da5f3187701201a417b338eb953b16a73934ede6119c75d7f4f82c70e0494624

Analysis

max time kernel
150s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 00:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e2bd2cb0ab7d6b1a39fb62d6217a2d0_NeikiAnalytics.exe
Size

137KB
MD5

1e2bd2cb0ab7d6b1a39fb62d6217a2d0
SHA1

395ed8e552f96b68b18472b239ac237081acd042
SHA256

da5f3187701201a417b338eb953b16a73934ede6119c75d7f4f82c70e0494624
SHA512

c9d12406291255570c3308451e1fcdea46d28e1de464247459f2baa798e38cee74b528fc3aba5809d19a6454202b3aa364ead21632d7d600f610874c5870f5af
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBM:PqFF2Ie+eFWqFF2Ie+eF0

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5043) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
4232	Zombie.exe
4540	_Node.js documentation.url.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	1e2bd2cb0ab7d6b1a39fb62d6217a2d0_NeikiAnalytics.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	1e2bd2cb0ab7d6b1a39fb62d6217a2d0_NeikiAnalytics.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-oob.xrm-ms.tmp	_Node.js documentation.url.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul.xrm-ms.tmp	_Node.js documentation.url.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ppd.xrm-ms.tmp	_Node.js documentation.url.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Extensions.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.dll.tmp	_Node.js documentation.url.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationTypes.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\dnsns.jar.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ppd.xrm-ms.tmp	_Node.js documentation.url.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	_Node.js documentation.url.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe.tmp	_Node.js documentation.url.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe.tmp	_Node.js documentation.url.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	_Node.js documentation.url.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\netstandard.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClient.resources.dll.tmp	_Node.js documentation.url.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXmlLinq.dll.tmp	_Node.js documentation.url.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstack.exe.tmp	_Node.js documentation.url.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cryptix.md.tmp	_Node.js documentation.url.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar.tmp	_Node.js documentation.url.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange Red.xml.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.Extensions.dll.tmp	_Node.js documentation.url.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxbgt.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\mlib_image.dll.tmp	_Node.js documentation.url.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jpeg.md.tmp	_Node.js documentation.url.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ul-oob.xrm-ms.tmp	_Node.js documentation.url.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.PPT.tmp	_Node.js documentation.url.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesstylish.dotx.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlSerializer.dll.tmp	_Node.js documentation.url.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Numerics.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.tmp	_Node.js documentation.url.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ul-oob.xrm-ms.tmp	_Node.js documentation.url.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QRYINT32.DLL.tmp	_Node.js documentation.url.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\index.win32.stats.json.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Native.dll.tmp	_Node.js documentation.url.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationCore.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationProvider.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClientSideProviders.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\charsets.jar.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ul-oob.xrm-ms.tmp	_Node.js documentation.url.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\PROCDB.XLAM.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Parallel.dll.tmp	_Node.js documentation.url.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.Forms.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp	_Node.js documentation.url.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorlib.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationProvider.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\te.pak.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.Primitives.dll.tmp	_Node.js documentation.url.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.DataContractSerialization.dll.tmp	_Node.js documentation.url.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-180.png.tmp	_Node.js documentation.url.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\OMICAUT.DLL.tmp	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 224 wrote to memory of 4232	224	1e2bd2cb0ab7d6b1a39fb62d6217a2d0_NeikiAnalytics.exe	83
PID 224 wrote to memory of 4232	224	1e2bd2cb0ab7d6b1a39fb62d6217a2d0_NeikiAnalytics.exe	83
PID 224 wrote to memory of 4232	224	1e2bd2cb0ab7d6b1a39fb62d6217a2d0_NeikiAnalytics.exe	83
PID 224 wrote to memory of 4540	224	1e2bd2cb0ab7d6b1a39fb62d6217a2d0_NeikiAnalytics.exe	84
PID 224 wrote to memory of 4540	224	1e2bd2cb0ab7d6b1a39fb62d6217a2d0_NeikiAnalytics.exe	84
PID 224 wrote to memory of 4540	224	1e2bd2cb0ab7d6b1a39fb62d6217a2d0_NeikiAnalytics.exe	84

C:\Users\Admin\AppData\Local\Temp\1e2bd2cb0ab7d6b1a39fb62d6217a2d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1e2bd2cb0ab7d6b1a39fb62d6217a2d0_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:224
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:4232
- C:\Users\Admin\AppData\Local\Temp\_Node.js documentation.url.exe
  "_Node.js documentation.url.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:4540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.exe.tmp

Filesize
137KB

MD5
704338d01a4317da414111ff71e1ff9b

SHA1
f79fcc76d866698164d0fc5da84bafbe9715052d

SHA256
601f54c51a2b9a46a18732c7a65f3ac3aff1e8a50ca6e4698bd21d63876b95ac

SHA512
5573efb1f97531ff30efeeb710a4a86e34972c785ade246afec91a1e3dcfb356b68c4a5775ab6b32981d9d9f18be5cc5d1ef4a53d114cdc56b4e25640f3f8c09

Download Submit
C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
68KB

MD5
e8d47aaf9b6ae25f83524d643839bdd1

SHA1
e109e3405b899ce27fd8610fed0336254a33cc12

SHA256
436d7b12eb53b5b0c30770d44176e2789073a366b0e14e2ce3d15b2a2d3f5d09

SHA512
96789167d664400f16b28e1cdbaa56b4201ec062a515fd47d612a62f3177e045c8f851c4ef026766dc85d9e943a60c591f3a9d4af0d7cfbaaa8a04cb74bdf0f1

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
181KB

MD5
1b6c399ffe1e7a7ad51ceca2f144bee8

SHA1
8410e9ac143faf9b8ff6a34ebadb9b6127ed1380

SHA256
1a725025280edbb3c2de2f5be5247a2278371179e4813388bcbb1b5b746ecbb6

SHA512
e2d7570bb7cee5fbe09972cb53e03d49a417359f44f9692962163a00dacb379517049c8e1b578c687d7b032df1b9822720926d999c5ff841566c1c038b91938e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
167KB

MD5
df10bbc160f2f4f61dc71f2fbc94895c

SHA1
fb15ed6193eb623ba214df47e6f275af7cf60972

SHA256
ab3c4320ae5aaf8b9f2ba0d594782a21c629bc09276791eb5df1d29346ce576a

SHA512
3c4a467a366dab04e983fc3036b0dfdabada1f1e483ef9c464ad608c2981b9ca69a2db5c8d1b93bf9d05bbf22f5209ec6e61e39b8e86ccc464314f39a7a28309

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
780KB

MD5
dd12ca6fa94b3df2a8dbafdbd1dad221

SHA1
655b16e59cc209f9a6bc9cdf8bc5fb7bf62ca117

SHA256
5bae84799548158c34fb4eba6d2063193e2bc03eb627d300a76dc0cef5c06a4f

SHA512
2de1fc7db2c9e4523c7ba128161c6deffa9213fef5f8bbd2b13c2fee441b17441f0bead28fcf6a12c8c0238463f33813ed622fddff497aca597d2514a4680d12

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
612KB

MD5
c58bc44fd6ab9a4ab1bfd33e10dfc205

SHA1
9b6d18fb3709954d08d87eca643d315fdacfc254

SHA256
233932053210bf58a4830ace458a11917955bcd95b6bf13ebb66d8a71da90a17

SHA512
60e4bbbb8282d55b7b2eaa5d4b072d8b5e76362f806b24f62ee85b6adce58281b8572654c723edb8fbd87743f696245ad700f292ae09fd40cd2c1403e2e216e8

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
278KB

MD5
e577f61e663f228840e7219fb45cdbe2

SHA1
694eb2211b7f159bf3b7439e667ee648848293ca

SHA256
c2bd68b7b808de005abc321d56c9a262961f686bd254e933fe86b8cd26aa5564

SHA512
33c2ef17df4468a4898335d30645cd77ca485a22e303989f96ea45c0fc4ca42bd9f77884b4c02edc0000c668b1dbb0526a3511f122cd9f4a19b4ba6c893e69ef

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
257KB

MD5
d1879c0566b573e188e50ac7a327cc02

SHA1
f94c22ca331ce856d65cc8be09b812c3f8eb0e74

SHA256
c4b4e0b93a6fd0c3871b78ec6fa2939f6cd0500b79ae1da5452b662e1e270d94

SHA512
4dcb996bbef75b02d4d8e9b0f9458f78ffa4ecd407c352744fe1184ad50267783960c84491ec6a77e8d0ad74f0468db15b23fae7e10d1d952f72f0a08a2a9a6b

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
999KB

MD5
6f65f91394cdfe5b9749b53d2d5a4d9e

SHA1
78ce3415b5d7d1f568d02c596c35e6590fd8af0e

SHA256
e467bf08d645c7cfb63fc7c54c303ead6fda95747bb3a0d2b1f0c765b3b4e4e0

SHA512
d8c9c7afd5f750ffe12a765d463638dff8f4b3a86827a0d60b4a8e3f51d99ba23661a9a790499555df2337cfebf7dcc38bffd3ee96b42d4abe958c6b6f3331f7

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
752KB

MD5
2c9f77acaa88ef6894d5f0a5f839506c

SHA1
0657374ba2c80a71428639642c922af7ec0fdeac

SHA256
b6f5e38eaa0e78380f528bd815b527644f1ee44e7d087b526731320afaefe14d

SHA512
db35b636c1e86bba0efcee0ba8b6ea66a5c94ba6f7485f7dc4ac9b764dbab8743d72f005c0dbfb65ff55ba6fea83f6e4bc2644954385f8add3d2725fe6078778

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.exe

Filesize
78KB

MD5
9574f2d04c83ee0e0d8fd724e4bcf849

SHA1
140d89072aed4bdbf04a9de5210265dbbf240793

SHA256
d499bff699cfc5e5c67d119a64932158a55efabf7260fc1c7e66c472710058b8

SHA512
2dc317f51bbc4f2143d2d74f0af96f5eb47da9b4cc89786c48fdc3c93465b577c83a89840ed27e046cbd14959e2ceebac293955e312a9a83086662217dfef857

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.exe

Filesize
76KB

MD5
e093f171f56d6ff027d5f607b073cab0

SHA1
ab6e4cfdcda1b0a0980a6b2ff14ca04d0e6d87ad

SHA256
3126179f381a9d7a86228152bf3f6c77b2b43ba153f11ac78b5b37a4d445eb83

SHA512
8874e86ad6306a7c1cc624ff664258af723785d49b942c3908a6886037a117fdad886e9f49f754c920c67196b275eebcd9e3bb3b9f819ac701fa9e13e104894a

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
83KB

MD5
85d8c13977d66d15b6ed619f0e4e4f9e

SHA1
fa57fd8bc9d898317d9ed25877e29923da017c88

SHA256
7f52086438b327e25305ccdd419ff19925b716915ec9a44db026bcb147fe1152

SHA512
5fd86589cebe0e03feff38f0e099b4294ba1d201a4c5b7908cd2cfe0a7f1e325df7a26e22d595655bf4eb15d5e7c93c9aa987f8b8438ef22127ef7511c31ec79

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
78KB

MD5
68ce10ad55be84b23c142acd88c82259

SHA1
107f3849242e38a292f78ded42bad15a80dde565

SHA256
29fd0aa050e633d9f0a4ff4ab1a71174fb738032f0eaecab6d017851b0ab577a

SHA512
2d80d45561824b884c0b49bb4a0d39190c172e21cc05b30b52e9885ba68321540f6b0332f5b1126242f05408221ec7c97172e660b2d86ebf13994dd877372447

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
73KB

MD5
f2dd13a4cf088fec538ad92c2802df27

SHA1
147b3e308961887895e66a552a98caa9b4485b66

SHA256
70348c7a7b62d383767434e08458552b415540bd3ef7c320f0a2d57ad67d0e8e

SHA512
eb167bd3eee7c01f7a0c3bf15d0e2dda9a4755fe5ab5a6ef718204c025c6d334d77658aab08a06b517076458d0eb7d77d4fc063a7109295ab4676fa04b9883df

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
77KB

MD5
9e03378c53934ca5dfd819d28f87bac7

SHA1
10a9aeeec0002577a7d0acdeba45f50b793311a9

SHA256
9c74a2f57e123fdf81f4c00625b39eac14011bcd153affcb8a72e746ae90a62a

SHA512
ca2c47073e49bae8e199978326e24bb7b288349864ff23a433e12d6d9a1d84d4f89d3c584f719c0dcb85e871eae8b20508cce52bb81aa1fe8b2f4805ab3998ed

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
76KB

MD5
3638dd8ad92f8373a038a54171836211

SHA1
13bdab7db516531063d85bf8e05616b2e21c7fb6

SHA256
c5c948f185325c04c416bab05459d86cd60ef12318398c18a4b821aae72464d9

SHA512
496c3092bd29c6667a8965f17ac73a6cccd9ca0eaf0aadf158f154a30dcb6ef42e8144c2af4ff47a53ccbeeab5736375ff8292300c29dd488dfdbe6f29675e01

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
82KB

MD5
791c37fa123acb6cadcd37bf33ac922e

SHA1
51146b4df9913afcdae5eb82f23e45548bdb8175

SHA256
b174a3ae1521f42583998bab5722b63d4f6ebeea9058b1a8f007c2998386533a

SHA512
4870bf63fe10145d5aa5924e861c9205db2b541bf6d93121df239751276e8f7412958b6fd086cd7e0375c9fa25fcda0bc91e12531f296d56cb66a31d592c8b63

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
78KB

MD5
d1f03657e7ab41eeebbde5c1e828e061

SHA1
cde02486449ffb04db6f4a5abd0b8ffceaca0845

SHA256
02047479778c547c396b779519a08cbc75f52e5464a85606957f726a848e6bda

SHA512
9fd741ccf92125c2cbea6e279da1ff5e54aeb0404c4f82e50a9cd70af1b9391605ea28dc42737138bbfc577735ad35b540cf9b024c97d5ee8bd1378b2473e8fd

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
76KB

MD5
506adec77257c0c9f48baa2fa781668f

SHA1
a98671cad9f787ead75d0c6560a7f9194d3c752a

SHA256
b104698dbd4be051409cb7691cd44f053ba7a2c157d425899b628f5c9ba3e331

SHA512
c371a7402a1e0b3ccf21f7007706f592fea82dd5ac80da1e87add8ab89fc2a9a2e70e545de0d1f674b51929901477e0e6bf6c0870cff7e4127b5c399ba6014d6

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
78KB

MD5
6e49fd296d32819cfc026ba09a6c92b0

SHA1
4e132adada3a15bf394708290b5f0a5a7e030019

SHA256
24dd0833eea1c54277001548633aea7cd4f7492c0c8adb8768a37cf721be4389

SHA512
a52e4e0ebc352bd85e1de759adefbc6a6128dc0232c2d123ab3ec352e8f78488d3714adb9d65b4f9ce234d385df4fcdf00cef85661e5f13d3c17cde8ccacb37b

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
86KB

MD5
150f9e34272ff9608f454d7eb9a60634

SHA1
db9292ea791ddbf7010d455a986acde00e9b05a1

SHA256
6edcfcb5ffb571f70617e4ba20b97fe578cc36819a2e1aed40a81db5c6c8df06

SHA512
a6efe3115de50dfa4d67e326e92ae162704628f13ba6aecc7eb65077201cfd29d3a1e6d6e3b2c91446a188fce952017c2e8f603bc90b009610da2f624d494ba3

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
80KB

MD5
cf62955d05fe1059c2058fa91ff0595e

SHA1
b2dd6c9b6ef385807922f8a264ecb2f244043532

SHA256
fe7a0563bf02581a05ed88afe4e5b174d42bb638e8e00359ee8768a4700a1b96

SHA512
9c17ffe60107caf5333d385420efb3b2dd7ffe696e07022ad853390769ae53393d71b59dc0c9efc0fd99895ce551b325df98c8443e7ba91916403ca35183cd8d

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
86KB

MD5
323a35007f08d1c942328fda3c31c3a2

SHA1
97d2a46ad31022437fd74b539b44002d95662071

SHA256
77beec016c0996c7cccd02948355b256dcf85b84c8a292ed9da6f390118059f0

SHA512
a5e704910cbc239dad42bffe19325df90a080cab8961a48b0e3e6c93e1219f93a926053133d1d1293fe1f588f27a1245b5192d83d3022bbe33189765d61f51c2

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
78KB

MD5
79dcece4ffd0494e0204f1a967b00fba

SHA1
17a9eee6bb101831f863a8339d88b0410da7148c

SHA256
5c91b18670510e10b0ff4d05c1f3af3bb1e17ace66578b1afb41708ce6b6eba2

SHA512
fcfa4f0858d21206dc49d7daddb509867b315c889a111923fe7ff91176b5e879c9d98d4e442140e2be4e10a030a44c3689254b09a2a897ee5977fd72fab409bd

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
77KB

MD5
0aabf53c28c32a0c0a6a3a4421f5712a

SHA1
5bc250055162db428ba029c6d2f107342c7278cc

SHA256
cf85fd310bfc80ace803e539b58a3f01653a6627b06795c9fced5f5549c37dba

SHA512
16c161f91800f188dd96e0017cd41dc38ad86cc0d9bc99fbefca1c9b27094edb5aa40c9c8fd21768fd817169667006f809cc8c4c7ed23b11be576f01c32a782e

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
77KB

MD5
0b9e172196d69bf77ebfd07381834b79

SHA1
3fb1c8fd7a73fafb967bf92e825dff65b15cf69e

SHA256
3aed38e7b8bd519657bb9bca65983095fca902504f38989ee3440e8127c5f84f

SHA512
0ebb0c352d447ef97421cb52a38f4f2f854fe3127d354dd75e96fa77b63e661b514f2e95613e99b25d6f3d663cb8913f19ee848549ede97096b6dbdebc94a133

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
64KB

MD5
ad843b482ead2339fac37f17c0d72196

SHA1
3bcd7fa4a50ddeeebd505fa3134907ff4b65473c

SHA256
dbd78f80633e79948091c1610b17cd336f25d21b4421d7cd743a260e78203de8

SHA512
2a6b78388c5c603fd91cc7c17871b3a9dbe22e367d32a6f99f2ac09b39016c0b9dd2d98c2472c5725e117f5ba1fc1b1eaf5de58e94ba77f9a0f03792f5736900

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
80KB

MD5
ce6e1c29c118cfb1b953c1f4c4fcbcf1

SHA1
e86172d5649d756d5b7c8f804fbeeb3b6b00f837

SHA256
671d465b0bac925c2965bb90f3e28027f633bd609241da74e0c8e966c188d87f

SHA512
b6d3fdd634df720f86a0432d146a7dfa9d3fea161796ce85760ff92af7e7e1aefa02441f60bc61bba6845e4153ee22c1dc14ba3f1dd67afaaadca9da9fb981b2

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
72KB

MD5
e2ce23f0360e2ae9ac10b2d988602e95

SHA1
b1df0f6bcf8cad4d1c515625a448a0ff1713134a

SHA256
b50be8fad809d583f34ed44e4f46d39d9d1de2c837111133e322f939f1216142

SHA512
805831ed8c9e8ab4c54ece66042fe8ffd2c954bd3ad1d3b4ef4a56c19815da5e5c05e7a963b1f13f42c29dcdba83efaea6de221b433e110d4668ba5ede4c9ebf

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
68KB

MD5
c5d6da5b1c0a963332f3614b496ad6ad

SHA1
3f7d044d949e398226ace7a89ccb3999cf93892d

SHA256
ac899c03394904cbdcf04fef629485a285219b401cf4da34c67682aae971e511

SHA512
2034d4bfe725ed1d3608973199b5ffc4f2b9547e0e96d6d560aa80e646b7d990cc18172d0ce3f3989e5dc2a5a57847592af09063ce64fc93f864eed7acc692d6

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
77KB

MD5
b39f7be5928a6ac15d1afc9c07117218

SHA1
f1b11f8993546f26e1f28eca9de63c8b5865254e

SHA256
e305422a90fdf0b84d43a6cf7f681b12f0b29427f3075404867d8e23729b04d9

SHA512
2a508861716e74e6eb8115f4807d1050b15961dacd90324d271f06410c487ae9059db205ca904aab831c4b85a1eb1e67b0b377719061af2b588648aee5967a0c

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
81KB

MD5
69f447fd4d5227f2262ed963c7820518

SHA1
f04ff8fec503cb4ee2c9d4ad4df81672bcd587a9

SHA256
8d6a9339e6f3f9ef138470912dee523eaaaa6ce52104ab69575425980200af0d

SHA512
fd561aa93b8a4c2846a9389a4d1df5c001a410c399ea0ee06b4b036877a79226f9dd74d6335cb5c7321f828c21543e9f78993c4433ad16a15b0240e7f1651b68

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
81KB

MD5
6accf8d9a7695578ed514e46fc7c8ff5

SHA1
751ad5e60c81c66ff47d53488f1f817551337d8c

SHA256
5bed34b687c0b6ad442ac0b636a4160211a3fc3f6e4df1dff5fef31c83f41f5b

SHA512
926f4f8e35af696e7cc976524f48dd3fdbd9d3f50787f5e2d810859addae3ba02dcf1c0b6574f2da1dbdc4d4ee634c644c84bcd4517987ad64f9ca8237f27aab

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
73KB

MD5
2e4c066a9554bc06c9b6fd9512ea1d73

SHA1
44461054114d48c44ae2bb68d276b310b00d150e

SHA256
b782737e3db66909f62110664c924b311f3d0587f4c181bfd5aa94b26a66b613

SHA512
59ab7d30fc8c43bb621e150fbbe5d300c38a7325417e394df1dfdb2985555d3b3c036f39a65e2110d982fa812efe8d9cc18101b680356605978f37508805b474

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
77KB

MD5
7ae95b3aa28051169af49217ca3b160b

SHA1
c9ed19b5cd5a72a101c5d93120ca59bd4ab1cee4

SHA256
3ac1513ad057bf3c870fd23273282e7cb867e1af37e3a1bcb8a52d6c14cb1809

SHA512
048cb5e60d10cd920bd443c1eba78ead5380c1e5af245c64d15e6f1894a8a8393a2b1c69c7ef5e9b110d320b96b8025e34ca140e1d18877e42d5938605a2d901

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
77KB

MD5
b4733417ad4ae56052b9a91109c4b074

SHA1
35017312560ad767cab79758ae329643bc63e005

SHA256
cf067df47de6d2d65af2b6c6cda8476d22ccfdfbfc0063f0f89cb560b5145dad

SHA512
3bd91f393855f709db08e158553ee1c8d636522f5165173b83643279d3a017a3076ad3027fc7ec4071158d9f1a1560b94d7819e572dfa797f3dc67f8e3a19771

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
88KB

MD5
b6779932f1d559891cb5f68187d738b1

SHA1
62330aeb6851cd8f77ce2c45914b754146be4d23

SHA256
e644e40dcd9da4440bdfc30d76a3aaaf683a0301f378ed46a9bd0bad82f55f1f

SHA512
a6a612adaddb2b1b2fd0a1b585b80bbc133ebcdf787d112722402525ff4ffcec953420c1626de5349ba5c05268f6b4351a02d9779c7b61f0e79c1267f51288c8

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
89KB

MD5
803243336add77d6540ab9ad82c512f1

SHA1
39f8d7948509bdb260212b381c21d9edfbf0c050

SHA256
a448c48e88d41f986a69e86d666dcc39016a8b6be37d740d936ad0bdce19a5fd

SHA512
81f8547f3a4f4ed00df777235e7862207eb74847b976cab1efd29976f80e7263fef925a49837523cd64423b2e1714e728de3020660f93f9aaed17a1538e41677

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
73KB

MD5
cc13a5d815bdfbf170a97b256203a191

SHA1
81cc9945474340fc65e457c1a0d6af675e5488d8

SHA256
6d2b428d0d81fd55579b530499b4cb2c17273f67e466413ffad34a1f617b5ed5

SHA512
bc693dd6f45004d21d611ebe16a22ab73d4c09df29bdfede6bf106be1fcdc6f1310231b4822759466f353172664cb08801e594efa9a6f1e82305bee7e6f24ded

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
74KB

MD5
6db871dc6d0d91527c86b223be6b4885

SHA1
05da01a6b97e3c7545f882d0c206ea3a435fdc58

SHA256
35c385c8880293ae897aed5c62ac1ddd241855b8be0c77ca18a881016db58f13

SHA512
c322732a8539534cbe24e9cdee087f26b65e7b4de2383e9323b55e0f479623d38759d61ce443084823dec2a8bb52bc270cbffa67d0653ba7efa7fecd3e3b6c2f

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
74KB

MD5
b94df35b01820b85bbb1de0c866d0b52

SHA1
b53da8730fc7b2652418448c94bf29089f3013c1

SHA256
c0393c21c37afb326955348dec69200efc268dfada26a4af3a36a130792627a5

SHA512
c30b25f2abea4eeb82fce5f50b36a12e4e0c0a091fb3694294428145d208f8185d5938f9e86358dc7c60ffdcf2df9fbadbca57b0be476339f4a58258a88c230c

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
83KB

MD5
20cb5e632c1d6a89e57d7081cbe7d6c6

SHA1
e3a973da7857a9c7b94b2d8c434ed28028818eff

SHA256
203489a66853b4ec25ad5d8d4ff0092e3f2a0989ceaa6a94b44fef6f2f00a98b

SHA512
1d8f8f65ed0beca11f832e5bea0d03936b6f6032112f7d02d2e4c94d1e190b0c023f9ad591bd98837f45ea0e390193ce6154590b313629e0513e3fbca5168d9a

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt.tmp

Filesize
78KB

MD5
1b3baba6ae97e4c6bb9f7dc5f70b9c13

SHA1
15314966debd7802738d193cf959c419a7dadcf6

SHA256
720bb523c1d8bd19ef0451ed4a10f961559ed346891cfac59dda9b17abc852e1

SHA512
c0994951690905292b7aece2c69c219c221f5367abc988c38dfe0f272311e16d43b6e69dc73ea9e8936e14f85400ee838ec1882b1addc72f9ed4d6273d83e409

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp

Filesize
77KB

MD5
ad7230fedab4b6c54e85f6fef285f0bc

SHA1
9e1a12760bc1fc6e01ef25dc8155ebc6779cab69

SHA256
2d6dd88b7c4e8a2dc2896ca0d3fafb0b097cd15bd6273905e455387b72d54537

SHA512
45c1dc351be680e4677ecc5f25a29fd97dedf7a1f70494d12ea53862e8cebbb44b7b8449fbe7273889dd91e42876ffaa5d95e941e40b296c78dca98ba3920063

Download Submit
C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

Filesize
78KB

MD5
046d21ba5639240d35fa34528004f611

SHA1
d13f8c49c353624d1dc48c70d46859d751d5a269

SHA256
10eabc96a6cb3801d698cb9a07c85874d514bb7f9e9f73f582cbace7df6239bf

SHA512
ba9b7c29df7e68dd597ccb466dece9ce3d87d31f077231591898eb3d621e6a3998b483139ec64165fe206f7174c9396015e3bad864d5c8348c9bb39beb501130

Download Submit
C:\Program Files\7-Zip\Lang\ru.txt.tmp

Filesize
83KB

MD5
3c569866ab452121b064225be1718fa8

SHA1
ce260973c3db9eeb6fdc32ae2196c0e7546a46fb

SHA256
136a540e5a07ba39dcf7a4377f40b6fdcdc6645f89f802f329015633c9c4d87a

SHA512
07356689304a9dd1375ce06cab2df3a7f558fb9a5fd67918e594860a8b962db755760f21ba3c962f0026e9875780ff0a52daba2dd88b7a31e497049bb343b274

Download Submit
C:\Program Files\7-Zip\Lang\sa.txt.tmp

Filesize
87KB

MD5
16425af4ba355dea1cb5e8a75cbbde3f

SHA1
5de5c2e96df888d3055d48a252c685badc335235

SHA256
ae5e31fd86e14264442fb60aae042602f142410109feb83aff59b697d98d1e1b

SHA512
3a1263bbb302e71a99eaccf8cb1925de57794d9bbb84470fa6f55cd6ed0b7ec2611e2b19381b3bbf2f28ba23b689009617b9feda3cae92b23d088413427f46ba

Download Submit
C:\Program Files\7-Zip\Lang\si.txt.tmp

Filesize
87KB

MD5
50b6d7bb1f5ac50959143899191940ae

SHA1
aaa0a98171c70830f9d1eddc095df5225436ad1f

SHA256
516b35fe44c76592b881976e38c9c1d119ffe89c49890a71531cd8708b1b79e1

SHA512
ca6b8d077b483f2ae86d3ecc80dd49fe951b36d198d1015bfe8e075c579bd13990d823ba2e3eadbd81bcda55823f51d9090842149d02d62499b4af2eba997931

Download Submit
C:\Program Files\7-Zip\Lang\sk.txt.tmp

Filesize
77KB

MD5
1da10a1fb88018ca7470245c8b6a097d

SHA1
4a1e7c00bc0f25c0f9ae2921aabb3b3fe209db00

SHA256
f8e6488fd4d5cdca1aad321d4a34470b1ce587d34c8828a62455a2cb124d3052

SHA512
a935dd44950d4e2658adb38b12712b703356e224d95825102611e223cf339162bb0d955d7878ba4b2cfb8db83ad712cd5e963452bc63e0d4d928dd3d7cf2ae31

Download Submit
C:\Program Files\7-Zip\Lang\sl.txt.tmp

Filesize
77KB

MD5
87e066f0d4fcd7a7d0e72317addaf0b1

SHA1
c5ffc32f5b9001e92ed725c00eaedfc7f95d9f67

SHA256
22d300bc2d7a335a966b4d85c6974437f9a70d7135f51bb1c104d6db3c7a0486

SHA512
2acd15431cb528db367854972b9202dbf99caf9079daae68b3d13353acd2ab9c77ab97cacb8475de686a9053f30ffa542483de127f0bc098f317a4ad2b1ac172

Download Submit
C:\Program Files\7-Zip\Lang\sq.txt.tmp

Filesize
74KB

MD5
78e83d1cfedffdadd10b9a57ed564f53

SHA1
449d9b31ca952a32bf0bbd661e0659282bf7d1b0

SHA256
6022ea134f2b70be9a9fc7ce39cf14ddb6ac436de4f8421ec9eb95aa382f7a5a

SHA512
32381ab8efad628990d520651e188099f75dcff8a1534cc5d7892249a4425db07bb72baacfdbbd6bb743e5466e426c56ee120f4732667c78f79c5f4adbbc66a5

Download Submit
C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp

Filesize
80KB

MD5
719498f71d2ede1753c9666fc9e7b5bd

SHA1
331e1b014c6371a3943181c5fdd1db4b3823441c

SHA256
b7d6686c6aab704360563292d558bdf8d5f6ad54aa37f7d7a8ab07d603e3ef15

SHA512
0c0e90c553f813c0d814da3bfdb13b09a52afbcb398e9f412a5cf5f1c74669ceec84a222690a493d738d6911f99ce423c7b7b8b16e99ef3d1dda8c77447b7e63

Download Submit
C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp

Filesize
75KB

MD5
f891c49ae94b096997e65fcf609e7b28

SHA1
5f01d25b2f753cf1b9a19f81710ac2bea55b9408

SHA256
bdc1301a3cd27b34b662d4752e42c89974ff8c7726e1b9da9bb87f65fdbb8f8e

SHA512
7a2e702b7318cd996f0f915017cd262d7fbae1dafcad82da569505bbf09277fdcf65cd464ca35fd9e2ea751bd18b422e3f36c988785108e592eaa449f8bfae32

Download Submit
C:\Program Files\7-Zip\Lang\sv.txt.tmp

Filesize
77KB

MD5
ada8d391a9e23f436a7b9766be5ee687

SHA1
4da69d6d72cf2a0c60d298dcdedb7614be5985f8

SHA256
8059b55a60f780cf1b1cb04a9b6700beb568c1304edd66652ad36257b2e8a039

SHA512
f4c0acbe7716563734b3448f896167dcd03c09eb34d51258f8ff24bc7a9a991e7bf4e5c90d71cd8f24646b6e3246f4af18a11160e84b95de9ebeca2be65e7cdd

Download Submit
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.dll.tmp

Filesize
83KB

MD5
88d3f39b2de2ef2fe23de5c6bc78ceb8

SHA1
5da910eca7ec9b117cec09e7a5e653d24bd78157

SHA256
99ce9e81a84ecc8e6de3e472c763fe5c28f4723add82508cb30d19453db3fa71

SHA512
003a51d181e56f4c393b6964480d7862e4e5b81b60cea88a719515abb44d627c305cf10fd29ec6214d702958e48526e62c32403c31d6e51cb39c681327a628cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_Node.js documentation.url.exe

Filesize
68KB

MD5
66b409a7b7398f32d1490d9c80f37984

SHA1
9d0d119ec533e8f45266883b68ce27c05e0aea4f

SHA256
dcce43ffe6d68f0d3c4acaa551b2a07865e5cd203413569bbe645ebcc2a2f407

SHA512
52d734ef7bb4948a8efae7b8a9572b772e1a91dc8bda36a2e9dedac6a9370595800628fc825af468fed2106a512242284f4679c335f08d9865952c6984961063

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
68KB

MD5
3c5c986f550b249662299c309d6c15e8

SHA1
4d459ac10b01c78b5b763834034b8d01dc27a16d

SHA256
f1bc57683185139d777606583a08f64669a49e92c64a2903c28f1a3ed7241aee

SHA512
949d640d8d17ccc7a34e3107eea263f7353965cd772d8fcb15f7833e5e3fb7844312f0824f21a7554cdc3c6acbff1a589dc51d0e82294a9e64e8bd63b637f1cc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads