518c8656f735efa1399cb53cc08ee4fe58497cdb8e26b2462723eece76992c7a

Analysis

max time kernel
150s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 09:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

518c8656f735efa1399cb53cc08ee4fe58497cdb8e26b2462723eece76992c7a_NeikiAnalytics.exe
Size

141KB
MD5

60a7760e0ec48f77bd1d1d29b1d498d0
SHA1

1b1276350adead01831de2b9509b199483504f57
SHA256

518c8656f735efa1399cb53cc08ee4fe58497cdb8e26b2462723eece76992c7a
SHA512

60cc5382086d722e07ab4249dbf957cd5a04d942873fe3dd64932b6c8c1fefa274b395b8b6cfac112e933bc4981ca851b15da2ee1735ca13c971d30ab6fdbe7f
SSDEEP

1536:W7ZDpApYbWjIoPyPoLzV7c6Sh1X+7ZDpApYbWjIoPyPoLzV7c6ShE:6DWpvDWpj

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5175) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
5016	Zombie.exe
3720	_update.status.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	518c8656f735efa1399cb53cc08ee4fe58497cdb8e26b2462723eece76992c7a_NeikiAnalytics.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	518c8656f735efa1399cb53cc08ee4fe58497cdb8e26b2462723eece76992c7a_NeikiAnalytics.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ppd.xrm-ms.tmp	_update.status.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\msjet.xsl.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoCanary.png.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jawt.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\CIEXYZ.pf.tmp	_update.status.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ul-oob.xrm-ms.tmp	_update.status.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Common.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClient.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationUI.dll.tmp	_update.status.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	_update.status.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.tmp	_update.status.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4.tmp	_update.status.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Dynamic.Runtime.dll.tmp	_update.status.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\WindowsFormsIntegration.resources.dll.tmp	_update.status.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\management.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javafx_iio.dll.tmp	_update.status.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.dll.tmp	_update.status.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt.tmp	_update.status.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp	_update.status.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\.version.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\ReachFramework.resources.dll.tmp	_update.status.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\Microsoft.VisualBasic.Forms.resources.dll.tmp	_update.status.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Design.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ul-oob.xrm-ms.tmp	_update.status.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-ms.tmp	_update.status.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\cs.pak.tmp	_update.status.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Primitives.dll.tmp	_update.status.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\PowerPointNaiveBayesCommandRanker.txt.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.ZipFile.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationProvider.resources.dll.tmp	_update.status.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ppd.xrm-ms.tmp	_update.status.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	_update.status.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\javafx\webkit.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\glib-lite.dll.tmp	_update.status.exe
File created	C:\Program Files\dotnet\host\fxr\6.0.27\hostfxr.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Controls.Ribbon.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Controls.Ribbon.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-80.png.tmp	_update.status.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicuin53_64.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-phn.xrm-ms.tmp	_update.status.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ppd.xrm-ms.tmp	_update.status.exe
File created	C:\Program Files\Microsoft Office\root\Office16\officestoragehost.dll.tmp	_update.status.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jmap.exe.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\security\java.security.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ppd.xrm-ms.tmp	_update.status.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsBase.resources.dll.tmp	_update.status.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3152 wrote to memory of 5016	3152	518c8656f735efa1399cb53cc08ee4fe58497cdb8e26b2462723eece76992c7a_NeikiAnalytics.exe	82
PID 3152 wrote to memory of 5016	3152	518c8656f735efa1399cb53cc08ee4fe58497cdb8e26b2462723eece76992c7a_NeikiAnalytics.exe	82
PID 3152 wrote to memory of 5016	3152	518c8656f735efa1399cb53cc08ee4fe58497cdb8e26b2462723eece76992c7a_NeikiAnalytics.exe	82
PID 3152 wrote to memory of 3720	3152	518c8656f735efa1399cb53cc08ee4fe58497cdb8e26b2462723eece76992c7a_NeikiAnalytics.exe	83
PID 3152 wrote to memory of 3720	3152	518c8656f735efa1399cb53cc08ee4fe58497cdb8e26b2462723eece76992c7a_NeikiAnalytics.exe	83
PID 3152 wrote to memory of 3720	3152	518c8656f735efa1399cb53cc08ee4fe58497cdb8e26b2462723eece76992c7a_NeikiAnalytics.exe	83

C:\Users\Admin\AppData\Local\Temp\518c8656f735efa1399cb53cc08ee4fe58497cdb8e26b2462723eece76992c7a_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\518c8656f735efa1399cb53cc08ee4fe58497cdb8e26b2462723eece76992c7a_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3152
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:5016
- C:\Users\Admin\AppData\Local\Temp\_update.status.exe
  "_update.status.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:3720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.exe.tmp

Filesize
142KB

MD5
400f608c143172b578cdf6dfd9a5e06c

SHA1
2f07f7fe56fb9cc9528c43be13817636189a6627

SHA256
73891f7a7431bc7a564ba290695a05e967155d7434f7438db17d498e2807f1a4

SHA512
a57dc58294b537b3e9c5d8dd3e4df1e5673d75925beae0079743bb386d636266c110f5cb2f9c0e602da8154beb384dff47cfadf22dd0ed70785f1ddb54c89d90

Download Submit
C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
71KB

MD5
b417239ccb32e42c322efed99ee47d4f

SHA1
18483fcac63e2ec3d3c2d6f9af7812aa3493b4df

SHA256
d4b9d9a171ceb7a910fb59698ec4f61531a969be28700a3cb8e739ece1c65cf7

SHA512
63fd315c79e0bd38c34761875b17b5c29e120c0114cdea8bd6083222e75bbe8b1e9651183ece601e4a02e072e504c693b7c73c0ed2e3752102819f3e28d62588

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
184KB

MD5
62a399f55e4a5881618c7030cb74d748

SHA1
c7e9d09f563b4e8343929afcc3f6bfd97021167b

SHA256
b2d38b6a0a4c0916a58f7a62f62eca5338351b4a54b0097427bf3e55feb4c702

SHA512
c33f08b7811a149811279374ecef21fe53c139b2bc44bff80b87f9cd16c037b280668d4de32106917b5c838cac1270b8abcc7030842b9a97a1be9c73a954dcba

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
170KB

MD5
22f2317692c3b5cb4c615d2f44f5e0c2

SHA1
117a79cf6d0de03a29c117bcd7e96dce37ee8dc8

SHA256
06de462065ce28133b1a5562d2c576b95a6deeec9b5c3446d4a595e1e05407a8

SHA512
9c761aa76ac538c963fbf3b8c6ab8adf765607e7cc5fc65b7a7c0314e8ef51bc1dfbc61f01bb45c6dddee2eed15e90aeda285bb0c16614e28f588db1e322a9e4

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
136KB

MD5
9f095ca9fb4683cf38a9e1dae21b6785

SHA1
770956467181c9694414999127f7e2d86028e154

SHA256
f8f82f56ff3f56493fb7a56134b0fc81fec087c6a907a8958c52b786b32a45ac

SHA512
270e7226a538a32161a0fa6d7f5012174af26c5ea0a567ffdbdad5551801c68a1799860c73441c03755b9ee450cc98199abd883527a4e012b9747e50f3680c68

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.0MB

MD5
3058dd34feeb3c478d6fadde538cffe3

SHA1
cb548df4867331bddf89f793412721e32791ced3

SHA256
86fc413c8156850668261d5e959707196207996aa57599f95a7274ce1d14f0a4

SHA512
59537326aef668279087699615a6000cc519e523a9ffc6cef9301a2841cbd9880298a0f9ebc71836cdf171ab91f7eac05cbaf73b1c527cebc6367430657d1971

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
f09b12d1fc51dcb9f60525e9e50f9d86

SHA1
27a0358d5112fc5289c36ac1a2402d8d45dcf313

SHA256
001bbc2196bc821f9e2a430ba9c0dcbae80919ec252ec63510c166fd75fc2fe5

SHA512
2cb5cbb49f9a333da2ddbfbac554577c895e2b5fa3d479d5c7f499805f038867f8e9096b4d4b1161776cc4d88ddaef244f062c5bec80f2122846d27300a84f7f

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
615KB

MD5
b9dbb8190c8ebc8dc6552f0cc5d3aeed

SHA1
5cb46a177283d1dca1a26a42689c06afe4388f1d

SHA256
764d6dce5eb7f068347591461e2f55706d21c4f1c742291634d1a6721d435c1f

SHA512
bdaeb1316dcdb67c2ed3165ddf9f6e7bed113d5460b42989a65885d55adfdd7653ae43b1c70405efd1785b705fc4030aedb4b10ac9714db1f515c9a952071033

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
281KB

MD5
ae72197d66adb4476b5e35ce1f2bf13b

SHA1
6dd2543cbc3207a0966f49f03f44dda7fe905b53

SHA256
175fdda5af70458f2b170013f5007cf1e92b0a3b31e3d2030a685c84158237ce

SHA512
e57a194c184c880f87d29ea2c94a562076db6dcf1e370b0779a6970c418b14ac09bfbeca38b7d07ee4151f3ee566338d06bb4d71ef3f0e4d209da179ec7b33f0

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
260KB

MD5
b71ed09808667b0f62955d33a2ff743b

SHA1
6bf7f937cdedc83683573f9f711b0f689e04c65c

SHA256
fa2c62f70494370cd20438c445db71da1d3f674e34ed8e49458e2aca7ded542a

SHA512
4374d19705434ec4917b18d892f44f4c2ccbb884962bfbe987a5314d594a1f41a1c5a401e9fc6d70d625b90ee9f2f07e24fde597f70061759b6e7320aa48b7dc

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
732KB

MD5
a34a2d45baa1a1654a163255a1fb8672

SHA1
b16940f1d34a976aaa19792ebaafc8bfd9bd46a8

SHA256
b0e9134e4bde437b1b1f2253123a7ff875ae89d5d344bec684a5c6b5e70c68b3

SHA512
576b736f279cb556d13979d081652f05cced30860aa40995bfe3136a52776477979a73c0a21e513d563fdf97523c00824d8a69c4fc4ddcd7e57d12a3be82323e

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
755KB

MD5
266eac4c5b7ddd59132cd204b84b0b7b

SHA1
79889672c49aabd942bea1dedcdb6f262e9e71f8

SHA256
0245a1de542d27ea3c129e95745924471d0e4882a68e18da18a1a3b78cc5ea33

SHA512
136e19140f561452e31caecc7040d5d2d2e953cce3055224c07b36d34ca10be87ab5a9a664acfaff47f42312a94380d05979ac88c99caccbc2d653f6a0ff0440

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
128KB

MD5
375d68e6131cda08f228bfa522c11cc4

SHA1
327d9026a177c3a4800e8974845c1a59800ebcf8

SHA256
0e743d5b392bef5af4223df949f33feae4f45f5062aaf42857a7dc00c5b3db5d

SHA512
4121ba887151a5c4f792c7dfe12fa42fdfe4ccc6e36de34578fd2aa506b6572ded845a83ec97a7fb535ad59caf912cf6f9e2117d89760802e98869c2860691ad

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.exe

Filesize
81KB

MD5
4db5fad950210e10852db01f39a49617

SHA1
c2c9af34b4ecd25861e21957140371511d20d82d

SHA256
386eeb823905cf9012329bff27ee10de3696e108732af82d3d01f1f59281d3e0

SHA512
fda9c7ecfc892e072985edbf227bd27f317d72f45759e572225eccfd24b04cec7a31c34d92dc016e9e893dfe375b98373b3e67ae7ab70159397ea427f1199fa2

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
68KB

MD5
67a78a0e0748ca5127618c4a6e89ca03

SHA1
299b248bcbf72bd7a52a0605b3a5aaf19cbd9929

SHA256
59b37bda0902786e7208c4354e433873cc93b179d2d9fd885e36b0d582ca5172

SHA512
f92ff6e8775e2974e1dd45eeed1e7794112db93b52b51d64e39672d0c32af9a4d11b9031d643b1ff89bf9786935ba5fe1612f63cdd4f38e8b93605476bd00fc0

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
86KB

MD5
4e07b6fa9b3a50aea3ee74c4e9ae282d

SHA1
08fdbf514dd5e58d6f8d9a2c54ae959de6f97229

SHA256
f60e92d4621502882d4fc7beacd148a831147bf7a1ef0762a74bb49e09c82f0b

SHA512
dc765ab8ae4ee8dfd9973e3a102e4bc57d0ad7a51404182ce54a834086f2965b08d7909170b076fb8bdad614e047280d230c558be6e801dd39fa9950cd7d57cc

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
80KB

MD5
c1188a7938c5f41511420ff349134fd8

SHA1
ea8cb389cd852e099c3fc9aeba3d461dfa533a6c

SHA256
c0c19d8103e54f3ba1105dc36cef64718da6bd2a4033cf87dc060ae44c09f42e

SHA512
59a8643b88c747222ebe0f4af83480a6eec9dfa2a3c3742075c9a6363a3b2e6255ea4d897f860b1d10e9580afc6039574924f3d8465f44b0ffe25201f25acd48

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
80KB

MD5
06cd04a4da639791a8c40237aaafc727

SHA1
9c87e27f09c0bad9f3eb549ac6a5b5f07f7cd887

SHA256
323d1cb30df49bd7eea4b02355a585eb7566cf7ef25df2158e1d2eda1ff14313

SHA512
80a19591c976712925940e48c52c1ff428e5d8242f50afb4237d674e34ad82b0170332b852394c4f401f360b372d37b929ad5b5facf41802bac174ec4e750a2b

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
76KB

MD5
74f7e8f170c2289fc5cfa60ffb025cd7

SHA1
8a0dee13010febdb808c6b4f51a86c21e33e8067

SHA256
2170f4a1f9603c8527e3ce9f454bb01a4d7a5c96824d0edc62c32faa65cdd5cb

SHA512
94bc800204500320ff1dd2be9fa3b8733828b09b460a9a296ef22a6db126c70503e6c136b935d2d097afead57c5558fe7b735778d44ec9873aaf2ef568b24b29

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
80KB

MD5
9fdd44bb742aaadc5f7c3af1ba6e345b

SHA1
ac170de5c81d8453b1271e8f7ec7284d89e284ac

SHA256
2e09ebf848625ba183e69acf0dd28effb5b22f809f3ce8776948ad3892bc78d0

SHA512
9740b93bb8fb80efc987d738a789d5e46f2e72b2257b3102406ea11e9b739f3d94b14d08d25202cb1d698d425a8deece6b38ae58ccda37640b6a10a89a62d399

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
88KB

MD5
96c3fd5a8e91e45733207dbf04f89e50

SHA1
f65df313f85a2ae2357fda530dfe939057f7d06c

SHA256
acdb61416c9a2022e8f70e22cc22813b435f6d3b8d0b3360dbc0d06ae901dc10

SHA512
3e90e55c8399179772a762179bb0ed95c1d97d17adf2f07236777cbe22a3d74be4ebd30dd923bcde55c66c20725b0b429113bb9bb460ef7f338bb02bfee51bd9

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
78KB

MD5
77aae27b16c78f87135a6c1e1b186d69

SHA1
250f743f1b4f47f821a8af86f531aa07e055dfce

SHA256
6dcce81ef8fc7fcd19c462f042560c63803d6d0499b97a575eb1dc4f4d6eff03

SHA512
999cb7f34f95daffc1e98b1816a5771869917cf84b730d3d252487a4c37809368feb80d416b24cc6a12f924899a683bc5c3d4b90cf563f838678154869ac2137

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
75KB

MD5
2adcc291ff9ec0302c516cdcd012f799

SHA1
9d1c81681b534b72d2475ee0f3a7b3ff550aebb5

SHA256
19390eec41713cb80ca6bf54ecc924160f7bc027f60bb43b39038cb63b2b3ff2

SHA512
e0e158bd153c14821f75f56a3d14bc0f5599076830228f3802b05aab7e7c8766130244f3ae05c513ef31fcf711f5f93dec65e7fdd79a5fc992a9181ca7855f40

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
80KB

MD5
0f6d18f3057dda2d05f8be11c1944e2b

SHA1
d4b1307bbaed137543187cffa3808e6b01dd5be2

SHA256
1a443583e235b1dd2e857f493116b93bf73fbf2bde232686e9efe01bce783e24

SHA512
2a696b4b52dc091c9bb60eb07c9c8a1c73168f41189f8825d6b646996da5a93f96ed86a303a493aacb358bbce3d65a88e08cf2cf6adcfd960f84d81f699241a4

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
78KB

MD5
64789f2949091e5ef74d05bfc4271b49

SHA1
712c60c0c0b7a369b6bf3a5b0fb6733075514906

SHA256
f8ddf606f8b19b67269960ad80f13194caad15bf71f7dc4593ecdc5297a0c9e6

SHA512
40636deedacd3b3b1f2c3e67a1fef74b56372ed83b1a1d29993f124c5519347d53d90edf5ccdef5dfc9f74096ce049ec880df9719b8ddbeb3882a37c04b5c289

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
80KB

MD5
0efa5fc541d5372aafaaecba7e88bd0d

SHA1
e9321299a82306a59b1f1e3b1fb48aef7b896b0f

SHA256
7dfd02fd3f96c881fc8d8b9f9b7679c7b2d0c6e8081ea18863f3491136d45a04

SHA512
384898f3e46856a6250875fb989c3cc0dc1ec3537a16b7992f26e6a8924fab48eeaa46be38c74f1df4b2885eaa654d8f3c944359c9a05c3622625da40b253358

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
83KB

MD5
b9f9ca8b51352886e08d6d2dd2302fd0

SHA1
5c703fc3023bfaafe331be464b7f47138198c4c4

SHA256
197d569fb647eda7c470b757e15c8cf789514b531043635237fe90aa9f540505

SHA512
b2b45485c6a1d3f6c1651fb28eec90258f408b7da98669f0c83f1f9b56f7e5a52c38ab909c7a8d77c3ae3c08325a2a5d1225e08522644bda8d83fe17ca130597

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
80KB

MD5
1a5a9ff073882b48880a2f3afef3741d

SHA1
c1f5ecb0ff6945608d1093d0e3deea5f116c3386

SHA256
0bed7a1576f0e72a9679c830c651b7019a1c58292c5db24e2ef2429994d59d96

SHA512
13cf61e6288818c6d982e143dddb393f682de56ccacc67fdacacc11f3bc225867382be727764ce8891403f2ca74fdae394509959e0212f7d2b4d935bcea2347f

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
81KB

MD5
cd73b8b370e58d642b1947a9d7d542a8

SHA1
8a0e3aebedb39cae56375bbe1bee755970564866

SHA256
2e98ef4caf8b80cff69a99ef1660601e408daf4a220f0fda603f1081e2a1842c

SHA512
34c680f9aaf5d5bae7edf2847771b00cbcd50f8b18a8548ba5f71cef9355cfad5af7a622fb32c31e24fa57d41e2363d12aaade1728c23c5d6e0745a287364997

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
78KB

MD5
ce05a0f1525a1ed621f9e8e97dec388c

SHA1
dcfd93f29c9e03b335bb125ff983469e63afcb8a

SHA256
17eb467b89f9f38f58f0ac21072627a55c1cbc25bb8fc6fcde5ef1097077a781

SHA512
0a44a94ddef08f04b32d7d78eecf577c666fe3ac87d68f8fa443f1971d957f31be43c15c371e66341120907674149adb2841e799209979acc9feb34ec01b718f

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
70KB

MD5
265ceb4536be2bbeed8e5cd2986088a7

SHA1
8eb347d9a780a76d7935a12d96aedba6ea31faba

SHA256
bb732d9dbd08c688eaec38ebcc90af3c4efdbf7c6e11a209da44436e845b31d3

SHA512
49ad1a6cde6a1763c8f248c50a606c510c682d5c0e36696b2e2f06a6d63cd1d81faffd530705e561796cdacf0dee961afa11080d437e381de21648b1a1291393

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
82KB

MD5
5ec393cb830e90b6a65bd8ced9ad9680

SHA1
d9960553d5e32a631074b41b3f0a65e6bd18534e

SHA256
cd4a3be2dc0f2adc204c110ac2c095ab98885362006774463779114a9f37deaa

SHA512
7b7194e5831dbbeb5f51ad0d6175a7e3d082a40104b853c7ae08a53e1d4100115311ba84070e7053c3f0eb7db744da63ddab229ff42e1d0924e8801fdc5ad460

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
89KB

MD5
cf487a307a6287be647cb4cdd68fb326

SHA1
bc0ac649341d156ff9e16aeae0d91879538b8794

SHA256
89f704164e62940919a19b9463eb785f7f0fadaa94b432cc379db7ce749cdd5e

SHA512
e487ffad7f70358f51f9856b5c8a748dd0f163fa250a2fe79fbd86a8c411bd96e2db8b879c0e840e7bf992fc7c794fe9ce992202363d58ab688c06dd53d9a2e6

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
81KB

MD5
09a74a0c165bfe890e151f930bf62adf

SHA1
3afee8b0cb62c6910cd85554f63825a3c5d6eb64

SHA256
957f06bb27000d461269ca1af823e8e5c3d3c926dbd49f6240c1bf49cd4836a7

SHA512
34debf50dcf4d43f6b9b43a4c9062459eea73d40503bb96f39d7d603b714f54fa7e78b7386a874456b437e980df3fc9ca205dab4506f679abfa5ebf118c08084

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
85KB

MD5
d3a49b7e7765f85e7b44ba3a95ac7349

SHA1
b9ff6850bd74a01312c3d1cfce907b8d5cc7941d

SHA256
318ee1704e17f729d1edd1af0a6b5e1d0d02a5d30f55949c9d00fe77748cb9f0

SHA512
9be360b485fdfed82d9376fbbe8c8143ac198cfc669900fdb56455fe88e43756fe0b4914308d4d0eec26a5f263284ee7bf2321e0d71e8075dd7505c19e5c38a2

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
80KB

MD5
3c0a44e82c26a2262cc97c5407546f24

SHA1
6f392b0a36508e5b14b170004e54153e39f3892d

SHA256
d443afedad756d58ffa7c84bc3522520463ea4ffcfc3868247c52819eb6fc7b6

SHA512
40e593dded8688b20fd55a9aebe83e017a69c04c6fbc610fda975578285575dce0a141793f38660a9427907b3f6f3b67f4f6cb2dc93e0ed65fb923cba00fc95e

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
81KB

MD5
0fb16c0ae040f39502456e63071be6b6

SHA1
1c1dcc364cdf8b17df56119f30e1c3e8c7ec40e7

SHA256
a5e5eef2f9c0064a6eb9dbede9f469be5e729341e02a8bbf443af8b5656273cd

SHA512
a719e2d64d5d59366f0e5daa4dd8d68a06d6109e3dcf8a6cf0c3cdbb38f7a728e20ca7f9e3a204b9e28cf3d685b387efad6b86af10c483bee9990b84ab5568d0

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
80KB

MD5
f13678da9dbe3cae329f4a0846a8dd3c

SHA1
f036cd968117dba91ae387c189f9452620b18ada

SHA256
ab2e66e0e5d51508ee3197cf55a170c0879d68d699791acbcfd4d218b14f13b2

SHA512
9ed2016bb5c989e35df59d37f668544d78b355363361c6431de928a16827e424654d9d165f7483e80580204fc952a2e4ad7285272c10172e5df52d7d82ae088e

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
83KB

MD5
7489351df3e54dee3381bb9c07633502

SHA1
8f902fac1302fe70a7b42f6903f7c4827ad9593d

SHA256
d74a56f3b922c8309a808530ab2f5fc5cca24fe23fbc40dd5b7d3fd94b6c8bf4

SHA512
86675f75c215b326f2c6075cb6736c403139ea58d3600734c6ded55b80a296808c1b41fe7e2b563147f94518d65e41fa38017818c6318f5b8b78f196a3514ce7

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
68KB

MD5
ae765d2a6bd018fd7ca59b546b0165c9

SHA1
7135d23f3136bd3638ac7d1982d0e5f771959898

SHA256
aeef80fb7e28000a9809084d7c79b3a4dc0af2af10fc5b442a25d089cc113848

SHA512
463575ad5e07b0f315e2038399ae9644815554fdaf9dbe4b923525794d149d194f1972fd4bb2148c773ae50e71946e830c3af758f49dbc27574bce61c60646f5

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
89KB

MD5
a560aabd723b4cb8ed5194895ef00795

SHA1
13630ae358c51abc7b2b72e348f6c8616976a371

SHA256
bc50a06b400d63fcc796dfe90198b51fd7661060e09c99bbe96a4e1e9ae774d1

SHA512
769ca4b49b2868b977ac78a2dc7e1e5648c2835cfd5b9fb041f099f97b288d657ccc9f635096b54903a32895dd86bd27ed32c9668f647adfd12ac331417de925

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
79KB

MD5
43f689832f397d9f4648a086cde200b4

SHA1
4ea1ef499ade4332f35756b6e4375b7be660bb77

SHA256
296195d64d7d7c889e126421c5f03663e2030d04b6f6c5aaa07d8f84ade9f36f

SHA512
72e7587d87923f4f4deec16cd6bb0bef0c2a19081897b4c619e77cabf3e7faa43eea6ad718f7da1641e789bb8d2f8198b1b0f1bf19421d30ea733510a22cfd74

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
70KB

MD5
5de9ee99970676c350d216e0d6d63f33

SHA1
ad209293c0c965b83f271834d34483399afbcfee

SHA256
e177566ea5e3541b3097d30e77dcae28903989ba5156a5a4a36cded229cb75da

SHA512
19a2e69cb7df0778ad0264b0a959bbf473d0e0245d8fd530d761c021b5d90f96f3c63b8264597dbbbc9c203d3a72bbd5a1e7880960d2aa7cb6a70de93cc6c0a5

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
82KB

MD5
146b6bc69dcd84cfd460ea1e509d0715

SHA1
828897eb416b82236fa26537a1953a18a7c1d9af

SHA256
5f88651c13893bab2966cf957bb595e8626c79ce5f0b6977778da680fc9a6f73

SHA512
c26e16b0955277dfdde991cff5714b7e0a4872d0a353ca3d900d4be9d681fdc5989d5eae3359c542e0c1647b74024560d23bdd455466c9dcd418b175f232efca

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
76KB

MD5
86de668310548cbe8212a8b575968263

SHA1
f7da1485b0af7d87c01e39ff6a3dbe8988be0312

SHA256
6580703a490c8223056a21cb8e28c4a8efbb574dbf10d9f1880faf4cdeef1797

SHA512
6c3a3bb95a548ad50061f638dc310256f714f3918a97020e2b34dbfeb00eec963f46bb88a0fa7baa6bbcd41db954aab3e7cd621d45f1cbbbfd42678dd052826c

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
82KB

MD5
19dda3f23506889f4bfd4856244b533c

SHA1
e5165349663c49024bd3a2a93c59c07845649e8d

SHA256
a5372e9c63c894c5ff3459af318e14af37af1c01825e4470cd72a42d48362ab0

SHA512
950e55569e4bd96454587e22ac6e49f40dcdec4716b1a07626cb3c78076601554bbbbc22fca42b4c61d9db1a5d55c750dc67dc56422df55ac8cc75ee82cdd9d3

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
78KB

MD5
b9b32863b1a2fa5142de1752b63b2800

SHA1
562555aa7f1c3cc97509949162c5780e9c7825e5

SHA256
e2e9cf395e03a5374c85fa36722277fa8bd969bd6e91e22a57b030f3b2745dad

SHA512
bd24e8bdfdbfa01cef16a01252da9b6c9043b4952d0bd701a5f69ff5fdcb8c6c5f87c58f46a20d4befc3282f74cd8e100364090ba1171374fe00f09e6069aa38

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
80KB

MD5
4070ae5231f3182543419037c9bc1445

SHA1
8ba4f1c94d7a05e834c69a57644449b0f42f7098

SHA256
7a42411961aef0b83790cd2a4c7a7ff192695bdff6bd643d7d7d42282caa7ef2

SHA512
7462a03b4d104fcd2c255263d616cebdd904d5f3a957eab90ca84d59e03283a501814a4b3acfc472adf289fda090f06dea56a4ca7c76946ba2ff0d87cbfe3f73

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
78KB

MD5
c6c2417279038443439b3802730362e2

SHA1
d51430135973d05b02aadf9276b4e6fd08823853

SHA256
8b71cd972a14ab899d962654cb434b35f04e3bacb3529e1d76d31746efea113d

SHA512
2f07e83fe04655a11fd6e9317c9c23a8cbd5abe85681f4c55b3a4bea8d9a03727aacfbbed3510935045b493e6e29ed500c882eaffea2700db78ba868af4a7470

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
92KB

MD5
5c7b2319416c62fd4de83bd2e0244118

SHA1
87797fdbe0150ca13eeb1efa0703550da5234a95

SHA256
5c8b03304bd43a87313813f79e89559c45f5c7476c920f326f1e74e8fe515b10

SHA512
cbfaaf3116c952264ba13ab92964d93cc3a5a9330172c6a4e4c7a27cfefd0fe603f448e5cc089433e0d9a2558cac9aae180d9912db7a0c40f2a78c3e5bfae3f6

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
75KB

MD5
c85256a5469d8402e8f07aed9de05381

SHA1
73a2d7ac709eb66990ed203522ac3668ac30e5c9

SHA256
3042b3b1bacf5889ee655ff2c95798227ff31838d3b0d568da098546e6c4fefd

SHA512
bec7c82b693485e4f7224bd6d6a28517c0fb544ad41d2806e10a4f40f3a279a8334ad414a3a98d3a4927a009ccf8d4b0ce0c57c9e47c25c30d76121de05ec2c8

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
76KB

MD5
48f049b1a1c866cae45954e7bb39467c

SHA1
e34a1e49108a8ad64de2d13f2788912d68aa068c

SHA256
980b4ee14eff724cd1fe3e9d9ad1ea3b68dd5bdf899071b99b53eeecd7b540c0

SHA512
5b01f6b7e4beb922eba389368bfb2b434890bc2680cdc6bf65b3559249b76b4b387bb5fb7240e45aa1ca27693342a632adfc5571c06a78bacb9f3c8090d31658

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-oob.xrm-ms.tmp

Filesize
81KB

MD5
fd690a0222f44e8627e4f37a475c1b36

SHA1
571a8b9025597aab59cf24ea23f83189fb4763a2

SHA256
224c35565bcfa655d75d0889a633d0b80976d123372011fce61cc94a5b3cf824

SHA512
4abf958430637fa009edab8580896aaf4219b9411eefa97d628a12f56b51644d46ff1519f3e18e2f32a7496fd50572a9dfd82dad300ce04cae92287414c9e5b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_update.status.exe

Filesize
70KB

MD5
486f3ea7a216b5b1f3e8be53580b7bff

SHA1
521dd24135d5df4acb0998d332b4159d9bbd2b2a

SHA256
4759d5868038a282b70cf89648f58f72b8fcac641de6e2e1ec98f77bbaea8058

SHA512
d43b73d66cf1f43e9b12cdd4277bd6b57a469d2b392cf4abdb8605ef31ac6b8bf79d01a928b4dfaf724ddb7a19353ae8a99a418f0e219355f15fde3c9e5bdb4e

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
71KB

MD5
e5525f1194cdfbd0b704749cdb40790a

SHA1
de46f9ec92ac49b5737b0fe467d4756f0bd45260

SHA256
e13968bcf33e826f20ff1efc5224c56eb1c500cff1248786b0bfe26844803ff3

SHA512
19cf87fc12a113ec61cca2c59d41400d6dfb3418f5fe81ed967b43a9bf0fdb5f75d49edd41978061df31af5889f20b65d3c83e03e1309897e742350c7ec6d022

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads