3fc11ab8047ed0ef881975a66c9e3459c0b437926168868be23f43ca0ef3083f

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 14:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06f3ca391f944e0255170f9cadd218c0_NeikiAnalytics.exe
Size

165KB
MD5

06f3ca391f944e0255170f9cadd218c0
SHA1

6f6e57f307ef8724386ebe48c178e6b6a518b808
SHA256

3fc11ab8047ed0ef881975a66c9e3459c0b437926168868be23f43ca0ef3083f
SHA512

23b87d5f6b3472add7e3d35f0bb4787dff46ad8ecbb9a0036fec02846c24b225e301094809cff87804f58d80f2033dedb849c2e6a6a36c2f640cfb073dca52aa
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0VXaFe7WpMaxeb0CYJ97lEYNR73e+eKZ0VXl:RqKvb0CYJ973e+eKZ0VXqKvb0CYJ973k

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4758) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Executes dropped EXE 2 IoCs

Processes:

Zombie.exe_.arguments.exe

pid process

908 Zombie.exe
1552 _.arguments.exe

pid	process
908	Zombie.exe
1552	_.arguments.exe

Drops file in System32 directory 2 IoCs

Processes:

06f3ca391f944e0255170f9cadd218c0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\SysWOW64\Zombie.exe	06f3ca391f944e0255170f9cadd218c0_NeikiAnalytics.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	06f3ca391f944e0255170f9cadd218c0_NeikiAnalytics.exe

Drops file in Program Files directory 64 IoCs

Processes:

Zombie.exe_.arguments.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationUI.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClientSideProviders.resources.dll.tmp	_.arguments.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXmlLinq.dll.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\bg.pak.tmp	_.arguments.exe
File created	C:\Program Files\Internet Explorer\fr-FR\ieinstal.exe.mui.tmp	_.arguments.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.cpl.tmp	_.arguments.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Linq.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\msipc.dll.tmp	_.arguments.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-pl.xrm-ms.tmp	_.arguments.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp	_.arguments.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp	_.arguments.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-pl.xrm-ms.tmp	_.arguments.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\icu.md.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebClient.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-oob.xrm-ms.tmp	_.arguments.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsFormsIntegration.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsBase.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Exchange.WebServices.dll.tmp	_.arguments.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui.tmp	_.arguments.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ul-phn.xrm-ms.tmp	_.arguments.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-pl.xrm-ms.tmp	_.arguments.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ppd.xrm-ms.tmp	_.arguments.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationFramework.resources.dll.tmp	_.arguments.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Gill Sans MT.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\ReachFramework.resources.dll.tmp	_.arguments.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp	_.arguments.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClientSideProviders.resources.dll.tmp	_.arguments.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.Messages.dll.tmp	_.arguments.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp	_.arguments.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	_.arguments.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.ValueTuple.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack_eula.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Organic.thmx.tmp	_.arguments.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll.tmp	_.arguments.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\GRAPH.EXE.tmp	_.arguments.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.EventBasedAsync.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sspi_bridge.dll.tmp	_.arguments.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansDemiBold.ttf.tmp	_.arguments.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-140.png.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.ThreadPool.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.Extensions.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\unpack200.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsBase.resources.dll.tmp	_.arguments.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationUI.resources.dll.tmp	_.arguments.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-time-l1-1-0.dll.tmp	_.arguments.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\DBGCORE.DLL.tmp	_.arguments.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.ILGeneration.dll.tmp	_.arguments.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME.txt.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-phn.xrm-ms.tmp	_.arguments.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART5.BDR.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-100.png.tmp	_.arguments.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-phn.xrm-ms.tmp	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

06f3ca391f944e0255170f9cadd218c0_NeikiAnalytics.exe

description	pid	process	target process
PID 4592 wrote to memory of 908	4592	06f3ca391f944e0255170f9cadd218c0_NeikiAnalytics.exe	Zombie.exe
PID 4592 wrote to memory of 908	4592	06f3ca391f944e0255170f9cadd218c0_NeikiAnalytics.exe	Zombie.exe
PID 4592 wrote to memory of 908	4592	06f3ca391f944e0255170f9cadd218c0_NeikiAnalytics.exe	Zombie.exe
PID 4592 wrote to memory of 1552	4592	06f3ca391f944e0255170f9cadd218c0_NeikiAnalytics.exe	_.arguments.exe
PID 4592 wrote to memory of 1552	4592	06f3ca391f944e0255170f9cadd218c0_NeikiAnalytics.exe	_.arguments.exe
PID 4592 wrote to memory of 1552	4592	06f3ca391f944e0255170f9cadd218c0_NeikiAnalytics.exe	_.arguments.exe

C:\Users\Admin\AppData\Local\Temp\06f3ca391f944e0255170f9cadd218c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\06f3ca391f944e0255170f9cadd218c0_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4592

C:\Windows\SysWOW64\Zombie.exe
"C:\Windows\system32\Zombie.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:908

C:\Users\Admin\AppData\Local\Temp\_.arguments.exe
"_.arguments.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.exe.tmp
Filesize
166KB

MD5
79004464e1c2a3587c35a9225b2aa452

SHA1
782b71c38cd66e08ee3b93272cad3c0bd21a1829

SHA256
0e5e948f7c0611027a3c85323df900c354b1e4f36522bbd76504d64adc77514a

SHA512
06225a7a350a53c336bf4207c92a90478f5e5b7ef8a24ccd3de8929deb2683b8207789c9595b0960ae12cb038f43e97f1c961472412f94eef44e334e9319b7de

Download Submit
C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp
Filesize
82KB

MD5
e166ad4dd04668fd2651834aefc7c2a6

SHA1
4f6846696c0ada9b363b85f051a0490d02d3e358

SHA256
ead2f0b39c355f5ae165a8a516009035ba66865bb70a397d4b9ba7c3810deda4

SHA512
dd3e9bf03f3088a54be86425a0e92ec5a1eabe763c73c92b62cb0134bf2543ba6cf88c272ed0a93158bed2ea27c200ddc06cc6dd954bc2af3596964518961027

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe
Filesize
195KB

MD5
0ee610de125c00cddc322e3384f5ddce

SHA1
081bac4c05ea7076fc8ce87b2afa4253186fc948

SHA256
0e4a95980efe8aea3f7e358c269549655ff6faf8e76a2e942d4348882cc640cb

SHA512
2e70213062b27bef7ca5d5b378d589b6c15afe07000764c719102a724af805179988bad8eab0373f8e91ebaf0355d92f08f487c98fa564c921cd130c474ea9fb

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe
Filesize
181KB

MD5
ceccb8263f339b01e0f8c3b2a0cc6e54

SHA1
e6567207bd9913248be585bb6800c6afdcece67f

SHA256
a475bc85f68ab5c744469e53f17fd08747b5ebf7683ee870ccca9703fc4115f5

SHA512
061b07a9dd3c8dedae5c4c0336b63e0afbdc18357d26cf6ee023d84e511f5dd87a69c7dc2c82da4be9e0c1cc6a90f1d72e6a1cb34cd5fcf585234fc6ae0cc535

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp
Filesize
1.8MB

MD5
e9a2938daaf7ad18e083c74c44929fad

SHA1
4555588e4f4fb489705b03ad6cb375486766ceac

SHA256
254d8a1b07574342042c642b24e2961d09a1fdc4f33e9e6ddb038757e86e4ab4

SHA512
fd439f7dd360bbb2429cde804b008c110f5d1bb48837284fd3460877d6043022f6a6fb6b0909ea76a32b4441d4e6472459bfcc114ec4f0e8d98605346e1bb5c2

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp
Filesize
627KB

MD5
6dbe558971ea3f1bfe4747786fd043b7

SHA1
ac2ba7585f8bf48887892903c17b637bcf8032d1

SHA256
641110412a6f467f3a0c5dcdc821fb6b7493ff42de7de8794cb3ade804de3ac7

SHA512
7c0bca3468cf05c2e2204aa4f5583ceffa5a1a885a020007ea07f409fae7cf6c0a78d4b8dba25b6599f3a27aa9ddfa042160a780830355824cbe4e3cfb8e2b3e

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp
Filesize
292KB

MD5
7def263c8328e784e42b63b177126315

SHA1
fa74f6eac87ed3a56d234af7cfec560a0ab36ccf

SHA256
0bdd33b0aa9624bb23d57a13bb96116d2cd36a7e1990cf09413cff62dc55e91a

SHA512
2ff035f9d1cb9e17a2e6eb837cf58c10f987fd6d34bd01295d009365982f6c1151d773a60d93d5c9771226afac58b4538da4a9afd442c6ef96865bd5b793bbc3

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp
Filesize
271KB

MD5
ace211e5587a8320821b6d253000d7ec

SHA1
1a9885972f2659416a8e6d90dc840362861d1997

SHA256
9299e2aa37ce59f80ba7d010f51a180161f798bb40580bc9ae6c38a5d2d48199

SHA512
3e97821360d2ba8383014366b65bffc762ae05afea3770099b4d3fad058a47277f89e4b123cbc9f1da7eff718776d7d7900bbc9e2b3f8e4b5aa878c05f9d4ab1

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp
Filesize
1013KB

MD5
04680067deda825dca441fcd7453ea44

SHA1
76127160b378299bf10adfc0aa8777e17929eeb3

SHA256
95d47244a5faf859246c377b78acda8ff30af18fb294706eddc24f68f97b2373

SHA512
7c6fd3e9c678e998c5cbab1fae8db930a7eb597d707edc8ba4bb4ff0d849d82c52155bfd9d962b8acc06d77baef0a6cd4a072bfe3af101fa887202e8779e6d82

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp
Filesize
1013KB

MD5
59813ee5a9733266b4f03b4546622133

SHA1
46ce550e7b275f2aec0b7e102a2a40bee6c24bca

SHA256
d3aa85bd7c7dd9037639e731b50b33c76fb990986b1f3cc8ff3373f202931382

SHA512
80fcbaf1a2a7b531533097f91028d44ef39c3806d46a709a890fc9cefa90d3c9ba8cff3ca9a2fa4c232256e499632fdd3099a4181f4a26cf3cdb010bd42d1a1f

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp
Filesize
767KB

MD5
2b8f03f6994de67d945f4ac7a160c772

SHA1
e24724861161540a24561447b71c1284dfffb6e1

SHA256
dc63bc1657e53aae2b52d2332a4b97b6eb84b31e122ec2ae8a44da1864a785b3

SHA512
c385bb623c9befeb916ccfbf44be6eaae6fb3e7c2d7eeb8b5f8464290de804b0876d47b66d84219094fecb36c2f7133e44038546ad47430547c633d4ff61564f

Download Submit
C:\Program Files\7-Zip\History.txt.tmp
Filesize
140KB

MD5
dffdc9e6c383a32ee33bf62d8bdffbd9

SHA1
6c0c6c25fb696d317d9e55d116353bd7b3eb2003

SHA256
5b52a548b4cdbfdf58fdc10b0a692e3c851db3774dc55fde32e4dd95a9e5b8c8

SHA512
d7ff35eb3dac37f3c1d6d920772364ae0467944a974ae3661512d31cc99b718c1c672ea92a0112cd42e3a080dfc5728f53f6555c8b19751e606bd7f84035c7c1

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp
Filesize
93KB

MD5
6885a04144652dda0b1bc1302f612eef

SHA1
9fb143f902c904717ebcb2c6d5a87a47698cc75e

SHA256
84b1ca1fda33482c583207a79743c743ea1dced77fc67a46f3c4c14078963e0b

SHA512
470334ac0fda750e5f9081c21ba13e14ec50e7573cc10b907a9826c29bc060e2e0b7e5f8b94a37dc998758c758788c806cfd91968f3e7d557b65fbe4cb622358

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp
Filesize
90KB

MD5
f77ca2fc104bd5c15fe4f9c488a501c0

SHA1
3c23ecdb288df1c9ea39dda5dd57106f35d1bcf8

SHA256
3c1eddb511323937be64b450624811ac7c009429f26b20fa963e0d23a06de81e

SHA512
894e4dcd5b8400c450c0ebcbf9c08aba0b3e8632c3908a2f900bf47a4ad0fa9a12738b53c0b153425e68473a8c51024f5313c769211abf9bbdf86f1b0df49233

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp
Filesize
92KB

MD5
e8c2137ef1a86bc3afda091fad201ef5

SHA1
91aac585fa77ff267ae65de2c9668479b7b12b83

SHA256
030e067e4ff747c16522a36b86cdcda27c59615ab08fed2fe030943230a70db0

SHA512
0d34691fb1d1133f10de9f84b4082fdfb086bc492884c58c55dcebe0d57929a60318c217957f264eab549e7f8a1f211ef745e1367304ee6ba2cd6f9734ac1574

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp
Filesize
94KB

MD5
6fcdd9b1296ae01ba853a8b2f7872744

SHA1
037814df0826e066144938b0024186d68b868b36

SHA256
3064def5e6fa391ae0121563060dbdf8829c4b52ca24bb6aba7763b90b0882eb

SHA512
2c2bc7fd5e473c09f5633ec5ff5cbb34a3089e33ae562bd23d1fd35f6ffd04079defc7bc912e1536c79271e96e39ba4062bf8fac3554bd17cc4c04367f3f08d2

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp
Filesize
94KB

MD5
9d5fa093e16df10168c56bbd27f6f5e6

SHA1
dccb06ed98a825c66dd3dd3b9bf00734f949b0a7

SHA256
cade6268ab04b9d2ba329b6c3d70e6535dbb61a4583290089441555dade1b0cc

SHA512
9831ad7806203c970efdee7818e277a02ded31187f2980a68e87459a396047dcd42c39f80a8dfecdbc3be2d3333282df7451b5ed1f19257be27182479f28b96b

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp
Filesize
96KB

MD5
e763c30754c0cba3c7eee0c4e1cf2eab

SHA1
258e7abdb86d891511be7d43992e22081cccc812

SHA256
583a4228e111e6719d30d5e48d214ada32c416fb0a1f9a61cf95b570a852133a

SHA512
340947c25ef3345930d18d156632debbf9c6e2299520cadeddeb2e5c7ae7fe16d8316a6e8ccd71157da53d4fe215adcf0208bbc9cb96bb227c1489ecf18f6f8c

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp
Filesize
98KB

MD5
f56a957be2a5d0dca918295979706a37

SHA1
e8d6f41dc7aa4669a3b9cae3140ee4305d4968f1

SHA256
8d70a26ca0af42341cce6d2b9a690dcdf3e456826cb0f90770ba9800be38154b

SHA512
e5800f5dc20ab3ce32fb03700717b2fc28ae048b8616b566b888d2ca8f888dd3f0421f83c221885eb5e3ef1c68e685ee26197b79c3cad513e44994ad1a0e3cf7

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp
Filesize
88KB

MD5
5c37c16abe1165d0d7ea431d521094b2

SHA1
29a12681fb131002971e1841316091327fc7dcf5

SHA256
796b3b0289ba53a56eec85ace1ffe1ec99189b80a88e4580810432143b98aa02

SHA512
a583f5342b1bb9439613dc5eee0621e57f22eed8cda3d2bfe517327d4f60f33c60e599d3c39234f487df83f4209e6faa13a3cc6e84b6937ffa0fa5cd499b8b49

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp
Filesize
94KB

MD5
111d7309075d071d9033464c1fdde8d9

SHA1
2a02761f5e900272a2516afdbe864c85da3fc37f

SHA256
85854c2ba91d47cfc464684da45bbae7fd4f07c4490ccd50200c6bb9b72e4984

SHA512
900d1169803fe443af62303aa371a0a36f922ca821a08a17492a8eeab70c2f039c1a5a3cdbdb6d7e395ffa21a062123bdadff51b869bfea05e95bc51e5904896

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp
Filesize
92KB

MD5
59e825ac32db73a591a706155a238f0f

SHA1
c3e23e78940c6d979a4211e94d075e111923bd32

SHA256
70cc862f002d43b1cf45785efd66236a81c15e80c2bd4bda598a44041613c21d

SHA512
0508d9f3ec1eef5bf4ab004336170353ef3bfb3352bdc69d3d8c3033094ca0b4c71d0bef852deb6056747ca5afc58564ea134768d9f97603886041aa622a01d3

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp
Filesize
88KB

MD5
23c19bf70b0ac129e8104a1564b539d2

SHA1
96b9537b76fb5c20dab18f0bde1e681937f81e84

SHA256
f1a01cf33a92c73e5bd31df5fe11243f5387413ad817ea291cf03fb38e6f3f3e

SHA512
8dbff4a309e3162785190d521ff9f3ee41de8baa5f589ded8a9b21af7604cf578b6afb1aa27260018ee1ef73cc2e44e57a4b7dce773196e4af01dce8e54d94e6

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp
Filesize
90KB

MD5
b1f52d8c4c4b92aa5d3caf25a2c41736

SHA1
095b0afd8447782c2e5a12d8ebbfe5ac9987f09d

SHA256
222610e0decd86bb74c4c224fc7459edf8d2f221bae26a857807452a43d3673f

SHA512
25ab785ae69347368b2e267db7526612954305cd737986f6890cbd76423f0cb95dd655593b38c1119d27814a43a8186931c8da002ec55b66508497336d856cfe

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp
Filesize
92KB

MD5
cbc1b52ce7bc5977ea23505d5fe4c95c

SHA1
915ce59d93ce13738bf9bd0dccede1c86aa943e9

SHA256
be5c00b5e6f2da72b4b97704123c98f978b64fac88784000ba4462d7b9277b30

SHA512
c2e854395c36419c64d1d1da308dcb5aae9c7c1161147d7dab07ed587749ce1ef775047c91c60a0210a5d927b5e898645eb03f0c9361fc1bf48b93d634f32102

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp
Filesize
99KB

MD5
d409cab5c1a6512be579694c82967c4c

SHA1
e3b4a5116d0bd785d485b6cc16af25bc7f2ac823

SHA256
272639abeca3e088d4baede5e8c2e9369e4731e667c6a3c3c3066e41f4ae569a

SHA512
fe199f297035bf98a8a8b897c4fb516edb720630c3b84efcab3d9d1175c93ff623b23fe8dded398451d83e0bbbad86634b6a3083ee63a2e0c4390cc5dab3dc37

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp
Filesize
91KB

MD5
4eb1d556a0a31f51b21732df90f3fee0

SHA1
264b5eec2b03898043b19ac810b7b6581e498045

SHA256
eee797f15d015938d87752f27ea4951cbf574e093e2fc17fd2d3f922acd053ef

SHA512
bfe19a747061e74eb47d61e43ef6ad6ea11d38b3623b3d0c2b23cdd4ff974c1cc37f85fb48bdbf8b2c4b02daec6b35354e19056c1eabe57da97f0dc263b02797

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp
Filesize
88KB

MD5
f65468a047b64f9e6cf1249de7d5ee96

SHA1
0ec2ddf1f8cf04e11c0af6994aea8091fa0be634

SHA256
24a12e54a64cb5aae571f110b062e5b99aa31dd01abb002f1de35d5cd055a8c9

SHA512
7016697a24d405ba31fa9aef1118775a1fd721cb8a6ce0b0114640dc27c367daaf6bde63bbf3ee21ade24c8e8ccd2c1dac685bb9f263fd552db53df65f027838

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp
Filesize
90KB

MD5
fc0e3047b400f6001bdc33e9704a85bb

SHA1
4492ffe7ffcbede98865db8ace4c8bd574be591d

SHA256
6a8b563ebdfd4693e95425208ebf117cf6193a565823d8f042aa04f1f48a5112

SHA512
602376989e67d19acb5acd7f8417d0d83141744a86dfa4f5ac3430dc0b48fe2cd7f9d50269ba5c48f03389fdf6f4a86cfaa309b5b1d9ded17d5e791bc9bbbe5c

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp
Filesize
92KB

MD5
4676f52f0eaa4bba55030a7c399c8d21

SHA1
89826bd948d9ab0e48e4565bfb6f6c4ed9f8dd72

SHA256
7861a55ce3a8bdad85be628c7fa0ac17af8e733d56483520e49834ba0fcb75eb

SHA512
d5e470cba657566f227ff00b6a68305524ee012c10006b41c8da8ea294a59e8bcff3a4b7ae504ae6766ab41c1b287b50c6d7914e6bc0d6b8ddc0cf8de3adf169

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp
Filesize
82KB

MD5
089dac81c81100c8a7dd8ea5df072da2

SHA1
b30183a73ad6c99a8b69393b2a74510419de9672

SHA256
1efe415981fe947d307bde7f49c82a31baf26e7e860459b183aee4b7126c9c6b

SHA512
81721c9027575d65a91b842dd57eb3bca758a28d3b48ab1f4402a6cd2a6f2d7d7b6e5ef07c985e82b79f7cb12d2d46b32e9e436bd73408f3faad1e05693c9c82

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp
Filesize
96KB

MD5
958cfbde7e10dae42f388f2d6f3f29a3

SHA1
dd87c2bdf67d9017d60379b12d5deafca29a9a2f

SHA256
778b02b6bd312edbc425b9120592560b5ecbbb8a3a903a79c3e5ead10802cf6f

SHA512
fc5627e72070cabc34c23ecea954918906461acf72b10e31800f64b4dffd3c1d8fa7ae3f05cbf1b8526de8c45843948e89ce8afe01d245be3bcdf7220853b3eb

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp
Filesize
82KB

MD5
a05adc8db596f57fac197e2f79869181

SHA1
842e562e288de38f1258db8274f6d2f2e6e3405c

SHA256
2f4ede7bda735725c435dd64b397bca3d7c4eb5627547f7b82b0982d6e4a7669

SHA512
b9979fdb243bdddc366d849a90e6a25b1f18a5ca017d0cffd8b2f09e025200eaf5e055e9a4204e437cf2b8c68ad0fae7ef37a04cb159060317ee0f5f7bac49a6

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp
Filesize
91KB

MD5
c7d6b3f6f684084a1dbd7f00b3b324fb

SHA1
5ff7abfe932e192721a550733c602505bde06b68

SHA256
50ee84a3133410bfcb9cfa0cb5154715e3f8217536e2875e959cc8d8db999d37

SHA512
447c9790953c8684b6328f02b2afebcbf08d15eef40245b0de7048a0d90fa3f99bc2d5b806fdb3f8a01f674e7c88d1aff5f8a9601b50a78204cad3713d820cda

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp
Filesize
92KB

MD5
b8c1bc8ebf305461b8818fc5d7abbf00

SHA1
7861e6256e6e62bc9df9f870f7989de41b67c75a

SHA256
a0f76ee13dde2f5789cb33057a0b814c2510aa5d06b387786805c5794c824621

SHA512
77f1263b77352e14ca978287c6cd44a5437b84ec19ae7b29b9b6979860ac84f6536cb721bd59ebf734e6c1dfa7c38f052b024a0b95215b0d3d1da49b8217cd63

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp
Filesize
100KB

MD5
186e67eae54c0dfc3c213d1cccb0d47d

SHA1
eafbbdc55eae277a6bb025eb69f4e1eae56a4161

SHA256
8dc4a5f85eaca86160a6cc7001aa535017be4375ab84672d7398f1b4a326b3df

SHA512
eec871c97fdd486c5aa8025ecdb3ff2454176892bbcd74d9f2dfa635d3bc815b1db064738ca3f7504b82cbbba227d0e9e6b5d81dbcf47b1164698729c513ed07

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp
Filesize
93KB

MD5
f2cf3c0316a9fba77d7140f2c62970cb

SHA1
95762ed010dea996264fd05783831704fad8f747

SHA256
b24448b607140d7ed88b491bb64929f00456376cf134dc62ff9f324724664e64

SHA512
977a4e4cd86b060a3bddd26defc195067949679833e09c2edd6a3dc0a105988b7af88ff71e7c7b44f6c777cac2128518423023278eaaad0fd354e94e440978f0

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp
Filesize
100KB

MD5
9a91d548ffbca402b9d7b3632e744f42

SHA1
ceb595f0d5288ef96b306775a51a7c11a2053b14

SHA256
85c8702728c32ed9d2ce108bd4d0ee2333b83b8c75f457788a5201797784ebd4

SHA512
5d5c7e3427ab92233e81f09f23a28c89d73762f9bc0a668eddeece72f3832294f13383b48df9942fc6e2c743208c883f39fbbf1c7974759c3e60ba409e7615b1

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp
Filesize
92KB

MD5
450e5a902838a394c7058fe3ca1014da

SHA1
6754dc256cc4c5939dd8d4ef16d35c7bc8f13585

SHA256
8647e222dcee39cd54301dff78f09600d292be3cb63feb61730ffc5686426610

SHA512
dc8517c06ac4a365fb6d304abbab71554daa98cc0691aad287479535e5777638cc9dae4de861eb5588490576399a3704fde6fc11b971a6040a491020861ada5b

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp
Filesize
96KB

MD5
f1213ea4d96dca1f97c0fabd7f32e800

SHA1
3040ca068cb9d3c1ad2838a5a4ecc9937bbd1b06

SHA256
0bf68d69549cd42422d8020c4a0996b442be1f09c984e8a31faff711087734db

SHA512
696179e0de720491362cea671d4ccaaedd05f26c16a0086dcc1bd5c8bc6b39de11169276831636720f5dfc7c4fa045e98fdfef155294a29d4f93ea3c63d00b23

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp
Filesize
91KB

MD5
adda4501cc210d96f18e3fc51d4af79c

SHA1
96e3febcd0fdca413e64092323146bf695601032

SHA256
08441440ff3b1d899572604f36591d52cbe2f385f0ea83f110e876fbeff2c838

SHA512
6791f28b506d46bf78f56fdcd64099e8b02724dea66946d2a7ade4f90b76f08c4df9bc402064c94a0dfd72b45dd7f9583bbc1b5ea4c91d2435849d9c55a5644c

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp
Filesize
92KB

MD5
2c157e5717949a8bf27f1e5f7848316c

SHA1
2a0ad5355a8c8e588ec0702b744f934f41e3239f

SHA256
01c96c9bc1f547adc5a8b9a76fbcf2c6c911ad39a590c192d967f94e8aa6d874

SHA512
118ffee3dbfa6d4d4db9c6f0cc916ff9c5dce246e53d17f5e4aaeb877628b2fa9709c523202e862957ffacbe238b22c26b03b44c67f335b3e61830a0ead5e365

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp
Filesize
91KB

MD5
7c9c0a05156f67f04e3b517be948974f

SHA1
d7c66107e045aefac4081b8f5cb0d922d14da831

SHA256
6f106caf702b6098364c0fc2cb4a8f873a661fd522718491fa7208e1128a9bbe

SHA512
024470928d15214c271549fb8a0550de6a83a58254c6611afd9971515f562f6cc0a1fa5772a7caed5873741808d9227ad6dd0a6004f0fb90946a06a9a0f1b37e

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp
Filesize
92KB

MD5
2695633b2d84b44dbd7280525e9fed41

SHA1
3d38d58099bfb86e5c47ff28be2e921de6a51f3e

SHA256
eb61ee15397574e9c00c28d77c51f36d6a0fb57740fa33eb583fa9cb760b6cdf

SHA512
347b98b9f60d0d90201beeeb8ab02643e4dc616b821423ac66e2a6d7e938b282a801bf53a43fb785a8d60e8d9eb70ee6929e904bfade2af0a9d75137f441d852

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp
Filesize
95KB

MD5
8296cb47a028ee8836ba3e698cc6e4bf

SHA1
ea03e45c8b8c208a40a4493256d0f844d505366e

SHA256
6986aed3b3c0dc6bd4fa39c77bb6a64aa624c5fc98e6338b4096eb5f489bc434

SHA512
00370508fe7cf60b166033081f90faab49bb60de2a5f665da4de256fa854c66e1a04c32c4f21a9270d380b31499df40b74ef8328f1800ad01700e83992668645

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp
Filesize
100KB

MD5
139afd4261f57fe8aaec29db67da75ef

SHA1
9d2b0d77a8a33b9e28da18ccb37221c5ad4af57e

SHA256
e3c509fe8fbfee7abc2cddc7865fbe941f825eaf051e849f5c95d5d0b1614c6b

SHA512
34d43c4b8791afe9143587ac7d71588e2bae88752ddbddcc162dae6ee4522e8f89da6e6ef01fd86526554a79705021a5a75335354a8368d24e7d9ec3b49d4c04

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp
Filesize
90KB

MD5
6ed67d138b2d59e3ca7ce40f3779cf8c

SHA1
8bafa4e8fcc64881a96197586f1e6d0f00c3bf09

SHA256
9166fae1c41312484c7b2b0cc990da4c2924190cb09a12b8986cab178262a04c

SHA512
5155ba398ff578d980a1947c55545fb35283f63b13855310386d6dde27b395d17368ffc77ac5c5280753c65e621231f47687ad7fd734586ea1f6f8e363e3b21a

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp
Filesize
93KB

MD5
5e012a50fc4c8883cbe004703b7ceaf3

SHA1
c080d79b4a56c93775fb3705d5ac3918270054d4

SHA256
ced9c0bc962e744931f94b8589f73ca5cf2c0b963847e596f040008a6e0b907e

SHA512
c019bbdbc25a921b222f9c9905bf4bac2e461458835f1f46bb8a037c88fe3e80ee85cdc11039fe21a1f53fda56363607edccaa17dd7db3530615c4f322352070

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp
Filesize
92KB

MD5
1ba7ce8eec312a303dba8b0bcc4a742d

SHA1
d92ac59313d827b03b6ffa8c805aa9ad1d2c2cf7

SHA256
193c22bee34a8ffe851bb60a37f35a7a13a38d838cd051cf0e4b92cc22caf752

SHA512
8d54410a49f8f330dcb813b55466f6e9060953ac1e51287f2b14f33d3b91b039b2905804fb447da653680fb9b717909fd7221ff69dfb79587d2154d2a195f53e

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp
Filesize
94KB

MD5
c80d6810be82956cd2b13836bd53c3b8

SHA1
6d45f3fc6248c2cd27234891c0612eb0dfa31a54

SHA256
35a5adfa5127bbe09bbb554497cbd01fa618b5b1ca388a992e7b2e280333b06f

SHA512
4427c72c3c6a67aa06829f02e7a43ea48b07abf3900e3452a2b68c1293c123640302b8847786a700a92cec3c6eec5a1c75b2582a9d769f04c7962388e7ae9ac1

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp
Filesize
88KB

MD5
7f2794946cb714f7f5bc68cf86e3295b

SHA1
18fa0b909552f1efa725788ac738a46550e33a3e

SHA256
98f90aa74d9161996463aea2f790583477e500bc2587c76a2ab816d006c8cad6

SHA512
ba558257568ca426772dd6b066c2710967e68c5118bc36f494134a3207ada0a4df59a1dcee1c7ab1329decf0a99f6ec5a852d01a092ab4728fee8eabd2c3d8f8

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp
Filesize
91KB

MD5
67f6107b3df606530e64c69a49c5df55

SHA1
b328483c7242d894db1b465aa51338908e4359e7

SHA256
ecaf2f6822f95070b3f07a597caa951a6a6c47208b1a02f2c71422a908c43f5e

SHA512
1e5b3fecd40c9f24303a2cf352ed545766774a43af65f11394d6518a21135d9891f4f21b8eb94ae8907758ad4e56293128b4681a370c8606debd03d4dbc9bf36

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp
Filesize
83KB

MD5
8c72a6078448cd0c2444376c61e3535d

SHA1
669536817b3f2056755a1d68309488e0e70da536

SHA256
1e5fc4a93706f620da5d1df821a9e182594893ee7a1deffdc8f5fee935b03baa

SHA512
7ecd02bb1fb5bf63365aba16497bf9498fcd06f0453937c77b0463fa1d8767e9424011b9e51603fc1fe5fd342a7d9a498278c51a0125f59fbe4ed9048e52c646

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp
Filesize
84KB

MD5
ce06d8f71da429b4480baf373b1e72f1

SHA1
2b94e4657089019f403e2cbeb91ec47546d98b82

SHA256
cddc77ab6e20e0a7e3f9179beba24e98922c4023dde92b2c99d790d9f847df5f

SHA512
4cadda9c5fbd0eca75c37b09b692ac9503ab4c9f2141d1f85845c771c3db8e033c0727f605eda2b417e0039f73156c942278dc90172a9509b0a9a19b4f9001f0

Download Submit
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.Extensions.dll.tmp
Filesize
98KB

MD5
7ea77012a15c6e392fcb5f4b1feafc2f

SHA1
0a81b43215a157b9bafcd87a90d9c7faf01cf37d

SHA256
2f48688a7cb950a568f5b3ac8a912c0064a5204bd44123943519212a3962098b

SHA512
5b98af025926318b041451e855b74ebf4d5a30a69a355c55512f4140d70b844c98616f51a1178a9696f1ecdb66bf770ee641f7e7002e0654bf56f371da24dd14

Download Submit
C:\Users\Admin\AppData\Local\Temp\_.arguments.exe
Filesize
83KB

MD5
e062b9fcd25779336379003b797b5ff5

SHA1
fbeeb1f195ede46026f5a427e3f9031be33da77a

SHA256
95b955437819ef65efa6e610cae372c036e3ee70d5fa7469b6ee0aaa230ac421

SHA512
5965a0994146d1d2b3d460ac685725625273dd7baf04d7a0cfd9f15fc098034b74c43e3e0fda089d588cad7e3c5a56b852aa52f99db58982861b60bee62425a9

Download Submit
C:\Windows\SysWOW64\Zombie.exe
Filesize
82KB

MD5
91c73dd48b5f3b73d3eda72ab4b78596

SHA1
2d062b73c13f58ec63faf2c7445c38cb61f242e0

SHA256
83cf0fb8eea30f2d5d422559b76bf677ee6b8c19b60f8125f9c46d8d0525434f

SHA512
13d139acc4d12ed1ad1bd8033222556454363fb824d4302775c3ccae5e2388c73cf11f04c69cfc2bf66b80d3b92fcd8a98a365f002e16db210b579272e9454e4

Download Submit