3bd042641e358709f6fd45e1c62598b7d195e27461411d2a161889a3daa7cf63

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 06:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3bd042641e358709f6fd45e1c62598b7d195e27461411d2a161889a3daa7cf63_NeikiAnalytics.exe
Size

177KB
MD5

5980497445ba4627aab56a5b7d33fdc0
SHA1

c22b81bcb14ef5130238702e442d003f3ebb171d
SHA256

3bd042641e358709f6fd45e1c62598b7d195e27461411d2a161889a3daa7cf63
SHA512

c847262600df90b111a9b310a870a257609e1fe559e5cfc2992c59e055a9baf26753fb5ea16f73e8ef31f98ae5817ac9233b60c4bea11d12639c8ed091e17327
SSDEEP

3072:6e7WpP9oVLQthbYY9oVLQthbUv/e7WpP9oVLQthbYY9oVLQthbUvgMhMd:RqAeqAE

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5241) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
3636	_OfficeIntegrator.ps1.exe
3676	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	3bd042641e358709f6fd45e1c62598b7d195e27461411d2a161889a3daa7cf63_NeikiAnalytics.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	3bd042641e358709f6fd45e1c62598b7d195e27461411d2a161889a3daa7cf63_NeikiAnalytics.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ODBCTRAC.DLL.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.DirectoryServices.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic-Palatino Linotype.xml.tmp	_OfficeIntegrator.ps1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-math-l1-1-0.dll.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\BIBFORM.XML.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymxb.ttf.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GKWord.dll.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorlib.dll.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xerces.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-oob.xrm-ms.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Shims.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\fr\msipc.dll.mui.tmp	_OfficeIntegrator.ps1.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\GRAPH.EXE.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\Java\jre-1.8\bin\msvcp140.dll.tmp	_OfficeIntegrator.ps1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l2-1-0.dll.tmp	_OfficeIntegrator.ps1.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jsdt.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote_win7.cat.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PowerPointInterProviderRanker.bin.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.dll.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Handles.dll.tmp	_OfficeIntegrator.ps1.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Input.Manipulations.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c.tmp	_OfficeIntegrator.ps1.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\dom.md.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\OFFICE.DLL.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-180.png.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL083.XML.tmp	_OfficeIntegrator.ps1.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp	_OfficeIntegrator.ps1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\net.properties.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-pl.xrm-ms.tmp	_OfficeIntegrator.ps1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\offsyml.ttf.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbProvider.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\FA000000008.exe.tmp	_OfficeIntegrator.ps1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL012.XML.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Design.resources.dll.tmp	_OfficeIntegrator.ps1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-ms.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Input.Manipulations.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationProvider.resources.dll.tmp	_OfficeIntegrator.ps1.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\bin\policytool.exe.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libssl-1_1-x64.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DLL.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero2.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\TellMeRuntime.dll.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RIntLoc.en-us.16.msi.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Parallel.dll.tmp	_OfficeIntegrator.ps1.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ppd.xrm-ms.tmp	_OfficeIntegrator.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-oob.xrm-ms.tmp	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 3636	1352	3bd042641e358709f6fd45e1c62598b7d195e27461411d2a161889a3daa7cf63_NeikiAnalytics.exe	83
PID 1352 wrote to memory of 3636	1352	3bd042641e358709f6fd45e1c62598b7d195e27461411d2a161889a3daa7cf63_NeikiAnalytics.exe	83
PID 1352 wrote to memory of 3636	1352	3bd042641e358709f6fd45e1c62598b7d195e27461411d2a161889a3daa7cf63_NeikiAnalytics.exe	83
PID 1352 wrote to memory of 3676	1352	3bd042641e358709f6fd45e1c62598b7d195e27461411d2a161889a3daa7cf63_NeikiAnalytics.exe	84
PID 1352 wrote to memory of 3676	1352	3bd042641e358709f6fd45e1c62598b7d195e27461411d2a161889a3daa7cf63_NeikiAnalytics.exe	84
PID 1352 wrote to memory of 3676	1352	3bd042641e358709f6fd45e1c62598b7d195e27461411d2a161889a3daa7cf63_NeikiAnalytics.exe	84

C:\Users\Admin\AppData\Local\Temp\3bd042641e358709f6fd45e1c62598b7d195e27461411d2a161889a3daa7cf63_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3bd042641e358709f6fd45e1c62598b7d195e27461411d2a161889a3daa7cf63_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Users\Admin\AppData\Local\Temp\_OfficeIntegrator.ps1.exe
  "_OfficeIntegrator.ps1.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:3636
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:3676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.exe.tmp

Filesize
178KB

MD5
20c1b6624f30262e1ec9c922ede3a308

SHA1
4686d963478bfa10cc54a80d688db911a3cb9f5c

SHA256
db9f90ecb631e27522582373d0a4eca9ad3bd2ddaba33e521a5eab80c7b2bf65

SHA512
fff598ffa223ede99fdc4a5efd10cdd2b80e215e315660312541177e888883b34b00877d0ec74ffccb8d7a3aad9443bc3148d6885964e8678c43a720b8a99050

Download Submit
C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmp

Filesize
94KB

MD5
2ae5749193cb147b5fbe33f6fb8d5bf3

SHA1
92ee64c016f43f7e4e56afd06240078abbdd19dc

SHA256
a2a54573dd85a6b547086b7c958745fd4e5ceeefe0f6628d7a6b77ff263fab4e

SHA512
8b90350e07475e07f2440b5ae037c589ef460c5596d1247478dd038af4a7cb5c5d88f2c1b30feba45f3787bebb5cbf81b75d3782caec4c363acb44d4cee40cd1

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
206KB

MD5
2f13fbf3165fead8852b74d3d68e5378

SHA1
1f6bcdf73bd97787790b92298c287c95da82c222

SHA256
a93d97086ccdcc58acb0152804666fcf0988c3d2a5bb97a3615ce38198cb08c4

SHA512
fe4c74e33f6ef292db63ad8f7f29224e04c7d4af78e47d661f4291f7983632b9fea82c5c595faf2d5270e1bf6414ec6aa71c7183effd642898a565ccd24fd098

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
192KB

MD5
df8d72aacadba6721b14f52dc17ee6eb

SHA1
4e78e3d03550fa96f225748cdcbd787d27f2c145

SHA256
52c646808996f09d39169545dac5b19a6e060a8a31a99854ee2996f6438a35b5

SHA512
29a719483617f3b9a61266ae57cd1bf75b000c5a51e6fb0d088a5c33541b84b557b4b87c6ef5352b14bfbc2d514868192a1ba9ab175fc800b238a529c85632fa

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
158KB

MD5
c8dc37c129b6cc4b105dd7da5b021d55

SHA1
458487ed625fab36294987d3b6e98a39f856ef5f

SHA256
fb50caae7b706dc9acfa1ff450d5c12227be4388cdbfed2ca141f81eabd2c95d

SHA512
683042fd851d2743ecd83b6d05cfa1279d5563a6855176c4552b788e15c196a09200114a4e37c36d4928e41d65e952bb275a02499a6e3c62e53b1fc77d01026b

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
c9d36c140d0bcbc41ade21f2051536fc

SHA1
99677a1eb92b39c403c72503abf2a8e252037544

SHA256
990c5b02772bdc23c94ec2466fb1654925725d6d9858e0af9874e4dcfd5a52c5

SHA512
a61dad9f7c573d319196a5779df3d2bbe27991df0261b3f0333a78389867c6fe93cccc6fe890e2ba6106136cccf8bdc146b4577d0d60fc688c730cad79e566e2

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
637KB

MD5
84c7454abec0616242acc141ec136404

SHA1
99065999ac8c09e3d0fe68741ecb638e382e37aa

SHA256
592c52a550df8dde64142213ef759e1fa0f5b52a46b583574115cb4a8deaf396

SHA512
4c401ee5921c071b8df3e4a855b6d10e62b4eb54aae658876398912cfd69508adf64160b8568442a3a9149c46fb0e5d65e1a8dde379fe0f1c8c62b2640ca7b3a

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
1.0MB

MD5
f66eb58312b7c1c52004497914c92893

SHA1
dcab661e6066f67662521eb1908d14c6125b5b3d

SHA256
4c9916e75f131dd5029da9facdedf38217da848bc5cda21b4edc3152176550c1

SHA512
a1d38a3d203dc9564d2515df4b4b52ed6f26680bfff09a977547a891b31feb0d733bf7d79450aef345319cb1964951e39e47484d00b3400d2260ce0b4058f2a7

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
777KB

MD5
0947ed75dd13eb7ce88e0429696581e6

SHA1
c226c859068a49162e3c106fbdb827386e2a95f7

SHA256
49177da0433377a0243757604ed894768cc517c2638b90a4e2622f3dafd0e4dd

SHA512
f6a9bd9e854628d76bd990ec4b905d26ead33e54dc5e85769b4c62d14cd8bc6811fbf39cc9e5ec9f75fb1eceaa6354dfcc3d24b66a017c24102a1d5b840e68f8

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.exe

Filesize
103KB

MD5
552e26ad6b93007223dfb4629d313a3f

SHA1
24f6d8601a8ed50fbf1eb0b859df5f69f9ac5684

SHA256
78876ef99f4ba9edca9daab38edd64e4423feac95044e3ecbb49fde6d0b2e613

SHA512
da4c7bd55233cad75b0afb1652db3748e7717e9bda098c82a17ffdb1e5fab5f34b5ce5776041acd12d96a5568faad53d877d4aa9ac1890d984d04ebbcf6ca739

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.exe

Filesize
101KB

MD5
fbfa465ccedc27cd19b8a51c05c85c26

SHA1
811782f875d618f5249bb27eb4b59e1f80aff55d

SHA256
cde04439a9cded84cee6f427e28236f51dcb1634f8fa7cf110685e424633c46e

SHA512
8b7345d535c4a05822c202e33360c67191c7d62e54ea7856bab478a4019bb3011d6fe04ebb5008584a35c6ec21b50d9771c8ec97d79bfc66f0d03b3f2f6a6dcf

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
106KB

MD5
53c82f5988312f432fd6a002dbad9e11

SHA1
a5406f15cad5a74b94f3bf698a183f803b5a10fe

SHA256
a2e4402ccb9870be2f37fc35cfa64e09004f60496e45d1cd7e5f8bdc4b83ba94

SHA512
0d66a908095fea17c3ca6740e39fb409e8688cfd76d21dbb242c1f3602001300432ad799ad120922f1d998546ad74eb7119f102109216d02916bbf11726ba9d6

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
93KB

MD5
37264543d7e57b596fb38a1ca25bf6e5

SHA1
e8bd04d5cb32107ca3d6fb075cf8cc979458761a

SHA256
cd8d55dcdad221211e740bc78d16d88526f4469f346ed3306a55d45e9bc5b85a

SHA512
f86a31e1effbdfc4312b433bc5f2670d65cb515623c88bc1197ced53c5a83081ca0114e210c169b088fb27f9a2e632ec4c36e8b735c7a76a174b769972bb781e

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
93KB

MD5
2c153e0007c02ff3ed20549ab907646c

SHA1
cfc4c21732af44d26036da1f08e1728bf4d99b6a

SHA256
471ea31d14b7004e58b285dea15d133eb81b5ad03dfcf39ed3db6180eed28189

SHA512
421d57175c6125e29a8349105f5bfd1a60899b798ab5c40010912bca2cbd1921bd331b309b6b25906255d29ef8040a6f8942304a1755eff1f9a22ac6522a6752

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
102KB

MD5
13e3307f436afd09545d5459088ee0c8

SHA1
fa818d0fadba0c86eaf33138316b18b79721586b

SHA256
de5c8107b876d34e6b0ec17858caa201a650c33e7e8c6ea621e75936122f0d58

SHA512
e0f26510affd67605813a4cc8a5b77c45f7143fb567e5ecc1bf739a904f4110ef30585c8d9b9ec14c88cf467fd4658bda42f67649ee82d2cad7572a35d239135

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
93KB

MD5
5e5cb1991e808c0f12b66acf7db49ff7

SHA1
0c9e709dc7418f5328a220c2c1ef6484edc713f6

SHA256
6932161cd9730060ad6a37581de4c995d768505846144eb7d9ead815e757e33b

SHA512
4dad26241039fe66b9fb4f7252f2651c2fa22ef9fac0fcae8a916d66bfa3abf9e2f9b47ebe65b16e9f931278d82e2db064ec36701ef88d3663c963b1e69b0f63

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
93KB

MD5
b3aea8928568af784bc11d71d2bcb56b

SHA1
6f71e5d53e0638a02a2c842ec6ef9d8346848f51

SHA256
91616add068dc69ea90e55f2bb9d0d6229ce312926a0f7a89cd2e054a5b9ada3

SHA512
e4190a3bf40b895a116997cdde7fcd763b6a6d68e06af95eedf7b9b5b354fc55cf4c17cbb2e5cff3a1b7d4beb06947d9cf9827885ad91b61f8defd9642ba973b

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
103KB

MD5
62c7f6add94dcdb650eb42461c04e636

SHA1
e14eb8af51e76c5904ee46cea334d213c4134685

SHA256
ca989b7684eb3552e1b1367dfc35940c76aa9e9ebc6bfeb3d118c5240f2cc097

SHA512
eea3ccc7ae16c5fae0dbc9a06aae315d94b11fba49772e3977b2ce91c39fcb0dc3e3394a7bfc1ad8d30d34bc42dd23d80c41ad6f1cbc1f782df03701e3f6dd8a

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
100KB

MD5
ebfeb25635541189c6d7d3412c52b8b7

SHA1
716c9604977ae9d5b774b5b6a1b62c76b126ada7

SHA256
95e2f2984c37cba564546fe8044cda6df83787d1af4476635141c7e3b61ad7f4

SHA512
4bfa00d295e2ef1783c3061d4afa0b8d45b324966e169d1c268d9e4765f525dc2e00a71c59a944cb6266131e2f1dd857437e5fc3ebcca7f562f256edd372b87f

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
99KB

MD5
925e22839eb3f50df8cab6d96573a302

SHA1
9c22673d48296e39010f7bcb7b2fd31055a45ae6

SHA256
59fcf7b3fcd1a224b4ce72499cc9aaeb366e2042c79c019b62ed20a6345580d0

SHA512
13e7841ba0c6be10409743572e4dde4ef3251615e0b1ac3fd852faf9f5021de01333fdb9c6e1e6ec4cb4f948283872be7e4f905619c97e8414b3181958569189

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
103KB

MD5
3574ade5f56acbfcd0089ba1a7ce3d9a

SHA1
3e95f6446f285cc09d08e120eac6c404319b0f12

SHA256
97faec5912048287df163ea1cefead1f3e64b9a1f1f3cc630e246b6109f370fd

SHA512
dca5dcd9b9264e4d89ffba1e08de54672c3ffdf29b8d8c5e9ebeeb83dcae7b1cc1afccb106cf8500683c21bf02534a8779317a4a21ba114c8e4049633a06738b

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
102KB

MD5
86a165f3b9c5ca2268b7a07691cc3e4f

SHA1
75b42c45cd40df13a2187aeb68eab04a8292c5dc

SHA256
f78ab75e41519b409c65492e21b25e24617bdec66f466e816c60568007a65a63

SHA512
e4bc72d82ff62580b8650d332d0051c5a426d006bed1a064cb8241bf2693b75426f5dd7be60c13871000dedcdb92aca97acba354d360f1e9340935c45af82bcd

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
93KB

MD5
6951313c23a29a42739614d5263428d9

SHA1
fe838ea528ae0ad3339777811b685c6854a59a83

SHA256
76e7c668d5146ddfa47c819d8a9d43b125b767f58ba4717c2f5c1d81c48504e2

SHA512
b784148c0ca17d4ec211d66d7f093d3fabc7358478c5996577641e81983490c4d64e304ecc7a43478078bd6f8f4f8ad46ec3f5770ca715464455e9ba0d83c947

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
97KB

MD5
6076187293b2aa8150f4600895daa8c7

SHA1
53ad43d6be1574e649d0da92f7fe78beacad20bd

SHA256
4301de98706c72fed15a558f89e4ff4b0a48a69c017abd6a6dce01b68570bebb

SHA512
d925654cd7c62fb99181bbfbc984be8f7c6eee2b52c243de516813c8816802a80a4e030d4418424f6c506c08cebfa8edc1eec20fc3a9db8c252a26d4703c82b2

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
93KB

MD5
a5b9402caf5243a3282a96e883d16f44

SHA1
f5d31cd5a46937e8038299f03727c07f94d0ceb8

SHA256
6c1126418b35b26bb7f34d79e72f6c2fe2fb5b58d10a8b768a428ccba523d6a6

SHA512
961a78216ab7870381620632f4ff5040af397efc9652a338e5edaa9639d67ee6710c36e234e27f7e2b8ab8607a6df929dd0581415983f933157d30f12bee8b02

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
93KB

MD5
71e7accbd94fa7617710c3197a57741f

SHA1
676be3ef1b4dfbcff8f6040c2d67da3cfcb10fd3

SHA256
55258009377dce56d6c584c6325457b571a48bdf7170457f94b9e0ae84cb7ee8

SHA512
ea41f51e8addaad06a31652bd3ea83fb3a8b5bbe71772eb26bcd6d7532b28aa6d0bbe617d6ef95724336d35f4a9a036a58d86cb54ce9bca5dcc424c8c4e1e26c

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
93KB

MD5
9d7f80c47731c092ad90f3b3995cc071

SHA1
041d6b58677d64b9c50c5d7544285219b5f60f68

SHA256
d8d8d3accd02663d259b688c5dd71e4b3112fbbf09a91bf4d1e6bdb25b25e550

SHA512
1f98fd1b9cf64cccaaddd1e7aa0fef698565823850d85f501d327ed027a103c323b721b8fdc0cfd05f2d6504d35fb802752d3269cfd06f39cb22b72a75704cfe

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
101KB

MD5
dba5fc9b91744e232ad95881692813fc

SHA1
f3910d196421c030dfe2a12edac6c8626b2663fa

SHA256
8449e541036f444f4b01911770afe5ae5353c7e28c3797b552f5391374ee5b92

SHA512
ad59ff27c7d6130ed57b2ce00a136ed4f397565a57a297b3fa3cbd67267a6cf919baf73520bf1d1a1395038183f3af995539f7d5b4e35178ecb7a5bd2f41d439

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
84KB

MD5
5a236f0484f65a76c7aaa30cd07acc1c

SHA1
7cdcfcea2a55e5d60d161d09b0ff5997596feb9e

SHA256
8d80e20666e433041d1b25e412beb7b8e72d48fbce09deeedaa32b24a5cfeb67

SHA512
ff6a414740a0b6bfe5994dc047801ac688a93eea64f2c631780303537e555c9c89ee4dea578a2d8a981ce37f296ec65f4dc9868924cf4968744029b2ad086b5c

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
107KB

MD5
12c09bc516872715531c7fb4b691178d

SHA1
c58bb3192d2058475ed70b3ecefa25fb8552c567

SHA256
9e72fe6f8bc30a580a5122d393c24a2d302891dd5af8a0a8faa1d006739d6ab2

SHA512
7ee513ad500cf96c71b2afb6ecd3ee3389f418f37358696083974a2ef3df8dac416bc4d6308fea28d92859c95ff48d475dd8d693a0ca1a98db86861528eeedf1

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
102KB

MD5
682e1dd6c8e8f999074106492e88b8f7

SHA1
d36c6ddf104d0fd1792427746da5261e10ac2b05

SHA256
174fb1eddde022489344ccc2d8775566caaa7a28f5dfa13bd2db46d685de27a2

SHA512
7b619141c2f9b0f52f20c5d02850d59e8ca80a31c61620cc775de14be0e4424cf83372febc250150de5633d1e895adff1030f6527a7019fe906138159b1aa8e3

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
103KB

MD5
ec33ed9b1d12399e70b592c1118634f7

SHA1
da1506f86075250c45c050fd2fb96e483b9481a4

SHA256
dc9ed83d253986bd9d5b3eb530df5a9a9251878bb39b7d67244cec74ae4b9cbb

SHA512
e9f41fbf62fc90dae0d8832b6f08e4ea219184806ebeadb9f5c5ab1bafacebf9937919fcbeac2b84c709771cb3e20c505ee94de2b0cb1a9d399c8f1cc9ef541d

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
93KB

MD5
5f1302e24eaff3fb5da3900e73d06f52

SHA1
c17238c9f26c681ee837051e30b130b8661d5ee2

SHA256
4e03e5c70c942128f7ee2db71689c61abc635f4ba045a8d89bb8f4c6170a63e5

SHA512
dc98059b2e362825472d51423c30efe0aee4a2dc3c41389ac28e3b1d87b169eab3657fa35a3357d65e8d1fac7e277bdd3b4278360bf1ab94936ed5302a94f405

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
93KB

MD5
4f653ae25056bb39f94ab0e6a664e9b6

SHA1
de3712404ef8e29538011e884a3923c3d16e783b

SHA256
b6750f6dd5ceaad5a3f02ad0a288e51f7b9f88131fd591d96b8f04eab1c50c03

SHA512
a50697dd3e41e504475b4f2ed71a030e4756cdb1c44e19316a51959bdd6a89e63242856bb5b931123dfa917ca4835f545256a19f31a275aab025715c49cd7fd1

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
93KB

MD5
d4d278b7cc2e9f24a982723cfbc43ad6

SHA1
24f84138ec89d544f649b281460ae3761edd5124

SHA256
2cc04978c21f190cd979ea9e3abc83055cae04c5b67b4da123d9d7cb2f97d956

SHA512
fd3f9850fdd73f948c54a4dd8ae8d83e17992e455695e5c058ea0469d57d02125c14d4665d261ec823ca98173d1652272525bb393b6af49b71904e9ab19dc2c3

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
94KB

MD5
68701a5a580158051f4c04cce41846c2

SHA1
b7c3619cde4e9eb9b87bfc51d01551fb8743f836

SHA256
c3cf7077e27c40b3420a015da1876745f17b1d7cae188d142336d0eed28e28bc

SHA512
dab8db2288980f6db11d00ce75653686238c3bcbf4bef6d7e50ba7818761aac71a166aa08a85f34408c712b07d0b95781c785f777a62c74fa2e64925131ea0e1

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
96KB

MD5
c93a57470008b5a0f3fba08cb5fc823d

SHA1
b1dd0e836f6cb6377a7a03ff64591c9bc1e1dda6

SHA256
80863a60f21bc8a65d5ad5f8d58a5b21ef99965cb15e103509b1b4d177ce6f9a

SHA512
7bacca688ca2befce27ea333d1d068091604ca1f45a3a7d553f125b89b4611501d18de0dcadad83a10821ccd2ef4bd59ffcdd13e596c4dcce8ed4f6a1d7c1732

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
99KB

MD5
a70f594f159849137c2e273379ab188b

SHA1
15e415a34553df62430379ddef89e61610ea37dd

SHA256
ecc2dec57eefb1846022a600ea469f54b06462c99197d55c9a32c87759d4f7af

SHA512
5d17f4f29c4330cff476b51db90e7d28737336afc8f8780bd004cccec6b540359326c57f067a29814e8d4e0a7903b17988b03c507eedbf6fc76c4924dddd7525

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
96KB

MD5
d844edeb6be48e2cf1453a93b4dcac30

SHA1
a0481318e01a3939bf754669b4cd6a35964ebd5c

SHA256
d61ac7e9580119973ceb5c1bb49937585400a5147426279faacfb4278af7abc4

SHA512
7511fb30e0a205c3db4fa8f6d43b471a265e720dc9b8e07a39db4a1f739690d11117bc480ca460791a1386772eb1318ff4b1176f0961358809da599ac1934028

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
93KB

MD5
ef573f84d59c24d0b85e355ac9b0cd8c

SHA1
82c41e29d8b836465ce6f43615a0c267e6d81b16

SHA256
ad5f2337716cbdefbb341f9ade8b9825b472f5808793d07ad1758b28b6ff89be

SHA512
92a6590c44eb21ca0e15d26bd484fefa65302b11fe90fbdc44744acc5a6eeabc184e2030c92aec5e8ec3fc0202f5ad999998211396b87f8ba4310672b18ca733

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
93KB

MD5
a9d7098a20d42b1b8518030d0085b341

SHA1
8adffb96faa21610cfec6674b4bd290a88e0c84d

SHA256
cb66de24e68a7c7207cc745178a6442ce9b1f2d3982c40262bf6fa6fe134a71d

SHA512
152340a0fefbe8b8e85c27ce78ecf883ed318b17be6482a187293a3a1ee4594091e247cf6d0cf14a9fb4db8b6bfb47e25da046e3be4808efb4f1b10cb8626df3

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
93KB

MD5
8d126b9bed433052830932091ca8a48d

SHA1
703c56cd035d727afd0b07866db22506930cd770

SHA256
f42578203b71ad051b51043076b3cd09257e531d9349cc9a6d37acb6246ccf8e

SHA512
4966d3e545629ed03b008fed8ba5c17ee6cdba1b9aa8ec12e28c9ea544d814e892779fcd46616b9874377f129fb5004dd1e5d5a632a0e37f74a24a20d5bcb202

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
93KB

MD5
5c5c479c25febf09a32dcffcfff56ed9

SHA1
b444361979904327e730e326070cf928929349ab

SHA256
72302329a4610d0310375edced9f644771f1fcde9f85333463a91288dece20ed

SHA512
88f20a9ff7b9418b3fe0a66897622c202be3b216f0cb3ea996968785b757370e874422a7a3a6b491d5693dc781f27c8169b989eb02caef88377009dbb5ad2cb3

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
103KB

MD5
3fdb8937e4f63bca04decd893f75cf43

SHA1
531bfa6f6b03408788d2d27c8f5aba15d8d858ae

SHA256
1ba814c219442dfe8bde9f97e197323e4f65d4d60b4a086e40bed269a4c15d8f

SHA512
689cdccb9bb4f42276a7ce7ae15546bb85d2198f5738188c48a3ac9fa8b38c39548b4813b4f0bd00da6f9915832a643c94dfbf900acc395499775800a9f8eb03

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
93KB

MD5
cb6093b51192dba6df9135c03b8ac201

SHA1
9730ed7acefdf0f6f2c5cd37eb4fb765e0c9212e

SHA256
6985a6bf8e484b06dfc5d85fd47398621cbc38007bb6600a9a8d21a3708acae0

SHA512
958034dd51a682d55cc6cb7bd5fdcc6dae149cfca0b75fa5a9b96bd46c39dc96b967364928a262624ee84cc937ac8016d330d07f3307d8bc7c02670ddaa9b41e

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
97KB

MD5
6017ca5c1fa052f6f690b303020230ca

SHA1
624bfdc406eea278ba5002767d1572b0ae4c6366

SHA256
b75e4b6e76fd86129a6689459416f9ea25f750b6acc00c0e5b6fdbc3b79787b9

SHA512
9088eb0b737dff77f79ea771fece011394d4dcb9dfdf7a2e25c6d2fe6905c7c42167633e9e436d5df274fe24ba6650df9f84f7053daf745bf6d532b89815cb85

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
93KB

MD5
128f527d37c2716bca177a88fc1a12e2

SHA1
d08ecff0eaa7b3858e2a6c7d117a25b238d4089b

SHA256
ec9922ea8b09bc0cf760c27e7462e7ccde3c5ec0a0c7042f168509e811c00499

SHA512
4019bead53ea57e0eeaf135199c49c1baa5864ee9ea72e59f198e572a93774ea4831d788c2e721bd71b6b3bcf76443587babf1eed0a945496efc012a31b556e0

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
93KB

MD5
0c2bf73c7e889779a73d4a766ddd8e00

SHA1
7059847a93c42f9ff10af1d312a8d32770d44e74

SHA256
c3e2b2ca3a7beac28eb8d978a6cc79542b9c806aca2754721ba6ae60605c8e79

SHA512
1946bb31d86b67a8d39ad0d9daa8ed25a780acf14ad002eeb7d2c3db010584553eb1faeb3d72fa2ea1f90a07f7073eb05ce9216ee5f7530249988caf92f65069

Download Submit
C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

Filesize
93KB

MD5
2ceb3a1bf94c31b0e4a81febd0aebe69

SHA1
9dabc7b57b14a9f8bbaff5b081ceb622bb364b67

SHA256
8f07de411f0e66d2e395c4b83a7a56c9972778b8ca5242ef96567a53d6f4649a

SHA512
51df36cac0adbff749d5f7124af7092d5d570144f14dcc78f04ddfe97481dc932b2ee53657cde9c22bb2f97cee18a2019120b15ad20326059186e939317685c2

Download Submit
C:\Program Files\7-Zip\Lang\pt.txt.tmp

Filesize
93KB

MD5
03be8cb7acc7e4598aaae6029ccc202c

SHA1
05b8c5e83b91e5655892adde1a42b44f3e9c200d

SHA256
b414e676dc3de1a94c586eb0f9947e5157bf726cf910b9341dd743bd8f1a2d62

SHA512
b436d95192339bf92b9b95ef0e0cf68a2e7b3953f5fe2a882f4092ca61618f206508ac9962b114f4190e52cc8ce56a6e65bd8d405ce9198285998248810a9299

Download Submit
C:\Program Files\7-Zip\Lang\ro.txt.tmp

Filesize
93KB

MD5
74c4c89e1dad3dc7959fc6357258a318

SHA1
6695d526c695750fb8ca051ec63f464a92bc4c14

SHA256
ceab687caa768060af876352ed80ad6a1f61bd7d43bcbc5079460e2db5c34f4e

SHA512
f325e8e6660fb56d5553261e60150e6a6b45e9e4e1494513be644159e5508cbcbb57e05dc5d0b4d6fbba6a02df8656b7e7bc2913c5d1f587883506dc273d6acf

Download Submit
C:\Program Files\7-Zip\Lang\ru.txt.tmp

Filesize
108KB

MD5
851928712b2a5a25aeacacd759a49c74

SHA1
74a72a374e52884a61030ca51daf999a5b2f5ecb

SHA256
ef67fa546337c5b3ffb768b2c0a3d4d58178a54774ffc8ab3d2a1c9fc2499967

SHA512
92ba3b518697d01ca504444842ecacf458227ec6eedada60f5243d146765552f5ff4438ce9b54221d3fb30287dcfd475de4a56914c25373f10181b6802ab5303

Download Submit
C:\Program Files\7-Zip\Lang\sa.txt.tmp

Filesize
112KB

MD5
cfdda7ebe526e805a5c3af2b42f7ab67

SHA1
1fba9050423c8de3af76d60cbc43d4c961f4bfd3

SHA256
02fd5d7470cb00301d99cc3491dcad1208813c60faeed432d1d1d56e3297cb28

SHA512
25a5e86e8e88d59a69aa762d17c9f8fc1b87080a164643521e0871eb7596d17e73f238da01617b3132179e0891a6ab5c79dedf1ed3f700bc8f4302575e8a7a6a

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-pl.xrm-ms.tmp

Filesize
104KB

MD5
b3e58c7d0936804cf47ddbce9011ca90

SHA1
e510604d078a8a05c39115648072e154fb6dc599

SHA256
c855f01719403754ce9679cbfa5a541e3b2f4e21efd2a594453da6a8dd6b0ea6

SHA512
5a82bed698223f64ed1102ca82b33d569e2645c73be3feae45d00e22641cce6f278f040d1a80a2140c5b0f73e3f52a1ba619c88d47e23f67b4c81518b534867c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_OfficeIntegrator.ps1.exe

Filesize
93KB

MD5
6fd49b4deb6e41f49ce709b796e4b579

SHA1
e608c9634e727411ea5f01bbd995926d643990c5

SHA256
d498565e41fc75f696272354abc4ea82c26094face0e895bb666f68b934e46df

SHA512
a949ae343e70b5e87088079686a7781bc8524b10c77cd61d1fe4ac51216e72cd302f940edea1d84163479ef219bec1808455a17101cc988ad469284e5fdacbea

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
84KB

MD5
c25d05e8757fa747a0a0e9f5417a65f2

SHA1
8948254a256b0726988d1dded4ae82cfeafb7219

SHA256
1d8c248985b9396efb07cd71301aedde1dc341c6b63344c54e8575ee88a421bd

SHA512
7f08f90494f38f9891f44718e8ca4a968efccee5ab50ac8038e1d3ebc404a4b8bed7ca38ea0e3c13ea1c2880a17234e3b7f478a8c96a885ab0deef8586300757

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads