3d78e0deaf67cb40b9988a11f6c35e6c911a263c545b304f320084b43394541b

Analysis

max time kernel
150s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 06:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d78e0deaf67cb40b9988a11f6c35e6c911a263c545b304f320084b43394541b_NeikiAnalytics.exe
Size

112KB
MD5

2133ee2e2dcd48f472d2dcf430d93980
SHA1

d1a5d10e60248e608c6a217a752f4a7516c44c80
SHA256

3d78e0deaf67cb40b9988a11f6c35e6c911a263c545b304f320084b43394541b
SHA512

c6c19b31d66d54b116aa4820eeee24ce7463784183f0bbd4b26b156d9cf8f42885484b666a90a7d4106f666bab2a49e2e9a117ca059aa9af114971a76a3dafa3
SSDEEP

3072:9QWpze+eJfFpsJOfFpsJYu4g7gVQWpze+eJfFpsJOfFpsJYu4g7gS:Lpe+eXg7gjpe+eXg7gS

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5196) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
3188	_7z.dll.manifest.exe
1012	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	3d78e0deaf67cb40b9988a11f6c35e6c911a263c545b304f320084b43394541b_NeikiAnalytics.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	3d78e0deaf67cb40b9988a11f6c35e6c911a263c545b304f320084b43394541b_NeikiAnalytics.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	_7z.dll.manifest.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-phn.xrm-ms.tmp	_7z.dll.manifest.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSO0127.ACL.tmp	_7z.dll.manifest.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.EventBasedAsync.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.VisualElementsManifest.xml.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	_7z.dll.manifest.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-math-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Input.Manipulations.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic-Palatino Linotype.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.resources.dll.tmp	_7z.dll.manifest.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\EXPLODE.WAV.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Parallel.dll.tmp	_7z.dll.manifest.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.DriveInfo.dll.tmp	_7z.dll.manifest.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClientSideProviders.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Input.Manipulations.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-pl.xrm-ms.tmp	_7z.dll.manifest.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp	_7z.dll.manifest.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Sockets.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationFramework.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Design.resources.dll.tmp	_7z.dll.manifest.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\mscss7cm_es.dub.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.tmp	_7z.dll.manifest.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	_7z.dll.manifest.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Intrinsics.dll.tmp	_7z.dll.manifest.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Csp.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Metadata.dll.tmp	_7z.dll.manifest.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationTypes.resources.dll.tmp	_7z.dll.manifest.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\ReachFramework.resources.dll.tmp	_7z.dll.manifest.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OMICAUT.DLL.tmp	_7z.dll.manifest.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp	_7z.dll.manifest.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebClient.dll.tmp	_7z.dll.manifest.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\vcruntime140.dll.tmp	_7z.dll.manifest.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Process.dll.tmp	_7z.dll.manifest.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClientSideProviders.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\ReachFramework.resources.dll.tmp	_7z.dll.manifest.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\mr.pak.tmp	_7z.dll.manifest.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sr.pak.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ppd.xrm-ms.tmp	_7z.dll.manifest.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxbgt.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.Client.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\jce.jar.tmp	_7z.dll.manifest.exe
File created	C:\Program Files\Java\jre-1.8\Welcome.html.tmp	_7z.dll.manifest.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	_7z.dll.manifest.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Configuration.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationUI.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\lib\ir.idl.tmp	_7z.dll.manifest.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GRAPH.EXE.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8EN.LEX.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\System\ado\msado60.tlb.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Principal.Windows.dll.tmp	_7z.dll.manifest.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 3188	2152	3d78e0deaf67cb40b9988a11f6c35e6c911a263c545b304f320084b43394541b_NeikiAnalytics.exe	84
PID 2152 wrote to memory of 3188	2152	3d78e0deaf67cb40b9988a11f6c35e6c911a263c545b304f320084b43394541b_NeikiAnalytics.exe	84
PID 2152 wrote to memory of 3188	2152	3d78e0deaf67cb40b9988a11f6c35e6c911a263c545b304f320084b43394541b_NeikiAnalytics.exe	84
PID 2152 wrote to memory of 1012	2152	3d78e0deaf67cb40b9988a11f6c35e6c911a263c545b304f320084b43394541b_NeikiAnalytics.exe	83
PID 2152 wrote to memory of 1012	2152	3d78e0deaf67cb40b9988a11f6c35e6c911a263c545b304f320084b43394541b_NeikiAnalytics.exe	83
PID 2152 wrote to memory of 1012	2152	3d78e0deaf67cb40b9988a11f6c35e6c911a263c545b304f320084b43394541b_NeikiAnalytics.exe	83

C:\Users\Admin\AppData\Local\Temp\3d78e0deaf67cb40b9988a11f6c35e6c911a263c545b304f320084b43394541b_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3d78e0deaf67cb40b9988a11f6c35e6c911a263c545b304f320084b43394541b_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:1012
- C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe
  "_7z.dll.manifest.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:3188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.tmp

Filesize
57KB

MD5
9ead02e8da633fa9a7b7034c5eee118d

SHA1
4b66deb4eccb5158926c15dbdc41cfc696e122ab

SHA256
4b8e56402050b2df6a2a86b379677a8be137d77bf1797d1ef4a43c91d66e1099

SHA512
8fdc04161ecf46fda2f4f96c18c027dfa0b73f74cf99826655aa9e08aa39b8cd586b26f58813cbbe3bbcdec075e6824d37ba10778fbc82d169d715cd96d3cfde

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
169KB

MD5
ad62da88c3ea48a8ec9241065adc4fe7

SHA1
c653a15af8ed2fca9e74bedf9175afa005b71bf1

SHA256
0f9793df575176be0d0bd37f33e27febd82531d4d18b3a0cf2723077c41f15c6

SHA512
e06df1e08d2a86b19d72348a5b46e094cda817b086b6ec5c75d15933c8713f97ca4fd3280ff2969bb881be905f596a0b8bd8de16b20e1c0e43b03f018c38b07a

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
120KB

MD5
f6274a350d04ca81d146e66183933610

SHA1
92566faaf3ba390357801606fd6baff601da4912

SHA256
167fdf1ebbeb48f4444ded7dcf2e7a19516ae8f7dbeb489bc11fd0fb2ffcb5a9

SHA512
4a88e9e46c121c569430f42ab5b1795980d9e9a5ed467436264a86e5785ea29297d0f57845cf4ae0a88b5664591d81d59f187e58a58447f86af216a8862ab8dd

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
751aeee78703104effe0071c3aa5e2df

SHA1
bdc345d3fbe2b1878b1f5edb2c773ccd67f02bdf

SHA256
a497eb323a30afeaf9d8a47985dcb157ec1f64331dd9770aa7fcc968900c31b5

SHA512
1828eea726704437b9299367c36c9c49af9b5ce1f76e09f5999dd422e1e92aa032dea25e56cc989e0c1ec0770bc152a27702e4a9d2ff830c9c38973cb7e8e7c4

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
599KB

MD5
ce96dcb3ee3dda45d0005ec131347de4

SHA1
a10c2f86a8a983c46389175994e1b9aa2c2a8bc8

SHA256
4ee8bfda2d999cb335f18398f6b10d5da9cb0072b4ece3db93df362189517f33

SHA512
02bfbab530b9bcd47712604869cbf40c69819d2e53b710c6fbb558a5c7957ca679c2eabd0825c12a70bd0ffe602c3ed799394aa42af9884017953d34d339462c

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
266KB

MD5
6f6b13982169260fdf9ecfa8b09898a7

SHA1
f7ce3a8c02d9eda7580aa7cb6d5dc4ab7dc8627b

SHA256
d8d3c403e2bda4f95ca34623b018fd9856bbc420567e7b4363ebb3f6b9c2e68c

SHA512
39098ce54c54a5d810081deb4ac161f30b9278ebd443687815d4b30cf299e9302151aa4ce4437ee5707e5a340bc73abac5fd85dfa3b9a0d17a4e1612a4ef48e4

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
245KB

MD5
d6348e14adea2450102368eecd68f3a9

SHA1
6dc2e6e086d484d3ea030818ec11c10a8eff6e1e

SHA256
30da5b288f79ba2c5d64fd83fa4731d020268844c396bf9d3a1b1ef77c34906e

SHA512
25d532417b82a62e0cf588669ca471214ec346a36ae41255adbf2607fece56214210e552a14ea571fed52570da1b377e3824e11e945814384f25c6ad538bb7cf

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
741KB

MD5
0f10e757b90628dd92a4a4a1a73de058

SHA1
d284269145d623dfc03539a898450f611295dfe5

SHA256
341fd23c4f4fb09a310d92dde714d20601dc9c4e805c2ba0d99435ed9e517084

SHA512
9a62943c443c15451976403720606f8e19d42f5eac2ffc1e6cf42b65ce7b4f956048e7fcbc137622752d1a8921a34b0a0ccbdbc6fcf76402b1ceb1f3051187a2

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
112KB

MD5
41523cb5fff5e62eacf025c1503ca0b2

SHA1
b168e91c25b362fc989dbd7876fac8f5e3e48da8

SHA256
e755677b3656ef3b6787dcf6fc3826b03dbc11d63dfe8833d671d2116c064998

SHA512
9939da5e613ea343f030b3153bcd32388904b8654c8d0159852d122fd09390eddca1bc2c3a18461ea940b0d1778b9092fef03f25c35ec851de0a15df22c4e1a8

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
63KB

MD5
34994a9a2841e4802a5adb4aa5bbd251

SHA1
275f8e10bc4dd8c4c343d245c3bc7b0e4d6faacf

SHA256
af2d0ac56e1aadaa66206d278ad6693e7c2f24d645504af8d365fb62dbc027c5

SHA512
19d11c657474b31820aec30c9624124810f254026deeaa0c771258a949afb4369ecd36a99861fc70c4689c58f6b658a1c425291390b1ce28ced6425c79f579e2

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
69KB

MD5
641c47aa7e212f0acba4a711fd3fdebd

SHA1
49d8055944a1fe7b5d83b9fb2ef4f09f9dc9bb19

SHA256
50f3acb97a538a866953fb2ce4ebbb4ee6b2de51056a921d0b7a857f2424ff2b

SHA512
4e7535cc500233a9f4a8618c932829c420d9252fa9799498f4db127d6c04b5657e22c00bf86dee01b85a55cf5298b7c1b2823ae6984f2f6417c7d6aa64dd5016

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
61KB

MD5
daa7cbd7f326662cdf833cc5a9a8b9e2

SHA1
67eee48865aa417eccb4f638705d21f6d261504d

SHA256
645645b658073efc842f0551b126f24ea260401f76c40375004810f21091d52a

SHA512
d932e0120300771195d9d930baa77252a7338985d709145d9852ece1d384f13609651e0e20d6e4c7298d9f8196c710a0144e75624eb7f41d4d1d93f30d7dcb17

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
66KB

MD5
d8b7728bb2373f0856a2e5f5df4c7988

SHA1
09a2dfd74f387574f6441487ba0439a67429d478

SHA256
80a5a5aabb253a5972bf4a6b816f7094b71a3e016a043eae0bdd88f1624feda2

SHA512
835bfc1870c03972095b4da29c1dfed03839cd6821b4820c8a7450b47c3354a7de107280b42d4117e7cfabce5189bbd9921cdcaa9d85068edac5f1564ae7bc24

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
69KB

MD5
4a4825a898cbea314d28e16c65dc591f

SHA1
c18b196d5207f6c5c40d2bd6204f8d7e53b8efcf

SHA256
4459a9132d74ee02e39fcfd4d41fb481bb6d0c8ecbda994c935be95009d991e9

SHA512
ecac76c4e2346412f1a02acc10071bda674f68d904766c291ee9ce74cfadb2ecd4ffde6cd2cd9c2769423cbc950624c9f0042558efe16d1dd5ebe2911dbcc174

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
65KB

MD5
a206623ea19f375dfaf86bfcc60705ac

SHA1
dd10479e50001f210072ed0fa9166ae3a0b35f23

SHA256
41fb1b949332f6696def207e742fc0b9ff5469803125d7fbe39019786a2148fc

SHA512
3421974c86987d012a3c3e080611982778f83cb0d4ab209603925bc4f11d73a6ee3fa0e0cce72e6a5ebb3290236957623d4677a87036db9ed8c9425cd1911d7d

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
66KB

MD5
b6c523195a5ae519bc921ab256f46d96

SHA1
3c732c7aedc44738e08d7604d88c4862e8c97471

SHA256
bbee10f7bdaf4b72984817e4d5cc26ab1e4462eb956cd2abac3c4430d2afaa08

SHA512
2e545b4858845c2c42c84e789f734de99b7d8b79f78e392da2d981e1346748d1a68e5b827e82d33ea4844b24e486aac73795a8e9fe1cb4e9834fc303783f833a

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
64KB

MD5
9afbc47de597bf013ded1aff762a6990

SHA1
50f73188a7e4841eacabae25862d6674f7ecdc83

SHA256
cf0961621cc4a2c1281a875ff7a8d1a5278cb6e3d3c9f0c1b58ba94116c2c397

SHA512
bf70e41aa60f4e78edf4d80d2dfffd097ff5a1139fbe29c2c08893231fdba4d7739ef17fc597785804857a0c2ac66529e4e13453cabcb3de93326e134710be89

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
65KB

MD5
a24142461500e657def548cc5576d641

SHA1
c9ce01350f4674994f9f0ff4e2d731d924e7b9f2

SHA256
654292ec0fb93ea9294928db1606a735822bded61cc108dab1eab83328c5e793

SHA512
8d918f700f51c8eeef2a2b724412347c68cdf3eca7975862eeaaf3bd7bf3ad748736a73b2816de42afbcc84b71aefe533be4e4faaa9bf1b465424b018c6fe49d

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
72KB

MD5
b26598287abff348a9dd73221a1caeab

SHA1
3ce30c76357c97813222fdb3fbd729c2d2ce45e4

SHA256
adba8b55da9966b6e3e13c4e120c0ba8fbfa255818daa13b746b5cdf93271f23

SHA512
1cca53be24eb6ce687a1ec5629df1022d98767fa42d19ae5d6f52e0d64e526143547ca0c04363d9a8d2858ba91a12e54610ddb1448d836e3dcb978272f3a93b4

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
64KB

MD5
ae4a40cc291793a3614cff2d8f1dcb6a

SHA1
8667b81a249243e963da90824f2854b7b45805c7

SHA256
69cb1deba081759209c8cefddd2130bd287b4b2f2ce85175252b51e94d355ee5

SHA512
1a0ffa64a6071a5c702bb6990fb6711e94e2809bc0744c6db457c6728490b4d650bc739215d69aab483d03dc80602b9f34e4e54fdfc77b1723956bfe28c71f99

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
62KB

MD5
fad74b33bac46a408849d8cab9227341

SHA1
f16fc5603b241b40b9896c98064512d52dbc1937

SHA256
259006ab640b3fe04db95757df3ed9ec4f7b8333b563ea52c0bd924855d216f1

SHA512
37d7fcf68a361d137af28ecb05b42ac7c8b954a997d9110d52f373a11b8777b35c8fb17bb64ee7b412c9b2e7f8adef53ec9b33018391d108950adab200e109aa

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
65KB

MD5
d95e279296c475f4483c8b4911a8277d

SHA1
545fb676207b0e756be81bfc8ce78ebe6a3aac39

SHA256
db52f5ef92c3066800862dec3e6a5665e89a161bfdcb58a67d5b7e925679413e

SHA512
ef120c2f77625297514254f5ed055fa5fee3e1bf997a189d1a0221bf132b5a73d552ed292c3b04162bb83e3f1f0b75f9ed5090b48c0f70ba3dd8980fe1284acc

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
64KB

MD5
38968747259b002045892680cdc56b47

SHA1
3dbbdf396ed1b18ae02de582376ac5ddc0e4ddfe

SHA256
6f07426e4170d2ce80d77d297ee811427d24f397342fed902c6332c2f114622f

SHA512
feeb2aa19855a047531266fdfadc4281c04d4eee335af84d9efdd2cae9d73567f138d52be5511abe3d033cb4f5968261c8bb28d99d277c424558d226084e4886

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
65KB

MD5
d320ea1bc3d71732a29b901b5fbb2832

SHA1
80e81bf0999d3f686843219e5868529694c953c6

SHA256
580aadd081f6cc0cf29217972f1416c5f0b9c8eb885a1c6d9b212d98b27f05e6

SHA512
eba715fe5f5c4200fd5b159d9fb91b0a57ee4292d9aea0e806808aa3ccedd4f5f3aa3471ed212ec73af0c8ce1e4590865b5a3c3a6814b06e51a917c16b7fd408

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
66KB

MD5
38c6f712b9d16c558763fd112179e1f4

SHA1
7be1d652296cd38bcd4c6d2148940db173309296

SHA256
13a7a7f1cf617afbe1cbc6476364f19d0e6d4505cccb872249fda6aee8b5b1ed

SHA512
913b7905a68a37bcea1ae0ebc37f5654dedce0e5b74ec951a3e7f2d45a4c5749457f344d8d519bc5242f06051f0db95ff796e3f1e58be20ec1c247df6b477a91

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
64KB

MD5
451ea5b63e042a5c3bfafd5386169917

SHA1
f7bec686bff3491b4f7e940aae8118a4446cebba

SHA256
ff0fa1735f7a5808b597e2565fb550f88835810230dd3d7c398de344bc2c7a76

SHA512
2d1de001af1b13e154ce5427331924a8335d55981b1a5a13394454e682b5d5a0b4058172a24fb4731227077186724edef7106d4e58e66f38b835b86d66c5cb0b

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
63KB

MD5
0b993ce0745c4cd2da69e5b421f33690

SHA1
ee6f31dd366a3f1f6735c26df1930c94f8fd13d5

SHA256
67717aecbf3fd44eb656c2c48fb43d8ce1b25b1e56a621fc1ba72f58c4a36f4d

SHA512
9b79f3cc2a95e3ac8c19f62a327371e32db2d9ae4609838d53b91829c7c22f9740823c941c6ba0e206be1b822d3bfa5e09967f91d1987c04155706b171749f63

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
74KB

MD5
1f0e9b202561b5ac498905d7294638fa

SHA1
5700db3c7c0a600d37ac094139bc971ee058fb17

SHA256
8e59258ce3043f1e7a4dd88fc3f01c32f4f097c210546941d13fd7838bcbd15e

SHA512
896044c97f133bbe8587871e0602629a0c7090e18c8b33c1004005aa5f3dc9a88cdff0bc5ee40b17e97f2e6483a4ca2d8d6e8003e1941e20780cdbfcfed91865

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
68KB

MD5
a4c3f801c26aa1cf477ff5942a2129ff

SHA1
cd7fac55e43dd3aee5460b58d276dd77d8e57187

SHA256
5621ff73163d6dbcedc280b0904c14bf8189e8fdb0bdc0e55cd141dda43207a3

SHA512
dbf4ca1830790f2d297bb5a88cbc609cb62945bea8855f57b9072df5fb1738050c98b4de87a03eb398b9aea8dd86c8c9652fe726f4bf754e1e44cac4575a03d7

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
73KB

MD5
30db268192ccdedaccce493d6d9de7b7

SHA1
7a0f7131deb136bfcbf39aba247cb409c1d6b5ca

SHA256
1a6cf51c613c416e6cc7f26f05a3aed0e3b8a6f0927227d5aaa4ee85a123e6ec

SHA512
5d97beb2ea5e6adb6d781a51e98bf1c2385b4eea0cabb72c4c08459961354c451276749a8cf52ad5e1b8c3765e7636ff3287d8c846b497e20a936ce144f58a21

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
57KB

MD5
680803acedda889e732fd7f79257d762

SHA1
ba4d2a79c84cbd99b49f5dfb58a607298d451d28

SHA256
9c0125e5f06f26556bd972f84f01ba9f125f600fca5eaa47866340ea319ab369

SHA512
3a363f5bc73a64be13c6d1061aaa780a7ddad02bf745de5d53f207660ab4f7157788dac1afd384c8a8be1c427316f45a8b2a71acb1c3fc09ecbe885f57390a12

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
65KB

MD5
94d60f42b951a077e9b226bff5e9fdcd

SHA1
0d26485db392e848b40325288980e28080ff45aa

SHA256
2fc4f93934e43af4b4b320a79ceb08bb09ebe6a9f5a5dd8330f022f3d3be08c0

SHA512
1a2fc4728459c31c26d18c24d1cd110c71a85901a68bf28fa421f1dafe9fb0bcc13fbef1b1d1a09ab0975837070b57fcaf80935e8c6a126d76e1979fbbfcc428

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
66KB

MD5
42adbdf3964d13899cada327a3ae6d40

SHA1
cb25fbebf24006a1ddfd784dca934353a20a4ea7

SHA256
33b9d4bdabc8cce93b43552fd60b9561f7286d41778accf31904c658f569a0c2

SHA512
1edddf776dd49f0199fe8def16378eebf63d25bb22efb65860f2dc0ad8055686b1dcc4ea2cdecf6cfa4ca5b720ccf495bf1b7af7e8ccd5a0f2c610099a7fb2c7

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
67KB

MD5
80eab378d63f56e4fe0e5474778a5b50

SHA1
910c9deec815f99a5443af63ba2b296fa0f3c5a1

SHA256
29b67be426f816b90bfd3b5366285e729b79ea8f47c63acdb97803933647bd8d

SHA512
31d3dbbb074a58a953e1b4719fea58661955c32225a6ec007568aa69395c5b5dfa0cf987211a53033a21ee733d5d06d36aa292771f00a482e89a6e40969f06e6

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
63KB

MD5
ee1f8adb138af3dbe3f9082b3bb38c7c

SHA1
da5ea8b1c2c4a2de524ea074695688631b89ace4

SHA256
f1efc62b61d96c083372a2c037171874e64ed22e02c3ba9438250b0d323f3b3f

SHA512
1ca77f627b9511a73e032c81710772dd223af8afed85511002a9e0247d6a7be3aa1c0a80743b9f57f918b0db581e2604d8177d979a8da64a07735c23103490c8

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
66KB

MD5
398ad463038d9f61e4365c45f061aa2d

SHA1
3905b7a984150187e1b26d89f2119010d409676f

SHA256
93b274616345a5c19883bd8fa47c49eec7fdebe30b416b4c14f2f735cd9b5bf1

SHA512
a57ab0387bda2d982d010afae9d0d41fb348b4cae68015a6b420a82d53d93d6476a3176a39903cdb22550e46028b08c7999b7128b9a266ba8f04be74b257928d

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
69KB

MD5
ba16a33c8d689247c9c9e6e8b56cb1c1

SHA1
bf6bd8033fca64b8fa926cc233cd7ec796663706

SHA256
fe68f9c97f04146921500241b5d7f37653290509fca93cd32b61046c24451505

SHA512
2c69c566d62d585b70bc5a86b91433851a7155ed845512bc36619a999a07a793fa55024ae38401b595a66336146604e25e63d4487c1f362980c78fce3d41d71c

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
62KB

MD5
4e4608dbca09ba68e251f5d76da2c2dd

SHA1
6c834aa3f1f767afc94452a3301db5811d7e11e3

SHA256
bbb654d21bb1164c98ec1a93f381d28b7584b89a2212c9d52471ffe817602036

SHA512
bac1391af91e24bbb8a90427a1f4d74119042025b5b0128b32e2f7d80d5f1f07f973f6b9a4c032fbf542d6256a23fcd77514b991d2a0f2336ce940d7435720fa

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
69KB

MD5
3e9cfdf67d7bb4b5f00798af0b5e7d67

SHA1
e1c836c6d9ccc7457f4eedd7814bfa20bcea93b2

SHA256
56e460d1ad4693c8a01648debcf82a8f61766be9f244e874ad850731693b032c

SHA512
656c3ede03bbb708f143891cff8360298bf6c2e3a912bfc1765310ac17aedd77e16455cc750dc71ce9be43b59eb11abb7f0a285004ab158bcb0a610dc9502ffa

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
67KB

MD5
7ca28518fbf50b23d9ef745a1043059b

SHA1
47c15b839958946eede15cbea7700cff626af9b4

SHA256
2b3c5f3a1a090e015285c5d652de363ec63dbda36b7942486941c28f78e3674c

SHA512
9ef21516d88729ae9e4e7d6a56306ccb19c9013082e71a9cbc0162395d5a26cbe3863a1b13942a4c71a2570baa126e6f9d22191e89392b7542f91b339bfdebda

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
62KB

MD5
3de8088e6a5567dc838da6b57b492303

SHA1
42c766eeb1bc2416de71a441f1702fd7358545e1

SHA256
18cfe134a5d400094c08a9fb6ae89a34cdffb6c9cad876c2bb60dc26f3cfbad2

SHA512
449e7143192b59562d38d42799e58150cb6b02d4491fd9c6179df5c82321e99ec34d2bd9c067f5d5c7c9b00227808e9427975dace531abff66d6a802b182b45e

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
71KB

MD5
1f25aacf996428b07c1fddc3676f34a9

SHA1
4e91629cbe1616e8655e3f74b9f1e6c243a6f975

SHA256
1d8846eb4d7e3e7fd5e38fa34657740ff4a14d7d595b2b9f92164194b12a8836

SHA512
a675a767823b8446b9b1c496fa4e507955e12dbd4eeca87ddeff875e361896af0074605ea463e591ffa306eb4c45a9dab0f13f42e53697ee5b0b9c7e005cef8f

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp

Filesize
65KB

MD5
d018d90248a8bcaa6bb5a92320d2c4e3

SHA1
a46bf2999f3caa42c88a56837dd2da7fb033220b

SHA256
aea23a28755e7447f72162a5437f24e9501fe3daa8f8d83f7c70c440359f722d

SHA512
9a0daba1c81ec8cf60309b0bebcbd542580daef120c8061e290665d61c7eb7ef79df69fa66fa7eafbe9ab030eaf2b9932736b6b9f1cef37bda6d214316bab979

Download Submit
C:\Program Files\7-Zip\Lang\pt.txt.tmp

Filesize
66KB

MD5
c089bf7e7990932abfdd239020d7a7da

SHA1
840476d828a8334eddfd23d60560600cb64141c5

SHA256
6b0d3af938997c4288b0e92cae77d548b83e9b9c3e154c11c0cd43b04416f2d0

SHA512
86455dd7d4a7681a6ab936eb60e2fed2aaceae6c35f237874e427ec14e60f2737847691ec8f0070adb662f8601520fcf1ed375853653b92144bff33de769389d

Download Submit
C:\Program Files\7-Zip\Lang\ro.txt.tmp

Filesize
64KB

MD5
4e30ec221548ce3378a0ad2570830fa1

SHA1
a3490a2bda018da3daed082d6700eec48f5d5358

SHA256
b888013e84d3e96f6b8d8ef101c07c2736baf5a17c758814cd07a05d4fafe930

SHA512
4e1ec917e48461755dbbf108f89b2180bdafc5e646be3d4316d26e2a3dd64b43d0a66a5e386402a2d76b98d2518e8bf662386509d628bee57969195cc8c518ba

Download Submit
C:\Program Files\7-Zip\Lang\ru.txt.tmp

Filesize
72KB

MD5
92764ac3ccd2e786605f1f26e5f8d7e5

SHA1
5466628a0ce18462825dcac74de25a3ee4b2de5e

SHA256
e4714c220211725f5c406e8004fd85dfefc364167ecb534f5bf87d2319902e00

SHA512
b64ba336aa3160ad18063f73b702301d0230317b46faf0005bf708e184bbfbc55e539022706eb1fc6ab679f0cfbb623752bdce604eda02c34a64f0b9e6570ccf

Download Submit
C:\Program Files\7-Zip\Lang\sa.txt.tmp

Filesize
74KB

MD5
2947f55759fe102b23393ac83ecaa27f

SHA1
4c410c0d38805ad2526720b031e24514d4fa1299

SHA256
a261359905a1abbab3a8ad52c74e887f73634fe205f04ac91c055d55da01bc95

SHA512
61bbe6c1995b607bb72b9e9fa1b9e564deb7566b43b4ba05ed9e67e62dfdb0a72fdbc1b127e8225ad37b140591954dacd38a6bbcd922dc82ef77321fade36cb7

Download Submit
C:\Program Files\7-Zip\Lang\si.txt.tmp

Filesize
72KB

MD5
587a93a9a258dddc2ac3066a8788e5a1

SHA1
fd666b456fc79b93cc7ece9429975ccce6d0ce49

SHA256
189338ec1bf6107aa1c54d7d7f74566e9d119052bc658783f7c53ce359b95611

SHA512
867fd250cc3f955d7ef7f468e1b28d2cbcfa6041bdee1b4d6134602eb3c1b5436b73027e9942c09cef3a500595afe80c76ba56b0f46dac578d9fb419b39a5fb1

Download Submit
C:\Program Files\7-Zip\Lang\sk.txt.tmp

Filesize
65KB

MD5
5ea01af93b00190e33b748c4252742e2

SHA1
7833e3fa87ac07bfe9d00104a89143a2bf35ffdf

SHA256
b548d4b78471770cc8143a9aade818233dfa769efe0298bb40f1665442a2fc23

SHA512
70c6594eecb690809310a21db4f03977bbdf5a8b0b921f20eb67b75798e48851f66f1111e065c8b65eabc39111ae785871735ca5e294bed6ec9ae9980033bfa2

Download Submit
C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp

Filesize
68KB

MD5
e79d2ca29e1f630a9b5dbc69285b0d43

SHA1
3e94d179c66abba131c21bc67e27031094d11f54

SHA256
a87c61940968013b6347de5c4d610b4c7458b2a7378ea7caa3a60711809b884e

SHA512
ea862f1c2b8912b70f9491d465f4d04a97a411b9e4da07052e38c290637c0a5be20da9b5604cc3dde37124898a4a6a64a8c0e49af464f265d529cb03c307362a

Download Submit
C:\Program Files\7-Zip\Lang\sv.txt.tmp

Filesize
66KB

MD5
d341d03a8a3e402bebe50cc581a16b2d

SHA1
88c17333ac4c611e5ee3d05233d616f51816c1fa

SHA256
db471752f33c0dda757c92e322d2d668e478eb4b8222d03050ddcbb56617b9ea

SHA512
d9554c6e4131cdd4f0df7f21da8838929339b1840ab5e8df1098737cdb5aede6426ef3a26121b92dfc562a6346c3a938975052288c03dffcf28be2bf19f83a7e

Download Submit
C:\Program Files\7-Zip\Lang\sw.txt.tmp

Filesize
64KB

MD5
bffd708a21c6be363be217d618187cf1

SHA1
2b462a6055fba369fa9fcbb70bf6de30c311766b

SHA256
d3d738736680df88a8a789842c580552a0631a6e802933630dc6d3486c5052cf

SHA512
59b2b11f5c918c55cf57c84d0a3765c596d323ed68583584188c478d7c7eaf7aa2d468859d24c657f7ea8de7e4f8e3e9dea6e563987df0bec64f2c14753a06fb

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.tmp

Filesize
57KB

MD5
09d3c9fc7dd459a22b26d2695349c9a8

SHA1
c83d76ebdd7ebe3dc196f48d11f620bacba48f17

SHA256
0c0c29e2c1010cae653c7565cc3519ae1ae2f20fe69d5a8c6cf2574718e2dfa1

SHA512
6a97aa8ada73c93733b2dc890a1a69c1b7454eb2b81c0fc6307ad361d8532c66d4d5277f78a246f68e803fce2ae9bf3707385719d33137e8967798c0b637ccdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe

Filesize
56KB

MD5
f2139176b62077d4453fd8513c5d3b2e

SHA1
6765d826cfe0c52e94a0a10ecf2a908e972162d7

SHA256
c273e518f6dc665e7e1c110a1166fe564206b4b9d0e83eca00402693c48b6ec6

SHA512
011fd384bb91c28b73b0d4794fb7ffbe362037f74a69ecd61c3c7c5c5fd5842c760a0c70816a0aa25a19fca1d968632cc8190473ed89515df2352d7a80587afd

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
55KB

MD5
f3ea1dae4f489eafdf40b5184f1aeaab

SHA1
89460efe64df4dfc547b488bf9997167969286a3

SHA256
73ebaeb370e45ea6fe97d95982fe0c17e08d3c7d67a87ee226e2378542a00dd9

SHA512
d22be9cf8dbc0bca76036911ef121a3260add14b0e623f4564b88df1972b9319cef2825316dfae7cbf4b3d638a194ceb616efaa7839bfa4e22e9f2d38f5821aa

Download Submit
memory/2152-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3188-11-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads