7e2b62e76c52e9f8f1b3f5c7616a529e04b0ed51e0b68527a4eb465c8a91de8b

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 20:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

39f4351ab4431119809668e718002d10_NeikiAnalytics.exe
Size

167KB
MD5

39f4351ab4431119809668e718002d10
SHA1

8aad79befa3f951344a64b6b01285fa970309790
SHA256

7e2b62e76c52e9f8f1b3f5c7616a529e04b0ed51e0b68527a4eb465c8a91de8b
SHA512

01dbf631bd64e54a12da3aae97b003d7c610787577ea8af6fe935b0955b8b2c89c067c5e6a0ffb38cbf638b4b9d8c7f7cf8489cd18202d57b85c4d235535df65
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0VXa8e7WpMaxeb0CYJ97lEYNR73e+eKZ0VXv:RqKvb0CYJ973e+eKZ0VcqKvb0CYJ973C

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4871) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Executes dropped EXE 2 IoCs

Processes:

Zombie.exe_Wordpad.lnk.exe

pid process

4952 Zombie.exe
2420 _Wordpad.lnk.exe

pid	process
4952	Zombie.exe
2420	_Wordpad.lnk.exe

Drops file in System32 directory 2 IoCs

Processes:

39f4351ab4431119809668e718002d10_NeikiAnalytics.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	39f4351ab4431119809668e718002d10_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\Zombie.exe	39f4351ab4431119809668e718002d10_NeikiAnalytics.exe

Drops file in Program Files directory 64 IoCs

Processes:

_Wordpad.lnk.exeZombie.exe

description	ioc	process
File opened for modification	C:\Program Files\Microsoft Office\Office16\SLERROR.XML.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\net.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXC.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-conio-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-180.png.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.resources.dll.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.dll.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jcup.md.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000A.DLL.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-140.png.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssv.dll.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClient.resources.dll.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\lib\packager.jar.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow.xml.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ppd.xrm-ms.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-180.png.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Xaml.resources.dll.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\wpfgfx_cor3.dll.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-pl.xrm-ms.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-ms.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ScriptDom.dll.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.IsolatedStorage.dll.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClient.resources.dll.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Green.xml.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul-oob.xrm-ms.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Localytics.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-80.png.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-debug-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Configuration.ConfigurationManager.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\flavormap.properties.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightItalic.ttf.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-oob.xrm-ms.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ppd.xrm-ms.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ul-oob.xrm-ms.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Ping.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationCore.resources.dll.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md.tmp	_Wordpad.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RInt.16.msi.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\MEIPreload\preloaded_data.pb.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPP.HTM.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ja.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\wpfgfx_cor3.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.dll.tmp	_Wordpad.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.CSharp.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Xaml.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngom.md.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root-bridge-test.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ppd.xrm-ms.tmp	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

39f4351ab4431119809668e718002d10_NeikiAnalytics.exe

description	pid	process	target process
PID 2812 wrote to memory of 4952	2812	39f4351ab4431119809668e718002d10_NeikiAnalytics.exe	Zombie.exe
PID 2812 wrote to memory of 4952	2812	39f4351ab4431119809668e718002d10_NeikiAnalytics.exe	Zombie.exe
PID 2812 wrote to memory of 4952	2812	39f4351ab4431119809668e718002d10_NeikiAnalytics.exe	Zombie.exe
PID 2812 wrote to memory of 2420	2812	39f4351ab4431119809668e718002d10_NeikiAnalytics.exe	_Wordpad.lnk.exe
PID 2812 wrote to memory of 2420	2812	39f4351ab4431119809668e718002d10_NeikiAnalytics.exe	_Wordpad.lnk.exe
PID 2812 wrote to memory of 2420	2812	39f4351ab4431119809668e718002d10_NeikiAnalytics.exe	_Wordpad.lnk.exe

C:\Users\Admin\AppData\Local\Temp\39f4351ab4431119809668e718002d10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\39f4351ab4431119809668e718002d10_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2812

C:\Users\Admin\AppData\Local\Temp\_Wordpad.lnk.exe
"_Wordpad.lnk.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2420

C:\Windows\SysWOW64\Zombie.exe
"C:\Windows\system32\Zombie.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.exe
Filesize
82KB

MD5
ee2f8051795eb81260d00bfe249cf92c

SHA1
ffe42441f3635bc4cf52597886982d06a4a901d4

SHA256
1302a5579ea7928cec1939cee93e2be59f9e3ac4c92a1e410d379d738aaab741

SHA512
f4c3ee8a4c14f527f6d263c01bc41d05fc5056def818c08ea35e35c56ac755f8ee5f839c2dfec333caf61c93cf0f0709755638af62ae8a6dce08584518d5f371

Download Submit
C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.exe.tmp
Filesize
167KB

MD5
7454632fb4c54a98fb1962a921b439ad

SHA1
de855b8ae05080e942304d04a892556a2e571f61

SHA256
cfdcce5ee94fbdb384c85eb0bfb4481248a89b439e319be2fb95bcf0409a5ce2

SHA512
b9d45e722222973759553dacf8bdda850647bf47462e9b89d444b7433c0a376aa124ac4441c60e61b17f37c1b8b443fafe6267f42f4e8ef7111d9b8ce9c1b59b

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe
Filesize
195KB

MD5
a7b7b239d908a329b24bfb3afa38e65e

SHA1
019b6b9aad0b3b2a22624211eda730124039a338

SHA256
3a9a5ff99db9ec26e5af303ffc7e8daef7fc7dba08ee56f079d64717c84f7f0e

SHA512
9955e7b375e92620eb3102f5de4b908720c9c716c3e4838a622ca883199ab52fd146fd08061d6f3db6d672ca5e9629d6d83977a521afed611fa32985fe3f0093

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
181KB

MD5
5aa895af932c099f18fee40db3dc296b

SHA1
14333d324ec018ae170c5cfb89f0eaca39da7cb1

SHA256
ddbb6a04c42e0e5e05825558008b862ef7bab6c51fae918f458dd2eb31dabfd3

SHA512
b243975e92a00050fcc34a4bf6116046f7b8341bb8965c89c7acbb454da44deb7285a488b6131001156d6a139e97247b460f7ad06bbda0786d5bf618c9ebdc6f

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp
Filesize
1.8MB

MD5
c52c76639e8b4f065f753bbc06a5b0e1

SHA1
5c16a20d4370cf3e56208d31ca8d53d8bda1f561

SHA256
f5eb0e8f25b2df40b4c54df15dc465090a33a53060a426669ef40cc99836375b

SHA512
0a0cc1a0953ed0683f72821971435ebfcab077693dff579e0f5b9de30642470d39c736f8f7628cb3d7dda8edfe662bc6acea763b2f69ad7a396878f901729716

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp
Filesize
628KB

MD5
8f4894bbba9cdec62c053a9d05193a58

SHA1
d755c3e3616d0e442d8b53a50843e7b991700b73

SHA256
211f46ac035406b47931ce66e75bbf6d5f37f9f2d5eddc81bbf43bdf4c935728

SHA512
937f0b5b0c801edbe2691e744ff4167de9554d26529233c397e6cf47e7dbd69c082725a1e741c99d3ddbda3ffcd2f4ab3b66ea158dbc4e2eb74509e341ca3cc5

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp
Filesize
1015KB

MD5
d21940fb8592985328bd39d97891a652

SHA1
bffb006cfa54b346efccd079b00040f69d5437ea

SHA256
c282563576de98893405f52125444ab6b10f6fb81dd96585aa9112126fb5ef1c

SHA512
7381ead6b984f93285116e4865f75545dc422a30ff0bc72e5f2ed3b45d932552f471a5afbb12187c428383594383165f7005973781b767e4dbcb9b59bc28fb60

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp
Filesize
768KB

MD5
74608fcc523aeea297d714f83576c2bd

SHA1
89fc0d122be2e4f645b682eef0e796a2e415afc6

SHA256
cccd3c7de6c485f2ec1431fd497db07b676fb4ca16d0687adf6c9fd25520fc47

SHA512
a3a47a835265e1c6d31e0fe3719da2437e4a64656b437122c768ca0a8dc8029845df16602b67c8a579b1f0eb245c32f3bee05d2e3fd2a91574853f8014b561bd

Download Submit
C:\Program Files\7-Zip\History.txt.tmp
Filesize
139KB

MD5
bcd8761cced8a42a2c852e86b2e6f1f1

SHA1
05faced15ec145fa9df6176f5a18e6604fd43aba

SHA256
4d9c208e765c521e983373c7ca1093e7b1a0e5a2b6d892334358a3b15aad82f0

SHA512
16ae1f1ad1fafc012582ca6ee9845f3ac4091b07b86d8acb6fe9bff4aab601bd5fb622f0cab6d2bf1ee693ef90bb29b7f90d76e60cc883b20bf3b51665636a95

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.exe
Filesize
92KB

MD5
82ad6f5559bc09e77977a7f214807bd7

SHA1
3104a87764f3519a9274a4579102e358e1ba666a

SHA256
3a03b0d7161d60ce1c12587b2de98cc4ada8ff998c8258c046a1242fc80ab0f0

SHA512
230bbce616ff394be49b2890c334dce2dea9a1fddad270ac194da7d71f9504a56efd15921f1fa27f59a405c53826c724844f4fab47dadf46cd7f7e9f1dd8c131

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.exe
Filesize
90KB

MD5
0c32a1f4a72cb17e7b92c17ed10f1e87

SHA1
68855d497f87cd8565dd24cd1154c14719795ebb

SHA256
263a6c3971f76ca46fc3c3797161e51341784667b8f6d6e9da82fe03dc062313

SHA512
daccf355bb8a9f309c79b7bd2630a5bc9396277326b8a3ca30e00d34dbd1fcc296ef030a183309f74b115ead7949fa6af2c7ae579170dabab856732098d23baa

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp
Filesize
93KB

MD5
17996439a5a2bb7afacc1384240fb25d

SHA1
51c8626587fdaced26ec88f0a2f900e807e4b0a4

SHA256
a0c60e01eddbe16cd0955ea6af2894226a472126a42251f9ccbdb548c8cdf8ed

SHA512
373fc44f1d43abd583ea8959c7689694ed13d17205583fccdfd731f372861b59e20b0ac23c54fb141da98348a32fd2c228888755cb7fb217d5380480765ebc64

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp
Filesize
95KB

MD5
ad6fb3b9850ad5e1baadcc75bbb441d6

SHA1
8ccc1e585f26b28fcd0c9b35fafe6354c1c62a5b

SHA256
25c2fdc2dd4b936003f1e6aa165db66865e2733d6ffe19481876a4fed95e0bb5

SHA512
7ae9506d0118428fc6f5fad2b14a71006bbc313b0b41b00d7bcdf746692ad8873a42502e0dd49565c0593a15cae7071f6947319a4963dcf408cdbe4fef40f27f

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp
Filesize
93KB

MD5
b9b36cb992d7bc2cc364113a4a37a70b

SHA1
9b7be123eba8c4269236a3825e64b94ee07bb1dc

SHA256
a8ae3f830b80f9fd16d1708132b4d3fdca2936fa9fd260337fd9a342cd18c0bf

SHA512
7c275028ef85c27021cca746eed66ada64284aa8c00ce462b2afe95a22511bc9b8a802c1cdeec8f2c00b8a79ee6971e46450ba751526a4314aa496e5fbd2002b

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp
Filesize
94KB

MD5
5706888616a2b235a138df3b4714a637

SHA1
08a4b2d7edc770ce7caa2b2bbdeac29a4d000746

SHA256
2b714556da37c835ef64aa3c42143303f5cbdd43f76518e29e9056100732918a

SHA512
1804388364dcaa949c95387560273db730c328e17f738164b4c04488cd2e8cfa5fe38722c3d89951ff68742e8b27318ad3562345cecf9dcd360d9316ef334784

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp
Filesize
101KB

MD5
d8ddc15b61f5ba6395387be458957a33

SHA1
b8bd85e2d229007aefb608406850c53191b0a19a

SHA256
3108bcffd2a94d6b382d10f31060cd447afa62982aaafb9f27baceefc667c578

SHA512
3a09652cef7b9d7c3ac8080b524348c3b1dd6a18d3edd9ae94d4599cc082fa9114ebaf30953b22858a2ca13ad6e6e6a8be9ca0dc2a44de81eae20ca5d642a873

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp
Filesize
92KB

MD5
741cc50013732ad06d28d946397a1a63

SHA1
2caac065860ef3d90bae6d42af72f895a35c0f76

SHA256
1b1977b5863456b9657bb82d34ca94dbe63260a662b137824d5abcdf66f19765

SHA512
434cd228231d679b3ef7e7d937b5080f4bf78520642c17341f2e839c6ebadaa25517ab7e78e8d6522853f6d477e4b0ba18fa203acfe329b7fbcaa68ed1a8d193

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp
Filesize
91KB

MD5
189195d33092af1c69b9d3ca1298929e

SHA1
cbba017c5bd8059036e65322c135c372754f905d

SHA256
0320202cb8e7842fc2383cccf67f4918685fbba60f757ded0f8958212c21c000

SHA512
f665a62d9d23482442119035b89ef1ff9c5ac1a25d8da480001a90e33729c025a74bb567f088d3b265b58912caeb5e4c368ea85d852e2ce3f6a65d234c933c85

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp
Filesize
90KB

MD5
e2107eaeab4888689a820c9970fbe960

SHA1
99d4d711f22fa95e24ce817f23e3d97eb2694677

SHA256
6cb99d8f85b3f21e43f8882a991e71c7733412277c524351efdf9d12eda312be

SHA512
055e200e7bedada86a43e276a002ce1888cc7011ffb8e5c254e93520cf8cb6e6ab25927c20d829ccf7ef845036b0d9a66d49f6c334d5582a40b0ddd62a8bbeb1

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp
Filesize
96KB

MD5
5620700ce8ca8db7c2a7fe63008b4d8c

SHA1
63402524910abb45bb4e2bab1d91f23605a7d118

SHA256
3deadf360ba7e130af6c2c36ef1e98fd76b7ffde731c3fac68c8460a177056b6

SHA512
e6dd8d80f15e329cbcc10e2a9bc129855e63a63256dfaaec8ed9682c94ab1d453ab0492671db9b9bf3da771cdff2944658464f751e6251216110c66c4cff61fa

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp
Filesize
92KB

MD5
abce8d3cc352767b4fdae2d2db8faac5

SHA1
75c3ab1cfdd2bff7ea010c7c7cddc10b4bd11778

SHA256
8bc60a8e15407b96d0cd4ee245437ac966605ccc8da4eca2fba233ef181ba650

SHA512
0694866a74f454f69c5e1e20a7bd9e2c44a2efd46084887851bef776e64405829db8a6307c3554bbc23bf91818aa8eee26e55bad320c548c39742e1dbe0143d9

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp
Filesize
93KB

MD5
a2fb6175eeecac996591ced284409e18

SHA1
d7705958e27826a312bcf47ddaeedbc357a842e0

SHA256
a518608aae71ad0a1381b2382633c55ade8b2e786a7db7f5eb3a875d326df675

SHA512
fbed0d26f7d8375df32b1d6454820460840d9c2fee6d016310090c83f4c4e546014cbcdaee64dfb2aace4babf77690b4b3ac05c946daf9145d919a5f1db4ae6e

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp
Filesize
94KB

MD5
aff322101c4de1b2934df6c567ca3284

SHA1
bb8067b66d2ef59845b08aa79880ea2be575b145

SHA256
ba4400500976dd09fc150fbdd4dd8ea02a3339a09e4ba9b50decc08f1573ee2b

SHA512
5a5569832d3b068f4dfa57e833e162a4d54745d7fb4a41fcdb8ef051923a694a66b606fb83b1f1909cc192d50ac809acc5a3dffcd1a38dcacfbefc80de3473e0

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp
Filesize
102KB

MD5
7b8796d612419827f52da23fa1c331f9

SHA1
9525d68991d5c7bb793a8ab32ed30e6ce8b02f5e

SHA256
dd86c5171f5cbe9d2a56ce5041ee2dae5b8e003d9bce41e4c5975c61ed513ac7

SHA512
db62d06431ded9410b572a91c23b8280b62b024a26c11e2034931fdbba767935ec3d58e14c8d61b037bbf432f3e86bfd0e8e2f25f61321efd6a96b50ea373914

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp
Filesize
93KB

MD5
90c9adb9b76f0132f46abde31081a2de

SHA1
cba5052083ec416edf1df16c61b74a9db07254da

SHA256
7721ec026813117937f51dd546293ff5aa3915bd1396c5f89d85cd4cc446c9e4

SHA512
851da87aad5328a2c9cfc347ec73ca91f0546091d600f2c25b994aebc051b57ad95563ab9e2d5f444b14561255246edf43de46886d816c85f789d33f92d5cbdb

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp
Filesize
93KB

MD5
a5eaedc767e15c887e5830e1d3d7dd93

SHA1
35e08fdefa518f84a09dea3dcfd669f37202293a

SHA256
4c51474d8ce1e2da1896d99ac0508dd595283a8d9df21e61c964e8e2690561ac

SHA512
3a8b5d4cbcef1a78f6e0896fc3ea017fa2bf5cb0702e1a616c2a4a7ae12bec820a17171792a82ef12f1e9eafb47a0779ad974548ea2886b08d4bcd5ea3c0beb8

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp
Filesize
84KB

MD5
5abbcd6db6a95cc3063e6b94b2615f97

SHA1
bac0bf13f19ec099a893f3c350ccf5fbc17b01f8

SHA256
0953474926fed8c52425623365e2a77698adca8a27c55ffbafed7575c08f02a7

SHA512
b8d27dd1fe9567086c1d3fb0e946759a158b9500d3c062cfe29b4557303ac8f710d18ccd9b99251fd321ef45bd66d79515199e4cefbce37a3b5c4ce80e78124e

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp
Filesize
91KB

MD5
f63de9f7b971261d6c8f010f26413792

SHA1
079769257e96b8a97f410fb4b9548cf901dfa327

SHA256
344b61df893195fa19d9724309d62654e7b208f6875d2e861848556fb2c8b884

SHA512
19c29ffe726e8269940f0700c3b1a034215a7fea976d8f9d3666555e20fe275cd5e0e47a461c9e8d81ff95cc5d030ff78ca337d2de53076a7ca5fb42e67bf690

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp
Filesize
92KB

MD5
d1ef5025af4a3a9d6c03128d9fed0df1

SHA1
33480f6d8d6e6ebee66f3b34efa630720fa3d862

SHA256
ddf03df779d16a7e59d3d7978fd840e897298f0c3097827c2712796059a6fb79

SHA512
d496a6e6176ce9a1c83be69a3a6dd4b252528c2110cc3fede8fc476449c931cbed077e6952e7eaad4a0da8d3f40d73caf715b7c20a400cf6afe07f61eba101dc

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp
Filesize
93KB

MD5
7faf25a9ad4446b0b4532cf5ba829e6d

SHA1
f39217499bc28ff204bafa9c69f1d97c23ea7d85

SHA256
a5c74e0f1866859e79ec4f1818572293660b9da21f818989442416b898b95a0d

SHA512
28b997199b262af4ccbd5fbd7e7e9202cd79863afdcd8970b2090ea97b5dbf697abb1a2ca1ff2b87ae079a5830e15f1db0cfa11931cf5f38d0374f1a90bc186c

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp
Filesize
94KB

MD5
c35e58939bea50b67a661e014b9bc421

SHA1
f9c9871b4d62ec3ab1f633fd650ccce2ccfb47bf

SHA256
71cf84b15bc7d73ed7a4d638e4290b5317f4141f711bffc5abcf65cc41765742

SHA512
ac70cec422d05b27f80cd92b8a0629e66966836a267bd506d7becaef9346b15eef02c3db70fa494c37d16bb8120e7b0bc164912ed969ad4fb8c4a74dd735bb66

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp
Filesize
96KB

MD5
2d1ad3cecb9da9c2d245fa46c8d4dcaf

SHA1
db337a29a78c9c2f37495917e18eaced921802dc

SHA256
1ed9bb2eb0c634ff880bd74e87e48677112e83a92d0ad81f3c88de94c55e4270

SHA512
199a6e8d37968b9bcf9de91e10d87f5eaa31427fee0e2dcfd3411679e2aeb5e803a6534b764ddf357745568b097155c88f1aee4b3e868d96c51f76b6df23c432

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp
Filesize
102KB

MD5
d03e36bc21cefa3b22180f3d908f91a9

SHA1
bca0c73ba3b3a2549fd1de7ef41def8933d99e33

SHA256
48db88be3d0b0222ae5642a870f5d3251ebf16c8ead065ddc988c812e96a8403

SHA512
24b8d82e3287211ffaaa6dff9d7e4584aa689f510c9cc676fe8e63693846a9b328fd70b8ec75de5a7191920d0a843397fbc9614cdf1f98fb63306eeaf4dfe959

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp
Filesize
92KB

MD5
db42d215169424de07bd1a7e9b6824aa

SHA1
1f94a21240dffa79ea2693a49d3aa1ac4604ce5c

SHA256
8dd7476ff17cac2cd7b2bd68b46b2070b0b1c206a8b9eebd05a87bca90100add

SHA512
42ad436fc99f289f8351aef460070045a1f903110f5c8edc3b133f3cf3bcfbc28dad4f3a26faf2bdb39d3ef039ecfbb90c610aaeb474626d0d8d94aa65f105d1

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp
Filesize
93KB

MD5
5895b0068c7978e4f817986dea2619d3

SHA1
ca6776d2e6a9bb790651daa9cdadb723cd1d50ea

SHA256
108e469ad27fa26b1b729a3d21d9252a65066f7460a2b772122c5e2fe0314d87

SHA512
63fe1f4bd0279e9ac38ef14084b2e66a6f51f9cb49e035e72d9bbc860c5e774db22e5154d852491e7a7bfbcc5e127a1721c8f6c7ca21393be466dade3e7d288f

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp
Filesize
93KB

MD5
3a5d7c9d36ba0dcbfe1b17661b257209

SHA1
25a92c144dabb6c93fd7acbf0ba459024f5c62b8

SHA256
261f19a8b241c576baf5a562b2196d6164edd2402ce672a51af2ebc73e82b5b3

SHA512
23895a2945669c70a91869b99414d55767e7007c40f9f015a2c3d7b7991560aa78a6386e600a99472fc9022af7ebd752157bc4792efb1566e7d7e2eca353fc37

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp
Filesize
94KB

MD5
db70f86d800b349d35d97e0c87448a23

SHA1
866112b85734e5ab97a1f63f267e373a84073f63

SHA256
1538bbdbfebffc73da83b94d3392dc6483810ea2f26f507bc449194a0b800814

SHA512
c88d4d1aecccd04bcad5e46e30d6a727c2b2136727bec2a842a23248463befa772088dbc46c144ac7f631afb7d3fc8a3c495219d0f5e0f037a34fc6019c6250c

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp
Filesize
97KB

MD5
8c62a5807ebef3714cc4ea730f929ec2

SHA1
73909a689efbcdad9c7aa810251c19ba4e80e4ae

SHA256
661bf41379bb0837c7b960fbc94e5ae606fc5047d3c6fe82a6cfa96ebb039076

SHA512
abf19faaf54d97e6bc28927914b1561c400a275b2cf83dbea8d0adfeb2985deff3a0e17a072a36bddd6d0fb6ce56a6ff5e0e996f34240b3c81f74e6f2d8beb67

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp
Filesize
92KB

MD5
4376c363a055bbec73577416143bdab4

SHA1
c306cdc68c8e57cdb6b0037da54c1ce885acaa66

SHA256
505c1e0666a50e51859e7c608134ffc7a19aa4eac9b1cf857b263d2cdbd73e52

SHA512
26cd92849b22f4cb37ddebd9b37c3ef46533a7ac9f5e6d3fbdb8ceee2282cc9acf3b31b79138ec9a80e9930ace386ec6e758682177dd4fee65efc4705d88ca3d

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp
Filesize
91KB

MD5
4e592399f4b98b7a49a5a256441e91fe

SHA1
e0b25aa52d90d9771c130469165651f1621bb6ce

SHA256
0c6d4be3d0831ebbe7ae5083171394685e374d8b13ccf610cf48aa8e9af4643a

SHA512
18fc165503cd9b181c39f8c7e669092abc19c8d4c68111f659b49c533d1d63ba0f5db18e9adcbe8887ef481e3fd4b96d47db4d10b7f66ad96aa2badba819468b

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp
Filesize
87KB

MD5
a5e3d3e2a8a87d431f819b3d93cafb79

SHA1
114c5cd374fff68a6c6547f9e1e16ad18363c973

SHA256
aca6273e0c5f1ab0415356ce7a9ea469b1ac9f989224704d357b7e36183a0b8d

SHA512
37cff9aeb8c8aea861bac36d40e14285b9ee22781530c04e1d9c71b95398e6bb68bf3619e8b3cb2e1ce3516e8bfda79b4cd7e9a01446b01a2182231e5dd9f213

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp
Filesize
91KB

MD5
8e6f4cac9d8287230bbd2684d14fccfb

SHA1
163b23a2a53633baf11547275c4a9f340ef747ea

SHA256
9501814b7f36013abb2c3c83df129ef363d512d5d3da5113e9029d0b9f6a18ad

SHA512
61cec15820da1dc411869b3014818459b35cca38ee7674248c23195c036779d52bdba19d58af164c2ec3dac5d971b6c8a8565d6bd1a0993a20651f3f35a226de

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp
Filesize
90KB

MD5
9960f9db0017e4e1fea1d7ffdd965645

SHA1
e379ffc29a8cb77bfad3c1d4e428c827bebbc2e0

SHA256
abd3345160b0958a72e45ae919389a6cd2309c39a4fb073f669c3c98e9de6b09

SHA512
f9daf68245d1998824ac2cc4253fe8ae793c517ab8311f4e67dc7a2375ac157501d7049743264d141c074f7d20aacedd13c7488d4624300ed038b4b250887ba8

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp
Filesize
102KB

MD5
9d5528e1d771e344516f3a1c9520f632

SHA1
795d4e4e0258e2e3fe3887508801542d2dd0b4e6

SHA256
791457d150669fa020f541028f5d54451f9ac02fccea1a39430ea632faa19029

SHA512
c4afe09455ff6a987b37faa1b32762572e13c4f3cec68109b2abe15e6a0d7028e7126b6a583e26f3449a47171e37da1e32654c0a6d348220289b13aec72a29d5

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp
Filesize
103KB

MD5
8c2f7be710410c9a7da973267b578283

SHA1
032025101fe756aad065df882e31fcd9f8e57d79

SHA256
e95b9d8dc4bafca1b766c5b3b9e816637d0408ac4b18d799074a5ce7eacde979

SHA512
6aea1404d391db381b977fa47f3b007a3213a9a0cbacfa40796378962a26f113225e5ac213fdc2fc45f086bec39ef7e1abb578349c4668eb2cf132d4f2e19a5a

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp
Filesize
89KB

MD5
a5265ca5e914ee88863ba502ecf49d5d

SHA1
4d1c9d4c9a21be235140f5d5b85c0619192a09b5

SHA256
fff080c0b43ba1b1791eb9e2228864bfacdc5a7cc788be6bbe7d2cab7883ad5e

SHA512
6e433c422f0758a4247f0dbd5be77ac4c4640b0267af9c301a6df874ea2699316b432138ad5c8ded759c63bf953362c801ac19ce0fd517a2dbce8c94e76cabb0

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp
Filesize
98KB

MD5
90f53a00f4705a7766acfa300aa60dec

SHA1
15704b04b938f3e4a980c46874611b4640e36fd7

SHA256
410ec5557cd8ac4718b643f84d53fe8f694ac71aaf51a29c44322ae6431f7a69

SHA512
54165dd66865988ffdfdaf09856f38ce5b9a56452b4226d3b256330250ccb46e7cdd4a7c7bd245c9e12d30824d802add58dfdff55a9cf4131fb4369d3971c10d

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp
Filesize
96KB

MD5
143a8d365868fee55629b5a13dd84770

SHA1
75657031c9e7da2e85d85afaf74b85d13f482389

SHA256
c99fe26dbb766456503b79b27bf2764b5478ff601441ded7aeb238b44cb105b9

SHA512
22a638432a942f56b2e37b5de34e0b566486c61d50cd55c71d3785a0e0a99e0af06fa01e04e2e3ad9ac6fd2983aab136742aeb246f98096eef8eed63e223d285

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp
Filesize
84KB

MD5
d8939d96ec36bd6e4ebe1c43048fe723

SHA1
3831d78d8304375dec3592df6eca18cafbc518af

SHA256
64f37018409af27461ba5d80457850154900ac26e680d0f254a3f61cbe7a442a

SHA512
c6e77ce040cfbd5b464b4a95311a9f89caf5dce9b34b4819140fb3c03b3aee59be8ec288c9a221f09b990bc635778ef8b1371fd5ea0e92c04718831c58f66372

Download Submit
C:\Program Files\7-Zip\Lang\pt.txt.tmp
Filesize
94KB

MD5
b2956451b55e7ad92d3a1420724f8b24

SHA1
9cecb3b639cc8231d99b813a30163e91ea1fd665

SHA256
ea33f9326342c1c64c73fbc008a2eb2fe9b997042cc08c0cc44660b4d88bdbb0

SHA512
f0569bab4b3d648892dbf02fb5d38df5e2b1969011f66777600573f767800b8d684939b017df54e55825ebf4cb092749aa74540ec4ae5c188802db2bb0f31fbf

Download Submit
C:\Program Files\7-Zip\Lang\ro.txt.tmp
Filesize
89KB

MD5
8745369099f58fa6eec122c6706bfd04

SHA1
dd4d3070bc5e034d291f19c16d257240a84e1ef2

SHA256
6a4d1a7b54c0d95209f20bb1799447e6097e0d81ba3960477f7933b76547b0ed

SHA512
dad32b6cb13ee70f49335ee21034d8e8db600698b69ba4e686d514eb18108b5fd546e03c0eb5701717c13ebf8ba76b9ddb0e3a4a4ce96028baefb59c9541df49

Download Submit
C:\Program Files\7-Zip\Lang\si.txt.tmp
Filesize
103KB

MD5
29aeaf9d8ce99cecad5c401ae383c7dd

SHA1
5f00a51596653eeecb778f0272598d2dacfd2e8f

SHA256
80e72bd2f4f8e097bafaf9466e05a6cb0dd289ffad63846471362bfc07706bf3

SHA512
f2f5f67b0669c7566b7e496dc8f2863eaf332731df8130c69b1a327a80c8525b3900c10664e682818222605fc8560ed8fe16175f447d2db90aedc02e444fe35d

Download Submit
C:\Program Files\7-Zip\Lang\sk.txt.tmp
Filesize
94KB

MD5
aaf9ce118ab74b09e7419d0dc927267a

SHA1
4d849ec77c825d9247a17f9d5fca002abb26ca92

SHA256
f446462ba46db2573d4638c354d2fac54861a2ef1e9393507bb4df93a7512927

SHA512
b688a941a94492d7e3d34f843e986a5129b86c9986960719698271ac338a39ed5e23731369014ba4d0a2a71a5f3b099789743607db9f26b761f466836e74d6bb

Download Submit
C:\Program Files\7-Zip\Lang\sl.txt.tmp
Filesize
91KB

MD5
84935f4d93a933bb170dc069d5738ea8

SHA1
d04cdc94b68a60c67fea56316d83273947a8d5b3

SHA256
f4914fcac6d215c7ca15c1742d55575c02f8ed37c55bf61f784ecfc22be1d857

SHA512
19bd79b87290aaefe20b37e92b9b1c91184a53130c11d7b27ca825525f090313c0dff1ce364fdddf107ce889d2f22835daecc5a4be5df3e635683c108525966a

Download Submit
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp
Filesize
100KB

MD5
267fe13b669df07beed9cae6c4aa837e

SHA1
877f17f657839c685716b4b2767d8129f587c97d

SHA256
d00fcbfca5e45781697eb2fbb804f905ddfcd370d4046e35b3f535a333409fa9

SHA512
d023048db08f3d7f200f8f4a93c49c8dbfb83722ca9a11b166352856a781f9702f79e98a6e254538050a8935da87f7e4f5770b1bf57962d955fedc50c3018cc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_Wordpad.lnk.exe
Filesize
84KB

MD5
38bc3aaf2e96df5f24c7f17a4a5362c1

SHA1
c623afa36eda431fb16b7cadb0d515fadb75b5d2

SHA256
0e2d15f229f450a1b3fa6e169f439c195fc4baee16daef3d6f0337b60cc05109

SHA512
ef74ecdd7524caa4c5ed75dc1a8bfffe4ad83803a64f27540a400891b29def16b692c6c2119fcd5c1ef05ebd2c553dfee07693290291e2e277e12357294ba2a3

Download Submit
C:\Windows\SysWOW64\Zombie.exe
Filesize
82KB

MD5
91c73dd48b5f3b73d3eda72ab4b78596

SHA1
2d062b73c13f58ec63faf2c7445c38cb61f242e0

SHA256
83cf0fb8eea30f2d5d422559b76bf677ee6b8c19b60f8125f9c46d8d0525434f

SHA512
13d139acc4d12ed1ad1bd8033222556454363fb824d4302775c3ccae5e2388c73cf11f04c69cfc2bf66b80d3b92fcd8a98a365f002e16db210b579272e9454e4

Download Submit