Malware Analysis Report

2024-09-23 05:11

Sample ID 240613-e28dlsxgkq
Target 5e65aa8a381ba11864a17f6732e5e7c0_NeikiAnalytics.exe
SHA256 6832f0c0375d75e67fcd799c57a2ce737a36b547b499d8335558e81986fc86ea
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

6832f0c0375d75e67fcd799c57a2ce737a36b547b499d8335558e81986fc86ea

Threat Level: Likely malicious

The file 5e65aa8a381ba11864a17f6732e5e7c0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (840) files with added filename extension

Renames multiple (4877) files with added filename extension

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Drops file in Program Files directory

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 04:27

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 04:27

Reported

2024-06-13 04:29

Platform

win7-20240611-en

Max time kernel

148s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5e65aa8a381ba11864a17f6732e5e7c0_NeikiAnalytics.exe"

Signatures

Renames multiple (840) files with added filename extension

ransomware

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
N/A N/A C:\Windows\SysWOW64\Zombie.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\5e65aa8a381ba11864a17f6732e5e7c0_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\5e65aa8a381ba11864a17f6732e5e7c0_NeikiAnalytics.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tijuana.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.sfx.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\msadce.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Martinique.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\Common.fxh.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\Internet Explorer\msdbg2.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Internet Explorer\en-US\F12Resources.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\7-Zip\7z.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Nicosia.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fy.txt.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guatemala.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\7-Zip\Lang\fa.txt.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hong_Kong.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\7-Zip\Lang\tk.txt.tmp C:\Windows\SysWOW64\Zombie.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5e65aa8a381ba11864a17f6732e5e7c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5e65aa8a381ba11864a17f6732e5e7c0_NeikiAnalytics.exe"

C:\Windows\SysWOW64\Zombie.exe

"C:\Windows\system32\Zombie.exe"

C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe

"_Resource Monitor.lnk.exe"

Network

N/A

Files

\Windows\SysWOW64\Zombie.exe

MD5 f052d15f1b566107764a2774908b6af1
SHA1 9e1028843bff7fdffbef8a8a41d0f96811c6316d
SHA256 f85dab0872df5adbdf677222092b0856a1838d56cae16021d069f293b4b34b61
SHA512 40ec41f35a125c28196e16365bd2b8b480edcd6d19c0132f248b3b32f04f22fa49efe1c7bc5acb9106215e1630475f4e3ba562d77b2d707b6dd1bc1562c798bd

\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe

MD5 ec66d5503e4d7d882d34736baf0c566b
SHA1 74f433d2634997353236cba090dbe81e4b1356b6
SHA256 845254d1b56b5bd9b14214ab2caa3b1b8574dbed198dcb3d328949c0fbeae817
SHA512 41a40296a4f08f9acdc8f6b90a462484c07e268d1d20a034b9166c0eb99d73e764d302be32b7ab02a57faf98120322cd18d626496b796f668cee345081539437

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

MD5 83b21fcc44eae5efff377b28fcb7b87c
SHA1 9196726ea660afbfc4b06793b5a6b82fdbb61cfd
SHA256 8ddaeb10d6465a87dc9d3c94a29241fe106d265290adda61f5a2c9ad7d0b82b6
SHA512 fc4ef00d9ff20ca73188a15e3a0db791f93b1497d2f98884db2716ddee20f312977003377645829934a76fdd97d257bb577d284819aca3aa28a6fff023ae805d

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp.tmp

MD5 1f0ab7db8e699d58f10caa94a806820e
SHA1 5b85df00f39de74eb875e1e6690cdb13910b3943
SHA256 25ab36fde8a8a48536c3686e3fc2b94f5ddf0c1aade40c5cb4e6fe9c000dcdad
SHA512 4283b9eef9ef7ea40da73ff108846532b863f1d11ef95029fb89f3cbebaffe06515de1db0b0b2f2621efc237691fe1ef4c8b45e8a125b6ac956c5106fc441f7b

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.msi.tmp

MD5 f637c11f8b2b91c6d4437018633be405
SHA1 ef7c767baa8555ef43fb37a37b391f1061e83de6
SHA256 7f5a43f869e739931696d504d86d9dcbbe07501e6c57b768d0932bef582b7b8c
SHA512 4701d8ceb769e52b2c315bc5093340875fdc548780232e91908220cd3be857157a93993aa0f0a31ab299016e8c1ea629a61a77e87c0bdfa5ed7096c24c7499a5

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe

MD5 bdc069212731a5b156dd1a7626468fbe
SHA1 cadedc8ec7fcc8114037017ff5664b103806d43a
SHA256 19e0906ea7b2431440c02378be7741eea207f51618b3c41c4ae1e68831d04332
SHA512 6e2be0b1b4a19aad9a2752e714e9fc2b91a2d01b25ef62d05367b470991e771ea1583957b59e9ac3b6e5e4d6b46caf52f3849b04879fffbd3f13cbeeeec95b37

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll.tmp

MD5 2b8f42d2ec830ab6a356239d22b54557
SHA1 8de72d46e4856f963f0cfc347fdf83acc2262b0a
SHA256 f06da6f0cebac0becb90e2f0f35d7d0974174a2f3f9e354ebc68971bd7643f10
SHA512 c2ff5352d66d2983041c5278d464091fdc1f331dd85a059d3283d8a6418eaf573f0327f578d660a0af033759b61bc7a3469b0915a4ebfc736598867701932c96

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab.tmp

MD5 086e369a84b9d25bcaa4034ef1c7da5d
SHA1 17723ab4f83ee60003308066039d133be7d46726
SHA256 4b28f05b1d3669aba770e8fffdd140c182028a1401a09b1226ff62b4ba041962
SHA512 fbc97159c8f5be3eabf6a2b189f73ab68e797f3f1426f792f69a56a7d462b06a3273cfb0557f832ae717c8449b22b203d75cf91036f6f474969e523556ce57c0

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\PidGenX.dll.tmp

MD5 4012a2d2df1c92b6ca0d573be4e1b4a6
SHA1 337caa462c7b67eed46267a37f4c960fbc7e6d5f
SHA256 facc64c273a3ae0b9d4b88d385ffedbd3232e0f7d7fa85cec32df33bd05cf812
SHA512 57291ff90d119236e8516ab8c7777f43b809e52d95b157f34c3cd2d4ba710fdcec5e32aa08e452ae1ff4145c6882f27ef3fa0b795386335c97ec8516b3b474f4

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.tmp

MD5 da1d791a4a9c2530c267eae20f56b06d
SHA1 3f0c8b27528b98df035ab9ed113c079395c9daf1
SHA256 984cffa267f50719c2997874f38c86902f7e5b45a8e4b464b4edeb391bd7bbfe
SHA512 06ed90523e899bd9ab1102ca4ffd877e2b60c2130b190ea60cb78315e6678b8ea430bd5b42c55d6d43a89f11b91ba0b626dabc07a869a157cb5183f6ed92075d

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.msi.tmp

MD5 fe3e3ad1f358addd1a38f1ff7b2026db
SHA1 e8fa77123d6f5de8990393522c2755752c989f34
SHA256 9896426198b96753ebe60acd70ad973e13b094a436bdbd21a0ffe4a54c94322a
SHA512 b70f2307c515dfd5f3df35daf1683579c1ef410c7dea181b2b22466f1a681787edaf4665ca84e50e2817790ba478806cc7e707f03c7d391f341ee7c26859903c

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.msi.tmp

MD5 afd472b4fb17ddf318bec153902a71ed
SHA1 21ea09efbe7d4a3a91b713e37982e4ea94a09ed2
SHA256 2bffcaf0dcdac60e8ae0f6e967877f7b12a1b6283babc81dd1a12e88405584c2
SHA512 7c56cb59c4b81bee4f18f250bbb3ef3a09ec9fca5e39f9208944ebc1befe9a2c0edd9c425f8059e6c40d6f0c864a9d8bda3edabff1b8ad42e6b25921da0b85be

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.xml.tmp

MD5 edebd8b592d5c6a0ca57da1b466f42ea
SHA1 6ffe0c4215eb32f6b6522a91e3dbf70b3537ce57
SHA256 3f41230c98e854c1bd62a7bde852eb639e049b9e4bc9a587fc7db0e9feea881a
SHA512 355bc278de6eaa0c5c775db1294029e3f1fc5a6549c369e527e213e93851bf95a7166fe799d15685273a12a123e3310d2174d0ece192c7505e4872df0e0a8af3

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.msi.tmp

MD5 30d1d09d405fc03eb5e260e1e043094a
SHA1 8fb2995b8af3679f5d9e4eaa0887b02c3d3f0d0e
SHA256 a2c6984796e27c8d744c6a1fabeb042d9e630441d96030cd7ec95a7631aad290
SHA512 ae7ef377bb251bd15eeff99100cbddcaf38c64052486d627b57da19cdcc85a9d452387438565a87543998a4dd44140eda79e5de0cfe901a4cad00f43d8eca144

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.msi.tmp

MD5 1a81791ed06193e769dee4929087cd7b
SHA1 449ab34ed9dce7afac32c0618a4d615c303de5ed
SHA256 7c5090a92a4711fb71e14df77536af9240ae7483a90afae4fe541276bec046e1
SHA512 3c1f721f8743850174d552a17349644904b0f16d0236b58c9954f8890e1af2b8d2e3c3a43503a1139b54e4b5eedbd6d4be571cc5fa1d79c6fd507dc205a9e5be

C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.msi.tmp

MD5 4a15de743e2bb68fdaa62efc3b68a0c6
SHA1 22745308bc2999fc7948c3934f1d32c2cc1b1149
SHA256 27d480fcb71d380a4fb9b5c112c45e635d47ddd8cc858d370e083d34600e15c7
SHA512 eae51b5f62bfbd297ba2b1a2572e6e1a15e6d96ee9b2397807e336989ef8897688dc8c9abe3aa2120825271c133ebb89a0d8dab7041746806ae5a2ee5bd5767d

C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab.tmp

MD5 04b2ecbbf3e4b36c1f58a383f507945d
SHA1 56a708fc7a0dd2801ba96dcbbf462dc78a08511b
SHA256 7fbdec778e034dae690ff3ef08da724a780cdbb38859b1f95fc85d7aeed391eb
SHA512 e4277528009cea581eb8bb922b1a84f2c4a3867df802c00d0b54bced61abf7cf546db2099d9dc2671b47a7425152bcf968cfaea22dd13b1b524c43316c05921e

C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab.tmp

MD5 7d2240166bd68d61b071db566d08206b
SHA1 0502c51cf62ea1b0e6654fe51a4f55f348e6894b
SHA256 e63915c2a01cce1f1e8e541a6947eb73b442488368a01ca99d29c94d32ee0fee
SHA512 5e5c34c9889d07c223a737940081f2bb289abbf4b54749e55f8caf0caad5d327f21c67a5c3bcffa2a1a2d1cf53d1bed9f27276d7fe1193cbf0e8a715dc444df2

C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

MD5 179bf852a42e4f97066672d5ed613ed0
SHA1 f37d91908e491eb91455144502e4985a4c4edb2e
SHA256 e25729dd0b215b2e5fcf19c1ebfb0ef816fcd62bd3fc12e040634437b5a3d8d1
SHA512 a44c6254a08ea6aee3523a8b9f544cab97c791547dea8b5e44d95dab559e173f9d005b19c1725fe31613f11281cf097a138111bb784ea17e891e8f13faa48e75

C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlookMUI.msi.tmp

MD5 b42c263d883e1b474b357309a28e499a
SHA1 dcb075d9d2203c8cd07299c1d6941f705cd5f737
SHA256 c165a938fe59580f8d7d2114fa0654d98e19deaa32e3fe39048ea928169c3866
SHA512 c97a01d9ad6abb4ec8670a239e0184652e09a8c53e50348c115de77fef9659e2268ef8d2b79bf7e33f02a273581fffd621ae42b8e2790d4356f61ec3de9e8f03

C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

MD5 f280cfbb47e3a3ce1ee1ed564b399166
SHA1 d7af6baa2e85bcf616c1c882419ea1ab51aab01e
SHA256 4322b671286a448780713579ada6b0451e7b73ca036429de94b27129bf102df7
SHA512 cd645347cea5516fbfa4b594eeb66c6f6fb44d439a9b2a46a7df455dbcb4b192b969175f991aec2cc81128a9ea6cde95cddf5f6cfe09277f80750f40aa75accd

C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordMUI.msi.tmp

MD5 e8063f5b7b07d350bbf5c08955c9aa69
SHA1 28017fde0d382980a9467bec594ec101ac01f021
SHA256 1e65d4dcf5148bbabfbf15c43c333570a748ff08c838df10c8a88e7e0b0d80bb
SHA512 c862d58b91faec2d925a261bbbc6d7137c016cb326f9bdd8ce7be374514957917c63a1823b889a5707a6221a59ed2f1c0a079ee691fe04da08c4d71cff52ce37

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.cab.tmp

MD5 db8e3c61761fc3b658b38219c278699c
SHA1 72132f6e3626f6b5a49cb8a4caf1097938616f7e
SHA256 41174ac52def722a641ead21aa915b0430015dafdcac7af34b7c73ea7b3da7d4
SHA512 1ffff1e480c7f6206ea695f28497b38b34f2a4d1d02f91bd7d260f11c8592fc167e0a4d1ccd9c32b4e49c7c45fbbac56c9a7e4bca236e4ffe080925af4b8009c

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.xml.tmp

MD5 0febd67b24e252b79720a5fc6a2d0c51
SHA1 96e841a9d9206e52a8f191468e0838e4d6b3d6d9
SHA256 420ff89941c11697d40c0e355e130fe626ec8a6766a44fa49e288233f17dd21f
SHA512 deafa34ca4bb2ae99b3ee1dc428b23d31ce257cc993876af1b477d332a6cd486df1833050b7dbf57c89f1a015e4ccd552e890a68f08588d5b6f9953ec373c219

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.cab.tmp

MD5 aac8073d4db9964e400110ecd6ad3d17
SHA1 1ea5a33ce63347f6b044a4032607ad072ebecfa1
SHA256 ee297f7aeb58c8121738d3285daa2dafeb4b1905c9086c36c42ac768d7e528e1
SHA512 9512a8d84c5f67cc5118bb4408ada73d947e55240154b4fc1e628139beaefc646d6c8eb3f9033f12fab3a757d7e8a5958f52b433de1f044fc7d0494d14103d67

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.msi.tmp

MD5 9c143e0ca886ea69b15c62f7f38f4e5d
SHA1 039f3bdaa7e163ccad7da80b11dc0b01d17938e7
SHA256 54b3251ea15ef60bb0a6305552bf0c2f8fec31e1b2e42ad240aaf72f4a4d48ed
SHA512 5c138e2e5526eeebb200b80b318d0eaf4a1343fcaded22828175ede36d011b3a5e332aa02bb6971640faff9a4193044e8b5f47b4f9ee9206cf914e6cef317bf5

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.cab.tmp

MD5 7cfd5ee3dddd6e2fd6d3a71373a91d19
SHA1 ac1de3be4d2bc191b0464e1e155ae0e26b8cea86
SHA256 b44d9fd4a757d9ad95e9c1b83915e45822b98d0898c98cf89420d915c5ccc2ec
SHA512 b00aaf5622ddaee3c4358d370713f0cec3cbefffa71d6f862e3e7f3e7457b7ca69ef3174b2d1c9c90506057e7f166213f9d8cf49a661f5dbd167e68d24e52d20

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.msi.tmp

MD5 204819ac9c6fc037e46718a3e1b4b6af
SHA1 31613aa1e0720c2707567619e79e636b731e889f
SHA256 73c86f96c7a0f0d6b71db6b8754debd02bdf24585344122949fce11156b6f437
SHA512 f9fe0089f2b48ec6086983061b378c9cb1d3d125393761de6330efd76f8c6b8c2db863e9af0837e2a256399cba32746f22d7eac56a93a3491aee17ce6cc03cd2

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.msi.tmp

MD5 2cb935a5783c554b634b146a73f79a1b
SHA1 9f6f46200782ec25f0eb247d23f7b13f8acffddc
SHA256 3364b586be3733d1474074742cba9c641b7763717debe054b9d15521b43f9554
SHA512 816a6bacb091bc587fddfc6315b58575c9c03f31aaaa2830d5cbd91901bf0df2bb23ba3c94c6a3c429f14d8dfcac4caaf12aba509478328827a7616e51fb1f22

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proofing.msi.tmp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

MD5 e9c6d1a39bf9b44c1309d2008bdc4434
SHA1 8d3e29eab0a399dbc9b69f8fe49d67758e4d4390
SHA256 2a71435571f3f51291e679a899db09fb09cce4ec906538eb2d0c462632189f9e
SHA512 edabeb9dd860ddcd6ef7e6012f38f25139ec7b48a388fcca68c00b77f55f38626425d3c82f1e2c8fe31b3196b8c45d3dd4db7da4c76b9f6cc7669472d2592fa0

C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfoPathMUI.msi.tmp

MD5 cb7fe1ab43119c2515e71b3149d4a8ea
SHA1 5530fd16defec8dfbcd2e7196f182257ade8633d
SHA256 6cb0eaab6c5118d014021b9752132dbf63e4557c4c45ac49d86020241fa810b5
SHA512 82cc6c0131ed4cfc1f2c284995c6a990367800cdd8d1359281efba1c218a8aa4c4c94e09eadc27d444afb8be44c2412898290963a3d93048d4e1082d0e467011

C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfoPathMUI.msi.tmp

MD5 44f07997bdc6dd67ff2fc367bd143337
SHA1 1e72735ce561e337ea093e4e574440d30aa09464
SHA256 a96478f91f1e10c58c23de2e55b736b836b7426f57470e505577925e9e1debe2
SHA512 2a67c9c1127993c3b4c57b82371155ecae26b7fe836c1f5176266762f3349e86eebf4fb5f717b765d890bb629ac373c23889f5e8e16073278183397502dad673

C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

MD5 2a1b860c671bdcb9e683b97cf781f50a
SHA1 ef98ee650b77f1d7c2fc571005534e0ac1ed2600
SHA256 43b00040890a776118bb20e6ab053a3fa88383252220273102eacf84b1b72b53
SHA512 d0b79e9e448ed65743102d5c630a5f8917f7464ba71eda0e8a2c4e3796aaf5029897695347e9fd064e2cf5c3f4636c8acb1f230bf2ac56e3c935cc850c839bda

C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveLR.cab.tmp

MD5 15503fa716f0d175deb391fdaf6d8fd1
SHA1 2b0ecd063d6a62fab10f2d0c4a3893758830d0e7
SHA256 1f222e2cf0642cdb2468d6f62c4858341638a6fc901b341a204ac600d74649a7
SHA512 d1f3055f51df50e53a6c482dc45ede5bc00e4122fa34501f011c234d2593c154cb61620da833b8ba8d36e8fa0682c29f1163296291453d8d63e7384ad04f38e8

C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveMUI.msi.tmp

MD5 f1d545be8b6b36dd235f48bd9770b828
SHA1 3b83528b807ce8868c0436d65b2447c68fcbac1f
SHA256 dd337b285b069a2b4e11cb97de72fb8a7ac93c68c12cada78c58348eeececdc2
SHA512 04fe4d9e1e60c937fecae313e07b6fbbf2ddde4c4bb732290e09b184965bbfb2b94871331a6c24af8ae03751c69fbd500201bda3537c5c58d9e366697bbfe4ce

C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveMUI.msi.tmp

MD5 9e08e96a29ebd0561b8d6493818f4e0d
SHA1 7741182b365f583e63c4ba44508b6c5d89233838
SHA256 da9046b2e2f16807f56f8fac49ce051bab2c945f476126409fd575f7e8137fff
SHA512 5277db5370f513563486f05b22322f290bce65f19344ca9a3140de9354d30124eeeeebdba80cb013fdf5b20dcdcec8022d681e530f28e48b29adfd2a9cee9f0d

C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveMUI.xml.tmp

MD5 03b768455f778c0fa11f5f3ba931f94d
SHA1 3bfaa25aca49c6fbe154492eb1d2e8c7ee84f211
SHA256 d735e158f2b24178fddab7686cc4ca74100c4f1ceb278f5131cf6e1b80176ffd
SHA512 16755000f6cb3da3a4264979bbf569ceb7c1aada11422b98fc7d354a49f85e45e3b54c16fcbf33a153ad9124922e52aa82dbaa629999c04342a7531fd28b24e1

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\1033\dwintl20.dll.tmp

MD5 22f0c529391b7846b4181cd2b021b13b
SHA1 a57e4950647c3b33136f29aa809a3ff9e3d53034
SHA256 f6e1a61cb422593f212e11832df984d7a46d7a1aa4cfd10bd3a5c5fd92545421
SHA512 bebbad886ba6597620fab26666ba0ef9b2b80304342e5aba2080eb1a0ae22a04d2ee32e49e33afa55dcdbb76f60b3c8f65b4ef3c4e2edacceb20b91f174ebd44

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE.tmp

MD5 cbf7cd508782652d004a228c722d0957
SHA1 195013c03f364ad740632afe37b7f5d69a2600c3
SHA256 ab8669dc8e701b543f4052e77abd777f8d51b7077dc76378306e51451a431bb6
SHA512 ea80318f498487523e7328215742ed229004c41c3c2236bf3b7105208d1a315c076000c622158fe55529112d8fb15634a79737bb796500f5c66d538f963ed551

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwdcw20.dll.tmp

MD5 55644ab7c0821da24b1758f9f005b110
SHA1 66dc52f4ba4379e04e5b740cbd7613ab2b6eb2fb
SHA256 347414149049206ca2cca57c9f837792ad1794452c1ae19cb309e102d830386b
SHA512 d9965a6a3649c52e6d004d61c37477c6347913557c76b3f7eb1203eec70111e2a8762e5c0166ff52900159dd6dca6757176471980dfc70dd97f248b5c87f0d7b

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe.tmp

MD5 e4be8ad020600c838bcca7b00f2defba
SHA1 3ed952a22b7866ef48cab8b5c8b867b7d73ac4e7
SHA256 2bf890256c85304512641ca2494a83331af3c1ab5d6a0aef9f761b86c1290741
SHA512 0109a7b580ce72842abc4519ebb522e013f52257b876b40ea2a0b129ae0eb56e3b5d272b7b4a2e775235d3898832caced4971576ca823e88382ea01460915ec6

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest.tmp

MD5 5c09ee2c2fd00f3c25c36dacc5f7ee28
SHA1 aebe4b1052442efe74c0fb540db5b1845207751a
SHA256 fab94f7af1c9932709084d0d354067d1c320fb5e4e5ff76eab5b9152b3994793
SHA512 3b935dc27c5a61d854b60ab14dd41a9ceb9702c74495a550612418a08befad6e0ffef7762f1a4e3c412a28efe5789e118eec892bc8f95f9fadfa5b17026268b5

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\msvcr90.dll.tmp

MD5 fca86d86ab95016ff6d4c4d813d0b85a
SHA1 22e6729869656713c12a9256b0f45093ff570bff
SHA256 20dfebde387bb9e1e680185af4322f706ce4bae72adb8635e54c470a60804444
SHA512 a904242d02437ce14391be1f9f2bbda1448fdb7ce85aedaa915e1bf08cbdd11ccfd290aa5d805c83ebb609666a89f725238f877066733cae62a9f1ec66816aba

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeLR.cab.tmp

MD5 3104a569f911dce432eede340325e540
SHA1 c66ff98ff04ae93cfe6b5b2836c465ba91be307a
SHA256 9e6420e2dfa988a91ab20754c2ffb97cee8d8be72a6c22a5dd26c66b0804ae48
SHA512 1f47f6e7c17fc2507e61207d2e75203442925df3a246b879a36a3498a1d697fd465c64d278ec48b2f3f4104a81383a81e835531a64908fe985fd598ea4b80548

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.msi.tmp

MD5 dfac4b217c9d120e53a53c8ff15d2360
SHA1 0ab8b5270b8c7102bca7597161f23b730e95c146
SHA256 80c9e9e6ff36d043a18dbce7617a15d820f9e2ba344dba6fda312b822640e1d7
SHA512 20b7f67366537f03cb0d509c7d91bc254e3a0ef81569316abcb380acb969302f62abe3cd538f8c12eeee70fc3c6d791fa9907ea26d2d95fc556af12967cc91de

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUISet.msi.tmp

MD5 1e5df01c9579a44c158d47d4db2c9c03
SHA1 0154d4c4dc6c847badf0da3f06339585a53ea7bb
SHA256 d79f1d8f405b10ae9b5d99033c7580819bf9a5f43d7b5ab12acb2d53477ed0ed
SHA512 754d2fe5ed4fbb409f98a294c03bdacfe676970810e6c618934f89b74febf17125105dba77472a5a05dedddf2933b09795e67a29cfd1f2bfa570b2d4defe0c7e

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\osetupui.dll.tmp

MD5 2dd41232acce4d8d0d564bef85a16dc8
SHA1 dfac9ccb44552db351cb69ab687e8a744fe66ccf
SHA256 6fcc7a88e617ba5ec8eed27052442a8456624c3b6796fbc21e9d60f638090f4b
SHA512 7a17402f5c2ad4cefcc79211296cfcd3c5ffd263112921e23c19ec4358d547e53dcc8c20d380c6ecca5343558d5667f2f8ddf2ae54ff3430f2572fb8d7d7c629

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\pss10r.chm.tmp

MD5 962d66df5bc8296491892ba414c023a3
SHA1 e2e7c873fa62ded6067bc3b48fbc01a4fa34ed83
SHA256 5bfea073092d37a32636878c8b1ae38cdcc5dcb407a7839c80779fd71a01f3d2
SHA512 73efaa80fb5f2a6ccb0297cd2b1c85239cefe9c5d372e853ad4482a377a5925323d30ab16fad92d4e3889bc4ea2e1358980fc6c332b718ef2e4fa172e6640bdb

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

MD5 f74e6392c62a90e6124f582523308ac0
SHA1 02af5c0ad2ed6dc9bbe576f6c8fff44fac8b66d7
SHA256 57e55b61ba2673031629a8a6f621718267ae9897319472f57ec8a99d14824626
SHA512 1311f7892df5ace4247f2ce4e48f16b57546abe94a71554cbb0057f993942b1b528e25713ae9056766a720883fdcc8dfd4fe159ea2f07275e422451eb1d01994

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\ShellUI.MST.tmp

MD5 b363d40738e97a1f4d184f713b6fa814
SHA1 8d42eb44886bece041b993d0c1fd743ea97074ef
SHA256 e056cb5d557815718199a047352bfe10b9e0d2d441c5dd572435286174e9d690
SHA512 b317c4a6a0661d93a399ce5e9f11aa1cf9df6ce966a9d04400c6052b8346c252b235839a255b59773cc6fd6a0f6327d4cf0092c072f7fd24c2365d54ff3b2ebe

C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUI.msi.tmp

MD5 11aadf9cc609d5defad9c214a49b76bd
SHA1 9f43d27d43f3e0a024ee13216ebada8e3fddbf05
SHA256 e17ccb437abbaa372431e01dd0e3d665b1b89496f526f02f7a6603467c81fcb3
SHA512 49391dacc983d3da2f93e399b913745ee8c1102937a2fed41781333f76992c1ccd8b2dda92d3adb5ec02231efeb2f3cb98f903f93988dfe0d80690433b3bd72e

C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUISet.msi.tmp

MD5 e634bbc30f448009df4095d0fd339dcf
SHA1 e12ebc42ae7b2d9911aa014534137b4ee52ea5cb
SHA256 0f75511860ad00f524e1172dc97c80dfc025ddd912e8f256e9f948f384a6f409
SHA512 a95ff9f7b6a1afa94d6a646f90cb56ef55fa2f2582e23342224e126ae4a815f59388aa03f70d314bf23891b45c4e56bee2fc76197c68fd28daa8f62da03d3936

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 04:27

Reported

2024-06-13 04:29

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5e65aa8a381ba11864a17f6732e5e7c0_NeikiAnalytics.exe"

Signatures

Renames multiple (4877) files with added filename extension

ransomware

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\Zombie.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\5e65aa8a381ba11864a17f6732e5e7c0_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\5e65aa8a381ba11864a17f6732e5e7c0_NeikiAnalytics.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL001.XML.exe.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL011.XML.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TraceSource.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.Primitives.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\FileSystemMetadata.xml.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ppd.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD.HXS.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.IO.Packaging.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\th.txt.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicuin53_64.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONRES.DLL.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\mojo_core.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\classfile_constants.h.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\sRGB.pf.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsFormsIntegration.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\ssleay32.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationUI.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clretwrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessVDI2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART4.BDR.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationUI.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\dnsns.jar.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Loader.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINDATAPROVIDER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\msotdaddin.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\vcruntime140_cor3.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\hprof.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL095.XML.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libssl-1_1-x64.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Primitives.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\ssn_high_group_info.txt.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GKWord.dll.tmp C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5e65aa8a381ba11864a17f6732e5e7c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5e65aa8a381ba11864a17f6732e5e7c0_NeikiAnalytics.exe"

C:\Windows\SysWOW64\Zombie.exe

"C:\Windows\system32\Zombie.exe"

C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe

"_Resource Monitor.lnk.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 99.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 123.10.44.20.in-addr.arpa udp

Files

C:\Windows\SysWOW64\Zombie.exe

MD5 f052d15f1b566107764a2774908b6af1
SHA1 9e1028843bff7fdffbef8a8a41d0f96811c6316d
SHA256 f85dab0872df5adbdf677222092b0856a1838d56cae16021d069f293b4b34b61
SHA512 40ec41f35a125c28196e16365bd2b8b480edcd6d19c0132f248b3b32f04f22fa49efe1c7bc5acb9106215e1630475f4e3ba562d77b2d707b6dd1bc1562c798bd

C:\Users\Admin\AppData\Local\Temp\_Resource Monitor.lnk.exe

MD5 ec66d5503e4d7d882d34736baf0c566b
SHA1 74f433d2634997353236cba090dbe81e4b1356b6
SHA256 845254d1b56b5bd9b14214ab2caa3b1b8574dbed198dcb3d328949c0fbeae817
SHA512 41a40296a4f08f9acdc8f6b90a462484c07e268d1d20a034b9166c0eb99d73e764d302be32b7ab02a57faf98120322cd18d626496b796f668cee345081539437

C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.tmp

MD5 5acee15327cc180990d838877f366376
SHA1 79191d455ff9fec5024fa9c35ddb165d7cea1e9a
SHA256 839574e6f42fc7560b2bf43c6dbd2c91958fb246ae1d8a64fcd1efe2b559b719
SHA512 f68b8f5732ea8c0a1ac25f2a53d5fdbced960bc261d9e040a8295ea62fc2947069bfe1c29c335b1600cf4aec7890e3c5151b7348ca5cba7ac62772fd4409cbff

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 def69966686443727cab5c0376906d0b
SHA1 38787d39527897e1903134ebfb77ddd7dd74b3ed
SHA256 ab9b7ca352ff00bc1d429f255fc9dc3fcdc9939eef5cff487a802318ae6fff71
SHA512 25cffce93e26e371a7b192c6665069e8b64fe9d1412f4ec52b740b760032c4c8529b2103365ec9dd319ccfa52cbd017534b52bf6b2fb6780f1450c2cef6e472a

C:\Program Files\7-Zip\7-zip32.dll.tmp

MD5 f3e8b23c243be794ce8e881f6ba645f4
SHA1 b70e1a3fc40678e0b7e2b8596bfe80542026f782
SHA256 6ac94ed7ca00eca9c1637c5f4cbb43dc2330ff27c7e02fc75463d01a82302e1b
SHA512 3c12d297ff314f84e41fed8eb6c48f065b8c77c92416467598ee9ccd158b6c35b717f48059bf7e77d986c3d2df15558799a7103fd6eb581db06a1c7f116dac6c

C:\Program Files\7-Zip\7z.dll.tmp

MD5 ceeb3137e53df3906a21acf6b3cf2062
SHA1 0b91ba75fd0694e910378dbb5fe296f4fdf6b0d6
SHA256 8a587f759d3d2c4baee3dffe1156d312a114a2f01f2a08256cf2c6bdbada8387
SHA512 d936e38d71ead8bc9d7587a3dae26e5bfe0ec8b5871c712c37ff5b64cf87c4c35396243c768d7c2b9382346ef2dd5271a77359e82d02013e21e3206dc2c116bb

C:\Program Files\7-Zip\7z.exe.tmp

MD5 e089c54e89678411c4f2613d8efb477d
SHA1 e7a6f4cc45a9b43f6cde3d6529bd5857f6503302
SHA256 3e42c0be6cbbf12233068c8a5abd23eb0c8c4f1dcf94ee5f64acef64b1636a26
SHA512 bab803913a4c5790e9f4571cae4c0fd9104e8b52676187fae9b651b952be89965b412b4d17932eaa1e9041adb07bceaa481710b3c65ab3b16a7b318fced2719c

C:\Program Files\7-Zip\7zCon.sfx.tmp

MD5 f2514d60f5572d30451f0cc22e9b1f5a
SHA1 1cecf035f3ef5ed0c787133da6b9aace6d1a176f
SHA256 69690ba975da7b1c1122c61ab25726d09cd798a8f916eb9e545350a93aa80af2
SHA512 ac3920567fa35e77326e77f324302e10ce93e7575698a8293b1e6359639978cf0bc23d6ff3a43d20d09670b01691de3ca5ad9458c8aa69e4deea1f7ea4ba8d02

C:\Program Files\7-Zip\7zFM.exe.tmp

MD5 c23c0fabb6d0bbdf4c1fc47c2e2d3404
SHA1 ec56ce0b8b3121e9d1935f98f09bfdf5e03e4555
SHA256 8a1f6359a3e3e5ed528806c1b17994e468636388cff21ab40d9f3ea6da9e24e7
SHA512 90fbe9c551953201a9ba392c844695feecd3c146ae4764a6f37d27e7250f9f9e87c0a1fefa6dbe77e6aa194047010fed827102ca4ed7de4aea115bb64c6b0322

C:\Program Files\7-Zip\7zG.exe.tmp

MD5 6a38f44a9fb2fba31aa42a30ca47a14d
SHA1 5d7a0d14e8486367222626a9474ab1f81700acc2
SHA256 8bd1c7fa13beaa74069a7890c90e68da331d3c47de898119525daf2057eee9c9
SHA512 7d11aa6422b100037318ba24bee9a2d4f08b61fa6a3a6c1fecf3611b1a7258f60e315cde1d11f27b4cbb092ec31a97ffc3f84fd9777f059a615d5952d175d7bf

C:\Program Files\7-Zip\History.txt.tmp

MD5 6e77a340c10e76503d94e69190301e00
SHA1 b68883db93e93e8cbda468caa6d769294bd018f8
SHA256 d01e5b2cb4812d3c97d2304011df90a50c5760b51eec5aa837a3f730391dbd9a
SHA512 2a20b193d4ddc6888a750bef49358e3a236a92e202b1ee1f9f84b23a539f1a159e4926e8593f37c022a5b35058262d9c16b1cf23a5c6b2bf61cb386f6c6dc9da

C:\Program Files\7-Zip\Lang\af.txt.tmp

MD5 9f687f5ffe95b603d437d05be3d70672
SHA1 0561aeb8ad921e48508c9c1b9e3d843379e3a20b
SHA256 0ef177b71fb2098d4534ddff62731a814d1c56c60f1e175100729708a8d158f0
SHA512 0573456eac8be471a1f9dc38891e2a3b012c260e35335175b2e3e989326bb0163146aff0b04928c272b30c55d5f498baf8f75e69d0cdb4b4d054f06adca4a13d

C:\Program Files\7-Zip\Lang\ar.txt.tmp

MD5 4091ee47a91d80b9ce132dca15c6f2d8
SHA1 74baab52b0adb6b0a7fc6578465e679fd6517928
SHA256 0bc693bc9d11e99a7f4ee8834884e98eb2d39b889b4d7e4867520a09d181fe6c
SHA512 abbb694073e6c3864043bb253ce45da9e6c26f9827c700f0d374c0010f5f675c5b96bed86ce60087570447b8c744fb0f10d8d17988b32b8febf5c637ff569fd1

C:\Program Files\7-Zip\Lang\ba.txt.tmp

MD5 1b01674d71973f156bf416557d1a94a6
SHA1 77edfd41c4f3192795ac24a43dde29cac4368d2c
SHA256 ea6ca9407db0319d7ba88ff362e7b11ec1c7a190e9cec19126d4ecbe137c80d8
SHA512 9d929ce6a7fc2c119e6b6a4b17db2092949648c6ce9a74b5133b7fb355d8706b1ad076777376a6a00170b73bbe1b9c16d3a3c3ba0c1bb636ff7529fecc1e6b21

C:\Program Files\7-Zip\Lang\be.txt.tmp

MD5 9e3532482c127a523f14bb56f054cfee
SHA1 18672343d40a629568e908805ab6485a3e04ca68
SHA256 dbc3c31d5a1493c7adbf4c074c48779a389c151d18a8c74bfb54e7a85c77355c
SHA512 08d5bf547ff9e8a0af610de2ca674fc6e39d14a3171d1eba57bd132d520de49bcb787d261a59c247625dbd89d970533b35ac796e6f9714bd18b614d0bec70eec

C:\Program Files\7-Zip\Lang\bg.txt.tmp

MD5 e9e21299142f084dc70d17fb902e01fe
SHA1 e69b494c115b1c5721e234764d6d78ab1c7f3df6
SHA256 02f02395575047e92154abe222bc59c0cba2a14480377be132143c168bacaafd
SHA512 05564a607b9fd4553186c54ea6d43d2ca364d2c95ddb34cd8fc3c4426393c7d2417c723bebf21bca276bf0734468beeea6f76d5228a0fafb62e396db03f67191

C:\Program Files\7-Zip\Lang\br.txt.tmp

MD5 e88bc81a3bbefa6814d89b2e1535dede
SHA1 bd1e173fcffb3a18c0a47b21f32be32c057ec0e9
SHA256 2ecce37352fb15416b5c6d2c84c03d9ba762fee1f95f7faa08787b88240c54b7
SHA512 7d4f6cbe864f8e98d6e0b32e5a20d9d77af39d0943345e02812efac2cb640d99931af98a04f71feb8f5af9bcd9509567a68aac38c7d094a48199165c856fbcbd

C:\Program Files\7-Zip\Lang\bn.txt.tmp

MD5 2d762c033a3175eb4c46c6bc122b5ac4
SHA1 280f0281d9fe945ead2b9768f01c2b38a530ed4f
SHA256 fb4a4f0f64d617616b37885ecc403724798260e532ab7488fb63dc87c965322f
SHA512 81e313ff9f8ef021e1bef8105402be645c9f8bf5d22bb1e4ba1ef640cad25041335836d3610cfc99fd078d933f051845e765396b613b07fa37be350a50890260

C:\Program Files\7-Zip\Lang\cs.txt.tmp

MD5 ad77139ad94395a154def6631516c1e1
SHA1 d0244f053891a2e7cf4fa6deeb7d920584c35050
SHA256 cdce3de1312b1ba34eb0a90add1c21e3bbeba26f3a9c46ccd74da465d12a59f8
SHA512 6be7304bc32aba80500ec4d95433087edb12566c953d0c62f5382d25083e554838f31fa53c5210f1a28859d26e404b466802822d8ca17fc7af1c9767320a9f2c

C:\Program Files\7-Zip\Lang\da.txt.tmp

MD5 b15cc5b47d23eea65c8bae020dc54f97
SHA1 cd24a6b22901f022f71ef18c4f84b08d80a49bec
SHA256 fc1ecf5a0af34a233436d305be2f5f1fc830442585242cdd9e6ad0f4285351fc
SHA512 038389c9c4225869356a25f20ae0b4263db4f8a4fa383fa9e858a3aeca320893ba6dc5dee1a998cd5b26919e59b83bc8196bd6b8ce7221cda32a3b354b5d4a92

C:\Program Files\7-Zip\Lang\de.txt.tmp

MD5 9ed079510755628eea73a65955135aeb
SHA1 bc50c21023310105b40c1bd98051d9563b1ea8f1
SHA256 c3d1be7273f49e2a629ffd8456eb118d9cf48ecc7daf2f3bd9aa09ccfa168bc5
SHA512 a17b1090e67ad85514e46cd245a2fbce0793986c4aa2aaef190832d24eba143d71d77eeaa704e57e33619496eaa3cfc133c7bf58e404b08a5ed71e92cc579c3e

C:\Program Files\7-Zip\Lang\en.ttt.tmp

MD5 88bddfffa348da0f4f6b35127b130b9a
SHA1 c67c02541768fc629c87de4d1f2de578ae656c2b
SHA256 4c2916e09afc4120a1048a7d59a2d7200ae1cc666be78f8fc5710b74fa29e7e2
SHA512 ad7fd5b10cf5b81642badce8bf8f9d6685d82dd670abc28cc6d280763d513d72b5cc8498c19ea79ec0ee9e2293c72f2fbb66f6bffb3343d7ce7c77b260ea635b

C:\Program Files\7-Zip\Lang\eo.txt.tmp

MD5 82d0055179fb4edbf107f7d604681e04
SHA1 99242aa8fbba071c52d298a32e05e089e56c4f6e
SHA256 107bd80c62ebf6daea1a1c38c01a44048f02cb7ca51520f86430877477b35ba9
SHA512 ceea35e2022290ea65e822c3fefe591d328c5fd9e16ee31a2cab382ab9dfdfa360bbc3865f316dbe5f263ddc0505d74b083e9fddde2983248f867630c989d110

C:\Program Files\7-Zip\Lang\es.txt.tmp

MD5 333d9447142d1ab4b7ec36dee1dccfca
SHA1 6ecaf7c6e0380d075c846796ad8717178defe9a9
SHA256 1991f9dd346d0f02fa328a72991f0b4640b0df12407c00e32a8cc322323862ab
SHA512 8f6d7ef0c68daffa8536bef2022848a30d4caee4f206c7286108563c9020cc138cf15d0323fd171d767f47da86e3e595098b16d7bd2fe7775cccfe2ed94674fe

C:\Program Files\7-Zip\Lang\ext.txt.tmp

MD5 522bec3e4af0fb4381eeeb3c8b529af3
SHA1 166019373961faf76f28eb57b9c2b91a3965fd90
SHA256 b5cc9ca8f611d16d459abd360d9194ab4f2d057ef947c6d5b691df73658eb517
SHA512 bd8598808a14e48fa07dfb90c349e7f57edd047352f8d8150ce6a62468ed0fe377a957c0f2ab5c4dec22baea9173ce487dd00dbf6a2d653c24d9d4d25d28bd28

C:\Program Files\7-Zip\Lang\fi.txt.tmp

MD5 eedb8937cfafdb37c3dd6939537bf8bb
SHA1 07dc2b3cb8e109117f175a4752f2957377d4ca25
SHA256 f4745d8bdb28bb36392f950e8fc7f71bfb55ae4d874c06a9b9f632ba3ff26570
SHA512 c70e451f1e1dd06af3a4453782f7c12f2f1cb69cb8934870c67084067bc897d6e003ade4a95983494b4f7b35f453eaceff3d2e07e77e7afa7f73e353cbf683ba

C:\Program Files\7-Zip\Lang\fr.txt.tmp

MD5 7a7bccf471ba1ebf8a5d5dc201fa5de8
SHA1 22260ab3b24e8e3921490eb42ab57651304c42b7
SHA256 2756a60be83b4d3a76bedefa288f4b18e3d7574a645a7881eaa6d36d852f4ace
SHA512 433403b40bd3ce90e695128a9ae4664488367f616539ae9a4e02a868ea880a20aadb316f2865c708729b22a817b116699b09e53cb5e8b97b6be2e4638203e050

C:\Program Files\7-Zip\Lang\fur.txt.tmp

MD5 79e596cc7297ab585a97b1c1c9afd2f5
SHA1 b6d1caa0cf4aae95526ea80298e0296c81fdf9da
SHA256 c2eda4a8a7096dd71541aa249f0ab576dc4c4d2580e601fef222f8d868983ee0
SHA512 5d8f0effa02a9307eb04c82b88b08853d4c4b1d9688c4181edc3e1b451badc5a83b610e947e8e7c1504fd46be79ac16ad963d515965b6e8d357515949f8cbf7f

C:\Program Files\7-Zip\Lang\fy.txt.tmp

MD5 bb4c0de3e29b91fe61049817232db8c0
SHA1 48f026a3376681af2377ef5385289e6f1d77d032
SHA256 9352930bb75f49088f20712409cc24e6c9cb6472921a805e52e54b72524b7fed
SHA512 28444e417fd523daa3cc848b59c3c87af598ec80064d782958f4df8ae52fbc8396613226ce3e6db1b23f562af08b78f15e873010595bd834be197d577664738d

C:\Program Files\7-Zip\Lang\ga.txt.tmp

MD5 b4b7fa1e67af15141d3d910e701b2e0f
SHA1 789fb0f0cf2b450e93988b8463c8ddd01649e562
SHA256 63295bbf92942b5b05710b1485b6c3b98dc0da1affcfab44e62b3049703a9207
SHA512 753ffed91da1a3482dba896fd9705c840c43557ebf831ebe64bb8e3f66f168e33cdcef17f3e3b26eb66369fdf4f988f3493aeed4a49c91914a935e16cf8ff4ba

C:\Program Files\7-Zip\Lang\gl.txt.tmp

MD5 27798d2f86871d29304cffbd3db0bb75
SHA1 1e66284b3e745a3513c1db283b5e3d8d84aaf077
SHA256 df23b1d95b0a724938fccb3ba6fdb86c19f7570c81b1bcd0d127a267e0a8b512
SHA512 c716b15e0d7974469692909adc505184f016b3fb273804de50107a11a599965fd5f3cad351c0405880dba3e2745fdaffdd5af47bfc988a716bf0b9326d6e8976

C:\Program Files\7-Zip\Lang\gu.txt.tmp

MD5 afa142b72f298a33a2a1d5aec4d80a7e
SHA1 0d8b96d0139dd1cd529860cabc190ee9f353c8ba
SHA256 05ae8744cc5c0e852a8a68b2f758427022902af46847828cc2c906ab067441b1
SHA512 f5e2cae6e3313f7b8e9228c40b355d754f7111c4112125c25f063def78131d0d6700392f1db9a81cd8a149a1ac0275f6be501def8e68a10f8f14c86c76c21207

C:\Program Files\7-Zip\Lang\hi.txt.tmp

MD5 044ffea68d517c273c5f72067a70e102
SHA1 c5cbdda9eab2f6035dfef45c3a5c4d7432ad980c
SHA256 05a61e5666fcd304aad0558015760fd51ccf57ad60f9306d2ba021cbeb03bcd7
SHA512 277c0b1c63e0782e5df0815d3ab6591a71df23d74d34d791e3ddec4f615e2d360204ff9b0eed0e6b519798312f494b2067c29d13600f12086f419658357c33fe

C:\Program Files\7-Zip\Lang\hr.txt.tmp

MD5 4bdb38da883b7a6c812f22b9bf5d330a
SHA1 c28483051cfea3dfce3f97105391f697d2d92f4f
SHA256 726d5abb68a679195de8dcaf45b455b2fbceae4f8e41b60ff4c13fe4ffae3c09
SHA512 d0c5aabee31e76c77637b973e7e28c2e628abdf50dbae04d5df8d79a133db7681d64b5c1c5656d77ea14d4245b231f2ab160871f0e1979590b6669e1bc55dcb0

C:\Program Files\7-Zip\Lang\hy.txt.tmp

MD5 45f7ca7ab5b771786038edfacd5beb5b
SHA1 93039afb73b1478cb0a604ab472e2bf6bac380b3
SHA256 85d8905785f90debed0393739d4663384a98a360174a44ec5aa47bb611a965eb
SHA512 178a9c46504c5c5790680c9fb22d417d97ea257f99ec776d41fb345ad25fc51ece9b6b5649f00e04a8e17d92df79aae154560b083b85b544eb122df588ff2ea4

C:\Program Files\7-Zip\Lang\hu.txt.tmp

MD5 68715e5b740f07cb837ba404aa9fc402
SHA1 7cda72a72a649b4ff6271b25445048b2ec36c521
SHA256 090b11bbb789f044ccb70e969a30d0379f706b2c8937b729fdb574dceebb409d
SHA512 79092a7a8f3f3feb1de3b7be3a1e45e3b26d1f78d8db32baa6f4ac5010ceea371006a903e6cf0859654402e079493c500fc041257d56273bf93664103b2d3656

C:\Program Files\7-Zip\Lang\id.txt.tmp

MD5 ec65995f74fb76d7011d3ab7f4c10beb
SHA1 2d0c54c021841ebc5feb48a54afedf1daa40f042
SHA256 80014e16d5bb86bc29fb4755b5950804bbf98825113e57e28d0e0dfb05877070
SHA512 49cf35031909c0c6dcc2de34af07c4b8352fb2f9e991e53b398b8ebec5f4993b0e7598a923bd2faa4b5a39f063213678297f14d3ff5542703dbcdbf71b06950a

C:\Program Files\7-Zip\Lang\io.txt.tmp

MD5 a0e9c40f27d947ee2835f9e6ddb3a5cb
SHA1 d513c74032af3eb14868da8ef3ea33fe81fc14b1
SHA256 1eb3b9f6532e0c071b903b6bfcea609858d627710f427cc6586e6fcae246c09e
SHA512 eb62ba2ceceb38bb301ff7acd9c982c60d9f852b996f634089fc52123b4d490acf85f2127137ce854b0241fd13cd0621a33b498abca95595f15ef14443661c9c

C:\Program Files\7-Zip\Lang\ja.txt.tmp

MD5 bccda43941c91462818638ebb80a3ded
SHA1 9e1013fd143c84ef2169c2b575738cdd908fc9b0
SHA256 77ee5cc62ac8179c753a48201d8e5ab4da232134f59bdcdf194ae198c5839fd8
SHA512 f5cb72b054398fe0b34e67698cf260ea48bcef17344979e37b84ceeaf88775ce442162b1317a8de0f10e08b6512bdb5678a1f40f8b24e5e9d0c13fdd2b9f5c93

C:\Program Files\7-Zip\Lang\kaa.txt.tmp

MD5 92671613daab7ee1780eadfc58e297fa
SHA1 c4c816ad4d49eb7946d7cad3eae9e2f477999625
SHA256 5d7a7d0cad36e86bae2f0630f59ff8e75204b89d0ebaaf19687de9181ba61b30
SHA512 c60787819cb3ac983b61428074eadb40462d142eaaa83ccc7df954d5ab78fbc98e41824dc35bdb819c5e86bc2ed949e03ba241f6b1b882c7851867c6f0961fb4

C:\Program Files\7-Zip\Lang\ko.txt.tmp

MD5 76ed40b8a2e2abeaaba222957b7e69d9
SHA1 44d1bea84d32ba59a8161fd2c19d5bb2442a25f4
SHA256 5632aa6b7c874f0ac888e57e420ddbf2120cc44cf5866dafd4c3050468bbfdb7
SHA512 e15019e76e8761ee879ad51868689a259daced48c7e0e8e068e4fb797c8ae28982711c91141aa49a282507386fbfbbc945d113fdf6f1d7055e278f5e5191e25e

C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

MD5 1ccb70ddd9bf1e2de4d3b44132a12abf
SHA1 f514762e4a390b6f551c627e640ab49b737b63ed
SHA256 fa4aee7f1153c7c1a19b90286395956660394076c35154d8637ed38d9356c976
SHA512 38f58ee96753693dec04af5e952f2f9578b22df259608f9645ce901d4cf776488c2c5ec75d466bdfb0d172fbc2f9b835f2251223f1b1240dfa408a6c7004d18b

C:\Program Files\7-Zip\Lang\ku.txt.tmp

MD5 f8b10aefa14f18562937f8cda872fba9
SHA1 23b892b85fb14bc1b04eb2dc6fa098b431525f81
SHA256 cc86ec93e0b96f951ab13fcadef5d40978763f06db825de6f8060bbd278f6cab
SHA512 e77f46a9ac250841a56f9f4430841f5a80b09b84dad4a3f78fdfbb0cad04e5a758e0f1dc1d83f5c80ccc63d07ae4b19b25c2bdd815ff870dc0d218f73c0f3508

C:\Program Files\7-Zip\Lang\ky.txt.tmp

MD5 980eac77680327d609feb52ff8355f85
SHA1 5bbd8b6cf101230a8fc2d35ee5edcbcef0961532
SHA256 1a2a0bdc7377388b0a4a489a2158c9ad21b3921ba87978fd27795b5aa4c96eee
SHA512 49cc1cf201870d06f12c83149babf3798f4bbbbdaf3a0b74756144ee4b109eb7e0c33d2e8045de7c9845ab8cc39944de25c30d6d969945cef67fe241b97dcce4

C:\Program Files\7-Zip\Lang\lij.txt.tmp

MD5 47c218ff5a574b96331618d300519583
SHA1 09b8fca58644268ba4581a4a3d3b0ef1b1d640e4
SHA256 e220c46c7ce422a79c83ee16a344df67f20ef042d86de9c12cfc430edd013629
SHA512 be06bba28e182083851e5bf71c1e91c362c6a336667e771887a31ff245cca67a8ea7b217a8c5d2d6e414babf91a3ff6497e4e6232bcf757978bc19abf299d8fc

C:\Program Files\7-Zip\Lang\lt.txt.tmp

MD5 64f81f4c0bce8a76fe9be3fb3b8c83bf
SHA1 81aa431900e1b4a06736acee9487669eaa588449
SHA256 8147cb1eecd141253ed6a05640df9b4528423919628d8875aa8ba18a23d1554e
SHA512 8e29231fb7a0669d837339816df13f0d8c76a97143f909e72317dc1a3826774564eb3d73190c8e156e67e246977cacb00afff148a3555fe2fa40d7c55a8e8a18

C:\Program Files\7-Zip\Lang\lv.txt.tmp

MD5 17bfe635a5730c4ca6df943ce24c2245
SHA1 c0de63d84304c34c7bd25cfb466e2018b567da92
SHA256 15c01ec41c8cc9b9625d9c894d552b434dfa3f4fa649656d6f4a5d7d9a3d4075
SHA512 efda3103909e8a61b1ed1f07a23f30f7df426f7b2a002e3cf291c6f99ebaa92371a16ad84ee15add6b3b8289f4a135c229bbfba045a021dd40edfcb011b8f0ed

C:\Program Files\7-Zip\Lang\mk.txt.tmp

MD5 4ad1c6bb5ee4eec2a717dc36f972b083
SHA1 35184123e9d074e4d7fcc88e4708be338637312d
SHA256 12bf060179d10c3524024472d0c2a3a1c52893dcfbaca23348e501516b46ca4d
SHA512 78780b49b085db3705893c8696fae61833639db6b8d90c25e2b43def316d04fd7bb17d7d090a9be14c7ee6151136ed524296b442cdfc3fc4a78b84d2d123a802

C:\Program Files\7-Zip\Lang\mn.txt.tmp

MD5 815431beecd6ec9a3d8ad98f1fd084de
SHA1 566b6e47527ce329cd88807a4cf9740fe2f48d3a
SHA256 3e815b7891d9bf8d77444d0d367703427c9b470d34f88abd19ce8aabddacaa21
SHA512 18d68e8e7de61391a6740c4dcef34b117a619b928c5cef23b865149a6f344f686733ab4b78b01bd1582f6a88e6c22464ac5de42217802cf9f3cecb81cbc8a0f4

C:\Program Files\7-Zip\Lang\mng.txt.tmp

MD5 6d2fa5d60353c6ea705aa4398266ee1d
SHA1 9f20b8bee885711c2aabf3cffb8d76dc72085e72
SHA256 6af7d80bd3e7366b253f9a62a0ab699bce2184e96f0928378f1c8ff5fb4985b9
SHA512 4bacd2e45bed4a2d9be35752cb444f152e102e9ab86f536be801ace5b9f35c507a9236f8eac20ca0e5d90e581b9bb686108f5a346cf2593b8749a2c0133b99de

C:\Program Files\7-Zip\Lang\mng2.txt.tmp

MD5 f308b7374dc23d5d141024837a29abe2
SHA1 dbe1d0f927b704dba1d6d664e873a1c02946e842
SHA256 6f02fd11e0eb4201e0b437823da26d8804bb49223ca3f7b93d9f78afea635187
SHA512 d22956aaa3a2a20576cd0a319e236080c720ea5de807b2148b3fc72b3c85fb182126899d461cb2e0f4492f4c3d3717b4fd2baf6390172f18b541dec4ea8e2352

C:\Program Files\7-Zip\Lang\ms.txt.tmp

MD5 061c56fdb6a1377de197827fe42fdad2
SHA1 fd02bc2c82e73ec14d92e532fd48abb02c065c49
SHA256 b32b8d56606a402f66539040053fb6c11a5f1b12a22d81c9cca790a2e798fbe4
SHA512 eb7e11ea390402f5de864d02baf6d94b2c5f285e6f16c64821085d0d6a6886a2746ba9b4c5e143dae71b5a5dfe1d142c73331e4b84f8be808a319929cbd849fb

C:\Program Files\7-Zip\Lang\nb.txt.tmp

MD5 c22a4d7c3543ffc053c3e7f63ac5644d
SHA1 85249a3e70a2715cf2ceccd4e38991aa8dd68b8e
SHA256 c976488c29c31c82b1ae4f568ad4510f7261d384ea664eeb18bfbff4f3730688
SHA512 3cf14a4527c34e57f0cc28d0f64aa42a807c0ae6af5bf643d891319bb754d3844be4f2e16159028b37933daddb2fe4636ba4c3c8226f40ccc4cc8f1b4f47a21f

C:\Program Files\7-Zip\Lang\nn.txt.tmp

MD5 1969e250db10bc2829dbf07808d3bb17
SHA1 3d7e6ec20a9b9fbe1dd12a48ce332d21ead568a3
SHA256 d85bf125d9e0804bee21696aedec4757fb95f1fefc73dfb344cbe4ceefd9fac4
SHA512 24b727c5964aeffc74833aefe518ae67255ae8936a5c11aacc9ee30ef96b3c69cbcffdde057a472f433976bdb1117d1ec78fc12e85b712204f155625e54547ad

C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

MD5 a6511bfaf47a9f71d25c54d6b038e145
SHA1 c9ed41f5ade1e8d87854125f070df03e9a3f3aff
SHA256 80ad1bcfd5fbcfd9a1b4ab16bc456a89df55748dae123da14937a8f8464ab778
SHA512 78ca898ef9a494d87b38038beb8dd17310ba6128f3a727c1f118f122467fb8042825692df74fe33c3c22dc46ef9a5101b210e8a5d28e60f34a91df5d2da596a3

C:\Program Files\Java\jdk-1.8\jre\lib\net.properties.tmp

MD5 cd46a6419d787a5601c8567c7f4fc0a6
SHA1 6a8c1818912ae34140d0f14aa87ad279bc6b6204
SHA256 ba55644e717934f7b07ba3e4341396b0081040bbc8f99731970f241c82c0f349
SHA512 0b7ff949d41a3a4e9c75dea5698a8b65a600b0af0059751463f73b833a3f6cfb73cc98aba116859e9f8e527f055f50130d47ede6674af299eb6a3f7da23e8803