Malware Analysis Report

2025-08-10 21:31

Sample ID 240528-y6rq7sah4s
Target 01696c488cd5d338cb53301b8b3e7420_NeikiAnalytics.exe
SHA256 8047437963eb658be4c6ff27319d2292c2661409fb9cd16ba0e8889db0897563
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

8047437963eb658be4c6ff27319d2292c2661409fb9cd16ba0e8889db0897563

Threat Level: Likely malicious

The file 01696c488cd5d338cb53301b8b3e7420_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (4872) files with added filename extension

Renames multiple (3591) files with added filename extension

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Drops file in Program Files directory

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-28 20:24

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-28 20:24

Reported

2024-05-28 20:26

Platform

win7-20240419-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\01696c488cd5d338cb53301b8b3e7420_NeikiAnalytics.exe"

Signatures

Renames multiple (3591) files with added filename extension

ransomware

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
N/A N/A C:\Windows\SysWOW64\Zombie.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\01696c488cd5d338cb53301b8b3e7420_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\01696c488cd5d338cb53301b8b3e7420_NeikiAnalytics.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\RenderingControl.xml.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Samara.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\7-Zip\Lang\bn.txt.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-options-keymap.xml_hidden.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Istanbul.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\WET.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml.exe.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.ja_5.5.0.165303.jar.exe.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\cursors.properties.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationTypes.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\demux\libreal_plugin.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Mozilla Firefox\updater.exe.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_concat_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.0.165303.jar.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins_1.1.200.v20131119-0908.jar.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-threaddump.xml.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Xml.Linq.Resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\LICENSE.exe.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santiago.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\ReachFramework.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Windows Journal\jnwppr.dll.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\7-Zip\Lang\bg.txt.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Abstractions.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libcrystalhd_plugin.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_zh_CN.jar.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Brussels.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cancun.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Cairo.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\mpvis.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Mozilla Firefox\mozglue.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml.exe.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\01696c488cd5d338cb53301b8b3e7420_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\01696c488cd5d338cb53301b8b3e7420_NeikiAnalytics.exe"

C:\Windows\SysWOW64\Zombie.exe

"C:\Windows\system32\Zombie.exe"

C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe

"_abcpy.ini.exe"

Network

N/A

Files

\Windows\SysWOW64\Zombie.exe

MD5 67d5b0c0798065458985a7d77813df37
SHA1 55fe15788ec12e87f0fb32bb87f58cba31d03c1c
SHA256 9bfc41d86eac3d867ad6feab42a5df0b70c43b1891b5e225c2be62028f7d1898
SHA512 ea80df06960bcafdbc25c9bc8bbe83dfb5d651ae7809659671abf1aa2aca1005a9a7471bc9269c603efa15ca6c0de69d5046f47cc62cbc8d501c0fb1602a6c1a

C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe

MD5 518f0cfdd48163eecca2a945efd7b721
SHA1 cad395ee4f04d1e0ff548698bd8d593d8adf0b16
SHA256 e42e180f0b0e47cf59e2f002f80791de109e17d3dbf5832726c777e7d8d5fcb9
SHA512 51b25fedebe7edd6889ac86bab47d2a032bd4a40248748b909f1efd890722e92baf8f7e8c7f02b1bdab7d9912ba6255290aa99b219252a29c3fcabc98ae2c0a0

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.exe.tmp

MD5 6f593c1cf563b6bcbfac4338cd503dff
SHA1 2246108e797b0b21f42dd386e6df7dbc7c0203ec
SHA256 838c8f1506b2af36baae93d942dd8000891f832956c4afe6db7d5616b7cee4e7
SHA512 442f881500a8b448460130964642ff4cade0db95e1079ab5f198c8e47dde3b29f4a673427c2965ae383f201543f72952a05e8f111cafed351cd9bd882d1255da

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.exe

MD5 24c67ca08f4fdce1ca17c8c20821c865
SHA1 4de81b14c1035a19d53fe009ae81ae33c3683602
SHA256 deba5d5e9520b3fed100b6e4a27ca04754fb073271bc417c8190994a757b23d5
SHA512 181cb9b44598b71f679c8d57ba18955f2db89f32a8970f392eb832cd314dd4aeea69cdd0df724f5e68052020c5d630f2e92a0a0176450c022d3f72c3f105ee7c

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe.tmp

MD5 587da2587f78192c3b4d561a35777d97
SHA1 f51481cdc9284a1bdee0dd353ed1fd474025dd73
SHA256 064201f29761144ed20becee6949a591fa8e046ce1605d00b2d01e166d2f1340
SHA512 a662c35405e210dfb5419d6beb36061b2dc52ac583d94c576dcbd267426b6805dd1e7f5cd668ba8cffd71f96dd7c9c7ac3e82b53559cc0aa25b4d580b56165d2

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll.tmp

MD5 124902874edf3e3a48aed05b15c4e8b0
SHA1 60f6aabb8b7d7665b73d2be9c1056331c370e9a8
SHA256 c45b3d6991218486b159565287be79f80746c1d09bf0e7212d7bb946331a0b2e
SHA512 8e86ce5f4401887a1e5c34515fc143e68fc74496fcda5e75e4ccc4481ac722e038fc1b72f92fb1363cde29ecc1c558dcb369f0f8643b8cf2503ed700d9818ab4

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab.tmp

MD5 b83fb36795b7506d3ff9db2d4c8d2648
SHA1 d6949706484818b3c6bbf4fbaab93f868b2eb82f
SHA256 28266e98fc44d0b122cf84556528143bf2c05d341ee1feec04bd41d406857e92
SHA512 c1cc55af454d2c0ba65ed97cda0aa4ed4f577fdee83632994ed4a5e0570e569a222d55945e760fc4dfb8795cad59645d275d696fa8bf96244d915855aa826f90

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab.tmp

MD5 35d61097ab02e690960572e94eb11116
SHA1 47b693758031c05b2dd5c7b628100ab7a4378691
SHA256 72530e09e9b6f616cc466ab4f97b5ab1fd64df1923cbfde15dbc3c8f8ad8a584
SHA512 33c0c6c01c813856df91db9f56c32953637652ce69663ec426d150901ee1bf37ebe99a732f7b3f022b3a6194039035d6c37ba7e8d6e0c9a800fa93cd68662d96

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\PidGenX.dll.tmp

MD5 abafb364086e7fe35a5336485144b6e3
SHA1 f568503a634f0f76fd7b14cc42259da2525ccdd5
SHA256 a319c33a0b6ef01f7f2e4af92a0f44eaefd9070345da9e6c03053d967f27b2c7
SHA512 4c96b8479d8653005e8bb6b7a27982950e9963553b21892d752e26af9e80dd48a89f96fdfa2c85c96dab4d424b11b0455a4867ee1a8a9ed9bcc1182bad68fb5b

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.tmp

MD5 69e192cbfde0b29d7ea20efd2f16bf7e
SHA1 6e3382c4f85439df606f196caea5186d88e16ad6
SHA256 662593dd0faae5603582809b9ae9d5489162e444eb8e400a88eca018eab713e7
SHA512 247144b834e5493b2f66506074e769debc3dedd2402006dcdc5a9ad6c7f44db5ddbafa06fb76b783ef617db4c8a6f22c2a1272dae823e89b8ae492c5c05370e9

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.msi.tmp

MD5 e5058bad38a4e92481f69f543b87249e
SHA1 782e817eae9934c08243449d80b3c98ab486ae84
SHA256 0973433f908edfe5910459892eed146a07df21b6ae34bfd96fe106a568e853d9
SHA512 57d4633c424960ca45aa27df7ea79711b7700c899fb0941ee3ea3a37381a31e1377351fff842d5ffb0892850933f674902cd2b7f13e6b5c7ff426a6ded207144

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.msi.tmp

MD5 79b0f935a6495267ec66b7e21d85c50e
SHA1 857e84e986b2d50964329a001e305b9942668e92
SHA256 d22ccaf9eb4dea398204d17e4fd36a761ea8b3c8ad5a65135289a155ded98924
SHA512 2a482cb102730abca710c3fe97166c479ac80072a7b273fce9af1715f5db30bae393f794d80ba73b89b27e4f87174c5edbcc3085c6c930715f63621d1aa769ce

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe.tmp

MD5 884ba4468b9e7ffed1dce516f9abb162
SHA1 db31715b0ccf68d14447ef6cda7d95a4355d538b
SHA256 4399cd34ed92f9d92e60021d7a0edcc60a4fa2af4300787644d8caa0235f60b8
SHA512 2620c3ce8524a04d67bb6fa8991c63209752b17046d1d2ac72183d178c7330554c32f9698c32c45bdb9765f0840538078a07f38523f79b3eaf4c65401172d37e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Setup.xml.tmp

MD5 99ffa6f4d142c077838032fbd7193b58
SHA1 fb7eb6de1ab990c58378594425c053245f9e49c1
SHA256 27b1ce2e82152d5b42b4f8acab8818882034f2a4cdadf77186cdd72ffaeb9eb1
SHA512 566d7d126122cb0d4979c4a78f7e6728ce7de9370f5638b8ea05ccbe9ef8204313c56b4cade98dc023885f0bae5d6e2b930f8ffa1e80e0a2b990309ebbe5577d

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab.tmp

MD5 4bff1e530f89d967fdb8fb03cd6cfd00
SHA1 2e575705fdda2a6c11b2f01ca796140ca7213603
SHA256 752c0f11d4b097435827d87afb531539c43adfaccd37534b9765640f300c99d6
SHA512 ac5ba409ddc3d8bd5d067e229e1c6cbfc6b43f8c988917c9a95b847bf40f3660689eda9092b65be0689491a93967b312f600e6d2c930f6939984a749bd5f2fa1

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.msi.tmp

MD5 58fe3f165a7986e300ff3dd7716ac799
SHA1 ec317bfe2b68480527ad6babf5bc64da339503b3
SHA256 3a551bb8a7bd356c6d571cd3af24cab2c226c6e170776e625a006bb49c7c88ef
SHA512 b592a6cd15d45a8b9b236ff21f34b2c2493e84a86c89409dfb45fd9481ffdada98c1bd946c8c0f533348b54ccb2033b2229be04ab9edbf77fa7b78edefc91992

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.msi.tmp

MD5 25263f7e4870566b128a58b4b2591804
SHA1 f691c745f2b2b7411069916b6c93c7cadfd80b84
SHA256 a24f5e9d6e6c128617cb37cbdbd34f895771c48a46b0aed38ec16b3f9fe95107
SHA512 13a356f15453ce4048e8fa7846a7044e472784f0f02365279dbc42b583dd374335a26ae7deacf32094247470496dcd924552b2724d1d1406279e6a2a5fec01ec

C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.msi.tmp

MD5 5a4136c8988d5d0d7e428a5114d94fdf
SHA1 e2642980ad0bca0a6a74b53e1870317718c6ae02
SHA256 19c83c5d10068072a1a51861b8a0889c0f3c19e29895f66eab69f8a05b7885e4
SHA512 5af306d7144c86ecc9482550d80768004a53bb1197d17668b5c0bf136e880bb990f0f4185bd7a02d63075b8ec4cb1001395b56cbd2708985f79493409ee3faf3

C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab.tmp

MD5 cbfa4eefa4f5b42d710b037ab84f14cd
SHA1 d18c9ba84ce62ea49f34cd9f9aa9c856e0d2fda6
SHA256 52e5b668134e7edf267b29f04c414b24650f1e85d3f7717d9afa0afcfdae223a
SHA512 3d2832df23f414cd62fc42bf69063c93fc0d92c58dab2c953c2d1c8e604c611375853577987b20fd9d07c59e2c6c6bb664718d113c0c1befab1d469be9525fdd

C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab.tmp

MD5 878870ff46ba34a2d3d9400d1e6769da
SHA1 8189454aac6058bfdfe8bf0e1f1229c3c3c1befd
SHA256 4e0a9d4eac717f7fee4375c1d0ee0dba9f4a917fffbdac134b62e2fea500f263
SHA512 31dc488c0ab26a484d8b6dac09450b26de379bc841ea966400c01a00c57009f9c2ea132635c023e125f094322b094baf5846cc1c86005ce701379370f5958e05

C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\Setup.xml.exe

MD5 69b5ddd5d2d285338c6e1b1af7460eb1
SHA1 9e843f82f743cf7591fac8764802145503a60652
SHA256 022a8af7ce93d7aa4b027d8ebdf6d4a94f4f8ac69a81f868e0e014770b21eb3e
SHA512 c356a66840a21af582a0e3be1e1c51596de64f35796215d1d4af267c4fc592f2a5f1df3a2a494c0375555405bd3311640354241e87b12cd641e66c8bd86a2579

C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordMUI.msi.exe

MD5 533ac650af799fd2e24e630d1fcdca6f
SHA1 59a59efc7fdde437572e93fb3a7e67d37e02232e
SHA256 f699d8aa7829d2218e2ebd021448acecd10422216221b7b3b36f2e8d2a4f1991
SHA512 0436c2a1aa6cdc1f50fcf6fefa9c62c8a41396878690b19cd049cc1fa7223411de676311a43f25a270de643459d4269595b585c012e5ebbcab01127a6751d2db

C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordMUI.xml.exe

MD5 8973a341eccd136f93d2abee9926c978
SHA1 1f5ecc20fd28ae5e621dd66664aae685fe56f6cd
SHA256 fa927496702cf6a618700594f840d42827078de7c58080d582203d915dee5974
SHA512 b04f60b2e7686f53ab844d0a6c4f9002983f8632fd184f32f958708db13930aa8c88c8af835710337e0ec26a064595c0298d58f93d41296e773859fb71abd756

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.cab.tmp

MD5 d255f1ed143bf1844c2771106ba35641
SHA1 9d3d45046bed26d60f11c5212f69f5d1e65812f6
SHA256 e1799892d1e71b7d38cb67ef3f2424614523d3aa817ec7fe244a512de35c600b
SHA512 d8febb14dd35dafe35fdce2768b47b09df2d013159fea32a292578149766d8d7ec370c4b78ed59723ab55c026bcdc8380f7946ca913bb7d817f2a2727f5ba2b5

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.cab.tmp

MD5 c7d65a773dcfc2efaaac830699e42abc
SHA1 c5cd3c330695c8722b419c63f8a365542fe81f95
SHA256 082545b0ca343dfabb9d3ac853415e50c74939d1a1ce2c9329d3a0800fac8ac9
SHA512 bd6027df7f7b1a7a7ee5ae89fd7e966b9ffad512f9b891817604dd5ec848f144452ae11c2f5357acbf5a865ea0246e3693107be65e94b873b8914fea8dbb5e23

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.cab.tmp

MD5 dc6917a59688039d138a8df0173f18d2
SHA1 6816c0d6be0faa427db2be53e5464a3208ea8c40
SHA256 2f1203e47e8be02f66d09b1095ccf7b84958f236786b69fa46764784445dcb77
SHA512 47629bc8f3d9ea3ad469d044136d2534086dc71af22ec068902749338c1c877b26434c168077335718570383e92ad6c21600952ced8c672f13b79631de718a6e

C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfLR.cab.tmp

MD5 464d118af17d8c750051d01475034bf3
SHA1 45532f181e01bf0df9f3fea8346b9fa50cdbcdc9
SHA256 91e23c04317ec87aba793686450b906bb7a39e71ed41b67527f1715591e70d76
SHA512 f543384961d2c7a0ffa0af839572a5869480e64ddfcd7301697578bc12409b8d902baef56da3e91252f564b75a46df421d7c0ce530ff13cebc69defd1945e44c

C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OneNoteMUI.msi.tmp

MD5 bbf2051703335dc1d6fb86b883c1c50d
SHA1 1551b7ad554c900cc7197d48e59638df049870f6
SHA256 97606e52cf93870baeba238b7902621d5fc4873bb98bb40ae225f36463e9ad4b
SHA512 be33d49dfd5cafe92fd60e92287b10f6d8fc595da37a061d72d57a9bd6ceda406deb4e6cd68dd1fabb690f3c2e252735190a1d60c6777f93d5f893908fed433b

C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OnoteLR.cab.tmp

MD5 8788e8e96ce99fd7696c6d3b93b1ef05
SHA1 cb11734c9270c3a0688b791dd30079a414ad5634
SHA256 ed95f6ab94ae74909bbb69574cbbdf7ba1eb12d9dc36579afca03f22a986ebd2
SHA512 dd1499336dc37513efaf9b3268b8d68460eefae25d07048d31bdd30c381be1820931750d30e201f95080dfcc09852f63f562745338e9e701e52be980454c4169

C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveLR.cab.tmp

MD5 1a320e3be47904267583b85204fe0721
SHA1 1521512933eceb690e5bc7b670f842e99d3a807f
SHA256 cf2209423f3c5fc64e99bb6c03f93fcda8ab182e85ed7036e4a19c8608bde23f
SHA512 ebea43506654cbc24a418a63d0ee0bf3b95c5957c47c432c84609c66ffecb14072045261aad944c817e50cffb958ae118acf74fbe9de128e91addb719b6e55bd

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\1033\dwintl20.dll.exe

MD5 bef27f6a724b3598409b6ae6b70ce273
SHA1 4309093e91243f660bada928cd28dcd73a191326
SHA256 314544fc56fce3d37bddb1dd384fa07309783b3a2e159741f24c07c6df4f4a41
SHA512 ed87fa7ed603b33b997a814f050255f848cd85ebd504b45bcd37f839a56fafdab1e24b1c2a850cf1bdee68d21f3b134fbc81ca2636f3f5b00119c841326695b6

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\branding.xml.tmp

MD5 ff346fffb013fc8c399e1e129e91fef9
SHA1 d1f202cb98e277e1d5ee7f0fa0fc83087fb73777
SHA256 3921d838211fb2511d47d9a5b12298de3a7c0bfa324b8e77bba8edc44c2594ce
SHA512 19af96ca11d06878eaf63df5effeb2e244a7d341ba0473ccbe4876f7662e8d6ebb36ec3f9b6ec49a74618e7d0efdb509c9f3241f1ec33059456f17812132ef47

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE.tmp

MD5 2109f2982a893dea28d2296db41fe1dd
SHA1 4d9cda7b7f79c955bfdda0362e240d3e38f2a38f
SHA256 50f54ec957a26b01fb34433e26286d736e43567dad570d9fc470c452c9c4deff
SHA512 3169665c5f4d18a537f095eb7497e6de3adefc8695ecf2fe8da1a0129cd528493c83a7640f26bbbba4dd3958222cb09e84dc77de5cd121ecaafe4ec13a9f6846

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\msvcr90.dll.tmp

MD5 ca16402df493073e62db39617eb3c701
SHA1 2b11155c7d51b57ecabb22989462b0a2eec1a6be
SHA256 ccb3a3569d6db3523496572e07c89e2a085828abac54c448803d981624807489
SHA512 5f69be403e8d2a3491a7618bbf015d05f2ee5bf3d724245e2289f7393fd01e7e9cf8cff0fbe3205e0d6fca44ab73901cdff9db1a37b461efbdf9926f791d2de0

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.msi.tmp

MD5 3bf08047480a380ea33fd6bc329a993a
SHA1 4dc4e67b108cc29affbca233c9d2a30c65f78abd
SHA256 4efd106da210e0b9bacb77a4af016abba04ab7da629b876f35204de1d141c25f
SHA512 070f57bc0cebc73ef2459526bb2c85a0eb4ae3503afe18564ab268755b041073c9a816c278d8df9d85c3e8ab65e75bf92ab63dd9ffdda6a3ee270df2daeb33e7

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.msi.tmp

MD5 4b2d6c11f138e573f0a4f13c4cefc7c5
SHA1 97ed93b50b51f2e67ec457896a21a41016242732
SHA256 2c47954c535f544695b20b6812cb216ac4c99eac2ea4529327bb7e3601e7fa62
SHA512 6c27db875c226cd8530d09f157716252f7fab435d6e1249d9b38294a3ffe4ddf02694e39e79ea4291fe4bebfc82105b6b74fbc4f21cf23ad0806d1a553ecd289

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\osetupui.dll.tmp

MD5 3e1b3c0cdcf0d5181f64a1c7c5d18ee0
SHA1 c8b03df387ef470d12b5495e03911e885257ecbb
SHA256 50427fdc88a95c4143070a411e3f9311603c6ad3ddadabc254a76c7d9664db05
SHA512 96c1c36bfc28d3e86ccda6c75dd5b5ded9aeabc807fba7e73a039e8f8a7d411112ee85a86fa73757f0fb902e830bb495fdf5d4f0b84a0e1a27edfb246e0d3c84

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\setup.chm.tmp

MD5 fad092c0bb0bacc926d425518a0608ef
SHA1 6d45c4381b99bc9916ffb1a20cb13f9fdf5464cc
SHA256 fc1d71815872faffbedfa061e142106de5673baa26567fae2a6ec8908f9e3ef7
SHA512 f57c11fe6184e0257d0fce747623cf70fc033634b5e87dc8d63ba7328cd2c502112f0bf22687393d1a097a5a149bd013e8102ce981d582d5d4fd89dcba308d5c

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\ShellUI.MST.tmp

MD5 5ecc91adcefc7e79079fe686f14ac37f
SHA1 72b5461e933d78238e46d383538fd7963d9740a0
SHA256 ff5cb80edaaeaa1b7c7c90aaef67df5874b6c224558780cee74c53fcc54f4e9f
SHA512 1da5c34a73ea92266c2c4821d8666b2798b357c831c51eed635a642a3908734ed52b35c6343e066a5d5ecd7116a1fcc5c1a8148d1cc672132282774c0da09bd2

C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUI.msi.tmp

MD5 53cbe72f402abe8bde826062700dfc45
SHA1 1e632b4f9b590f9f354d5c542cb459f12d032c58
SHA256 c6dea4f303d8f8e313a7dac8189259a299d3834367246dd145be784061412419
SHA512 85b7547bb3891c033848649b09a0a6cf7616dd738a2dd28f439662e60c0e80625642a0f82a9ae42fa9e9776cca4fbec58db44557a64897187b501462fdafed9d

C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUI.xml.tmp

MD5 1cd6ca2c0d07eeab1d8c061da81206c2
SHA1 6f938988d75ede8a22e448f1b8895cabd6a8df07
SHA256 cc5f7cd7418308793922f4923a5a4feaa956f4e1031b73678b2952ea8d5cd5ff
SHA512 f6cb271378e1a8f4b1fe20cd56a62afc5fc83e69f9f022032ad8cc39eb3a3911c84afbdf2158161e0c65f32ff186141cc810026a1b4e10083816f68812aa6dda

C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUISet.msi.tmp

MD5 ab985de61930d321c1bdd746aa2e16e9
SHA1 a15c6e83e6a773a2a8698e61064b1f1b4b0b537a
SHA256 02a3280894089e5ba47f6fb4f7fffd058edabd3b6dbc450ab8a07c589c86bdcc
SHA512 e7fb73b77c573b2017ee74c4dc780a227cb0faaf8ffdabb48686c3d399943e56f83ae5f92b44f377ea1fccac0ea6c26ea04e64a8498b0b4450693ecb059d2175

C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\OWOW64LR.cab.tmp

MD5 b7c3fdc8094569b86bf1334df008be90
SHA1 8c96d3ea9e221e9e683846ff24e008debb620366
SHA256 fb63bc4ff8d6efd49bd857046539b62ee8f0a3dac9862f84a86d904282f61da2
SHA512 5b224012241e477c9df8b2921b8ccd8f088204d479b03f4bbde26d905c019565c85e70ae048fad351bfa36cdb5712fc87de146e43ecf86c513643b07d7b9089a

C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\OWOW64LR.cab.tmp

MD5 1023d71c296ee0a14b23953dee7c70dc
SHA1 8abb8b83351e19088f8b5bc8fdddc38a09ba73b8
SHA256 8531a5abba9f01ab92924b7f1fda857037ce79e8f2c0fd81a5b1e3d1bf8e9631
SHA512 aa17ca32d3f6c7d9590a20922adfdc21557e3ac7e8bd67b354aaf0b7d0176fe8872411a920b04ab7afbd6c4874afb3a21cb65d563eaecdd7d0373899cf681409

C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Setup.xml.tmp

MD5 ddee326e6e838f8b05cf3f216c5da3f2
SHA1 a850ec5254a560cdd69e358de7cc252e7740459d
SHA256 b55a4d23a5f415966d57eb139a3a990098d38980e90f5aa1b6fe07df72b466d4
SHA512 b4b513061229781e2a4a4d076edbb3a30e7285beecb47ab1f5f35f777c54a4132f9a413e54c6e9d7fb603b71536e164da9b6c965f327a849cc0f46b254759359

C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi.tmp

MD5 7f94c77f0c842f6a8663f14da517e41f
SHA1 25c2276b238d7fb4c072af91b863d257589b5595
SHA256 f75578879223a3943973f06e90c75cb30589c964967a3065bc404747551f4f92
SHA512 ed08182b51dd60efc26830713beea6948ddc8e55a1c8db22334cf2e92cc75d68c2455e95a745f1ba678e107bccbaf0b0200d9019bf023d255e192ca21224b4d1

C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\AccLR.cab.tmp

MD5 eba24779d1d139ec75b96b308d5b6796
SHA1 8034aebb1b559bb847d9e9848040440019b0b6de
SHA256 c90c95d250317ebe68ee38ca49ed2a236553c1243310c2a28a636b0d09eab2f9
SHA512 ac342964ab1269919bc4e646698dec2f9aba94863ffcb54d92ec13e6277ee8c63d326db28323ead1b26be0880c5de902a46e25efe52b002ddc692eade9e37384

C:\Program Files\7-Zip\7-zip.chm.exe

MD5 a7b83352e3fe65ccfe6936fb2e564f17
SHA1 c9b6ee5ae789a5d845965a689d0e3044422e47a8
SHA256 516274729f1e92bb5ecaa01b4a440ede898c02e20af0fd82fac4e046c60894af
SHA512 2f69614984bc25ce36e1b254db3c26a85026d36a6c079738f78020744e2a61589e73a418e3da787f9c6ceab2cbd16eef09359889ee6ab6debd67f0a3e6a4cae1

C:\Program Files\7-Zip\7z.dll.tmp

MD5 d7168ab14a61c10edaeee627cbcf9715
SHA1 43ba442c9a4ea2980cf89b88a75b1fc70946fb68
SHA256 d2574b2d5ceaeb8d73f9b097fba7cce7e5db9133280a387fd2718841c83c39ef
SHA512 8aa0595da8f9cf3e97270f052e0b0b0e49beae15289608e4c8f446d48cdb5bc3795cac06d43cbf8a36d82322fe2332dd0136a89d97eb9ef288b8627ae53b7b8d

C:\Program Files\7-Zip\7z.exe.tmp

MD5 caac6903312934925700517279d06fde
SHA1 e08c7ba27f9ec864b4cbf57070d755260034649d
SHA256 d604363ca457919ff62b53b7432bce52cc5b2428744ae56cf3a76fe7b22bf1cb
SHA512 283ac87b24e2bec1b57293498ec7acac9638bd45497f4d969d7b3f852615bf290dd1600a4c6c22b5a4413ce889691a68170c640446e7762c2231dca45c2ec8e8

C:\Program Files\7-Zip\7z.sfx.tmp

MD5 69c7264af5b78f098eae4d19dea38b4f
SHA1 dfeb0e6139b100c1c5d98efd2d36f187f849fcdd
SHA256 a63918331d0f3c4ef14f34f2db0ad3fa2f1c6ca718aafba77fc28bae5efc768f
SHA512 6d327275d83ea0704549a68fe5c898e403456fd281f9ef6b6f1592ce5a7befe301eb5b7b68cb08954330510db9e69223b453f395c3380b583104fb39924bc3ab

C:\Program Files\7-Zip\7z.sfx.tmp

MD5 75e4983967001608cfe9617a729ed961
SHA1 c4ecd4682b5cda76b50bd72c5768f1fabce9dbf6
SHA256 ad3251c4fc226f4c0742bf72957156653823640055ad36d145bb0e4da828f40d
SHA512 f691fd184421326cca8f26d930c20af55600877dde7bd1275c473af3949d7931c422ef8ce7d056bbdcd8c8a306e5435e6d83d18241a830e3e26421e0441946d5

C:\Program Files\7-Zip\7zCon.sfx.tmp

MD5 feac9b1b50c59c7424b78987c3bd680e
SHA1 8044b32aaeb24f5e8ce0bed7f0f0ebe55228abbb
SHA256 0093221af8ab969f5766c4b2fb79c29c6949bc550d417adf831c9d120815120d
SHA512 e4cdf5b41da5dca58ccd060fe08d922b95bf43fd10527282d05336ef6ed9487ee1f729ee278734d775852fa1cc7126b313f7658d4d69c1374a91bb60fe9b31a6

C:\Program Files\7-Zip\7zFM.exe.tmp

MD5 94805dec5ca9b54328e00596214fa66c
SHA1 2c5e71a1845d204f888340dd921db9ff69879874
SHA256 21e01eded34e83807a3bf37fce77a964bdbe71322f420d1cb7d58ec1474b1c20
SHA512 6c8f0cc90240628d3806b22693da94fe901140f1440777b710987ac1148491094e2bcabf6fce7d77d34f9a1deb1e0f92d9f5ac5fcc9157f016dd674982e4f616

C:\Program Files\7-Zip\7zG.exe

MD5 5d9f18de4b51186fecda2d27131cc789
SHA1 c76025fde28cf6fe12dc831f929e6f156eaf3687
SHA256 41318bf61c8c2c3e516ee9039baca8ed65d891cf17188471499391281e19ca87
SHA512 38f4527f3debfa2dfb2e1b8b4b7e36c331ca40bfdb63a8d25ffc3baf06089f635f75251c5593daf7282ba6ac432c340722941c7672753c711042aabc77190147

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-28 20:24

Reported

2024-05-28 20:26

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

112s

Command Line

"C:\Users\Admin\AppData\Local\Temp\01696c488cd5d338cb53301b8b3e7420_NeikiAnalytics.exe"

Signatures

Renames multiple (4872) files with added filename extension

ransomware

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\Zombie.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\01696c488cd5d338cb53301b8b3e7420_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\01696c488cd5d338cb53301b8b3e7420_NeikiAnalytics.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\nb.pak.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\vi.pak.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\libpng.md.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-pl.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Expressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Royale.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\OMICAUTINTL.DLL.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMePowerPoint.nrr.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationProvider.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\da.pak.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\DocumentFormat.OpenXml.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLPROXY.DLL.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Input.Manipulations.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL001.XML.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-oob.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ul-oob.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 7.0.16 (x64).swidtag.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\AppXManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Common Files\System\ado\msado20.tlb.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OWSSUPP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClient.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\default_apps\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-oob.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-pl.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\7-Zip\Lang\bg.txt.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\Graph.exe.manifest.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Xaml.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jcup.md.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000C.DLL.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-140.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-phn.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Input.Manipulations.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\01696c488cd5d338cb53301b8b3e7420_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\01696c488cd5d338cb53301b8b3e7420_NeikiAnalytics.exe"

C:\Windows\SysWOW64\Zombie.exe

"C:\Windows\system32\Zombie.exe"

C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe

"_abcpy.ini.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.178:443 www.bing.com tcp
US 8.8.8.8:53 178.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
NL 23.62.61.178:443 www.bing.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

C:\Windows\SysWOW64\Zombie.exe

MD5 67d5b0c0798065458985a7d77813df37
SHA1 55fe15788ec12e87f0fb32bb87f58cba31d03c1c
SHA256 9bfc41d86eac3d867ad6feab42a5df0b70c43b1891b5e225c2be62028f7d1898
SHA512 ea80df06960bcafdbc25c9bc8bbe83dfb5d651ae7809659671abf1aa2aca1005a9a7471bc9269c603efa15ca6c0de69d5046f47cc62cbc8d501c0fb1602a6c1a

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

MD5 e61f464e03fa5cde8617b3f9bfbe7087
SHA1 dce8d2fc7f444308bbad8e92ff773877f4f82f9f
SHA256 9218ced89de32fbc97388d7d53148e98fc6e348f940c58aeb59c8bd569d2b1a7
SHA512 84e930e7aecf4f0ef4b831a3e53df197c691287e934022e9d4e442d78e78b447ad3d17413e799de7dec6e414331b4df109362e99e1211eacd4b5b670bdac015d

C:\Users\Admin\AppData\Local\Temp\_abcpy.ini.exe

MD5 518f0cfdd48163eecca2a945efd7b721
SHA1 cad395ee4f04d1e0ff548698bd8d593d8adf0b16
SHA256 e42e180f0b0e47cf59e2f002f80791de109e17d3dbf5832726c777e7d8d5fcb9
SHA512 51b25fedebe7edd6889ac86bab47d2a032bd4a40248748b909f1efd890722e92baf8f7e8c7f02b1bdab7d9912ba6255290aa99b219252a29c3fcabc98ae2c0a0

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.exe.tmp

MD5 199e0376b46d6c84b241bd707c09894b
SHA1 3a1750fb7abdfe2afff08da65559d2f421a44d6d
SHA256 2b845f9e25d46cb1054f2b07cb8e361728b23bdc16f4291f42d38b8dd52d00ec
SHA512 ee22ee11fdc86d853485771fd85ba1f79360c52f21615d65fc592cc27ae5ada8ab4f0005aa543787e99aadbda0a25588d07c85b7341f862ba1e4ddf49b0fcd91

C:\Program Files\7-Zip\7-zip.chm.exe

MD5 8ba68cc56a50ab2cceccbb89d120e951
SHA1 a95e295c7d5033cc06d50e4844bf7223ac599b4f
SHA256 662baf738ab12fcab53dcb0798cfa2f5a6b544b097ea3958523f69156c16877d
SHA512 7ec6d2935bfc2cadac03c6cebbd2f3c1a1a7c6b5c5575564f69352d441726ab2c597fdcab29602b11810a56849eadb98b028b874c144d3c418bfe5c9f86cf12a

C:\Program Files\7-Zip\7-zip.dll.exe

MD5 b4978df4f354a351b5bf3f7c955ea16e
SHA1 cf1a8d2245ee305a02ce537dbd95f01b008f68a1
SHA256 133032bcadb03972036f51b71ea34d6010da34e41145de9e6d181b6c4aea0d19
SHA512 f05de131c132030f727520a3a5063ae37df4519327bf9017bade97fce4a9c38699e6b48acc2fc296b53982afae28db4a88cec282b605c62bf6c57ea40673998d

C:\Program Files\7-Zip\7z.dll.tmp

MD5 63395cad22657871a1e3d8cd25c7f133
SHA1 ca9fe77b751f0465cce87c90cdbd396ab63fe537
SHA256 a2d9ff1ce21d18951685c5631874733045b1aec5c0e956998e5b6b922be05219
SHA512 26534fba3ada060eed1e64e1120057ca9c727dc2bc543aea22253274131139aba0d069007a2a11994198ce47343f4e096194428363e602f91d1bc164982b53fe

C:\Program Files\7-Zip\7z.exe.tmp

MD5 0dc83eace561641db6db187294166716
SHA1 a6067138308e330213516f50e98569d26840213f
SHA256 55d29ac591634101fe3f805c0a2656692d532b08795a7fc77d5685f5d1d07c54
SHA512 561f68a3725115feecd8b23d4f2cd9346e6ecdf4774219a0e3641f5b2476b5cb59f165c10184a8f35ba8f99ea4e627f4e3777be0e4f20d7080a4e9720f37c0c1

C:\Program Files\7-Zip\7z.sfx.tmp

MD5 924502984f816abe501dc36f6a19dfb6
SHA1 6f56586643b3526f0194039d27bb43459d0d7f54
SHA256 c7a829d45298ec7055c5e27a2b7dd51b5f37b619b9a12c944f97b9c12fe1a650
SHA512 6dc6da15d149da0cb9ba655c09f7c12a58f5e060294f0be5517f2b756d9200b805498595fff3463a16aa250fea576b33e0c90ebf032ca26c7bc89d942eeeeea2

C:\Program Files\7-Zip\7zCon.sfx.tmp

MD5 ac3bc94cc9e68802355fe06887298a2c
SHA1 cde04fdb1068cbf84eb21a82e693909726dccc20
SHA256 4a8f4e43c971a963952953e3fe98369e9b9af14a9c22d32b47e5a5802dd5afff
SHA512 b75d4b724981eb7cd3e5ca8627c2023940de0711d7b9477f86781992f172dca4245bba4b234eff3ba418df6172758008fa8a5cf8ce20b712e93159bf735174a6

C:\Program Files\7-Zip\7zFM.exe.tmp

MD5 711c9ea867b13878cd8329e26834a7cc
SHA1 097e943b44a4b1586417d2ff8350ef003e8659c2
SHA256 1fe02196392860b049e8bbe1b26ecdc6c4fb54a485f14b7956066539463741ec
SHA512 1ae4b8effed1d2cdd0a49c53a3411db64d45da2214b542f93ad3e41a1f1378b1d66d158d696ed5d396735a6a5e1c7fa45db9f295793ea8da46f8f181197caadc

C:\Program Files\7-Zip\History.txt.tmp

MD5 88845329bcdbc0976ba49f11e0c66e13
SHA1 30429e7a1856028e8c239f4a7ea8c0d4b9642c5c
SHA256 8c59be393977f5b3b9ae2a51a6a3686c89a765bea7e52332ea08fb8663f8a2c3
SHA512 db1a915d377950dca97d5d4c93cc3c292820fac38ae7a35d441277eb51246fd8d870e9b80b221ca5141d2fc1ac86a5c273cb3727987282191bcc03f022319c6a

C:\Program Files\7-Zip\Lang\af.txt.tmp

MD5 c21e19f615f0071a5378181c5fd379c0
SHA1 aee6a72461b6ee14dfc0dabdf2d9674828acc3b5
SHA256 6bd5b53de8697d9e221688855e920b74490c527b92820a4c3c43f3aef28896d9
SHA512 97cf115a90cf09990e533c9a4305f2b0f87941e3effdd1650aa9791e2924b1b7e7d9270c3c708951048816041b0b1f8232180a7242177fff6506e41b442946d6

C:\Program Files\7-Zip\Lang\an.txt.tmp

MD5 47b174cc960e93251774e853142237ed
SHA1 46da9daa993f6dd5d3a8c90714a12dda5a15b4cb
SHA256 02202a2efb1fd2e657a8624d8635f18581b35cfe31a039c56c0573e7408ab689
SHA512 8b62bb9495f6f43366a55e263d7bc7ba25c3376d16764194021250059e3282d760bec9c252e0905d1bdc35b3c1027d746b1bf0e271f08a1f22be1d43c136d2b5

C:\Program Files\7-Zip\Lang\ar.txt.tmp

MD5 73ae22b081c2b904e93614b8b36826b7
SHA1 30fc324f795b13fb36977d8085eb34b7e56f1d6e
SHA256 8c003d3c7e23f5068fc12ad1c589dda06607e2a403e24bbb5c24c7c5317b6ea9
SHA512 c1452ccf6a710cba6d428b3d201ad2882c56d37abad794ae43e4d868871e50c0aebe703d92bf145f32ff9e59c11c92da80e41e0071169bc9130afe77d4df81d7

C:\Program Files\7-Zip\Lang\az.txt.tmp

MD5 6eed02b10c88893129b96aa8c29c1e16
SHA1 1caf69ac2d561fefb69c0abff4e07068ea870e1a
SHA256 d6f82fb37b6ccf3ef13f5a286f7a806ed3d2d7c9463c556271ccd45203c38252
SHA512 015448ebfa513081ae38caed7f61a998d868b6a5cf09fc5e6fbfd34928e6e1bc3dff63e26bc1f89504ef13756a8d5a972e986f9e0188c25eb775e5ce8c0e246e

C:\Program Files\7-Zip\Lang\be.txt.tmp

MD5 85a47a15f5e8a8c746a8b853fc077bbb
SHA1 e4b4416693a638fd5c47be090d3402115ad1f5a8
SHA256 a470348f21a9001e3ca2ad3a22af3b2352b412da015de6784b7a69720b8b5254
SHA512 ed1bd59e5db2cafe3b5283ac2c0577bcab336a7d52adef270eb7a6bc87fc00be77b3f8fc5f08f1c36eebd032669cc3ac812d763ee8c8a55b22343fd5b3e8ae88

C:\Program Files\7-Zip\Lang\bg.txt.tmp

MD5 6f005a65161bd5980d547dbc37e7a190
SHA1 43a7887027036015ad127de5bb75010434645265
SHA256 c9d54dcc90e4db2156a4a566f468122c301ccca8d337e32f91801c1f58344a22
SHA512 9b0534a664bd3c8a7cf3cde172f38ba929c818890fbabde4e65e89a33b53b438ea82b1981c610285ab610d09282fd7df5c85f31b9073c5667d8c4ca8027d314e

C:\Program Files\7-Zip\Lang\ca.txt.tmp

MD5 316b50beba529af420113d835bfca7ad
SHA1 21288d77a20311440a3cc8d3d8320e8ca362725b
SHA256 8173ff12a6b72d4e0fbcf5f7187c01e9567b19f34a05807ca990ca0d37ae103e
SHA512 452edafd2ff0784a11509accc383e0eb811740790ad88e0543a2e56a848404d5906bd65131e1fa33071687f49477ab9f856d3562025bb87d34f17ada4a751865

C:\Program Files\7-Zip\Lang\de.txt.tmp

MD5 7908f8c4df1d4fc99f8402ab9363e8d3
SHA1 75323e5f8f53efd3f91868c1d058a9cf9e72f34b
SHA256 72e2b2fa44ac7eafea9574a4ee19d3bad549b5a1517f79f658626481e9b8045d
SHA512 99c0c175f60148b67b91c0f75e1d1a3aa95e6936ab740a2ecad774c48c261e977d7ba2480a1a95cfe3ccf7c2898159fd248f17c8cda67d8d42916ee0fb336f3d

C:\Program Files\7-Zip\Lang\el.txt.tmp

MD5 41c7568e060f9f5c996e7a5758e90714
SHA1 f1e2783bf85874eba660d5849d69ccd38fc28347
SHA256 dc6e38e0f63fffe0f798ca8fab10a423615d6510732afc9cab439e17ac761855
SHA512 54e3c55d57553bb40cbe28fd1374f5db9dcf3fbe9f9c60d525a3582c9bbcd35a3fc62c419e309a953814707ce04d57b2e30927e327949ae48cbeeccbe0745fb0

C:\Program Files\7-Zip\Lang\eo.txt.tmp

MD5 68c1abcea3c1d7b7e742f2c38b3c267d
SHA1 30c0491b53cc377c33b4e86db722306795f27b7a
SHA256 6b740997699bcfecefe9197b59c76ff4ed1db5abf1929c0a4d793bc357d388d9
SHA512 49aeeb45048e8d214a63596b2130138c48f7d63c8b0f8a080cddbaa95141ca009bf908f670c9b9b6c90a8767a230d069278bbed8b50cab67f5ddbcb9a409349d

C:\Program Files\7-Zip\Lang\es.txt.tmp

MD5 9899cc461d151983a2f3a565a8c51b78
SHA1 4285f233831ae176105ac0e7d38959c9268d4d60
SHA256 5dd47d19388416bb2fca56e06c704ec2883505cea93bbbcb374c6c200a09eb95
SHA512 d69e1ee2e3b3c6bbff6f38daec76eb652dd1b6c783bcb677e8c7f4c117521f9b37b55313ed96dcc3c79447d6718c57c2f2ea3a91768a41e6103f4cb51e11910e

C:\Program Files\7-Zip\Lang\et.txt.tmp

MD5 7ced6b39a268960666056da4c7d230c3
SHA1 c3c575eec187f957aa310e62b0c4cebea3dd29d0
SHA256 0fba5120586607dafa227da107aaa0a56db099400d3a7b608d26918926c283e0
SHA512 41e32701c345708c02900c292395ec12e6139f1fa0dff664436e713b39344d2a20f7dfb4f5caa2b44f8de4bd3db609d4b4fd086796f57d95b0aeb5f023346562

C:\Program Files\7-Zip\Lang\eu.txt.tmp

MD5 a245a3dea47ac34248f3c8cc1a81a447
SHA1 7138ef8e0a3902a60623918dfbcba43c3f097d92
SHA256 03de7fce09b00cedc517d34f8e4b1c79aa08dcb91153fcb5cd37deff2dfb980c
SHA512 1e8c603e338bf357c6e46488c2c641876affb3639bfcb994302394f7d67f191c6c20100bb11de3f56e43b78e10db635b9b317cf50b1b3e56560f1c2c8a72414d

C:\Program Files\7-Zip\Lang\fa.txt.tmp

MD5 894e34a243890c895238a0cd509c34fb
SHA1 87a87798544d7e95dfe0c2c1b59ffefd6b3d238c
SHA256 5fdc4bf70bbeec702620b393633f3b2bea2b6408b339e808b07b5cfc4e345422
SHA512 6023da63f774a116983bf857b108c3dea2dbd9eaef8906efe68fe532633d6a83a3d71723adffae94bbfb9e0235d7c5aa6bd8e71b6ffb88aaa91f8393c0174f74

C:\Program Files\7-Zip\Lang\fi.txt.tmp

MD5 1e6b7effe4da23a389dfaa962c68b0cd
SHA1 6c92974d20e2abf52e2abcd99e4f992ee9d507e3
SHA256 a27f075d85b6f1cf842b7b9542acc06d51ea3c1ce3bb51a3605d1842be9478fb
SHA512 2f320e4a8f840a794442fb24e48d53b3112372c73858e352694a57529fe105866c7898fb2caf918942aa7cc0e1fa4adb8efdd759baddf397b787a540fbd8ff86

C:\Program Files\7-Zip\Lang\ga.txt.tmp

MD5 1e11c7660ad06c0dde6f65c7bf1d01ce
SHA1 2a8e1d3730f6989436cb5206476e2c63a04ede46
SHA256 acd6cdf128cc3cc35dbdce43e0490b6d7c3d98ce24c485a1aae349ceb7d9fb4d
SHA512 d1daada971f340298dadeb42caacdfa8f8bc3df0f789ce1b7f19a5cf3638a5ed8e7168b34b94d4c167c8ad33a976580245593cabaf3a2d3306c404af12e7e7c5

C:\Program Files\7-Zip\Lang\gl.txt.tmp

MD5 64ea2f4c648af0f371fcb514efe22b51
SHA1 8238174a6f6f49adf55ec44e2d703e1d1591f6a4
SHA256 3abfb8d84fdf2d4f10901f32532967ff25d358da12a6008d623e8ab2dac31fb2
SHA512 38ad963da4513e17aeee62c7761c3d1dc463dab8d8bf706dc40e15198f7d457bf3376c853075bfc6423d921c7d1f8de6246dbbf83b330572776fdc59fb6b0f34

C:\Program Files\7-Zip\Lang\he.txt.tmp

MD5 428fbe4975b50de891c4953d1b5ec304
SHA1 cdf28590bff3ac024ea9e08e11cbfdfeaaf42ce4
SHA256 b8ba9e94e5afaea53f5a33e4408543376ead55a75d09baa4774efebada71d4b1
SHA512 dfdadcf89c50167f7575700173953deeef2abfa7c25e47a4ab94142477aec894e443b86e5ecd4cf5a35a980c3c80bd0bd66dcb802a0b489afcbf05dcd5333bcc

C:\Program Files\7-Zip\Lang\hi.txt.tmp

MD5 635c24d551b5f3d9db57412e3db1770c
SHA1 2141e56aaf3b2108d923b5566c19e207a907d02b
SHA256 dbb889f19ce6e0e50439fc331e54f379c52a4a29c048e53ac55a740acb771014
SHA512 fa4aca3bcf51dce593513b7237a2eaee6c64457584d36033e3a89cbcd8577d0666a90ec53e345a97059f310fa3a6b857b077dbdbae175149be5a80d2f9045746

C:\Program Files\7-Zip\Lang\hy.txt.exe

MD5 f1e48647af3ef2b02f81c69e856e8977
SHA1 5123cee1112d4cdeb994c8bf42e82bfe3eb245fa
SHA256 ffb0c47c0ae3dea14fd23f382a370bdffb10e9bc85ef962e56b4f1414137bae3
SHA512 c79911ed49eb82f1fb955c33191815a580433a987f7ebcf12567eeffb6e5af41c8da2af129a7974dae28768acc9a6552dfe7ed459fdc9528e770c2bbad15cfca

C:\Program Files\7-Zip\Lang\kaa.txt.tmp

MD5 d84640752797c17680424f5940f59a4f
SHA1 4e82e912a5c3939ee8ad6918b1d2dbd91df0ce94
SHA256 c7bb71bc89146588c8df5521e7461454e5de66904f4208d9a5cac52c8e08ca8f
SHA512 b1fc86e8ea9c03d570ceefa2a4933210ca2c8795eba8b38072de77b983018f217d85cd4414217f0b739cad82f896926f360a7ecc10e4a3616250a6d81977a5d8

C:\Program Files\7-Zip\Lang\kab.txt.tmp

MD5 a256d241abf91ab15f83060721a9ad4b
SHA1 26642b15c5c2f8e9f77f23a8f149ce288104d68e
SHA256 3882740bfde1d5496b43d81851037cbdab4e0c0ce3ddf8f684dfe7428f5c2cd1
SHA512 d0ca36eb0d2dbf81c086cd4c188dd42807cb9a9524a94875e55b1c7f57cba384788bfa1602cd6e2be8eb9f0edc44cfdb79b4449806856c996d3b58a7ec175d39

C:\Program Files\7-Zip\Lang\kk.txt.tmp

MD5 9db5d364de65243a9eb113ee9cb47f9f
SHA1 268e77d575bf8e1aef799bffd8e8f173a7789d1e
SHA256 13a458303277653bba07492a522199e5becbfee96221b633b158f43fe1a46a10
SHA512 d9a782462ae1ca69e1ab62df4f19b83d4b28d583bfc247c033db092c918bafb76acd14de41c312d85ee6fdaaa8ed1ff879d5ef35073e2594cbb139cf6c6abd35

C:\Program Files\7-Zip\Lang\ko.txt.tmp

MD5 253e74d7f928e491d8e7df8b39234b59
SHA1 871009de439fe1afc73119708778f93866908d9e
SHA256 260c6a7009e59ebd33630054fb958e6f072c2883bff0136b15b9f54205166266
SHA512 647addb14b2eced372fe0da81ad9b9cb84a13a45c2de52092424cce6b771163ca304d19cca81ddadf6b78f28e97e172804845a72d86b053732def3fcc88a630f

C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

MD5 828ad15c75bf809e3fc28c4f5b400af4
SHA1 7eeacdc6f2593dbac25cec3954542002ed6b9b22
SHA256 c06a1cb509bd3a10baf97e027e7a4d9e6c6f7bf0fa9d9b9c0c7eaa5ee175cfc9
SHA512 4f59a794e663e7957d5357f627bb51c3e4e0d8fe3174d236cb5e668badb8c273ec04cbd38b2f9a32c6fc6f3e94d0782c3e1cb5c9905d493e402ee1855d266da9

C:\Program Files\7-Zip\Lang\ky.txt.tmp

MD5 6931b33d59cab51a821c68ee05dbbd9f
SHA1 f3f334b6f9adec74735e853e642c7ba5d2b5c82a
SHA256 107c49d68c34bb36d92d3ca794da73fe2777c9e4bc99a5b728390bf707511b40
SHA512 69cea1fab2505dcc22e8ef62205c4e6513ecc6c9259a4dedd0be12dd38821a3caeb2a7154bd0daf78dc101fe4f6f011ff8b74e43ba29a3ae4313f42397ff7d30

C:\Program Files\7-Zip\Lang\ku.txt.tmp

MD5 40536d3b3eac8d3f32c1cfff0ada1b02
SHA1 d7890b7c354366d281f5c07568188e2845ae5c26
SHA256 ae6fbcbae9f656db76a2c291e90c1930bb371fc0fc26fd6035f97a2fa99c774c
SHA512 106da720c3281c44c92341a74915b6e80b7c04c42aec2c47c35b21c002217cca5acf55e743420346fe9ed131bba10ade65bd0f0b087f25c4c4e9698634c675b8

C:\Program Files\7-Zip\Lang\lt.txt.tmp

MD5 81417f53c876f7b76edc7921bb0819c9
SHA1 cdc2d5846f147fb0e796630bec11f3a8227370f5
SHA256 84116490e768bf253a0c00743120fb024b109f63dcc0346804ab99e554e65163
SHA512 8784a76b61d1742e2bff2e7477d2e8d47f07d95f1e2b42e0ccf48e6912f542daf41dc58c18d62465a081ffc03f7d12a9f49242fe1275e91a2c2a86db3f3dc62c

C:\Program Files\7-Zip\Lang\lv.txt.tmp

MD5 800a811dd52dd193abcc973527a94541
SHA1 bc53782d7578b8ed94ab8fce29c9ae2afa71484c
SHA256 4eda5d38472f097dd2e4993df510b2efe5711317dae2bf989bafbdd9916d86a4
SHA512 e7def3bcbb88fb4e3edf802879d846f4a52ee079865fbe5d329991a05cc03ebe148d2830560b11fdc7c42b1e1c7f8ec42fd42445e5494b7a98f6e02d31146012

C:\Program Files\7-Zip\Lang\mk.txt.tmp

MD5 739d6e59e7df1ee13d4bf8f80b176cee
SHA1 8915b2019679928030ad9b75daea4bfb7aec577a
SHA256 1a3725f30fd3c8d5925210155cb5ed14dd0a8f474e92e385ad4f434379156c69
SHA512 d598aad9a45105906473fccb754608001d0f611021d0511ffff0575367aa406fdef318d39f2679f63a68b6aa08663a10627c7cc4447bfa7e1b75d5bd73ee1105

C:\Program Files\7-Zip\Lang\mng.txt.tmp

MD5 154b1c6e45d568932caa5cc2279e9c83
SHA1 178a6463a5fc1314328c850d2ff0b99f033c1ce3
SHA256 ffb4a0adc052cea11e6dac786dfb14611fdca52b8366fc306328f9328b56bfaa
SHA512 dcc3cdd030925533f4d50bd76c183e10540e2d4833093f4d7c63205b6c8e52c82b62af8dbe06c92c970442ee11db0ea2a459009d5ee1db45eb70ab8addb13872

C:\Program Files\7-Zip\Lang\mng2.txt.tmp

MD5 879695c6b8c1575e8117e59b89747a71
SHA1 cda84ca9ecad2b124d397d44e67e6888ab13e1d9
SHA256 d60ab1fa4b1dd206e88aaf6acc107bd0c5c08209c305aa2eafd0d14fc125e981
SHA512 a6ec6e84821e395154ab39c20f398e658d04956d604de097c0cd4bca0108e2e7be7e1dbd497c40a925964ba7ec00f6afaaa824d52e4d83280959a84a876d23b3

C:\Program Files\7-Zip\Lang\ms.txt.tmp

MD5 7f7ac33d8b70ee9c982765514bd93552
SHA1 30c308e278e74de070c69b5ba2adb9e806b6c514
SHA256 36c0e0bc1bd602115931e27d986541c98ea4420ae19472cc35faa82a5b54fcba
SHA512 562426a514ca661b88b060779598da5fbfc728788013af7ca6ee64ccf857c710e74186f67a8d34945210984ec578c66d2045bf06f0b5bd4a0f2dc46a9562735c

C:\Program Files\7-Zip\Lang\nb.txt.tmp

MD5 69cc34b4cb40be4a8f60270251726541
SHA1 502636171624e0396cee44c454206fb2f5d06b25
SHA256 eaaf4d49061afe02f5249cb61d387fd5ae12093ded4a15d1a0aa2cb403739317
SHA512 5db9f26177e9e21ed2fc0cfe1a6dfd322f43ec9a2560c60b24e735ea156ad657c77c64983438b02362f2f5c685b58036834ac4e507a1b13f6cb0e7786da98b35

C:\Program Files\7-Zip\Lang\ne.txt.tmp

MD5 d5995cd8fae05af145d36fc4e52dae62
SHA1 2a697e14e656e9cf6d74981b5fb6a744acd95454
SHA256 1cdeb91fad606015a3918d4f1e94b25183523c845b882320321e1027f7782283
SHA512 bdb3d67400cad05552426f6e991d84a62a1922da0349cdc44c4b9b2e82a7c2b7eb0b98dbb6397eee38ba28f19ed019efa5911ad3d5e17b698ffc00e9fb7633e3

C:\Program Files\7-Zip\Lang\nl.txt.tmp

MD5 9930954c620e8fd0bac233c140fe9eca
SHA1 d12ecc2807e35f369e4e28829ae59f4e39e21a33
SHA256 89ae8d67be7fe5f30378c55a02a965ef443f70893666f0603bee6cfb665cc0ff
SHA512 3e3e39fac044d4122e707e8c61e8b615c7efa7502051ec98f980ca584798e4205c927a02652b65a3fe157c2ebd836cee1e445f7b6f15ba5a66f7f3cce9cdec3a

C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

MD5 f3ffb0488e990b01c762f01373f5406a
SHA1 aabfb39c64e8ca53af5de1f857dce1aab5eba229
SHA256 f1b22e4022fd845236d4504452c84221035c1771b5fde5002413b118e0c6d6f4
SHA512 d9caeb542fee98dac8fd4e23e3b0b1f6e3dd86e1b0c75839a1e8a10a977acd4e34ac46697ea55e59eb9b4b8ffca6e305f1289ecf1d8566e5f6d49236119e5079

C:\Program Files\7-Zip\Lang\pl.txt.tmp

MD5 d0f2a70bde60cd442229748b27126cbd
SHA1 a9292ae9fbb8a000c901db91187e5498cfc78b2e
SHA256 576298ce77b29bfb5f9e0bbe7a75c14b128f1560b4b94cf99c34827e40e5984d
SHA512 21b400563dde127650c77925720d86109ae9221527ce8fe56f46f17d6a3735f68b8b6d5c276b1f3a4a3acfcbad75c4f02b8ba6b219fcdd8140959984eb938fa1

C:\Program Files\7-Zip\Lang\ps.txt.tmp

MD5 7e4eb3d609ff2cc1438b9bce04594336
SHA1 d12807def3da16b72fee65c976f1e6757042bd22
SHA256 7501a518e5d77d500a669b4d9590011f18831c123921dcdde44c5318ca770372
SHA512 574cb13a5cd48c25b2d603d62ce24b12b1ca1d29dc33f66b6867e6ea953c935ee84abaf0e28af567c19ea04f615cc876881af75bb7e9fb8445eed49d9fa1b050

C:\Program Files\7-Zip\Lang\si.txt.tmp

MD5 f98fa15559b3e2eeac7a2f1ec0c869e2
SHA1 58a731e3aecb29b6bec49090bb7640fec14d79c9
SHA256 2e5cbb877a7573073bce8ab255f86f12b1e8be174c37ea6e3913fbe14ca6aafb
SHA512 12d83b3639de7e44edd07c01fec3834478b731f833b0b4b4e29faf80af11f4f2f3e312edca72ee352b010883d32cddaf53ee5b24d2b5fc5c727bfe4c5cc955e4

C:\Program Files\7-Zip\Lang\sk.txt.tmp

MD5 1eb13dba001d8dbf9a9884fcffe233bc
SHA1 7b393ba3646f1e95e7be4dc89ba3fbde2f18fc46
SHA256 ed4feca8791c15c9fe67ca4f9ecd5132b9e1fb1b908162e81df607602747c602
SHA512 bad0df830f92cdf68dee64806fd2820816dda3fbe90601da1f84702227413a5d0eb521015f5842e3f51a5acc8d82e3a17cab9933ede6f4ca7e4bcf90b852f337

C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml.tmp

MD5 57b02520f8358cc3da65d0d6618f4d07
SHA1 03a3ed3e497b26dc36cec26f22041533ea22068c
SHA256 80061d81f52b8ad0ebd0a5d1e3358ea752dc6346d215a533e5908e64e9bd5fd3
SHA512 7fcc5b7999d6763fb66dc537d14c0b25446b02f2b8f6f9edfbc8e6826b25cc2a159fc5a528f81723430f4166afb20b48470f45099b25a778fbdd36bdeb14e48b