Malware Analysis Report

2024-09-23 04:41

Sample ID 240614-cxxp7swbnl
Target 9b2d134b8d6ffbc935a2e7ce0cef91d0_NeikiAnalytics.exe
SHA256 94a49d87a1f0ca6c709b0a09d1b4c11132ffe940d8837d6d2db727236dc81881
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

94a49d87a1f0ca6c709b0a09d1b4c11132ffe940d8837d6d2db727236dc81881

Threat Level: Likely malicious

The file 9b2d134b8d6ffbc935a2e7ce0cef91d0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5357) files with added filename extension

Renames multiple (4129) files with added filename extension

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Drops file in Program Files directory

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 02:27

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 02:27

Reported

2024-06-14 02:30

Platform

win7-20240508-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9b2d134b8d6ffbc935a2e7ce0cef91d0_NeikiAnalytics.exe"

Signatures

Renames multiple (4129) files with added filename extension

ransomware

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
N/A N/A C:\Windows\SysWOW64\Zombie.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\9b2d134b8d6ffbc935a2e7ce0cef91d0_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\9b2d134b8d6ffbc935a2e7ce0cef91d0_NeikiAnalytics.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mac.css.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\ct.sym.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-io.jar.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Mozilla Firefox\d3dcompiler_47.dll.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscene_plugin.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Speech.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_m.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\Windows Mail\ja-JP\msoeres.dll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\platform.xml.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Majuro.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Internet Explorer\F12.dll.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\index.html.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\clock.css.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CORPCHAR.TXT.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationProvider.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Conversion.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.ssl_1.0.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\Java\jre7\bin\plugin2\msvcr100.dll.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\jnwmon.dll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_hov.png.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1258.TXT.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Cape_Verde.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Choibalsan.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new.png.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\flyout.css.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked-loading.png.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar.tmp C:\Windows\SysWOW64\Zombie.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9b2d134b8d6ffbc935a2e7ce0cef91d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9b2d134b8d6ffbc935a2e7ce0cef91d0_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

"_desktop.ini.exe"

C:\Windows\SysWOW64\Zombie.exe

"C:\Windows\system32\Zombie.exe"

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

MD5 ad42b1627bda67f97131afcff00c864e
SHA1 4c1ec16101e7ea74fb8ff9888391915ae3e2655d
SHA256 33df87659fc1a4d1aafe80630ffa73a71159d27fa4631aadd227c1916fd11d47
SHA512 7ad6e3053f6500e257f459704f03e53aa2c8a2986a12994f5282e89c9f2735d6cc62b15c31b28a22bfd6a320c6224094a333916bc8cebf48723184d078bcdaa3

\Windows\SysWOW64\Zombie.exe

MD5 41d4a6c5930fbef4e1f7a215057384be
SHA1 8d95feb215f6f6193c60307002f9beff0009a659
SHA256 24f57ec4f5c7eb1a66a72f507b4a9429a87bcfa330a36fda1ded833a8907e857
SHA512 8a3fb0c73073de72febbf3b674746163692052e39862e72351040f713fe0017e0f542d9e03df8474c0d7fff35be4bbd4fd54f04272ed6f8fbed4befd5191ad62

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 8466dcc24ba56941346d6f0ee424028a
SHA1 f15244f87eaf0fda912afb4865449253e21b8d44
SHA256 dec73ed93cc0ca560ac65a2463107fd52f6fa8a8de122ca5414eaf3e6fab18bd
SHA512 dc139778a326b08e86b128d74eaad75e868a9089a26e3e114f0c46c36cada9745e8aa2a47e636eeb0bccb816f3521db5bfbfa21141ca650300f3621e2e31cab0

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.exe.tmp

MD5 b1c91637417e1005f850f638673166ba
SHA1 67a9519000f4b9f1ef05420b7950283803a88448
SHA256 d4b1a8974109e8af6489e7b2126a90fca4ddf0a76a9c3ecce330c02fd4213374
SHA512 df1ed2d2e9610c008c1de32fd9ef1fc49bab21f6d8ac3b889176f46263d510733a1aac9a123042200e8b6eadddbe5e2de5fe3ec4a664aa09dd2fb0bd5a9b29e7

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.msi.tmp

MD5 f65feb09ef483aee7baf1aeb4c7ba66d
SHA1 fcfe6866217da5f76120f193d6418840f28490bd
SHA256 f23cea9f978bebc86466def3005cf97948fc721c4d997dc271dcf99bdd23f32e
SHA512 30fb89ece56350d38b832e50f280ab7161b95d4ff755ce17e9d929400c72531b7c8caa80e252ed5172627c94c6abb1dda9150e58f5f0d1feeb1d8e4183c31842

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe

MD5 2448580e8c5206288c45f1b558134ed3
SHA1 e4922c67504aa972cbe634b6db1ecf12bfd7a2eb
SHA256 40e9193515d2831b8f7633cb8aa920900700164b133e198155c19eb1e5752daa
SHA512 e01f7015f721e3f8f9dbad3e31afa80d22158d77a4ec964b7c79324313f514fc48598e0aecafc953984671186b534b5691a12227aeead33dd62d7ffc6a068070

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll.tmp

MD5 f4ce424fa9a72f41db2103b4ad637c68
SHA1 a7da4351d8f7b8caee03dbf0d592909e2709fea4
SHA256 a9d6593e48aad51f615f19bf9acadbe843dc2fe09f97ee470bbd4481f3be0aa0
SHA512 a8a47e9a41922604e9dc2ddf8f0c15b6c8ab22f10d039a0cd27f6861dce26aeade3f98b81afa3b70f6739c44bb032158a360b78bb6fc481707472b8f7145bf4c

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab.tmp

MD5 4ca9bc4d077166d637db3ac2ffd5ff81
SHA1 1976e7289c997e25453ddd44b6b507f16e69e656
SHA256 7d66b270d1b1e33df8112dd445c213238364a853173e8d123e35921657235d28
SHA512 daa93c207867d466546412d06e13c271f88749ddbec58aacb3ad12b2f5a7eeac877a354f55775238b787839ab4c8cfc7d4f2dbf8d277ed5c4a3bfd746032b9c6

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.msi.tmp

MD5 57931536ce7e099898d9c6a9c5723743
SHA1 558af595aa6bf420fa5daff2a101422d7e3e4c8a
SHA256 1f45bc22ce8768462b465386065953256aeb8cf96e0f7c74b42ef66c9e45de77
SHA512 af8d8d1b1996f952354e17e506b94e62da87a8379fa7e39b9212e5d3515585fe756a7c62924b321c73d8ee61fa0625bfb68e29caf5005802c537b4af4cef55fd

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe

MD5 b1264cd75c05612e2fa2a67eaf13387a
SHA1 661d8b7cade3b014f7a9891e95206d3afea17c4f
SHA256 8f3d1145f37e88c627aa024d45800f09b5dc2ddb4a7f19b76170d71d49d49bdd
SHA512 173e2ec5e559694aa1d59fef8a592c27a59e20d9c89e092c6279b0b59e86fe247f9563a06566d44a2511f75dce999b24e2a94c19eafb4aa342e7c5ad0d2d85fd

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab.tmp

MD5 bc218ed46c5c71798a93911c846bde20
SHA1 fb10d4ea0ec34e35407ba552de765ca6c4ff32b9
SHA256 f18d0a5b29218d1ef2da5d14f1e8c8fb4cf68f9aee2a930457ad4100668831fd
SHA512 85528c16d37e77d7510a70b28f02016a94079c60252d144aebab66463c097e69968c6f8cbc154b9714c9dbca8f1422caebc0dc247e79ce7edb0c5a3b49c8c4da

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.msi.exe

MD5 472e1105af0499091db7fb86f6d03834
SHA1 7c5da0cebf23daad6f86d50a4abd028feb389c50
SHA256 79d9197fa5e9268a4389707c9be26d5782275dde7675c6aad58d9c2acef5f5d2
SHA512 787a0d24715b0e0a538583acec87361a41b4dd88be1169d0133e92743c61653c114693ff8afdf8e4be3c7462466a9b17744624f7aab884cf2d71ca6e8a30718e

C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.msi.tmp

MD5 41f8e3bf640e2727b3bfb446aead8415
SHA1 a74b00b47b1b72daeb471dd1604a3dad4b4924e2
SHA256 8c37bfc24d2a36fd7ef67466ba3fa55326c61482c49f36ac9f53ebc02d7d3902
SHA512 315a46fcf80a9d1cd338ffe83582b2dc42802594b0c43dfccf1ce70dd6668d0e8d65fdc4ee78e21891cdbb3854ab8dec78838bd14d9fd68654207b183312b41e

C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab.tmp

MD5 6306440c1820787c458d34c72eb95453
SHA1 3c30c5766edf451fba1ef8c1494cf9febc903911
SHA256 99f0534cefccd8b46bec9b7cbd049c45634173de36faf6464bcbb76a7bb0cd98
SHA512 bc8fdb58017142072b3ea9831cff06be73b5fe358991594886902be2403646d6cf8d156acf98ac29cb72be60658b5822e720e7616b79e620e399a8b1c0211e7b

C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab.tmp

MD5 e60829da26b67322d2adaded64676c3a
SHA1 9e253e4b68dbb12ea58212da4bbce9ef5f42734e
SHA256 041645dc9544e1959e237d0a27ddebe5d7edb05bf5b0e93306e1f8deb6f899d8
SHA512 3e39a75a98d3b25e6dba8a07b27a63a0676b368a850bfc07ef403bd03d5adbca38470142548812f8757384f73587e97d1c65b8a2cb205efa32445b253101387b

C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\Setup.xml.exe

MD5 9a554b7439a2f0aaf283a209386b2cd2
SHA1 094d87bbec4f16e7a3269a4772887f831856102c
SHA256 46ad43aaea0469f7cddf6f5f5188d496bfa724ef9ee5d70a73354e0a1e3f98e3
SHA512 6b36c3194be0f408f1add15e95fc6adb8143f981a76774fa1b77160b4f96c33cfeb5ac268bf341e2c27fd2a3ed20c4c979ca4423868990e8521cbc4f6de4b8a4

C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordMUI.msi.tmp

MD5 16ac4d7d41781f7ccc2e4978bfe3d098
SHA1 bd85215eda77dcc5634865b3c5a4531c7eb79ca0
SHA256 b834a521022ce6abd478ab05e215428c37dd90c022fe750bb4b9502cb22a896d
SHA512 8c43153efc49d685a3e5312654eadb5b5caf753013d576011e542ce8d26702f4f93958d81776767b1707f46d8a73d4f39b1fff133bcce189e762ba130c6db0b6

C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordMUI.msi.tmp

MD5 32b3740e5989f458cb6fe0fe210093e3
SHA1 4d2517ff8ce8823168ae24b452818679f50aa869
SHA256 2e30c86481c2e8ba399162d3b8388332a1d6ddfd3f1af8e2393ee24746bb942c
SHA512 ccc0e1e3af68e459bb647ff644992612518dee29eca525a3eabc57f5f7349fd9b9353f61823de473227e9367bcc0d05ea697f64bdfee6e3acaa7ca05c757f81c

C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordMUI.xml.tmp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.cab.tmp

MD5 8aeab2e750181812e302832f6d4b617f
SHA1 dbe9081d1f127e6fbda065c5b7de4a1fc9041427
SHA256 0595ea321bed20c4b5b760b4626a108277a48cb01e1d96690fcd407b78db2f91
SHA512 e7c1050aa0232fc75c59fe50c316ed853517257c9c9bc67fdf4c21e12ad7e5b84d93c72135257b3c35dce55750375d3530be1e58f71926536a37fd0d53c24073

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.cab.tmp

MD5 56788dcb22cd9c5a6ecef28b75a15b83
SHA1 78bcffb9936e1cde6cf63a076a0dd4e92cec2549
SHA256 1af6f479aa568ac5a4fc2e0e88adecbd6139fabb159948f366d17cc08e03c562
SHA512 46e8ce2ecf1cdf5a9b23623a0b91f8790b64bc50c95d70ee9706326a380def5d8c69320c77844be597fd31351239c5143ca581613f54207bcb87aefb7bb45e2c

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.msi.tmp

MD5 0c9fcf110615a82a5d298407051b6876
SHA1 6398aa30ec31e6629a3761c654e7aa15aecae731
SHA256 f5c0add3711f1fcd36ddbe3708ed2093e766b33228819d2d8a7080779c51651f
SHA512 9490fe63e93d76f967a7c1896945600967fcb60db4d11d42f570c816ee7d5fa17dd506d6e57cf082e85724111a1e28217f9a05da47b6401055cd5d1b8550974e

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.xml.tmp

MD5 720c84a81a7a2cfbe87c1b0803737b51
SHA1 36d6a94ef4fd0bcad8fc5a05c4b3dddb9edb249a
SHA256 8e9a46d6935ceb0f659bdfc906f67109382b9877a29182b3d0abc93f83c64316
SHA512 932ce8841eb0d4b62164e731edabc8eed59120463c5606699cc2d35621e80dd6056ff97d7c465752141a3553753c9a63c9471e1f01c1fe43ffabf1abe56ff384

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.cab.tmp

MD5 773398677067acc02f26a4ece7d7189c
SHA1 d2bea313da77401694428451f358871cb00aad8d
SHA256 e3dc9cbaef3cecb2302903659b4ce5a998bf0e2cc8c8720fe3bbff353fe91c3d
SHA512 98d732a668f32ba56830074e880128a09d53bd96f0136399fd94a2489aeb7b8dde780e9386b59ebb570aaceceaa3b3940a971cb515405ea5d939d9b217b5c4a0

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.msi.tmp

MD5 831898aa2e4d588d68a111d922171911
SHA1 07e0bcac048beeca3d98083f0dec7ef45fbf169b
SHA256 59b8d728098a76d9f8e0ebb80377621f4d36cdb2ec03ff3c71f1ad84488fefd8
SHA512 5d1684dc542102c941b13460286947718d3e61c720f46347224075d5b7dddff65b4a96cc4a50c0e371b84ecee8512db4a6bd8e15dcf14760cbd9b2a577dfcd6b

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proofing.msi.tmp

MD5 71506414f7c58ee31935ded867acb45e
SHA1 556f0645ed1cb777c2c889a24e41602ae2445ca7
SHA256 d2ab490c9438b1a31451698dc2f77ba4a0fa4d9fd3b08da38f5629bfb5eda327
SHA512 db86df3ea290ea798a1c816416fa3985aabe9f6d67d6f0f30c2bfe4078d2929b85f91f8288b2a36e159e51ab3e0b1e382a67ee9e1312aa0aa77c508eddf04d93

C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfoPathMUI.msi.tmp

MD5 ff248a7afb0c9060d9f37bb62c4bc28c
SHA1 6988835204c605b1e375d9b9cd41cd07cb3dee2f
SHA256 0b579ee2734d03ebaf0f0ec1d7fc095cbfbdb9111305b2edd899b55b36d87fb5
SHA512 f84e948f7df05bcbb169df765712a9e627378c9ce5cc0130b97ebbb3e285df8d65661c68884222abdad8092567b15964e72cd48d60f9b7ef984de745a7054b6e

C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OneNoteMUI.msi.exe

MD5 365016e5c225b5202588f6b5971aebf6
SHA1 4128b9a7892e807ae3a2157c4346358752833ae5
SHA256 2d7fc3132a8d0dd9ae0fcb77e8985ae548301752f85f7bc44c4a59d8b5e30b54
SHA512 4481b77095ff9ab5ed7bd26338a8ac4d72169e85fccf4d2db0268007d07f865d81ba7292289426b25fa18e60e7a25e3b62dd876862514d2e582fd41f62e8c3e5

C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OnoteLR.cab.tmp

MD5 ff94eaebd9141da3afe8b2020a5adb3b
SHA1 cb923ea125717e91ab09e3c7f5709eabb0f7126c
SHA256 44737a02dc4532abbb3b8742aae7672ddfc75090e6890a4f3a1abaa1113923f8
SHA512 c5c96f0b0f3dc20d89255a6ca56e94fd890947e100282f99b4583fd7e08a434c4dec856a8cce417b6189d1b436108aa6ac45edd4d3f56ef3ac1be6b785b7a8f4

C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveLR.cab.tmp

MD5 885bb332af1998a6cc43cf69927f088a
SHA1 72475ee52e33d45f337e22fd815b844c67e5117e
SHA256 c3261d6e853f1c3b6060d7a88c66b8c6e8c3c71dc2beacb04c1ac17b0c13aaab
SHA512 9fa1258a566cfa3433b6a0ffe7d0d9a230f48c973dc64edf6bd67c850c552366e63607ae04034b5158bb78c1c1d1389fb2ecb5721882029a27d5d50fbbdc86a8

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\1033\dwintl20.dll.exe

MD5 64929f87f173b7b7bddd322ab1636266
SHA1 0122ece7c15d5e2d0b59cb81ee659da376b1a93e
SHA256 9bae8ca9d989db2818038dcb56bee5fd9b55962b6fc515b135686a675d41cd28
SHA512 96ffa4206481c86a751caa63ea6207bb0f4c9293d6ea2f012b45931b2627e5cc19775335193ded9246bf58efba404bcba54754b97c838893d172939a9e1c19e0

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\branding.xml.tmp

MD5 dd2c2524c014ecc1d2f78b3519b96658
SHA1 c86e58659dc3d4f8a6b50ff44680d88a7f83ddd6
SHA256 0cec733780656fd158bf4d2a5295c1f3c6f50475c50a2d45cb7570b1136e9e6c
SHA512 fc7997ce14903f2a1fd9fd78d6f3c6f612a8c384c304ec5b94f850f09e5000da2680263de96ac6a341cd85cc4b4ab6d3163a45a0ee3595c0cb114d3b1871f79b

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE.tmp

MD5 a8c7a10e4e0b05f12fb50eebebabc3e6
SHA1 ac70dc4c86edeac5b272120dd5b605d2ca3201e7
SHA256 e96531b3e6433934b4b3319a1898683805678dc23505bee53d10e6e681a2725d
SHA512 f2e8fd3b3e6daa3cb4ad7710458b33ee7b3f1341da471cccf4eef5e1413db59a1ea783a35a868509950d2f07c6faa5889d65281db61c7e918e0dcb86126ea2ed

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe.tmp

MD5 e2c71abf22c79db7029e9ac91cd345be
SHA1 f2fd17d967840a9857a6319e88347a58e9c57881
SHA256 5df7fc29d678b7fc784e76dc57cf23fbd9b3ac8c1d8f84b1747fecf80ab8734f
SHA512 612643dad403a85115ebe78e99ecee568629547b4de9ef5c67f37734bc628590a5067b2b85090e24ba0a7e6ba9999b2bbe18ac733e071ac1250feaf95fab0dc1

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest.tmp

MD5 4fd392437be08e6ecc20761e2290ca5c
SHA1 c52a868fb0326b527113f14e2410107d7db2e94b
SHA256 7a5d9d2da8128bd180278c28addf8c7ddf935756f596672fd699b3c82b5c82b2
SHA512 63a1724e8a6dd459c2645b0a1de45f283f3ee335330844558f08e535be8f639a27fd2cbb854c0fb24614f8763200c92292778726b92de379a44bc35a23c1c098

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\msvcr90.dll.tmp

MD5 6d44998233012f67b00fdcc8f3f1e26d
SHA1 b2522ea2dd3d9db9744b80234d9e23344df56d07
SHA256 7a18ab7817d3bfb58615ae8a72f4e92ef4ec7a16f1b7869ecc5ee32813ae1610
SHA512 2d6a20308f2b18e2baefeae6d8bce4bb92c956385a019aa8a4215c00e488a989f79065ac12ba38517539bf958770758b83c1780fe2b426f89666098b8fa29c5d

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeLR.cab.tmp

MD5 487ac15ff0b2613d2851332b1cd7a131
SHA1 45176eb280a496f6cc764f2e7ba3747cf41db162
SHA256 a0267bb0bb851d1a67cf650488730a1837af11e44e83dd27014d28222eb1ac95
SHA512 081c1bac6f17225aeb7538d42c900a27c3396aba40546583cccbd66098ee3784c198f41f164592deb0cbc39491a30097e5741c3dba132bc246ed29d20b65e5b8

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeLR.cab.tmp

MD5 5d3c5cd21bbc13beb216b9e02afe7571
SHA1 d001cb757145134f5641b93b4b5c720cb1b29b4c
SHA256 6ac5448ba7404f87caf880c9052fa2f3d619cc9e5206228091c2148621dfa673
SHA512 6fa7bfc38608040ff6f57415bfff118dab13c82b135d520c57a0b6665cece7abad46166d48398b2ce71e61d12e20b7201a9a532cea9cf5d3389772eeac0542c5

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.msi.tmp

MD5 942f6a49d2ef1b5219bfebf88acbb91a
SHA1 b5202b20b083fa9183457d6b6a9251846103283e
SHA256 28921eb75d30e61d880343d360ae556732b0b53c99dbb4f943def1fdd5cb7e90
SHA512 a66351418695d91182d8b6435cef6da945e44aba548a47db46833ae8d4d9b3371b8bdbc0ac18347c2673fa25791f1c3c2d3cc58e230b4b48c13f2d31413aa125

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.msi.tmp

MD5 1f72a5dbfef028ccc020c76d65d84bba
SHA1 c1a0285c0ee0a8c87ebf3821b39ad56ef2883b88
SHA256 87a869cc62c549f93b92805b5c3e64b7bf5203e085f7e1b7e13273d40aa0a1e5
SHA512 304ce83c7e0ae9653fe8550f158e6cee43c0b7d8994ffed723a196ff17c4f6e519e60e45e88e0fdd21a5981e0626d783fb06d959080cc53f23dc7a985115f95d

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\pss10r.chm.tmp

MD5 0d2cbce544c7dfe04d8ce323b030e14e
SHA1 6de3777e683ae2032f87b026d4fb2b186553b104
SHA256 d65509814cdbd74835980bf2b1b373f53248b0428a66b44b76fe7b6619aac9c1
SHA512 8bec25e64a37a2d5deb2428bf3a42b03bdef24da290554308eaa4826da3ca2e271035e25b62e49d8f379c06c930f353e2fc7a40762fc5e9949c344c8df648c63

C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUI.msi.tmp

MD5 26078a58aa57bd047814d28f36e91695
SHA1 54b0086497a3054bf217374b9be424918fe0538c
SHA256 ee95f8fd8b95217e677e93e683a2f2ef57f48724383ec315062a7d945087109b
SHA512 285c9ee4a9420b5065feec4b1ea83e74ab849664b4e48c227d1be73e8defdbc3c06229a2de7dc1d9fc4faaabe6afe3d4dd019b3cb32bad07b216fa351785bec4

C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUISet.msi.tmp

MD5 5445260681d131c8cea63e8cc5187a62
SHA1 75f074e82583f8f00c61b36052c20373b3403595
SHA256 f90a8a5112d65d0bbe9609ee89070f115efae598dc4a7fc3a9b38a999c688052
SHA512 457ad23c1d27f45030b2a23da192e422f61913debea811c428c051cc00d0d866a76e72fda5bf46835b44463e6268e56239fc518fe841b7b5668b238ef980933c

C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUISet.xml.tmp

MD5 3e12c851d24ecb6e6e49eeeb2c89cbd5
SHA1 0e3d610784800e65f39356529a8559cb29e5d91f
SHA256 444fe8dc78153ebfc3a16fc2edbb106cd3dcf3885e012c37897649d327d6d1fa
SHA512 01e44fef6446a70177e57df3f0c8731019448bcf37aa908b7ee84bc16c1846a0b978a49912c14356b7579b309d1c780e9817db8649bc2000df747d1fbcee3320

C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi.tmp

MD5 4df8e065508f21f3ce797f4604449dcc
SHA1 443465ffb249010db6a47c5537c53e1f5617ec52
SHA256 5ac8fd7e3e572999b8ab5ce28ba2b807fac4b075848b31771b09efdcdb08d523
SHA512 51c49342874e26f816bfa78eb6a75d4e70a8bc68db02a7680554aba7994b4df70c7f4e15ebb828e6c031858a56f100fa8fa35b5114149a5f4a6d0b2ea8ff5881

C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\AccLR.cab.tmp

MD5 f29ad34787cd001b3c8b44cba7665d07
SHA1 6f94e09420d04c43e477134d5785cbabfd5727f1
SHA256 182349502d9d774d661bd831eca95b5e62a7814ce10babe8d10f9e5a5dcd05f4
SHA512 236a8536bae52e1dcd3efb3098fb9444c94b97748b8302c49f0cac50067dc3faf4ca2d62543c82d71b46530c2ad6ea1cf0909fb39a90e73698ce1c3ab97998a4

C:\Program Files\7-Zip\7-zip.chm.exe

MD5 df105d2861f1bbfa7176f70ee3826b52
SHA1 976065316be37911cad76d5c227ea71778eac0c2
SHA256 496def074496916dd44e62e647e1e71414e133233600fbeab002214edb2fee16
SHA512 4ea7b3adffa5ff37744cd9b11725bce0de35f9064eb0bb93e1bb81d77340043d55ebdabd40b11d3eddc091e424095ebab83a67cf105dd672527d1f7d3904a8b7

C:\Program Files\7-Zip\7-zip32.dll.exe

MD5 cd85f79eaa049b05fadead518c578ff3
SHA1 1edebb28d1eaa7b3b2e065ebb11c2d5b29cd2f81
SHA256 a675f29671d7aec4a2462f79e2f3aada5cd8a025a68df8bd152574a2973ce061
SHA512 8b5d652891f909aa1b811e67f5ff7eb8d037cd6eec7cb4a3c9ecaa1f1ce36b15694b62e84ba8faa1f0e2072ca5f10e20f0e4417d04a6e6587c73686288cec63a

C:\Program Files\7-Zip\7z.exe.tmp

MD5 2ac82cb10350cc213785aa4c7dddeb34
SHA1 c1fdd99b9965307b6ec95aff528381771c83b913
SHA256 331d0f537bc884b03ca70e6cf2553e3ec357a84ad12368475cea6e557bfc16ab
SHA512 64b9344d4668771b2176f727c04a7037d022aea057df2209b9f31856ff3dca69191dcf974e030f6555299fb4535dcf5e65870647a62ddc742e59f09748010032

C:\Program Files\7-Zip\7zG.exe.tmp

MD5 681eea817bb4ea491521a371d511bc75
SHA1 7824530e411de53768e72d8612f2f117ced8de1d
SHA256 9078611bcba12eb5684c7822ab5c3dbdc343942bf28f566ba970100358781c92
SHA512 cc15c0a16286bfa330da28d4b33aeff1875b3299e836ecb55017fd2e960a46e5c16eed0ab07e5d80fc59bb4b7a3ff12477902c78a6b573140c85334dfd9e3a69

C:\Program Files\7-Zip\Lang\af.txt.exe

MD5 f23ecd85604d7db6ad2039f8d6aadfc4
SHA1 149d4305441fcac4d146d3ea11de269ad99c9d69
SHA256 d39c57fc94882daea42e84b1ef65df72c611f46497b941c4d9f4ca98b77f85be
SHA512 1f9472a47b26e1cf35e2dd4bd5bf4df8fe798f108513601a4f4ffea8d852db60487c1db2fbeddcdeed9ef75d5820ab8dd31b80f1c6e5da609e870d2831b476e8

C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-text.xml.tmp

MD5 d4c51db864decfe580c0860f9a9ef87e
SHA1 5915688e61f17118739ec4c50de5f97e73bf200f
SHA256 2fc646970c215229edd9b6537d3ef046ea68630ee8c4faecce145471a7ef101c
SHA512 47861be6eb1fb5fcf9d1d1a34ff6ccc214918eda70d7819a30165b78332f29f46c3feb543be7d15b0834dad76942458aed2b8f9d5aa98c6c70fdc6113dbf3ce0

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 02:27

Reported

2024-06-14 02:30

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9b2d134b8d6ffbc935a2e7ce0cef91d0_NeikiAnalytics.exe"

Signatures

Renames multiple (5357) files with added filename extension

ransomware

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\Zombie.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\9b2d134b8d6ffbc935a2e7ce0cef91d0_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\9b2d134b8d6ffbc935a2e7ce0cef91d0_NeikiAnalytics.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\7-Zip\Lang\ms.txt.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.dll.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrjit.dll.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ppd.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationCore.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Internet Explorer\hmmapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Templates\1033\EssentialReport.dotx.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\7-Zip\Lang\es.txt.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsBase.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ul-oob.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ppd.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DAT.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Primitives.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.AeroLite.dll.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\MSOSPECTRE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\OCSCLIENTWIN32.DLL.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Internet Explorer\de-DE\ieinstal.exe.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ul-oob.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\VVIEWRES.DLL.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL078.XML.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN026.XML.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\SAEXT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-pl.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\da.txt.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-heap-l1-1-0.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ppd.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-pl.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.FileVersionInfo.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.dll.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationProvider.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WWINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\comments.win32.bundle.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\7-Zip\Lang\da.txt.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ko.pak.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\CAMERA.WAV.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-MEDIUM.TTF.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Design.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\lib\deployment.config.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\security\policy\limited\local_policy.jar.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-pl.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\cmm\CIEXYZ.pf.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\CHAKRACORE.DLL.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\ReachFramework.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9b2d134b8d6ffbc935a2e7ce0cef91d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9b2d134b8d6ffbc935a2e7ce0cef91d0_NeikiAnalytics.exe"

C:\Windows\SysWOW64\Zombie.exe

"C:\Windows\system32\Zombie.exe"

C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

"_desktop.ini.exe"

Network

Files

C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe

MD5 ad42b1627bda67f97131afcff00c864e
SHA1 4c1ec16101e7ea74fb8ff9888391915ae3e2655d
SHA256 33df87659fc1a4d1aafe80630ffa73a71159d27fa4631aadd227c1916fd11d47
SHA512 7ad6e3053f6500e257f459704f03e53aa2c8a2986a12994f5282e89c9f2735d6cc62b15c31b28a22bfd6a320c6224094a333916bc8cebf48723184d078bcdaa3

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

MD5 fba1b862d8026372a8e412624db608ed
SHA1 98217c9a06fc1592221bacb91ecdfc9d388cc6a4
SHA256 744ab1dc4228dfd4af3b8379f6759eab7f9e562d209b359b3cac3b727ce8ebba
SHA512 4c3783b2383eeb5464546c4228e59597def71ae986b6377eff436c312bdb68b2b98e47d196c86689e2e6517bb2e73d6896bc29b26c00815c3cc0c82e78843aa7

C:\Windows\SysWOW64\Zombie.exe

MD5 41d4a6c5930fbef4e1f7a215057384be
SHA1 8d95feb215f6f6193c60307002f9beff0009a659
SHA256 24f57ec4f5c7eb1a66a72f507b4a9429a87bcfa330a36fda1ded833a8907e857
SHA512 8a3fb0c73073de72febbf3b674746163692052e39862e72351040f713fe0017e0f542d9e03df8474c0d7fff35be4bbd4fd54f04272ed6f8fbed4befd5191ad62

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.exe.tmp

MD5 1c2ab8e6c5444d99bed710fcb372a91d
SHA1 e2391e791ab36023128dc581c1d0803d8d4cdbb4
SHA256 b01031d000660280d44d7d8a72eba745c527445ac34b342f63d6bb9246d35aec
SHA512 837dd4c01d2ca78f94e4fec8bda1a4c122a9aa016d17764d14edd6b54be869a05eab3b80333c62fba32a028fd74b4343c367f9c70e4fe0a3888f98658ffb7b13

C:\Program Files\7-Zip\7-zip.chm.exe

MD5 aa71c74a4bc7f3b9ba7416f33b398f80
SHA1 ec1370c984ea1e1ac1a0d78d6995a7e89042d103
SHA256 62e358f7b6a8f4953114b0937e9e7beb144573afa910a8fbaf2b8091f5594f6c
SHA512 cd67dbc143a21d64be458cbcc606bdf0361d435bd71825bb9f0265be6a66accdb202d74bc9ddc0a7e1a69d514c883bd92c6a03d334a0bd2dc10b7a69a4c54968

C:\Program Files\7-Zip\7-zip.dll.exe

MD5 2bbc3d12f061c68952033ba3284e19e9
SHA1 dcebc68d7370b999ab4898a668f3af6a480f96f2
SHA256 bc019234081dd33c7280244d7c2a87a8f62ad98c1f4dabed5a16bfc3f6df21c5
SHA512 b1d9207d16b03b24ebbdef05c9ee00bb01019c362f211e63a49b7c31fd69a0eb60538c8cb6c8c8736a3bcb8aa2ec8869a16d3d3e21057e64829c1884b763c084

C:\Program Files\7-Zip\7z.dll.tmp

MD5 ac74aa8de27693a75fb20eb583f4b747
SHA1 366f466cf8d01976d9b76dfa575e121c174d81a5
SHA256 65e88321b27b3f41d17dcefcacafb064a278d13b5a7d1441a18344d7c5d56257
SHA512 ca716cf15656f5dde7f800e5fe8d7df1b41dbf89a7535eb4e44c423fa6d878473fe3a9efec78602e3dabc57919efb57000c3a82252ee3f5bc6c75b729daa26c7

C:\Program Files\7-Zip\7z.exe.tmp

MD5 e6cac78f729113c370076f8006d509eb
SHA1 e9f207fa976d9a3bc7f2be30b824f7b609c33479
SHA256 4cb613a99c480fff15fa6812056626d4cfb68e392b5e903a52dbb34ac736f69c
SHA512 2f6439bccc37d3a18744c39c38f0a39e827a11d6cedb28ff0852d8e46526bfd5e3964d1fd1a0ccc78d5cc71c4da738fc3417e0d0fb6216fe9ffa5988f8e34acd

C:\Program Files\7-Zip\7z.sfx.tmp

MD5 b8c9872ba6e74438274a1c2a3b9c773a
SHA1 8f0dc0a3c210b242eeaa008c449aa0b179acbcab
SHA256 60afb32ab0c7e3571f5a837f070e1de0b64d69ce43c8f2062baddf9545f88ede
SHA512 6f23b73315cba245f6cb0f990f125009cf80b4b7f42de6c01738c44d674c248a067d49107d194e8363726ff66a43c6ada50d9fefddb6e20f577c76bf0a48f26b

C:\Program Files\7-Zip\7zCon.sfx.tmp

MD5 e7f93f093ba3cf81ff9746b657c25417
SHA1 fd02b2b64a84652d261c69f06b302ec01c8e7937
SHA256 a040441d59602defd0c19bd9cd64647e43791841536d2f53f88f3678f21c5693
SHA512 3df98a72b311917a545a11afdb9f064d20de8b6e00fd085dd6d971d6a8b70a328f4ffc15b04aaf34100c30b21b996ee768e97cb0619958c45401cc18cb97dda0

C:\Program Files\7-Zip\7zFM.exe.tmp

MD5 d9700c5c7c5e14c04a14df7285e3662b
SHA1 1e485435cb063f47a4f28ab56765f8abbfaa9e93
SHA256 5ffff2e56b8cc6324ffbf7c9708de83379be9eebf24fbce8e427da015c2934d0
SHA512 3f66ea5339da3135ebe29b2d67fe8a9a40090f61ff6a711dc775317c16459dd0ed372f69e049aea8b6f6511375d4bb9be3e162d8cff8f4104c70fb520e164b0e

C:\Program Files\7-Zip\History.txt.tmp

MD5 bd54399a44078103eb853b09aa45bb9e
SHA1 f95dd6ab7a30bc8da80d6399b53b52f66d7f3958
SHA256 37ed3db2f00d88801f8af1e9c7a53644ffb5b4e1b02b01473de41b1de9446f27
SHA512 b8a80963e138f1005f498c15dfeab2a8e8efac16c928aeeea126a891d0570a9a1f011a0a8d727512a0a70084cd1a9aeeace8ea66738b10e01c42ef00e5440e83

C:\Program Files\7-Zip\Lang\af.txt.tmp

MD5 01aa0923f3c739ff1e19222b48095a74
SHA1 58bda53adff78fde0adcd39bbd18269715c21387
SHA256 b7cc71bd9e048dc1cd5dce092897a293c835e668aec4139896e73ca71541b634
SHA512 3b8773a578bb41c95c24f8db06deb467efdc9ace0ebb7871413ae1273b0c5684e9df75ed3b8c949a4571c46a82b92ae5cf8ee405d48750262cbdb37523f8bf68

C:\Program Files\7-Zip\Lang\ar.txt.tmp

MD5 7647107e3aed5b43b6328120e06d7858
SHA1 46d754b3a927862ddb9fcad2a4be04479f481e1f
SHA256 10cadffa4ee4cbd4447e81bc40a25ca5b23128f9377466eab36dea503fd7902c
SHA512 c9f7f2407384a4b7b40dae132c89894157918dbe9c73398702e1613b6e75b225f0dbe2cb0f227833c14c273b386e8770c2c94b20e613a88ae62c3b510c62da62

C:\Program Files\7-Zip\Lang\ast.txt.tmp

MD5 00fe745ee083ede76ceac701018c057c
SHA1 b7ce0838146e2dc5ac6435bcc3a6880194600be4
SHA256 9a5dfa413ee191666d55953b55c3f28c85d8c22b8744be55e85f0705e37531ee
SHA512 98e9e7271a6ec99acc2876cc12122a7a8a3d59c36b0f6ee2aa37febbcc2a6b394c680c7aca8105b0b5a2f067e3dfa76a159971e351dc89dd928450f374af8f90

C:\Program Files\7-Zip\Lang\az.txt.tmp

MD5 902132f4495e2467df694954350029f2
SHA1 ea6b6add4ffe28d15aa2583ba2de14e50c40caaf
SHA256 f76600024739b85c57776f78be49eacbd97b60975f66fd6106a7ed3bde8afa65
SHA512 419b7b52c6f6d82a4149d3fc8c56a9f297150171adeebaa8724d1bca57e6d822383f1103737e6cb50a16eab8beb2f19e229fc1e23e31946cc98be6bf62f6dfd8

C:\Program Files\7-Zip\Lang\be.txt.tmp

MD5 b4dcded91c88f4466e5b4ed84eb29b17
SHA1 150a8bfcef51c650317fb7270d8b887598de95ea
SHA256 b5b1119c780aba19d8b1088cba6aab4d421e1bd02cc2a898981aa05bdaf9f0c3
SHA512 6f58e9003041ea7a9c2105a3b76d3bfa047ff2d68fbc1f809bb1680d987a15ea4d8b48815a7be4d92a87d863692518156dc653ea78b5ea8dc718e57a95114abc

C:\Program Files\7-Zip\Lang\bg.txt.tmp

MD5 8aa2d849c00a6893e0172b00bae6b8ed
SHA1 e7b97bf4074dc4bbb312c735a1ad6871a41f6af4
SHA256 30e1cc0ec313a8457cc440e4023982afd6f17c583e95e0f2e705ad36d36f0e23
SHA512 b280138686e3301eb489fe5fca36e247c30cdd5bdbf612a1c8ffd1a17f401231988c880311eb6fde021565daa12623312ca2b5de7b1d0bd2fdc28149590ce06e

C:\Program Files\7-Zip\Lang\br.txt.tmp

MD5 9ce9e77dd1f3b7a2a630b83e64a11207
SHA1 6c5c18a22947c5543c5f969d9ff6033230bfafd8
SHA256 ea76581f738a646ad8c5171009772825c920f8356e307198c9e107ad9bb29905
SHA512 89d7f4be4a9760b707251c89e2678785b4f888df0a78891614af7216407411a2a2455f089d6fb1dc6c68b89b22c45d3c3fb2785db735a9a1b15675931198f11a

C:\Program Files\7-Zip\Lang\bn.txt.tmp

MD5 bc84885a4357a50433952dd7691b4140
SHA1 8f9ef935f71596309da1b2a963770d04f66a883c
SHA256 309d73051c4c805135195f4b692c805c417c6d9cca782cb275d0faa2442b849a
SHA512 9d4e66759f6a18b9af79facba2454f98e13bae1cd25dcbf05c53f3df8bb80969041989d968919415c748a8ed2edcca45ef7e0763bf9a5954c39281150ffd277f

C:\Program Files\7-Zip\Lang\ca.txt.tmp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Program Files\7-Zip\Lang\cs.txt.tmp

MD5 0be2e7262b0b988ac62d89a1e94943b7
SHA1 681446220da91ff6e991af04310891e51dd7ef8c
SHA256 6ac2e2d100511b8d0b42c94118c4d9a19637c456a29555234083d1f026c9d577
SHA512 6b16c8637e738c072158b6bdecfabff7559de4ae2ce9dad6d3d0eece0f43383817224c2709fe7d9d504d06955f4d452f41619d4a2e623ce9923c0d1e3af2710b

C:\Program Files\7-Zip\Lang\da.txt.tmp

MD5 699a75a5ec65d14de7e91414554120c3
SHA1 0c0db6b2e80fba6c90d227515c5b8c43a56c3a67
SHA256 e7da3e847c186a269edbeec04baedd1c0bd9aab0f1858fb3e3619a4566303404
SHA512 fb01bec94e6d4f7b51ecb79a47f4e5575fe44ce66936d30f2fe4b3545685aac68cf9139d2c8373edfc0335d90bd99a7225ae76cc709dd68950670e182eb778c2

C:\Program Files\7-Zip\Lang\de.txt.tmp

MD5 2a3fbefb975f8465d1887f02d8bd410d
SHA1 0e21238caed9391b1298a2e526936fa16ccb741e
SHA256 6cd1b8516cf82b54164b03e5740cd1b0d7daabaf97b5074cd82c3dc1d6074607
SHA512 34a8810e50841345242d08340f05ca96a86ab3d3fb60bfd35c1fd36e4ce759f971fb5116601335d218d3659b84dd10f99ea9835eee04ce350aa18982b50b92c3

C:\Program Files\7-Zip\Lang\es.txt.tmp

MD5 7f4c841fdc7cb09dfe922bdf8bb63012
SHA1 bcce2364ddc9dcfb20c129ef8a64e32e4b164a18
SHA256 24c41a8486e51372efd0a9c8078374efbdd2954b977eae89b7cb199f8d7d464d
SHA512 c63b8e7e443a86364523ca5b99403c43f08de9d0ff74ce08e4ad0005407342bea4c2670042699e5cd8c6bd5e87883fa665bb7707bdb6918e37ad9a3c9cd95c1b

C:\Program Files\7-Zip\Lang\et.txt.tmp

MD5 955477af31ed7f866fb81d17a0c5016c
SHA1 cd030f6a0e158ddf9564dccd72ce319fdccc7bf5
SHA256 3a3617bdfb53f65b21a1306ed23b2b02881a04483c22b1801ddbd146aab1ec48
SHA512 152b0d2e2f58d53f1ead041d1530a2d19d9d071e477459186a4efc24ea1defc4ab31ad8d2534d63b3e8b03b2f5d9105746851653b90634fb8ab370bdf84312e3

C:\Program Files\7-Zip\Lang\eu.txt.tmp

MD5 daf7d5b9e5e3e8167161ad7464139629
SHA1 b9015ec1470f2da4bcf3722f2428ece96e3bbffe
SHA256 b1adc45d75125fa3dd2f1a378664e5228a97b7952735071eeb8b145ef9d622fb
SHA512 dc602b020faafc866d9a6b67985fccc8524839aed24c7a26e52280bedcfc4f1306eee1527d807f3356ec215c6cfd838887879e6a92a35920fa39a97c5c58ed86

C:\Program Files\7-Zip\Lang\fa.txt.tmp

MD5 41fa1e3a9d62ea495cae5fc03f3222fa
SHA1 764d46b5ba7436125dc5185710b577397ca7b02e
SHA256 3a49552a9d23ce081fbeac912790286b4b6e7ffde2a645d819fa786a45a20dfa
SHA512 ec7017a5e6701329b531ecd147ac0636a81d877a5dc155b5728f033478f235c692459e30ece03ccfd8ac3f3e57852bad9b409a85e07d4e2661edc37c0afeb2bc

C:\Program Files\7-Zip\Lang\fur.txt.tmp

MD5 885bb332af1998a6cc43cf69927f088a
SHA1 72475ee52e33d45f337e22fd815b844c67e5117e
SHA256 c3261d6e853f1c3b6060d7a88c66b8c6e8c3c71dc2beacb04c1ac17b0c13aaab
SHA512 9fa1258a566cfa3433b6a0ffe7d0d9a230f48c973dc64edf6bd67c850c552366e63607ae04034b5158bb78c1c1d1389fb2ecb5721882029a27d5d50fbbdc86a8

C:\Program Files\7-Zip\Lang\fur.txt.tmp

MD5 d5e63277b84400b05b1d61a83f33adf9
SHA1 c654112fdfb12939121d30855e157f4f8156c109
SHA256 345c3f08fff168f0b6b452a9c327da0ebb5f65076a43d330a659411e1d7809b1
SHA512 05375f02b029b0a5ccca8686123920077f50509573f78748e75e6e0e551f9a181e7fc7e4fd05694350878f2ce5ae2b3263d1eb22105aeeeefd553f70f61a68dd

C:\Program Files\7-Zip\Lang\fy.txt.tmp

MD5 cfdd1762563903d1b60ef6e52c6b6ee4
SHA1 d2481c5f4bde8fe3f54ec8f9d375126b0fdbbe68
SHA256 efaf3468d0140d1657a2dfe0e5ba1c08877073b22f58b29ad2907051abb8b068
SHA512 62c8d43fa60aa745904a906c1375e5111cc12f36e78cf21777b00f9bc24e469bcd48f1079f61b2a13d7256db5ea0558d1ae4692847d9db5ae15fbea93340ec4a

C:\Program Files\7-Zip\Lang\gl.txt.tmp

MD5 185246ba0118b8c491e0a8eacb026d7f
SHA1 6705ce76603f933ac6fce444dbcc43829f5f02e9
SHA256 2d4040860419a4c3acacb58311c5b2e759c0fc8c63f71a34b0e4305d355a77b2
SHA512 d1b03a4c8e99151be19d0ddbe26f389e20c60c553a19608f4bd6f13e4d493981e62b0431b642d4dd15b168153ffcb4b9c0080bf7d91fc5880ba00457eabede74

C:\Program Files\7-Zip\Lang\ga.txt.tmp

MD5 e482bfc4a6677d4c305cc94ed90e2165
SHA1 4d44ba121b708da63e3ee8b7126e90b97c9a3c6e
SHA256 b30c1937bb9982cd4f6d4086f251f562fd23276bbbf2b15400c6eda5a09fcd2b
SHA512 8be4cc8ada088bb454ca65e23919fbb6a205f4988bfaa8e7b85261b44e72d0c55e1a53e0d314e459f830d2600daf56a1df2a58dfeb4bcda9d5a121e0fe8ec547

C:\Program Files\7-Zip\Lang\gu.txt.tmp

MD5 a6d3d07a28ed9217700a85d8135737e9
SHA1 0f2f049e489e7ce69ecd7e2c1887d59ede83e2d5
SHA256 bd2f916b260f941bafe832d21ee9649f4d92bf35e0b23467d5c350ba4d9db8e6
SHA512 f4460644505df17204b5f894323ef42bd4beddbb60c4568813b2e98ed96dbdcacfe276557ca889d0939f98c36a6b0a2fb19406af0e4a98514e0dbe24075af21e

C:\Program Files\7-Zip\Lang\hr.txt.tmp

MD5 3d3069134ad1a3be6ac39dc859d7a802
SHA1 22ade7a68b9883e0be86c1a25753851768774587
SHA256 20bad84a16c2dd5df6e920b430a8b86c8429f6f567796c0d60f4674fcedec8d3
SHA512 4c8331da0ed4cd9af220f7f24bfdb573dce24dcf1d5d32767ffc7282bbc898c274843fe42fe70e28623d3042a88eba8eb5d0e65a8bf7a9d9f38fb73425c8c6a4

C:\Program Files\7-Zip\Lang\hu.txt.tmp

MD5 24bfc1780e823fd4386fd1428a8d99cc
SHA1 0b3f1348510938ce2201c6de8f4a17433eea2b9f
SHA256 361d4e8dca3f880dc24d3b76f643a0893ddc820e7853810ca1a648dcfff6bc2c
SHA512 c4b5ad26c4fa524784b7d65fb11f47f6185b3943b422c678893b5fd123b8d141909d617b423f6bf0f9d416bcc377ccf7c851c6ff72a054f07e99e73e9fc02d74

C:\Program Files\7-Zip\Lang\hi.txt.tmp

MD5 6530eb9d381852fe2385614de781700d
SHA1 1b282e05a98935207c81e84524d64d6b15b6a3b6
SHA256 27594f6b469a128937276278910cc32bbc4d955a856414ff1c0cbe7542aabbcf
SHA512 baa4162e8592c9bab22eb6270f764894933ca1fdbe0f124805623ff187c3aa37e3d6195f0c129b9112c1d97334e8d934d32d7b7bb7040575014bf8c7c84b13cf

C:\Program Files\7-Zip\Lang\hy.txt.tmp

MD5 3701e956873da071c19b5a880042e942
SHA1 990463ccd1136ba3589d75e2ef5fc60985d4fad8
SHA256 f14102f1563ed945b3ffe03990027a913cfe9d5e80120c79bfebec687879d297
SHA512 02ec6498b609e316157754b5774c656d98cceb1c03458e3bcab9baf5279ac390a181ae1eeb70c69a054fd1dc64c8441e15a11790940c079be05f6a998aed0612

C:\Program Files\7-Zip\Lang\id.txt.tmp

MD5 4d833baf260a73de6a57c3d905031487
SHA1 c8eef9d0ea56ee5b1599eb0594c0bfbcf2b6dd25
SHA256 38d1a5e5d760cba6284369064dd92da491e7821aab645b1507fa3eba5fd96325
SHA512 447e98efd670cb9e37607e81f09ff0373a63d9c7dfc86711e421ec015fb663ff1af0fbe7b155e884f6e987fac348dc01a35445a80d8e09329e41277c19f9b5be

C:\Program Files\7-Zip\Lang\is.txt.tmp

MD5 fa4950e5d212185a552a6f5304dc0ba9
SHA1 40e52788db883731b3e78a5702a67584509df11c
SHA256 30041ee502024300be6e53baecf1a9fc2ae12327b77e3ce46a012eca8e94c8e9
SHA512 fd0aa9b76b50c436913b42eee491f59011df1d4a909510f987b17f41ffa7c2aa4909dfe4df0ccf5d237f415d93ccbbaf68bdefc8d994b72b75615ba8c380415f

C:\Program Files\7-Zip\Lang\ja.txt.tmp

MD5 05287b7ae7814b8d6086e2342f9bd851
SHA1 20b3abd07358c66b54477c0ab41e8db9e1d97f7f
SHA256 acdc0ab8e3dbe60d5d31db376339af3c69a645def086ba172d13f4a8c46b9ea6
SHA512 dae631f279fc88776c453fafd4ab4a89b00422b1dccd63cd1cedca9347b5f238b0ce75e34acdf978ff2ae3956e0abbc395bd9d5bef80ad9de1cb036819d87b8a

C:\Program Files\7-Zip\Lang\ka.txt.tmp

MD5 c2f525ac5e20ee58061c656ff5c491cd
SHA1 166b9510805296e54df1a318505a1cf18ce0e054
SHA256 a826706ce793513e6bfcc9bc740a57786d0344a65b7b31868d7f979552ab4a92
SHA512 1eda751227281630620d7ba526185205d522aac9d88843e71f1e64852ba6621a30e14931092801a45f92b5699f655715fd86eadcdec81a18f78765ff759d4f7a

C:\Program Files\7-Zip\Lang\kab.txt.tmp

MD5 79bf7468077e4849d3d388678abf1d84
SHA1 f8848274efd5e2dc05ce040fcf987015a1453cf6
SHA256 ff6b81c84b49f84fed1189bc649e3d4140a25605970096a0144927729a00fae2
SHA512 7f43447aad0c22dcd6c22a972a7ca60c9de07c9161f41bb2d96d85f7c9c3fb4f13d394b3d6055d65df0711c1660bbb0c7c5e1f941b4950f2f90305e624b739d8

C:\Program Files\7-Zip\Lang\kk.txt.tmp

MD5 4e53ec8e0854346e1809c21a735780c2
SHA1 25f378383280bf74ffea43b3ecb22522013b1961
SHA256 fb93f5d32e011e2f1fb633305732dfc49cfff65a863ededa892a40b10013da48
SHA512 651eb112e6ccbc3344a785baa31384407d7033e231e4d0797e3569e241610d8e68e80bd7dd13af6b213dce030b8d1269a2e79d1330a90bc94be9b7842f3976f9

C:\Program Files\7-Zip\Lang\ku.txt.tmp

MD5 cf4141aae529dfbd5f609f9a07173e3d
SHA1 04140b5d729368f88935e300f3a84829b9fab37a
SHA256 e04ff4de6fd9396b2cd1405d0b77bdba52b7fffcf94e1242a6a062bc4d4f6243
SHA512 4542570358a408e54d164fb420b0eec631ae5edea86cf7466e2d422839c28bfe2412754efb4e7e69a767cd320c2e87d9f4afd8de5998623f389763ca69edaa57

C:\Program Files\7-Zip\Lang\ky.txt.tmp

MD5 b70f74d2397c2f228833a5bbc650a120
SHA1 b5377135331b057f296ca319d24522049694d5c4
SHA256 ee83059f5446cf64f5e559154402754e2d5b5ff978e445d9d4e68acbdfcfcb08
SHA512 aecce9f21a5e71c4f5a8de255d8c958ffb84e8028817136c1763d86b156720a39791440484fbc927bc5e32ebe1eeffac0286da751bfc688a4defb81c667714ea

C:\Program Files\7-Zip\Lang\lv.txt.tmp

MD5 415c9b6b54b7ccc38fc5163f2c8680fd
SHA1 ffaf90a23078d3739c75ea9ab47d92faa2797c64
SHA256 d20485f2ce26cf2f0f3df2830e32df60a9e682a6fda41e93b0cd691301ac6a24
SHA512 43076bf599f661ed5d5b413eefcad7634efcac7857c9f37274dfc2b2a2ad6c8c59f5a54c43fb3dccf9a4353768906a967578244466f7aee982005af300ebef56

C:\Program Files\7-Zip\Lang\mk.txt.tmp

MD5 698f046f2afd63cfbfb9e67859cef2fe
SHA1 ce4a5994fb64975106d2ea30106c7f481ed73247
SHA256 998240433b01ffacfed335056cc15adf7af95a78f481519705164e907cd22dad
SHA512 2dcc7cddd6b2633cdfbb8beeb34cc3e57725dca10b79e9f0e29c5637d6f328d91f1845805cd63836b63af0d579e7753dac238a7ef44e84244106944e0e4565ae

C:\Program Files\7-Zip\Lang\mn.txt.tmp

MD5 69079e545760e996f72c1dfbb222ce83
SHA1 6fba491c656ebd11d7f118dcaf8d5590de7ebc0a
SHA256 23cdb471ca5eca8b4a63d06e033835b9f6698eac0d39db22f0f07e7399f02963
SHA512 22ac45724174a99b047d0c2d7b0d311bbcc24e336dbd05f79aa4834a8b80040553df884267f68a994968d9f0effb78ddd4ee3036b773c2c2f561fb8fd7b08940

C:\Program Files\7-Zip\Lang\mng2.txt.tmp

MD5 5b8fb620b770c7f3ba88f0d5d4812b37
SHA1 80df88e195f4031a300fc1afaf08b94713098cad
SHA256 b0825f1fc2c4057f069730f82fec7c39374e8f9843d343d107a9a11e78a2b90f
SHA512 66b4554cd718ba839b76ab1e66e9913f0b1f874812d8ea01dc1a1f39b0c5186a32992ea639b71bc5e2f67716195b33139bc8d177454d1a2f5f5b614167089ff6

C:\Program Files\7-Zip\Lang\nb.txt.tmp

MD5 bae99251bf14a0aaca40e56bc34be283
SHA1 e97bad45ca233c89a6a698736a84aad200e9f592
SHA256 f5c14e7855bf375707660aa0555a57361cbb4452d02b1fdb6ef3eb3ba4354caa
SHA512 b4f4f020cf0d2209cbb7f45b499b472b63ed1134afa51fae088bd390c4cdd88bfffbc52d1b0bf5aea474247b2f6328bce166579e9284e664f4ad7e279015879b

C:\Program Files\7-Zip\Lang\ne.txt.tmp

MD5 3dc6f03742346a661a5673f8d90cb038
SHA1 ca14bc6c9de9efee58a5951bdea7c1c47c1c92b8
SHA256 39849c46578c6601512a1b54246204d8e135f08afa070e0fb137e37c51bfd4c3
SHA512 ea486ed2635794b668302dcb73363071f6db1c00400447a722cd082d5a5430785888108fe8bcc616936be98d2662ba566ec50163be3092a7518eb7d9dda81395

C:\Program Files\7-Zip\Lang\nl.txt.tmp

MD5 4077ae201f38e9166cb1743c11b014a5
SHA1 0b38381d1b713b7df303d5281a03a2f8a103a506
SHA256 85c63fbadffcd0b393850b41c5370ce6c13326e8d6325d2f8d38adea3ce3b916
SHA512 8b5f930ef244b23425e08539502fcb240f5aad68686ab4f7442b484197ca01a440739a7c0969db33755edad052649630c56c5ae1e497cab65e41f42d2c49e569

C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

MD5 d6ebded45ad04f4d83b23691b5fa9288
SHA1 afeaf486aebc66171cf628a5189bebbaea9cf45b
SHA256 c812afb92cf07da3c6cc69005609b097c70f50c5ef892201f9eddaea392d61ce
SHA512 8b2665ff2fa735a30254fa64aed53123b90b78f51c50306ad0ddb16380f6091a099c863d8e3a1ae228d393de03f190becd117791d2ee3604fbf345c38e156826

C:\Program Files\7-Zip\Lang\pl.txt.tmp

MD5 b5fe0c07cefacfe438a3d748d4faccc6
SHA1 38450b7fcab56320fcbafc33c79a45cd69835591
SHA256 f41e9f59e2c83d9e8eb49083b89710834575c99585d198efa7bb5649403f9913
SHA512 b38159d30d1fcc99bcc1065519158e551b1a988e0aba290af95665e192fff344c471ca1f18976e7a7ad427dd199eb0fa6e1e18384be62a8184dd6eb57d192374

C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ul-oob.xrm-ms.tmp

MD5 81e077fd3cc53102adfb38c9575c40f9
SHA1 d817449be554a7196f8dfac53693ef26e6ec2331
SHA256 66d834db058570b65c52f9ec4955e90e45e2fc56d8b27fc9d1cf873594a4bbd2
SHA512 e51fe60d4c728ba6fe0ae8afedbeb1d1af8e808fb1ead409ec25d087dcad9e6c77d4a78d4137366b6f21fd9e9b721f98eef0860a1e88d8acc41af3ed0eb87a04