Malware Analysis Report

2024-10-18 21:40

Sample ID 240612-nyy57sxcml
Target 37f28eab57ded4512139362c8ec6be20_NeikiAnalytics.exe
SHA256 b8058c5c60fdd6921d59e01ea91473fe0ca2cc011bca99b3137c8ab2a7d27f87
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

b8058c5c60fdd6921d59e01ea91473fe0ca2cc011bca99b3137c8ab2a7d27f87

Threat Level: Likely malicious

The file 37f28eab57ded4512139362c8ec6be20_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5099) files with added filename extension

Renames multiple (4441) files with added filename extension

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Drops file in Program Files directory

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 11:49

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 11:48

Reported

2024-06-12 11:51

Platform

win7-20240221-en

Max time kernel

148s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\37f28eab57ded4512139362c8ec6be20_NeikiAnalytics.exe"

Signatures

Renames multiple (4441) files with added filename extension

ransomware

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
N/A N/A C:\Windows\SysWOW64\Zombie.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\37f28eab57ded4512139362c8ec6be20_NeikiAnalytics.exe N/A
File created C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\37f28eab57ded4512139362c8ec6be20_NeikiAnalytics.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.properties.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libglwin32_plugin.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\gadget.xml.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Tongatapu.exe.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgradient_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Full.png.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\47.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.annotation_1.2.0.v201401042248.jar.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sendopts.xml.exe.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\HST10.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffffff_256x240.png.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\js\cpu.js.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\7-Zip\Lang\uk.txt.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7.png.exe.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\Office14\ONLNTCOMLIB.DLL.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libnormvol_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.exe.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.exe.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Windows Media Player\Skins\Revert.wmz.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Windows Photo Viewer\fr-FR\ImagingDevices.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\cpu.html.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Boise.exe.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.exe.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_realrtsp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST5EDT.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Karachi.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Games\Chess\de-DE\Chess.exe.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Mozilla Firefox\defaults\pref\autoconfig.js.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\37f28eab57ded4512139362c8ec6be20_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\37f28eab57ded4512139362c8ec6be20_NeikiAnalytics.exe"

C:\Windows\SysWOW64\Zombie.exe

"C:\Windows\system32\Zombie.exe"

C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe

"_04 - Downloads.lnk.exe"

Network

N/A

Files

\Windows\SysWOW64\Zombie.exe

MD5 7cc55c3f8d73ae125a98be35a4844cb0
SHA1 be442d7b51a4eb0697fb14fa055cf92b3c541650
SHA256 2a975b600c27a2f6d0d9ebf7cc09a4257b5c221adb4faf0384a9ad561b4b06d8
SHA512 8f5c82dd2e9aa7a6ef6a1c1890d5f912b4292b5ca289fcd93d44f76e23bee8ca675ef05a5b010c30c6e50668f76be1e4523117f2bdb84f3ea4e94c4c8f5390d4

\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe

MD5 3f12f20784f7c2a9c492a810f2072a44
SHA1 28e235b58c81581556ce39fb8c6fcacd0cfc0bdd
SHA256 87293db5e3919bd27fec171d5abcbbe27a7c0bc4ca22d93da8cdc2898562ebb3
SHA512 1c630e02e0d7d8864f698725de11382b8975a5213a15076e04d7b2bdce13021ccaa1e6138281018b02580c954cb5219e03e79c0d7529a04f79d6e08bd9c64e13

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

MD5 4d6b595af30307a258d7a149821386d0
SHA1 5250f0447f6329772a4582445bbe9684b494822d
SHA256 6ab5c4007518879cbb8bdd9c17b961c66db044f14ec244854d63f011ddf4330e
SHA512 4c1f0c17c9dfdbb98629836e690a73607a28037addb06864e64aaf2e3b830cdd5ceab3e23028f60d0580024e45c00d2bd4c39583fdbf9f87227298315b2fc900

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.msi.tmp

MD5 55f2d019a8a41f1a44a0e933bafdad8e
SHA1 0022d71663dba4a4d8a04ab5800038166fcf4cba
SHA256 7413c7d97ea642e37378e9630743bfe731e015a8b106b484fac3bbd2867bf008
SHA512 1862e21bcee8748a3bf4151c260e24fc44c8adc85c7922e2cd91ea518c4cff85fc1590dcbcfbd04ad9d13b560d81096adb0963742f21d2edcd2693fb0ca028d7

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe

MD5 42d804eec6d5d2829bcf42a4ce9222e4
SHA1 41b66c4e0758e2ee9cf566522ae43871110452a7
SHA256 4ddc6e69c05fa2d882ccd1d8cebcb3c33279f87924744efbc58c60e68b846966
SHA512 e4f5c039f9b671f06ac0c2499e6688760850a69c041cd1a7ae0a4ae773dc452a6eb64543d8eece7b7dbc11500259a9948a97d0043aeaa774311f6c5a74c8d93f

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll.tmp

MD5 9acd32b323e09b0d2b2241c065ea29a7
SHA1 807f85ce4e735033b0bfad3bee93c38432345621
SHA256 5db52a17fd7720d7a60e0f5feef88c1b2ba54a113ebb07b9d3fcd049ca1f81f8
SHA512 cd1cbea306ed0b43d261adc92b79184822903e80f0cc31fcc824d4d0df9e97a5a84e0ce9c9efb7aa78fd72beb2797c1e160cd00897d6cbb1bb2c9eafc0496e63

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab.tmp

MD5 b8ae40640b7cecb1ecdfd66ab5be3a25
SHA1 a6942c756e604f50664527a5ac74aa5c10843d2c
SHA256 ff596b737d8ee86601c0a6d22bbaee37cd08fdceeaa7d0e41b8a78e872f9601c
SHA512 7343421d4935a42bf4551912f8c9bc70275e63e10fe1d04a82ef103f7ff69f07ff1423fd19af3f28941c5cb8ad424c2a1eef36eaa383dc051b480ecf25dd4a3e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.msi.tmp

MD5 cefdab03c8c778e8679c1340eb741bdc
SHA1 61354f9eb5560280c9dce6ddc48f64b04428f9dd
SHA256 64873cf725a0b7740e9c13abceb4640f58f54b6d1a852837a6071f0cc49dad49
SHA512 b42382a74cd4df2d05890087d3edf64a5ee727c756b02837728c67e242c18b5b3c132aadcc3f5611d44eb20c599c3aa6deda7bab10d549f3ea5ad66981d81669

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe

MD5 5fcdccf829d5cb40599f98ddbdc357e8
SHA1 ff73a6b18150dd50990527d06c53deca947803d2
SHA256 3e5973358d182d81644efa774b51af9c44c7aeb5ac867da5fa1f50477a0b2ba4
SHA512 afe471e2b1299e4d4043d82823f219570be3dcaecb9e584efb9f746749c184276727502a258f7bd65ee41ee32db92c0ed2f57dafbfb05589e36eab495fbcb330

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab.tmp

MD5 6ab2c677092e87b32c222cee5c815344
SHA1 965bfdbcac547f38a7281a343a3a630e0319843d
SHA256 76daa5fd0af81d88b95f701e8e7286d3d7c4cc75af4f378b2976c41eece4321b
SHA512 4e0f8989fa3f2ed16d72732fddfdc8e1b370b11ef31827dbe030d8a6aa108f7c74a207fb59aa0e78336468bb8e61a3e6d01a9c1a1b8335abf9bc2589427c4fa7

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.msi.exe

MD5 7f2344109a4396189df326ec9d7e11b5
SHA1 6ecb5bbd9ec80211765a2125c020a48adf39e217
SHA256 4161f7609b7494b5a627778c0c371dfc9f8a938bd8dc01861bcff2a5046317e1
SHA512 527993eb4ad6e3e8a53442e67e3615c67ab5d26916805f0f94bae11b692d358d0d74b56482537885492db0f2306eb6dbce857e48bd39ef22f5be77e934364b05

C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.xml.exe

MD5 5025e8e6c7ed5e344ce77e7b062365dc
SHA1 a1a5a5d8275d2c3d61ccfa9a45b81ede1af3cf95
SHA256 38cf7d0ad15453be0999e945d18a1674e364434423686b7b597d7a78a3d5608a
SHA512 bd931ac3f9fb99bb16ee8230ec0375fb5ae4a7badfe19dd3329839713ba4f6121cf3e6759c188a88d26284700de3ad9d0bfeef651227824a51cda1a3565fb803

C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.msi.exe

MD5 8efbbf987dd5d0a189c485af6d96ce44
SHA1 9109f59f42459570f3c31becc193e7f3973180f2
SHA256 f74ef829b771689a18f2b72143ba4559ca0fc2d7652f25150f422acbd1826309
SHA512 1f34f47e845300234b1c4a0c2ccaf96994d4234908cbf2a48c2a7d98430951bd4762dcbeaddc426019e996d570b781c496de5250a68da31446e7375a6d8cea1d

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\Setup.xml.exe

MD5 920fbbc25b599a339e742cf0782bd201
SHA1 e9ab65e7a7c1bda86ed355d2f13732c7c7e5b5a0
SHA256 cf0a077222b917d65b4791e26ce78fb539789c9b22ce337c27f1f25642845842
SHA512 238bbec2057ca8df5828d540ca41e0ec933455139c89d8d255e7346451ab95b3674609c5eeb3802d5c1707c5118f46922e59111faa1f4681f76b856dad7cf7f2

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.xml.exe

MD5 f90b35bed31f0c260a797a1c40e5b4f6
SHA1 a0fac1483a9f10c22134f07b371533f5a2f40f26
SHA256 f002c52eb1456ab55ef437818660988ef71920465b2f7c7bddbe9b64255e743a
SHA512 a7cd0c9fa04708aa534e69bb21f654982bdaa2471a1e943bc018cd02254ddebf53f719bd0b745645e33f7168c5034e7fd1669abadd1949db97fd0f5e15dac965

C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab.tmp

MD5 1279d2c126a7d43461e63bc7f221003a
SHA1 fb9e758306d9cc43a437e591efeb84ce23955c54
SHA256 f3fbbc3edba14215f11550708811010c8c03aa49c5d370cd2c02fb91b6f483ad
SHA512 9fec58f78f3f17a8df99594566a0695dee2e513da7f77dc3e38577782832287d9366469f0a3f9a05bed29faf6b13ed2879e7a932f208fad74faa3eebbb52b225

C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

MD5 d981983def44b015b1b870552617681d
SHA1 d67b395993b71ce5337e2d54f631228f235f6276
SHA256 573ec5fdd1e816b441e1f16faae4735a3168419a737c0aa3d8e65b7a978c4901
SHA512 bb6f27f8cb3b9b918dc29c6b417c17ce87a5e0e363527624ca109ff14321c6ca1fec13bff28bc214a71d75eba9fb33e7e7bf3e29e15dd4a054510922f8a320ab

C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab.tmp

MD5 f5f8a639b7cb5524cc5f7fdbbf781d56
SHA1 9ad6bfde1a6cba3a6186a9fb5fe941659ed73350
SHA256 b345fe2bca44f6abd0f31974506685e3877699067945a24ec73f2a797c6edc22
SHA512 0ccd6d8674d797573178f4e651deb2c37205cadbe304de7ecfe1de510abdbd3c47a35a48bdd354cab2758879a28fb75044c72fd27d6eaa37747b5c00f16b9c82

C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlookMUI.msi.tmp

MD5 f88d3c427c8188e409c0f9eba95e4836
SHA1 56038444014d5bd4ff0504543322a26e41ba310c
SHA256 44e933e441ac8a0c6080ca0b2bbe74a3207d5477cb5f57f05f7b33582a3ea58d
SHA512 269e7af3272abe3b30e4b3ab19c9234e47bea40cdf2b7b08b859dab09cff3c41bae4842f0aba3493962f7a1d899848cac7bb2dd42947d831ad044cdf42987f34

C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\Setup.xml.exe

MD5 06c9b131e934d2f4e34bacd164707306
SHA1 0a2fee79fbd76b152b18038f844517904b130dbb
SHA256 6ba28d7214821e73a54b712db1b3cbdfc7763022a5888ef7c3854d89f309f4dd
SHA512 4d1f4ed25238b0fc3bc58d72b4bd8560dd7be1b1c3315ef3fb560e9e1fee4a55f501dd311df5090a3402f3dd0c85bd3027842391d35f634cc6156a6b84dd89b3

C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordMUI.msi.tmp

MD5 e1744899391f8dd430abb68f4ec4aff3
SHA1 a67fb143c084e070c9275054ee9eae45f0c84548
SHA256 255122c1bacfee05866c49ba4a42f0d26f2d16a0b4977d2857ca8212eddc67b7
SHA512 9c99ce466dfcbca728d0350be5d6ac0d7ffb07e47813d64d55ec15a1c68e2f12e6c12f1c85b7ebcd4efeb4923c4b6379dd3c4ff6707a0cf0315b8aea16c50a9a

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.cab.tmp

MD5 ceabee7fce8b5d63c8a44d013471fcb8
SHA1 e444c080cc208606f4c07cf93349be80449e7689
SHA256 5b5143f3d0cb162175ade40c3310b2711cbb6eb564f0e0b0eed4c4b9d72c4ada
SHA512 d7b1519f4a18a1edcb81fb702636ee7cf18bb4e736934440a91c28a969eafdd168c56a375aea33c261196bff7e25d80f18ea03777d94a8f879f8d55ac7117b91

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.msi.tmp

MD5 d512b051b6f05ba1ff3dc607b95184c2
SHA1 b243921d50dd37ec73c8e24c32be6fcb911d46e5
SHA256 9cb4b4fbbb27e38beb38c624aea69e35361c11af0a8e34ba38760cfcd15b686e
SHA512 5a4696634badb805b1d725e6cc8fbfb16dac84891d84e20b39b593179712c7a356d4169417b43a6d76d819102dff622471d3f5fff11c90aad9db6dc27ac69bb6

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.cab.tmp

MD5 f1d3f8b4a5aa628f8eaf680fd8d0105a
SHA1 38a5f123ef6186a36962b7a3df85c1855103381c
SHA256 0fba6df8499fcfc4d9f6bfd94653170e902e0d2add146f8b4ec229155d1caad9
SHA512 39d7338cbdc6309de73596eb7e62a6bde7dd7b3aad5a6cab590c8e712e9b06369444cffe6d45bd270cff4c64179e284e749a617ee2f64cd322e3b6ff4e03e520

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.cab.tmp

MD5 9a007d7d86544d0157a44598bc37340b
SHA1 719ef11521081eaaff4b30903b64c0358625feb8
SHA256 ff9e66f3c910fd65d34635f9ad7d8796626a9a6288d3ff60b8747446ffbe2b8f
SHA512 86863f3b98e0b8edfbfed30d5eaadb2e94152dfa48da12508947ac49d21e2ba6e919a7c5aca09766bc174c777e0931ec0616dc46842ad44d8dea0ce225077c20

C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfLR.cab.exe

MD5 f3d88401e85a90f565808490a653dd70
SHA1 18ba28bd65a69e7bb1a6b08f06c3d416b176e0ce
SHA256 8e0bdf2f9d71d6421e054cd1df2ab5dda53861e6007a19a1e4db5aa0c20348e9
SHA512 e01632d5400071e71c664704da2d70a86afe3ca3650d7ae8e62dfb9bbf96af57d0c515bd020b9f2e3b5bb3952feac28198b16a0ab5223d2603d9dd83cfb167ed

C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfoPathMUI.msi.tmp

MD5 3236dea536e1b97eed999f18f16d3ec8
SHA1 7f60b031db162de1514116a2ab79c53ee7dc9560
SHA256 8dd23cf6ec8c112288b92a6769441eeb367da31fe1bd2421ca491fb35674f655
SHA512 6df0cc6fd6412e54ef7cd8ee496cb09ad544a2d1f19e2772d589a39a5137ef6a843a3dff34d7c8e1318c22cd33f36e820446a8462152c38e25dd756306e09636

C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OnoteLR.cab.tmp

MD5 a4ccdeb3409f62aaec03b594c5ad5454
SHA1 46f19d3876a0ababb5c3038bf1909b75f9d77dc6
SHA256 d9ceed2d8af69e42c1faa6488840fd131a9007196dfeac1820630b237e048a44
SHA512 2bb6c6795dd56c5dfff90b458281eb673e096282d0240a1dbd5b63c46efc952542a3c28e2896dffdc4b2db39e15cde005cf71ef2419ba9029b26a259a759eb99

C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveLR.cab.exe

MD5 af2dbfcb6613c701ac8265a150860bab
SHA1 966b416ec41bd95326d1e00e41d2ee9898770b6a
SHA256 b9a7096164ca1e17caae6828456c44537e375b986e66086979dfedce23eadcb5
SHA512 0f50541eecc9b2563ab965d64ac1e65425fb2782b77169ca22d21e9a5ba76b2545f4f53966715aeeccff49d394cd5e1fd81f50f85a2b19d09257eb7dd56113bd

C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveMUI.msi.tmp

MD5 8717be6686ad7e6b85737d72a74e0489
SHA1 1822094f33b05db0d10307a9c35d5fe7f55d0c5c
SHA256 32f6b42452d275eeac5447b8b26deb274e2ef70f3c8170e6f2c830550a67dc78
SHA512 cb2c0a823edb47963d4b6b0cfaa9329548a90499dac19aa91d6479f23ed1dfebcbbe5a18f2efc7025dcc11502426cce922de3a18ccc95b24d6c06fa1d8bf2301

C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

MD5 2d03842bf7dd7a87e8070c3a270df8b0
SHA1 248bb0cc71ef562795a0687650fbd8ab89b12061
SHA256 eaab582024d09bfb9dcb3a417ef08c0bad7e7870688a069427e6016f7276315f
SHA512 7c30ddd3259a0d6758b9ca515c768f3abc2ec4590e17e87a3c091ffd75b42cb9d17263bb05f933e45fbfb59c833425a8024adebe31dbae929f6ef8225cecb59f

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\1033\dwintl20.dll.tmp

MD5 fe4573258894ad2f8fef9c301cdc8400
SHA1 2d5e867645c90b562aec49da311ebeef88866f51
SHA256 606098d243fd884554dbf9702b95a3346802e77c11539db2a6f7bb717aa7c490
SHA512 2cea0b9b9625b044282e46007554bc9195f6d04f52543aef107dc4cc3dd5542d6f853cd5d787bd25461e4ebd9d712eb0e8f80820a6abca4431f1c2247925f4b6

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\1033\dwintl20.dll.tmp

MD5 bb6a93f1f340e436ba61f2c05d08ad81
SHA1 e2b85991d2ce6aa7ce57d5805b41ed9253d8c417
SHA256 27cb11096579e7c2983d6937ec8f74468c621a8c8b9c69c4c49b817ed0188aab
SHA512 e7efcfe5ca76ff829ede70730db3d40193363c3e3366b6faa6b632fcecdd624c2e59cff9934d79e275fee9c223f60cd2467437bae89084a549157ff61aa789f7

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\branding.xml.tmp

MD5 86e5c0f99861778bd37c74898b0d76fe
SHA1 cc672288a5c401c0ce3e08d27f764565da832624
SHA256 e94c31ce5fd4d5d0bf2ba0e8aabbdb78b46dea39e192c1415e1cefa3416dd681
SHA512 864c3617a2ddbfa4346fe84baef97e47aec0e429a57bb7c66c766160c1b53c92339d907e0e3d26f37935ff2c25f36c85718f278e55402b72c3c955a57c109119

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE.tmp

MD5 7aa23e5bd11b75da95f002c2bbc0bb19
SHA1 ca7e99e2ae9ac151ed9606119e0c7f2aaae132e9
SHA256 2148dc605c19f776370808b7fdcffbf7a7b00e28a6d6f0a208a60f02989b5680
SHA512 677932b7be4f71f1602b1a4cc4042b704d384ce30513a95d5a1eb985f731e2c598a73eef1f1f6649f1cd3b53d2e9e4bf39951ae68ceae491611d1351fd357ab0

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwdcw20.dll.tmp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe.tmp

MD5 16501b3a30e9f13fd1fb9aea04ed1b09
SHA1 81c1bbeea7fd88229b3cfd1e5eae2f912c7c4f54
SHA256 07f6a03a017adbba4338ef681a556d34a44e3f71a9fdc173be406e826d60aa65
SHA512 3a3f1f7cdc8efa1ef34ad51ed1d7562b85f9c15920ccda66c749e01edca4c72a5ca8652c1923b14893e7b29aea7c5767edd7de39aef9a1ea76a680bcaa573e18

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest.tmp

MD5 6a6a00b5070fc36344125ccfa7ef46a1
SHA1 7c9971216b1dd6857976369197fd89fad72e9621
SHA256 d0f67b46ce3775aa3a7ef9c52f8be5732373ad95ec34ca2f246eefd97908c383
SHA512 a538a3ca66e45f7b4775a2c75a81dbb4a12f902923ee7ff6a7353e7281ac827b0ab3d585e798ee524c195496a675d123f1249eb953ca432a154703a5b31a20b2

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\msvcr90.dll.tmp

MD5 3f83c411509f2d8bff78643639eb8c73
SHA1 be2cd35553f8ca3073a88fe5201ce473309dc1a1
SHA256 fbcfc3e3baba8e5aa41d5317ff94399de5d8b418c22f9f8ad13304dcc6275ac8
SHA512 f7536514424d0c8d44fd8820e3e81a1a47b9cc56ee3baa53a9864f76d25386cd81b0b05d71d34df57a5237bad59d23d3b7f1fc599cbf5e512789e78956652cab

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeLR.cab.tmp

MD5 2904cfd3a927205c65697111b82bc234
SHA1 708e76acee51e4641a1c86ddd809b7041da82095
SHA256 5e0799734fa907d1030413bde4c2c93060e776bb7b13187d0bbd8d1ba4d07cec
SHA512 9cee194680085b4ff5d7a2024597e07b28f64eecd14cbc9fea05de94ec34e9c3dafd55bdb5a04aedd27b75e1879f9c1059d0012d8a440fc26494fd1e3138df83

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.msi.tmp

MD5 b9c6748f2c7a7c942cb0484c829a5d5e
SHA1 78bc2ff1f4ce276579fa0991e2e590bc40306664
SHA256 1e01b2a659387b0d15213ba8b35e726b2d1515233c87326196b8b5ba7f8aae33
SHA512 b5275f82c28c34d3c460d80511f5ad98e40199612f8a637d0077d19e4eaabdefdf9e5fcdffdd5545861a81a0486d424ea849df57f589442f0f8f2d250fe87a68

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.xml.tmp

MD5 fa794bbc43998faa4989b81d33a07bb7
SHA1 8bf616213e8bc11f81d16326a613fe9bd7785ba9
SHA256 122d0d3d3aeb19d382ce6446c375a31c59a66ac9d255a832fae50fa5f177d57c
SHA512 97033d3ffdb055a6d5c262b57619c2daaa5f512779edd4fd4200bf35737f47745f0b7510bc31a7bc9c58b04274e0d56ef35a39ef65b50de5c6d49764d180484a

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUISet.msi.tmp

MD5 368a6e74d3a52ea9bce7c860f820079a
SHA1 6f08e84250a25a5accbc4ca3d4c9e87c6ea98463
SHA256 922c8110f165449558e73800b1aaaa65f02df3cbaad00744578b6a7c6a9e3caa
SHA512 cc93e82e0062076a713476d340eb0371de063917aaa46ce88d1eb69ef5e91292158bc5eec452e95e37818ce36d79ff3c036de6db5d8769c13b1170606ab64636

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUISet.xml.tmp

MD5 ab95797c50c5a8687da0326d8bfbccf8
SHA1 8b33a651cf0dfcb21d88939e992c9c5e9f7c0280
SHA256 159211446571e08c64dbc32df833caff2f5a44b0a4f4e4e683b31270406a6553
SHA512 7201a7f7cd00c1750f93fd0ef712121198df1fa96dc49239e23a26d9967037aba2ca58ea4ce337245cff63d1f2125959a2b40123927a13dca5e7472d8c05cf90

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\pss10r.chm.tmp

MD5 0e6225d55598a4704368612ed05e69e2
SHA1 ee180bfc7830c35b16e5d14e0e167cdd7700ff0b
SHA256 daa531e3efc5a3eb2e2f8738089e771f8eb6ed385704ef2de868e7e636be4011
SHA512 74b4f028aaf5409863fb895d9f29b47532bdefe00509731306f825d2d09498ef6b577c2719f2fc03514bd00742ac026d208376aa8d98f54f0861c43fa1626765

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\setup.chm.tmp

MD5 dc3990db54d08b85b313ba18ec9b6583
SHA1 5b7786aa97a536fa29a39dbe742174f8f9a632bc
SHA256 d4512212e9c8f189d416d53ec55566a1a47ad42c4ee1ceb2c77ae606f01cf816
SHA512 fbfcac59431e5f7c0d0709e19c67c67907ce76307d1c44cfaa21efe0e77deeb0f0c599779c01748df22976ab10bd0ca1a6791af59dbff4bef7c4497bc474af88

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

MD5 17b4ab38df5f17a85ec50ae2396ecbcd
SHA1 edecdb001acda71a131d90333c8e00b40c599512
SHA256 61b823bfabcc5babc44b1da84c2f0e138bd44971bc11d12895fd0a568a662935
SHA512 63a4c665b52bef079d24d3f14f80fa8b87bd77972334809ff5defdd6e8c005f2947980be829db8ee72505c58049176e78a3e54a8105985f6831d67eff2912220

C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUI.msi.tmp

MD5 9809ce7bac86592b61968747c91822b9
SHA1 8eedb7a76f0c4cafd1e8142862dde2537a58612d
SHA256 298ff8a6bb6b1842f29e73d06cf7803470f1580b723a0a03c469039bdcc16b7b
SHA512 7ed427d908433bdd14d7375d6927aa8cb0b96cd63ef70c300d67b09249b51b4d8407e93944b08ee8542a791728f542bf123e2b07cb3c61864bea4c49ba9415ac

C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUI.xml.tmp

MD5 60d369de1554961beeaab81e57de43f6
SHA1 f40cfb756da25af8b93d80da6a9d98618da8c28b
SHA256 25ed7d0ec57ecfe2c88eb4279ab147e0d5dcd394fcf9134e7bfefb7b583fd8a7
SHA512 997bbd22ab5de1bd3b25e4bd1f826431173b7db0009ec26fb7e7b97e26863416f147c6650e09bbfc31464dd8a9bb0f12a8e382f68ea3c7b5901d6536869e5d89

C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUISet.msi.tmp

MD5 3fccfa0f96eba8ec886b6be99f8ae206
SHA1 2d1d7d301c9692c29dbcd436a3251700d1748b1a
SHA256 b4b5551f2e88f5b5d427b35d5ff54b76eddd11c7310e6f3049b4d9d735a80da4
SHA512 ff50222dc6baef438963cd872c719f4aa5bd48faa818de958beb99a14a37faed4228c184ee1f220cbcaf1179d08288fe062eaf19e8f623fba0d8988f7c62e066

C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\OWOW64LR.cab.tmp

MD5 7c3f5ff5beefb8bf8a73b1b1566d2794
SHA1 c15aba78880d891c91f7814fe601c24e6e5f3436
SHA256 30191185ccf09ca3e4d6ec497793f93171d63416070dd63806dafea57e0dd6c9
SHA512 8a507b41621d1d9fab13cbdfa65ef8b0ec2db387e4da86ac5d51cdd6c707c7895eb67c8516364b922cbf0c83de37c903d5977075c582f7dbdf3d2a8f2464cc8b

C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi.tmp

MD5 9ec4b75986aae7b57c8d4d7bea4a4975
SHA1 b5f095f72e2cda0c82e38539d321f493c5822562
SHA256 ccf4e95d441a4989c9bbb7e0d8ee9ab59a651472e3a711a6f7e865ae1047ac19
SHA512 9242f7bb50c179ee847724fd4aff9a977b35bbc70bd1228b801ef1e95042cafd4226ae1232e5a23c3e95176d7551e612e4c8c8bb51b352e36181d1a40e5725df

C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\AccLR.cab.tmp

MD5 dc07e1b1debf51d229605e40745a977b
SHA1 942b3e8aae9d018016f2f5d170104533516a0bd7
SHA256 ab4144afa2995c448c150ff44d94df7f65d7d5e54a242188bc1d59a0575beea3
SHA512 e5e91edeb8f101fb2fa6f05f379bbe273b88add5128cbb9bd049a6249f2ab0eaaaa5845458f982131e0ed3b2d88a9fcc1d2f93f825efc2ecd48bff4b84496e2c

C:\Program Files\7-Zip\7-zip.chm.exe

MD5 6c66fc4663fdcee5e70771db7ffbb137
SHA1 8e7cef85dced75d22bdad75b73c499d08bc71eb9
SHA256 de941b6ceda21974d71f6c25752282000b84acce5180df9c80e30356a89f77fd
SHA512 e720121d6d1e745eab92ead28f64bb91544bc0595f98177694b9758aa15b3b7b906392956259e159b45ab1694a115b0aead67c5d79e815e3e265485b0b1c9beb

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 11:48

Reported

2024-06-12 11:51

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\37f28eab57ded4512139362c8ec6be20_NeikiAnalytics.exe"

Signatures

Renames multiple (5099) files with added filename extension

ransomware

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\Zombie.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\37f28eab57ded4512139362c8ec6be20_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\37f28eab57ded4512139362c8ec6be20_NeikiAnalytics.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsFormsIntegration.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.AccessControl.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-2-0.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationProvider.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.FileSystem.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000009\FA000000009.exe.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL022.XML.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationUI.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Buffers.dll.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11wrapper.md.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_M365_eula.txt.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clretwrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.Messages.dll.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javafx_font.dll.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Csp.dll.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\InputPersonalization.exe.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationProvider.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-ul-oob.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\OFFSYMB.TTF.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN096.XML.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.DirectoryServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-140.png.exe.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\7-Zip\Lang\vi.txt.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_F_COL.HXK.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f4\FA000000005.exe.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\nacl_irt_x86_64.nexe.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\charsets.jar.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL048.XML.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Primitives.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\MSIPC\hr\msipc.dll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Windows\SysWOW64\Zombie.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\37f28eab57ded4512139362c8ec6be20_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\37f28eab57ded4512139362c8ec6be20_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe

"_04 - Downloads.lnk.exe"

C:\Windows\SysWOW64\Zombie.exe

"C:\Windows\system32\Zombie.exe"

Network

Files

C:\Users\Admin\AppData\Local\Temp\_04 - Downloads.lnk.exe

MD5 3f12f20784f7c2a9c492a810f2072a44
SHA1 28e235b58c81581556ce39fb8c6fcacd0cfc0bdd
SHA256 87293db5e3919bd27fec171d5abcbbe27a7c0bc4ca22d93da8cdc2898562ebb3
SHA512 1c630e02e0d7d8864f698725de11382b8975a5213a15076e04d7b2bdce13021ccaa1e6138281018b02580c954cb5219e03e79c0d7529a04f79d6e08bd9c64e13

C:\Windows\SysWOW64\Zombie.exe

MD5 7cc55c3f8d73ae125a98be35a4844cb0
SHA1 be442d7b51a4eb0697fb14fa055cf92b3c541650
SHA256 2a975b600c27a2f6d0d9ebf7cc09a4257b5c221adb4faf0384a9ad561b4b06d8
SHA512 8f5c82dd2e9aa7a6ef6a1c1890d5f912b4292b5ca289fcd93d44f76e23bee8ca675ef05a5b010c30c6e50668f76be1e4523117f2bdb84f3ea4e94c4c8f5390d4

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

MD5 cdb5e829f6234b36675b42a332a7b71c
SHA1 6726528c88692866b46aeb1aabc182f7ef549192
SHA256 82c47678f7b62d0504bc985f487901cfe76af143fad2bd4c395b5d698aee5ff7
SHA512 2bdee9045105327e52a1d7e1adaeee4ed4fdd20a6bb84233b15b59c581200989e0fdb27e903d941e86c5d96631d778bd07673e69f93074eec38b39f19cf69018

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.exe.tmp

MD5 7fd6678a5219c57be3782673e578a472
SHA1 c2dd7a2bec1db188f9666faa69962d8e076fa06a
SHA256 4a18e17bbdb4274a3ae74b52e499bc505f18758eae6e878e0de8d2f1e819b790
SHA512 e8737abbafd7c0eee9a834cd053b38fb87cb8e69ef0d5760a94a23bf6aaccbb52ced1616399ece7f141e38e1a225cb19ff6ce6f60a612289280e1b3348029901

C:\Program Files\7-Zip\7-zip.chm.exe

MD5 265b804909c78069b9f0db044feaacf0
SHA1 894be2144c8b2d119ac4ef71d670436a64b569a4
SHA256 c432c34c1a4efd57e0a5e6ade32fc24dc8efa3e4ee031964511d75b56d159260
SHA512 018932ba586a69bd49ea6e7067fba6805c238287f54487821b46deb1adb1e604d516efa2f8a3eb88972d1a03f75dd5209615c5f6889ed0451f59775f0ecf97ca

C:\Program Files\7-Zip\7-zip.dll.exe

MD5 195567c1769ecfcd17e68ef7661ad0d7
SHA1 a8dca8bee8fced393ebb824e9965a8c9543b3f45
SHA256 d93f0847e690f72e7343e3398bfb7518f24bf406c31f1fbfe7f82882a9f8fb44
SHA512 cdc2716aa0cd7f213701da21522c973338c87380ddee6edc84abc7a624fab5c785642b62c8c9bd97b5eab8d977433e4f2b6f1e560dfcb1bcd3050f58b863e99e

C:\Program Files\7-Zip\7-zip32.dll.exe

MD5 bc1027211d7a5838e745b5f73263b3f7
SHA1 c465d19a3a7bde25f84fffe8377ad92be69d4c84
SHA256 6e8c12f15df7731b46b15c529a79dc86a89ec4d426f9538ffaf2511494add770
SHA512 6d5a106ffe986a50a571b2000a397ccccc2ee1ab70197717467e05814bb56c331e7e2f2354a77cec6391ef690239ae38d40b83939a62f2c3484d6ef7c4bfd295

C:\Program Files\7-Zip\7z.dll.tmp

MD5 011e6e7ba3590a4704ed4de0252f73f8
SHA1 50e618eeb5896327fdf12d09548fbbe36f8edb56
SHA256 376cef490331b93cdbebf56fdeb91d88b06b2f13bbb8d01798f00ce3d0d3d1f7
SHA512 d109a563c8bc038e90cfdd523cb3b682a034c7fcc7d0d7085594b7785e79cbe95d19b7437a939dccf8cdad314980758e795bb4d97f29709c5d844067dbc96ae6

C:\Program Files\7-Zip\7z.exe

MD5 5d771e4112671a0a5c684e2206974162
SHA1 87e3e75c220ac4b0de667c1748200bf5be1502ba
SHA256 70d2ddaf83d10822ffd11bc243b9b5ebcfecf6609658692b7abcb8ff5c92cf19
SHA512 464a9b4603d39a81434a61904050c6a1ce3f902ee4b23501f62fc0cd92e56b6ab4b6e7b234745d1588486d0d65af8058606e1ba93f50eb482837274a93a7ef15

C:\Program Files\7-Zip\7zFM.exe.tmp

MD5 7fc2a42512e508cebeda390d74d82685
SHA1 c968561319c8bd6926573adb30bc36a7c3b1110d
SHA256 bdb92f4ea9d4e8526fe28619215013988ddf444545f30083e95561279ec50af4
SHA512 0bf944bf02df5806eed607068b3b26dc68dda03a9323062a5886fb7ce3a814cea13caa2e538e158d4554dfc331845941ef8619fbf5953125034225ea0ac2342b

C:\Program Files\7-Zip\7zG.exe.tmp

MD5 a6461725ed25d3b3d6b996f0f862fb66
SHA1 6877e479647b6e05c05cbf7d24cc3b9af46e572e
SHA256 18203ab266fd879d65806dc935d43d827b6b68150298aa1e65066507118d54d3
SHA512 052536896aeae2530e3cf7c558d25b0127cd729f1d5d917013858b2978d35a80036df0da32ba0cb32f68a9a52654a67726aa60c959ba2e591b6452e55a7af480

C:\Program Files\7-Zip\descript.ion.tmp

MD5 5b5dad6938cb896581b416c13c0e342a
SHA1 273fc27c700cb14b6d62345b43ee04c7f2335f51
SHA256 db2cf7469218b4d24aa65fb571e9e8e92999dafd22e36ec0fc84f3727196535c
SHA512 ac4e68c26d9ad956bf407d9c426fe44ac55c0a141cce5acb0a5d69bc2981d88d5cd8dc55201ff5d17bbfb15ebc8f870cff9d204a9897756fc38f5035b9339021

C:\Program Files\7-Zip\Lang\af.txt.tmp

MD5 fbbae91792d7f7260f36cd709380bbe4
SHA1 89382b6f6b260cbac38aa8c5f49e3a7feea29e3b
SHA256 27c2b0c89bd237f1112f541c991bdb4de5d3377e10ee78cc933a39b86c980f04
SHA512 19b6321537bb84a972afb49dac129594200471239bbb27367241cc416379cdae8a212cee2115ed648b9bbe8185ff6ed6929d5d79301fa32a5767c904d07c306f

C:\Program Files\7-Zip\Lang\an.txt.tmp

MD5 16328af834b73081982c3cd006d99e69
SHA1 f7eb9188f4a5253e1c1c76157f70cb64e1c3f64c
SHA256 2bfa3d7ff1073602bf9b7bdb26dc32a9ebbfa4a2f0034c8ee01156a9d2a2b2dc
SHA512 dcb8682f510c47e2a3c9136c548422db8d1bd1e1e2dbf48501a1aaa3284c43caa575274283f8e477aaefe8d875867c906ad01f57422579e6dd4d68c9a56b14e2

C:\Program Files\7-Zip\Lang\ar.txt.tmp

MD5 9c0a5cf1a5e6f374585e3ef54d534a30
SHA1 f3f32ccded87f8d3687a058e9b148ea9fae9704b
SHA256 adcca7b0fc45da616870cdfcb5ba103ea607a8e111aee3437a0347a8b31dcd13
SHA512 40ce9c893d6231ff0437f4b0e09adab343e229ecad89bc182e5f7447acace93efa45d0888a93de380681e3815947e08be38787fe407af852594a873ba82005c8

C:\Program Files\7-Zip\Lang\ast.txt.tmp

MD5 2af39d77f80cc11be7eca11ccba781d0
SHA1 8d884f0393ad8076482f8ccd2e0cc5010b5f47f7
SHA256 ad83c20a3be1168a3b08fdb2561068360b3b815c768564817c051e3bf281a1a2
SHA512 210f3b975eb7c27d748caf84df70661ad771c7e5bd80e0e680e6f12ec52716d7bd7e451c7ab76ab333a4d2caa9fcd6d78d0a7d01020ee6ecf21d1c8e5214594b

C:\Program Files\7-Zip\Lang\az.txt.tmp

MD5 49ee78b8b8cc7c44b77b41febeb2d82f
SHA1 57609ad4db2cdcf77fe030f41d97e4d212c479a6
SHA256 2454bcda1e5d6dab1351468c79a64a600007e1e2024b7e1d73dde2b0f945e374
SHA512 feb0ebec905924672682707b849335bc93a515fc776cf6f774cbf0f552f53657e3dda83f968864584546dd142edc0e93356ee14a78d2da83570468ed7351cf1c

C:\Program Files\7-Zip\Lang\ba.txt.tmp

MD5 9b2f3cd68954efa5d42564f40b0b058f
SHA1 ce73359f8b60c7d99f83fd5fdd9009f76fb9e3c8
SHA256 179336d1bd52878e2cc06f70d424cc3010b9a642762a1e8a96521cfa9395f98d
SHA512 303e5803b3e13ad8fbe7f838c0a9e3467e7f8fd5b0f94d8006e084ace3d3bec69b76e8ceaadc22dfcae8bc921ace7bbd848fd706849a58ae90fbb96ffa88a416

C:\Program Files\7-Zip\Lang\bg.txt.tmp

MD5 3256190596b46f830b426c8a6d544cdf
SHA1 cff8cf8878aaee1d150f21383e1b58b04e01e460
SHA256 0dc154e8f934c49d831bd55579a7e75c27314ddd82e79de1accef25846120559
SHA512 37029a2e410593a94a7b25b3ee8907b5df8180213e713725d96faa94a2fd4662d8fd5e2a1e9ec10d6f66ada0b37f4a8729acded0f184eb26e55fd13f889e5812

C:\Program Files\7-Zip\Lang\bn.txt.tmp

MD5 1c8aa7453964af26b693260a5518e03a
SHA1 0db4afb58c5738f7db90224b2f53f0990379b614
SHA256 5305d2617f0f800f3152bf358ece2b3c1ac79f0f57252bd71b7b26b8edc1511e
SHA512 126612e26156f748625fece9f3dc73a14a365fc0e80a2fc459c8c66ce3a958b1d7bd6bf87efc6fb0845191fdc21ae0c8fb807c9c226fed6b8104ee5a890fd68c

C:\Program Files\7-Zip\Lang\co.txt.tmp

MD5 708ac5b46331632bcca74c9a67fe241e
SHA1 44fee874de0414209e620ac37ce6ccaa1c7b0f8a
SHA256 883b1dea959fa88a538e60b4e2183bbbd8e72763b2ebd8e1ff5f80c0fccbf74c
SHA512 38a3f9a21e1daf6d6bbe3f9e88f32f9c55932c4ee1207bdd127b307fde7e203568eb591a886f3cded1cab377d900f0dbdd495547a4455e28633816960916b48f

C:\Program Files\7-Zip\Lang\cs.txt.tmp

MD5 8fc2d03ff0b311d7791a7fd195d64856
SHA1 65a77868708730dd5f0c960bc35e8a4063ab5694
SHA256 b3905411bb575582e49f387cf0e07ab428dd0cc7233e0e7c57c1e17edf4ddf19
SHA512 0824263fcf0ad2478033a665a6de98f42bbca457a50f476c29164b52ca087b659d458aa3c6b04f9891d5bc15689c0a8b1b84a8a5295abb633051c7157b68c19b

C:\Program Files\7-Zip\Lang\cy.txt.tmp

MD5 131417d24d4f387a000cc81da44b6a9a
SHA1 ab46a340a6c071957c70e2f772c588aefbedbeed
SHA256 0a3ff9e50b86e1368b84c6ca281010603e540b08114af24ce15fdcb8ee00f6fb
SHA512 af5a69026fc3f37a57e01d643d5ee8b528917181a98669f829acc274dbde787267702b60d10e506ce9f8939610d1fa1b526a4087652ee9e185442102ba50e101

C:\Program Files\7-Zip\Lang\da.txt.tmp

MD5 d1620e125d3cfe13d934d5b0a77dd741
SHA1 6c0664d05f0f78963b499e3866da0afa42335166
SHA256 82e00db074ab5a10747eedced0145d396c38ed4da9d60412db6704949c7fba9a
SHA512 270f665210814b2b37e3727a93c1c8e571b2a41b05c0bd32c7136ebf1e8978553e5ec3de3888ee2c320186880f70f1edd4d206df555fc34500e65a396ff20c89

C:\Program Files\7-Zip\Lang\de.txt.tmp

MD5 6e4427ed35f3ebbd38fa5456faf3ba12
SHA1 c059531f885280dadb523d2a4da6ddc94715c06b
SHA256 481c2c4d4b42d68b705de955186a7bf15f0d738778fe201e71fe4f8246211315
SHA512 dfca7f28c5e870e0484e883878edde5b8bb8671d62e07312e5654675ca7c699e2b4bedfa6af1dc800ea28538829f6872cf04f3cf8785ce272a2313ae2c12a880

C:\Program Files\7-Zip\Lang\en.ttt.tmp

MD5 d6bcaf68bac9cda7d1d44a2b3a4660c4
SHA1 1c3bc716b21a7f59b4949f5d9abb05b3bc365814
SHA256 c70678f219b622b49e46f26c9e20e1fd11f0ad94bdb45bd5f87e827efcd91a1f
SHA512 3df3b99d6d9fc66067b751ebb3bcddd5339e6c1a44dece19135b215622a261c4a5f32b1748992a56a9790a9c03cd7e30e473c8cf9947300f8fea881d80d8f56b

C:\Program Files\7-Zip\Lang\es.txt.tmp

MD5 45343f87c6e6e41b9693d0467cacd759
SHA1 8b812a105af25a8638e3ec38cdabfeb6cb08c81c
SHA256 132e396bc94c367a0207f0b6c146a3814e54e7091293adce78d82bf91ae43539
SHA512 c3dd4559d9fc5cece882e81263f782d39c3f9d119d7bab5af8c67d1f872a29bd8445feb1223e866e3a45b69b8b5c4f956b89653ccdeb764c233a52de7ab96a99

C:\Program Files\7-Zip\Lang\et.txt.tmp

MD5 01d6b7f37113738e403047d81cfc94b4
SHA1 066cab472fb28124ae2ffa6ac7458a00fcb254a2
SHA256 3955841ea1922659dd8cd854e9bd62d6c62338e59750ae28d8d936fe0f43b616
SHA512 b34c3f367d968b23230d074c1d6f7652005ea7ce20d0c673d3acc845dbfad90c113bed79d3fe6c2586d98c0a3e5332065fa872977775b3202eaf03f3b7b6e45f

C:\Program Files\7-Zip\Lang\eu.txt.tmp

MD5 1ad8e9347ba6ab30d74bca0955b73b34
SHA1 0b49254b5c2626cfba332518c3e904418100ea5f
SHA256 b0fb9dd25a97ca651da254c32f0f1bd31eeabeec448880f3ce308ae4bed85475
SHA512 851dd2d4fe2895f5d37bcab71769447f7f626d7cb10075bb2ce0e902bb8a49e3852d398548a49fce72b0da3c1d10ab91eccd3185fa508fe7c98c00129c4681ce

C:\Program Files\7-Zip\Lang\ext.txt.tmp

MD5 581c53f523a663cc5c4968995f1715dc
SHA1 c4e7b73db5666f99d68b2dab6f09d4744ccd7bba
SHA256 bbea82efa5a8cee956c02fb74321847cccc946957a6bb54742697c6bf555cc1a
SHA512 3695806413c01b1b3422d4f32b7d343a37262dffb3288e60de56a24e0e943ee53963dd019771862f02fd41eb94891967e687781d0dff855da7ba810041d4d9ee

C:\Program Files\7-Zip\Lang\fi.txt.tmp

MD5 87021447b5d096568e5d83a56800279e
SHA1 03fc38a673980ab2de2da9736b80f757906d35bb
SHA256 d3c90c19ffaeb263c8b982f1772f29d545abbb6975ac151e55de69306c128717
SHA512 5c678a1bfebb0d9b3861b753105a4e23401b606e23f817a667bd2e5742c251559c182a629f68363fd3edb06f5041949e563e507b09806f2637f3ef07dd763796

C:\Program Files\7-Zip\Lang\fr.txt.tmp

MD5 fddb18e2a5f3bc9e985a40b490a02896
SHA1 439bee9e11efce763449e9f47c13859bc72c432d
SHA256 ac9b3f8d924a371935a6f8ea4695d21e49b303ee2c1f96ccc4b89d8b8e27ec0f
SHA512 90ec2bda6fdc8a5249ff6a3251d87c875ef2cfd39362be9e939d1b01cbfb546bb6cfc7ecafe4439a2440ac12bf7c5ea680d0902dcab1c2108cd22182c60e988d

C:\Program Files\7-Zip\Lang\fur.txt.tmp

MD5 a33ea52b9b336832a3e9af0d2baddae3
SHA1 3694192cc471e344722c148d386cd55f4cd6dc72
SHA256 33875977496efae383d5b04c3c316174177c222c01e0e80b96ea2d8b75d21bd8
SHA512 959bce5d31b081a6496eb14f90f186f95bfb70bd26476c2a97876383c86a89482c7edfa6729df863a72db1ab629092f89c2b1fce6eff4d30beb3021a2cb093d6

C:\Program Files\7-Zip\Lang\ga.txt.tmp

MD5 e55c6e236222eb2449d6bd27547e577c
SHA1 e0cc66a4b040587a71f631bc8589807bf007db72
SHA256 4054c2f7bf957a4ffdeb0f0357573673b9dc469f7421a580d41c8f86ab7e10e2
SHA512 550de0bdffa3d6f51d4acf4f9ae44b4d419b9ad3970a8bdc4f490849bc188bae771e6c25b7b4dbc0061154c69dacf9b8f18f9dc664e5f0194224ab7872d01a0e

C:\Program Files\7-Zip\Lang\gl.txt.tmp

MD5 ffdd571713f7f24e72cc218398292766
SHA1 cc76e57fcf9ed5654eca63c6a49e73b0ff7f2df5
SHA256 06a9ef804b84f0be6ad4a437df7d172f2085a1ff74a56690ed1021affed2929f
SHA512 980a7c9196cf80cdcd9d9895c61b130841521e9099943d7fe26ea3a1b88018ac65130e7b9ee5bb8a813697f8edc639a0dbc99acd05182ae60a22c93e708820e3

C:\Program Files\7-Zip\Lang\gu.txt.tmp

MD5 e1301e3b9408e21ea2f1cc48a6eac4e1
SHA1 e5a26877a71873f5d5cb05f9dcbce392dbf323ac
SHA256 d8fae6b4a8200a4c8a60c94b75aaa02a891003cfc9212eff95e4f33252081a9f
SHA512 08ca00b4c9482859e11a94b7a5b536bfa32529b093759dc15d25cfb5fbb6bac86e50c7160d6f9ddee5a1399d798fcc973dfdd2888bba072fb4008be97a5b5a79

C:\Program Files\7-Zip\Lang\he.txt.tmp

MD5 ac9d083878414a363815845a46dd0c88
SHA1 0081f6b7be85d20f5fb56e1f466957e5dc07c129
SHA256 e7c2aa3cb7ebe533ab8f872a7995995857928e02b01125cbe3157ddf8862b544
SHA512 c6068f8dad0b7b9228fd045085d9b491b0f36a3f32c3d9e31bfad41e7f37000c17ed93ea964fb2a6287a754bdc718439a478375f72f755a8bed63d69585eb286

C:\Program Files\7-Zip\Lang\hi.txt.tmp

MD5 0114f85ad3104b3157005d2f030af932
SHA1 65eed7181f18fdaacd7bc4fd030fb7238c742f59
SHA256 36426b8ad996abd6ca84f99ef1df6ea4ce9d0d5ef40ec7bd0b4ec7f4de15f26e
SHA512 4fbe5716a0847405b7c8d1de683f959340028a901c87ea9f5a212f716d6fc98e4a3e9d80dbd3cb8c83f35f3d4c08003f4abba5b834600b76bff97d6667ec0a80

C:\Program Files\7-Zip\Lang\hu.txt.tmp

MD5 d2ca5ad679ccd309a537b27c4f8c6c08
SHA1 cf869cbfe466f203dfe3d0b46d72667fc59363f2
SHA256 ff32870acaa28d874ddde983495345998834893fc183e0850239efb6e5e6fa7d
SHA512 0c1eb8318f002d60b5d817c54aa45010394c4e683c4da650d0de84654bd09ddde0ac83d1ce834b226fcd7a5a47db3aeb399f47446d0d5f8a8821e74319c47946

C:\Program Files\7-Zip\Lang\id.txt.tmp

MD5 c5caa045b38d747bad828d8d04883e09
SHA1 c6114f4f628e050de886db7c148c96aeeadf9d45
SHA256 785239edec554744cfe2d1b5c4469c768728e048287f7eb316692e30a5b03be2
SHA512 72a570004ad16f7f97eea901c0839822f0102d4830edcc2788aa8d2e7f455ac247035c5c89f760739395486850e2c5cfdc311288d7af2784fa3c118e29fa35fb

C:\Program Files\7-Zip\Lang\it.txt.tmp

MD5 786fcc7a098ec5c41b61cb93455d294a
SHA1 d433a6960357faa7125ad59e316344bdb06391c1
SHA256 a6a394cd99f0b5d4a3eaae29eaf1c25ea96e51ac3e07f5003d0025f87c6395e3
SHA512 a65f2ff39134183e3b532fe4caa7fea1ebaeb222f4f63f7217c3d99cc034b7efa6c8216afbc4f80ede5d5a99fb11b119ade6fe34dbd6915abbc70c3b3d43050d

C:\Program Files\7-Zip\Lang\is.txt.tmp

MD5 18ea6aa593c7247901972eef52dd9fdf
SHA1 181074df16dd837aab9849f2493448450b128f7b
SHA256 86de545fcb7879ff81f5ee9a6ca526882a72b0d391d7615c5e46bfa8699fb691
SHA512 567a3b671162dd8a369aaabd7fe9229e47bf7cd227f363304d6132dc0eaa09125214293e14c3827f65a24134316823cb2e4ed3eca3cd379418a7e1494c3b731d

C:\Program Files\7-Zip\Lang\io.txt.tmp

MD5 0f4b308c711d204b9dd4da89bf0efc0b
SHA1 48edccc5a98b843c3ff3fef128239076636a760a
SHA256 f198c584a68d484d4372667a585ddbc44088c1025d41eb71457f5648b6114c3a
SHA512 dc875e89e0337d59bdababc54fd314724778f57a434e269931026937baccf768f0b6af0e828a47f931976b2c9a879b16171e813b2d762fa879b4ad3152b80091

C:\Program Files\7-Zip\Lang\ja.txt.tmp

MD5 e7af632045343c5902cc3a812d81b393
SHA1 7df5a9b265e09d0cb0f5360a4432657460228eb3
SHA256 b52462f8224b7ebf66cb40e36b30748bed55612fba51abbe90bc4e07090ad51f
SHA512 49634ae14b1bfef96a4f5b838426498b60934595e93eb85bf2ee72406dc0f24203cdd3b43c01b7202b7c5715d34ce0d1e8c52db756691255ca1ecb59a5c68c4d

C:\Program Files\7-Zip\Lang\ka.txt.tmp

MD5 6e3acd5169d71cd4ba7e78a80b57bc28
SHA1 60563665959b202ccd25752f44ea3be1622cad9b
SHA256 48dec15d5cf40e4f2236d5575738725f1adf9ad91cd3526af8895e02c18db25f
SHA512 5fb4aa13aa4b1340150ab43d00acc6dda2945c33a8b3d46f974aacfa5c03ba603754d10e1b2e1887adc2cd088e90088106ac0cdbfbe0079e56170d093951d743

C:\Program Files\7-Zip\Lang\kaa.txt.tmp

MD5 ea6c61a3d060a4f7c150b3ff9c580ac5
SHA1 6fda4843d5ee6096174167fdfe1065351a3a4333
SHA256 fa7b16ef5ad28e9ba4d73d385bc4a6bfe6ecff6aac3f02606a1d7ddc0e5eccea
SHA512 ccfdaab9b8b9f370d92002b8c468981aa26a1acceecb3d029605a373ea0202b0c0e23276b586524769c2cbad5afb16fc04ab6f39006563e18a7904989e7327ba

C:\Program Files\7-Zip\Lang\kab.txt.tmp

MD5 315dd7ec6cd1c7acdf6e257276a0c412
SHA1 51f4bf39fdb2e0ed0316d4f5704204fe5d900154
SHA256 3d327ee435d36833af50bdb69d49ad101aef0bf13840a2611c99a2f9660660c8
SHA512 87dbd9cd5d14f8abfb5079bf6001c87a9f1bd83061b400a434cafb822fc5369a3cdf78dc891083e2d066719be1d5ed69897a67e59e49e94a6cb39129b72a3c94

C:\Program Files\7-Zip\Lang\kk.txt.tmp

MD5 fb85a0c9bf89e42e6d50e6624fc5ad41
SHA1 932523bfcb38398016455e8391a85f547e0795d1
SHA256 ab848100ef910c55f8aea4db9e591eb0906eb446812b4a17894c7657508bb6d7
SHA512 ccd40a457c0c196da7ee1316f6dd5d5f038e44afa8ce71d53f699ca45a094e2aaec8926cbcce8d2c44fcebde2ab8cb57a1024093fcd74c5cce9dd8626e37d9fd

C:\Program Files\7-Zip\Lang\ko.txt.tmp

MD5 59831107ab789508a5c003e1230f3c00
SHA1 d269ea62b40f6302c5b5267f82c2a2a6590fc42c
SHA256 43c38fb647b4bef6d1b9ed7060cb5ab9c3c929f5bc514396d8376d3136cfd686
SHA512 fbde87ac736307b30fd0c664b74ca8b0b3601a030cb6a9a02105de7d7b61b2810143e020737aafe7e939a9390ffb49bea98db1cede87f8890940086812b09df6

C:\Program Files\7-Zip\Lang\ku.txt.tmp

MD5 e8f645e13f517ed86e66ed1070a82398
SHA1 d5610ed0a64675d4dd3a91d336d5a996af736799
SHA256 e927b2bce97d4662b2c8fdae65cba48ba2f3933b4478e771a16a0a2965cc4630
SHA512 d7fdf31b31785955b5b1fe7895cadc2c28fb778bd496cd780d52383ddba26e50cd229bafd61452b5d090f3706034d498c4f26f8fb2fb43723a6993b21ee21e57

C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

MD5 ec09245adeea58f1db56197077f56231
SHA1 d186aef9015de5429c7b66248193cccd9219c227
SHA256 c53176b3dc7bebbf731cc98aaf51422e58b2da2655a2c98a995987a1cfabd0e6
SHA512 a8729b98e75e02ed490a9532a3be1b28e5541383cf02c83357bb96e9c8bcefbc6fd889f0e3c9e1d5dc0508fbc5464e533e47e7469a391033a44e0ad72a93e1f2

C:\Program Files\7-Zip\Lang\lij.txt.tmp

MD5 69fec5a24754c8043680b7e149ad9e80
SHA1 292f97e1da053007c60743838ec7ed3e948c15c1
SHA256 ab6ac2ebc399866bf9ceb609bf8aba049474343b1879fafc5d2f63d358d9dc39
SHA512 8601b0b9563bfdd258088c1c2fde66566a7695bd554546d0e3e6d6152c2771258700f3fbd8652ab5ab1a71d52169c01c470fc09b9caf9084dc187cde2f75af73

C:\Program Files\7-Zip\Lang\lt.txt.tmp

MD5 d0e5666b61077e22b3056eeeba843ae2
SHA1 d4c1c9ed39fca00021b924a36ceabf10a6dbd0f3
SHA256 14a4a9f75dc3ff999b0896c466fb4cf266116cb464663c8397fbcd8b9facd904
SHA512 52413deb045e7fb4af959e52e8fa47a4f64b20c4e7daff5d4204ec806c95f33af1a65830139cd6082cb7f59362d21c2cd49c8bce9afe43e53f2ef9bdee40ca09

C:\Program Files\7-Zip\Lang\mk.txt.tmp

MD5 eb80035bc1bb7ed38e74604a702ed203
SHA1 d4fc0a31dd32a0720c15befefbd35f312ab83852
SHA256 61de581eabeaf513ee461471471e4602007985404e73f0639a4a768914507009
SHA512 40e014b5fd180c8d17f2a9d82659bf398d073052c7558e9bfa6da5458bc4d46633a342a60682bedf40ce16ad758acd965aec6d2c3a7c68f433de8115e6cf392f

C:\Program Files\7-Zip\Lang\mng.txt.tmp

MD5 a50ccb55109b5cb0f1e40e7a67b1f9d5
SHA1 6298f971cf1bb2933c3aca437b5683a32fdcc8ed
SHA256 6f66adbf41debbe1db56acdf893a4ef4e6e5b61c931e2d6426aeb8682cdd3ed7
SHA512 0d0cce2bf0afc6d16edfdc69f6dab674a855ca5f0c9164ff217beba4941ee436e2833629d08d5172099f94e0d1538fb6e4d066e642fd26520ef4b60b26d8b8e7

C:\Program Files\7-Zip\Lang\mng2.txt.tmp

MD5 1bb07251af98ddd52bbb85219cd2e63f
SHA1 6ca7230d227e1655ba505bdfa2c71e9c689b1960
SHA256 cbce7eb913bacfacd5820766c89cd806593fc7b1bd4a0c697d9d45af5bedd8eb
SHA512 b8a4e672a8a5321bbe63363a83e1eee5923204937b1651e538b0a453f81a208edf31d05a70d35209f9d84912fe166b8df2304ef13ab83aedad74021a7b55b8e0

C:\Program Files\7-Zip\Lang\ms.txt.tmp

MD5 d4a3fc31854f7cb31ada0264d9ae6d08
SHA1 d59bf6b69ba8b510910b207d8198cc3d624df4c4
SHA256 9e7e92ea5f5e9d49e791f8dbdfcc253ee22211bce815be9c193d06972cbc9033
SHA512 e448bdb48e96ec5a07edad599309dc803a65d38ef350299067727e5618b5f13f12c24fa8cb16b84199238617f0bf2907ea2330ab34d9323f5d7df64be4e29d64

C:\Program Files\7-Zip\Lang\nb.txt.tmp

MD5 cfc0db7fc3377874e5d812bb6ab69ae6
SHA1 a9bb1466202cee466b18e71f93eec389da204579
SHA256 391c75e8a3084446ecfd18f929fcd4b90615f1b771baf5d54a3e88611fd3bfd9
SHA512 0ecf436596c0be952c29a22f62ccf4c75d70766f2f48dd558cb3affc22c302ae4a60de2a82da7b6e62e8e0a2e316ff085d3eea71e87766c7e0533d8e7fdefaa3

C:\Program Files\7-Zip\Lang\nl.txt.tmp

MD5 836ea21947137c9dffd98d762e1a1664
SHA1 ce398a79e379c9c5ca7ee1485f9187abc8202473
SHA256 51762c3c5431678906804b0fb183f209c3863cdaa01cdd5fe4a627b230d19201
SHA512 0ff492c51b739680697abdebf579db9e5b48da148c54c06360e3e3433080c09398e3ee1cc52596f6aef7921ed3e0dd032ccb13f7f5b44a490c0c09693409c63c

C:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui.tmp

MD5 afc9548502c795983c8c609e83bfbe9f
SHA1 d8ba8be08df6cb707b2e16c53837270723bd1a28
SHA256 3c4fb84e4f2229a75fe18fe4639b29c51e51971d0acaa5b61037fc65b0b726ac
SHA512 d1eabfdee8b3d3f8c61ed901b37dec7e720d4511b93f35f689de5fd91581fc725f40606487def4e635e1d3b7bd29c07ec91070f9ec6e3262364b562c97489b0c