Malware Analysis Report

2025-06-16 03:35

Sample ID 240608-ewbgpagh3z
Target 8af3e65b986f7816773af9243b4c3890_NeikiAnalytics.exe
SHA256 1448180fc345ad1f5503cf9ac6b88c6fad506c7319ceb29b8eee7a293ad238ba
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

1448180fc345ad1f5503cf9ac6b88c6fad506c7319ceb29b8eee7a293ad238ba

Threat Level: Likely malicious

The file 8af3e65b986f7816773af9243b4c3890_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (895) files with added filename extension

Renames multiple (5062) files with added filename extension

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Drops file in Program Files directory

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-08 04:17

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 04:16

Reported

2024-06-08 04:20

Platform

win7-20240221-en

Max time kernel

146s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8af3e65b986f7816773af9243b4c3890_NeikiAnalytics.exe"

Signatures

Renames multiple (895) files with added filename extension

ransomware

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
N/A N/A C:\Windows\SysWOW64\Zombie.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\8af3e65b986f7816773af9243b4c3890_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\8af3e65b986f7816773af9243b4c3890_NeikiAnalytics.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.dll.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Rothera.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lindeman.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\7-Zip\Lang\br.txt.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\7-Zip\Lang\fr.txt.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ky.txt.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Taipei.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\Internet Explorer\en-US\eula.rtf.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vevay.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Makassar.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\WMM2CLIP.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\soniccolorconverter.ax.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8af3e65b986f7816773af9243b4c3890_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8af3e65b986f7816773af9243b4c3890_NeikiAnalytics.exe"

C:\Windows\SysWOW64\Zombie.exe

"C:\Windows\system32\Zombie.exe"

C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe

"_7z.dll.manifest.exe"

Network

N/A

Files

\Windows\SysWOW64\Zombie.exe

MD5 16c0a5ce3b5d2cdafaeb552f293c1b37
SHA1 ca1d321b3559cf39a9cebfc4cb82441b0a1704bd
SHA256 f068457762607426d6abce8447742b78de30522b67c6e15f0c582d32d8af91a1
SHA512 4e1cd18189e1b1fca675b345d2e3df20390e82f11d2cfed7dd7db246e28a074ad3ab385d833da0d23e36a096ec991f7fd2f6e2b6bd8aa1749d0964905ced8fd3

\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe

MD5 4b11f2b260968c1a8c87abfd15569459
SHA1 6109d7b24e68416291be692d5d48a6367c06bf51
SHA256 8b1c4a2678940c2822c4425e8778272e7330325b6d399d5a9101879b9766a49d
SHA512 5530fbb09eee60b8d64933920765e6ae368595bd7e5b16c2c499c51c609749dde383d108d1e90807dd4ff008396bbac7a5782c7e6f5e178015b7f28eba9a478a

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

MD5 b018a10bac2f62d683775b2aa305eae0
SHA1 d0e70a54ae23d0a82eb2f8ce0e26ca7d54b8b6f7
SHA256 e733c671958d2546c97b083449dc85709bc6605ffb25318a71d2cbb08f4e3a70
SHA512 16615b0f8e8a0f4b0e529bede83aaa4d863a83337c95ec2be2ca43095fd1d490d9f578c6b1321c83ceb7ded0b541c3fee3776dc613dbe70fce232ee554c20db5

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.exe.tmp

MD5 4a9d31a2d265a56facfb577e23fd3ea2
SHA1 3212e4bb0b80dfdf65b8bddcc8ea438c9b32d046
SHA256 dd0b871bd43c1d05b3aea79498d8dcde56d087f973c844709c98c161cce75679
SHA512 5063331a6a97b028fa9ce2164b81fd4a045371201f9178e255e8f51b9f66fe79e22c8d8ee0346a15d4088297fd6d4092e36771a2539a98df5a64be20516138f2

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.msi.tmp

MD5 b065d09344b5966302487c94af23bc20
SHA1 604575c354d8401c623077754688240beb1dadd6
SHA256 2faaa254cd83783b34f392745286c3c23025b67b50868aa6651685f656f26d8e
SHA512 f27a8dc76e5e0b9002c396179a935da26f379eef96e5c6b2b4d9f3080634d837973026ee02dafd138b95d6add9481e8157fdadaf6f31f5b1b252601dbcfde308

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.msi.tmp

MD5 c2a2ba2e2c753c00aa3b2881c6e873ba
SHA1 68f9bfa8026603555e20c0163746e068c489f695
SHA256 fcc031a565cc461d734c238f589aaa926f51680f248fd8e0c132a55e0c71b355
SHA512 116891f9fbdb637805bcbee98162bc36c7584451b4590b07b9ce2fc9bdc224f5fa7c895de61041f1446411826a2af2d1446c214ae66725c5c9b8f45072f8d568

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe

MD5 9d58a462ad6daba5e09bc24406182339
SHA1 2828570eeb3a4bed19ba8f4addfb8066ecbbd2bd
SHA256 f0e29531d625f2f7e1c490e421eff254835dbe31a60f83a01aeea439d3cb9bad
SHA512 c5e2f697bf61e00dfc46b74e032c7fbc95669b2d5a3c2c2f3a206c77ae72197a9f2c72cefcb3237aeca2f93b2346e3dd458d309e29f992ae763a92b125533ed8

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll.tmp

MD5 783146150b79359ad18c5e7d7d00ebeb
SHA1 c7b611892b8f1baac07f6fda392efa3cb4f369bd
SHA256 d702b0cac7879fb58d0dd74fa07aaa4a5407dbba3c8b8739cb6ee338a12fc7f3
SHA512 ebaa637fec6e26295bedaad57af185e7b07225248c6e11d32f62d283e3b4f9f91aeb3fcf53f8a3bf1742ae7d9aa38641794f5182c5ed292c54d47b5b36c1f3e8

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab.tmp

MD5 d6d1bb208c46bf10e212760f647d3402
SHA1 7082e194834ccf23302637c34decb57559354964
SHA256 7a6fe48b6a48e191c975eb754204545178b163d1b8581e2c0b28d224021dd6d4
SHA512 2392900804eb0dade74110fb09d61384050f3e2cc5ced91768b00e07cd57cb9b6734f09bb3eb180fd46ccc1713e4e4ec8fc02c2ed65d23561588919dc6fab7a4

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.msi.tmp

MD5 0a96eeea7ea67ab763eb92a6b0552822
SHA1 85b46e286c97797867de1d7249abd657f03bff38
SHA256 52b924001098f57870cc39a1e5dcb645f80daaf0b278234cccd79c197a745c69
SHA512 300efdbed26b4d135c809f34a6c3491a768ea218092e22f2b172751427d8a49a06c52640cae38f78bed059cf51449c2a7635b614761d4d38636c85e76408632f

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe.tmp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab.tmp

MD5 20e948ca65cd4eac0266d4d7c770e4ca
SHA1 be149ad6e931afa312d38727b4d594a85bf7a3a0
SHA256 cc33521b40aec7e4ddac01c9014dd898e23b480f744882b3c86db32aa78e1d56
SHA512 2d40ba2a52c036f481e56ee2de8aa19b50d330c65fb7397acab470b80b722621071d056df6156174540c5db4aa42d7403296ae72306bbd0e1347f3bf7ecf0d70

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab.tmp

MD5 bb7494b2cb18c7681eecb34a579a327f
SHA1 369451a7eb3b62e5e799c4819b454e3c9ab5c5bb
SHA256 326bc16c8fe4e36681642386fdf763039b7217903d6fc445cb0667ad560565c1
SHA512 ffae9d339750d6156c00285094812c2ca0905635c8344cd0ef746fd3b852477c9b51d1ecdc0b63616dd5dbeab832ee35539f70845db418e051183a8d724485da

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.msi.tmp

MD5 ee506cd03a633ffe124bbd8db8cac5d7
SHA1 68fc19910efbd363beee20bd00cc20c1c166d055
SHA256 c91f5296fa354dca72ab6ca5c832f8474e3541c2c863082bde638835c53b84be
SHA512 5da81cdd128394cc1a4e2e401b141312e8fdafd10e0eabf6a79590dc9040b8e3b03648f91d58747c0e7852e3440e7dd6434ce4d52d61c847808ee6e8b8016663

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.msi.tmp

MD5 103eb855c1a6da77597077f1bb48fbe5
SHA1 8def7a0e7eed06ff0dde23eb2ece16e4564b9d04
SHA256 09715a908dfac09c327d2c1348fd1b0040781ab1d87870cb01c59c9095ef0570
SHA512 b34c79261ced84a897957c3c8234fbd327fd5f66cc4707f26ca213780985647872ebc9112798e755585673cf99d56755a56ab5dae419269797845214b22f81d6

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.msi.tmp

MD5 816821dc0a77070c2df80f7e38f74658
SHA1 1ba3c3a73e9624df9bd97f863b0a94da2bc59f47
SHA256 4a6576fbad8300d363389aede4ca5dea096585f02f8444e6d40bb90219f22dd9
SHA512 07d5ba288d442fb0fddbf564a8748a2cee7c34a7013827673d6e0bc5bf16f9b9e393c2ca689970b6b3b73e58690507d656798f8a7893f4a5d160973863d391d3

C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.msi.tmp

MD5 e17d91b1437364f3957a03210d7195a9
SHA1 d6cee043aa07e3232b9f8d43bfaee37b456df991
SHA256 4f696c2a6d1a208b3780d3bfdced12bb0d53e120c635897a08b852b9ac77e582
SHA512 0207b92ff921db297ca55ac63d6114f59843de652d9fc65d0f96cfea9a46ccb59d6668b1267b96850f11cba6b31cafed3284152516d8f2f9522176f998bb7e86

C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab.tmp

MD5 e7dd49cced45f61874f62965bb5081e3
SHA1 af85d0f68a3e82ef63b18020aa6f5b1fe8feb3e7
SHA256 bea8c267b1026206d883e9b982d23c8b3c33b1b4d235f777dfbc80ee5f891564
SHA512 45d3a443c6dda0b1d04992a01774fa1030fa4a4cf3df8985abffbbe898f7352e2cd7fe9a758fb09c2f1472ac90f111b0ec23f9f0508c59297d3ac96414bd5576

C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab.tmp

MD5 218c88c5c23980ff92e9f5ab63bb3f60
SHA1 4cdabcc4212b774e278f945a2bea4e0ef3197a13
SHA256 7b05d1390f6ee2a77e03c690801799fe4e867c7012a222f69e1113e88d09314e
SHA512 2f798a025be6b43ff102bd803a184f1b55b28e831f14deb99349a07abb402e8870556256ce4c6f655287e88f217d66eb0bc2d42f176d10bdc2cd123c85d495b5

C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\Setup.xml.exe

MD5 e4e93617de172f42f640a7f99d144c55
SHA1 7d842574b1621929385e7a297a5d3e188072d347
SHA256 d2b0db4eba6d3f6b4c4cd671d3447c2f5a5047c8184dc482d0c28871002a5e74
SHA512 aa4be1c8945e7142c742d6c27835543ce9305110cc9298d67f775e0f0f113ebaf0061492467e7e4d93c8c66133af3ec5555b4772d997ededb4ef2087397baeb2

C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordMUI.msi.exe

MD5 7464c41a20317858f6bb4aae79e59bd0
SHA1 a5af6446f2955ac905a84da2a157b317f2686093
SHA256 7fba7a94fc751377e646cdd8317b90550317e8c6e6e76183cb6685159b0fbb0d
SHA512 37e97521305de567e877e990a2dcfc119444e37337b17a90bc2646c1bea80046d03645d1661a051ce6930e95fdf6c394df4c66583b08a81f201142e9f2fb67b8

C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordMUI.xml.exe

MD5 7d8145a29cb0c0a95c78190c6a9365e0
SHA1 7bcea7b4a3abb4baff0839f72df74d3a77624810
SHA256 8c030a2f4fccc21544c4043ce1229b000fb04057be7d98c5fa6b90ff7bf6b703
SHA512 67b025153b39ca43fddc992753b6e0c8384de3b04d30f552162117bb926c79610175cb87d5fedcf5a1a95f1152ba7e9e22027af46a2a549505aa0e8d8f507e77

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.cab.tmp

MD5 83b9d1b07f5a6b7240d1eb0afa03f673
SHA1 6df7dd6e37afd9aa975f57cbe895ef006b616ae4
SHA256 367c5878b416e7f01a47e23800f269a8d84f444ecd2bb2c8bbe22fa006e0b29e
SHA512 a7f710b71ec8394d0f3314fa3f56e57d790021c54741168c323aaca1b3493072b9611c891df4d7c1c2f1b78e1502f7d36ba28a8c124edbdb285d6bbaa3e3bfef

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.xml.tmp

MD5 47a9c28e93d6f2f33e2312db34d2c5fe
SHA1 813303eba41fb8eff2c51c518e12d9ee5c4c3836
SHA256 f4b2b149b31f253d02a48f3d0792fc273cbeed2db35d9dc575569f836abd5bb0
SHA512 830ac32f68c08d5d70502993d2901f1dbd0967e5eddb55a7b20bb3e020185cbde44bf663fde3c2645fd0d4eafa4bf54564470352ddb21748774b754d6ed31948

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.cab.tmp

MD5 c47e4b2810700da55b368e5ef25bd3dc
SHA1 9785dbe098c6fa951b97585a7af381e1d7eb084c
SHA256 873600377600ae15517c3e8ed5ee02465797b7c93dfe04cb96b5deea32f7e16d
SHA512 3f42e222cfdc7366de4632b5967ae0c126b7a5f70cc71ec87c8878e969cb4b90d2b562e6762a2ed4d6d2b5a469ca2f45e65af13c77e2db6427b78254f2ac3f06

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.cab.tmp

MD5 94916b65de433db817b4c1481ae26c37
SHA1 ad5367411544e331b03a72e0db24a95b6914df0e
SHA256 d5c76c3188fffac2eb48c957d911cb6890b2ec77ed9bc5209115da50156ebe20
SHA512 f2dab4eab8819761861d038b4d9e8c697d917b727e7de91c9d94618552ba6d58bb65d17d5482db939532b150d560a66a225e739f25835560a4afd4f5ecd75eec

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.msi.tmp

MD5 c9ce03c8074eee0b0003a770fbdb649b
SHA1 bfda5e48e4d240b70c3a95237f2b864172587008
SHA256 a7a3df0906537919afaa6cd31f1a0b3c013374ae1b7c8288c9fd6987100eb835
SHA512 842ae239df5e7343eeb46050a9301917a6b94e2251aa356f23b1d2c1121de009a169a71c660cbd1b85d23153bc0a05de599b6d98e66e46c56ccf9afdd597aac8

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.msi.tmp

MD5 8d0cc8551704e86839051a7a20876f22
SHA1 af643899d9680875110fdba5e1a4279590cdf46a
SHA256 ab443c9234615a8f6c4fad6ff1fdb297f33c2b9262339dcd2855bf291f3c931c
SHA512 56753a93c93f6b92a147670fd713c116c1b7ad32b558e906bc2e1aef2395fa87905c3c3ac759341a9f6d74606ba6857c56d9641c45065aa26a67fd481985890d

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.cab.tmp

MD5 f219b0742fbde9350b690737eca8892f
SHA1 8c41f0c08ed62720aac789faf040cb0b068b9c2c
SHA256 971742352c17e96c2b9c5268c9cb7dbf923f2cb619e8407c6ed95257140500f6
SHA512 6a86582cb99faecd9e0ca115857431bae13ddfcdafbd083583ef10d64cce0a4dbe225bbccb730763ad318fd9a707a976b16d27dced1389732d228e2f0cd4141a

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.cab.tmp

MD5 7611c4d4d93ab8e24d056ac0c802fceb
SHA1 9c42220d36bb318d4a5a864ff52ef2c4c61e331c
SHA256 304a6beb599a5b29312639102e445393e9a0155a0efd7647373d22b6114453e5
SHA512 f337eeaf4f8095fc2b6f8db50a9e0922e1e991a45ed211de30e828b62e364cf3cb1ce472e63c5e44d05eccefd30f2b712dee51d4927c84b7f0f96e2ddc407bf8

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.msi.tmp

MD5 1e799d1605d2a22b83606112280af981
SHA1 0b8603d2a7253bffa798f8dc1cb47599b386e476
SHA256 6affe6b2801af645daff34b8e06389b582977fce4c5e147d5445eb0fd165145e
SHA512 3389bfe9a491babeec0f713404791ff03a88d95a015d6db7573f176ba63ad97fce5a7e4b9ee79e2b8f977ebd95102ac214178ddee969da4de8c595a8cb1ec51d

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.xml.tmp

MD5 5baa2b437da1dfdd3c6e64fbfb4fb35c
SHA1 244f711a2993fc5b884c9504e3b8c0321139fa29
SHA256 271f6b1081bff46e5c916172195a160e5c334b128873d9a42af9ab163536cd91
SHA512 ff3279257e291c1b4295cface81c8be39a1448965f4017980d384c8bc238f0b2081e0c041047a6f0144d40701564f98f605def15029a4cd692ed9c14800c1e4b

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proofing.msi.tmp

MD5 af2425c910fd7fbf5b6ae6612418b2ff
SHA1 8e129180459bf384b0cc33fddcf968a262637986
SHA256 4ba6203112a3a784a546822183462be1967ff05a08baace4f5161f605e82c719
SHA512 215b67a8ee62436f94c4dee3bb478bbe42c23c93635bbdae58dded005a610c412c1ceae0715a8e5b50d6b2d0f6f4b1802e52e1f9c6dc0066107dab4314a38538

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

MD5 0c77f78baa3fb1d168195be4bdff7d24
SHA1 b88a00daca6e7d9d895964fcbab879a9aab627e3
SHA256 9e82159ddfc4228119ba85c8cf4c89cc7deed9b7ae5883a8cf1e9375f2823b0b
SHA512 48814caaddd2da8d66247a67b8fd9a682c12f5c2fcdb2457636c0263176642e4e7de47840534e7505c8d8a54c38e3d216c6fccdaf1ca96bead91192daade1f42

C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfLR.cab.tmp

MD5 6a96f5054ee011ce6cb1ab1009558465
SHA1 2a40fcadb055ebd183ee375472bb315d44a5b0bf
SHA256 eb3e6cdfe5883a75cb7cbf8222d2f27d19926a9b54b22a9b1f37e82577f319c8
SHA512 6ed050291f0ce2d4acc483d12864a9e7630c7331421c26ee7ec0cee773f15a98f9004d9d7a2155223f58288f605eac587a363d8ea1008a305d49a5689d4cbce0

C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OneNoteMUI.msi.tmp

MD5 150d26c0a9e5323a41eafad453a7db90
SHA1 b5f65dfb776e2cc6b10ab988583e5d6622a1d79c
SHA256 2338e192ff14ce98e67c95d0d6990f2c7afc0a63f9d8e362ccc4e90bc13500b2
SHA512 22c4d1c6fbbed19f340e5c8dd423a9903e2e1f3ae98a63b1edb68f7eaa9326101f8555c6c1bb1f3fc8e10267e7b23e76392c80846609ca9d5515ac96df675f52

C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OneNoteMUI.xml.tmp

MD5 6eb006d4551abf1d80d1972f8b01f2d1
SHA1 97cd671c16e516e8b416311136781dad51482eb4
SHA256 831284aca233a4b1245adc1dd77371d3d11f48031c0386f9256dbda747781f3b
SHA512 ec64c5dbbcb9871c406c3cf4b0668a1e2a882dd3c48ed41f3b428c60a51da304a3a9cd16023e20458711ab7e22bb9c082dd61efa646cb557c273fc41876fafc1

C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveLR.cab.tmp

MD5 d4cf234e1d635eae9e5751dc9dc0a470
SHA1 54e298c8445ff8ab1a20eb7d0fe0929fc0e9dcf4
SHA256 69aa5db7ba50a1d9ca89fa8715a02e3cff951c14ec0c207cb066e56815b6d233
SHA512 d3da18a6e72207b88021425bce799b2ad8caf4630ef0955b655b64d17fc3b8fae0445b4625c0e34e931f45a2a3ec5eefbc2aa4c7cc73e1d51ed119b7f10e6e0d

C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

MD5 b1598262132ab28f3aaef014923772e9
SHA1 04c7dad107a046a9d12813804f940c25221c642c
SHA256 4370389d76fa20818610689e011305de877fc9b75d466c8a8ff4d888fcdd58c4
SHA512 8dc41d866934e8535cbf3747c98052d8676263d855e5d0a57cfb74e37aa1c3e420d16cb32d1baa189f277fba52daa0a8026a1f89b06f467dc879df2ebaedcd09

C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveLR.cab.tmp

MD5 d1cbb7d4b0325fe04d96afa9bb45ccc7
SHA1 a5739b4985b93a66b219ed7db8f76d0699abca34
SHA256 6b975c6baef9d7a5c5a5ea7e17fda685cc64121868571366e576364400a5a211
SHA512 58b48254101a26dc56bb6b6300b06d3cbda8761589983e4a316ac79d433938d490da65dc82058234c8fdf28f458bc2cadbb973560d849a3e7e6a594bdc800513

C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveMUI.msi.tmp

MD5 00ba4751cfbeb803ced3f4fc3097e2a2
SHA1 9e1d29aac5eca3ce4d809dd1d3f1953d78628f26
SHA256 e7b7bb00228dcdc3cdffcf0b5d2b7057b8af597646b94b03bae149efdb46d5ec
SHA512 7c860f64bf1217ae377e66788d34ce0447dc582d8b5b20634a5cee24a1f91bed5bb81d08b81026abb2218c432d184ecc01d8eb53004e3d6f6aaf1daad703cc35

C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveMUI.xml.tmp

MD5 3ea0ad25a675d95addd13d7047a7f96b
SHA1 93d84054e8df2e6d55da441710426aea82137fca
SHA256 1f2f047dbf30aaae6715a7ba69fd3238164c4c65371870a68f96a7207ef775ed
SHA512 33b5bd9d460b86e09c5e2eae91773dcfa63e32a690a24d800f20620ebdea99e91528af4523e389bc06340a2950bfe29beac4b2904cb17f4b15f69a7d4bd027d7

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE.tmp

MD5 bd1903d1de855f698ce358b2f8b826e6
SHA1 186b53e14919a8b63ea26314de500a1cb0430e41
SHA256 2f4ea3d6e8cf01e87339d2686ed8acc657e01cb54d9b286ceb6bcbb17fdf1c80
SHA512 d8601e7806368bcdfe3d106d8b0c0122f6d0052773f1924db7f9f66f965e6718aa5e275c37c548e5fb567f46e987237f59f31002405d6db87ad0607f5c933d7a

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE.tmp

MD5 430a4f6919571ae764e186a6a491ab91
SHA1 524f86b241c15d958383fc29d136241efb44e8ac
SHA256 7ae70d6970e00fc3ccdb1bcdd65fece3d730668acb2ad07398b31596d3578e8b
SHA512 7b87e11f22f548b8c8bb1ab39c7d1d5fe60f0da2fe6b9cf680b6803d8cc39592d910f956e8fd9e23126805320b7d4638a0bcfa83f7f4a3de8bf088fcd3b55456

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe.tmp

MD5 c54f67116b78ea15d096771e76620f3b
SHA1 cacb27d339605a3051d041255c166904d62f1464
SHA256 9bf6c2fa2b1601cb3b4680532acbcc644d1179b61afe5982bf2dc72b7a2b99df
SHA512 e6863bf65956fe094406678d597fefec164dcd539f315415ccc860216a487ef77c107003cec51995fb3b9e0f7b22d54557910cc7162a749201c27a3f1040af87

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe.tmp

MD5 78ed8c17a47db0ded7797e45c5874c57
SHA1 a1746943d99feffd562fbc669da660b3ef6df0ed
SHA256 8c9167abb12d834c6c46f39d2be75a35e11fb3891482312489212ddf4dff404e
SHA512 0a88a8e46356e8bbe9f9a2abf371d751726c4c8e82884763b995550efd7bb9a436ff4287acd887777771f13361d5f44b91b00023794ed3a25ce4eacf7a050c4d

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\msvcr90.dll.tmp

MD5 e019044bc5b87efdd90bc57471559c67
SHA1 baccdf4efda779d90e100ed397cdb08c8a6dbfed
SHA256 2f4aa6dcecf1c621163558d420b7f39118917a2a343cdf380040822872e4e642
SHA512 046bbc868432f1320ca5cd3f1b066e5b19e2b02ccf61f0337804800ee2a9846b374e1a96d691762b5c61de1d16f247f2bca6ba270e9137e70f143022afab6614

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\msvcr90.dll.tmp

MD5 a7bfa6d5e48f7d10ddcd3fd768308a48
SHA1 3f524854ca260daf5bde548497c574e7455ccfae
SHA256 0330177be6c46a5361ed724361585cf8e79c0d215361a96293f136a1f3b4c0d5
SHA512 90f572a028b6c7d64e75341b9601048ad6f85090c34641e674bc425a39179c90e46c1b2165a0bcaaf26b5a8157674e8be68c8cab737ac258c4041227907e0409

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.msi.tmp

MD5 dbf39208f7fb6d7248711da61d03c860
SHA1 3b187f6ddc683aa9200e7fdd89ea4d70b9e4466f
SHA256 61d9d27b15b9964a66e03e2d46b1b7547c5ccf16c6082645524583fd69ad3fdb
SHA512 ce62b7a5ce95c743cd3940c813b9f9d112453456120f80b0fa868e5fda6aeb5061e0b17e4c3813be341155e7b0490ce37cf4405bc5feec52c36aff2e9f7a3e8a

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.msi.tmp

MD5 23991ab3e8cc797c3006ddb93f024db3
SHA1 fc51f67191f77b404e0939d323f7df19205f5cd8
SHA256 a344bf35698246ec2526ccf17cefbcf5e9fa19b4687a43ecaaed2452fca1e186
SHA512 1679005e7079e1cd31d6909ad6c82341137e320e54a2bd0f9ab2e39d11d662f7ab7a9dfab60c995662ef7bcea5fd245b52b6e43aee8399ca4592fbca019113df

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.xml.tmp

MD5 de00628af391fec0477f7b374c730dfb
SHA1 8f3989c3db4903bf53ec88d01c2366ade562bbe1
SHA256 6d83ed122abcd1fe5cd8ec63a213b8773fd8108a33508f3f3e2c12fbcee79f68
SHA512 ed11ffe5b3c4795d81e1953389a79e609a346529ef0181f4cd609450d6c858ae5eb246d9f87865dde28d6fc4cb4aaeb2cebb32f91d5a380aecc374de7c5e06cd

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUISet.msi.tmp

MD5 940fbb1f84d04363f532fd1038df03ff
SHA1 de5adb36a68bbaf318453763b5654ec0cf69c57a
SHA256 f6eb83660e015497e895655a957c2d9348dddf3c3c9fb60bba496902178e5934
SHA512 b7b0f110618b5f493a6ed2ae927cd7c9f6af1f6d9297eef3bc51cf3dd4aa4f9e21a795598896eecd9c3e0e95f5531f4460b88d7afed2cf9b435c10e0f25edbc3

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\osetupui.dll.tmp

MD5 f005404a515241ddab870f978abc26cc
SHA1 613266c5d97930ac69338747ec9f04e5f76ee437
SHA256 950685a682c9d77eee361f63af23628bc6815bd10d3b5269928ff4d8aca942f2
SHA512 096d97154d0c09cd23cbaf4973fca4b487af889d79db0c9683646dc634282d9d5c35c644475b72ea163c4979b6686202fbc0d8c95575cb2005c2d395d0cc7117

C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc.tmp

MD5 22663e4fbdfe676e872e14db30e317ff
SHA1 e58fcfb07380e4ae74284db62410ad0b8d1abc41
SHA256 ca5f0b7c20591058adc8dcb1ed7f43798fd89bc2709f0956bca602310577059a
SHA512 4f6fc2bdc2418a40c5e0c31b8cb1959507bd22f88dd06c57bc9fab276fdbcbf2511d1e53e1f8ee932a697a643ee2b36f7405c94013799ede5753d7b55cfacd11

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-08 04:16

Reported

2024-06-08 04:19

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8af3e65b986f7816773af9243b4c3890_NeikiAnalytics.exe"

Signatures

Renames multiple (5062) files with added filename extension

ransomware

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\Zombie.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\8af3e65b986f7816773af9243b4c3890_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\8af3e65b986f7816773af9243b4c3890_NeikiAnalytics.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-pl.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ppd.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\libeay32.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\OSFUI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Windows.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ul-oob.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ul-oob.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemXml.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-pl.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000A.DLL.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.HttpListener.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\unpack.dll.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity.png.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsyml.ttf.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.sfx.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_sv.properties.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-sysinfo-l1-1-0.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\cs\msipc.dll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jdeps.exe.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteNames.gpd.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\index.win32.bundle.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatching.dll.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Timer.dll.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelGlyph.16.White.png.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\Common Files\System\ado\msador15.dll.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\7-Zip\Lang\en.ttt.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8af3e65b986f7816773af9243b4c3890_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8af3e65b986f7816773af9243b4c3890_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe

"_7z.dll.manifest.exe"

C:\Windows\SysWOW64\Zombie.exe

"C:\Windows\system32\Zombie.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 80.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 8.179.89.13.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_7z.dll.manifest.exe

MD5 4b11f2b260968c1a8c87abfd15569459
SHA1 6109d7b24e68416291be692d5d48a6367c06bf51
SHA256 8b1c4a2678940c2822c4425e8778272e7330325b6d399d5a9101879b9766a49d
SHA512 5530fbb09eee60b8d64933920765e6ae368595bd7e5b16c2c499c51c609749dde383d108d1e90807dd4ff008396bbac7a5782c7e6f5e178015b7f28eba9a478a

C:\Windows\SysWOW64\Zombie.exe

MD5 16c0a5ce3b5d2cdafaeb552f293c1b37
SHA1 ca1d321b3559cf39a9cebfc4cb82441b0a1704bd
SHA256 f068457762607426d6abce8447742b78de30522b67c6e15f0c582d32d8af91a1
SHA512 4e1cd18189e1b1fca675b345d2e3df20390e82f11d2cfed7dd7db246e28a074ad3ab385d833da0d23e36a096ec991f7fd2f6e2b6bd8aa1749d0964905ced8fd3

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.exe.tmp

MD5 ef1989437e317e893e6d336b73f9d20f
SHA1 3c6d50bbcb7a29176577709fa1a04f5fa5f7c379
SHA256 5edfcc9708ebba3c8ef3515916ca6eca5cf5030bfb279b748762c598dba09f98
SHA512 ddb7024424ba3b3dcec486626cee8a2166ab16240cb36769db1bd0c916520c9ea98386f7d7761f2af40559d960f5754b719a5a4d26eb0a6f136bd3b6c9392bfd

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.exe

MD5 7573937ff6eae87f3aae9f2ee48c8e31
SHA1 8fa4d0bbe2026fa8f3b541b3ef32aaadc23f0811
SHA256 5daa89e31c87b20733e42cdc6b5b37306b97d915b360b75b09ef5558a3079992
SHA512 2fcd8d95305c3e29b9e8e73eee5fb38c39bb6707e77a5b623a26ada740c117fc4462a6fde626532be41881a6a842523bcfa42e952b6f7d7cff6d896348705f37

C:\Program Files\7-Zip\7-zip.chm.exe

MD5 f5a229e5c1b45b09178219257bce1ea1
SHA1 d946ad160397e469579477827ce96c0da8bab01b
SHA256 89e341aad2ebc788d493e873a08906572900b5b341e138db171bc3da29b74c4e
SHA512 ef16c4edd8c34e7b5ef6353705ed7eb911a0a44a805e4bbf30068da9e97a243ddbc4a9958b61256a6ccea85f0a292c6b452791482701abfb2909413a435f7f77

C:\Program Files\7-Zip\7-zip.dll.exe

MD5 7be0089130e52c2c858aaf2eec933427
SHA1 551f61373001037e4475aebf6cc01fcbf396b306
SHA256 9e7113b123367d6987cb1bc4173b79371c7c8e4c8f8c38e5641a579d753b0fe2
SHA512 98cdccc45322149385ada4b0c59a71003081af2ff05e2a582c5d3b74f2045915ebfa6b8cde9ca615c51d8d0075413f4c885c30a0362c5a375f9ca6a831c31b7b

C:\Program Files\7-Zip\7-zip32.dll.tmp

MD5 9f25d6f1d1c0a0ed993706d40b516b2b
SHA1 25425f6daf32b6d97b92bd9f1932c540d59bbf1f
SHA256 4ce51215ee62b4f5eed63a8d32c8190212ca5577fc84c12fd994e2c411a8440c
SHA512 ea2f86ffbb7160d57b95c1530e41104197eb497dbf03b9e96a284102230ee24168afcc96381f90d5138a654647889fa572a0eded54d0c5280a2707074df33482

C:\Program Files\7-Zip\7z.dll.tmp

MD5 396913c3fd5a1743ad0c4a55080d70c4
SHA1 60e618793f1726b2d5780c877c7e72c0db67247b
SHA256 63244af485e5974fee65f650a22ea96d14f45f7b17aaaa0ade14060c06e0b793
SHA512 5b5fb8927b93ccf10ca1b72ce702586d033492c2c78a6f4089156e2a80a5f3a5664cf06bf1391ff44337ffb89ca527fa6a04955d3f5d317a62c32c787a33da2f

C:\Program Files\7-Zip\7z.exe

MD5 2a7a68e0b2052bbaa5d6e14758cc3b63
SHA1 a1748fba6197ba56e1348100fd91f365b6de8586
SHA256 2ff0aa5734f37e87cc07fb52dc353c140008b5e124e3881c3b75040d880c8606
SHA512 d1db8967566e7cff4b30db93a5fd4b7562899a088722fe238cafa9a9cb38b411efde5767442fae0c7e8e7372e644a1615f91c1f7965ad7b0d57cd6e9df52c90c

C:\Program Files\7-Zip\7z.sfx.tmp

MD5 8684d5993c84b10348774cc77558b019
SHA1 9b53d7653062ceaa19f69cc5e6b5e604cb3083c4
SHA256 00a8cd6158f04f552b6e769c26109d08d94270e2a70f54ea97b1acea8892206e
SHA512 b60d1cb31df92b0b3d6257c100cce8974652c54a901c8ff90b74b46f66236588d3949ce4bcfc7dd8981e39f5cbe963ccb79708822efb3b77d70b6afb707c76b1

C:\Program Files\7-Zip\7zFM.exe.tmp

MD5 5da0ab96c484cae47e14b740e29e966d
SHA1 4098ac43d79873abf3fff9f8aefd3216abef37c8
SHA256 047a52663e6fd84577b0f4fe17a023cece87c9ca703b181695dcd759e7fcf06f
SHA512 580bea3cc812232c964e0669e8c4a0c5ec30df0e05cb53babaebeb39b7fe122d91810ee6df2b3a99bb81aeb42aec65fc9b7bcd34ac3251d2201cc8768e2b05bb

C:\Program Files\7-Zip\7zG.exe

MD5 4f9ef9fb1c3bb1e8c11059103a70f80f
SHA1 f8a0fd28adc0a402d859caba5190be75160179ec
SHA256 ff712d392f338799961eadb977543c7d1a16830748af33445434130e5dee0e36
SHA512 bf2f47dbf70b89e9d09bd8c7850a1722fccd814698e7b45769c7e110cfbe9a63a703d32a7893d58a1b0f7c161d1358a6bc78c41bc2f02bae9a3e622878c1e2e1

C:\Program Files\7-Zip\History.txt.tmp

MD5 8df5198f318ef83bdcd95a22a51a3feb
SHA1 85fdf257b9168c95da8cff0baa4ab8fe1340a779
SHA256 fdc798fbb9a225bd958f4bee7b36c283b01343c00b5d302a6705385832484a57
SHA512 32808c67db5649fd489b8056f03e930a5fa8d6774f228cc9d44ac4b62b026cf55e1597dea3ba17c8d091f06df72c2535475f90e4960d82c378666e7a12b9a918

C:\Program Files\7-Zip\Lang\af.txt.exe

MD5 bceff7c528861b28f4ece114fbe8b724
SHA1 e4d0458cb60e482e89f4e762b9c1960c8228598f
SHA256 53eaf4fa3c0b66e3014c2923ae655f6e88a4c67c4495109baf31b779df3534f7
SHA512 14b6e848b565a6a7f1b373dd7fec5b65609f840a99036a78baf883d250eb4c72ec6412c12a279829c9310b197165c3127711cd51488746ab43bee8379d437a0d

C:\Program Files\7-Zip\Lang\an.txt.exe

MD5 73e6a77072a314c357eb1185294f3ee2
SHA1 66de86a152a1f934619eafd002fa4179f5fcba49
SHA256 cf0fb83d28701c49d3ff1fc65c03ac8ec8183d2a7ffc601e0cec65ca7165ceb8
SHA512 c3c099b411a0e889d79e29f08bf22a9de2a58c421473cf3909df898a2d83278c073dfa508409c7b42f33bd7969c2b4ea9cce9f9f6be7a2d0582515419eef8b36

C:\Program Files\7-Zip\Lang\ar.txt.exe

MD5 f26fd45bcfcbfc21f8590bd1bacf85ba
SHA1 757ca9a8c13ebe9b70bab2883a14d684bbe48e26
SHA256 ed44bd4a7e57b1b1f238d232402b7654b439dc191f7166d02eed8ab6531e671f
SHA512 873fb1a9883687b947373faf5c1863a12fb456eeed7bbb04c059ecbeab64b3a4810844a823274f758c6faff38faa12ee1ec737e768db9c57e5127e1d535c3a89

C:\Program Files\7-Zip\Lang\br.txt.tmp

MD5 499eadb7877c0a045186f68253dec5e6
SHA1 5b9a444ed82e2537fad0f926f1df9cfa29b24674
SHA256 ca82b1a7da7a5cfd331e38d761f7894ec4308bec8066f46ee16d0255f2205757
SHA512 c9444733f630cbb20266a801c34e72a23ce7b4f440b952dcd8f578b55aba68fc1a0ad470263aed09ffde987fa3f674be9e0d106333495dfc1021eafa74e4d420

C:\Program Files\7-Zip\Lang\co.txt.tmp

MD5 354bc743eb9b42348c261383bb06a4cf
SHA1 9eb4d695651c1dd4062b1053784a2c0242c71768
SHA256 ca115923bd34e0ae9b6dcc65ee3b60094a5133aca5c759250503e7c104abd8a7
SHA512 fc0270a87101b21813c7fa2873595a17208d22abdd17e206fabd39ac48ccebe2f41b97b895c00dfc156c6a71cd822d8beffebbb96c3dcf15e7f752830990d928

C:\Program Files\7-Zip\Lang\cs.txt.tmp

MD5 c9ee50e230f84e931dfea3e1add5571f
SHA1 42244d959667514f1da272cb2e6b1f820ed82f66
SHA256 af43557460f29dbb3a3248a053b1b6325e26c6494bd7f74f41cb3cc4608397e8
SHA512 4d78cdaf6427570a52408b4e02a5ada4dca0d99777a5386dfd34eb0a03cd015ff6effc3e8a51e385ec92c417a3057194db3ef8e9d19cd8505a8f3aea5927089e

C:\Program Files\7-Zip\Lang\cy.txt.tmp

MD5 d2929a53435be30a457d4093f7f30180
SHA1 eee682a9aaa4ea3df89e77ea0a1b2525207d2dec
SHA256 c51978fa37303933c3eea159413f3dcd2bcd12cd4d0d8df8c963eb17cbf1b70d
SHA512 129d000dea7c06b64c05fd6ad4a54a60758fccfb487b69186034f33cb9c9d918536dcdf86ad141cc20ceb6c32ea61c2a4842ed2a29e921ffb3bae96e324036d7

C:\Program Files\7-Zip\Lang\da.txt.tmp

MD5 5c82789d7ceefc48b7bc601ef6ce2363
SHA1 033239af2e26472834388a260289e1c94453ba98
SHA256 9f2a88ecb4de8edd326505789d33a0e464407845fac04f68b5f384138f380119
SHA512 60b6579c8e74f5ec8609b0ffb11b5fb86425572425e3606ee71e1dbc98d8dad8a3320692880008f774ca5da632ef21503ed49b96e63f3025cd5faff88c2d0c39

C:\Program Files\7-Zip\Lang\de.txt.tmp

MD5 cb198dd06a2389af4e501cb45044eb38
SHA1 f381205476249d5776e795b33192c40c78f29cca
SHA256 58bd630f2d7ab22683f711674c05c839903345720f8a2c5aecd01640939741af
SHA512 11920da4a60b50218ee57181cc0ae303303eb960967aee36301f426342d59f58213426a09c216d55a60747d60d7aef0565af2c04a4b9f88d78d2d9a07cde95f3

C:\Program Files\7-Zip\Lang\eo.txt.tmp

MD5 e0cf240e6e1fa5b46c0f82711db0488d
SHA1 93d3491eeea56cc89fe0c135004e435545a8a1e0
SHA256 9276662bd1a0a47ebe81bccc3686d7467fd1e1f8084fdf8bb9f76733b26eb53f
SHA512 3b065b68ff4a5357d4495aaa69b4a417850aa97174ab916e772dc43ee2309cdd21f3ee2599a7ef11e55adeb3f57aebc0d1069ac869a880ee190af55e260fcfe3

C:\Program Files\7-Zip\Lang\es.txt.tmp

MD5 097284f784e5d84225f971db1e272cb5
SHA1 b182a5dba4fe28f9cf7350ef7dccea2516da3677
SHA256 8afed9a3b47256fb6b3ec0d47f177c2f49fafb0f0613d808609800db6b3f01dc
SHA512 1fae41e035ba7d3b938cb1948df3c1f33d40191b6b1743085d56e7b1638250ea467141676c8be7eaf90a0a2e4ec1ee8ef83bc0b3eb6f3251c20743a7b98b31e4

C:\Program Files\7-Zip\Lang\et.txt.tmp

MD5 daa78e1862f85ffbcc23374cc2e88f4f
SHA1 da536c577c21fd91322cf0b0fab71995a6bf57f2
SHA256 d6a05483c7417dc6acda798ad90084f6a9db56ee9baf17690379335858cb09f4
SHA512 3c0229b24e77f7517ca80c40a5f68c4af1e7242b1699c097d87516b6ce3e50cb4ac15b32ee092a4ae9b2fda7f1c9e12491420cc9813805f1c326a3b62f93645e

C:\Program Files\7-Zip\Lang\eu.txt.tmp

MD5 0a085bd74d1b7c22d3994721d09db090
SHA1 5274c7fc23fc6dc1bb3d15e6ce4a3b7d1405f3ee
SHA256 1f2d3873edafca3d535c8fb716ed329e30c8639eebc8f2fe12360defd8c2020e
SHA512 b032738d46ab32fa949882bd5da03e90cba2257788cf3ab6314d7eb9fe356b56772f53a0a5051651494ecaf275c634b89fdb674f7a946a514c36513ff85685ba

C:\Program Files\7-Zip\Lang\fi.txt.tmp

MD5 c74b5e61544f4a360593bec2e16f5dd5
SHA1 8577427d1f8947fbbf2c5eb6fffeb27c30ae3eed
SHA256 420e7fa34a0519b933fae10ef5226eacfc6522337c7ac33a64b06a0b42431992
SHA512 a6aae2fd8f6a3fe613fd81fd0bbd9bd823a49388c5cea011b78bb3793d714eddf379a1e838067d2789f272b1f805fe069ec421ac2a35a7eda4a88d6be3afadc6

C:\Program Files\7-Zip\Lang\fr.txt.tmp

MD5 fbff3b7604126da5dbcca268119a3697
SHA1 fcfacba982aa47d9f5cabd5ec12763a32a8a341b
SHA256 35e6cc96415b065975e6c321efef353b9de949133fc802a646adc2b07b549eaf
SHA512 bdb65e46e15a877a9357428a33c1a590892b12de6fb07c076c94417f8fc1554205de9c2ceddd3d888ffb62b9799acd25e4fe380a736c04b514d20ddda73fa853

C:\Program Files\7-Zip\Lang\ga.txt.tmp

MD5 fc39d2518df6de107a16f0892e64a5bc
SHA1 41c67ab779d3e8d5ff0d862909bf733472af41ac
SHA256 3f53446c47353af82ede6e72e68d7900487b03a391d28918fc2445b6fb72592a
SHA512 859575a095fd2540063dc4ef63b6488e5cc7ffe0acaf07abb0ad11ecde0b4ad075fc600bfbfae75fd6f4f6cfeb5721758931907f84f6b8d9639c776d7b11b20f

C:\Program Files\7-Zip\Lang\gl.txt.tmp

MD5 3d2a6578127276677e45b2344364d252
SHA1 cff1617a40d08d36d652374e6d7494ed54a73907
SHA256 5759289c6bf4b1b28df95c33d57c306663ea2052ebfbf8fb6ec6193e9e8b2c91
SHA512 cd3b804d79dd25b76c2d08b0dabc730c28756216778c62514e9c7f5154848cab26c5f0b3e387d8b02864da9eb328c05845373536ec500af09868846fda11ab57

C:\Program Files\7-Zip\Lang\gu.txt.tmp

MD5 965a6fc96c8a5faac3c2bb95e9e9c68e
SHA1 1cb4589faf31d4ab4da4b72aa4467f7787e6843d
SHA256 a3490caeeced477240785e63b2e71c0d8d140bdf0d8a0fd38c266522cb0fc405
SHA512 c972c89cf8c8fd5ecd63b8db8f7a1ee521f2b2c5c18464dd45866482fcdd06bca28b5aaccea86c35e727db923761f8cd6cd6e7076c9af7ab86fc2c9a4e576513

C:\Program Files\7-Zip\Lang\he.txt.tmp

MD5 d0c85f8eea04d2a12119c63a24f2640d
SHA1 ff142045512f7197ee163ebf994d05f9304ee5b0
SHA256 760839319bd64cdc338975826b1c2f55e313df5a59f220754754b76f44b5582f
SHA512 c04036fe1fc740c703c296a7a2a59d0cd5b1af6d7288b5d0f4fee3e4ecd1b2a56992ffa0b1611d237d4813e53e4e8ce4fbb0ead25de047b33d3827d0a0286c52

C:\Program Files\7-Zip\Lang\hr.txt.tmp

MD5 22eda5bf12c09eac6dcbe5a2cba431f0
SHA1 aae650619fbfaeb9ceeec1b10a8e39742ff9f20b
SHA256 79fbabb1cf95270d76a7faa7d094db0a33477adbed6c1d231d46a77a03fd776d
SHA512 f62ffa8fe93941ed487c8500b585800173f5c9de6ec7da1e5ce61c31e27f061662db804a851ac46cdee7dc21bc6e838a2bb19b392d70af3f8ec51e7c524629e2

C:\Program Files\7-Zip\Lang\hy.txt.tmp

MD5 e7a09a67b3b9e15fe4943199b5a19f56
SHA1 7da90121edb0dbd4a161cff10b4f70f2ea1faa34
SHA256 9dee933a8284a9c7b733bd6fae410ccdd0f99a9caed8e7fdfabd27844c3ab3fb
SHA512 6a9657a26f06d52558e8ab1b53278cfadd34dd13bcff8ed40d805ca30ec87d61b897d745d522ac7f4775a96be3612e213429824f4f65d754eda3e5c5b3ec8fa3

C:\Program Files\7-Zip\Lang\ja.txt.tmp

MD5 7c42ce1c4a72396ce6ab8ad1f0fc312f
SHA1 82b7158b78941eacba3a71824d2a88635cf563f9
SHA256 b47b193605405d4cbe394675ecbc0136c4dcfde52f2e57bde1076500a5e492fc
SHA512 334a36f2480e937b4c8f8999d38f87e47015d829487810cd749a0d8aea485093289d0ff979420b725e0e5c65163bb3f63c5e7137764cdd3b1d0776065ecc3463

C:\Program Files\7-Zip\Lang\ka.txt.tmp

MD5 b5fce69e1ce2fa26612019613e982f34
SHA1 2a542779a7c6c953406351d62fc1b6108762443c
SHA256 3dbbcf58a4e05acb9677a2541c13ead5ebb1d86dcc8e52b0c4c201092fb76c2a
SHA512 a8ba0afa2f0ba48f432198acce3b84fdc93d1ce327fa4e1f28ae80ea59ba23a8c6c24a5079d117fa18735f45a00ea36df526c8446323fcd1451a16d175d6f22d

C:\Program Files\7-Zip\Lang\kk.txt.tmp

MD5 c7f655c0f7d5ab346e26876f810b3539
SHA1 652156f42281868cb5d1a4e4b020efa00c9ff037
SHA256 cbfb4ea1dd7630cced8c1b10b53e73bcdfc27e2728652652225eeb1ba47d58d5
SHA512 8bb16ecd9d5a5151b5e468932ec6bbaed78522ad4897ebcf3111f1508e7083bacda4787501cc3750b45a96ac6c8b2ede94b6231185453178006226309bb4d5f0

C:\Program Files\7-Zip\Lang\ko.txt.tmp

MD5 045dbbbe35945162dd849b9038b65d60
SHA1 cff089a98cbdb5d67877e491d3072d2e3d912c11
SHA256 581bd61848341ed8287f2d53811904b97e4e16579c0212eb12da81a1fbfa1033
SHA512 2ea73fcfb9417f86cb6261e6e21b3010fb774eea0fcb59a26c8b7561b3d65cb4c730944d31ceaf26c725ac6a3913ba171414cbd6e1734858862a09016143277b

C:\Program Files\7-Zip\Lang\ku.txt.tmp

MD5 0b221b3c63507ad9c0771ca3ec4d3f19
SHA1 3ed48873ab1cf0c9591777de25945a35d6d908db
SHA256 b643ba5527dadc237e492df8d50c31927c0be163d999b32d347e7975dd5931d2
SHA512 bb1e0d9bdab3422a0f738081cc2a476168c64dd5e3169562b3625f10195f434395fe17c7c3c31c18fd579f22bb343a5ec2ad531689e9741943de61ba966b61e6

C:\Program Files\7-Zip\Lang\ky.txt.tmp

MD5 0d35e832d66828f3def2c135fe5cc73a
SHA1 d5ddfd9cffbc82bf464631da7b914124fb8e3404
SHA256 fdb75ef1d0d168180f12af209abddd03fd0b8bbe44603effdf3b097e8e30c971
SHA512 05ee488f6c8fbca727f8789011e906da8fdf500960e77a60af82639caf605713a71909c76c5ae39067f2236e9233ab5a76a2d987a54b9cf2680ddb1f7b07f994

C:\Program Files\7-Zip\Lang\lij.txt.tmp

MD5 6f3f0f6e2809a5b383bd64d1bbf7fcaa
SHA1 f8cf507e9ebe0990c79e450de78495a5e1990255
SHA256 c9a0d0c82c64dd4b03ff159fa26a02c67339232c2f2c6ccb67a2631325c65aee
SHA512 a2ee745dcad3e73ba26a67f27fc8c37f61df7d9d1d8f4f74e7dbc89bbb02ae97119091fdd92f538e2d41ac1b295fdc9a5350433115d47ed3db4fb714587851ed

C:\Program Files\7-Zip\Lang\lt.txt.tmp

MD5 5008b84c0d58faf26d171e744cd8c5ff
SHA1 0f931c744d97681a0c10c6fe5d9d1daf03267a4b
SHA256 c97bc86e71fa990051aaeea259e595b511b01424ac66d77e085e40aa4ec426a7
SHA512 4457499a53da308e9d178ea517e70a6e52033f01ecb91a6c54b726948ea7c4e30861c276f63de4945127eac6c8b221a52fda3f8027b89c2cfe1a72fd5f62414b

C:\Program Files\7-Zip\Lang\lv.txt.tmp

MD5 2a135a2f9ccced896b17e5bec76adb7a
SHA1 a220b85b43fbcb753c573bf0ffc538f8c50bacdf
SHA256 510839a1f272186a1600c68b8e5226002cbaccdcdb6b5438964a3073897f4b58
SHA512 b80921f0fe63bc51b9060d58667209c7c5b7cf9a836c22fc694b9f8a85ca7a34b781ddeb8229a174eac1d4e5540688cde98cada32a8038579998190f5744a3e8

C:\Program Files\7-Zip\Lang\mk.txt.tmp

MD5 a352489e0fb7fb849df09e835cef7095
SHA1 ca116ee0a9155fa3e5c030f00e6703691cb15bd5
SHA256 12ccb1d450b12a540fa1ff1fb715a8b7a53ba5ea693022805b672108e852db0a
SHA512 fe514e3a4416b43bd29fe1c1187098c01ac238f5a81a3e3d9224e5fa0457834ba1beb3e7941b0ccaac98c779f0370b8e92bb93c09ce6602a0c1c7d487b3091c2

C:\Program Files\7-Zip\Lang\mn.txt.tmp

MD5 0387cedf92c0518a99cc81bee42014f1
SHA1 7c447e03834e37f93dca7c1e4e084d86f59491e4
SHA256 0b1096401b3be729166dc52449a859eca7a9d1310757bbd237743b109e4f884c
SHA512 b76ef542480b55c7762ca176febc68d3c84e18ea1c86caee230520d3e2705c9f99306c992af19b3c2ab15fbf863ba56e77de7b8ca8cfc9b37c07b0dcbdfa740c

C:\Program Files\7-Zip\Lang\mng.txt.tmp

MD5 236e609558c38a9dbbc6e56b10494e0e
SHA1 7d4771c4c0b372a6c201333f5dde2bb60fa96636
SHA256 bbc2ad5be6727f13424b4fc3a7ea0f8f4dcc3b966246d19f8606b2fcf54525d6
SHA512 92820c1c6576d69c1c9a6f337910fb62bd1a143d1556cf5a6b4dc3a29f32db71b6c0c7fc397933db10fa48e5fc30e831f056e96e46fe3805665c7d354d0693ee

C:\Program Files\7-Zip\Lang\mng.txt.tmp

MD5 7f9fd71825f1c2ac56d0102446cbfbfd
SHA1 986f4f3645e1ad9b7c2d5525d6c49fe0999d9a7e
SHA256 029e0b0b4d7110b025fa5b19ba7c29ee7f08a09b88e9d878455bf7293f4532ff
SHA512 a1f2929cec61ce148e6657d97a29827d5b61bc5693342705c2701327f2f5e3f41c388471254e5c046c79974aa0fbc2576ec2da5c2e536c0c5f5c40bb42ac705e

C:\Program Files\7-Zip\Lang\mr.txt.tmp

MD5 162f0a853685210383bece7a02487db3
SHA1 31d67c867912917f3de32d817a70bfb92d6240e8
SHA256 7c2750affdc578b68355a1e591fcacde2f27554f8fc18579d3e9f3371f0f5fae
SHA512 857bfab47c44a0f0c545d317b101eb82df6b2054b50a78223a5dd6ce3be4a3bb8758a033b0389f40a3d9dd5cbe8ab4c452a43c685c914287e5e688217ef9caf1

C:\Program Files\7-Zip\Lang\nb.txt.tmp

MD5 88dd584042d541e61da96562095b1705
SHA1 505af08a6a276cc31d2170fbe94a0e9c9b644eb4
SHA256 115bed8f9eac2e7a61e74e966accfe19feef979895671c920af062e9b57e5ef6
SHA512 4f8d7f58b82033ef8c1b74abf388ccd8c812ff52109b1c59a9cf175119066cd88c0a606622035196913a4241737dc6989dcfe0ba0502d8446eba3a979781cf51

C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

MD5 ef4404cb35daa001bcaaf38350eb4736
SHA1 a73ee1697b8377d827ab354b93c1db17ff98ec96
SHA256 19fb5c729df515ee983bfee1c69824cd94222ad443ee8c31ebe1e7bfa598f495
SHA512 ffc91228fa7a4bf89ee522e9f942b460b0aa35b336fc1ed79a6e0e999ff6acbf61159d05a953fd5f75b6fc59ffce6447a0806a1b3154d04476a93f197d511831

C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

MD5 a4715f73df81e24cd96918abbc0f539c
SHA1 c14a061257b2fdee930f4440cf5bb9d05a0bb2f3
SHA256 7caea108be0a8f8ab5d6086c1e969b7fabd2f6ee99fff24d2fc9f08d5d7a5c15
SHA512 cf3a2656692ed1b388a5262ab1c2d75f16e0d7f9d6d713e1e933fd20990f95efa13dbfe175892e4cd38119038af1f24505368f3ca07c5d3134b7e8218395c9ce

C:\Program Files\7-Zip\Lang\pt.txt.tmp

MD5 6d7ab007c2009a39aa8b8618b9fe8c5b
SHA1 1fb2c5a7a8d07faf1d573e3f0af3177a8619c43b
SHA256 998c4e2ad639cf253e570ffe3c65bd8917f2a1d0b4cb1e57ea61b93f62f2c9cc
SHA512 05a2509d14c66db877b0b577e90a73595d3914d86874fa4fac59ea49145388c3a26ab5173dc7cf0aa64fb01c529cb3f3930e96034fc859f35297632703a31c6e

C:\Program Files\7-Zip\Lang\ro.txt.tmp

MD5 b245b6fd05cb6339d0f67dc4fbce6473
SHA1 ef2aa21ad933456c2782bd9a6c3cc2d7819841b0
SHA256 87938d9d9dd22eaadc19fcb5e205c24abfe15bdd53d7784e03d4d0278813d6fb
SHA512 d0c2ce12520c5a1fe1575a5de61cdbf9d6c1581b8c54d97bbe78d90639ea2a5da6c96ecf2bae7e5d97ba73352f82867d59b579d9a14bb1dbd1232b00e1cae9d4

C:\Program Files\7-Zip\Lang\sa.txt.tmp

MD5 5ad96aa3179c3aabc97e4e57906736b1
SHA1 9378713537505e8d0219c6d72eb936e155f9d933
SHA256 1f9c158255bf79058af7b225016922d0db6c620712317892d71510a59ce524e2
SHA512 2b0b0a82722798e4597592058f17c0f92c4ed062369bf84b4c165838bc565dee77c3a0704dc9958549a71ed70715c7c7f59602b02de39fd2d232008f6c4a05ff

C:\Program Files\7-Zip\Lang\si.txt.tmp

MD5 8b141c968507e883ed694c927b53c47b
SHA1 1d5ab3bcf269b66d3de872ddb495bbcc33f27e68
SHA256 2d5bec5e20d9dd635c45fdc9c2381cbaa75b70d8f2c33d369d78044857b3c996
SHA512 b919f0d1186605d79e1edc129002c1a20b70f20ae2d141aa665c598ea7ce96ee3e129a681111ff339e3ac1c4962c0d541a2b88b1e9ad3dd6e6c32a228deb2f99

C:\Program Files\7-Zip\Lang\sk.txt.tmp

MD5 3d90a41c5dc4516f3d9dc8a80e3a10e0
SHA1 1fd3ccff7381f4dd8237d184b342f906a73f24d2
SHA256 62d59e190d0b2fc34d4ec85bfb03856e364bafc69f7ddc29fe64a22c33b5d917
SHA512 1b4caa7723b2a5abee46ccf12ada4a3ed0939eb2f0205249ad799474d12c30d70f231e35911f356ede2551d8809a0e03b1c88537190a5f76b889f0210675e1f6

C:\Program Files\7-Zip\Lang\sl.txt.tmp

MD5 1b6e81828ae8c302a33de634cb49779b
SHA1 cafed3efa1f10b24d769f0abaaa4204d5b5e1a7c
SHA256 6d03fe3135f3bd7e0d67ae8e40e5fcf9eac9c9ee67de37c0f7d02d35ce28d09a
SHA512 9607b5a33de737bfc6e3a13484b5be56b868a0a83ebf4cb9b9ba0d6509e4fe458b03e73f9a6cb80290fe173624ff2d652e7df973c106a4e9ea8154a94b8796b4

C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp

MD5 1830cd357bf97bacc5c070c9edfcb712
SHA1 1f3f56ac7aa4411c6d76e38062f96b498d96ce4e
SHA256 179f7a0115711421087c56a9c41020b8c364dd8bbeb1112e5eaebc5b230c5987
SHA512 940b0d59d4554216ba4a9a3a1ffd7ba93abb8a7ca3cb618dcaadaa576acd3a81b42fa403d98f9efcd72c0bf98a76a5a6b84f74c78def818b20ec51505215ce47

C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-pl.xrm-ms.tmp

MD5 11b224f6b16a818f91185bda67e47475
SHA1 9bc0eb04e2daa3812fb335f8ef8fb8c5ed113a6e
SHA256 8324443b1861febcbc845ab57833fc1800c7494531ef3426788c893305775858
SHA512 cdd6af50fcb28cb87a13858e651a7a89bdc5d9421a4db5ca7391c0b29914aa0a0f49b946ff164e0d4a4dd4d634e2db62daab4ef24f67cf5ec3e790b0f146d0fe