Malware Analysis Report

2025-01-03 08:25

Sample ID 240617-e795dsvbrg
Target 4998a3c207660a594996fcc3cc8b1150_NeikiAnalytics.exe
SHA256 8857ebdff2cfac501c4eaf1be5b4bf855c2f1876e36f3c2945738d247541b0de
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

8857ebdff2cfac501c4eaf1be5b4bf855c2f1876e36f3c2945738d247541b0de

Threat Level: Likely malicious

The file 4998a3c207660a594996fcc3cc8b1150_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3508) files with added filename extension

Renames multiple (5050) files with added filename extension

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Drops file in Program Files directory

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 04:36

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 04:36

Reported

2024-06-17 04:38

Platform

win7-20240221-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4998a3c207660a594996fcc3cc8b1150_NeikiAnalytics.exe"

Signatures

Renames multiple (3508) files with added filename extension

ransomware

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
N/A N/A C:\Windows\SysWOW64\Zombie.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\4998a3c207660a594996fcc3cc8b1150_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\4998a3c207660a594996fcc3cc8b1150_NeikiAnalytics.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\bod_r.TTF.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Maldives.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Yellowknife.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File created C:\Program Files\Java\jre7\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File created C:\Program Files\Windows Media Player\wmpnscfg.exe.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Eucla.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\LightBlueRectangle.PNG.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\appletrailers.luac.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_preferencestyle.css.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Manaus.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Matamoros.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\SystemV\MST7.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfxrt.jar.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\cmm\PYCC.pf.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jre7\lib\plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.cpl.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.zh_CN_5.5.0.165303.jar.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins_1.1.200.v20131119-0908.jar.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-views.xml.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\Windows Media Player\setup_wm.exe.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libkate_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File created C:\Program Files\Internet Explorer\en-US\F12Resources.dll.mui.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Denver.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7Handle.png.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libcompressor_plugin.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-threaddump.xml.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Indiana\Tell_City.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ta.txt.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-uihandler.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\4998a3c207660a594996fcc3cc8b1150_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\4998a3c207660a594996fcc3cc8b1150_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\_.arguments.exe

"_.arguments.exe"

C:\Windows\SysWOW64\Zombie.exe

"C:\Windows\system32\Zombie.exe"

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\_.arguments.exe

MD5 3b6f13c67a2434cf25ec1e688a9b03a6
SHA1 eb71811b7c498010260e014c6cc23a3a7e6912e8
SHA256 3c065dd13e141e9b65c98e590d4e40a36955c5e2dbc149e17e99d6114ff21d0c
SHA512 d3a46040f2c1adb1b5bfaef0139f384b563600c2184baeb23e7a39d56cfd3eb25c0b95d79caf55a85ce2249ae357f89f9d88103f74b0d446872b350fc025263d

\Windows\SysWOW64\Zombie.exe

MD5 21ae9849890d62c7a72918ca6ee20683
SHA1 01a66bda34b952a46c01aaa5a950e3ae31c4b7c8
SHA256 3d065a242f094ac6ccac115b2abe8c7079d459b17cb5f03d4e01294fb4711c1a
SHA512 74a713c716a808765e172c526ed7cc261e1d656cc090c81953df826578fe177c80aed4446da585e0e728327961ec4b389e1d84a4e89e9398a413d90356aa6ce9

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 6c14308c7815a4b41fa4c20141b717cf
SHA1 304824c1868031aa7cf41d4177ae9c67563e8f12
SHA256 38597fc84dc0feba19cc7894fabfdcfac74074c5bffd5bc4600a40e3469be21a
SHA512 0892673c703dc09af164a36f16c1694787513704cd1bd256536c9f77a2a6894dde472e211a127c1aefed20681c5db685e466a0534609e48aa15b4bb74611c85d

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.exe.tmp

MD5 6832ee177a54bbd1d71e7e9a50ca4ac6
SHA1 5d8d295810d4e8471350a959dc211a041fa28123
SHA256 d219aa3418fe8cc6528632497b82eade01a025461c2353b23e63ce3d34f217ff
SHA512 3e78c634cd4272632b5d0b48016dd8ad56b557c5fae5aa9a363269295337b548354483eff28d43a83229260ff3e13a5fb3f976b559bfeef972542648cc470f6c

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.msi.tmp

MD5 d4b3565338d39d6666a1c41d3b1360b2
SHA1 6065621c72f244039039d44c120d9ce403028a20
SHA256 9e4045ad044694e73e2c25c5ae5141207fdd7cce6d559e6d42c5095f75f33c34
SHA512 f2a9827ebe3e98d5a9dc8f4e5c48ad0578843648c5fe2ebf86e66709dd4a7bc92af11cc2fc790f596d9ba091c7677accddf2754a9ac3573c88bd373e2900c125

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe

MD5 e01080b54a5e836c1fb20bb3d0d8aca5
SHA1 558607ea2c5754ca27143282a8ec60440ef9da6e
SHA256 ae39a5eedba4b10dfeba2e4b9ca37802a779810b32becf8b4c956bf1c839db13
SHA512 bd044583a6458b53114577a533681d37ddd58e092457311d77f6617b53997c8552cd96c275a9466cc1ebb52c152ab4b9664e0803b15e1d0a149c00f7f6f49959

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll.tmp

MD5 ad610eec0ec7ae209b70e0161bec9153
SHA1 6a94672304724861b83693a783df682c9d0234c9
SHA256 6ad0905c715d18b4f8ecc2d8bcb8a3794911e5b2d89f2e20f83fbfc3d4c6aa0d
SHA512 18c7cffd8611a3c99588cfa0e9d64b545c4cfd8d85972572bfd617c7846bcdb6541ba026578be1205011f0591a86897bcbd82a0e336c6bc0ddf099a408e09fef

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab.tmp

MD5 cc80381385992a95ba054db03fbdb119
SHA1 eb4fa2f1bc6c7b238f31b0fbdfa829e16314564e
SHA256 6a7829704a7dc6b7fc45776fc15a16959e6bf6852acf9d90769d0cdd43afee48
SHA512 5fe647a4546a2b955a18852675e4ef557a1d3a7035af97b001a12116ea3862f52fd303234df2aefd30ae48f6c13cbd6bc196ede019414ee22de19e6a23ed3046

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.tmp

MD5 7902f0062b94d4e66e22a0eabe69bfef
SHA1 71748687046ea9fc3f8d70ae96e730b159a208c9
SHA256 8a287d35ce1136d7776a750d820b91c226404fc8bb9c52baf97956cdd0955e7b
SHA512 17c05530283124c3c6f4d26f671ed55bc04e917038ee7e6854848cc33ec62d0af752eb81ed26600f1104d8c52a6912b42e04cf68974d69f8da858b50c60955db

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.msi.tmp

MD5 f6a2816df01b507fcc6552ebd57e4a6e
SHA1 96ae6ae648d715a47e62bdfe86a00204be10f89a
SHA256 2446601a6faa3ec77e7867de5baa6e26c6099bde1ee0699f5d448011a140e556
SHA512 5851c9910422a68f0f0d102076a22c5b9ca80a42c6553cafa035ffe9a308d85ce969a41473092de0c5a9685745aa3a58c6b5062003c80660c2161928d68f5ec9

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe.tmp

MD5 d10c97747ddb823c5940600ae59a2444
SHA1 4d6aa4b170243bfbc7f1dd77f77f3860ca36dd87
SHA256 504e6a25d14f44aa9b528fcdb1ceffbecb84d28524665480689e14dd987250a8
SHA512 b7c88c34bedb17b870c4eeb57e93401e318510131af15a826fe0458c2d1a9cbcb20d8b43b8fc04c7bdab91e051553320e7b3d6009c5aed09e4e7c62907844665

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Setup.xml.tmp

MD5 8132a564270bd60e78369022497d1bb6
SHA1 a7636892f0d978ac31938f87934c3c69f016d92c
SHA256 3ad97d1a916a8b7c61158a47fcc0233a45b603052beb3238a9855310301d9a09
SHA512 6aa621ee283237492d4719267b2f09af0cb6488ed1b38500c8cff896d124742218c5be2a24b01d782f1f83b4dc55e408de33915454618a562e3107d751f32fd6

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab.tmp

MD5 8839148f645c4f83397bb5c2597e8735
SHA1 19898c435b7d35728e9467ac1a1995de66faf3df
SHA256 9fa3d4ab6ae9558020b744160da246c28b08ee69bf43cde3503a6914cad373ed
SHA512 40b995dded5c2108492bc174061df0c1c8edff8522dec495c7368357d5b72a88197cb8312004c0af9d9ded4cd1398411da017b46f4e3f42053567201d22adcf1

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.msi.tmp

MD5 984eab2b6ef978165b532ed12e596eb1
SHA1 c3ec92fc5f71195ef308a29288808723f6a1190e
SHA256 5980c681ad37df7426cd39bf944ef63ae022bae4632fbedacab15a31e10329a7
SHA512 047a482ff1573a2e02585b7753395bb298c192741f5196f188cd929f856dfd14b928f21b8de54f5346fac729611dbbe56db9e72886b8ffe8092595e3bcc91227

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.msi.tmp

MD5 a528e95db2863e4f1d14e9ad78c683ca
SHA1 4386aae720456d0631dab7fc920583c1bcb52cc0
SHA256 2538894de355059fb41d202629d61b621744ef38f8c2877a04a4cc5a402a342b
SHA512 ec1bf6913a994946c0f4c87b8009985a228edd8292801e4a2abb4af4404d9e91951925d6a5b1efd3fa826f9ea7cc256ed1fec706249e46431796369b198d4e18

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.msi.tmp

MD5 cc3acbc29d77f94f8717c78198408a66
SHA1 88b460aed55d03dafdab715ed5406d3014050803
SHA256 04493b6327a9c27d86c05ae99efd47efb8cc6d8e87a3c7dd2e6dcdaed9931971
SHA512 d25533d14f44964e2fbb34a0b01341fda6d79406ccdfa9f525f8a751a7b9485f2e0724367e455f7d959059d4309228f89a56f1ad8ec9f1622e3b830908aec153

C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.xml.tmp

MD5 a561f8795927fc9bc37023503c0369f8
SHA1 1dd8d146d258f07880c2e99e88ddc02ead3404ba
SHA256 d05e51622d09e0e980c4bd0bbf7886dd57bce282854483e4fcba7286c2de11c7
SHA512 4c68450531ad03a11cc6d9f9b96da1c0aa54cb78feb26750b998475bb72051d5b6a49b95f8f1fecee2d3c8845114373a90f9e3d6c36468354ec34022e3d2001d

C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab.tmp

MD5 82ff3aafaebf701a4ce8a3adfdd9a69a
SHA1 459e4e7018729c2cbeeead3f9adfb70ade4d72e3
SHA256 3edd2f96e6e4f57955c7f83eb33801f15fa35e142195ebd3a83a0f09b802f2d8
SHA512 3890b29567113ffcc7ffa5ece4dd6146b5c2052922daad6622f8db389ad327006849895b016e15ff10bbe8e2dc8aac5accbfe816dc3d2514825e9bc9c9b2b78d

C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab.tmp

MD5 b3923ad328ed9b7ed054c19db3de2953
SHA1 5d3bd5d53970b12e236af3614b49e485d95248dd
SHA256 d58aa2e056a25d566c8b3ebb828972b74bfbe37f5791bd6f0d60cb57f6663519
SHA512 5cdc6a334eccff42737e49398c77d6d2aea71df071b3cd4b8de572b3a2fd3adf9981e223fae2a66cc89d34e2681b47036b8fa0df51c0ccfbec2d18bae7b8d405

C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab.tmp

MD5 eafb08746735d91b5c7bc680d2409102
SHA1 218c1900fbbc99f9df219a37d9132190e10a57f6
SHA256 4b7a6674003f701bf75156f4266c281c63f846a05ab3dfa7f5d07ed277197905
SHA512 8a5ae0eb99a32bc3c3b985fc78fd0da06fbea1c321cf5c656988b66da5915bdd9acaaf1489bb8ae361619f661cacdddd583a742c7fcfd1a23f1e5130d4db7263

C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlookMUI.msi.tmp

MD5 674a0f8f92bb8b26740d2d7f361af760
SHA1 297451b43bcea26d008014aeb819e718de4f431c
SHA256 9ef6798423be1d788da69481492e6d23880962ad090d4b5e74255a0076a1d01f
SHA512 cc0dd90d2fbbb36e50fdcd0d7e807ce25c1f33314996a65d42245c365464b266ef2cb644240e9a3212f74bb0ca2359daae2fed3fd4684ea6497a4dd4bd6d8157

C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\Setup.xml.exe

MD5 2c827c53d32335bbfbb64642c749aaad
SHA1 f2a667d226e880333b9931599b1e342e1770e069
SHA256 423f4288408a95b40dd431dd824581f76d5a3e815f2da9925e4875e7fb400df5
SHA512 24fa233f0cef0b2b030681868d47aba577d3ff2821c4e18b66b9471ab1ca15cd89d5e8d134ffa8a43823278c39b7d1e84944c158686d6f9f459d9892d34fa92a

C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordMUI.msi.tmp

MD5 cb26e5ac6c2be8cc6522ea1378796f8a
SHA1 5647327710810840ca4e3b7beba79541da80691e
SHA256 f9b80f72ceec1f3681559c461b97b633aac9e00629a9bfa007231c1a7389d8e0
SHA512 695e6694f4bc2b37683257a390ba10d3cfe276658826758a153d1916fae14342ffc6a57be45f7d3f273c8b9006b87e105d4a9bc399b93523e6bfc9627bc84922

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.cab.tmp

MD5 6d2f860aac270ea4ff9317d4a5c09454
SHA1 24a32ef3b8cf0e3fb2aba36a7f649eca71156567
SHA256 96ee713b3efd2319ec5732fc50b1891a6a3e19065ecc306c6db7fdecc974f53d
SHA512 a761138f81adbe22332861d095525c4f90b5f9c16bbbeaafebcb0b4a8e7f195565de10dba93717144437fab79f0132dbbc054c3ff274f3bb24f785d6d108119f

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.msi.tmp

MD5 9e6d41b6f4cf4f28b5167a7c00353250
SHA1 f5070b44967c79989dae5c07f6ce97df77fc8177
SHA256 69a13d8820a1a60eef9a120f7bdb489d19c7546abb59eb5904c748afa9b5998c
SHA512 5109769e581744e856c6c610b03c7bde3f2ca4dc017b075c22232537a3ec0dd8b30336c049593bd7e8de7e6f8f2da82dba0fd40f07c4b5b947e16691413d0378

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.cab.tmp

MD5 9a7f78f6c73a5bcf6e54287bb884caa4
SHA1 b6436a8bbf0b20b70f9512d2a5be16a3f87cf71e
SHA256 a3339dd4159906a1ceaedee4017115132cd7c2a9dc00c9ecdc3638ae188e05eb
SHA512 df27e257a18c79cee3199b8501331185ff9d761a8da55a0cd0f295c4d3b05d1469820d3ac1bb218521e9f6bb6a4f1078a42ab5b6135154c9e562702693f9cbf1

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.cab.tmp

MD5 2decdf67ab1f5215ceb8b81239787782
SHA1 03e2eea39c265a908b641145dd16a1ca97487572
SHA256 4098e3c1488e3b01d4da02278ed6f4aca53fc9a6d85146f448309d64793a8ec9
SHA512 a95df3623c25be4ae778b3c257c90c8d19985c52d707b71c1a06806574f9b6534bcf47a031b6785e278297ccf3f3f7483da471c7702aa4fb16aed72d1084b188

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.cab.tmp

MD5 4f43dfbef2c9956879d027723f791198
SHA1 6d1f22cd1131dac699d3e6e7c1461a213900679e
SHA256 c7521293c737a25551fa94be8ebca8c4af3abcc6dc1b62f936f02a908c7746f8
SHA512 d3e617bff6a6dd4cf3389a7b7bc29181a2ecde4d0b575a6490e95aa528e00c76e59735ad8ee95396955c1062181a82d0ddb331e2c435f9357dd7d9fc97fc72cd

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.msi.tmp

MD5 a24c0a7b90a2a4897333712c5f4793f3
SHA1 5fabaa1ddbe4d0088e76497482a01a11ec8383ee
SHA256 bdee99d99a534630f018a2d353854028107b6c91cfd57e935f2e723399f016c2
SHA512 c7ac6eebd47779c0d64b42b399e2f4d49cc605b6dda9d93cef8d35d8bb08e6dce94d3746297e8e3756e6463e72de5be02d312f6978f87e53ff200dfa994d375d

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proofing.msi.tmp

MD5 85824fbd00ee77193ea509589f96e647
SHA1 90f43b78bd80139cb57f248dc3c0d00df1a472e8
SHA256 ef1ad0b433ba3c0966f6e439afc0177455a6038db04ef7e0cf60bfc579dbc1de
SHA512 5a23b9521663b91740a5cfd459931ef94c9152dbcb41d114c2a59cedfc995e6338678b51061b0c937768860312bf094ec188eeef05dd1586ec59171b38ace875

C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfLR.cab.tmp

MD5 06bc315a05cd852a4009e9238108ab56
SHA1 1abd25ed33509e81027b8f27b81eacf96c36a337
SHA256 f97a0f1cb59b7935125ecc80408e508b61e7a9cb18b4133bcda8ba8f73ec2286
SHA512 c79e8002709a5fa0a7e4146b50baf3054ce3f7db341173363ed5dc644fe716018b7df7cc13e52c2f9a1d6280f7b568214323d55fb96b1aa4ef287908949fc906

C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfoPathMUI.msi.tmp

MD5 41c0cbea090d90da9f4be70b0c5287e6
SHA1 ce37437029a1147c053f9bee94143eaaec66cf91
SHA256 2019db63bb51901907b0d0e253b3952cd7631973ec5064c3d4d85097928bf5ab
SHA512 054847eba58aac853cf1b33c141bb268e8c2b3128f598e49059dfad363ac6870dd7cd7f1196192bda37c4dc845c80fa1774a2d9222dde66672d0af8cc61a34fa

C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfoPathMUI.msi.tmp

MD5 f9419749074ca5b553d850819290c0c2
SHA1 b6fe418418a07ddb9176cdbf3664a7f2b3da0880
SHA256 768dc4f376bde45abe2aeef31381b12da0114b7b5bccb1ef938513c226a776ad
SHA512 6f15cefd7ec6576a35554d00ffca3ebd2e9676c1b2c4b13f42fae5831c57300de63118871fdbae95421ff1d7c7e66d87d90677972adf86829ae6c7d0d61eefd6

C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OnoteLR.cab.tmp

MD5 4650e8bedd487f046cf69ac1963e82bf
SHA1 8945f27638d57dc8df52aab1f0667f20970a787d
SHA256 64e2dc866aee3ee2751f3982641535db3329bb7d1390ff5d07da3f09bd919cac
SHA512 c0e2d33668437b114a6c5caf7ab25b39c9bac4c70b23b4bbb6587d3efebbe5ecaac8a9ea1fdae3427a7c76bdc81a7d8b8985c7f8608041ac985ad5832c4ac1f5

C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OneNoteMUI.xml.tmp

MD5 43bc132a04ffff79a1399d01c5db8546
SHA1 63f8e652923d54423011cafe4afe478ef9b34f43
SHA256 146a5d3774f6790f2bcfdc6789498de94d90e058cb1bb3329a4611411d32ce28
SHA512 8b09ccac3754939c51adaad2289922f695d9e0ac1790e5a62c2fc521712c649988d7424b5e4dcacfe6407fc7149a1c9a4018600eddb988bf2d16d5c265e26674

C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OnoteLR.cab.tmp

MD5 038f825f853ac90762902f4dfdc0c5df
SHA1 6ed25aa30f3d3dc96d1a2bddabe3fa72f89327b2
SHA256 a36b6e794a7c70a5aa0d21a4614626af04b1cb677f3fe00c410709208fae12a6
SHA512 bab31c312be0fdb21de1945eb58be1ad34c229d90782715b5e3cc87dc7f85440793195f83e30071e050440b7cf43a9924fc78e2766c6f3f2cef209ad80c13618

C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveLR.cab.tmp

MD5 83678e4a07622dfb44160f041ba565e8
SHA1 d0fe5c9aff575920221f33460f9a7d37505781d8
SHA256 e34a7e07c2a0951788989543d817da6295edc44ee474e034f96018d14f28c497
SHA512 65e9a459aab1406ae4f4b57e6aa3505a60577a153a9a5edede3bc0d4b11a381a624770f11c8f6af94b1896f75576dff5357cce75b96eaa87d37071b6808442ce

C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveMUI.msi.tmp

MD5 97972c7a57e0b556256d3977c1238621
SHA1 ddce0737a9f43471b765900fe2189f5767d39b31
SHA256 062b5cde6ea6bba0086b2d4828d2a98da323db9720f1c803612ac3b24a7799a4
SHA512 20acf0221a27346ac422316966cd59c9b4b2da417cbb201d207a62be6973db243ba4eec313777f06610f547039ccfd788ca34e91e09d77d80d904811f2e0e4be

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\1033\dwintl20.dll.exe

MD5 1c26b2f0553bf595ea28d88e42f35826
SHA1 d6dde88c95e603d86beea28cf737ae92610a8106
SHA256 c356d9402ef5f299fb79598c80355463bc85d9afbf0c549502fd9afa15509748
SHA512 dee6f67d991b5babceb2cea32e9d9de8bdc57b1c0e814c9044d3ec8eaa75c129174286dbd6cd62cac73fcf468b217f7828018c6b1828a02ba2b6c96f6516fdff

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\branding.xml.tmp

MD5 6379132e476f7b2d485c18e2d2794a71
SHA1 629233f9c4abaca971df21002515f6760b10151a
SHA256 66dcf96e054240e0d4c24c8f3d4777ac86146078d2f2cd23345f12fd8be6758f
SHA512 958dd9afb2b5cdc3dcd894be5dac27d0a8569417d3f6351d21a5e3e4ef364700c6e273963f5057c2c2c7a8ed94a3c14774af19ec856753f92f5cee9fab158bb8

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE.tmp

MD5 e14191571ba1a2e50cdcaf303f02f6f7
SHA1 4ee4f532d0ec6313da71c32c1f43abe6b7de9c72
SHA256 6f1140d49ab9983f6c14f4c0f3dbc389bf2c693f7bc54e03136b56e4c50a7190
SHA512 a6c42fcaf1c19959ceb6ea5d99dec84b43451759009e13d9bd629940d79798ed38483e63489af810c4c1ad12c2564fd95eacdc2707470d14d251d72300e68431

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwdcw20.dll.tmp

MD5 8965838eb7f2dad242298920da9d73ea
SHA1 f3b7873c08cd79749488563317fcba8688f3d8ec
SHA256 613c703618a7e727744867d05a11f58f246010d24f51187c58dcbfe44e84da8b
SHA512 f35a09632408d11d1baf8dd15dad4fc7a98fc9f822496224a8bdf2b9579ee92011f868c90635f4f7a21a970800ca70cffe54f85d27223fccfa4bd1d359bfdd0d

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe.tmp

MD5 0fca3b227b118401b4230533c3d6bcec
SHA1 8609bf80be01120b7c17f98d9762d8db2859be20
SHA256 d5e04d95726bd9feab0ccb4a9fb44882ec0c905bf2a04a674948c17a83c6e319
SHA512 5860c417eef31afe377530b13270a6a8a94c6a6d1223a5c479aa2a5c141fefa028483985d9d2132a8b30736f0176762e66eee6048576541db1ef17dcd1fb0b1d

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\msvcr90.dll.tmp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\msvcr90.dll.tmp

MD5 8203a732a2da107f6d725ffa22449347
SHA1 6fc95e4e34d5075adcb93cb66991102fd3ee3c66
SHA256 c581d977adaaa8aeb406097dd14000ffd30732c3a551d314184e191c75217937
SHA512 2ea14848dbea6a8dfedb333d60fc565447c4d4052985a4932e3d0d448cc1e2803a00c3f1630b9f105fed4d4ea5273f8d49331013b4e1da28e209875edd2f7b50

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.msi.tmp

MD5 5e90726e4598f2e22da5d42b67992045
SHA1 f0197bef46cddbd1fb270b33ed1df46e1f4ed64e
SHA256 334301d46e6b20a45d06a256c3bbb036cfa3f38028260b316e38dba538766566
SHA512 68831cbdabb448bd3456d734e9cdf910b7e81949a374f833fdae7aa804c958fd069712497250e5aad18be575347b6948603463bcc004bdad7f34541f98064983

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUISet.xml.tmp

MD5 4ef94aa72e838b84ee0efc6ac015b352
SHA1 798b49416f9b5ec8b774a965f7c8218307a6a059
SHA256 05a49bc69b49ca0ec250beb5192c39be2c2487b9eeeb47bd6cb2ea9c48c911d3
SHA512 a3f445369d03c6de89217bedf3f0e310597f715fed1e987f4c78f5c4d1a5dffe70b12eff308ce1a60a05b5cc3461aa61a42160c387896e71bef8b9c98e9d6bfa

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\osetupui.dll.tmp

MD5 72525d9f983b59f8d87a46bf7d67891b
SHA1 31f577dc38d7e27024882f2e72f39e39d9daeef2
SHA256 4a93fc26d06f29ecc98557f11a5160f6c6e88369b6c9c01bc78a4f5873995399
SHA512 47d7a9a68828fe1b81737c082c7e8dad35124a292d51f7b798234ffdddeb66b817866aa7733a42f7fa3a26624add4b54a55d216f18d2ef4afa2781ce8f2f5049

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\setup.chm.tmp

MD5 abab0ac02968ec07e28a382f7f54d16b
SHA1 b9771773c9e976c343b6e1d9075f821fe0089ac6
SHA256 2c112ba958d77fbeaf0b69214bcbbfbc1b5540685af3c89e02f42260f500dbfe
SHA512 2254af77d2e71ccb9820c19f3e023f8f6b40c56cb89357f6e59df539680a39e92d0241f74b069c7601834f4fc6ffbd62ba371139d9a49f5da5f14020320a47cb

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

MD5 99b589d6a812f8018b0b519cb0333f51
SHA1 bfa431e64a651f6730687f2339da38e7ada181e8
SHA256 99709752759c80d9eb34895c21b615ae11c0589669fce179159aa78c3a03ee7f
SHA512 d98ecd5ab11e82883ef9f5621f94a268c07482c500d68dfb9a59af769d5b56343c55bcc5901872469d63d192667e459a0e808e4c2c299d75c3e1e78796d1c963

C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUI.msi.tmp

MD5 43a85d1656402e6fab4601841816b457
SHA1 0186d05bc134597abb9816bab5beb64da4278998
SHA256 d7187fecaa8c916927d15a12e1a5e26c8e0f5286c29458e5756c8449da25c076
SHA512 3093f95ff3086bbb677c125c7b66de505c0a862be534bbe09d97e408479473f2caf7c78c7e46c61812a33cddf5e2a5bdc1f128a19e2d85e4d4139193cf7b2050

C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUI.msi.tmp

MD5 da055e85cde1e50483c8fddd6fa6449c
SHA1 09684dc4a534e9725ae553a5b484ed4341024400
SHA256 7bab8aac674531dc6040447703e7e11b9a64d03a2e5e7f2d3e867e8e5d4cd65c
SHA512 57234b173b580b0a95cfc73ad9907056aba3205b061b6514ca5f636e9de11f7b30001f2fcbc3e846f8adf4a7edf9f5d9fef5decf6cfefedcc9b5bb7b979848a8

C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUI.xml.tmp

MD5 b55ce9652b6b81902ad699921d2a9aad
SHA1 ce18d1025d63e11b3df54c4f6aada7e7eaec40d2
SHA256 2890f6957fc09c32d9bd21db396f6cca99489fa9254d81df9aa70c99909f0a0b
SHA512 644ef47816965413e4ee67831c42c6cafd514318c5fcc734650ada45c8c0f40649f99cd3ce06e180d210687e69053340367fa239f7eaca51556e961bc084cfba

C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUISet.msi.tmp

MD5 d7cdbf0d7ade16fcc601719fdf52d372
SHA1 c867c40b6a93408582c660987e92cf0d2be99ec8
SHA256 891ca7a23242223d9d70be18791305514490db382ceede1b8d3b3e673bb4c14a
SHA512 10fca82916de33f5061cde3aa7cdf9d8b11ab3bf18b7df93f8745790910b560513b0593b5172e37605a7d867c1d9d1530fe84859d29c3b3a60ffa0fa96e30824

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 04:36

Reported

2024-06-17 04:38

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4998a3c207660a594996fcc3cc8b1150_NeikiAnalytics.exe"

Signatures

Renames multiple (5050) files with added filename extension

ransomware

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\Zombie.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\4998a3c207660a594996fcc3cc8b1150_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\SysWOW64\Zombie.exe C:\Users\Admin\AppData\Local\Temp\4998a3c207660a594996fcc3cc8b1150_NeikiAnalytics.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationCore.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\t2k.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial Black-Arial.xml.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Claims.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javac.exe.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ppd.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\UCRTBASE.DLL.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.resources.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Riblet.eftx.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\EntityPicker.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-libraryloader-l1-1-0.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ppd.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Common Files\System\ado\msadox.dll.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\hostpolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\IFDPINTL.DLL.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSTYLE.DLL.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-oob.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ppd.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-pl.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Registry.dll.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\javafx\directshow.md.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Resources.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Internet Explorer\IEShims.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.VisualBasic.dll.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.XLA.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.config.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\3082\MSO.ACL.tmp C:\Windows\SysWOW64\Zombie.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.ProgressiveProcessing.dll.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\it.txt.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Registry.dll.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceProcess.dll.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_200_percent.pak.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ast.txt.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Requests.dll.tmp C:\Users\Admin\AppData\Local\Temp\_.arguments.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\4998a3c207660a594996fcc3cc8b1150_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\4998a3c207660a594996fcc3cc8b1150_NeikiAnalytics.exe"

C:\Windows\SysWOW64\Zombie.exe

"C:\Windows\system32\Zombie.exe"

C:\Users\Admin\AppData\Local\Temp\_.arguments.exe

"_.arguments.exe"

Network

Country Destination Domain Proto
US 52.111.227.11:443 tcp

Files

C:\Windows\SysWOW64\Zombie.exe

MD5 21ae9849890d62c7a72918ca6ee20683
SHA1 01a66bda34b952a46c01aaa5a950e3ae31c4b7c8
SHA256 3d065a242f094ac6ccac115b2abe8c7079d459b17cb5f03d4e01294fb4711c1a
SHA512 74a713c716a808765e172c526ed7cc261e1d656cc090c81953df826578fe177c80aed4446da585e0e728327961ec4b389e1d84a4e89e9398a413d90356aa6ce9

C:\Users\Admin\AppData\Local\Temp\_.arguments.exe

MD5 3b6f13c67a2434cf25ec1e688a9b03a6
SHA1 eb71811b7c498010260e014c6cc23a3a7e6912e8
SHA256 3c065dd13e141e9b65c98e590d4e40a36955c5e2dbc149e17e99d6114ff21d0c
SHA512 d3a46040f2c1adb1b5bfaef0139f384b563600c2184baeb23e7a39d56cfd3eb25c0b95d79caf55a85ce2249ae357f89f9d88103f74b0d446872b350fc025263d

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 ffc7cf82cafc614d8769dddf4bc05f33
SHA1 77632b0053568ce3a1512283ecb973981a5ac39f
SHA256 ec9215e141e6c641a371f5626649adc4e4bce1c50f0062f64ea771035790ce31
SHA512 baa464842ba8337d75293a415faaa8e26f7387f2baebd5beae3e7f4aafa2855d7789ab8a95f9c074c6cbdf742e67ef88e83faa291af98e8b34b7ae3c20d46142

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.exe.tmp

MD5 a1f76da893dd97477f79598fcbd51a60
SHA1 b37deeb972d30d2b0ee8b114ebacf0171fdd97e2
SHA256 94575d2a2d72ea1281a78894fa145f67cd1bafb0b658ea4732bc61ce9499e9a3
SHA512 c6cfa104f8083f5f5a6851627e6cfd0942ce506ef6ee004b3d2f7f7df5e5140de6d37a452d220f582c9f3c098584aba51b200f83e45b83286869198ba88567ae

C:\Program Files\7-Zip\7-zip.chm.exe

MD5 0e738eb6db5f1b9dac45161a1db34edd
SHA1 ea365ca5ada7019e0164593ad6cf1f24a6d8009c
SHA256 b33beb38e9b59fe637e3435dcd39521e6b1c5690aaada25d021138980ccb74cf
SHA512 bfb5444dd3de33c0e6e0837b45689ede2435b3666ddc55c7d99806a94e6c99e765dea6838600c8f6054988be09b3397beb0b904c19f559568e26edca195d2b8c

C:\Program Files\7-Zip\7-zip.dll.exe

MD5 5c5328abfcea388fc11c615f0ef3c8e1
SHA1 19aae420bcc8f822e406474f18c77061c2de8464
SHA256 121e06d79c79bab662f30a8a5a34925c6924476bc233c7bee10a56cd0f248aa2
SHA512 ad2c7c1569b78987fa8acb4f1c2b0efd56f866992181d4bfa17c3cd656d6403fb4d77039c1cabd95849de016ed8921c5f5100dacd4ff6074c31395bedf9a5d93

C:\Program Files\7-Zip\7z.dll.tmp

MD5 11d5b29f5a2cf331da6a96ef900cdc17
SHA1 f6a0951023e6ecb865c5d69a022340c7d8db49ab
SHA256 23f53faee1c5e93f6dc0c8de7e625ce8db598234e44b4a4f692a673f09f4b6d5
SHA512 e07c91c5b6f490a0bb31f0b5865a4be5a06dcce28f64566eaafd9a855a5e45fa2d978e3b942d057516b211a826f63046de08ab6ef9b3c95c62dea3f0ae2355ca

C:\Program Files\7-Zip\7z.dll.tmp

MD5 1dec20068f74c9d7633ee9935101755b
SHA1 622ccafe3293da5bfc5dd6d22c1d253db60679bc
SHA256 b971699d2ad7ceb74ecfc2b8ca5c392ffbde3694041be3dbcaca48afa3af2b22
SHA512 f33d137f1353964a73ddf5db18ba128db077fad48d7f976f5b4317fe2e4667e9d2ff69aad11efc39d92034c44972baf25855e9e41768f2d268fd60e593276bbc

C:\Program Files\7-Zip\7z.exe.tmp

MD5 a6117f9523177ec74b79da0ad1b300a9
SHA1 87eb5c0b6747cc4731619741fa11c49f282545d3
SHA256 ef8834be2a6e75b242776524e976662c514fb390601db7fecea5b2de3521ab27
SHA512 54dc8d688ffdfd2d7e06930df093105b5e6d0d11c89c46943aca34ae32b55cfffde148c626d28ffb55afa4e5069b2b71f0379c0610b87acac366982cc44634c4

C:\Program Files\7-Zip\7zCon.sfx.tmp

MD5 4aa48c62f56912b244326b12812d2871
SHA1 1947e20801af66d76465baa193da0a636f354497
SHA256 bdc0bbedb313bf5a119371d25826421b1ef102302b458796170995e3d28f10d3
SHA512 73f453a1ef4a73a9de4e6e1704f024d8822aa956f49578671bc82a4d0ababe3e56cc963b159728668144fc1ad0d608aa5bcf9ba9a20a558c004c0e1a2d0a21cb

C:\Program Files\7-Zip\7zFM.exe.tmp

MD5 a6cdaaca015d6f7be990acce715cd1bf
SHA1 b49ee43d0f06a9de11d1a45660a75f28746b68ef
SHA256 f23a05b7d49151e021c0c68ce445350c808c4d0a539b7a1419d9aeafb2a4e728
SHA512 87bab018dcec1130a1f437cb2d91c09b984fc49d59c26730620014b9f2ff15159c8f7a1f80b30dad4813440b0c17f120a93766bdac4aa36b44186a6856c6ed58

C:\Program Files\7-Zip\7zG.exe

MD5 64fc87ebf88eaa2c5e0a773f9ceaef77
SHA1 9e1c61f73717089c6cc6b25a0a1fdb665b5b368e
SHA256 464538b8b41cd0051ff8310ba9bf87eab3d05310c5887f8ed17b4a66ef37510f
SHA512 71f6aff35842403f1501903eec38bf8c4ab48a01021cdb070c31d2e587c28ecb6f7398a962ae4c069e4dda2805ca25d1fff35fb6c87e4a24cf87ba4481baf256

C:\Program Files\7-Zip\descript.ion.tmp

MD5 92837ff09fd529e5745461aaff8e5b54
SHA1 2370c119e4cf9588158075e1f9aad24cd245aeb9
SHA256 46cbc36b21fe73f4d470f1d346a28449067ff67114c268de4b345fb7e6cb06f2
SHA512 b2e00520d7fd7477e1df98ecca02a9ed20cd805e704e093447531c48cf2907e676fcc990b4755032abdc5a5591cc0422739e60fb1fe18231726609443c097770

C:\Program Files\7-Zip\History.txt.tmp

MD5 60a290e331aadbe92f1189c317531ca7
SHA1 c53201d736d063e3350343402d12bf34839d6588
SHA256 d91ac25a831f3d9fd8c57e9cf3514cd0f14bfebbdaf40e3f2caf971f3610a282
SHA512 7281bb36708f26b5daa4591f9f0fcd90c00aff23b3e02650389fdc9e08491fb4b78a17c07e1b89f84d16ba22bdc75fd0f37f613212257d402f86961e36ddd47e

C:\Program Files\7-Zip\Lang\af.txt.tmp

MD5 1055b2a7164d6f9ab379bdc8520f4b08
SHA1 f4f30c6378895fbc8d1012371037c36dfca435a6
SHA256 fc359eb86f6c804b23778fd55f7d563fe573d82cdc6f583ddec710b03c4adb44
SHA512 5a91f8eb01ef45b68353d68a044bf9c651c137bf2f27b4b6ad33d6f29ab3717721f1e78f4f2a4042cc7ab9903694142a0694b42cbeeb1dcfcd8de0fd7bf5f35d

C:\Program Files\7-Zip\Lang\ar.txt.tmp

MD5 2a4d8999f09807eeba17231f15513950
SHA1 cc0afd83fe1c5504eaa47170f1710e6f39b11de5
SHA256 3a33de297a5bcc93cacc766cadb67b08853c37a07444db9571b4e5e9a670c810
SHA512 a7e18fbb6824cc70c28ccf805c787c4d8834731706ba17360e413e6f630012db5b8b673125c41b13500c35adb818f55806df4a84d6c836952678f7400d9f2d57

C:\Program Files\7-Zip\Lang\ast.txt.tmp

MD5 5a9cf0c63b25de9881ca3617df86c877
SHA1 b4340c5474d27ea074b2224446364db7efdee38c
SHA256 a04ad11e48c23bae7843e26ddd6c036e71ab55368eb80b8016af991f4a0e4103
SHA512 0a11f6dbb418f287301deefe026074ac27442b49d1b28861982cb6e6fbb14262ffbd661e94b4f8ccec71efdbfdb32682db3b55c9baaa87a522787e663d0e86b2

C:\Program Files\7-Zip\Lang\ba.txt.tmp

MD5 93820f5e2453f4b90b6d728ebae70e40
SHA1 8a4bc0a972d2acc26c755c4d3ec1f954d6eee78d
SHA256 7ef536e780e0b2dda1408fe59607e612aa277b22ee49771dc4f486b3af3ed2dc
SHA512 967ea4aaa4f2995c3186c0155d929bee5be49ef456c46de5b842e12b931711bd4dce0f52e6dab680c88fdeab4f0e60319a5f8c000a406d3db29363f2bddf9a32

C:\Program Files\7-Zip\Lang\be.txt.tmp

MD5 ba633c6fade65c7e0f10b9388492e115
SHA1 db9221883adc6e2ac03f1147436ac248ab944c7e
SHA256 e53a60eea9d540d32df87b45ec5900c9844927e8c77a0763f536f099b8705d17
SHA512 706263bbc71b449c59bde213cf81b56089546388137d6552ecdeb61a3c864ea2a937bee06602166a836873a93b468a482b31e7a7d4259a74074584ca1519b6bb

C:\Program Files\7-Zip\Lang\bg.txt.tmp

MD5 34134c65ab648a30ba6fb01719ad1209
SHA1 cc789fc0df83be319fe3addc745f019de6fe70f2
SHA256 769395d9c066d17993a683eefe42855d1172c60ffd8385d2ec9790724cefc420
SHA512 57f98ad8573dc19759c9831e51e86504481cb63a58cfc0098c7684e5a5e4c43c953e460ccedfe27d0cd1e5367ef2a4ada69cddc3799d100a4026278ecf1793ce

C:\Program Files\7-Zip\Lang\bn.txt.tmp

MD5 dadf4fb2d7dfe3a68205be55fe41d5bc
SHA1 00292239be532e39004f3624f9b4526c21988f4c
SHA256 8f8c5d0586c8eb1448b68ad7be4e134f6173fc960b0b0488e9a73e5ed54b0596
SHA512 a9d47cbe78e9fd7dc0b462e2479848e67a671eaf5b0fb970b21b3d931575fac216b42edebbc2b2959de83789703bc31e23a01adf4fb01df044b2c3b855f89617

C:\Program Files\7-Zip\Lang\br.txt.tmp

MD5 b6dabaf0741fb10a0115cac71dbd6b3f
SHA1 a7d0202783b77a31c90aef50b3dbf545a8fe32a4
SHA256 82770f28535ab531210f8efe2f290d713aaa30aa2b16b4dc833c452fbd2af838
SHA512 009abfa6faa3480de542e9cfa96ec36224b30614611e39cc449fff82e1832d4d52ce8f289d9f144bee74e0723bdbeb835b095219fb86cf397c8e4e5f4718b009

C:\Program Files\7-Zip\Lang\ca.txt.tmp

MD5 1705dd55de0ca25171922922cc780665
SHA1 77891725662fecf1389eff4df691e46575685720
SHA256 7d8dfde67c054fdc567d3ff30964f5e20c579dce643ccb15b8f5214401e99083
SHA512 bc27a5f6f449cb7ca6e01d371900d93e3f521cc03327b53b5ebb8a99d962bd48424fad8cff7b0ff231af77d8a8dbb1dde397b02259591e34390156d067f8b03d

C:\Program Files\7-Zip\Lang\co.txt.tmp

MD5 77d990655701d25f1664aec0e45219d2
SHA1 cab6ad90e378839f2a202fbb1aa2f31ee58d98c7
SHA256 30cf920da835f3cd89e8cbc9ad0fe3cbf4d8427275f2dae0c9bc11e7fb6a3883
SHA512 9d8d949c5bade371065db7727e0dcc4e40925a83cc86e61570465432b11e881eeb7fcfbeff5bf71b8671acdc59d86b4ad6e533e08504821f8370f5a70de68b3a

C:\Program Files\7-Zip\Lang\cs.txt.tmp

MD5 3096fbdae95e665837fdc73f2d40ebb7
SHA1 fcc660560266eaee0b67a32130c38986c58758d1
SHA256 38036382cbca2afbf48b1e9c593b35aa02f4c2d14d87f07d011192fd963bf7b1
SHA512 db489c5ef0f59624fcdba18a54f520731316ba7c11793aaf15bdc663df5d5cc36f66b5fe8f44f1a060480691bd019783f142b9309dcfe96e596da822369fead9

C:\Program Files\7-Zip\Lang\da.txt.tmp

MD5 6c9d0c06ca55f546882816f7c5d96b9c
SHA1 05d4ee6ab8c04d66114817ed711141ecaf532779
SHA256 7d05266c0d6841cd26399b942b1ce5744c0a2655d7dc4c272140562e43c1ac23
SHA512 0b23edcc5953bdfbc6f570e07377785223a1abb9008077c933cae439f2f5d8b05ddac7f6fa1b6f28865d76dc404ac6fa975c852396061eec78370b6ba66cb2a1

C:\Program Files\7-Zip\Lang\de.txt.tmp

MD5 70d24e48e0c8dd3e6f58a003980ded0f
SHA1 b4b1aa069b1024b5c445066e9a5fd05308388987
SHA256 9b6cd3654af9824fa9deaf58aa83b52c45d2b7bf18ba9a3abe4d0d12c0200f2d
SHA512 3da38b70071686e8de27eabebf28234b06ee818c36293f887b3a4f16a69c5f0e1ac438a6cbfa7e9744995e225e8957e4c1122f989678b7e2285e54dbd5de0d0f

C:\Program Files\7-Zip\Lang\eo.txt.tmp

MD5 5ac711e3971c5c2284e85c9f63df6ec5
SHA1 176f1d7a97d5e7b0d6f907433d3655f9c99ca524
SHA256 fdb8ef40159ee7e69d35236d84c9531903c0ba757f924a2c0c47439c5cebbc53
SHA512 a21da8971eeae476b3fc50c2ccf3eb9d6b4389c1f4283bf7e698d31509fcd49bc81a7703607875b35af7e4b7aae501b210103b396c2683ef199057985f3e2da7

C:\Program Files\7-Zip\Lang\es.txt.tmp

MD5 db65b36f7901b77c994c9da7bae5e4a4
SHA1 69a21d090b838791253a824fdc1d489978aeca72
SHA256 fdd0e271a67ad47977b7e76e1d17b9d9281872e2eceb4e53bc4c4f65003905c8
SHA512 41cc14834fe0dd05f10787a3e9a55507062bf4ad9648409bc8b295d802d356396b90e97e5f83f3672a763d232c45c70e0006854d66449ace620e1bda8428979c

C:\Program Files\7-Zip\Lang\eu.txt.tmp

MD5 0c35e56c3a531f2e557bc8fb0deea00b
SHA1 8fafecc5f6e2a9e122beef47767b938acee40946
SHA256 fca905221a6cc5311383b4d62b67d13f1db328f5782c84e3f7b2f3ba11cf97d1
SHA512 42434aab396bd46b3cd9f859d9c48efe55fc34a0ebf6da7a0d386816c074880aba9d1e1c7d92d254e27a90b2878da891a6e55c3a962b3949253acc53b3758950

C:\Program Files\7-Zip\Lang\ext.txt.tmp

MD5 4258c3ef9c40b65ff4bbdb1a62decfaf
SHA1 e9975cc541d5eec461631a556f6c68a6d9428497
SHA256 8eaada22339089d0fb8985ea022f58dab008dd6407cac57c2bd5b23b756b354f
SHA512 9bdb5da3e9f7b097349d7accd790334db188141157ac325f4c90873fd62026f8c87667aaa1f7e9eff77846cd5f93e7db3c9d29a26cf69d89397eca4d3cd58f77

C:\Program Files\7-Zip\Lang\fa.txt.tmp

MD5 1decbade952a28b1a9850bf39ff02691
SHA1 0d367ef5e6b1bbc25fc893c3ec051a65f137ee56
SHA256 3351de8b58fc3d930c281d7abfccfef36272730a52eaf475d09354f16602982f
SHA512 d775802165649edee69c15d717beb24672f728067c778e940bc32e90629164a65f108e36b201fec7c56e18a038e8408425831c56f47a448395a282e01c6aee90

C:\Program Files\7-Zip\Lang\fi.txt.tmp

MD5 be36084846424c00b82733479d4d02a7
SHA1 17d08c3f3c590200436d7b99ffcfa0a4cbe0ced7
SHA256 65a2fec279a01338f22559206442d2d8157220af64e075b78c924e9c78897017
SHA512 ff12890f90bab006cc26f495e85cc0ca668cf2346b6eed187362d847e23493bd053b2764eceb3379a60d8a6b360243d60b2d3c6dcc345ccb27e0ba8369724eb7

C:\Program Files\7-Zip\Lang\fur.txt.tmp

MD5 9d50a4802f2cf40e8070cbae7329a686
SHA1 cfb0031af4b87ec4f0237f447b48f6a17885ea68
SHA256 f7ebab543ef759b86beed49d2f8191c4c0e13436fbcf77ef9c53edf649b291e0
SHA512 f56a5322fd7c88d0a3ff2f26164aa0977da4c7b2dd58953802e0bd60a8ecbc07f34e2808734d195eb015cee38b62b86c1460b38549d4469166e465956476b91c

C:\Program Files\7-Zip\Lang\fy.txt.tmp

MD5 2cdb2b0dbcb975134a59e5421031b97f
SHA1 54fc3db0480cff40d60231924f7d3a910948b6c5
SHA256 7c5840d62ee340828b588b6ba9611fcc49138bcf7c6aa35439c143520f300fcd
SHA512 ea8081a624427cc34819531a21d71781d90e92ccc7b38adf87b7177eee329fbb219c667496987d1570d77bf9ae195e42ba34a1745f77885e0ff63582cadb15fb

C:\Program Files\7-Zip\Lang\ga.txt.tmp

MD5 b4a02e825d235426efae8147826862f9
SHA1 ae94406c9819f711e81a1b0caf104d04828ff583
SHA256 c074a16cbb514ddbea3385ddb82e095b254918b59ecd8346c2b547e33b1eab49
SHA512 e9c0327ce64d69533a6b27ee5dbb1f478daf3c625ea2932f1aacb3c35a76ef7cfaf3f8c6d330060cb13017a2f8293ae808f6d8fe2f00f3d36e3d0f35b5ef2753

C:\Program Files\7-Zip\Lang\gl.txt.tmp

MD5 2e476987ab8d66f70508e039f045a490
SHA1 e13499d1739d8fef32bb018432b272086229e1a7
SHA256 7a225e5866a15c12fc000f2a4b8b95090c3f09c097f42e0cdd145f370aec2592
SHA512 5d575e116ecff26b22a0b99501ae51b09cae49438710ee47fb07bc4e76b713d7b2ab9cb77e87b5971de8763f34adf1fdb932ddbf4eae511843498c5f9f49f8f6

C:\Program Files\7-Zip\Lang\hi.txt.tmp

MD5 8e612f634d6ecbb7ad07df985d80935b
SHA1 4e39f5beb3899b80103fbdd0fe55b47c118ac253
SHA256 64e91b9a85d4df73d344f776d85aad383dd4a3d43708c33f7bd1ee55c3c61209
SHA512 af54c1e830e82fc5ae24c0d6c86e7987422f5ccd17de0850ad9cf21c6251a64c68c0bed4dda5523ddba761633554382c8bb6661ecbc42d2bff97431545859678

C:\Program Files\7-Zip\Lang\hr.txt.tmp

MD5 9d9b6236e091afffa7f57520f4b1b5d2
SHA1 fbb6ccc700c23135b2eecdec52e035b1d11e5b4f
SHA256 2962bb86ff664b98c69701866b885dd1e0cb57826f2625425c4058929230e9ba
SHA512 0cdce3eb65786988be2d5343ab921dc1f0f6875337a889ce9334f05d49487ccfae33dec83e52814b1e40ef914e4d9b7b9e9575ff9269b8f1e827650a2ee91a57

C:\Program Files\7-Zip\Lang\hu.txt.tmp

MD5 7c599308085ccb37d7291ef50c896e3a
SHA1 ada4c6c69bfc7dabbbd51e828ef875dac01fac70
SHA256 48a501b886fa69850f207ff671bacc435aee0f827897ee5a805a41ba25c4bd1c
SHA512 9b1221c5ed41010c0a566f82a92adf7a88351e09f9c91361bab7a53e09a6a1788d15d90b33b23810b82c0ddc006a19992f2313b8f532c54df513ead1baa59c8c

C:\Program Files\7-Zip\Lang\id.txt.tmp

MD5 65fc9a1bfa91f59f935cbb0aaddad974
SHA1 8117ee88d2a42f66e2d5ac71b995de3805e0fd09
SHA256 277e39f6d023e5478d6d15494787e7cc12797ed5c667d4ad6850926facca259f
SHA512 4a83a1e9218438304e0c81ff1741e87d235259265c2ae62744f58c9701994b2a6718e53725df966391c42d7614a2daf9075fcbe0ddb854934496a79ff7936756

C:\Program Files\7-Zip\Lang\io.txt.tmp

MD5 2dc5272452d667af7b9c836d4c0783d0
SHA1 b510a3e5ecc99532246644f5770cc53e2ce16a8c
SHA256 b492150b905e8a04db5c005e567c3fe190e26b944c1f30c0c18d1589f2159b93
SHA512 4b17856d9b833920bf0e87af0f4b27289a96814ce14579fc898ece4070f23907731802e2c276740e143822659ec84281546bb0dc6c653c4404df303f80ee3b22

C:\Program Files\7-Zip\Lang\it.txt.tmp

MD5 0b14f7768db3cea1d8c0593780746050
SHA1 fe966a1fa3866293359b4400d54a46d89dba302c
SHA256 0ef53e33e7242b404e318f3ca96931307e47d4c1f9e49c0e0bf43cb5d9ecbb34
SHA512 82129b2e0069c2a4de742eeda8e2f73268cd0b74c97e17fa96a2dd3e9effc5d343b5d43e149fef3bf3ca8cd4674ceb2a1e0c64c778bff73eb34c6e9103735ea2

C:\Program Files\7-Zip\Lang\ja.txt.tmp

MD5 3e979a28ccc8dd85837d6961f0c0e373
SHA1 04679155723939f926c1f48f2b3ea9b9c45cbd8d
SHA256 df42d6d81ed980187019b03653eebb0446ecbbbb4ea6fc7506020138c0cad4a3
SHA512 7ebae3acf87eacc80f1d27ffc0174f9c8d0e251148d13b56ca078481922855c413f2ac05e1116a689d7b46d967ecf74b602c92f5280e07d84194db200c94728f

C:\Program Files\7-Zip\Lang\kaa.txt.tmp

MD5 1b63cfe0ebf646cc12f506051fc570a4
SHA1 c8702d221f7f59075da9451dda8eb6c0dc1a7723
SHA256 47dfe99ca9e11fb873a2d9a9c17f35cb077b6e36f0dc3a296e4eb7c4ea2cdf25
SHA512 dcc524dc462a8bd3864e4dfd7a40d95d0f3502ac0e300837b5a59aadfd7b0e1dc20c55ad8da6feb15512a181e4cc9621835f013d0353c863e0fd8bfa1134e3cf

C:\Program Files\7-Zip\Lang\kab.txt.tmp

MD5 f4a9620ead6e05439d3d8c81aef2565d
SHA1 98855b60346466802639679df291ef13b638a6aa
SHA256 d63d5ab44fbc4ca629488e88176b442d762c03805bc3e38861f03952e8d32e49
SHA512 27398a5112bd562ecc0ed0d3d2dcd234935adad081371fdadc31f47b6964c2ae32a96247bcf1810b7bbe82c5b99c20941fac23fd95ce7b3fdb11ef9aa261110c

C:\Program Files\7-Zip\Lang\kk.txt.tmp

MD5 8f2d6e7b56846f957a312c9e84515895
SHA1 11cf8c6ef53fcd5805f2ef432d9fe7c84a8e5e09
SHA256 22b955415cf993893d65561c9ed4bcecfdb798c7e60555979ecf832cec0a1f65
SHA512 10144edbddefd7b6f50d3b6226f26c400c582c05655eda07750b535fbb193cbd0b30abfd2cccd315808a0a9e5a79a9f7c48dc90884026367a24eae1864d4c104

C:\Program Files\7-Zip\Lang\ko.txt.tmp

MD5 2465ce86561c1190e4b862beed0f2ecf
SHA1 c22bb4d8c33e718d7da841dc6653e27e12b76a5e
SHA256 565d1633fd4599dc51b2c82ffd041b91a5046317a15feeb22b14efe47abdbd82
SHA512 231bf0db528e205cb691388f994fa40160aed5c25b14f43d5eea3f9ddd17936836b45f0dbc491790c5a03a188e2c34b87b26eb81b8b222760b12d7bca477cea4

C:\Program Files\7-Zip\Lang\ky.txt.tmp

MD5 fb699ad10491566c4103f1d2cea2ed06
SHA1 a57b85c8e40d15f86b2a9317b48f03607fef7834
SHA256 a574fdf0a170fd1b370f6e3d2d581927396c8a0e7e723b6b69406260ad203cf2
SHA512 74610fad9c33dab141a907d5e7d9fab47c3cabe58c904179c8c3a4cc490f3e00f0f5ae6d0e753ad6a3bf209317cc40625aa41a277823bd1b69c57c586abf4c77

C:\Program Files\7-Zip\Lang\lij.txt.tmp

MD5 9810c9f2f37df83a0bf1c9c69aff871a
SHA1 580ae3aeb98aab8081a518fcb428496392ff7a5f
SHA256 23ec31a03cb276bae36623de6f4d3526786cb8628fdcbb81643e9231f6876f2d
SHA512 194e7c616551049e62fe1fbd436fa0d13b58f2fd8420466fe30b32321665a3573f56d289417d5b2c505f6d65a722b31a1da4b994ce2d6153c8e5674bf9196c39

C:\Program Files\7-Zip\Lang\lt.txt.tmp

MD5 29a394edb6c8c8e178d3b985ccd853b5
SHA1 d378760422659668124b86556f1f1d6379aa3e24
SHA256 cdfa08d74e9cb1b05d72f68d47b0d9690dccf231eae00f166aaf703a254f5a69
SHA512 e581faf23fb1ae6e492e82f66fb319fb6b1a801058fbc6ac8b2a2c10d16e9036ba6c22e619212508b8ed263e2e5c6e9e5995246ad7cb047bd9722bb178a35a5a

C:\Program Files\7-Zip\Lang\lv.txt.tmp

MD5 ff9821ceda1c9d47a0c2840593347e83
SHA1 6e42afda62b96dabfa00c34c05ee56f469401c2b
SHA256 78dd4eea7369f459b2b11db7f997b9ef02fa66767e7d89ef199ef6e2c54a103d
SHA512 5e9832a94de0e11ed0315dbe37143a3487a0898da8d7797523afcf2f17bc1ed90bda3c1e0d54cf3c5fbda273a84d20cc6cec8c6ce9b72b9e30becbc4aaabbe9c

C:\Program Files\7-Zip\Lang\mk.txt.tmp

MD5 d45ddcfe5792228ca10541846e9ea94b
SHA1 108d24f8b11b88fefeb650b980f08287fc34ae9d
SHA256 bb9ff46bb4c734ca638e9b273cc4889da3216304d9ff5eae352b0adaae648e16
SHA512 f3b88ea6d0d790d4df6d3235538e5fff8d9127abc92528566bb9ac6d852dea443c42b08acb142cc9234ed66c468a17ad4e735736b4d2c93627d876c42cacada7

C:\Program Files\7-Zip\Lang\mn.txt.tmp

MD5 c2069ffdcc5766d74ddf34b388421e32
SHA1 d1dbff8e7d944e5302c6e27c4a53195e747c1a20
SHA256 735b4dc1d1120652cbca1cff87d38792a0d89952b8a79137b4873167848fd582
SHA512 07cd51329e7ed362ee61da2180a8199618b2c9ed919a08a015e8f4b47b74aac5cd5c9f1e9ad2fe6afb0c5a41b0cb8414f0814f8514352232dbc7ba5200c80a11

C:\Program Files\7-Zip\Lang\mng.txt.tmp

MD5 071fccb76b80b3ba054ac7e63d089849
SHA1 f1ae864325492895be1e3a02484ba3b91268fb30
SHA256 bc14e6e4d2743fa5fb9f0631db15dd4ff4b848ab657f7ff024cb5b8957b23da1
SHA512 a2e9efff6d1310c84e94d995abd2d919fcd599397d8e1b0003441f9d6cc20958e62f5b53966d63123255621a591e6c943c4df6b4fe9201106e10127248a0565c

C:\Program Files\7-Zip\Lang\mng2.txt.tmp

MD5 dd917b9c4c1b2b08dc0e2c43d9424f7f
SHA1 a2b9d9b69dd48ca8e11c6dd2e8c2f9e3418a8225
SHA256 08fa790e756ee5dfe2a087a6b5990675780fbb489f1f1a32ec3dfc13cdba13b3
SHA512 382f48e0f858545b5d3673f6f86395460e7d1cbe860882b57da1ea83b8a85f7f4208334017019506b7277c4b3fc066177c8788f1d4626ecbd4f8fb8edb9d6223

C:\Program Files\7-Zip\Lang\ms.txt.tmp

MD5 d8867e1e6e291d7af9d8054a9c6e3831
SHA1 b764ea7c69697635ec9cbe184db0a60c05cdc612
SHA256 c70e1dfe06e82e1604768fe2631911497166379b0758ca478e0aeb5992882ec4
SHA512 d369ee53d16ef941cc4aba61057fcae1f937592ed9d8eb49d8f0eb2f6282aedf8535fadaf58a89e9e3c8caa3e534888a59b9204e06e05994ea039852905481d8

C:\Program Files\7-Zip\Lang\nb.txt.tmp

MD5 a26a6227979145acb9a7733b356c483d
SHA1 edfcf9db8f518a7fb09f31ffb5363b11faf319fc
SHA256 40bf91d96e6ecbbf40bc1ff5a3477fb4c785e2014580114639268aa34550a908
SHA512 42391e01aa438d3b5c21fbba0c18272241db08cc68d8bcab84d95cd2f64abba034c7b5dc479b322d08419a87836e647113b5f7039357c4f19010f9ea90b7c613

C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.Vectors.dll.tmp

MD5 6655d838f4b81303a614d4fa415816b0
SHA1 fa198e44069f259b591ce50c8d33cd868188c730
SHA256 6768a3ac9d59ad2a70c0baf736db141f1f8b1d5b672e1c6f14ed2fb5420fa633
SHA512 10df1ebddcbe696adcef01e39e023e3154a4d4b5eeea8f06794c886ec4f26e2d25b10d6b30c397d865e9e1216488e6f8b97e81d08811b60d63243ba43500a1a8