2bfe41b39ab374711d7c5a391b0f512e08be99ee2864b2b4da3a04930e28cd27

Analysis

max time kernel
150s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 22:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2bfe41b39ab374711d7c5a391b0f512e08be99ee2864b2b4da3a04930e28cd27_NeikiAnalytics.exe
Size

154KB
MD5

566bb114057f4ea97caaf07e96961360
SHA1

205ed5d07fe465c9215d3dfb2adae7999753412f
SHA256

2bfe41b39ab374711d7c5a391b0f512e08be99ee2864b2b4da3a04930e28cd27
SHA512

47d0c841741f962fa2783baaf0541288ca4363ee369dbe73cd6216eb755411decfa50cf5233d9724949faf954a279f124a73213e91968b43f4635f7b84307c26
SSDEEP

3072:9QWpze+eJfFpsJOfFpsJ0rDr9QWpze+eJfFpsJOfFpsJ0rDrGl2l7:Lpe+eBpe+eM0d

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4916) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
1952	Zombie.exe
1800	_KB2919442.nupkg.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	2bfe41b39ab374711d7c5a391b0f512e08be99ee2864b2b4da3a04930e28cd27_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\Zombie.exe	2bfe41b39ab374711d7c5a391b0f512e08be99ee2864b2b4da3a04930e28cd27_NeikiAnalytics.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp	_KB2919442.nupkg.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Common.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSVCP140_APP.DLL.tmp	_KB2919442.nupkg.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL083.XML.tmp	_KB2919442.nupkg.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-convert-l1-1-0.dll.tmp	_KB2919442.nupkg.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.dll.tmp	_KB2919442.nupkg.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2native.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml.tmp	_KB2919442.nupkg.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationFramework.resources.dll.tmp	_KB2919442.nupkg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md.tmp	_KB2919442.nupkg.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART7.BDR.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ppd.xrm-ms.tmp	_KB2919442.nupkg.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Grace-ppd.xrm-ms.tmp	_KB2919442.nupkg.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	_KB2919442.nupkg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Frosted Glass.eftx.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Xaml.resources.dll.tmp	_KB2919442.nupkg.exe
File created	C:\Program Files\Java\jdk-1.8\lib\jvm.lib.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.AppContext.dll.tmp	_KB2919442.nupkg.exe
File created	C:\Program Files\Internet Explorer\de-DE\ieinstal.exe.mui.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-pl.xrm-ms.tmp	_KB2919442.nupkg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\resource.dll.tmp	_KB2919442.nupkg.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-string-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationFramework.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll.tmp	_KB2919442.nupkg.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	_KB2919442.nupkg.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\OFFSYMXB.TTF.tmp	_KB2919442.nupkg.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ul-oob.xrm-ms.tmp	_KB2919442.nupkg.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ul-oob.xrm-ms.tmp	_KB2919442.nupkg.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libssl-1_1-x64.dll.tmp	_KB2919442.nupkg.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL109.XML.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.tmp	_KB2919442.nupkg.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	_KB2919442.nupkg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\include\win32\jawt_md.h.tmp	_KB2919442.nupkg.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libxml2.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\glib-lite.dll.tmp	_KB2919442.nupkg.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\DIFF_MATCH_PATCH_WIN32.DLL.tmp	_KB2919442.nupkg.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-100.png.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsFormsIntegration.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationFramework.resources.dll.tmp	_KB2919442.nupkg.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationProvider.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngom.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL002.XML.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\t2k.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-80.png.tmp	_KB2919442.nupkg.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-80.png.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\.version.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClientSideProviders.resources.dll.tmp	_KB2919442.nupkg.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\WindowsFormsIntegration.resources.dll.tmp	_KB2919442.nupkg.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Input.Manipulations.resources.dll.tmp	_KB2919442.nupkg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe.tmp	_KB2919442.nupkg.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebHeaderCollection.dll.tmp	_KB2919442.nupkg.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1336 wrote to memory of 1952	1336	2bfe41b39ab374711d7c5a391b0f512e08be99ee2864b2b4da3a04930e28cd27_NeikiAnalytics.exe	82
PID 1336 wrote to memory of 1952	1336	2bfe41b39ab374711d7c5a391b0f512e08be99ee2864b2b4da3a04930e28cd27_NeikiAnalytics.exe	82
PID 1336 wrote to memory of 1952	1336	2bfe41b39ab374711d7c5a391b0f512e08be99ee2864b2b4da3a04930e28cd27_NeikiAnalytics.exe	82
PID 1336 wrote to memory of 1800	1336	2bfe41b39ab374711d7c5a391b0f512e08be99ee2864b2b4da3a04930e28cd27_NeikiAnalytics.exe	83
PID 1336 wrote to memory of 1800	1336	2bfe41b39ab374711d7c5a391b0f512e08be99ee2864b2b4da3a04930e28cd27_NeikiAnalytics.exe	83
PID 1336 wrote to memory of 1800	1336	2bfe41b39ab374711d7c5a391b0f512e08be99ee2864b2b4da3a04930e28cd27_NeikiAnalytics.exe	83

C:\Users\Admin\AppData\Local\Temp\2bfe41b39ab374711d7c5a391b0f512e08be99ee2864b2b4da3a04930e28cd27_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2bfe41b39ab374711d7c5a391b0f512e08be99ee2864b2b4da3a04930e28cd27_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1336
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:1952
- C:\Users\Admin\AppData\Local\Temp\_KB2919442.nupkg.exe
  "_KB2919442.nupkg.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:1800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-200405930-3877336739-3533750831-1000\desktop.ini.exe.tmp

Filesize
154KB

MD5
c91ea59601b58ece9e0ab7603724aab5

SHA1
639df658755784332404f6e153b4d9fa9cadfdb0

SHA256
8b2e7892ead5985f41f4ed8fe8112ca61fccb036dd429f62fb526fae101bddb7

SHA512
a13db8d87a105f75acd2943da6f8e4c4d34bfa13969c6ef34434ff880d58198714ef1a7113e1d4df1256b8a80d3fc26d38bb203a6c17a0cc64a2757b4df05ed0

Download Submit
C:\$Recycle.Bin\S-1-5-21-200405930-3877336739-3533750831-1000\desktop.ini.tmp

Filesize
72KB

MD5
35316e5a6811e0dc5db7aae416ea2be1

SHA1
e878a09734ba91df40cc85cba35a9d547824ee42

SHA256
d37f960425f9f1dbe8f6345fddf3a66d1f4f303cbf72f47e1f49948ff40f2914

SHA512
a55bf101b740cdb19029ab1f88ce7937afaac1430b0c973e0fb32268de82b6974c808c249eb62db606d1d050fabc9e7193a5946927403c3915c8e747dd324114

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
185KB

MD5
af762309925363bc1ddedb16545070dc

SHA1
70e1b50f11a4c4db53aa89972e28dfff8d0387c8

SHA256
10c79751ee2efd19da54f8a53094692052b09dd0377d083a76a8fb207673910a

SHA512
4e83a12bca75d72e275e61017dd36422a4611676f0e44afd982af36d90d9a646e5952d58139c7190843bd07ed68ca36f8f6e4ba0b6605a9ccb7e4f3a86cb414c

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
171KB

MD5
ead2521b262059d1ada81deb80795836

SHA1
f7f9e400f0f7f3c6da8a3a1481c3ac343351ec7c

SHA256
4ff6e9f8127821ead8f158493d0534d23d738074f06c57910b38dc34057f1a17

SHA512
9ab435d1413c28b77c9a56c4868b499e970c5fade4df733ee4e7ff53dec0e826833db0ec95f3660e83dc21f7c61142e1f2f6a29036cf4d0e00f60440ba210773

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
9e976274d41f34dca5995efcf9379bf7

SHA1
cdfe39d50aabb83604bbe5aa8ef66c3a07a92a91

SHA256
89253090277fb731e88dd9864e4ab5dcdfe480a08ddffe06d79a2334c6147c9c

SHA512
0f2328e325c97551081f0ad91cb45990ed89bf7a4dc426cf12508f4736d89ee0c9afd0ce502934e341279349a1bfb734b2c9747ff40764dd689ff5bd4fdb44ec

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
625KB

MD5
a0feece69e509add22f21d1f6f3f0a1d

SHA1
40776d858478b171422b0ba9231c27c0c1447088

SHA256
fc1834bb2513192b0574fd0fe71af8a36c66ef4b60ba232edb8c67ca0f8e2e1d

SHA512
a0135ba3a2d53f57ea5226e2dfb4b747cfa93b039c272e80bf7af60efc9bff318e8141cfa473be4a156c9488fb1c34dd27733a187f02988932551a79f545e71e

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
270KB

MD5
3312a07081b8db7437df6811df7e378f

SHA1
382fe9d635968770fc7b06ff1a828b8d5fea7d8c

SHA256
ffc8310ce93dff4a154d5017c681e92a43457ab6c689be5002f6cb391aa569de

SHA512
a409beb259d5990b235d5106403b76d9b1ced30685adb8ea144924a02367e2d9d31e7542bdd6ca9d077a533f2375474a462113cb2eb9e939fd36347967c4bfe4

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
1012KB

MD5
415636cb9be89451c96226b582846b56

SHA1
e48a79f2132063cf560f7f0bd88884bb382a2f69

SHA256
9c6de881a7594ea319591ef23cb33a0f145d3c1f732a05d656797ec01193d4bc

SHA512
7f9649f71aaa35db9570d58c688cc1db394e38a0b2f7f50ed2e803a1f52ad41484166c15ae6a21d0d39e82e413574c299bb684142631a18ee1893232bcf6caac

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
765KB

MD5
3fb8273b9e892e784053aaa3389b5fc1

SHA1
b4854834198c5cc0c2c9d245c6d15e4ee09d2ba3

SHA256
29bf5142a3e98723b44d954c5708b3138f6fbc8ef3522006ecd4f99bca45bf25

SHA512
d4c54ba04e04ca3ffa0201585431ec941360ee892f25c7ea9a4683df282bb64f4bc723477ed57aae3acac0de8b985f8f695afc1374a432752f2f6163696ef4ad

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
129KB

MD5
7f99dfb74fdd49397a17dec4d5150921

SHA1
4aa9550fa2c80ab4deed32ff011396ee78d3bff2

SHA256
b881412ff833c89ccf771cb4752ec7ac9e1ac5fd1cc8f570c728b7a0251fde68

SHA512
de939beaec8f4fe2ea8927ceb2f9c1e7b40f6df41ac0ef8c9c20e4ede5b25a221a201076fc3f4e8cac364e3227192f05caad131c7a87747ebaa4e1d6c3c82b50

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.exe

Filesize
82KB

MD5
77c3c20891925fd6ebc38af85f817b1d

SHA1
66579f7586304b4e756339b2c902c2dd1fee0238

SHA256
01a4cfaf1aa887b831e47411b466527e60594e5cd337626b125722bb0fe333b9

SHA512
52d28b421eeed1a647d41effa7fda423d8c35c58fe3e8a8d85075f57ac3916d34d2891ed0c48090e55f0bffb9c66386f61692d530b61cddfae26ab1e7983bb0b

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
83KB

MD5
95fa4ff7ea2bb093067be0e2ffc385d7

SHA1
b521000c27983d4a8a072656dc3ccc4c12812c38

SHA256
aec230313f4fa2842595085e9ad5df2fe83f022426695113e899b1150374528f

SHA512
f169a1176063ad66854b60690b6e3c1ccd2c3839113dc9a0c60e1ce7dacfbab65c91035617f347328b2c2769e0ed2b40c5778fa0a81289e23a2140cb48e40e5c

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
94KB

MD5
7ceaa1e461973d6e52d453d7f2a38a34

SHA1
51c8c6fd241e23812f8fee2c076d9082e1d6c52b

SHA256
ce49da9239c2c426cdf9a0a52bb0a078c27f240bba2b9a0be130349fa68f3a72

SHA512
10fc2533bd15d6d054c29f6e326be1711742f0716d7767893d6853f7dd19fe37198b0d73b439567b29e78d223181a61ed5121136dcec6f2d0938c79eedada731

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
87KB

MD5
c2b9c3a1bce9cadfdc42e340c91116bf

SHA1
437609790918cef5de15dcd9df3f4ab55b8d21fb

SHA256
5414be433567d6c4c7aa4f1edd0c1b4d66afebaa3c322c7ac6fd78f5d9958188

SHA512
fa9a0ac8ed13b959f6812f3e4604b69563e9966161175d1e403dfef3399be9ac915019dec38f6f458981c25ebb6988d6273baa89272d04b6f59db252a823ce52

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
81KB

MD5
85ac32e587c4cec864217b65786199fe

SHA1
f4104b2a42447b424941ef4284a9149037aaae53

SHA256
cc488b1931f09dee04aa30f726da797eb7a6fed1261c4870b70f38706658198c

SHA512
254d72751c7223fa8b9605fac0ee36e780495420f4c7fe8206f05912cc1571ae5b9ea808d220bcadc39f9e85a53c30b9bb5904ff6c15cbe865ac8502c808787b

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
81KB

MD5
93e5f34cd4f632bb858862cde698b3b3

SHA1
967f4ca9352285e4d8f34881b37079628830f136

SHA256
84e6daa0fef7e2b8e3f8448447c03f369c62753816d93faab5f39fc9301bbecd

SHA512
a08a9453caac5489a1a27d99eba2923b3a91c6326a83db8fd6643efe6e93b41f5c48c56b46633c1a4f23bc457af471a08a091a6bdceb4acb5401244183dbc907

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
81KB

MD5
d5808104239810ea74c34b10f3e12396

SHA1
15ca456311e10445cc6f7430f14879c6a2edd4dd

SHA256
0e3ec69f7d66780a51931043147b2474df410f9b39b4922356c57c88af301f57

SHA512
9a5a85ee36afbe7bb84630b9eca1ce5d14e3efe003ad796e7a1cd7b1b9a61ee4bc67c279576986a86aa3faa69da2ce906b336b425abc18ded206a2de6caa9c19

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
82KB

MD5
62cd912136cd10a21aad64a37726b04a

SHA1
595ee9b325e86d8e2a604f154c667bc2fea0410a

SHA256
9ea4f5e109acc96fef95aaf140a34b1173acfea30c14fef18a96d69e139b24fe

SHA512
260b293dc221dbc3d51c39a344f5b010940ab047a83f846af41dcc9baeeff7221cccff3bc37dd441fa2b7f4cab31582194c66c72434a2f8d03d9f7d132f92e5b

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
81KB

MD5
6eb58f1ad38811d9ce400b54ca3070ec

SHA1
844d4aeb358dad619935e129419cf04b0cfc8334

SHA256
ac01cf89ed21a20e54d12d1a60ba20c604121c365043eda33f9388d84b235158

SHA512
1e39cf9ad1fe382c51e8567a9f2c121b70f92a0d4a57c23c079a5fc318ea5c7171b582f22a42712db4f0d8ce32c1c85fdc958173b0d5ab47309696616177d915

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
81KB

MD5
13c87eca03f2bdf3f5f799648699a2be

SHA1
b05c896f377d9851ab9fed602f8699e415330aa3

SHA256
938f07e5c9858a7b4a84a2d242e883cb25cb0b0df998d9e5cff129c7f9e0bad4

SHA512
a1059e445f8033c82ed1f55e62f0ffc9b13ccb0d3fe4ed8c28a68f7c2bbc398e9e3c1548c10a373701bc1b8dea2a3f6d67520df029467495f9dddbd2db844aac

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
82KB

MD5
a145e773c01345b93a9f32c9569e66f3

SHA1
876a8822991ac320ade4a3e2b9d2e40b235dc23b

SHA256
118d4fe64def6d04045c971d40e932f1243a6669dd5aafa77c91a6661cb515b5

SHA512
7cbed86ccc793ad3730c8087471f4eaf92281ab231686828e26865b958bedf7342089f960f795d695381bc793315577dc73677fa4f58dce7aefd5362528675b3

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
81KB

MD5
4ef9e52af8f30fbffd186bcadc2dddfc

SHA1
595ca517fb742dbb3056fcfd0e833485946f13f5

SHA256
f73db30e6500356b72a3d1aad39907f8d660cf3febb4d8ee66a5744b91cf3f93

SHA512
5e1bec4a2fb6b055a3afa5e5550f47d4b676e3e714ff391ed52f3ee511d7238a6a93b2870e4bdd81fb7902bb6a293457d18999c80c6c64c42f722249fcc1041e

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
81KB

MD5
f55daf66890ed6c11c8645826700dcc7

SHA1
81f7205dc404fa2c0b99a697bb98e4f861ae2d3f

SHA256
86254c148e696492ec9b91d3f9fce8d70a29962109e29b4594bcb090304f3436

SHA512
cd6e9255d591e4e783402443967e0960919dcc2591923b5fa222c4e78ed23875e0359671db4d846e42f20c8790c7740bf74c272a8aa9840532bca333cf9a3682

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
86KB

MD5
b6330b7b23d6467ffdcf4a55489c9a3f

SHA1
8c716ce350afaeeeceda5ccc76103a08a92f686f

SHA256
fe3bd7415c13cd97052c5f814a6c58caacdec51b2bdb08795e41f3b62fab8f69

SHA512
4e0bcb789cbf3b7c46bb8c9ee2d67fad9bfc9da03e0c3b4dfbbbaf07746c5f3a072ce0d7d82b82408b88900e5ce29b6a9edc4ed4f14ac97b7ce6b99177af7652

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
81KB

MD5
9dd19e704f344a8593dabf7e3bff7abc

SHA1
bf724b8a33703fa73e88a1558adb92f3596b7640

SHA256
ef5d7796a7a57739f809afb28f57e1297ad574df7e5ffd2ce39b11a3fe714c89

SHA512
2c49799203cc4d641741959feeb99f1e0c71abbb9c53327402bc66380c1654752945e97db57f13229bca3d1d57e87a0863a6560e3f09661d3406d337b934ed27

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
91KB

MD5
077e85d93aed7107f894b5660b7d9bc7

SHA1
61d3c036efbf9ac8e9a4c51e3b9b7d24aecc0a24

SHA256
9bfe0444eabfbba09df8af4fb284678219bab557a00deb40c515a8a4a31bb03d

SHA512
eee16282c5c67cc9c520440882b2e899aa898cd978524bf9747e4d81e476cc70bde8fff1967294b6afd42463c72e89c30bd0b1ee5c2a90a94eeeefa77ad656bf

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
88KB

MD5
746ddd41e7a95e6142f6ba364dfcf2a4

SHA1
0938e4779f92c6e7d37b829fa41516078e56e3f2

SHA256
553a1bf465b2a3b1bfe45fa3b252cf3cfa728a5874f0d43fa4c94acf1579993a

SHA512
185bfc5b65793eeac199c085fb77d933ebd9578113b6d9765f52b9b20cf0d4c7159b66a119f35afdcc0bbc002191c17591988fe43470321137fb6bc9f9814e64

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
87KB

MD5
723da381375f3e81ad687e31300ae362

SHA1
d914f690c50021c3b8da1728cd00618bb39c2133

SHA256
ff8838d77f14471704e44fee820247f5ac2b105cebb8094d7728f4d44c75034b

SHA512
a12a84e24af0ddb69192014fc1a4b2f83b30b9de9ed052ea9b63748df65e17f192c0abcb2251af08eeeb84da1a1ef6ce71a565ac2356d21dbf24b0e9ca9c8af3

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
89KB

MD5
72cad83b4af91ab9bb6d9a7db28fe927

SHA1
322b068d307dd59143ab2ef28e30d2fa6f4f11f7

SHA256
6753b9c699612b33dacb0590853edb772193b7abce002fd3fa20e67d60c76e36

SHA512
900315acbccefc982620e0a4b53a29cf3852e51071d0e820daef2c535ff88dbd2c4e6c63d7453a69d760a813fac0664c24f3201d60dd515dca879761b2b5924f

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
90KB

MD5
4aa81d279061019bf9862e4e8555fc5b

SHA1
20636c78e8278b0c56a88cee0d4b05d78f570774

SHA256
ad701c51fbcb63cc2243dd89bcb77d5719d1399ab22cbd6cd57ece0f29c4d697

SHA512
c672af5559d908b8892639618c1b4bf4436b10e4af216f6184262a36e1f6f9510e445d406776146968738629535104c732ecedce4b2c687bb4ce14434377907c

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
98KB

MD5
e4f64e1485b18ca223277f4931c67bd9

SHA1
cebd5ead7c177e908700aea325a4925f7103d57f

SHA256
72c87bbeb20334334454306b439466ab419832a99009a8220f0d6185ee99200e

SHA512
e5cd3c5d65ce7a97fdbf5d5462299a1f3bb5d3926703c73d0f485467e91b50e27cee0a20a58ba7fb6d32ebc678a0ef6e67e4ea678be79eed9a28014e3b5f78c9

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
98KB

MD5
9c59f4040d575a4ed7a5948daa3483bb

SHA1
3cbaef4c8bb8e36446c31ac1e090c11649ba09df

SHA256
eead9bf05d855be53df1144980556ce9a7dc34da0d2b186aba37bd4d2125087f

SHA512
20e1572e6c4e18f98a267cd65bdc21af292bccdd6c07fa3544398a0ad016d23d7e9b81f50696e0b9bc766e7cf21cbe37d9738441c3a6befc2d28d8a2cc41efd1

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
89KB

MD5
abd9e56c9836860ec020a6c09ae6d310

SHA1
6e9df470b8c2923dddb8e30fcfc9958cd2fee6ca

SHA256
dbb81309f706206f2f58679158f54c2020efaae5f45f8e0db4898fc248dcd614

SHA512
190463a51ba1e265a564e3ce29d90868232cea6eeab770c093de2808db1ec6bfa215a56a0326145a747b53c43a2f5c04d73f318f528436e04cafdb5a36a42400

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
72KB

MD5
e289ab0e0ec73f2342d5f7b0b868ce5e

SHA1
45c4a023d6d48c12e3c172f4c9a3f1626f212e52

SHA256
59a0d802da87e441635c1e049b33d8389285e87aecc6ed2c41358a6ab78a7c7c

SHA512
ccaff8abb6fbbeb61a2ad6cb8188e93545fb30562ea5ecc362a6bf73dafb133995f5743990ba048d5ef040081d029fd5b327041edb76d9e8bcb97a3a2ef7ac16

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
89KB

MD5
50c95a0e8363e0a1d3ac83d375fa5805

SHA1
9731bcfb0c5abb10c729271b0fa6d695699e5c42

SHA256
bbff4b4fc18567622d925307cd7c30c8e4b11aa9c1a26d4a362b3a804033ad21

SHA512
ac19a42cbc6fac1e75ff132f2acd8c7dff320aaf751c3923d6a32b7b99547a948cd0c64dc151c49982aecb8704caf1683ee8d62f2a3d0531ee00e38f09dea97b

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
90KB

MD5
9e004f228a6fe1483584a795c35859c3

SHA1
2dc7998959d0db91fa5a85e152416ca07b78f933

SHA256
f35de73e1418c0f4984540a9bfbe55b4ef446b5506c533cad7d3ec5e22a38e1e

SHA512
c9018cf7b32b41c090b9c8c2fce15c4fadd302440620a9b3842147d99ff3dec7b990abef4c9d41abf5f1e167d28bf33ac62dab2117d4d48b247451aa0708c3a8

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
91KB

MD5
dae443d0c2974baee6d63f8696a6dd73

SHA1
d5ce982df56717433e8efdf100a2f79168604935

SHA256
f6b0f77ff932ed790802cf15ff624e4f3f652b364d71dc15e9da635437337e2a

SHA512
9a01f4948be2ba0a5f73a26c24d2c21b66e358d13dd904c673c941820831f03ca77b4f6c7162f5040d39d4cc0d0c2a764e1e41fe40de8c7c32c79ea51119898c

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
93KB

MD5
9b7045fc27c3e7d72df0a70b9bcae045

SHA1
16e60e9d34b64135b808d77a4739fd2e27215b9e

SHA256
94623c75457fc7336cb2b3d02d5c5f0a30650cd2be2fdba9ed32440b99082195

SHA512
8ddeb08721f51e9de032e4d8533ef5d1b36f190ced62f841c863bf1f4034a44610917ccf5c34e77bdd893d5246ebd3ef1e25c4ea4e4467942522498f85bddd81

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
99KB

MD5
998184be3d9f44a72bb80b4265489cbb

SHA1
59a7cd490a34a16d41c0c7971263d8a53ea6fb5a

SHA256
da95f7fd4b093c7678e83c4e219a32982926ea7b864bc6a6779f0f3cc5c1a5d8

SHA512
6ac42add970baa4439e085d4ec39c5f17432856a90d0f88ce266d0cd4e7bb952b0645f2abfe3ba6cb3da7e402d9b0ab538e4c3a8feaf0bff0b02a372d896099e

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
89KB

MD5
9f609081e46130d89d6670e4c1b31801

SHA1
f62269347a3d17354ac24000acabca28b77795c1

SHA256
fc92d129592fa3c72dacab8047dee361377601f876efb26aba4ccd91977ceb99

SHA512
40f87aafc3199ed30205b160909263d238dad304d77c02c67473fc8ffb768532435d0d41423050fc27c7a097b39eae36b8573b728f888d851778b5ec67f06d87

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
89KB

MD5
635de7247b32f363bb0ca796b4a6b295

SHA1
7b5372848dc35feb9e4401463590bb5c11691662

SHA256
d6e9faee83108b95a0b0915d864eab22f78640e112e7f1f740647a6c18ce492a

SHA512
14fe6957c8d143e813cabd3cfd8f8d3be91a3b2f6c46fd4530c7d314b171a32f99dfb4c61909f20cbfc86f34b4217b091a28a4ba41f2b250094a31261879c32b

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
91KB

MD5
21f155db478dee59702e03869825db2c

SHA1
68dcac62b947a08c5cfbc4d67f069f2603945dac

SHA256
8455be600f4d825a23d55543eea0ba7e46063f26d350376f46cb9e8df273324c

SHA512
7904493e7fe48d5efd5e9c4793cb4e50e1bbdad71f5519ecc470bfa75aac164fd37a9d0edcc9985e60b8eca8ebf91f2072bd268e09578666181e7442c3472613

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
82KB

MD5
425ff0368a8c04c2e098071e731ef14c

SHA1
80798aaee8d6cf56402c691cff9ae35ed0385992

SHA256
23efbb89777ec2711f4e1f4e2832dd33e70d15d2280c2124121ac0216e0f90b5

SHA512
124674bf2f85e9080663048851e616d9da1c3bdefe5d89e5fea7ba512c77ed0e77d54e1d5bf2e3f32dba69905ecd0cc1dae13d0ad0545cc47db200c47e7e7d04

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
87KB

MD5
120d0b769d6ffff7e62affd9b55a49a2

SHA1
8b2df90959a0ebbde27883280b9f409dc568cf73

SHA256
d4c002e611b6cddabc8abd372f974b1f2a82ea5e9aaa39c4f7ef606cdb764b44

SHA512
703a3c4d04f448d9ea2d170c3001b18124a27ef63f172de38b8d455042b9ac4c479a3065212bb37cfef60c14a88b484e0660f8f291848b35b2b703d84ed19119

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
93KB

MD5
65ec4cd7b753633464ddff584dc77c49

SHA1
0bd15fdd80275921a71b8ddadaba4b0994015165

SHA256
1e17c54509733e4c9b42eabcad6244d263a0cb43c7e291d9344a002554dc2635

SHA512
073475fb7bb62dcd682738962eea3a72b27a3215f49d1ab76d2393a46b7e284fe036ea2c8a9b195eb718c06a9b58c1ddbc3ab814e9543b2e8161171cc60d0795

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
89KB

MD5
639c1219a6bdba9ddd37f616c7466508

SHA1
19623110c8e8061e8bc969feb7eaac6ec53cda5a

SHA256
ba1e2fab27d7857a446698e79524c551f20ecc13b44a1d6c680999220ad03d85

SHA512
7558ec89f602d766cb8fc669013abfb89f51ac11cd6155b69b13ad3a164cac021b3809fd2705233e59a5ac471dae255bcfe9b8af0515962ff11b4ac82e8cc2d0

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
90KB

MD5
bc2bcf8c9468d0da9341f64751059303

SHA1
926c2ed6adeb52a984924192e13428cf58bf324c

SHA256
289f49624ff69b6aaaec376d0fdea3b022e57393f048008e015eae495dda6340

SHA512
95d71368e798904554852b7d4885702b0ac5deb2d8ce6207b7920852e097720e17ae7a5bfcaf07acdae6c62b7e2eaddb551d906e0ae69e6ddf72a597b5bd8afa

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
90KB

MD5
e3011848fb6333bd85cdaf24555082c9

SHA1
a69a61e584bfb36f4bd1512f068c4ea4696a8150

SHA256
f449b8727489d9d890ebc75a6a4e6cbf943e4c0b90414d45ba662e3c4ca425be

SHA512
decb8ec90d4a7185ea77357edb1f419d9e2d1ef725a99644b76d9228f472b8a055c893c0edef44dbe2edd344a3f260a6de6acc9590cedfd692d68a152e188bc8

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
89KB

MD5
47100410e0266263682511134efb9f65

SHA1
0271ae8d0642f150b008bf33134bce1811d4af08

SHA256
4ed7fc0b382a087c8ac97cfd66f24e4f8014b8244fa2255350aacad10cbf4a6e

SHA512
ba07d27cdfef26209092af633cc1441716327aefcf2db389fc5327b0776bc2b34bd4e529609557872e187effd408f78e875a23e0eb1aa9f0a8ae9e0b3d5f569c

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
101KB

MD5
76d4cb7fbf6c4dcc9e736919d313d8b9

SHA1
4735ee56ce5b24c84abb78a04b37fed2a9459fa0

SHA256
318aa6f466318640594b5176a2da25e9c285ce930e3e718bcfaa048eb1ae6013

SHA512
a236a31dabfc04d17f27a0cf41ccc9033f7a3cd1213f5c06c8d7f80ef20e15a82a4366c624774e61faaf1eca55d64b0bf15b2ed4704aae4a8c026a105f79df97

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
102KB

MD5
d6bfe0e0831c4c9319cb30bf2e63a478

SHA1
a4c0abf21caf5f8f38755e07a66e2e3e25303207

SHA256
52dbc6d9ef8ff5000a67ed4c86586155eba1551484d1d06d87175d7fa9dddacf

SHA512
94e5af17b9ccb131b295f4d2c71c3cd3f006ef9fa95e56f6d69f234468af7e45b36c076b5098c740978a90c18c974e6af9957b60a5c5c45ec1b14cca2c05dfb1

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
81KB

MD5
683465a0b78f3f8da2418233d7f576ba

SHA1
d4bc3b0cc1f6ce75f2d57a468f16f151d9957d07

SHA256
b3198ba0f7cdaf8316c76b90e378b489b6b9f33a5c1ba71c61e1229286cbe273

SHA512
b89b04797726056e8da4d078e3bab88437b3dfe496168fc4f54e998f6ee2ef129e30d5c368e35c06a89dbc86e3745d84a46e28d432ad7495332e696fcec73b3a

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
81KB

MD5
98e2928675a83ca894a0257798fefa20

SHA1
06dea8341bb98052e735f29cf71eccfbe1b74525

SHA256
5b723f91bb4c64be8d47daf2148038a9eb142abfe8f34562442374e8c68e0f9a

SHA512
8bad0e6b2aa0d294548406bb6677e2d8b13e2309331124034ba0325f04bc32acead89660010e6a66fee541e35fa2899d5ba45704ef411593e65a9a385583f97f

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
94KB

MD5
c1634ac6c53c9c39abd7b4a87b40bd3c

SHA1
d251d7fc78e610091c6f95cb0f8cd209231a9891

SHA256
34076e51545079b95007b3ee444b3b07fb3d3abe7bb0a257e733e844f259fe75

SHA512
d4c4e5f367ff7e99a4b6d484d5c78f083cec56e95af4d492e3cd50bb35d53c8fc2e2fb4ca9939bd1f36db401ed1782d318cf740e428467f74a489a3375966a30

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
81KB

MD5
78017348c83cc2291668b7e32bf85567

SHA1
0e0a8103dcb5ca2eb81c9b1801b4df7576416979

SHA256
de4def1348e0ce1093b7c0c7ab2004075f4969e772dbc942d96737d2aeda1423

SHA512
589360cd2c3239fa4f95e705732e7b712779aa67aaf301ee2dd9e598023a3c1654745a9932a429d3850fc47855207c36e1f1b127f3dac89c2e687051c23c03c7

Download Submit
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.dll.tmp

Filesize
89KB

MD5
5fed0bc0e29c790e554ebe59c54b5d73

SHA1
a40b0d5f8a049498a51b5746b8762f2b5de6ead2

SHA256
11381dc90aa0630c7d39d88102069b2ad3445b90b005cb7da7dfd1fef577efa8

SHA512
6105811dcb4f15a607d85f95b6c2bde441abb7431b60ead16eeeee3180adbf8a2ca97fd839756c2f8c18d82342304debf66e5e56c97ac1e1428da438f0c380de

Download Submit
C:\Users\Admin\AppData\Local\Temp\_KB2919442.nupkg.exe

Filesize
81KB

MD5
36e5551df2fd6d93b5c7ce707b528d4a

SHA1
534fe8ca474a615b21b229e0b348337a2fb02d85

SHA256
a58450cdc42b47567e10982f7b1d18e4b1bc3ef6243c75a8ec95146cd4aea261

SHA512
528a8e852d6d863a89b99b7c228b0961199a581c0c1415806a9bf7f2b8f2d6b29d6a7f1820f798f0d92c212fb5746891a6b15f7c84a208161523c923d5a4e15d

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
72KB

MD5
813669115bb480ab24dd4578349d77b5

SHA1
0088f200640f25118a61ddf1e3a0ec52eed3fb75

SHA256
5d215e383df9c7e6837a172af45bfb211c6ee3c0248bbed1c68b28f46a525f68

SHA512
219f7f420f3a9c09b81b38a127b7bc4fbb50098b12cfb23ead6d9e9154184aee2623fb538e63e2fe2a292d66da6856088644b66e7081a57bc63ef6e2594b7233

Download Submit
memory/1336-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1336-2239-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads