9a54f6ec78487a2b0a7b88f8011bc0b71e356578ba0d4d1b858fb4d8776d9fea

Analysis

max time kernel
150s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 21:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ee2b15ff49e5c17b03e1ae21c60dfb0_NeikiAnalytics.exe
Size

158KB
MD5

3ee2b15ff49e5c17b03e1ae21c60dfb0
SHA1

9ec92d67c487f20cf0d5b2885b6f2a3fae5c59cd
SHA256

9a54f6ec78487a2b0a7b88f8011bc0b71e356578ba0d4d1b858fb4d8776d9fea
SHA512

143fa35c0005b20d6bc9aae098722dd8377aba33d254c85b50f6fbb4bc2a5679d0a3fd15aefacda7a37eccf84f465e00339b50aa886ae0ed40f73d326373c3ee
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKZJHJ/vQ7Z9pApQESOHepOHe8G+6EU:69WpQE0zL9WpQE0zt

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5066) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Executes dropped EXE 2 IoCs

Processes:

_desktop.ini.exeZombie.exe

pid process

4868 _desktop.ini.exe
3692 Zombie.exe

pid	process
4868	_desktop.ini.exe
3692	Zombie.exe

Drops file in System32 directory 2 IoCs

Processes:

3ee2b15ff49e5c17b03e1ae21c60dfb0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\SysWOW64\Zombie.exe	3ee2b15ff49e5c17b03e1ae21c60dfb0_NeikiAnalytics.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	3ee2b15ff49e5c17b03e1ae21c60dfb0_NeikiAnalytics.exe

Drops file in Program Files directory 64 IoCs

Processes:

Zombie.exe_desktop.ini.exe

description	ioc	process
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.DataAnnotations.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\LyncBasic_Eula.txt.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelInterProviderRanker.bin.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMXB.TTF.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Xaml.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\McePerfCtr.man.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.Primitives.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationTypes.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\en-GB.pak.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\WindowsBase.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.ThreadPool.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\ReachFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\decora_sse.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.CLIENT.CORE.DLL.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Sockets.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClient.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\limited\local_policy.jar.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-pl.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoBeta.png.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Uri.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationTypes.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Resources.Extensions.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sk.pak.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\t2k.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.wordmui.msi.16.en-us.xml.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7FR.dub.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.Vectors.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMB.TTF.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationFramework.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_es.properties.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\LICENSE.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\hostpolicy.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\ReachFramework.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationCore.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\localedata.jar.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationFramework.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.CodeDom.dll.tmp	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

3ee2b15ff49e5c17b03e1ae21c60dfb0_NeikiAnalytics.exe

description	pid	process	target process
PID 1012 wrote to memory of 4868	1012	3ee2b15ff49e5c17b03e1ae21c60dfb0_NeikiAnalytics.exe	_desktop.ini.exe
PID 1012 wrote to memory of 4868	1012	3ee2b15ff49e5c17b03e1ae21c60dfb0_NeikiAnalytics.exe	_desktop.ini.exe
PID 1012 wrote to memory of 4868	1012	3ee2b15ff49e5c17b03e1ae21c60dfb0_NeikiAnalytics.exe	_desktop.ini.exe
PID 1012 wrote to memory of 3692	1012	3ee2b15ff49e5c17b03e1ae21c60dfb0_NeikiAnalytics.exe	Zombie.exe
PID 1012 wrote to memory of 3692	1012	3ee2b15ff49e5c17b03e1ae21c60dfb0_NeikiAnalytics.exe	Zombie.exe
PID 1012 wrote to memory of 3692	1012	3ee2b15ff49e5c17b03e1ae21c60dfb0_NeikiAnalytics.exe	Zombie.exe

C:\Users\Admin\AppData\Local\Temp\3ee2b15ff49e5c17b03e1ae21c60dfb0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3ee2b15ff49e5c17b03e1ae21c60dfb0_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1012

C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
"_desktop.ini.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4868

C:\Windows\SysWOW64\Zombie.exe
"C:\Windows\system32\Zombie.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:3692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-540404634-651139247-2967210625-1000\desktop.ini.exe
Filesize
79KB

MD5
411dd1984ace1c5e6bb6fdea493afd52

SHA1
2cf6d1118be3a8ddc21103daafe0c4f2a4ec0c07

SHA256
0441b743f04e597950f4c4d5911b01ffdc9ef981d321b1e7e8b3b622c7a1b492

SHA512
c7abc17c27916a0dd0517c64ba1857bdae5d4fd4c382fb392ddedd66a7f0dc0b694653e2c46594c2f35edcbabcfd7c3161b473d74fed2aeb88b38250872b89ee

Download Submit
C:\$Recycle.Bin\S-1-5-21-540404634-651139247-2967210625-1000\desktop.ini.exe.tmp
Filesize
159KB

MD5
64e46ff013e34afa8165da9164d12aee

SHA1
e299b108ee2907c33925a5d26667c57c4e4c703f

SHA256
1923f547725bb09b261070ddc5499a64ad705be5165281e7487fab1b112802a5

SHA512
e3bfd8df427d895bfe7e3fb36ec4472de27d736661d45d7752cd1e83c588ec369c626219853723a45e1dd59e8acfb36d5a6bd525b4d900f05382842049332648

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe
Filesize
191KB

MD5
a1c6f7a1417bf15deeb73adf4775d09b

SHA1
90eefb04b53223ad2cdff5133e19afd9362121db

SHA256
3e36f30b255e6f22d3a692fe5cd3681f64ffc4e7cb9e7a9d1c18e822e93cb2bd

SHA512
610a7ec7086815cf6ac6733e30e99fda277281dcd46af0d58caef567ead7b42ef142378914e6117a421ad2fc173de07d5c95e3201e1b6522a8b108698fafd627

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp
Filesize
144KB

MD5
9fc8e09c25946a7e4a66142053a66589

SHA1
d5b0cf86eace8801e2d9eb37316b52cd6dbe07bd

SHA256
05a8639e034799008f06a805647028c8aa4754a44737efe66532974e79794492

SHA512
673c4f8138c59cb648c9644c33dc297b506a6ac53f28db4619b9a1061edbfa10490080d9f731de15732230dee2b1d3cc239eb03ca68e8bf32aa406bf0e195701

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp
Filesize
364KB

MD5
a1fcf238158b0f1a7c8c15baef5620a6

SHA1
b671260139235456ab978ae5efeb2d668bfb0b37

SHA256
0699b8483de75e0baa88e6f97401015e2c9936e15b1769e0595208c054c7968b

SHA512
f586e10e0892fafd55704b6580887838c1d22b87973a199c7c38e7dd62c442c561dc0414a92964ea1fad806f4a648fa279e86b968c80fcaa251fc870007bcd6e

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp
Filesize
623KB

MD5
4c6c30721b9cf907d951da9da2c2a616

SHA1
d2edd0ed7f46649909366006563a7cf1a7e509b2

SHA256
2389b810f8bf677f438f8dbfa0af68af0fd510a7326e6cf66a9df99a319a75eb

SHA512
a8683930091b5101136598e0d6490115010f449edbc4f6808f81533753c231e0c7dd2c9cf53517951512c2bd2420fff03e4691fd468f9cf1f98f995124a680d6

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp
Filesize
289KB

MD5
3672f6b8b78e0cae193d183e55f28f68

SHA1
6bc34f93888c73faca3a76c3fad3dbb8e2096673

SHA256
0b29d88ac6b1fbdef99d78055a57be264b427030aeda452e47982b0378ab57fd

SHA512
237c64afeda4821989b344415d64fbda9c20efa78b8a5269237da06faad809fa39690730b53366b5245dae098207a716ec61b97f607567642d3f40852956c919

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp
Filesize
268KB

MD5
1fc4a993b18593e5093b57a0fd8ad46d

SHA1
e2e60892aed65af048fee28b558025249d0cf3ed

SHA256
f98798c421f8a8e077b66855fa6991cb278f66cc080777e691dba05d351d6a8c

SHA512
3c5187c0be708027a2641dbeb29b3e16f022d91c8ccd232aba8a48d6f6350a8013b4896bcfa38bcd3faec59159e09526992099768f4bee84949911cfe148c6a0

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp
Filesize
1010KB

MD5
ba937fa50d23f4f79a1f782dd81364c3

SHA1
0b197575f2fd6317d24155d2b565368197d2fe42

SHA256
e964ff9a080e0aa6a443f3fd1514e584bdb3809c28afdbb867aec5d8dad7dc6a

SHA512
5a85233f09fe9b5d16a737faee60d0f597edd5e21495b3d8f6d92dfb285b0f442c5baa71bb30d8972694f3d6de2a99a000d960d261aa4a6c053a20329ab71ab3

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp
Filesize
1010KB

MD5
8aed63c87ab9cc7c03ea8f13fc30fd4a

SHA1
b493f0e77a0cca389748ea163641e01d52c72a2b

SHA256
ab53eebc48651d1f36b57145cbe85616252f46ccd6a53424978a2dc7255d43cc

SHA512
28c60e7e1a391629a884772a100e55de4ff6629133dd659a938f787ab2c297509c8ea1af5f7e35f36f7f9cdf0c4778b6e409942d315b095206242b9ba72d6b73

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp
Filesize
763KB

MD5
eade63a768bd144041b69e6b2bebcc2e

SHA1
f1a746da6db9c5c8538a28b1dbab73268eaba624

SHA256
a340d36e41ad8718761e736ffc5e63b6b01ad98d6ba0632d7a61d7aeda858b91

SHA512
3280259fcbdc7fae660baff17121167705269a1e8f9ac3babce2c781a27f7c929eb2db92252353441bca798e3b769be68a0c2e86821a23a73fa1edf627990fcb

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp
Filesize
89KB

MD5
4a5645e31d8d285351282eaa6560e1f1

SHA1
e5e33aacf2660650285be46912845e7d17e64df3

SHA256
f80a354b134f66949bfd7e74f857dbc8b2ca45a24ee8afe1dbce3e0b12990bf5

SHA512
16feee1f508ff2d85b2e16768b38f43439504399948de3ff9c6ca33ac49ef449dea4cb5d8b6303088f35858bea6bcb397a72c70f77c0c978dcb5518a0ed195a1

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp
Filesize
87KB

MD5
885c1111f02fc40ae5036ae99fd936b0

SHA1
d1b39b6fe25a112892c104a7b7b6855191e56f4c

SHA256
1ab205f34d2b2aa6918605475fcdac7b0b06a50c6c1b8c5c6bdd3b07015b80f7

SHA512
c0705bb21e793fc047836d9ab37ccdf3a345619fda03c7cba96e1cbc4377dd3567c26e53074c32092d0537a7d5d937a0b00c6230ed2a2ce7e53c33f1e96da944

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp
Filesize
89KB

MD5
309d62a406bb7f8a1e93fa6819dbf019

SHA1
6c669a97f540f2235f1564933a836d34eb981263

SHA256
5745f0ff7cf4974ba1daa4da95dce5d5ebdae1ca3ffdfc6ad6a63d376adefd3d

SHA512
a244ecf925b4296e6bd1f518f47ff2db9b6a82a05c395023d60b07fc1b3711228b6fcb0b1a2f623d9210d65162fa5e6b8eac520d84acf02799cd2876d534af18

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp
Filesize
90KB

MD5
ad12635e065edfc0a1b94eb90c615362

SHA1
4d56c12b07c809838bf3b11c2d21e754243592e2

SHA256
a4d84167907ac1e5701eccaab5304ce5d5cb57e7b58482ee3b5eae7e96eb7881

SHA512
845e43696e08f768b977ff561aa22f58de13d14bc73557fdb192f46b60e319b1e970b4d8c9dd8a117bcbf5932f38bd33d67612c46481dcf762900a70430eb050

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp
Filesize
91KB

MD5
6f837de229abb07bdf1f8bc0ca1858ac

SHA1
7b94e7cc2bceb4806b75eb875125e632e84579df

SHA256
3490ae77ef92f635071beb60ea79e756cf60bc9432b9d99f4d930f7504dc9f04

SHA512
7a60f9e307635781e990519f6f75ae8da26b17f9ceb497b852e0277e0af5c51316dbd976a1e11c2f1ec13b9bb5bf42550333b3ec570c7bddcee1d308d1b6396c

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp
Filesize
92KB

MD5
f9500aac3d07eabf6fedbb3954709439

SHA1
76c16cc56e1eb72b04a0d74270ef8e5b1bb6330e

SHA256
25ffcb4fabe0fb6514baa526c25a9cf7ef1c50a46237703c86d77481f420a727

SHA512
3e21457f32e7917136ce15013fd47fa2be0c52775e3269714e0e519d60390c0122b96135521de9fd8952685809213f330377a9cef2cc08d1d6b92fb6e6255d9d

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp
Filesize
93KB

MD5
2e51a6d141b97ba0b488666672588478

SHA1
75d99cc34f3a0a5a2074de7e95fb21483b601e10

SHA256
cc4f29c1445ca7103440d735fb38f5e39d1b199543da324788a840f692d344d8

SHA512
1d2912c0539854866dde2b53854f0ec83769b0c30ef34539ae89db513b1354743bdb1da6925eb0f123b732acc29d7216155f8c3d29d4e2ab6a280cfe6bb55cbf

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp
Filesize
84KB

MD5
8bd6f90f3c85f39c3fe7ebcf4a27c81b

SHA1
1b7d64adda65f64fce35d2c03f2a1128da0f9808

SHA256
bc258d594e793a498eb882398725a518a0d70d7f586942bda9abbd56b94a5954

SHA512
3c187fcaa74a3af97f141868bfad7e2dcef094954a6e3ea14d7a982957d5784ab7db69f6e241d0835acb56b21fc0948fb29166fedc35240179a12a909670d60f

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp
Filesize
88KB

MD5
29316a95d78ae237b1b58e68a51597cf

SHA1
9d309001bfee694f325df9241094f58e0b6fdd62

SHA256
b526a4d4f831c79f4a9429411ab0bc824514c74180c656eec4141cbf83073629

SHA512
8827dac4e2d7cf9f259df55145ecd88c3fb5900cfeda5be543f283a3dfb335522d16e24d25dc8fa412a7a5f827e60e2d542263a50a0ab0b8bec561bb14aa177d

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp
Filesize
89KB

MD5
9360319eb69fe7605b6420433744cefe

SHA1
377e3c26a94f4a6eaa6263837b2484cf98613e50

SHA256
a9662e08d2ce53a702c9e0151ae7a386dc94854afe34dd5f5a2762cc0302ed2a

SHA512
4a5d891c59adfe0654c36c3a3ac1d7430d1035aa69cd8b8754d2c32e8994d5765946a40268db43db22342eefb8ade2970bf51e01447cb9238aabb55ffbe523a1

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp
Filesize
88KB

MD5
754db85610aa2348c4eb6028f1133a3f

SHA1
057f2725791fc59e5b6d437eccf62e9c7b8efa20

SHA256
056edecd02ec1dbcb9cb0cf7870fd6a5cde61d881683399f1fc7b2c72deaba01

SHA512
6265773eba83641d19013abd822d4d39b556db9ac4db7726cd8b2ae315a5e684c7d646421c1a033b01c03569bff05f049f02ab206d3aaa2c56ef9e711a46ee1c

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp
Filesize
87KB

MD5
1e21a1a6472862673d00496623255b5c

SHA1
7746b917b21a573f0575f25c492d2bd66d826df3

SHA256
49cf3bde04cd97c285edde33e8f08f9545c9a1f67356f7b01635dd1fcedd56d1

SHA512
07a2d8b259efc1379d964ec8e16df7cd65ba948c9d3ca0d5ba1c6e921e26093e60f92d532a3a0f3cf39d553d1de7aee1dc117e4eaff83778be80e3f8d68041c7

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp
Filesize
88KB

MD5
1519395072c49fbfcfbd76275c277b32

SHA1
c5e117618f128a83839e830448a358b61d5d9af6

SHA256
b9d60ea9aa2954f20bcfbe968faf603dd851888af5de3cd53f5e8c10225d9534

SHA512
2e85a253a0667671ec81e647cc5657ec0e9394f035afe3a9209d60031d605984015cf600386c0751904a3a2a6d80cece5f6ca458b4b7c7c8430ded797627b03e

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp
Filesize
84KB

MD5
3ebd55f9fd5c0f2181e9a0967f96800f

SHA1
34b7ce2f08299e744a52a35a80854d5e08df9f38

SHA256
7f19cc0bb291b4473d568fbcda5cce27869bfa1588bb28d1fe6291726bb16300

SHA512
8a0dc2ce390f3c30728c2757dd29920161788a34b436c9e5ccd1453025cffa2529606f9c335af801c40730366bfdee48a89ea8f91ef6cc3fa316db64236368f3

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp
Filesize
86KB

MD5
f921c798fc9e578e5fac273bf1634f02

SHA1
252e24e266b23a07f7c441788e155fef48904023

SHA256
3a4ac870c8bb85f3a663fe356eb3ff44b841ead16887ce46538cbb475b619897

SHA512
39882bd73a1fc6f91665815ee32a0d3bfb45d72b7b6a4cc9c27bfc7a75dfe9aa460e38ff4c6c602ef91f601307aa6ea22c1436702d27d364375ab82255b6e12c

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp
Filesize
87KB

MD5
2671744cd082d28f0dabc6e8c7b837b1

SHA1
39b1f8dcd09031e598c43a9402052e8dcd62f831

SHA256
711f7befca178d14b5999b23984eee540036d2aea96ebb6a5d3defb0358adaa2

SHA512
4d647b924dde11e29d28551c70aa52668f505dc051302b6c5645d9d07320f8a2a0af925b19ca26f9258572b42fc9bf0589ccc2997fdb974aa5663cb6207a1de6

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp
Filesize
93KB

MD5
7cc8e6bf8edcf3f5c163323988109ae5

SHA1
6643081f520b4d4fb8247575344b975a5d3c63eb

SHA256
053942febd882f2172364690fed9ddf72462117e1cc258c447ae18b2c535e70f

SHA512
50040af0652231aa54da67c9a0ec68576abfc05f5f92c50e6fec6ee0eb2817e3afe37c1205c114e06efeed0e56682336d596db1ab57b6c014c60fca54b42e273

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp
Filesize
89KB

MD5
edec8f535b538dadd58396b6e5419ed1

SHA1
d1ac12b26af3fb7c37e3a015d7d7c06b0bee5f87

SHA256
092822e904e09c28c52b34d08692a27378130dcae704308869a0a1629c44b0da

SHA512
f09995c7b29d3a68b6af2836888a9d985e994b70917acb630577d965e8e0541c848984dbf28efa9e293c724c472341f27cc76281ef5f0833c7f94e2e7fa31fe3

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp
Filesize
97KB

MD5
e12c02bc17bd4d357bc93c389ef1323c

SHA1
06c4cabd2aec47fccc137ebff0bbb426ec680644

SHA256
5a335012f1e4c1a3a44182890204456e0c5ad27be12df05bf87b9b226d495725

SHA512
0bb011ee8c70ee956e5a8c71a686bed4f6901820b578ba378ad9335d703086b0cf0dec6a7c83ececf5ad57d7676801d7335b8137e20f022a29910e9fd4e8ab48

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp
Filesize
90KB

MD5
a3f5bbe1f09622f834d021b3404a7095

SHA1
1667e2c34098a4339bdab37879ec3558c45af564

SHA256
c31a700fda811612b56c6582cbf68258b74acabd92db26e09cfd80f113393a59

SHA512
eeb408faa6e5dd4176303eceeb86ba0c9ee258f017b32357cb6d49f66896e25ff4b48bb84e1de07a931264411d4ac9954407d4a3b07ce9e00b0cb0792f24fe57

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp
Filesize
97KB

MD5
a079ed6a81fa5df1a8aabfdb7a9bc7ad

SHA1
911db629b7c9ab01ad355389b5fc5e8af97e6c45

SHA256
e7b1d9f205b350128b03f4123b98f0e3495e594423308c6ee5dcc97570beb431

SHA512
7ba9801f6a5d882652b85dc113f25e7d9961ca091f23538c41463b8eae5803c7d87015b72e552f48565bada0bace7d6f4f110b774fb99d2b1f593ebeaddf8c57

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp
Filesize
89KB

MD5
a7697c944486753c92fe123dc318dcde

SHA1
950f0c30da94ffec810e3dd6d347985118aa5232

SHA256
90292a5762be1867d7bcb06fcd00f4d31b89bfcdd96bfe2b6ef0b10aa3844315

SHA512
4a7f1c779ad70cc3179b007619fcb6f6ebfff415691dea9e93f62fa4d37386d7288da7a191b473101f134f4f7c24b5ed78fd1a40c4b073c8cd1ce0b86f37146d

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp
Filesize
93KB

MD5
2517afd8169051dbfe4eb21035b25720

SHA1
b43f27c2a7a7cb14ff6f1e7170ce59e8b36b0e5c

SHA256
79db7f2081d845268da76d437b26ec83ab11fe00fcaffedcf46592fce3b4226b

SHA512
b69129de995d66fc307073209c82d29962067edc01aa6e16c6e42e63f049a24383e318f30ef6da707abadda3195f74bdc25a94d0898bf2414be67a8fb54ca419

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp
Filesize
88KB

MD5
6bfe8a1ed22fc5c31f13eca49c9e0fdf

SHA1
d63b7ba4c3bdddc8adcb21a4570649d3c196406a

SHA256
0de1bb7afd2114f93bcf0b635b76753ac8df6400baa34406e250a4cf5a048ae7

SHA512
56bda85a9c4106a3b83615e4c2afcb9805c5f7208230da11e7f81d6904a9652337eac2fbf900054880b3f63870f1b75ea136bcfda26208ca5c2e5deeb75cbdbc

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp
Filesize
89KB

MD5
b136fbba136621aa659ba0c62c7ec5a6

SHA1
ef198327897d2bd160059812f84a59b89b82d689

SHA256
fe0280e6709ece281c49cf47ede0826d2a05c33367f58c574fbe742907691872

SHA512
4d644da127a56522c503ee63c8ff3b40e4f8b3db08025d9178fff389296287f02de57bb9a626f51b96be1f821f888d5e8358226a6ee2cc896a91414ae7324c66

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp
Filesize
90KB

MD5
8c45b292805c476330c4af06b055ae12

SHA1
53cb61e5c4ef8e0a54b59ee603a9f5251f0dfea1

SHA256
ac33b0a0eb5a168ae6552331900ebb63bbe9c051563e57406dc4715bf84e516f

SHA512
c397c4deda59c7f9f5326c050f35c701feb1481d936e6107d47e11c451aba488128828fb6734b2f96edbb92628875a0e7247691170a43714fadaf8a2c995387d

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp
Filesize
96KB

MD5
c01bf97df276bee5faf6ccf21ea20d6a

SHA1
abd711aa1d981f0102e5e468dc3b3338726ffa8d

SHA256
8f0f332d1017b88e781871cd2fa27481ed9e07fa73dd23d017482a79650513be

SHA512
b8e1621361d237b78f423230e9c30c54c36223526bfb70d8bfd35796bbffc127cea45fcd116304f10a61767544491e7c82b9e800c219cb9654a2566456e89768

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp
Filesize
87KB

MD5
ffe39f2a9ea8356f086cee177e7bedcf

SHA1
de80645a2f9254ebe40c1d770efa34d39a36a9bb

SHA256
87558393150e22443124bccd2ae5882fa9c9a598acec5a24cf5a6c159aa5d769

SHA512
e409f2d4fd8d449e920b62803a6fd1fc24a28a7366d4f44a669311130e41125608fcd71258240e4925cc282e66a4823e638f42ade0362df3ee27a7633025875a

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp
Filesize
90KB

MD5
debe7332b3d9117a18d7cccc44db0d49

SHA1
522508d00005a32478c7344613e42db8da662acf

SHA256
dda84cd7f7b710dcac861641a062ed26e222a8739a6c1acf6c099fe211dd8d71

SHA512
b73dfd97725ee24d592727bbcc6447298cd3d1c10e17a63fba07d295b7226859dd286afff80b5737e20c5d7d3713f8633c01669d73059a71d122944fd25cf592

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp
Filesize
91KB

MD5
4f2fd22dea148ecf7a5d263e3a21285a

SHA1
d778b9294e248c43dc90c054859cede536311e4f

SHA256
ecdc9a928024915cc61ae24e485576ead9c962f797189457909d153f9bc587ba

SHA512
4ed1b23a902fb7584af6f36f0b31bc0b5e434ca59deaee69f31b4abbf8bbe5d3d2bd697bfd9be9d3fcbeda4dc57fd0592ebe9c69a764d2c40ccdd29f34357334

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp
Filesize
85KB

MD5
c2b629c3b6e76653d9f6bc9bada3109d

SHA1
1b30bf48436ea40e9249c0f32b62d151e9fe0df0

SHA256
ba2d138f724cb26b7bb3404dc83386d366f415d6109ce4459fe0d622f804532e

SHA512
654e45df99340d6cb1f85702a8365afc2215c086015c660e40925680b2859c9844cdcef25653c99c6f37f16f022a3bfcd291748f61d91b81813f4eaca7a876b7

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp
Filesize
85KB

MD5
4ce3f9becd67e0c6690750bf82d14f53

SHA1
8c3aa03330616f43c22cf4bef18c04cb92233524

SHA256
c261426f764722fd4bc0a16f96555ac24a2eb9f79d485837b4dbb6e4193f6eb7

SHA512
06f0bfb939199fe4c9f1426ddb1b85caa4258130023cc8709eb98ec9f3c4451df271a3a79a588e0cf9756986fb409e8c0964348eb6de2a1832346f08cc103ff1

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp
Filesize
88KB

MD5
830355f12f3b32c2e54baf42389e9578

SHA1
d1fc44237dee03da9df518500249a757db99aba2

SHA256
940a450f897ca1fd95efe6f359c5eac3d33039bfea5946660ee4c94a4fbe248c

SHA512
691937a89c4de3cdbdaa38302e0bde7353deff00b00a4ba932520335ffdf56d3ff7aa91b5a977cf99b03f5ae378f55680f6b830bccad304161f23a76f510e33d

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp
Filesize
99KB

MD5
e60b50e891eb8d6b9fb950034e5daa34

SHA1
77cbb3268c7da8a2c315ca18cc2e7a92db9f8739

SHA256
99afb7bacd6eff11306ee8b8a0bca96e553eed1c42d1538d163cf9479b5eeed6

SHA512
68af5fc46b7ce3ecb1c0a151b216ae46a172f61384e9d2717a3d714afcef9f623207ed0ccf41b23104716d8e83f1c150eec4f707e9973b1d6c553e8668c55c8a

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp
Filesize
90KB

MD5
9b6772d9c099e8acdf86f5823d7a172c

SHA1
7f3b8ec5d5dd3942487be6b8d621e3a8471805a1

SHA256
49f62047586f501805e117e2c18f7d8216ac38b789b8c1871b96863733639a76

SHA512
86b8e5dd523e322fa02b94015cf76f240c2321b2ae937cdc72bd1e37da73b3b94f536b417e99084554cdcbf3231487125272062a348d9363a5bae9f2b139f2d4

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp
Filesize
84KB

MD5
b1ec75cd0fbde719ca0587bbb6924c23

SHA1
a3d2fa2ea3653c9cd956ac929275feaa7fbf8657

SHA256
4c4d2a9a77accd64946095b287f95281f2c80b1f0014d3ca1b1a22d22bdb39b0

SHA512
f97c119b8240269b9d2b2e423c61f66174c0804d810bc1a1bfd1bae9b4ae693741c511e4764110ac06566ded9bd762d8058ca92cd82c77ee4e19432e5de68683

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp
Filesize
92KB

MD5
c6e17f180541922f35664e3fd5046c4f

SHA1
e1c34d67c0b3817e9a5f3d840aefcd8ccf13b90c

SHA256
3c8e1267c492186cb9702f9effe8cc740e075bd84ee35f54a3f1018b1413f5bd

SHA512
e333257d6a082e5c8f41c747ad5e65c368be4f290bbf2c39a91905db9a668a3dfa7aa8bbf8c2afd57d9709c29ffd6d5b21fc085b043be6dbcc18a61b32309862

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp
Filesize
84KB

MD5
fc03d7b15b5a775acf709a4a07c8446a

SHA1
ddbcdda0f773c23cd235e574609284da09971833

SHA256
60b52faf8b14b30af1c87b1ddba1211acf4b803a050e3b5af826e88dd8dc4baf

SHA512
9d12be2fb6697f49a82d052632f7a925966761ac718e9a0c11aea608de6497d7b8c5c091e8a32dd18fc8449ed1375be08238d70636b05697dc5daa08572ccf7e

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp
Filesize
93KB

MD5
dc108429eaa54c3edd9f0b739771833c

SHA1
5d1fc6a3d073ee5ef875bf5a54727eee0a41c00a

SHA256
0b6ada212f0d05049161da2a190f6d5b319c18b80d8810cd9c73201dbb0a0d34

SHA512
89602419bc8fd1dd46dfb83df58fe859002ca41f426247f771bae4780ab0a87c5f470638a7f718b6c2e4880f94defa2b50f7a56b0190ca5891bd9624c7d63f8b

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt.tmp
Filesize
89KB

MD5
85f23f00bb4e3485955eede2bc1b459d

SHA1
618351a80ca0773b0ec22a37cf015048e7bb3b5a

SHA256
8bbec9aa1bd23c4b021b86571204e585d8d637a64f61e124447824fc095c24d9

SHA512
206b0b51eaae057c7cf62c29fe4f4b4fcdde09374da92da00a3185bca2eb9b6753704e2b397d991ee37d514f01900aca65ae5a123c3f264342a60b199e75e1d8

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp
Filesize
87KB

MD5
69ea76d9af1f2094b7a4cc6a2c852a6d

SHA1
b25280ca353d7645b82912f36c10c3656568e52a

SHA256
01c00a5dda452b088d6d055c9a7f79be3d9897ec21c05aa395b9d1b932e82232

SHA512
04c5209d32bd7f2e41f970ed36967cc1ef8219ba87ff5bc3464559916643d2979e72a4c75d7bf586882090d54673f32a22ec499138967bea0d51b3c622e9232b

Download Submit
C:\Program Files\7-Zip\Lang\pt-br.txt.tmp
Filesize
88KB

MD5
b531a38aba9de137f3998b5b71236293

SHA1
07f76941f26139e67bcbb71d98866972bbb79f97

SHA256
f2015a3426a9da04c044c86665d42f389d8e8d6856c322fb0b5a33d27e1bb652

SHA512
dccc30e45b4058b0de9af292951fe99feda8b8dcb23d38a0c52a447ba28fc49dbb2acd44fd6bc3b1b75abe4c4b310175e684844321cbc82542780faf58bbcbd9

Download Submit
C:\Program Files\7-Zip\Lang\ro.txt.tmp
Filesize
86KB

MD5
86b7a388244613e11c0a8624bf2fa311

SHA1
9190506afae474910018cdecf3b2eb8a36f16675

SHA256
2efe58c4afec7376fa03e0652e8af5a3888cb37ae785c5ca6fcc3ef5b1737e34

SHA512
71d8a6d3e06bf8be723b3856537cf9f9a9d4ef87847dae3cf8a27e9e4e662b26df2dd661eb6cf2b250485e27b585fc649cd652201ef76d4129096618c2c2d936

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ul-oob.xrm-ms.tmp
Filesize
90KB

MD5
8b02d2cb9c2a20110e2e7137b7d075c6

SHA1
d7ac2be6c381b343bd4a706d73f30ea4326a509a

SHA256
b4e4142e8ef6abc9996b4bd86c7e6a7d47f2f97066889b562c74157bcb4805f0

SHA512
518b52a6a12c275b025652d0aeabd2c186078f0cb570d9d46f3f8b1b7a5872d60e3b7b8cefff7367ea2143ef7ff2a17c7b2128823b84ecef66b9466531abb303

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
Filesize
79KB

MD5
de316465c975b0ecb76a06df83010e45

SHA1
cc8bc4a749a4610ca93201c786201f72fe12c190

SHA256
e90e970d9ee3c66deef9892f60b3cab65d08dff3bc3de1da1117c05648703224

SHA512
d41db6ac2e9caa1c44c7dd74253b8a999adc6844d5bb3286636e25f368b186df90c077b80b5e68485b12eb0f80387c23e1b4633d0341c4a1c21858d620f2f29a

Download Submit
C:\Windows\SysWOW64\Zombie.exe
Filesize
78KB

MD5
ccb279a52e502051a9c2ac5c3df1320f

SHA1
e07453f6b6105ac9193e00642f2cb832fdf8f7c2

SHA256
c2fcd7568f92cea364803dc8744fc1edebdd84f4785c2f49a52e4125fc87eaea

SHA512
9624dc3c7e916ce6ace7f244a97f0c64dbe81a3f09fee33cd96665890144736d78508fb3d7db943b1f170700fcde866f1a1f94d17e4f7d41cedac9f849d9f333

Download Submit