c6fef8d1a39cafd9087baf9a50e0a4fefc9e1c294c8bd993c644fe792c548dab961c7ccecb7f

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
48KB

MD5
255fc2bb441d4e3a54ce49c55468ffcf

SHA1
c52b6d8ed280b29b3fdb6ebdfbd592d586921fb3

SHA256
2592ec3fc31a468d7bf040532ae5301eb812b3ee5fcb95b1bf967396d260e0b7

SHA512
7151b444843dd55fa98b87c0c00cba27c01d440cccaa4fe25a2f5b4b3d03d77cff5a46882fad092b831c8c354f5aaad1a655fdd52c58144ad2df471b654ac6ac

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
47KB

MD5
76149d69dfd31da8ce6c944b145b516f

SHA1
97bbfe9cdabbffc663c4ec4b147ab0d02e89a35a

SHA256
db53af983e6ae12855773c7f8e04b685b6449554fc75dd2c20eb33ace6d10850

SHA512
8670f30fa2f8bd69b6a1ee64ac42553becb908f38ec606ca785c980fcfcffc8fa2c5e3e5f700b0814c7f588cc53c72d11f9d6ed26bab7c668eea177e4ac69759

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
48KB

MD5
7c78486b32e3bde370ceed621810b042

SHA1
7282c2df013e0816ac9417eef3c674a4465cb5b5

SHA256
af36d151ae17e6171973c21ac66a38fc4661359604fd62eb37b8f1524c5124b2

SHA512
59b8d4b06d0f249a29c891861858440787ecb706750d5867d44927df3b0fb760b3348e5f548525808b7191d3055a0be590fb31e7c7e8d1a95c8d5918444d3e6c

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
55KB

MD5
79fd23c6287aca139070423863c77198

SHA1
6946ed80831d61228643749f86caf824bd0c0799

SHA256
2d8b7caff87cb24e12879c93aac972ec46c440a6d1e79301b2adb743a15674ba

SHA512
2e772ac8feccc6cab3e3c103d5a872d75353880e7144e38c8a729a52ede08e14b48b5a6b75d67dd58a8c396befa0aa0872a69bf5ab29e3323e86b6be5d906e55

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
47KB

MD5
e6b9491874034f003da059d4f7f458a3

SHA1
e6952da5b9bd5040577a7408a9a1f243ced038e3

SHA256
ede4c7d116e12aff2363ed2531cc6a42eda3d1ba15bda3998779b9ac342f2cdf

SHA512
a1df31836c4dd21e915c7cb770a4cedc4b648d804b67365e5142edfd733d0615661a03c5ad54607e9ac7aaf5fd7d5b05145dd7f090cf70728a83d15f77a1ffd0

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
44KB

MD5
6b41617a59e4717509b1b422d24c40dc

SHA1
4ad09dfc8d76d786ba5949fc071094cf42bbdfb4

SHA256
9a300fc6794fb1122d703f276ac347df50e290c58180e0e2d9a00d20c0f71e4b

SHA512
f1213e0393e294c66fdb4a883cb29249d4ba63ab079e58c940c7e3fa6fd649220e16bb4bfddad6cff4fc77c1ba0b62934f4da2627a9e2112b188a21d7727c6cb

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
46KB

MD5
73eaadb9ca73644fc317d5b17804512f

SHA1
2f6fcab23d4cbd195ea381396aa72d1ea4e7a08b

SHA256
d7f165bea23d71cab182cf5d6db18387937c670ea9ffcb2c364044e46e5e67e2

SHA512
62b9ec1ad83ee4b2993898e5318e6659e1a1b17edd432551cf30dc1a9700551c9e740b317a3f0c80664ee302cc7811d080b605323d737f6d69ff782c55d344ab

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
47KB

MD5
885e600e376a5a6df3ca10f0da4bb8f1

SHA1
2746ce0c85f713894f1c34d13ab0059768be5a48

SHA256
8eca39d9d6e2fcc57dfc0ec8e85031f8648992c51d0e174f428d399375e184dc

SHA512
3b539edf1ea660c96f1f0334ced45955e30bda61be84c95a4b27a665f1e2d323d335d1c08f25eade695845b13c2c7d0ec2d07842e3eee7a52f847a1d52360482

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
53KB

MD5
845643b83d5e974d5d2cdfba7579c8a4

SHA1
64d153cb8b7e3ca58e98b4dc6faae8aa714bcfe7

SHA256
1a05de8c4b4828ac52d345fcd5c41b671c59b3a8d70c8b85b8225350a7afc5f9

SHA512
15cea193d554d131ff9de17846dbce13bc74741a38a01293431e24c2d0387ab08b08e6eb6877e79c76f77277a9d5e72cb2ea9d1b4e4f27ec6e790dc118879d0e

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
36KB

MD5
dcfb398bb8b6aee42f58e821aa991829

SHA1
aa85fad412d877c2294dc3e4646f1e61c7b57f54

SHA256
ee99ccd5b48d402b6630f2cd4d8d57da4971dc706b06272ff20847210760bb55

SHA512
645e2e545ae0f98319dfb4ce51aab81cc531176e9af1450cffb06015f82ec0e490f0c0004295ab846fa61e72b51c208bd639093a958a97a2a3538e70f47631a1

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
46KB

MD5
ab57764fff86cef0659ef1479108d192

SHA1
3e5b6f23a907afd9b4b2f5bc930ea00b1c2bbdb2

SHA256
5cdf57bfc00f47f76332a7da89b20dcb7e6f4851db5a8c9b7ab393a7f6350441

SHA512
e79970d35971ecf1260ce4956872e8a5beb3a6ecdf8028ceb2b596ae246d93fa5b9801bbdf4479a48e00472d12199302551313e04da9816e815d7083396adfda

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
46KB

MD5
8489eb9840d5d498f2c43e17696792dd

SHA1
e1f9a1cb3f5d8712a695b73476e3b9113911b31d

SHA256
cfe670182801fe9701ea23f4f04539e4269d4537e8123143c43553e8d9483ed6

SHA512
40e9b9003368e8299b94645cd6b6714b0c6d2bedd96c09ef19f1dd2c7585e66832f43d74faf31855ee4d87d85574c869259c8cb1825ec8d405cb66b188009df1

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
47KB

MD5
e008575159d708b7f2a971946919d8b9

SHA1
e07685c2842d2dedfd66fbd9392497deb99dee23

SHA256
fe8c77e157b740520c0bdba3fd4dbaa0db7e46e2bda5eaf47e1e8793324b783e

SHA512
9b979ef45c47faa810615b751bae4e554487f4defa87ef978a4a396dd25b86445522a042d622269496b88a46c98726820587cd0051e7215b2c72779abc07c8d7

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
56KB

MD5
8010b288dc4cd92cc541f2a2f8ee6215

SHA1
800629a7308675d386994caf2848dec48fcb9469

SHA256
fd8f9f3a23130e45d4d7868cb30d10a28f68de7fa28853b4df462bfde22929ec

SHA512
501a047d3926e35c63a2851a937ac35d6ab1561f821ba335e2727cbbcfe6fecfc787e6fcac25138a0784df6b159046fbef04379f3d84cf54895b020a8618b071

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
53KB

MD5
4eeb0f868e5cd39959f60293ea25b3ef

SHA1
e71d9fc2af79abde8619fc16664f8f473944f6e0

SHA256
1c82b5ce662e0ec10ae00a93760a10071814bfc581577f9a59b9229f32e34dcd

SHA512
6d9da5a4f40f24ab78b77be6eb5b746fda17b873fa103ef5f86ae8693046f6271c7e703c6a42a272ef0433c86f576b90a8e1795e4ce3ea63217baef8020c8386

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
47KB

MD5
acb58ce76a8ff9ce0ca5bb36fe0b139b

SHA1
768449ac47ab46d06ebecacc151f83a5b0d4fe58

SHA256
4c3accbc8c4f5011a24d93a8645408d265e4d0754ed7bd4c54a38c6776db2ee4

SHA512
b31e8127458ba77ad1f71f298c4de61718469a1dbcf1fb9efadb735693972642c0ee557d1ebb8ced628e14eeea6261a5b36a01892187bd6039f6c4b0280d5568

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
51KB

MD5
fbb80271779298d0e1edf5c8c237518e

SHA1
c5e8a3d2bf1c7d193e443cdaf390552202841a5e

SHA256
fc052a10e7f677d341a1ee1440f9995062960b152268465672236d19589acd4f

SHA512
186407ced084843937588e636e40928a93af527006745859178a924cff8b324d3fb3581c67b776d1b582acd4cedf253d686104291cbf66fbca400cd85158a2fc

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
57KB

MD5
e6e9aa641344cc6cfb92b951ffa47935

SHA1
813e415808230e6fb61d2d470193d1020869cda8

SHA256
39fdaef004878aafb0c5916420e29616a4424a34680163854f5f2fb9b2980bb8

SHA512
8c1239a19e2d5332ef4f9e4cc2cf205d0a44adcccd525bb63daea5ce5310eeeb201fae38d10a56622436dae52eced88a3320adf0ef1bf8071d33a3f047acd7a4

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
47KB

MD5
32f2ce960aeff50c8f1176a5848aceb9

SHA1
9a68c6ae9b04844fe975a52050d082c42ebb0897

SHA256
de71b7bedcce074b5327daca77d151e13402090a8871c1052643452dc0df4b9d

SHA512
be8b56e0255cebbfbcda007e2f087fbf37f891874c4a34ed8c5d35a43320c1e3479e82a2b35247f77fd2d558b3b73c1c5464f8965cf8c1bcf7486ff5d759adc1

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
48KB

MD5
525ff9eab9cb260a35afc79ad6616d78

SHA1
256b2fe24ea345779787fe5c018b732c8d217c24

SHA256
27b904870586a72aa32aec2297c9145084b2b88c56c5d012f831c13d96bfdb19

SHA512
9d7fa02943fc2de19d4c32beb78022ee022db5e73ef1365bf391bc8d8e65685cccdf5d7b2ae15b40bd191aa269b52313b121f9ed7ce8cc56e1df1e676b28f4a4

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
51KB

MD5
712afb45298e402590e90f877cc88b26

SHA1
dc083515b4501541e3fb1a05aa86cb4d51137cde

SHA256
2b7d9e9e5cd4c5c742ec55ca77bfe6d3ea1677b637099505d9a4ad2f4ed04763

SHA512
1491fbccca86d2d9e33a677ec86412832eb0f8be45ae0b00e05efab2af5dd3e8f7c2122956ef999f935024a1c8dc4ea96cbf800fa4ab292627dc94f9517c0112

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
51KB

MD5
5b6ffe8d187051373b13056ac602fda7

SHA1
b69a2d85bbe4f1e3bee13a38e5716d901f24226d

SHA256
e5caf092909bc9ff5ae1e0ac4ae07cc18a46fe4ccd683c5ae5d58f6e3f8146ed

SHA512
23ffb17e1877695f313155c5885a3dc904835d2c828e8eed6a50726a102f08a7354f531d964a2ec188df819c33982ba7ac77e32cb00300fbbcb393e3592dfc22

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
47KB

MD5
b4c424cdd000f4eba71d21ffcf6c2ee8

SHA1
e218ab746793501d5f48be7ed13a68cd4ac6302b

SHA256
9f217c9a632d834617ce04969f725a914ff81bd70dd7ce87563988cf9040e617

SHA512
b452443f2776c1b4a5b16832a55b8342b19f234a6e731b8643308051b4d367601d328598591fd439665a415b8e20eebbfecf4873b0e1d4d6b0cc5ad1a1690b94

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
49KB

MD5
f6e5973ba8c986a29dde8deb779125f1

SHA1
2bb2e90227076066e84e1594f13c88a80c5e0859

SHA256
f0acfaa01d5fdc0b6be7725f0be27ffa17e6e0834ccb24df64f4f605e59ab048

SHA512
e2726b8f4f591127bba3d23c9b83b9627a9a1504ee144d0cb8eab9a3a90ea8de2a4ae4fbb0ec9c50633e86ea32492734a1182505a517828b2a7d898b72bf9e17

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
48KB

MD5
540fb02532b74ec653c0845344354ff2

SHA1
1b589ba85898765f0f48885fb77638ade77af76d

SHA256
39e331d7e970e31c7d9bf2e11bb7f198b01c5914a8159e6be39710565085d298

SHA512
29e63cdd6a17caece395185257ef0990a6b158e6ce997e0f3bb395407afca539b9cde20726aabfdfe0983a8ef1d8e31e468a038c42de95fd94495522ac124472

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
47KB

MD5
b340db2f27bc9f249af2fce064c74a95

SHA1
e48e9e2151b5a47802d652f51af148be2ae14877

SHA256
deffec44ccf7c706f46eaac5606b35aa09348377a4bba5049c90b750547b2783

SHA512
5ab1ad2d0570d5a7d12cfd483afe65b7732e1793fffb463c86bccb633a0d61cd118265ae2a690ec411368eb03ab7c5da6df988b4fbdff2cab86ccaf77099ad41

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
60KB

MD5
31c075ebda367b4913dd9f2e8db3114f

SHA1
ba2e25fc32781a73feb8c95cebbee0677e8ada6d

SHA256
baf895fa07356756e4d461ebb5a2546331dd2e81f585ffbf024459e68d4a1035

SHA512
d3a90061bd6bf5bccffee09265e92ae2695a0dfae1bb28c92e6a3b4792d1369c41849eca378a6078c90107227408efb0bbedfec69d2cc84604d36bdc5e480e40

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
44KB

MD5
9d54a21948353c1d53a796cb43d06479

SHA1
a34bacd7d5a38fc985ac618f112beb2935d96189

SHA256
0466c0e0755b2f69cc67db25a53735ffb6e331ee4b4cbe379499eb1343b6aa1c

SHA512
89b021f17961dd508eff1aba58cfea397eb13ab3f4dc1ba926a97108dce5a4484418318963efd6b9c6ac6f12999564e29ae51cf0564f16724cb11b0ef3111106

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
52KB

MD5
b51443d8616da723f4bcab446a27270d

SHA1
f22e3dc6be80c87b632e01929ae39b5380a5ec66

SHA256
83281f5278e2075dc49bc1adfad027021d79d3cb55d58212609a0aa89a5793de

SHA512
56da26aa65ea8ae5b74b42f28666db7532679bda5b19d3ecfdf1707227779415858f1f11795f6c1267116a04c3353b521aeb7ea3700407fb4f73fb60ddbb7f54

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
49KB

MD5
e59d9006b88cce4ade0baf3bc9c65dd6

SHA1
809a33010526b052d601fb9e6cdac95a8f33c600

SHA256
1a3e4ba0a541ea3d9b52a63d14245306120ec7d4b9cc1cf944e33d10a4e9125a

SHA512
7494bab63e42bfb3133b29b6126a009f12bde6de874a340c42ff814bafda46e4f4881fcf713a2be9f08866d04076b058d9a9087f5d2a0643a6346d6dac010a6e

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
45KB

MD5
e74d19fe626b88282b40dff6a1c11af7

SHA1
66d32a90b3264c0a34518b544ec2fd544845d3c9

SHA256
4adf7f745cdaa7055689585dc635edd446395ffa0462ac440f62a6e3fd91b708

SHA512
241688fc459008aa47c9999dc001696d6bad2429595964fe8bd2ee32fceeeafd97af5f7f9db35cf3b0977298b82cdc071e3521dc7a743e0125d68e94bddac00d

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
54KB

MD5
2c79cf36991a71bfc44f8fbc7818a82d

SHA1
ab2a207d26433d9b01d6e4a2d27be19af9446398

SHA256
37dd3a8471745a328aefed811a41fafdce37796e1736d3346fda686c30a82e4f

SHA512
c8e5bc9687bab99310460927eafc6bdfeaf729920b17f2bf6eb7be10d69a5f36858418e4c52eb9f3b1d9f7ed1fe7c0d3a4fa123bbb48f18a272e9ff32a574732

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt.tmp

Filesize
48KB

MD5
368a0119370978361e6bbf60f25b705b

SHA1
803da85ae2884faef6174bd563d3e6d4443cb248

SHA256
89f13fae43102b10154fa59c35e2f213131941dea83c5769ec99d237e528e99d

SHA512
44e387d0e29baba96a64f8b797f9d8c1fb1894467873c3a5a7c9534f93a68da7b12288034d8f60034dd02d1e61b58a87933bc06bce5f11421d080ab82a412526

Download Submit
C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

Filesize
49KB

MD5
9e1a457473af92cc31a6eb6b7c716791

SHA1
744ed3f0e3a2986f9027133ef59c300681f23b71

SHA256
45a01a3b4a4bb70077ebb54e0e4d38ed3f344b0bff7bbb43e609f4fee0ee27f7

SHA512
c965778f2a6c1bf7219c452979eee8a16b15203162d6266273991fd3b814085bcddfdfa41da3635c7817a70dade51bd41d46f9c3f23600c62b2e2475d68c8887

Download Submit
C:\Program Files\7-Zip\Lang\pt.txt.tmp

Filesize
49KB

MD5
503bef1da4e89c34fa6efd35aa5810c2

SHA1
f0289a0a2e9b69769e88375cbba4a7571a23bf4e

SHA256
68c59af1d7eccc41d58503e594d4475669147ceace62f22ae4727c5d7b7fcbd4

SHA512
0c55472a1608d39dbd5dada8aff6c29d5982c39a422ef1aede4f4fd192404a758851534e21dd32c28b50a9ab09e1316c0ae81b166d3d53be4c8927b412aaec05

Download Submit
C:\Program Files\7-Zip\Lang\ro.txt.tmp

Filesize
47KB

MD5
ee56313e62619db477e6b4267a639144

SHA1
62b63e3ec7a261447d44aac6e8e5a1e6da23e9ec

SHA256
2f3a295be17e837fecfec888a66a8741d161dc61f9e7bf34331b86c508f1a226

SHA512
435cf3002385a163398b8aeddd5714a31472a5696edd940868fe7daf85879388e079df03cea257a075945fbf395cf3574c7d5c08c91f16576de1274c4a036f2c

Download Submit
C:\Program Files\7-Zip\Lang\sa.txt.tmp

Filesize
58KB

MD5
086e9cf3be9bdbd906dc57b38578d92a

SHA1
c8185aaf37a135ae71c7d9779ecfd4e0c97f83b2

SHA256
9f4ae5d1de6e4d50b74ba5efedd737ca1ebc6f809e62b2cf52a00215fafb06b7

SHA512
604a2aa993db07f86080bcc890dbe5a58043dac2b31a06283937735ca44a92acac9d43ba44240cc1acd2ffb83708aa37c2e79eeaa5ffc983e811b932e0426203

Download Submit
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlDocument.dll.tmp

Filesize
55KB

MD5
b8b820ebcf9ba619ebd6fff667cee82e

SHA1
d84a461f2d185046087b2c7916d294aebd418dac

SHA256
41fc7f878efc95a245b6bc92218d22e9c71229f3bf70f8c4269cae6bc508fe41

SHA512
4ff4f9de5265d0a2f9e897f4f25fb4e78ecfe8502a64d3091dd25046c488c305308851914eb4d479c73ec5240f657f98f0e48da5da5dbcbc54ba392b56897945

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ChocolateyInstall.ps1.exe

Filesize
39KB

MD5
952ee249f85ba6d4074f41e58fc151ef

SHA1
ac87549c22e865cebfe005b8b14648ed9b56c3ea

SHA256
480229086923ba1586a9a22cbc9218ecb63f0eebddaa3c47794d2cdde5752a22

SHA512
a3ab9561a47da7acce5ccb23589e5715fe418db03f8b03649671bb1faa98255e45929a777b44e253d684e0e264619c4cf6128662218cf578ca1218031e2fba22

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
39KB

MD5
2448e0bc47460e40b082c69f0e7fd455

SHA1
54b8e92ef7776c9adb9adc760c53e57bbcc912ba

SHA256
2eeb09c25a779a40ea96edf076f4445fb59abef9375d4ae41f3a2f0c60cb2039

SHA512
9f5bd100e5c59b2cd567915923a3325d4117ddf7f6fca5f670d967dc9e5f386405428f4b27c5379162483cfe327320911025495e43bf8f8a8f948ccf1e914b06

Download Submit
memory/3000-14-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/5032-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads