8644ee9eccb00a27a78959bd6ede520b4896aac177bf235d5ba20d8fb8fb9f27

Analysis

max time kernel
149s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 07:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b2d9c54805214a1309dd0d0555ab9ca0_NeikiAnalytics.exe
Size

146KB
MD5

b2d9c54805214a1309dd0d0555ab9ca0
SHA1

db1f5bc5c0a07f4b6f4fe60770d3d2ac51e38ad1
SHA256

8644ee9eccb00a27a78959bd6ede520b4896aac177bf235d5ba20d8fb8fb9f27
SHA512

b02eb713d77c48d811e7b91df6efa71ff977d4a2648597ca8787f8bf341f6f0d9415f445f8fef88574c840f95c63fae018ddfb9d09925b79efe1b1101a6dca0e
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65TGA3vu7Z9pApQESOHepOHe8G+6E65TGA3vT:69WpQEJAq9WpQEJAr

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5228) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Executes dropped EXE 2 IoCs

Processes:

_desktop.ini.exeZombie.exe

pid process

3864 _desktop.ini.exe
1548 Zombie.exe

pid	process
3864	_desktop.ini.exe
1548	Zombie.exe

Drops file in System32 directory 2 IoCs

Processes:

b2d9c54805214a1309dd0d0555ab9ca0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\SysWOW64\Zombie.exe	b2d9c54805214a1309dd0d0555ab9ca0_NeikiAnalytics.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	b2d9c54805214a1309dd0d0555ab9ca0_NeikiAnalytics.exe

Drops file in Program Files directory 64 IoCs

Processes:

Zombie.exe_desktop.ini.exe

description	ioc	process
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Thread.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\WindowsBase.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jdwp.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.Sampler.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nn.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Windows.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.Registry.AccessControl.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7EN.LEX.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClient.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.ProgressiveProcessing.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\LEELAWDB.TTF.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Parallel.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\rsod\onenote.x-none.msi.16.x-none.boot.tree.dat.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-heap-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\decora_sse.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri.xml.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ppd.xrm-ms.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	_desktop.ini.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	_desktop.ini.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.exe.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ul-oob.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office15\pidgenx.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Office16\lpklegal.txt.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Xaml.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Design.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\FileSystemMetadata.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tracing.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationFramework.resources.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationTypes.resources.dll.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\fxplugins.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\cmm\GRAY.pf.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\local_policy.jar.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ppd.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-pl.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.DirectoryServices.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.Forms.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONINTL.DLL.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\orcl7.xsl.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8FR.DLL.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-phn.xrm-ms.tmp	_desktop.ini.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.Forms.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

b2d9c54805214a1309dd0d0555ab9ca0_NeikiAnalytics.exe

description	pid	process	target process
PID 4740 wrote to memory of 1548	4740	b2d9c54805214a1309dd0d0555ab9ca0_NeikiAnalytics.exe	Zombie.exe
PID 4740 wrote to memory of 1548	4740	b2d9c54805214a1309dd0d0555ab9ca0_NeikiAnalytics.exe	Zombie.exe
PID 4740 wrote to memory of 1548	4740	b2d9c54805214a1309dd0d0555ab9ca0_NeikiAnalytics.exe	Zombie.exe
PID 4740 wrote to memory of 3864	4740	b2d9c54805214a1309dd0d0555ab9ca0_NeikiAnalytics.exe	_desktop.ini.exe
PID 4740 wrote to memory of 3864	4740	b2d9c54805214a1309dd0d0555ab9ca0_NeikiAnalytics.exe	_desktop.ini.exe
PID 4740 wrote to memory of 3864	4740	b2d9c54805214a1309dd0d0555ab9ca0_NeikiAnalytics.exe	_desktop.ini.exe

C:\Users\Admin\AppData\Local\Temp\b2d9c54805214a1309dd0d0555ab9ca0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b2d9c54805214a1309dd0d0555ab9ca0_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4740

C:\Windows\SysWOW64\Zombie.exe
"C:\Windows\system32\Zombie.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1548

C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
"_desktop.ini.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:3864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.exe
Filesize
74KB

MD5
bcdfcd1426e90aff61924e9595febf8a

SHA1
a7ae8f0e350e0e7d79276f5f71182748ee1455ba

SHA256
75fdae1a228536bd7ac8f92f73eff2483101d5f4baa9e06dea863d59da979781

SHA512
79990d97986efeef4676e1ac76b409eddbeb351ba44e212a1fb7fcf251856d53924b0cd082985c293e8015d6e28c3c06878b5f435e654f26168891431db400a4

Download Submit
C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.exe.tmp
Filesize
146KB

MD5
5b8759372e2c1426caaf1bc77dc5f371

SHA1
ec4bd808a3bb066cac3d8256ae070033bac5986f

SHA256
422746039cc56e50243a04d39508857366c9df951a0ae11f47953418bb67a177

SHA512
4fa68cd20c8b324a0828ce7e9c7ee1aac6ef7cf12d0ea7947279092c758768ec372b644829068bf91752ffce83265e20a865390ed36de36e1644bfb066cff6f5

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe
Filesize
186KB

MD5
951aa7c45d025f2778e42e8d0167d31b

SHA1
f0aa495ece48b7a8b1727eee13a6129b7e5a580e

SHA256
4186a11f1e2db021177f037dedf353c6bdb4509c24e23943f1ac66fed8155d64

SHA512
8d87268ca77dd8dd1d2c6e6ba11120d5f4914c775c89e0d2a220cbba06b8e968b7af532189a5728e08bde816042f7391c8ed3813b7326c19ef683aadc5227b53

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp
Filesize
138KB

MD5
81ca2fab92e93a845078f001c40b2dc8

SHA1
37291bc44eaaddeb0dd5bc23d29ee93f2a4c584c

SHA256
ef70151f8f634e1ca84323d123cc79992f09d9c2b6acbcdd85a68ee7937dd491

SHA512
5ca327bb60d7718feb26ab60646e74192552220ebbebc317c35e8147f52bca6c28acd75d5d9ca2880d8b83916d41e2df89d7dc9a5965a5081354ef9ad46121aa

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp
Filesize
1.8MB

MD5
a71618fc1e6f9a4e2e208a5b1f85f5a4

SHA1
047ac7e90eb85f84143a49973867477e87c55814

SHA256
1f5ef929cd8859e25832f8ff67183c1c77aadd20faaa943fe7961f4d8e6bc37e

SHA512
8efaf65dba02e5ee9f632ca3f084293a8349badb3f6aa40e924ea2a2393a79c04a784effafefa720038ca8648435284a2fcce0ff1342ea1fe97bc8588c616fbf

Download Submit
C:\Program Files\7-Zip\7z.exe
Filesize
617KB

MD5
c3e9f493fb38b3f10e54ba2f40b5ea79

SHA1
061c2fdccf83778a8a7cd642111470343d88522c

SHA256
3f7eb890e1ffa4541d7bcc83ca4d76302331b6529e7cbb41449d80bbd4db5639

SHA512
0d1989b55e12c81ccea025bc8f94c48ecedad3fe329c025624e4a1a6eba0ef90aa170344d36b11eb84706e7797fd2a224606623c4fdab4df4120f83882160315

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp
Filesize
1004KB

MD5
86436f5cfe57553c386b9bb25a9e7a42

SHA1
a6fbc0b3de52666e10fe437c3619e6af1d4d07c3

SHA256
e56f76b5edebf9f963969309d601bf6596857238541a948aabccaa1d61881f5c

SHA512
78b3f5e6b537f67365a0f02ebbcc0cbabc8ef13f6d10627dca3469a7de71bd3fb8b79c4ebf27a84a9a1197f95c9f7f428437365398ae6dad93e71d1990995108

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp
Filesize
757KB

MD5
d6e7ad20ab869d33f6bf6e644d7e3698

SHA1
e0cb5271a4098adf2bc7128788813247e77d52b5

SHA256
a2b0e3191a3275fdfd1fb5b3ca82c993e1bec2964fb1ba71e7e849c9cc14c469

SHA512
0a6585c10d04f2eee7882e2ab3a2284eadfa2b5fda920dd4eac1c2ded6747806a309743f592748701dc338b39ef2950103512d8a1098cae85d4113e9a4bdcf6e

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.exe
Filesize
83KB

MD5
bbfa5a6ce2be770b00aca6d927b4dfd5

SHA1
c50b9ea325b9ca2fe2fbb53e01cb02cd131cc852

SHA256
81a5f2d01f351f86f16fdec8091b071447729c9ac9d7f0ba56015a86cf1ed38d

SHA512
bcbee883a44cafb5e55367a0a0bb82a5fe4b3269de626cdb05d8d0a44e8fcd944f8fe9176ec28520868561c5bbfa286ee43c7b0c4d9b32a9e780798d72565003

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp
Filesize
84KB

MD5
0342f9ec74793732b91c7a56f0598ddc

SHA1
354064631e53db39002672ba8e2c5a7a358ef0d1

SHA256
0902c3eab9795ba2dcfe9c845b1a6310c38ffe039bffa071aca8986a80545dca

SHA512
fa9036f2ed592aa2199f9fa8365d491dde48120cc91b0702b95de4df971d25f23b01f7138ecc0bd80cb21ae22d7d3974cfbcf66ce19091b0993fb75110aeb2b6

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp
Filesize
85KB

MD5
d1c22e18fa40f487a72da1100d45fdcf

SHA1
fd128c491682eff5829226442940f3879a99e3af

SHA256
3b14d9ba7fb904d883b4dc4c1d7d89c52bd131a7cd70e67665eb5c940a5fa6f7

SHA512
2ca19534ca7cbc20443b8a1e413c417e63a5d8abd9d928cba75e08d78fbfbc37b06ebcb336a0494296234810003d36349b310ddd298679afd297c65b92f5042f

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp
Filesize
86KB

MD5
a2410fe240d63a5b84e3ce86e38f158d

SHA1
c001994f58b9c9d0a3454408fc282f82d219dfd8

SHA256
f46e016a2e3db04b66ff0ca050e4df19ccc86a6a08fca94bc65187e26cf3c8a0

SHA512
2e08ac419594c23fd9fe980ee102ddd3e8ce2d24adc278719abb66e57a0113d94e9e282d273778e358561789d7045f33cede266a7de1947f1cc9d6f057d68124

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp
Filesize
88KB

MD5
861068fd11e51be0a9bf630e8c7a4756

SHA1
fa4358848fdb5233ad16cad3330d93b63e28d145

SHA256
a5bfa8472ff3b273aad33f30c48c26667f64d48af673a74b799aa633a449e583

SHA512
7a6e7329884bf501340d60ff776cde7733fccbe5a2f5309c08eb53af099b35ab5aa1596dc80905390db285977f8bcae9de7dd57698bbf3fc6b9dae8b81d27b79

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp
Filesize
79KB

MD5
a1de2403b860c56ee777adaa662436a7

SHA1
ebc7cfba8072e12b4229f7698884ab75e5557c8f

SHA256
93ae257d4e9d67f005b8648c450c51316279e67d2330c2fed1d9213d419a6284

SHA512
bc8f50ecda8211beabbdcd894bf47166d5a14a20e0bf47eaa2a68dae22ac0aa11b37f003c64abcf71a43f2cacf12e8150a53f9a8280c64d78c4227276237d726

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp
Filesize
82KB

MD5
0c84ba86a2c1d1cc9a569a05d4565d7a

SHA1
c7561a3309a75a956b6cce8bb26acb98182ed4b5

SHA256
28317e96b3d41c1bc3ac2fa7fd2431dcc0b2e312438a133ca92db8ec29e8e3c0

SHA512
b54eb7c70c78913ce73bbfe54bf3994446934abe3fb1d76685ae96e104cbd415ebdc07713fd99e401949847201b75af8622f876a887587f73dcdfcb1be3e8d82

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp
Filesize
80KB

MD5
715bbe3e3f70ec427a716c0f6a09389b

SHA1
115f732b834e282a8ae7100063418f9f9f1bfde7

SHA256
684c0ffa76e06400694acb3606be4880090afa2e462f3bfe44ad0835998233d9

SHA512
422aeb44829e5377770b168e8e461273c2761dc11bc39ebc70d106c5f9dcdac3bcf490f3a2c4c64411253494926609db485b698b503cc03c84d78eb8cc2f8e1d

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp
Filesize
83KB

MD5
4680602fd5f870b26f73a26c05de83e3

SHA1
75b6887581b847b81a74ae7aa8ae57bbe54282d5

SHA256
924275e3a0514daf5cb1c258dd2745a5a95aadf13562f5bcdbce68d1338b434c

SHA512
b93707c6248ec0121d465151d0d5a3c3d0ed33f52219447daa896f407d30236afc6be3506e1cb48730bc031f0e0d37cf1e84827bea84265ec5f33748aa58154c

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp
Filesize
89KB

MD5
7eed51a0dd219a5485d27891ff2d1a1e

SHA1
1a708689f621330460360a5743c3980e70202e08

SHA256
bee50142202ddee6f24d771c90af35e4d02203b0a8c54a02e5c8eb631099fcde

SHA512
12ce9a8a7b2b70bbd5598269596c56227a2bdb735b655d41d66a58cdf4a35af94b053e10d82b39850a26c09b609dbec09576d2c177771d4737d5011a061780eb

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp
Filesize
73KB

MD5
2cb8864a4a6bd7f5a2526fa730fc7099

SHA1
7acfcdaf7f30385de4cdbce97a4fa3da48910f71

SHA256
21f4a272660e77baa7844f23dc587b83d588ccadba3e2a6ee4bdb46362e39249

SHA512
beb8f18bdbb20dc48eb59819887104b13c8d2b34b0ee7d5b98daac2235d4b305d208e7cc21588fd72bd51e6ce5188ed5d0569a78b3fcb53c3edb565b18072b51

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp
Filesize
80KB

MD5
7c2d8bfd9a53d2af5321f35848d40a8f

SHA1
d65a2e453ff0c0b5da6a0eba149953c0ba5a90bf

SHA256
0f6b3e118e73b6a366fb773dafe86e55c0839ed14ff75e5b88448bd4a9272a5d

SHA512
085f7ee4c5a59e7030b884d2410c737e23852a593193d32cb50b2ddd748892b6beb981a7a92dffa93252865e998e5e9e4bd5d57d329c3f2e5e121cf7c5772021

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp
Filesize
82KB

MD5
671233397852266dccb625f14783597b

SHA1
1174eb855a73ae16b15e6a1e75605f49e11fb5fe

SHA256
d438cef5c43f7f92d0f23e524c27d27f04f651e2143b047b64276d1bcff75d69

SHA512
876171a663227218cf386738ae69e1b08e9709bdb3e8a68ffc7fb6f9d55e215cdd070309fa0bc436c2aa8b7537204ea9a1403099f7690ec44fdc976c61e0d102

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp
Filesize
81KB

MD5
4dbe8d8cd0f11349da6f3445a53a168a

SHA1
ab2ef58a37e22b04b6201f97702f9538c53977ec

SHA256
1a508ff26b1cc3f3e9cd25982187e5fcb5bf5f262497bacf103d600421694bbf

SHA512
909a70ec8f7d46737a48e4d1ea5d12371c5606369c5baf84f59ac1a6a3fb4e19c8a7cef819ea2f0d874628ca2e041f47dfc934460f7274556316250dd56ec91b

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp
Filesize
78KB

MD5
6fc0051beb5e3119a2bc4720fe2f7017

SHA1
9030919f5ec2ba621d869654ca45ef76e43893e0

SHA256
0699e6643016352e7c6bf3f9c0e653b1450256a2bb9c79c301aea4d7dccdc936

SHA512
72d5369fc0c3c264470f2a3f35129cfee56dd49ebf4c67d4df8c87177356893012eb6c61d119e7ebaf39ac559a4402e1b8e1c6cc3bd615ad12fc028c2dff7c41

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp
Filesize
72KB

MD5
b5a5af3dc0e57d814d4dec0de362b4f8

SHA1
9956f505817ca0798dd47f1eeb08fa4a087e2ed5

SHA256
fa9420cb961751b1ebbfa127c702bb914bddc37b08224419d10209929ebd85de

SHA512
6f0d79949f8584212ee2a84bfa9f7e26c5ea00b12ffb3403d0fb4dd8ee058c301bba22d486841488ade35e8c413d6ce2c18081c48c3b17207302b8a033779f42

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp
Filesize
91KB

MD5
25cb949927bd6ad6523f10be4c18a711

SHA1
24ab05ddf891dc8123ace19cd725fb80c382691f

SHA256
12a5d9ba01d5628bb353562b38c2cc90bed640e0ba8384c573d7566ae8419eb4

SHA512
f6db3b13cee5af1b883f540a2c33d7daa94125c65fc5b0eea7d5e76b928c031065cbc395df157d76196276dc9674a2cdb10219b27cc8ba863133387ff98e4cd1

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp
Filesize
82KB

MD5
30117c1602df79863fa5872a63c0696a

SHA1
d7ba431142e9871215a6111a2f4b96e43ab0938f

SHA256
3e13cb94e71972de45fb03ed3270be21f2a8cc6371b8d7212a97741d42bbfa42

SHA512
e6743fdc8ee65ce3dd07ed987533eaf4cc29c4de14c42ea7ed70f9ce74bdbcb5829f8ebd1e8bf223672931fac4838f24888bbbb4263872a3516b20146deadb76

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp
Filesize
87KB

MD5
c5093b9404adbb59fff1e2b218f8a010

SHA1
5e2ff3c9cfd3e5affdfdfe9d0d7b2bc4edcf2ea6

SHA256
dc58fa95b0c96c7618500eabe177e0dd047bd66b5aaa2b0450b65d878109dc24

SHA512
af09cf58a0355f7b4e7a9196bb0aa778d31995acd06ba5263e4f99b732831e1055dc431c77da6bc46b847e13adb93f574e690cc09cbbffd2b8b45ee20a5df547

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp
Filesize
82KB

MD5
46a69e12bb20e9286da2f2d1e52716a2

SHA1
6975cf11d69c32faa61905b8fe18cf1d0e576d9d

SHA256
a668525e7b2895be852055e29aa0a7539de859b81644b0487cc315773aabc0b6

SHA512
1d17859e6a26e169be5f79c296b278c56e59ebeac2950d09c707c8de802efa8ea587d2ce1696a2cefe85eadd30d329d94432f1f9a93135194e42a5bace3c5511

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp
Filesize
72KB

MD5
a5d9091bfddf7628810f7480ab2c3171

SHA1
073bc0f4cb158c26e0c0d0306614b58dd6a937fe

SHA256
f890e74aa2bf86d38875e877e1b6572500f162a378a945c3da31ad28981c820e

SHA512
d7c7ac051d3685df0049e8d004ad9c28b9f38e96fb191d57c2c155aaebd806ca2589eb1529e1190ee4910eee1e58e49e02f4fd1ec7997387221edff1b9cbac7e

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp
Filesize
81KB

MD5
39ba505c7065f2d79467ecb0b48b1e69

SHA1
c0891b931b6d6d07684032b04d920aa8e9ac8545

SHA256
174d038c36dddfdce1ebf523c6c611ec2cd3fea74dc7f079875c1b594c0c22e9

SHA512
fcfc3fd05f75e03cd9168807cd06923db2d66d53e777ad488df93314a1c51388207fe6928df0704c3b959c0cdd8ffa9a85c61d5a0173cded0b1dba361ff7dd81

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp
Filesize
90KB

MD5
df3ea69557c20f8980c45e878fdce0bf

SHA1
9c6c501e6bbb4ffa67949cc42ef19a79553337fd

SHA256
e343f3d07dbb412c138189fc9bae61017eb6b809a481eaae4de548e583a816b6

SHA512
e29ce8a83652d87049ba2e34678d0e76e6aa898e3e3ac7dd6097f7c255d5ebf9c4aba427c0a835505db0881e0dee6f984aa201fccdb43e261d0b893dd88c9b1d

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp
Filesize
80KB

MD5
d5792250f7fd189b50b5d7f4784647aa

SHA1
bff4150ffe4b70814d8c765b8ad5a83e1aacca0f

SHA256
21f0989839b3c243af58fb1b0e734e36192518eef20829e57ef6e9d74f14ce82

SHA512
b6bef350d643618dbe41a8133c0ea9d85b3394a28ab087e9feaa30e97dfd30d66e67ad3c5951d5754d4ba076b0bb7083f1abf522c565f726c7ac66c8f8612f38

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp
Filesize
83KB

MD5
1c8905da79bbfdaabdefd4adb08c22da

SHA1
5d71cbdbdc606a4b369ecbbd37d48071bdbab12f

SHA256
fd01a8e7e88a1275a0ae830026be6f67dd96a9cd8a7c4936f6f2da8c70426702

SHA512
417568aec8cf1c0f88ea4a6e16ea93cdc98944cde9d931f7f5d7ab3cbd78d4c5dd345e4d5884823715c7c36f61ec3e8c8953c427a920dd13aef74400044c79d3

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp
Filesize
79KB

MD5
3da25d620ef2bf76cb9a4b58617107b6

SHA1
2004b6d53d59fe19fe2ec10b6bbf3bddf428653a

SHA256
a4892102411eeab86a7a7ab482cf53026f8b154d64688f0a1f6e25d03e20846e

SHA512
fcaed13a9c534e042d43199d2c19be92d5facf15c7da083dfcd5d553ab1b318390d213f9b81ed70e383db54a068b068e3338178a16bf267364f8ec7aa63f0540

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp
Filesize
81KB

MD5
96db66c158c05b9e3e58a6f4e766a5ae

SHA1
0ca5b790df2825950f6c8552d388fa7caa6814b5

SHA256
b40d3dd750f30d80dcf7d6d7e2408977c7b854cab7514cf84eb52fad13ca021b

SHA512
daebfb54abb8022f3fe5c0631d11e970dac11b59bfed31700341e16c94ba9010664d137a040b22a0c234fa369000a782af5be39a05970ee48e77bc9c856bb482

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp
Filesize
83KB

MD5
ef063f9f7f33c5fe92fe197d06d78d5f

SHA1
b98957c74f5baacb89a75178419c2daade4665eb

SHA256
f636a52176fcf28a76e931f3f2a50f51690ab9c379a198f9a701f16854b6e0a7

SHA512
b3a219c8f9284193259c0e9dd13123ee912891687db4e928ae5af86260c12e40a19b1f5804a9cf98161b78b683b2aeeac211834cacd229eda2172e7edff14109

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp
Filesize
77KB

MD5
b442b879cffc0f6d2210648656db9063

SHA1
f84b6b133430a70d640e6aec74dde487624ebbdd

SHA256
f1ccfa87355a965d43190710e8ec1e5e34af7ada8074e11b1fc6f02e7c6c945d

SHA512
e69709da59162ac85ec50abfc78efdc6c8eece0e4084965424a077dfaf59fce190ed4ca5d4db6e2101df948342bb55936aa2914e969e62afc3f4530fdd36aa3c

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp
Filesize
93KB

MD5
a472dd17e3d1502653a7e10a0ef97be2

SHA1
a1719a5258b570edd2730972eeff18916c0f5df4

SHA256
054dfdb19c90d2da10e6420b7d939d929f89615c66e93f325c207d1ff8e526e8

SHA512
424fe0958e7cc9deab39235ba81aded491e4503997f3d3aca8b3aaa6b28168d6de0053793f02eb73563bbe42c231fa82b6849744de1fb49eb94928103b293576

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp
Filesize
94KB

MD5
128e8fd3a9e1e2d4476ee9798b4d893d

SHA1
5067d9fe341d36d85cad8a2ad7c8d25b79dfb354

SHA256
f3e3c2b1dc3f5e9b1532e63cc1857eeb2e080db353889341315e642af7917c04

SHA512
a8f0fe6977e196b3151298fb5470c1ec834785817cca3f6d9b9f40cb47ee8c79fd84e24add99e358162f3bef62cefdb9896bafdab3f5dabfcb80cc2c021d4b0a

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp
Filesize
83KB

MD5
efd9b75791164430a8e78c23fcb43887

SHA1
33bba7e10c066501bb7243db2525c49f273984c4

SHA256
7b49d38ad8c1b90ef9a4284e6a113aa64998e2bce35720d8fb1d5ea2e4360583

SHA512
6c0a4579e0e9a0998521408e00e4d9d21d80246a2bbfab4bd53ca755cc31a40ce615c0f4353b67e97e46f4befb2339fc3e05b2166fc2cefe46ac13afc99c48de

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp
Filesize
77KB

MD5
2b6b6466b86e298522d077e6ae39e14a

SHA1
ed877d10e9a44d040ee6dd9a2e6d2e43a223a613

SHA256
0b54f518957392bdeef948efda1948127d710b2aec15cb83aef01bfa3432e170

SHA512
9a7d3e4d0e286a2a0cff5e6aaff7d68b57ac315b02ea031baa70125e1b25233c78c0a25aa16c8faaf280f783cddfe9ebaa3ab1da65f8d90c5167cc10c07ea0d5

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp
Filesize
78KB

MD5
ea780ad593a83f513ce6455ea45e9a1f

SHA1
394848ef6f426704a94824c83ef3b1c9f2bff3fa

SHA256
513c458c9afe6cf29e0457b9f0ddffd25f2c671d0f89f01a201761c52524d38b

SHA512
c4826cac7b79f2bd9bc7604c9e82746e7017611ddbac54669e4d1a4a2ab7102d6edcd4874744ea2a5027af4df804444a5647f4357569e5c3f930e9a81a78feb8

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt.tmp
Filesize
83KB

MD5
8e44703de0f1e0e11d6aa253ed31af82

SHA1
cbab96d4412588e40582358a6b23d09ba74826e8

SHA256
3c336cdf5f83c1ebc2661acc76996f2f3818faf13b61c967047c27edb45f2624

SHA512
456a435204fd5e26ddb9edfb316ff470925e7bdc723d357381d2f8383f21441fd28026ea33971612b465482228a13df7b3ea2590ce77f0ac6164771d8b8af695

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp
Filesize
81KB

MD5
56926800a8cc5b59a4a25152df08f1e4

SHA1
2f28d33bf67d8c62f88b6aaf2bb66779db294007

SHA256
c17c83e022f0c7234ceb0c3de9c6402eef950607ca84dd7aba83e11d40c468c0

SHA512
1e10c07cb5b0ec1dbf173b6ac3bd88a4ef2882bf3ce86e7fa194a8aca5fcea6da7930c4e4b2977be80d78acc74b13a56cfc18e172b807e0f5aa44b1f9098385d

Download Submit
C:\Program Files\7-Zip\Lang\pt-br.txt.tmp
Filesize
82KB

MD5
c85969cf35f527bee2d4f75a7db39ee9

SHA1
62008396dc641825991b1c7536dcbb5fa209dd30

SHA256
db7e053696de999ae0e52ac2fdb9f09119935a4ae151ed51d5435e7d874015c9

SHA512
8e5b27eb538c5b5af0793cae1f3a9e9ed51eb6e8d231b8df211e9d1eda719a2f02e68d6d52752854e549306305bb05a04e2234bbbf8450bccc6b1c1da06acfab

Download Submit
C:\Program Files\7-Zip\Lang\ro.txt.tmp
Filesize
81KB

MD5
8ac66d1b92754f9d1a688518ae272461

SHA1
a8924256ce1f00f4c4d16b9cef93b28af2fae691

SHA256
06e2fd20759681830b80d2c5335ecb3598bb716b023b4f3d016354d998f64ee9

SHA512
b1676ee81c249c179387c767f2c92331107fefade7e77afb3cd0a31f41cfdfd5794045384bb9062383995fda07ee5414ccf7feee32fad717771fbc32c747fcd7

Download Submit
C:\Program Files\7-Zip\Lang\ru.txt.tmp
Filesize
88KB

MD5
efefcc0d5f1194600d5007139bd4eae5

SHA1
c0674f74d465c68a4a889a5b5044ba14ac910327

SHA256
1a68ebd5daf1e6c380b9a6f1cba54e35f051e0496f209b87a8f85cb5aee83939

SHA512
1806f18165b57ae4db6e480d0a26aa0ec16a4fc4aa7783e93e8ea465d39fd9bff355c1099963a8e8b1a5be9c29a2a2e8ffa86ac8b649768d8f021268d9374cd1

Download Submit
C:\Program Files\7-Zip\Lang\si.txt.tmp
Filesize
92KB

MD5
4382a93dfefab06be1aa2d15424f1fae

SHA1
82a8845576be94c6ed5295aa7b0f6c1811f208df

SHA256
8330e7507ba407a37532b3052fbb83aee118b676d116441eddf1e09c3a28719f

SHA512
0dc77bac8412aebacbe5bdc067f2b64fe5534d1486cd381d7e346b17ebefdcf46746639ca575c78beb5bd34b4581ffeb0464b273c6300e35ffa52623b2fb43ee

Download Submit
C:\Program Files\7-Zip\Lang\si.txt.tmp
Filesize
92KB

MD5
82ccb230a428987e411fdc64bb3b277f

SHA1
9ba89e2612ce81f7bc3c57c6ca1df6d98775eeb4

SHA256
b35af336970e5174dcd259e888be9dcfd9e63deafda8924827ade6c7a63c5558

SHA512
3df59c7fb1a3796ebea3e7f2bf59bdadaad139a19a4d57b5093cebe8cc1f2dedc6db40e0bb614e354606be237a84ce223f13ad53cf62dc9979599dcffde6e41f

Download Submit
C:\Program Files\7-Zip\Lang\sl.txt.tmp
Filesize
81KB

MD5
f16d7b868525a5737cc8af5eacc6e288

SHA1
26767f88865dad5c882c191c09addf9785cae746

SHA256
6ee127dff843310acf02501d08f651534ee61ad769b29cc1873d9615ee1eeb8c

SHA512
571e50793787b2c95651955a5033f724dab4259a1b59a17a34bb8b172f793bd29b778aa189d2c9dab6b797e60ead3fbce52481363e3773245bd48ca7f92f1272

Download Submit
C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp
Filesize
72KB

MD5
dc1c0b8d2c128a870a3d57541312a4ea

SHA1
72d7deddb3f83cbd5745f98155b837cab46a9c08

SHA256
ff8bf04bc3a430b95cc7aa3bb7521bc18af8b10f4c0f37f90c53df338e95c9a3

SHA512
0407ceb1bf01256b0b67dcaa045f9d158a7e695e68d3d3699e0b084e726ca6596bca1fb5a59cde56199423ffc49b5daebbe65a057bcb68cebc89212c990c3db5

Download Submit
C:\Program Files\7-Zip\Lang\sv.txt.tmp
Filesize
81KB

MD5
ff39695e88930a8b2b921144775400a9

SHA1
0fa708080a0fa325fdce8d9c71023f33b8c54e49

SHA256
508006249ac5b11feb679d28eac53a7bb68f26ceef183387627b1d1202f3a34a

SHA512
eca1ddd929bbb2903eb05c41bc279b008e3d5d1a0be24edad93131574e2b08538d836378428f2e14b311e8a9d186b2024b4384024dd0c86dcc797ef12afd2b41

Download Submit
C:\Program Files\7-Zip\Lang\ta.txt.tmp
Filesize
84KB

MD5
491ff67e198af2324f659b9e258b94ce

SHA1
062ef50427d687ebc185f916e1426bbce5d8e822

SHA256
5959f03dc1c1c9837977aeb89ec65d966d89edb5be344623b558da311595d093

SHA512
70134609c2b3b967c196d851e1e12003c1f06104e5fad0a30577f5b418b8286e3bd9c5893b10db77e8d0acdaa66b514024f7bb4294801d78d7651efac092261f

Download Submit
C:\Program Files\7-Zip\Lang\th.txt.tmp
Filesize
89KB

MD5
ba51ab8c440811b60c1ed52bc7ab6def

SHA1
49e4ddb010876c47ae4ffa953d4e824c613d8134

SHA256
390264a58d6239c43cd354f4ca5a620e339c5a2e6aded0a402c9621f7af043de

SHA512
1aaa334650613272d25a4bfa8be6604df3090cd6f7b3b5a617213d13fb1b68e2e0588a2634245e735a88bf42d1aae6182610ff1e712369c23779a7da6e2ba04f

Download Submit
C:\Program Files\7-Zip\Lang\tk.txt.tmp
Filesize
82KB

MD5
03d7d75396f1d01bc5952b08580a74b8

SHA1
c24e173ca86d01f190da47a2acc62cdf51e99b26

SHA256
b70f21959e606c7bc1445b9fbdb92458434e4892e1ba9da5cc52fbfeaf9a91cb

SHA512
4f7783d3c3745e0b2126876b844d64337abdd927b8a29a012564190059c01d7693aa2a9e776d46e4ab7cc465499004e0b2a9396428bef183a14e040503a9f880

Download Submit
C:\Program Files\7-Zip\Lang\tt.txt.tmp
Filesize
86KB

MD5
c93267f01b603b66219e1cda2d8f5b76

SHA1
2bdf05326abb4b79172af0688bdbe4329a474a7b

SHA256
2a160186df5d56632c0d09543ef3d23b7c58124661385ae6f60fc1e5c1dc6264

SHA512
b895c5c01a5ace4abcbb7e17e33ae051fbcecbbda16f0f2d636ae30a10b408bb7f064e9ed8cafb8357431719d583f02c2511b7faa27634457868f40a6eebd73b

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ul-oob.xrm-ms.tmp
Filesize
83KB

MD5
d985a8b2e12e74e406ee34df4369092d

SHA1
286ade6d0a02a588d15f2a45eb97a231c2c7052d

SHA256
e4e9361182433bc3c1792dc3cf410d327e83836e69fbca5e4b9da1c10823d488

SHA512
b9b33f27bf6656578c398e0a2610c6f93a0fc0b1ca3727a423b7cd8e64c9516b739ff34dd0dba6736800c2baff1fc74c2b1f3407305b2b8ed588cff2671cc5bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
Filesize
72KB

MD5
5845036161e4d703fabf74d406a63d56

SHA1
4ca921a68435efd414c65213c0c22901a9b2b873

SHA256
b70b500b163920785a8f8c7366e5ff1d77b0c1759303687086f01631c98398f7

SHA512
5ef2092cd0e26d1b652aeb958d5f4c26e91afbea95cdf3c4e100c13c71deb0c10ff63b6e3646911b5ec8d15b7d94017aabe7bc95a5f504c9fe0bdc954c1b0276

Download Submit
C:\Windows\SysWOW64\Zombie.exe
Filesize
73KB

MD5
b463c63079a0eacfe11cad8ba5479d23

SHA1
cb341a78bc91f17771069540c1fa8b98e16f0e73

SHA256
003ecfbf5e23e4457e15cfb24780b0d919634d77c349ad3dfadfe22f55b1b22b

SHA512
22f23dd8ce3b2a80bd3efd705d57d81f9730107a1f410a7b5ce14584ec3c3dab4641f91a30bbd3b3a320664329ef4a123cf3310638b301e250013a454a529840

Download Submit