117089def6092047622fb4783d2e07f671763cf84d79517ec0050ffd2ab4970a

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
19-06-2024 22:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

117089def6092047622fb4783d2e07f671763cf84d79517ec0050ffd2ab4970a_NeikiAnalytics.exe
Size

74KB
MD5

3ff412cd8b308a803a0d6f85bddc9e00
SHA1

b3ecb05c31205ad7d361784605f030340051f90d
SHA256

117089def6092047622fb4783d2e07f671763cf84d79517ec0050ffd2ab4970a
SHA512

9181dab2e969f4bbdb0710eb23cce33b15733c188d175c8831b2a2506a9cccb8b028a69e509198c4b2744aca3cf73684ecbd48ae086cc747a57d27674beede9c
SSDEEP

768:W7BlpppARFbhwEnAAJ+AAJr7BlpppARFbhwEnAAJ+AAJo:W7ZppApwEs7ZppApwEt

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5198) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
4976	_user-48.png.exe
4048	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	117089def6092047622fb4783d2e07f671763cf84d79517ec0050ffd2ab4970a_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\Zombie.exe	117089def6092047622fb4783d2e07f671763cf84d79517ec0050ffd2ab4970a_NeikiAnalytics.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.WindowsAzure.StorageClient.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Design.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ppd.xrm-ms.tmp	_user-48.png.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationTypes.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.es-es.xml.tmp	_user-48.png.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-pl.xrm-ms.tmp	_user-48.png.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-heap-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Json.dll.tmp	_user-48.png.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Input.Manipulations.resources.dll.tmp	_user-48.png.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.AddinTelemetry.dll.tmp	_user-48.png.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationCore.resources.dll.tmp	_user-48.png.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ppd.xrm-ms.tmp	_user-48.png.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-80.png.tmp	_user-48.png.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-phn.xrm-ms.tmp	_user-48.png.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-oob.xrm-ms.tmp	_user-48.png.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Excel.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\nl\msipc.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Json.dll.tmp	_user-48.png.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationCore.resources.dll.tmp	_user-48.png.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwclassic.dotx.tmp	_user-48.png.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-80.png.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt.tmp	_user-48.png.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationProvider.resources.dll.tmp	_user-48.png.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ul-oob.xrm-ms.tmp	_user-48.png.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientPreview_eula.txt.tmp	_user-48.png.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\WindowsBase.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\mlib_image.dll.tmp	_user-48.png.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ppd.xrm-ms.tmp	_user-48.png.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.tmp	_user-48.png.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Input.Manipulations.resources.dll.tmp	_user-48.png.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Primitives.resources.dll.tmp	_user-48.png.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Luna.dll.tmp	_user-48.png.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Input.Manipulations.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Encoding.dll.tmp	_user-48.png.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.XmlSerializers.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINDATAPROVIDER.DLL.tmp	_user-48.png.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\default_apps\external_extensions.json.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ppd.xrm-ms.tmp	_user-48.png.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md.exe.tmp	_user-48.png.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ul-oob.xrm-ms.tmp	_user-48.png.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	_user-48.png.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-math-l1-1-0.dll.tmp	_user-48.png.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrjit.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.Linq.dll.tmp	_user-48.png.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\OARTODF.DLL.tmp	_user-48.png.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN075.XML.tmp	_user-48.png.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-80.png.tmp	_user-48.png.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp	_user-48.png.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 228 wrote to memory of 4976	228	117089def6092047622fb4783d2e07f671763cf84d79517ec0050ffd2ab4970a_NeikiAnalytics.exe	83
PID 228 wrote to memory of 4976	228	117089def6092047622fb4783d2e07f671763cf84d79517ec0050ffd2ab4970a_NeikiAnalytics.exe	83
PID 228 wrote to memory of 4976	228	117089def6092047622fb4783d2e07f671763cf84d79517ec0050ffd2ab4970a_NeikiAnalytics.exe	83
PID 228 wrote to memory of 4048	228	117089def6092047622fb4783d2e07f671763cf84d79517ec0050ffd2ab4970a_NeikiAnalytics.exe	84
PID 228 wrote to memory of 4048	228	117089def6092047622fb4783d2e07f671763cf84d79517ec0050ffd2ab4970a_NeikiAnalytics.exe	84
PID 228 wrote to memory of 4048	228	117089def6092047622fb4783d2e07f671763cf84d79517ec0050ffd2ab4970a_NeikiAnalytics.exe	84

C:\Users\Admin\AppData\Local\Temp\117089def6092047622fb4783d2e07f671763cf84d79517ec0050ffd2ab4970a_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\117089def6092047622fb4783d2e07f671763cf84d79517ec0050ffd2ab4970a_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:228
- C:\Users\Admin\AppData\Local\Temp\_user-48.png.exe
  "_user-48.png.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:4976
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:4048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.exe

Filesize
38KB

MD5
30cb8dadf82774487a75f3a6e2501442

SHA1
f88487cf377a69d79e0375f867cfe8b1deaae0b1

SHA256
4ad580aaaa59e603998fb39eb153270d89088c65e7a04f5d4fb16a328471658f

SHA512
ff80e342691128f58bfbea1c515daf0700ba3206936d72f6c9c4dd2cbbf784d2ea67100ca8770ca0e904069b2e149bfac617eff17900adff25ba52c3a76efff9

Download Submit
C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.exe.tmp

Filesize
74KB

MD5
075d8a6e6031a5459a18473c713f81cc

SHA1
c1224cb9da7bf5846d1370460d53ae69e35cec40

SHA256
58c524a44f0dbc397b5cf77c502b5d4b32d92d6f01ca43e11f58ae472792312a

SHA512
4acca4e2979f908db676bb3abac20e2ca837fa5537207c0b5b2144ff99f20f2179a62a7ce88f30786c4a1111a50c03f6376edb9935d362145889bba74c68576d

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
150KB

MD5
2707478c6ef9892acf8a93adc5a330fa

SHA1
6ded89d6985957ae6c527e23e9288e5a28a1e827

SHA256
c0f68bba3ee5aac3bb30f396d201eb54ec4146ffd7455c985181d0e5e09b2c3f

SHA512
9d5de6bb9729a94c349a54cf395662fd40d4d30f2866c45923656fd8bae5876f2538f338bfe973740e7d42bf3ddcaba110b1d73b280b3210a0aca63421f9fd28

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
102KB

MD5
18042e2372b3fd4041d5419305dad5c9

SHA1
a49524a65722f99d5a954373a0c2847c31a33aa1

SHA256
3b02801d0c27312797e2361b3004a2064e3fe3b88c3d84fb1cd460276c7dfab0

SHA512
8e4a46049e9d3a290d98016297fe71f3fdd24371296da8e9cef7166e75cd3aef681b131d54d1b161dc7014cce7df3c9a0c2d9a23edead49695fa4074368b6ab5

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
5ecd108bcf3fa903e817390c493ffe38

SHA1
742d13fa9d73d9c318042228b69284e727cef6ad

SHA256
18181c86ceb2050a454dfcd5d2a3fa64c074760ad958e351a877e4ac5d192ee6

SHA512
4b350aac2bbc7603af573190e6804291844e24a164bb47b035f4ee6fdb05c6981c9188c1c1f45fdccf9b4a4e3034472c46ac9eca1f0acb47c05340b01a3dd10a

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
581KB

MD5
710e07c0c3bcb35a12f9d3185fecf717

SHA1
b7ddc2f43f91c3ad8b0a9000400d6dd70d826389

SHA256
84568a3b10d9a5cbf5cc817f67b738e325b0ed177f908865c95a9b18323b0e6c

SHA512
e2fc02e16ae9108e1f27dfa668fdd28f01aa37572b68c8ef7ee7992b8991f09389d463f47af6aa2ea0c17ab7ffd205dfe8b9bec584e206e39c660f0882d8a9f1

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
246KB

MD5
fbed3ffa625154653d1751d37f025a19

SHA1
c8c6d0fd3a7014a08a57650218b5ab5bd4400a76

SHA256
6bde0ab570d959b5bde1a9db3a653a877a40dd66fc570b374d198021c7f6f200

SHA512
bb109593224bdd473bb2c837dffd8be4ce60abfa040bb191a081f157aac7a8ac77be2b9916f24fb946b40ff14c6002f21b1383d20d685cc91627f736e80f9876

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
968KB

MD5
88171a44f835aac5f0b0e460fb4e4c9f

SHA1
83cd621999fea5ecc786b23d6c59e07555bbd3e4

SHA256
7075bd2e6115e167089371ed861debb10f164a5219d6f321e322781fb4fec4da

SHA512
fd917bcef0c71d81fd91edaa73f858971037063a708733e909f7b73ebfdd060fadea11b7c57085ca2c45600f1b0a1e2f721ab2b2e5fd5a23b4c95b03f5d16d9a

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
721KB

MD5
ded1c8b728476f31684114822127ab94

SHA1
e72f81b0e24ad5af2fdab5df3c7d34895a3ce4cd

SHA256
5ca08e94536709a0acb01c5e31942d7bb3e400c1dbb15bdcf5c163b7b29b9ce5

SHA512
7175c13aa5f2f6e391fd33716e6a649fef2b4ce44f130b1745e9438b478cb7906199ca5b6445dfae74b8a764e7c996d9f525813be37eacce59c6fb792f4d32fd

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
94KB

MD5
de333bb7fbadcde2768a6839e1a1cd6c

SHA1
58cbc2f119a0cd541ebe44bf3b7010c617a286d3

SHA256
c92953668dd45b1f4a80af636b33ced4b1ba3513abdfffd524414ede80e14c40

SHA512
947fd6b8fda652e0f099f59311323576d013823672b5c14f0435eda6798760fa08f1314e02e55cba10f621530ca967742570b89e7019e0b4657f82345bc1e350

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
46KB

MD5
ba72e990b19e68d5b9c41d4fb3fa2318

SHA1
536f3e0c8faca73298c9667e24903870a546129b

SHA256
bfc9faca98cc93edde299008bf5e140339aa355b5a57eb45cc31d3ac9b8dd270

SHA512
ca2bf45c91a458fe962b398412323bbd74fe85ef52e9c0b9ce9cd88717e9cab033ec29d7ee9035849798f8fa0ea8b4bbc4b1d4c751fb6c9dc2a9db63de5b78d2

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
45KB

MD5
c8ab5ad224a3760547a87f13978b22f8

SHA1
3d33a29abde936f4fb0f08cc3bb7d206c78d46ff

SHA256
f8ec72a62efbc8a32b40c6cb858f1c23c535bf9f30f0984efe2d7ecda53a20ec

SHA512
23632524ea610907776d2ed48716d5dace1fb30c022fa0780f45ffcb00ec4d3a9d540df15ca7e92cdb0b7551ccc00056d0327cab5f10d958e683e5dd2511e310

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
50KB

MD5
e1ccbb79d3b6da133ceec65996f00d80

SHA1
bd70381fb86c6cbb992513b546502f3e3e6fc0f9

SHA256
f4ae1868f9e454ddfd24ff0aa5a853c33cc36bfa7bbc5721dc535b59a5786081

SHA512
919dabfaa37d4bbbf884aca982d6378f70c517922fcd29658f9b0fc38409f1dc6e63cb45b7323044292c947e6d7862aa1b0e324c7678309348650b9113df9444

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
47KB

MD5
794d7c4b6f9f2a8635ba87c17a0cd0d4

SHA1
a0afb4e37565fd51fe151c0a38efe91be0d72546

SHA256
839da1bb32295c6054d050627b8e014778f7f9425007ca004a8b7fdb9e81785e

SHA512
1b92164cea80b2a6c95a2f420952462db65f3cbdd26756308f7f4f142eca3467c79a9c03a1f2f5ad116c24bad8cd612f4ca9f90e85f5678fe8a1adaae33a6245

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
48KB

MD5
4659f25a6dba916584a6e5c085246186

SHA1
2c48f20e5cee4254a6df3c85416b752f467e4e91

SHA256
f057bd16a6f9a04517570660b08cb8e47e21e50ccf43bb002fcd63a51ad35dac

SHA512
979eb31f08c22bc1006e3a8a0c9cfb8c08517fb09ee2fe26eb812601f69fa129145b3f4e6aefe56b33c831dd2468d7af4443c73b6727bfd81fd188f18d3028cc

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
49KB

MD5
0e84c358e65fd8b01b3201574e419aa4

SHA1
a0dc2c89963eba8c062674f7c11af121fcdb0341

SHA256
898a19fbf8f9c1b30ac667b689735bf26421851daff7286231cce4a562526105

SHA512
6b71ed73f78594832e88771cc315255b737f87bf2d8320de8ebfb77ab7b670c0c94383a0b4f074e095d43013c863dea683c72de711b494f657f36377cae9f259

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
50KB

MD5
2933d6ae8af93d293087bfdd6374c941

SHA1
2ad2685b1e11f9409a77a96994499acb4008a71c

SHA256
d2963c931f386831f44451542e2129e303ff905db3ecfb5795d5e9313eb924af

SHA512
af492b5973c046aeaf3b9f6e97e2fad5b3b7391dfa19dcf61ac196426469628977e0128b6af0466f99cadd627914421483ada1405d4a752ab4c3e3b75d2fab09

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
52KB

MD5
c323169efe8d1b5fef2769b37a3469cb

SHA1
437983a6da5b77475f99c83c400d7cf94283336b

SHA256
2cab73ef6f56b03d709298e9d8381024d479e1ff90177e294856d4288be5af7a

SHA512
f3c859825a5cbf00971e9674af874fe92cc88f2fafff008ef7b7bc99105e91ea4de2996856a76906e8370065642c3acf594fbcaff305548ed45a447f60d57c17

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
46KB

MD5
1b736622d1bdb40de36d334aa1d495f3

SHA1
67197ab27134ad428df19ecc61321a28b9e3169b

SHA256
4c5a1d9895eed5645176edc71de5f6d1197e6f1f8f42956563268c41d2533b62

SHA512
309a876939512aeb31c11f040e228194a86326ee1582c4f8036e1d49a603c7c25d389fbdd8fac3c5b4de029b704b8294c8dd97fa51ac1fd03bd10de40d89bc89

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
46KB

MD5
c180a42a78292af567417b81b44043ed

SHA1
44ec36882c58bcf4e67cf4000604a923cfdfab59

SHA256
ed229510ad2c133af9587318f9d66ab6a38b200a0c166cb3a623c0c7b56f1aca

SHA512
042b6fe649762064d1075f25d7e331f0827548cfa000f8b7f7448c4175104956b39ff6458fd0cccad1af10917a09176141100c2995585d6548abf93f7bb6e959

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
54KB

MD5
79c0be2f7c6e1e9d0de7eee8c3b432c1

SHA1
4f927b0aa554783fc6fc047791b585f11d8ed6e8

SHA256
ded8da7f3578f1d73ac7e252358a1b84a7a62825d589681155b0d10c0eacb46b

SHA512
1be83c695a1f2c139076e9d1de72835393a27bd54c9fc20c7dd9ab3292b1b7ad946a48dd4839256eab6cc1950e706549848c61d692f09a4306471e0b901ca2b3

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
44KB

MD5
b5b67dbfeb824516b0ebde1f61992542

SHA1
5c6e461b6dd8688582f4a61ceef4a137de651cf1

SHA256
e826281da9ac792fbcea17c728a571e60b03ebacfba8fc2ad6f27bb580a5b95b

SHA512
c2152021443984885049bc2aa84874d102c2c64f55c6fb259ada6b4ccaa42aacff5075f33afe21b9bcf7f52a586f2562f4221ca88276f8f722ac4e1b7ad5ddb7

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
42KB

MD5
2070eb930eff08af3df3187454beecdc

SHA1
a1513fcd3aad4f26c13f49f956b5b7f3a7b97d92

SHA256
462bc1fd4606c20398514f476e4270e3e3b34f64a69ddf8217a727d3c838e78d

SHA512
10c72ea66ce293ea0d2f15f3512e659463a759b95d18845467b78c1f3f3a60891b173cc8a85929870ff02597edf7bfaa02a9dfceb6d03460d1764199e63e5162

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
43KB

MD5
687dcf5448cc91ac9a0f15c1f1e82cad

SHA1
3210e1a2b1a04eb51fbee546bc1d4e17e81c1488

SHA256
8a1f5618d2a967295747bc1a0373d916b7f0735cf4648226c0d2b61377b609dc

SHA512
8d30ec39a19d8c09647d082999eaa68c7a540c587b1f93804c62562b7713ddb4dc635c8cb182c8ba85eb471df1c3b9406fe56eaaac021a08b1e64d4038686ecf

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
45KB

MD5
61f6b5152d1d27bdbbf30f127e7d701a

SHA1
7935f4f9b253f7e458192ecf23eacab0559a1543

SHA256
84d6be6bb2ad195aa61a1481b0744746a1bebdf40415ec762272788aea80dac3

SHA512
7be84879e95e3588596428284f5c2c3edf18f9133e4ca2068cdbb0f888de6e5b86f7ef16eda09b2092a7d7a50da8150f26cd2e756995667d6c9c821570dd6483

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
45KB

MD5
300dd31641ed0bdbf457f2d7ea0cd84b

SHA1
4f5b4020610e447e9d755a32de7950a3bd910614

SHA256
7516ba00aa99b78a8982cfbe88e8d1a291a26f6c61f91bda1ee2a7ec022c5a7a

SHA512
fa7149a64c407c8e9f5b2f82d6f3127cc6d5605f16269282ac20f921b67f894a54025327c90c9abe5171939146db08bdd51a120df76a53a1c628e0d1b51dd650

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
46KB

MD5
34a1b79737910c0e47f9fb4f5c77beb0

SHA1
8881b6c0478507cf3081de2c255d9936b7412da1

SHA256
420f20db48760e7b97de24945f043a854c8efecfe533d137ad7130686bbf14e3

SHA512
9efd1fb5a70d6eaf619edb997c345080ede8d5f8c766e33e20e8c7494183ddef503c1b1d9ba45cbb29b09f46ac601bf1c37c01c8e436873449611b5bff49a5ca

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
44KB

MD5
12e2494bada418819a308cba39e3042c

SHA1
7fac030c235839387af6488ad8848a4781bacd04

SHA256
0051519283a6031915a9a0a02bf085eddfceb75ed4ebc6b32ffa71e38ee4e7fa

SHA512
9531f8af79fee99ed9d4caa651fe76dc305d428e49d872fbd2f7356c44cec49aa148f5f5534dcaec20faf5610e6e3611da7638dab01ccdc8d84260ba28c8330f

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
48KB

MD5
0282146df0aa2c1cc245c6c1aae2ff0a

SHA1
63003adb2ff6c238071d009b00522b7db6e34ae6

SHA256
793cd3fa8f7add2246132c37ad653298bf29b8fa5015664fdb31c4e7a19c785a

SHA512
0a93e4a1f1f43bfbc42063430720ae8c063137bb7f509300e64a6512b6289f8f90dff1645934fbeaba2fa744855370f45df41f945adeb83fc26cbb9edecd066e

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
54KB

MD5
fe046c851c20082a61685656693c47bd

SHA1
40b2b2b35c9e4027e8eae6ce6306e66cd409823b

SHA256
185214eec8d7b1caa5c8910a68958088d71231a61951d985221af9c090964531

SHA512
7c6e24aa65437d91fa3036349d61d145cb352f28fdcc7ae87f99ccdbae53a7eacf35d089e833fdac14f8d3b89d29cd606ac25e86786d054ae17e2f4ad3768b02

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
46KB

MD5
b6ea7b6621441271d6ff8cece51587ea

SHA1
047b3f32f2fcc69d363696d0345e22ad5c74c8d1

SHA256
199f24890bfa0353a1ec759883058d2d640c9f14bb8fea4b3dbe75b746898572

SHA512
c27a380188ddb3871e8177d1b4f9bbd1432e1a33b4e830b61bee43abb28ac8b8d608d008177b4c933266b79b0b1c075f4d98a421e0e4e373bbc059cbd0ad8373

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
47KB

MD5
9e59b3bd95df59602655c21573f9aab4

SHA1
e6063c598e35511115fc45f6243ac79c39eb4bf9

SHA256
81183ffba18a695ca153a255cf7bd6cc7e882941e9fe6685d9638f1c7aa768db

SHA512
18709fb172a8d5739f4fbf57bc82591873d1172217ed9eb60edddcf0fa9078d8b89f15fe54cbe0ca5b20bec0f31f3108b71d775238dce800bae38f1e52ff309a

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
47KB

MD5
5717eebb57d5038b98bc6b87363b816f

SHA1
2a06a218d171e371e7ab64c93e5247a74bd7a37b

SHA256
89b1a957bd905de0b27213329210500ca266d59f8a9a01bd14bc082a386483b0

SHA512
99fefcd7f12836b52cfc86eb4f63a6514e996783b141c96c36e11275040bee9486ea901edbf17fe387b92768d0066683f2bc978b348ccc923e211784cb75bd51

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
37KB

MD5
538a5a98fcf7baddc437836233edfcd4

SHA1
50f3ff5a8cb785635cf46caa94afd374ff465b62

SHA256
657fed7f05941faac1d9d60e2173c37f82688ba22d49143c225b2cac392a149f

SHA512
b2047d38baf5ae0857160ed45c7111c2aee6cad70bb0f5d6c70fc34b1a097c620bdd5202ce5f3606ceb7ce18fdc519d4c43fbe04a93ccf7cd7c8e63499c9a57e

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
55KB

MD5
43c3a72d9a7188298f2d7a66b82a74d0

SHA1
9283950d1c30d67ffbf483064d472c82884393ff

SHA256
e42f6984e5666e296c7f9d5fba78c02bdb41355e309d6e10bcdbadc7042a1198

SHA512
e32eea16d165aeaa6b1fb98796606a591089a0caba0af417dbc5ac8c7f3c3c5cb526b4586d7ba44c2b3263d79e0f995292873b859b33d32b4a6663a32c0906e9

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
36KB

MD5
8dd0f5e001d8c99e7edf8f779d694e82

SHA1
d0b2f5114db40b9d47cfd698e786a28c94e72180

SHA256
2cecc2a1325ff9c80932bdc4cf7630dae0cfa7a6a89eba241550f4ed7bc26d5e

SHA512
a0a396a4d4ff5ca1ecfc7fb959cb8557339c7351d062207987f7060d39e227a8554faaa39a43d8964f92c7cf03125649ed903931502a1cc418416005bad9724c

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
46KB

MD5
43af973b0feb8d6a572b08c25ea94c98

SHA1
24215d7a01fdab262196da6986d0a6f8c594a38a

SHA256
90e236e5776c2e2b0624c9611d32b4d694b87815a36644da11361c4dc505d24e

SHA512
0a1946ac6b79932ecbbaf2c599886b30fad0b10a542f50c70a19826099c024c278a774544eb3793e75f1cd5a53f7a1de88a3b5eee07bb1f049a02c5c53fe2772

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
36KB

MD5
f89680389e5fafb54aa7158fe4e03ff3

SHA1
268c3e2f92bcff85e789839a7cfdb850c55804bf

SHA256
a66a68dd0b3a5783b99019a632c96e49f763e0eb846ceca234d588c846999c1c

SHA512
2aac33e44cea4b7554823fdc0f069aa7b1ee9673253807712ccc709fe3ef4649dee95e7ec7c2a730dc3bed75b781c22526d7658fa004ed0788dc8b6f6cd269e8

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
47KB

MD5
0fbbaf8cad96310d4fe3f2c04bcb2e15

SHA1
f90c54282fd34006dc4d353aaa94bec6f896e981

SHA256
a3b3fda5031903d9a2f70cdb81a73c8013a419e463393a3aeade00827d1a4a6b

SHA512
fc016b71ea11f53a3d54b03df41f629c148cedc4d37e3f81503cb53a5d7b262c53a3995d222c0669eca474965f5ecbd093875143c5e97b635fd268e9df9f8827

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
49KB

MD5
69d109fcfc663493e498cafe1f51f900

SHA1
3d1b86ca9def2198c3a799a4b62e5bff409aa359

SHA256
8a98b2ec052550fcdedc3c5f88612ef5604862a01ab7f27c3e2488eebf355e7c

SHA512
107cfe4f0893937f77081328451787c773cf79d9ed14a883db9657cd5d4f051153747f7606d26217e4eecb2276c71f8c0f9e799aa57579f592bab2c58e964df9

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
43KB

MD5
5978891427fc55ed9ce2271da040a2fe

SHA1
b078d34cd0c218ff09801607311365c6c2d3eb1e

SHA256
6d32267875c7e0a664a510f1816b537d6169630e1fa0860050616c95e4d0f82f

SHA512
d7f1e4b5424aa4e9a4f82dd784643acaa8f1ff12558ba2eabdf8483a8714a0db87eeac6fe129a43e984e4ac07ed79cef3830d62d7c993e270b19b511a6d1806e

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
50KB

MD5
67e56d17f6033bbcf56f83f960b74d43

SHA1
86f9002d4beec4d5325f8373cdb68df9b790c0ae

SHA256
891c92005555e05e075370507836eda15b246d25387e724ab8f1f1ab69444761

SHA512
599fb1e88c88e8f09a5b8449152b73ebeb3856a8a6bddb9f9e44315ff3bbe9bfa5a431277528a2dc21cf0bf75039f2ad597d8bb00c181ea8a759344b854cd030

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
45KB

MD5
a5fc23b89cc930a1ed07b8515442927a

SHA1
4aed74d234b56aa66f152bd5571dce0f69cd2639

SHA256
5aa3e56df3ee8d00de08918d500e0b208679ae6ca19b74f05e3742466572df70

SHA512
3a1a8961a1f68154607ef6904ddfd697940fdca929c27220397a2776b69ace659b1a4a2533b5db6e5bb79eb6c3ff88c80e797ee4315c8415475eaa060e6948b0

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
43KB

MD5
2fb8d763ea86aea0d3ad43ed7c8b21b4

SHA1
d81dbca85048adfc79393393175f7334394291d9

SHA256
e655d60abd3b05201d4846cf56fc2e3be03ee8bb2135dc9e5f8c2d123f3a5bf1

SHA512
a64e44d0d32c6bf4e817d46461af57eb687d4bd44e7e5731c6fbc53452c3dda581f9857128f56729b2e75843ec6ce7ba31e1a3cebb209a8dc5a47ef8edda7e41

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
46KB

MD5
5e384fb448e1c2c0117138976b2ec71b

SHA1
a269ce7d6ea0c4455ec2fda739619d25fa29ca48

SHA256
ade311e5d06612ef9c190b5c877afaf3c8e54a368391bac782dd97fc6632cda8

SHA512
f678690912d218330a50bd6b539f590989f632f793c33cda7bdecf54efdd6dd15f7bc4e9e5a9005f95e03908a8735dc3ab5ce77677d3aa93104cd29954a1c850

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
57KB

MD5
9150404c818a292a945ad9ee0fde08be

SHA1
478f9c46575103764ae886efff029027b8edadb5

SHA256
81ae925cecb354addaa35546093a51aa17f3c7aa402c35cef71456294d1e0229

SHA512
e15673bfca0abea6e578e48d06f36e24191b624070b8ae872a6dcee3428d981c8a7564500cb70c7157eb9c725a5cb4e4982adf6fc4457f3442e0354fc314a88e

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
48KB

MD5
92a839e8c859a2ab7868c12f141eb0ac

SHA1
d372b741856dc3cb4922592764b122730ac3cbc7

SHA256
0da4305c0c7ca59cc24d1b0241b92c148574feb692ddf8c5c7c1b5a167a9e502

SHA512
91f6097b0842ee4a77cbd3886a606b4fca37934cc396d443ad91b5b73cc15763cae81efa86aa067fd5682b23c3adf8d01d5ea1bdbcbe2362e019542714a71146

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
43KB

MD5
7ead19e103f7ef696238dc84cfdb2a27

SHA1
3d2b2d18229f0a45f4c28fbc4769e62ef5abe7bc

SHA256
017ec8cd1598cb8c367f2d5f716adf0a79e5d8e4b5cc0eebc78b6df95f3f16f6

SHA512
05003f7fc6697c5023b34ea02243a142c8d1bf0ad6e951a3c71dec6a6eb157e535d1a15a52a5bdb8242e6e30bf5ae5057b3ac0ecb2aae99c6914858c7d518991

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
43KB

MD5
9308b5a41466d965f12d8e64f10207bc

SHA1
95ef84eee517069b571602e016eafc7e0d92c276

SHA256
cc2ea84f26ac3aceaa667e51588b41032ab1031f3d92243244f9c742789d7eee

SHA512
ffae3415d7dce34aaffb1e23f33df73ead977e8e19d3d7789c8e1dd6d0c804c9c989e58f344e46cec9889b972f80628acaaaca5864765b5ca582139a3760e20e

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
52KB

MD5
22c57a2b2e71843e74635ad7d62f74f5

SHA1
5500312df68649e080bc8831c977c7a2048a8c11

SHA256
5519b6a41fe39a7d64e5b02d9daa680b0f861df40c4022e6f222762d43176e93

SHA512
791379e7cde684019e119e8b9ddad04b12f752d35d9f7ff43b88af1d5d57a6e509accffc8618dc82544ba8e7014b70ac6529b0b07430532afaa2603df8ffc4b0

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp

Filesize
46KB

MD5
8e25c7dd86071b1ffdf57ae5a4275f32

SHA1
d01b779aa5499a17913a4c4820198c123df86792

SHA256
67f9e6251cb44026c103e6816e089b0134d025d3774f16fb776f7026a87821aa

SHA512
69ff05c1cf9ea5c19a91afebf05a75aa748dc16e90f20d1f4a5aefbb0475b973f0ab7af6314806a126eb1799fd49c5afeaabfafc98202c2caa307218023cc76a

Download Submit
C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp

Filesize
45KB

MD5
b0d12b8b2a661d369b5b6281c3870b20

SHA1
8c71e3349d6e30285c6e071bc1a3ec2368d146d9

SHA256
e1879522f6aaf753c5e8ce0c577c29a8a17cb0f4547ab130d718afb97536e2f4

SHA512
0c70a2b6d746b232046d08161aab3bf18be71c9c535a18e3163276327bfe9c73e7269b8f9c68c0f77a4837224dce8f843d542dee01d1e334315e9f572bc51599

Download Submit
C:\Users\Admin\AppData\Local\Temp\_user-48.png.exe

Filesize
37KB

MD5
1ebcf25c2b89b5ba06900919a042c8e8

SHA1
f7e7c25bb4a750497a571602d7ef7767482ef81f

SHA256
ccdf2e040ed3bb4ca0e82bce8cf3c2b2ce9000e88b3c1500f11244e03f012a87

SHA512
6bab01aabab86215d6068b0431f7c3d3fbcc01bb2bbc1f1ce3f335f2261cc32adc968b63588f80bb2629f08261c39f80a59a78a182c5b3739a813316aeda3a73

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
36KB

MD5
f7ecf1c6ffb0e433be2eecfa83c899bf

SHA1
8041adac6db044b99897ae6e5ad6283b47dcca42

SHA256
e89768cec33cd3c62d74776cd730bb8df45ebc3eaf46ab29c390e3ac1f2aa2b4

SHA512
b70f5f9924a1ffd62f0930fe0d071fc9e5e7f048c0bb225ed51440ff98ee5b8f4a7778c654e5adee6c3128b32ff420a5467f760e41313f07b209a2062b249dbc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads