Malware Analysis Report

2024-11-30 11:43

Sample ID 240224-2cs9qagf6v
Target 2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside
SHA256 b8c53972ca8e7c683183a34b5a4e17f04d9bca80d8d2e156e99fb8973d41f6b9
Tags
ransomware spyware stealer lockbit
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b8c53972ca8e7c683183a34b5a4e17f04d9bca80d8d2e156e99fb8973d41f6b9

Threat Level: Known bad

The file 2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside was found to be: Known bad.

Malicious Activity Summary

ransomware spyware stealer lockbit

Lockbit family

Rule to detect Lockbit 3.0 ransomware Windows payload

Renames multiple (10618) files with added filename extension

Renames multiple (8892) files with added filename extension

Loads dropped DLL

Deletes itself

Reads user/profile data of web browsers

Executes dropped EXE

Checks computer location settings

Drops desktop.ini file(s)

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in System32 directory

Sets desktop wallpaper using registry

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Modifies Control Panel

Suspicious behavior: RenamesItself

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-24 22:26

Signatures

Lockbit family

lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-24 22:26

Reported

2024-02-24 22:29

Platform

win10v2004-20240221-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe"

Signatures

Renames multiple (10618) files with added filename extension

ransomware

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000\Control Panel\International\Geo\Nation C:\ProgramData\2CA5.tmp N/A

Deletes itself

Description Indicator Process Target
N/A N/A C:\ProgramData\2CA5.tmp N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\ProgramData\2CA5.tmp N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\$Recycle.Bin\S-1-5-21-1790404759-2178872477-2616469472-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-1790404759-2178872477-2616469472-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\spool\PRINTERS\00002.SPL C:\Windows\splwow64.exe N/A
File created C:\Windows\system32\spool\PRINTERS\PPi_0d2kh01nlchofsbpvcbse0.TMP C:\Windows\system32\printfilterpipelinesvc.exe N/A
File created C:\Windows\system32\spool\PRINTERS\PP9upy1fr72ukf0p0tyirn6oi6c.TMP C:\Windows\system32\printfilterpipelinesvc.exe N/A
File created C:\Windows\system32\spool\PRINTERS\PPi0j_3w9gboofj1z9cqodpsam.TMP C:\Windows\system32\printfilterpipelinesvc.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\8O1xgE2fH.bmp" C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\8O1xgE2fH.bmp" C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\ProgramData\2CA5.tmp N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_fr_135x40.svg C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\[email protected] C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\reflow.api C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\8O1xgE2fH.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-256_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\System.Windows.Forms.resources.dll C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-24_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\8O1xgE2fH.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\GKExcel.dll C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\8O1xgE2fH.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msadox.dll.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\SegXbox2.ttf C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-60_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sr-Latn-RS\View3d\8O1xgE2fH.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL048.XML C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\ext\meta-index.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EQUATION\8O1xgE2fH.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\_Resources\22.rsrc C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-256_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL104.XML.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-pl.xrm-ms.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\8O1xgE2fH.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\8O1xgE2fH.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\cs-cz\8O1xgE2fH.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_gather_plugin.dll.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ar-ae\ui-strings.js C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\sv-se\8O1xgE2fH.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSGet.Resource.psd1 C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\he-IL\View3d\8O1xgE2fH.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\8O1xgE2fH.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\zh-tw\ui-strings.js.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Windows Media Player\it-IT\wmpnetwk.exe.mui.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\adcjavas.inc C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Snippets\ShouldNotThrow.snippets.ps1xml C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\fil-PH\View3d\3DViewerProductDescription-universal.xml C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Excel.Tabular.dll C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\da-dk\8O1xgE2fH.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-36_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-140.png.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Windows.Forms.Design.resources.dll.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_en-GB.dll.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\notificationsUI\notificationCenter.js C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\MyOffice.RuntimeComponents.dll C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\rsod\powerpivot.x-none.msi.16.x-none.tree.dat.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\jfr\profile.jfc C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-400.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Weather_TileLargeSquare.scale-200.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Source Engine\8O1xgE2fH.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dll.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\Be.Tests.ps1.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-96_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-64_altform-colorize.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A

Enumerates physical storage devices

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000\Control Panel\Desktop C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000\Control Panel\Desktop\WallpaperStyle = "10" C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.8O1xgE2fH\ = "8O1xgE2fH" C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\8O1xgE2fH\DefaultIcon C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\8O1xgE2fH\DefaultIcon\ = "C:\\ProgramData\\8O1xgE2fH.ico" C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 404 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe C:\Windows\splwow64.exe
PID 404 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe C:\Windows\splwow64.exe
PID 4016 wrote to memory of 412 N/A C:\Windows\system32\printfilterpipelinesvc.exe C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
PID 4016 wrote to memory of 412 N/A C:\Windows\system32\printfilterpipelinesvc.exe C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
PID 404 wrote to memory of 3304 N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe C:\ProgramData\2CA5.tmp
PID 404 wrote to memory of 3304 N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe C:\ProgramData\2CA5.tmp
PID 404 wrote to memory of 3304 N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe C:\ProgramData\2CA5.tmp
PID 404 wrote to memory of 3304 N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe C:\ProgramData\2CA5.tmp
PID 3304 wrote to memory of 3964 N/A C:\ProgramData\2CA5.tmp C:\Windows\SysWOW64\cmd.exe
PID 3304 wrote to memory of 3964 N/A C:\ProgramData\2CA5.tmp C:\Windows\SysWOW64\cmd.exe
PID 3304 wrote to memory of 3964 N/A C:\ProgramData\2CA5.tmp C:\Windows\SysWOW64\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe

"C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe"

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\splwow64.exe

C:\Windows\splwow64.exe 12288

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc

C:\Windows\system32\printfilterpipelinesvc.exe

C:\Windows\system32\printfilterpipelinesvc.exe -Embedding

C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

/insertdoc "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\{9354ED3B-CB47-4CA0-B737-454213A6E504}.xps" 133532873039530000

C:\ProgramData\2CA5.tmp

"C:\ProgramData\2CA5.tmp"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\2CA5.tmp >> NUL

Network

Country Destination Domain Proto
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 177.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 208.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 179.178.17.96.in-addr.arpa udp

Files

memory/404-0-0x0000000003440000-0x0000000003450000-memory.dmp

memory/404-1-0x0000000003440000-0x0000000003450000-memory.dmp

memory/404-2-0x0000000003440000-0x0000000003450000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1790404759-2178872477-2616469472-1000\desktop.ini

MD5 50252d9ddefa26ff23c408ea0996c880
SHA1 6473d3d9affe76a873415dc2da1c114a4a2c7286
SHA256 6a3585e71e00a01b9199dda27a394c60cc3bf5d3be3fccd2cd6eadd6a2d827fa
SHA512 91c422d1e138684d80362e7dcce8ceeff943c45942a4d8e95df690ddde9811aed5032b3de04e0b46e20e3f3e367c406963b087aa4108d60fa84e745336849e6d

C:\$Recycle.Bin\S-1-5-21-1790404759-2178872477-2616469472-1000\EEEEEEEEEEE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

F:\$RECYCLE.BIN\S-1-5-21-1790404759-2178872477-2616469472-1000\DDDDDDDDDDD

MD5 775e23f16cf61b0f07db735321f7682c
SHA1 c1a7f96395acbe2bae748ed2ee5a5b728a3f6861
SHA256 f3ede3c88006a4016c44ff8e26c5965772d0eeae3bfac700334a4f32efb6cce2
SHA512 095c3597f5052d0be8002ecdee8367e116df776482a79ac3e1cffc2dabad794947c19442c139e7765d59369467aad269e2a1c6388a250f0f50a9ea68bf616367

C:\8O1xgE2fH.README.txt

MD5 03776d7fc884e7dac5501b18d24f354d
SHA1 bbcb2720d5059e47a6e7cf46fb157ca52cb27ec5
SHA256 441749090d1947fcd5ab715fee81be6e809f0d2d0b15430d119365f28c906e1c
SHA512 bc74a203946de88318f018ef00735041e12902e0f7547c24fdd09b7509ad22f8de233e91e514f7da49eebfcac1f3c86361c87337f19e0d29f4e945d1dcff05ef

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat

MD5 9c830143aee726e744958359e8f5b3d7
SHA1 c77ea32ffaf250b98013c99a726a0f22d11d6709
SHA256 aa39c66632952c0acf584a43e0013e56884cd76530eb8281aae4c3e2a8107e84
SHA512 531a93c4b2b7c16830c3a8f0746b4ac5e7c1c2abef0c63e8b9e997a0458990ce836987bef5900545727498d3dd794777edf75e047756cbb48aa89a212216c1a4

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat

MD5 2fc4401820edd648ebbcaefe008f86ce
SHA1 39e3f9a52a6d5002a248bf7d71b307f879b3a985
SHA256 c239ff72293e2ef409a0754d9f046c73edb66d243910927b9a08882ca2c65b71
SHA512 e346bc43214e58e585d6cd9155a1e2cdb2c3d40611ebeffdfb6127c3e7e6722e185c087546226d943f8b917adb31ac17c541c2f60dbab3f6f630487d409b8600

memory/404-8395-0x0000000003440000-0x0000000003450000-memory.dmp

memory/404-8403-0x0000000003440000-0x0000000003450000-memory.dmp

memory/404-8413-0x0000000003440000-0x0000000003450000-memory.dmp

C:\Program Files\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui

MD5 06dfb6f5558d2ad350bb2ce4981be35a
SHA1 707ca6dbda73898622334172d2a7285a462f3314
SHA256 a4467746cf3b8813957d2f72474764c1a2edbc4dac9f538664df4baed6b37473
SHA512 0f62b54874cdac12aec7a5e346c236dc257ca0df1136b191a5c821cef6f9e25aaa26040fc231d0bbb75abfb676a16343d9df1fcc9f4700362c76c9f89f99b3e5

C:\Program Files\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui

MD5 4f2ff9def3f5bb465266557ef1b17658
SHA1 397eb2884699fbe97d0cae4801d476692d81ccd3
SHA256 545eeae6bf28fec108de4e069822c8d1f7de64185c431bf562802d739a674884
SHA512 d57f0c5ffed729b46fddbf730761ae9bce816abc6cb715a2b1b31009be9fdbf6c3ad6d5c0229099dee8f52d8abb44ab72a75336ea93638bdee33a8dfd125ef09

C:\Program Files\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui

MD5 01a699b15ebc2cfcbfb7ed5f0da8d0b3
SHA1 3a1c4ac963a8afbdf3f7e5bd63488316834602d8
SHA256 95460e6ba75242682b4f8460e58f0ea009d9606dee1383c53434ea1662346577
SHA512 8286aab949b158e07e0101cc76f15f91843a53088d2941b4737ddb4769b3ded8fee21b2cd53928564b78bb2bfcdbaeb46d586ab6d78f309e580d6cf96bd90015

C:\Program Files\Windows Photo Viewer\es-ES\PhotoViewer.dll.mui

MD5 f5353427810577235ba7fb14df306834
SHA1 c10254d33222d91d8aa4900095571e6e256c5848
SHA256 1bdd15f51e76fc8d0f87a86b9b0601d7772a86c2b9ce56edda32fab61641378b
SHA512 9007c2bb9e6a85140ecf0c9e836deffde70e6a4db0f2a3cc39e7b1fd8a495da5b656ef40064b1d2388aa203a772e74c460f3dec433813706a9c00d3f8e87106a

C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui

MD5 7a634b7e4fd7c77687cb39debf992b5c
SHA1 808aa894c21beef534fbda2bd8e230335f6cf85e
SHA256 bad50e55f8254c32448ad43788d6bb2b787d7396a5fd95443cfb831df0a6d39a
SHA512 9f502eaec1a3f7620cf22c8721d8d2865f11761cb8bbe6c7ca5412de2d1e38557d6c694624eee9645b46768ed071d5e60df614ada05df3a533725f40a32b42cf

C:\Program Files\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui

MD5 6dbb440cf54534f1aca76ef1b9d38860
SHA1 506d84453c13f89c4df024163c752ae0677c4cea
SHA256 72ce7ae697c80e002406f56cdead7d826523f12ab1743337420e497bb7e1b8e0
SHA512 b7fa3b6a44f44300e294c9ef857a079228812db7c4082867a20b302ef90c380eb5286c655c210f81748028fce085571804bb8de71e7801615d44013874848008

C:\Program Files\Windows NT\TableTextService\en-US\TableTextService.dll.mui

MD5 566017c4d780cf4134c96d520ae5f3c9
SHA1 26de0137f18cd889116b792d474d898769ab0071
SHA256 05489699a35946e0aa8050f2039e7e23843a18f25ac56851b68bf06bdef687dd
SHA512 7f44338f310116c1e30a1c7cf8f45a12cb3a2e82b78541ea6ead50629a6d25f6d90ca8db025628973d99e2056c906304c728b9023fb3de892527c489d64eab83

C:\Program Files\Windows NT\Accessories\en-US\wordpad.exe.mui

MD5 8f1c2c0575c5d3393d5fafcb102ad0c9
SHA1 9bf0407c407e7e462758af8235285e369bd60ae6
SHA256 e1cd3162abe0742115569e2fb964b236c26e038bd642415850c9732b45352e50
SHA512 8e6fe573da466e16994bac529845218a600ed3968aa4ad12a6524700268b9fae882f2c140d1058c473d20faa0a6a2728a6748d73b1f54bcd1649b6a0c91eeaae

C:\Program Files\Windows Media Player\ja-JP\mpvis.dll.mui

MD5 882baa411dc4fa2aa2d5f94ec9e659c8
SHA1 a777349fd983f2e703c9ce6409cce5a8ce78ed84
SHA256 19c4da1802b11d92593c0ba0e2ab1f355f43aeafe8be5bbc1a58840653e41287
SHA512 58d28c9cb02bbb4544e41db905ab0add7d1a3c8e7e8fe265fa3b737b1018afb535fbc6aa04132a1c44c5308fa7186d8b889c5808400cc38c0a9882e18f22ba11

C:\Program Files\Windows Media Player\ja-JP\setup_wm.exe.mui

MD5 4f59de7c5d4229a12a7435cc1ba34e6f
SHA1 0edf22fa599a22aa35b7deba74f1ce9219219d6c
SHA256 c9895b1ecc9b17cd6c5539e624016e4428ab68029d10bc861d037572dffa6745
SHA512 7b08a6002808422dd1bac7328315314b8998465cc87c4e5fdeb13bc45623c00fd782fe31112e308b0a08b8b8c761941795f7c3bf2cbb07d9502783de5bcc3237

C:\Program Files\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui

MD5 149cd6a699c81218690255c97be236e9
SHA1 511c475f4b6e7aad11520e04443c9c88ae9b6543
SHA256 0dbbafb8cd08b8d7fa8caff43145846251e85d7451be5028c6edcb2d8fad787c
SHA512 52ac181d12e6ee44658ae93ce60cb2480602ef1d69fe741d550c66ec4a85accd80dc74a68acf2f5800f9410beb266a2b8cc5962b4b3adbbf5d0c7fed361bad6b

C:\Program Files\Windows Media Player\ja-JP\wmpnssui.dll.mui

MD5 c2d6ffecd231c1d502a9242c90c7aa2c
SHA1 4e42d5ca5e6c5e2834f1ca74178d1805b0d64bec
SHA256 d5054ee26daa05b926fd3acf872548152efc82fd39a65f2ba7dbbf7a64ccc40d
SHA512 91fa0f03447ed82e10f6f518959d0f750025bc6f1dc4558819ab3b5a9f5d86b97578e4e9ee8ed7eb926e4944dd22c3fc52b99807330e66e262b48cad86eb62b6

C:\Program Files\Windows Media Player\ja-JP\wmpnssci.dll.mui

MD5 c42e8067e024b4f5a67cb3444dcea525
SHA1 ef0658ffbf2a4b3b92599291ad1ebda88ce69423
SHA256 00da366936e4fd2cc1612311ad257d8171a5e048f033c79a2c6aa9f4225ee3ad
SHA512 728045a14a0c4c8c2ba96fe9e86206c85d66489c41354b30a351e0480c7467e1b4d7a2e4b76652e565f0c3549afa0e12645466c01dd8be7f04ce3f877b892e99

C:\Program Files\Windows Media Player\ja-JP\wmplayer.exe.mui

MD5 46c8afc9aebf57f46d157e0b3f1466a1
SHA1 04132328252db2bb6676bdf7617d13ed011bd044
SHA256 31e0dc880fc8328494e4e647b178bdb8866717a2ac728a07e5cb5c944259f0a5
SHA512 dacf0128ce4fc16bcdccdae51ab715a94e2870b9103709f97358c4d827e7fc1c47cd3fb66468f1e0a03ace7ec7210589e11cac73d76f33af259a42a312079ce2

C:\Program Files\Windows Media Player\ja-JP\wmlaunch.exe.mui

MD5 28da0b4122187e35fd53c6101d2ed454
SHA1 f5b8bf4cda7d6dbe58c8272b52108f62694eb725
SHA256 e844c6ac6f4ed6ab36410ab6467f235f2395b23a6ab0e411bde97660bb865645
SHA512 04007169977a0ae3b9f3302cb52648ba5448f064bf44376611bf31c1161bf1352f75f94e2d2b51233be476f73767147f57413246ca3aff6760a7efc2d47b068f

C:\Program Files\Windows Media Player\it-IT\mpvis.dll.mui

MD5 adf55565d50e10a4f1e477919fc0b710
SHA1 003515926ee52f9a0b0832fe9129546a6169fb94
SHA256 cebfea3c66eaac11be2f3dfa53e93408a503302e46e70339b7febc515fb7bd57
SHA512 ecfb6fc99c99ffd65e6f5b0a8aed4161a189f84665adf617393f60f6ced4ea8b8a541a3c80c0bae9f6c0584910a60b6c05d4b47f81c047e3152754c202b4210b

C:\Program Files\Windows Media Player\it-IT\setup_wm.exe.mui

MD5 e9ec0528c68889d741e36b3e4d2e0033
SHA1 cd6e5b6bede873a20baad119b42bdd743d221fd9
SHA256 0a8693596113cfa4e30b2853d9b08ac92cb052ffb823f28fd91612bfa664c62a
SHA512 5d82e62819627fb68deb46a4119d45d2dccdab2fc502c07d2aa88ae5eabb64a802f69cbd3bf19d507a1b54a2deeebc34c79147347d2061c24523736b215dbce0

C:\Program Files\Windows Media Player\it-IT\WMPMediaSharing.dll.mui

MD5 9668d606dbe69e9f1139db9b71e5e6f1
SHA1 3084ca4b07c7a44c64ae6b34950c6e63d0d8dc85
SHA256 560297412f9c2f41ae7141c9ea20cd2bf5408198c252710bc2f81826c8a41879
SHA512 264bbef6fea0950d6b170c45ccc78de588e288d9b2f8a52cffec2999ae083ec3837f788c259e05f4ea7d6f9dd713c94be32ecfeb77734ce497f93151944b95ed

C:\Program Files\Windows Media Player\it-IT\wmplayer.exe.mui

MD5 202c50feb0d77cac6fdbcb77384b77cb
SHA1 cbb2a0b418a680faefcf6674094e6b22fbeaa545
SHA256 cba0adf6309188ec22af4eeda73f254771e5095397be86411a4ac6718ad2d8c0
SHA512 ba19b50d2e041e9c82359eca039fc2793dc725cab9d99076c5064884a925ce58e34d8fbe112a57c44f7f0d90ee66a89e83af6062762323235382f803abc601f7

C:\Program Files\Windows Media Player\it-IT\wmlaunch.exe.mui

MD5 1abf5317c6c591844d6f32ef6ece5783
SHA1 a8e58e6285b8a1f1213485921f6261ed3e0bb0a5
SHA256 ad45f15a1efc16768c3c77c51466d4d67b67dbbab8f0f94c253aab4c51439eb0
SHA512 a22e3eb1f247a13f77d03348c788894d06ac3c8659b299ad8fbb1355468ce697aaa54f5aef08e2ea9ef080bccc062775c8cedd5e211651c06b713cdebbdc8cec

C:\Program Files\Windows Media Player\it-IT\wmpnssui.dll.mui

MD5 4950d7939bd37a851134dd5e955d2ac5
SHA1 049f435a9a5008bb0c5166221545e09db3fc0bc5
SHA256 517b5e55c3bd9090b951e5473aaa9d45b901ebfe654e2a31a24ea1c95021b0ff
SHA512 9eb63c1a5b162718bf591ecefaf0b32dadc210e6d3f7d9d195b1802fc00b09b032a8238d00cdd76da39fa90943abfceade1c5dc40bbd4584d1903bb7958b4316

C:\Program Files\Windows Media Player\it-IT\wmpnssci.dll.mui

MD5 f8914c5e453e61f4b04254f3d658040c
SHA1 a9bbd24e91088c4dce35374b2bdfd02c65861a43
SHA256 6e5503f8ebabb3b0f264c15ee4e1f6194293f8cab21002973e4e98d3f0cc1f80
SHA512 e93acbf7fb2513ffe77c0be5c556595814e664a205660a0d4b4d8e98d89e3cb9e928ae78623a7b904c54b8906e46d0304b567d1d51c335a0ca2d23923455418d

C:\Program Files\Windows Media Player\fr-FR\WMPMediaSharing.dll.mui

MD5 5a8662649e1eab6ddf5e4d8c068100df
SHA1 9aa9dc71e56dc6e39e73f16bfc052815684962e7
SHA256 60f9e6e094434348086e38bf7ad9b78804167b5eac4c2db0b8d018eafd0b54e1
SHA512 67a65084345c340798972d2449f2041f90d1c1ff050a4ec8bba9cbb57a2db0db26422e3cb0784b82e391d03ed554814a1d1e89b606f3f90fb2ee55ec8e2151f0

C:\Program Files\Windows Media Player\fr-FR\wmplayer.exe.mui

MD5 697e2c4bc97f132fabe03e8b090d5fbb
SHA1 380b279b3e0655950dccb170953f3a92260af1b3
SHA256 de8957c425325ccdd88b655833bcedac42af1cbac243171e32bf40f427b3396b
SHA512 128764f1c8c33b5e1507c963269fd4db1efe10d731df10bcc69b0366d3abdafef11ea12e69113648d346fe70f95b534e258032fd03b2739f8d10fe7b5629ce4b

C:\Program Files\Windows Media Player\fr-FR\wmlaunch.exe.mui

MD5 92c03a4c2bf730496c21e7892b75fc48
SHA1 c67085440cd1d77aecda206d04ede71497f85102
SHA256 dca6908ecd5a33202c0a4799ec500e3fe43737acd5900d16b16355a9ee60453f
SHA512 80e317478e0bfe19c00db834e98d60a94a3c5ecfbb0ebae89140422e82ab4367953c6e3a5f5ccc4dc7a9b4800bc617dae83ca8a4b9f6d3f2dc0922ad41f65b50

C:\Program Files\Windows Media Player\fr-FR\setup_wm.exe.mui

MD5 0eae0fd507954b73eb1e53cd8c4475df
SHA1 9b22ae0b672ea44c48febcff389ee7a9b4e0d385
SHA256 b8a95b1c7c20269d2dcf59660676a9ceb079d040cd5d84134fee78e18c229839
SHA512 39d2de90ec0d924b3448e7f13b31042d0df2f32160ff587f37cb473c22ed5b42308c50f9ca7ce53743524aa77f5d84593b34a630d956a35e350a9657ebd36804

C:\Program Files\Windows Media Player\fr-FR\mpvis.dll.mui

MD5 38fc885810012b22ad5c2e509ffefc8c
SHA1 73bdb0c6d23da79f1673e589f85d9395b90f8ce2
SHA256 38d3f33160bcef35e32ef4a91c1da23e55775202d0d236e043902df97237ae75
SHA512 1709f6f6b96811dfb4b47d08af62c2b89897c8e4ff14fb72b90e159ad040798fd4f31df678db07bf7095f9cee8ab3d84e686cc1ad2698f3f6e6b190392dced2d

C:\Program Files\Windows Media Player\fr-FR\wmpnssui.dll.mui

MD5 f6eb1ec67e93d8ca1f3120addf6b6fce
SHA1 8564c5cf132989ae681596b02faf8451dd541057
SHA256 a65e49adecbda3437621a79ea5ac5944a5e9d5474bce46683fccfc72548cd21a
SHA512 fa1cf4c604ed05357611a484a2613f6a80109c609a851e795970fab0a23bf2db86307ef059aa4c8dd54692fdb6c659e2f4de49cef8a0933d5c12919c45422d95

C:\Program Files\Windows Media Player\fr-FR\wmpnssci.dll.mui

MD5 1a811688eb47daf47b508a3e7e68eb47
SHA1 8d987f0fd1a420edb1895cb551f990a2f4299903
SHA256 f171d16e6d40fb285d90639263a33b373d32cb724cf0f94a8e1225ec62a0c34d
SHA512 eca208ca71433dbab60aaa3aca068f5cf8abb07d349dd92c116e0fab8218fc06ef8768a99cc0d35fd34ca56cdebdb96861092c270ec3771807918ab0e0a1b2db

C:\Program Files\Windows Media Player\es-ES\mpvis.dll.mui

MD5 08d95362d876c198dad6e0e7fca63d18
SHA1 c903d930263b89253889e781e3028a4b96bec4ba
SHA256 1a1266e625eb746b56d0dea1caf6d8464bd9168da99f30bc5f761a5822ec1395
SHA512 b0c07a21e2a143dc9ec7565847d3fab384daf0567460289d5cd87a30579424f3f60af597a7676a3db17879620d9d1c386a20eed0a08a9e55bf1c97c6127bf2f4

C:\Program Files\Windows Media Player\es-ES\setup_wm.exe.mui

MD5 4c0c299ae8fc299eaa958210f9df016a
SHA1 918313611b30bab53522f77d35a7e793b2cd17c9
SHA256 fb9f02c3f13ea2e928e9c824f873b146d6fce28487318502ed575463f77ec3b1
SHA512 a676a5c6085e01931ec8acce04253667b33a22c7f86ef0206eea3060d74fdaaf2f183e813c5ec7a3c59a8060b7744f9004c75f2890886bdc2daace4c5efdfd5b

C:\Program Files\Windows Media Player\es-ES\wmlaunch.exe.mui

MD5 1df46d1f06f5fdf4f99a297f7ee9104c
SHA1 3531b86176aea7feb0cc3d0f1848fcfc826af4db
SHA256 46b9a0d04e3cda1f809f2a4c52b0aa7fff24e693e41d715a60ddb829388b6fc3
SHA512 27a859e51bbb8054e5efd62cc0d9202231127f96eae19ce4c2172eb2bc11c29c70c9e62dd6ab6336f616fd4854834dcca314165d6afdb7beda52ad5d33f0afe4

C:\Program Files\Windows Media Player\es-ES\wmplayer.exe.mui

MD5 3a993b2f8f4bffb439223f6181ba059f
SHA1 124c70115474f15c225db02de5f3d92a0e9e8cf1
SHA256 60fa899a1f5da613f72b6420f1f3a35d3537c557b13aa7f2575ead83d07fcfe2
SHA512 a9a830f6789427bc110c5d2a7878328161b8da74157832de091a8e72633dce632048835a8996d23cbb44b6689513431681c6a26b68039573d1b096aca850cd4c

C:\Program Files\Windows Media Player\es-ES\WMPMediaSharing.dll.mui

MD5 8e015b56270ebfd893c5778e005fd834
SHA1 32bc41bf9a1a4d0172746b813c3b19ff77eb38c5
SHA256 e908279e4edb5027317f66be4ee0ca494824f8acb791a704cde796387c42b604
SHA512 593af671b2c756928922293af9dcbed3b3f6a06c25dc06672ae76621088da15bcf71036b7d52b7eb3e25eb6bc7c868e8e2e99bccb4965d56274249d053733d4a

C:\Program Files\Windows Media Player\es-ES\wmpnssci.dll.mui

MD5 51c809c340e77c479d609f7dace77047
SHA1 d34cd9a9a7acf3a09305ce901b2515d2867320f7
SHA256 bb5c5db8ab97ffb02884c1e3d7907a3058b075568e96585d75e594f445c617b7
SHA512 2d07c55e7d7366d25868210462e11faadcf132257a74fef15b580388140be842a233f1b8ddedd9175d0069c16ed5584f541e519e7d3403a4178635b456a3c73e

C:\Program Files\Windows Media Player\es-ES\wmpnssui.dll.mui

MD5 85a5bf04028c5db7ee2540fd17f04d60
SHA1 c24519f99a8b264e1457b9244eebf37a96721524
SHA256 f25050d82b5af4a7a212356c0eef6caa433f5e82b8b0ec83107e9b8f59fe0a44
SHA512 7495c4006d1d2b2f0422004731c3454248be4682bf772f6fb6c31b21443872a03d1544c8906087de21e353faa759fc17278f411f34eb03844eefe7989e8b1800

C:\Program Files\Windows Media Player\en-US\mpvis.dll.mui

MD5 220204b3838185f55e0e03b7414f5b7a
SHA1 19976e02d930979754d8bce7f25b85664dd9b9c4
SHA256 2eff553263fb938dd8ac39eb5c558993537daf9596b7a0205de0b4870b5aed53
SHA512 2dc32452729c227f7b13853276818fc953953f28b4a051800b73025cd12f4e45e3caf53babead03b61d285b74bd8e5434b79858025d73dfb88fd504d29075155

C:\Program Files\Windows Media Player\en-US\setup_wm.exe.mui

MD5 d81a0f475a38ec4f07214fa658d7f937
SHA1 eb6acecb38785a95085e794d00be9f9cd5409ca0
SHA256 00e184e293ea72de695c9705ae5df957dcce976f547b96681e055676c1cb39c8
SHA512 32b1a6b85cd13f27a2d8639ffa5dfb20b8619594fad93c6bdefc7c9d01bd4086690127c08d0bc4b9c5a0cfe12c3839bcf4c6ef8282df940a9cc2b4ae5bfa6227

C:\Program Files\Windows Media Player\en-US\WMPMediaSharing.dll.mui

MD5 d7a66d425f0252194d8b4b31ac3ac661
SHA1 d8cb59825b6887e09357c5962f5ae51da127c492
SHA256 2d535422ac51e9b661d07c1bc40c3ed324d7d533eac36e6350b67caf046f13c3
SHA512 86db7e3dc8ef3776488072c7fb19f176c22dcdae2b45889136f229564b0a8e17b8c115a4217f95d857b16ae017356b6a791cc7cd5b7b3800a2784360072d1ccf

C:\Program Files\Windows Media Player\en-US\wmplayer.exe.mui

MD5 ddb900280b2abdadc99a3e41273f3b15
SHA1 c27d447eabf15edde49b64ee2befca77a24ecc7d
SHA256 e8a491f60d2c7b1630398b1e69c0577f0d5ee043a46c7631062419457a5ee496
SHA512 1fda10956da3afd1e668f62340f2861dfa12f2374fa508dcc2ae24a9920f04bcb5f83bb3233b370d13a8985bb777a96d60617cd8e4f5d7ecad26cbc015ab6af8

C:\Program Files\Windows Media Player\en-US\wmpnssci.dll.mui

MD5 e4c3e4bd9548e2517c062080b51f7d08
SHA1 0650b761d9b0a51b86f9b131a94fe328b1c4d105
SHA256 e3d82c28ff0013fe4c74172b8384225b87986dfe26de2e1b6484e802b441f8c2
SHA512 d738780a2a7d231d1ea997f6a284030d4ba0a633ed0f30529fc6776cd2952bee3528a0cff58c5407ec0726bc4b70ed94ff93e06e48d8c8cd7c67e7c08df1148e

C:\Program Files\Windows Media Player\en-US\wmpnssui.dll.mui

MD5 571b0721ab4b0496e4e0cc84b07a853e
SHA1 388bba09c10a6bfe9efe7bc5a60ff2d1b4f81446
SHA256 16fc6193c96c9a3bd477877c8c533fc4323aa52391effbc523cda9433fe0d54f
SHA512 a5a9d45cc879d2ec820feea44a8583e72517bc9f1b6e8fc6db01f1789c27857ad64fa463176dc9092e1fa12a6c016c22ccb1f0673a4d5f848ef01ba24e50fc79

C:\Program Files\Windows Media Player\de-DE\wmlaunch.exe.mui

MD5 e37fe9d96351d014a9a7d3411cca3b1a
SHA1 eea1beee55489e23be2f8f9d0172358555d522a1
SHA256 92a257c6840d3aa6c8d1aca0b4699e5f9d64a9a47684a62fbc39804ba4329289
SHA512 1377e40b42953597c01f0aeea910131ab7c9d9e04030f16bacb3cfa2a9b18cbab7ec24a4720970ca22386d3abd23db912811889928af13d16558a3bd6a53a22c

C:\Program Files\Windows Media Player\de-DE\WMPMediaSharing.dll.mui

MD5 bcd39875f5646aa52ec1f88ee9702be2
SHA1 1fc322a5fd9884fb40588d7327b5a847ab232047
SHA256 0b73d74d96010e85428cb92e12e756fb67831e2b4e50709633087a451668ec5a
SHA512 d7fb59cb3f13b675fc480871f9580145bbfbd51c36aebc95939d7de0ad08d49e6ab048b27f5d241e067a76757b0ef7e5535cfdba7b6d6795bba4bd558dcd6549

C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui

MD5 e2a2edc136bd2c1c91d8d3f2513d8f74
SHA1 85be5d0bbbe7c082787ae66038e1437f508a4561
SHA256 4aea3e71b522524fc57b6579fafa8cf46cbf271abf6d328b6a84731bd8b62732
SHA512 e937e9096e42900e0083b55f567a9dcb823c5b22b4b75a3ee9bcd5c08cbfacbf456432ef98869b5c58351bc6a239b01b485b7a08b41e18b36efe96277b4541c0

C:\Program Files\Windows Media Player\de-DE\setup_wm.exe.mui

MD5 4a397e348f5ed8e63fdb8ad5df983ebb
SHA1 08490cc588636144c9567e321eee2d4e12d8f302
SHA256 fe7f896f0405c39ce83784f0651e0fce4a8b2165144452c320dfdd33eabd20ed
SHA512 4c748bb3f7fcdfa3415f9c31c75dfc38e6213a8a31253871ebf635ae4f08f9bbc1f44909d7ebfc5e15bcf7d7a30a7e5287753307f51e9dd3dd3f98f3a7a97b54

C:\Program Files\Windows Media Player\de-DE\mpvis.dll.mui

MD5 b7a692cbd3db589dbe7861c4698a0e6a
SHA1 7f19b5d5768a242586f1463e4bbd33d7d8903f15
SHA256 11289c081d5212cb48ff00755fbeba00f4324e0ec0506123dc162dde8509f2f2
SHA512 0fd72c34c321d98d24e59cb38a4adb193e75452dc2824e898ab1c9c13821a08648ba7929c06c7a9064003705363b8bf9f30ef7ae7094093c03bab2e7f9eecb9b

C:\Program Files\Windows Media Player\de-DE\wmpnssci.dll.mui

MD5 5243f6cfc90cd3672bb4d7c9278a45c1
SHA1 8da2e8a9fbd5531e46a27870af927e3cdec1eaa8
SHA256 22aa088d33c1bad23cf2c528765dd61e8984d9818282413efcd07f6df02b2835
SHA512 c8f4859b82b30432ead644cfec81c747fb8097db4c8675c272759bf524e42eb793989e3c32d98a067286e69b1b85989d53c443a34751fa46ac0ff4207ebc1978

C:\Program Files\Windows Media Player\de-DE\wmpnssui.dll.mui

MD5 fdcd1e5b836926e8e7374c274800eec8
SHA1 bb91d7f812c8058299cd4cb6857e552de56ad174
SHA256 ae7197cd6fe5b6966be73c361258239ebdec4cf2470dc927c728dbf4abdba35a
SHA512 7f4968e2f92ae88dd6fea0ddc6c72496ee54066cf52e6630f605c0e1c2c808d0f3b1190ed61f6a440e120db511b9a905f7463fef3d452c0fa6a8032b2ab20121

C:\Program Files\Windows Defender\ja-JP\MpAsDesc.dll.mui

MD5 954c1b00c0f50ace02f0ca3c751f594e
SHA1 5d0215a58e651a0a8cc052a0d0fbb0d8089b84bd
SHA256 f5b3daef8f0b99514dbb18392e34a8644471b4e25a0c49a046a1ecc9bfa98138
SHA512 f75887c9f91d9ade9e1c02a385b16286b2c39e98a050d3e97802424ec5205c56f2ca84d73d27f0478ec5dbe4149895780c90ca025915824e11ba86ef5becb486

C:\Program Files\Windows Defender\ja-JP\EppManifest.dll.mui

MD5 25bb4db0be4d2d4064dc95e4b26b6b70
SHA1 86b87a0aa8a169f579f3632054cf35103b9f06a0
SHA256 db195c90cd1fa4b9ef0289508cbb433a86f7da9c8be496a848e312461b7b1d65
SHA512 57159ab115285ce478a012cf4f06dcfe323a035634925aa99516a23bad2dd95f768a2635222725fb8d5d4a779db2b4ae9903981837da3c42ab8585926df61329

C:\Program Files\Windows Defender\it-IT\MpAsDesc.dll.mui

MD5 bd8e8f901d70aa2a3dfab790623a21b4
SHA1 2990ee846e869bb3d617805c81a3208159f04a45
SHA256 614d83b8f885cddc3e2beb809f2e445e10cbf4ecbd6df523187815167e4cef86
SHA512 78c8e95b05348959ab2af766dce168b0f01577ffa48c853363f6e2ce8d3b6ae349d45345940067e7e992453740ca28ad302e76ffe788d4b294fa04341625a8cd

C:\Program Files\Windows Defender\it-IT\EppManifest.dll.mui

MD5 d49cf282133d4dd2a64e5a1976616578
SHA1 ddbf7070dbdd41fd0d4d3685412300666e7114e1
SHA256 60e914edf66262742c15370514510f0fdb88e3072e5c672ad071c786a458e20d
SHA512 c5102b44b86d85d672ecb69bcb8d1d355abb1b30bfe917128f7c1731be5da41a81245528e284b482a7d1feb7b6781412c5f45f1902228b4a4a21e13496682c0d

C:\Program Files\Windows Defender\fr-FR\MpAsDesc.dll.mui

MD5 4bc5486f7f7a96eb8061889a3dd56b9c
SHA1 bba9b516fbb43e9ffcac04f3d36359591429560e
SHA256 a1708c3a96e23321063e2f36fbfafe8252c4db402b849fd892dacbb19741c1ee
SHA512 17286c1f12c443a1b2dfb4c59513ffbd42b7c3b5bc21df3622c32de0dfa0bbd01a81bb2d4b8a25e539f6cf7ee907ab52083a4a9a607eec3d4907d3c785a48f00

C:\Program Files\Windows Defender\fr-FR\EppManifest.dll.mui

MD5 1a03621d233df18c448746d893346c68
SHA1 6334f75bca582560765d965f332631dc1f6f6f9a
SHA256 1131533332749d967646491fd8141aede4d025110d48cc608bd5a68aa354a75c
SHA512 fbdc75786c9d65224b3ff2153b9b3aee991114e16a0736816e3b66602fbc5d00dd305b271ec3456cae09328d7fe149f564d6e3a00a9e952b2e23c00bfaf58b93

C:\Program Files\Windows Defender\es-ES\EppManifest.dll.mui

MD5 f2fb03fd81e035175db573421ad1ee14
SHA1 c12ecfe3d100c4f2e6dd22d2d52374efc40cef44
SHA256 8d125120df44bf6e99e9ad9a25bd1e02226f69a04dcbbdca599b13940619347d
SHA512 e37e6da4387a1d4288881d4f9470ad8f187d901ed3d6cf24af9dd464404f27666cb7376d798b29950d834a0e7b343b1dfca4b8851a79be97d0f1537a69eabae0

C:\Program Files\Windows Defender\es-ES\MpAsDesc.dll.mui

MD5 f6076f89124cc0cf6fdea01890967ed4
SHA1 9d21d474d644b89829a7d779b2e28b5faa6beb9c
SHA256 d90954666655fe72572da7e14ae82342b4e411dcb5e006bcfcced73438e55752
SHA512 3b227ef86ae859842c87f9634f3f0d828c1c8c73342a395426cb5ff7fab76a48f5d8ddfe77a9f9c027052f5ea5dd73854282d183d3e863ee38a8bbbd22ca2eda

C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui

MD5 6993998a08398ac7606b81f86855166e
SHA1 bdd7666d303c4e328651d77ab14621e68961cd3c
SHA256 4349b16c2384ef64b372d163ec6fffe3a769a8d281d8506222c8e7875410258c
SHA512 a6a22c6a679736cd7d0d4bd38b32b591aa88b449c1e980572463afa1decd35398b3afd3ab313a70ab6f618620b3189f99171de55470886ba32eee7cf8362feb5

C:\Program Files\Windows Defender\de-DE\EppManifest.dll.mui

MD5 51670b44fcaa0b71ae94b71157ed1795
SHA1 a6537cb821b166cddf152fe51868bd2eec8a66bf
SHA256 de7fc508087364155238bf35a75f3c554cbcb090c0df9a532531b71c4722e916
SHA512 5c37383dce01ee174591fd67e47c10c9c69bfa8345626dd3da77d9001088f74b19c0a93379d49d523b9d6b632a68b2e03b26fbd9a8bd03f5b2095165b8b73e22

C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]

MD5 4b26c2dfe81e39845b71b9bd6d86d8fa
SHA1 1c1c5b74cea601f4f1eb5cb4b350f4270b5b9825
SHA256 084a2d7fac888086ea5cc6eb374b1920be5084610f90fbb981b88bffbdccf8cd
SHA512 25b4c7d485c53f802149a37845e641ad7e36fd138032de092cf63c99070f4cdb8e47883ad216674bed310c4f89937bc7f830f68d6e6e57b172f6d5330b7ab8c7

C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui

MD5 f1f6850966216479ed3f31225df7adc0
SHA1 cefeb085844b2881355a89304924e1652a3d8b8f
SHA256 69b7fe0b25aa4fdd989d17d9146a47e690341db6f1451c827277660d04e06676
SHA512 7f98e7d5b66655a3d6053b157be7a0481112430afabef9864dadfaa5cebe0573968a2a9a6214acff30497e122fadb54d3d2de8c9970983fea4fec0caf9e86085

C:\Program Files\Internet Explorer\it-IT\iexplore.exe.mui

MD5 01a3a24e68c1212852ecf05568d98ab9
SHA1 77a64444d41adc1dd3d98c3dfd8fc785158b630d
SHA256 5d6507e154b6f2f6918cd120e5ebbec480a9a35ba67c9ad9cac735ae16d19b8c
SHA512 61237bb1b46716fa40befcfecb8ef2f800557f6a5cf316a850bde762623504b8e9ce6c4ca76da86a2d754d05bdc8d6117d96adf903e56fa79e3f8ba8311f52ed

C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui

MD5 16b177595e028a12a58b2594ca5d07a1
SHA1 01264e051d40004aa8cfe3a5ffd940c7758208a5
SHA256 b20bf04ec7a14cb3841fb1ecd7c82277e19f6dbba282bc81a7cb0f9fefa26e82
SHA512 8eb4337e39f0cdbb80e14732de21f81ba63feaf17fcbebf441058afa4490cd91a2466d130d14a9b035d4acfe048967e43904bdd61a6a2d57b1a1c93091029137

C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui

MD5 f7393e49120afb71040834ac1fb3e5d0
SHA1 1ba710245c651212cc4b58ce4a9d6339adf4fbba
SHA256 480c2dd49faafae39e450dc0cd7e144cc82140716825e40408de6a8eedc87d61
SHA512 f68159c513697a398272325b4882de6a6c10515fa9efe95f0648932ff1e7fc02dd3bfacbed486e0304975c37d4b1acf1a7c584d15671895797b6bcaa9b4ecea8

C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui

MD5 184254c4db03282b733684ad7298fd12
SHA1 a3e47d65d468f07ce3a48743f9043e7d5807ea95
SHA256 188174f08a4b634dc0e7350378f398e0fb0e377492b2dee8d547e3c0f0ffb410
SHA512 d190be51643d20d47fab071081069855918c88ce136833ba3bf0c41c7d477b030c7ec8b280a7770dc231a60001a6ed30e0b76d2fd6c1e45f866a934c13a80b0b

C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui

MD5 bba2271c6d32baf598f9659d6f67c56f
SHA1 77ef693a12005c50d5e12d963adc59bb3cf7d770
SHA256 f8256c8a7c93a9fb63465716e9f0a87e477e1a62e526f4226be9c99552842281
SHA512 ca77104aad007056a74fcfa63f4ea2b8f407703ece4997ac33ca29563e71d85af3f1daa4319cb5d3ab11ae32451cfc61f13a9b06a365155be5f49ac24d376bdd

C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui

MD5 5cafd60788b3190470c46e5378db791e
SHA1 1c4ebd584dfea073fde04bf8f98f70846e9493dc
SHA256 8f1ec7c15902797a6b6a428809fe93f05a4ea70730926f0bcdc313708f6c9f3b
SHA512 0a9f5bd123fd9a10cf2706a203a3eae732d0efd18a82abb3a09dedce74a9d2d133d6b9be21ecef09dff01d1ec2a4c3111685115b67bca05a3d032d7f818fcd2c

C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui

MD5 a5050a2d83e240cf51adb4f394aad766
SHA1 9d0bdaf994fae7d930090f402a525fd672191062
SHA256 f98bb967bbfad70b43d8f30231e174bbd1a005468b6e4b9175fc0ecc2e214d70
SHA512 1207e578cf8314528a56fdd7d689b74d82f561370c1076caa4fb019be199ab1d98492614934b148bc8e4426458d2e0a8e305d55072a03cabd4e034e774887eb5

C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui

MD5 607e30a415c2cd80ebd0a26eabc23059
SHA1 0de664141275acdd4475254ec653da9f4a5d92be
SHA256 6ee731f2e629998fcdf962725bbadf19e59fe751c6d6cd971c750226842ad175
SHA512 ad4726d745f864c6407404ebaf20d37929c25238789bd17646ed4597daf66125f7021e4bf01b62b2d59a1665d98b97e2a6697ce587ca99b4d7065f2819c47673

C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui

MD5 6f65d03b743fbaea95a9e357d12ece47
SHA1 4bd8cb8e5a1d6e1f53e76d75ab46a70ad0c4d4c8
SHA256 2f131f56859339ca2cb90bcbe3dab11dbf8b800c648c501d48156f445f3218d2
SHA512 f01b68dd1292e78353599560652d2597c8a0d99b0ec913898c2b016310cf47836c22fbe5172f0f0b164d1b19e032128f24cf642ec71915ee203019d79682c28a

C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui

MD5 c0db2768520c14488c3bdac7dbee904b
SHA1 a730fdb093cdfa6f3712ad4a32a4a8a43d41f79f
SHA256 f491710acef37b3764f64e063a7d586313be4178c6037001208e60646af27143
SHA512 288f2896b99b5b389defccbfc9f18ee821ee5b5a915c985fee8971f751d3658a0b7906c10219c6a36585ecc354d80b2db9744c0394dee5b38db82dc5a7be6014

C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui

MD5 2f790746cf4d7dec6a6d6610e3d1de95
SHA1 006f17079043bda107028e47ee2a050723c356df
SHA256 2c6d99383ed5b6659128701bce611aadd2d6ed898b2aa0eed6daebd835c827b7
SHA512 bcabeacb7dc811664cecae531522a65b5e7a5df6480695b9a9f4d60a84e0a440c933b1beb986c0020d9260ec9b548ceaee5f974313a1df3ef2f99d0e4a3915b7

C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui

MD5 288252ad60b35450f4a35a07cc9e8f63
SHA1 c1a237c4378562bc870a3cadec2e40158a1cfa44
SHA256 814ed00b2f59f7ab7de883bdb784606c2e8a3b6c8afe97b0a548ca1fa67d2798
SHA512 1bb5286a475b9fe825022adf73bd2b0bed2db021405916e649260f601561679f09559255d9414cacb90eed3678fd041a0f4b7c6ac28801eea72ed1edd25743f2

C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui

MD5 928fd7e821e9939d5305c89d5ff43c5b
SHA1 70d1ab9feb2f744ea18eeb3f7b4081c29a6acb7c
SHA256 644b26d377d0e3ab8f84d8b2db3206a5ca8321e07aff9b6b2dbc51b661a428d2
SHA512 bdb1cec1d2dd29a4d9f074ead28b9b8d1160b2009f530aa23d897c06e8e11f772750c6343435f7d943aa63ae125bc9bd3f88d315338a3ce358d3b2037eac7be4

C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui

MD5 24918593f373de8aa0e189389d05ab21
SHA1 6e3bf543413f1cb8c7517aba6d07df1e33002fe4
SHA256 a2ae452da63d96a92d79582e4cb0b34dc09a594b22463b4b623d329031499462
SHA512 12768d4dc9bc246c4d2285c865518011f22079f13d418641174adaad524194f3f975b9b9ccf82683b85793f85e0034bd75d8cbedb61d9d6454a335c7c94c4cef

C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui

MD5 9e9157d63150925d306d99be2a519fe2
SHA1 c8cd66f2c0ec9fe81bb3b37b1d5b31adc412fbb4
SHA256 bd49f78054b7af6830c305da34c91ee71e91b21f4613c4b97c878715d23fe0ca
SHA512 5edf40f27a0a038f6d860c3d954e2090d1066f6746e3bc74ea49bc6d3ef0a59531c305258a21b3750689b9808a5c028c45368ecd3b52f19e404990c5602cdb70

C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui

MD5 bd50e3024b291117c3bf1dda111174cb
SHA1 c0f2c01227d4f32efa91497ce901886475201bd8
SHA256 b9a0c0d35cb1d21eeff5b59c4c7c2ffc765980a44c96b1ec0daecc00d5fae41e
SHA512 ac4d757d5c3507420fad63ebd245d03ea13b5b9ac160af9cec688d70fba5cb7b24c0265093278b9c0f57413ab787a9bb4d1b44be11983b7da82157db0abba852

C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui

MD5 f0dd5f64d696b92138c14846fe69fe37
SHA1 b15d81cf906e62ccac581a6bc7972fa935f24305
SHA256 cc2e5a2691a888ac0ddf9c0a52822f711754f12eb3cbd57d816828b9b6ccd78e
SHA512 e944a9e7317a7735ef1e03dca6e2c98f2aba3448248c14413d6eba1ec394d1c1bc9483937e81aa06b2a945815dd1dcc56aadcf20469a9cba5f8984f89e3b96e5

C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui

MD5 c878d3e1ce1f58dfff52b08f25a51dc7
SHA1 b28344809c027940c9ca693c24e53906b8876f24
SHA256 4c5a042e38b2c153c0b9a21297d86dedc32cc351f5d4ddc40cf8a7a3a50f2aa3
SHA512 8bfbde412f00af1cd483a30eddfb4ee0f94a4db5a4fd9c5521e40ad342ba67ca0607589dd6de304a8bcede53d7300f4d75908d7cf5d7cbc1194138a70a9d9464

C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui

MD5 3122c17240e72d5ca7f5fecfb1056e60
SHA1 dea170f7e1ae84c956b2a2deeead51620fea3f7c
SHA256 aefd7fa761df8a6eec0ee581fb9c70d94f5589a585563d166c667b5913dbe54a
SHA512 9ff7382743c582781bd3106939d5d9a4ddc9a7a1347fdbbe8e8b85a0ed2e113123c324699693316bc057dee06f7cd1d8d571fe0f38be147421b86390bbbc946f

C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui

MD5 2fa05965d6729a711a742ae6cc7dc1e8
SHA1 a4beadc24647c93ae1ac67181134e45bcee2e508
SHA256 9c76c07f5668154f1a00fe0301b71796d161b0d6bd2097f299155c76de72c918
SHA512 60c788a01f294a879ff964c0ecbb809ef40a6dc69e447db91a0451c61e99205905e9a36b9f1b933df2c5dfe5f5fef4d1e0192a04d5d448781c313e35f23ef137

C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui

MD5 616a85736e62293c3da0f9bb92a6c50f
SHA1 91b934671f700e096f46000e0d18faf4431e4ba7
SHA256 98aadee268bb80d6a60c2ffdf3b90bb0c59f53b449c0662935bfe7d49a0f6abe
SHA512 efd0a39d4af4fd7a2d27009e6e014c2bc4d67bd5bd8cff73b9a4e650778bccfce44c33d2b21f284b6e3a538cc2975a202efb17e43a10a1f1c2af27051b469f5a

C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui

MD5 6d9cc7ccbeb0fe6fb799a4461edd5b7b
SHA1 035f79636f440640494d205639d4cc3e9dfb86d9
SHA256 1cd1b7b68070254bdb4eaa7831e91dbecbb9504a93d20b56712ff6e5cd9bef2d
SHA512 00e2aec9e97a808efdde164263d41c988f9847b17efe51fc12bbab9eb196c2b29a22b49ec2cbda707b4960c985febdef30d52adb6b294b62fb4c7d3f3203cd83

C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui

MD5 36842e9c7012e5b6f60cf03bee18f732
SHA1 256f09f87f5f44e5d23eb48c915bcf21018a859b
SHA256 b9438ebb92cbb69da0bc22f0df563c49a885775ac014b0f116f49b034cc0d1b6
SHA512 075a4a8ca81d55003255ac07253fb87b133710093a6003c43f09b476c858247cea2ca53a3bebc901ab905b7f8e4b277dd89c456a4e7daa08d874f3a5cfa9895d

C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui

MD5 4555773ee3befd2446dea8740a38c176
SHA1 cb435183c6283b1957e3abfe415d7a0800e75bdc
SHA256 80847fb6b32dabb88c2a5123e25ba3755f3efe586f03abf34a7b2a9752740547
SHA512 1e856aadf756da25e3273b8e2ddf357f60cf3a9a8df70bc29197d74eda76517ed0c78c2b7d3ce7c5498fa628b9f04879569e6fc322e3acac88b6a388d1305d18

C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui

MD5 3a55c5ba6f49676a099012db53cc93e4
SHA1 622a19f9e3ca9e8ca7dd950fa1bb45dfbd93d6a3
SHA256 49beaa8f08b5587197a9faac42f27368e9727de59c8eb0a7d907928b614d988d
SHA512 2f44e9843f9842dfcdea3a8ad287e1fc4058e1cb17165af3c74e2fd46ac1fc41f66423f2716b3cf5fd0963989535d646e30e64b4a7c95d011c8b3265fabf95df

C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui

MD5 0cb179ec5c1ab9746a6c6afc8d2162d8
SHA1 d956d3e83c148020e111c40777408d1a26c7a91c
SHA256 5731dd80adc40f709437482b312b58466266b8dc2ff71631872bda8051c45932
SHA512 b1863e4605f18e4bcce0327d1e7dd0cd00df5ae24e9870dfb85b6e48d1a0eaa597630cea9be23293e8310384b4406843342b720889920e6570ef2617b36cdfb1

C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui

MD5 0437781552f05c430dccdfdbc57770a6
SHA1 2f5d696e18d1beaa976edc0888d2c61aee6846f2
SHA256 d2ea4eddf4c19cddfed86bf3bf8a7d616f369c151d49ef83954b3faf6d416776
SHA512 956ae09d2f863faad8f66da69475f5b0a4b55d18478fa45943fb538aba3575205ba4c4566540d78cbbe1b710f92dae46b0f3f9f6e507f76a1ba26b33d00e6c0a

C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui

MD5 375cb24e8a3938a8f04f222f2313caaf
SHA1 45859dc0164c65d30a005ddcbe4a2e79d43ba651
SHA256 331cfd2c670821fc86e45173ce66446eb626c7ea97eae7cfa5bec776659e8690
SHA512 345ae29efd5b60eb3679a5b2a3b68a54f27aaccb5b2ec145f9fdb78a55d9d3aad54003be20f7ee5a8447e8f2f933541484e1b6106c02d29d6537833ff15d3f35

C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui

MD5 d4f5e0b5ae383a71b8f49d8c24964555
SHA1 6e68a91653b40f535a8b376f80c8233eb3225e1e
SHA256 7a9d67da9ff9f5953d9fe2ccbae1f29b44719059477e8e7eab0e90d6a698952c
SHA512 7fb318297cc91c0028b26a08d39eac9c321e81deb7b40bfa772cfab05418c316e9e0290f52c58d35a9c4556027d5cef142b8cec18be0cdc4d85ca66b56bc1da5

C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui

MD5 57308fe2853e486dbdd16e1fb2f169c4
SHA1 9c773702b8755a6230d3b5c39a832be850a7179b
SHA256 713d2ec4bb31fa5ce8b61a4962efb5ce48e63a5c318de948b97e89d758fc37dd
SHA512 38cf34a348b4b3e9788e6bce2d9d2d1e4f744788edfd024d3673b06c079a824536acf9b01ea60c0b81a9a7f1e7981b916135cbbfc5e3daea1e9bf331052227c3

C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui

MD5 44019a957ab28ebc171f36ca5434f1ed
SHA1 70eb68293c346c2ce31d35ad9af932ca80355486
SHA256 a165198ff1125adf0de0c65dac3dfa14f1d3eecb95f13db6a17df48264c87711
SHA512 b101ae1738f368b7752ebe35af2670b7f1a48080ca8a193ac976f51152e3884f702ec7d1c9199176c0b6181c7e995fc0731231a757c2374d93989f6ed26319b3

C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui

MD5 d19349c75b095b7243a0ee947873e4ea
SHA1 c6c4e21869c7bdebc4aefad21ffd7150bddbc81e
SHA256 2d72049d8e07430904d92df1cfde3af441748d33f97ce8a58d1de64f773774b4
SHA512 90317a3a15d1ffd44ac75793724cd9a42fedeaf3cd20804b88f47e2b1b8d34000b79835d3e258f303d4da3bf1f796728bb11abe3b11ced79a7ab33d74509a87c

C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui

MD5 2074ecb7d6a858fadcd83eb7a842a8c6
SHA1 67ed789375514f7b5458d38ebd10a521402a735b
SHA256 17f698426f6512e58d52f0d829ab133fcedaed3c63c8877470e945bccd5683b6
SHA512 053cb39a84d9bf9b9c940e9a2f3b86eb82d79bf59d9755863bf208dc32595066bf16a93abe3363490d2f64417a7d735b98996d9b09524fca86c721ea4047f5eb

C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui

MD5 00194b4a58cf40a532096028011b1a8b
SHA1 911cb41d33a197cbfdb7472ae460ce0fb3eee218
SHA256 ca9f62d59d243f4e04bd41c7f7eb689ca738180b3633b0ca7b599f281a3771d6
SHA512 6828f4c480487cede31f18b4769a7ad3c09390924bb8cd2f5202176509cad3aab17908b6aa0ec99259ee1246902499752bbbe574c6f89baef1fcbc44595d6a9a

C:\Program Files\Common Files\System\en-US\wab32res.dll.mui

MD5 f87b44e6f51ed7745b0fd1c9286450ae
SHA1 848530efced3af877a7594ce8837be27cb572d31
SHA256 50e2f02d835e1cdb3263366d7e78ef252880029ab55ca2097bf2570c1b3e03f6
SHA512 640807a68b838e9366a30d119214a5957025351b12ba092b71edc3a810de3c5fca85c58750404fb401ee7d0013305744514fa9c08904e614562c7d21b94a7c79

C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui

MD5 2d25174a87ac8bf4bd2243224ebb377d
SHA1 0dfa4904915e33b91fbaba95d900f90aab0ed1e1
SHA256 a24e1fec554c179e04afcbcd0ca88f5c60dc55766e9f06af8ed0e501342d80f5
SHA512 5da4d439352944d72b3eabddb23246db1dd555d38fd37522fd13d47d0a8b29f4dbd7ccf28587ecceb109933b92722e42f7b9db9ec9cf4184538206ac4e440916

C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui

MD5 ca57a253718fc33ecff9ec903fd77152
SHA1 cf0de25e92f6ccec322e91d74bcff11f5905815e
SHA256 4fc4b605ca1be4312ad4359133210316e4f89a6a25f68cd55df6c7e4b948df40
SHA512 f0d0b482d24733e66219519db79996d66aeeb2883e6cd9b368ffd3495920cb5ac65210461095d13e2d8993e93678f75904f7c3f3c8a361af6fb5b7de0f8d3b53

C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui

MD5 9d6784426357eb31456928bcf0311226
SHA1 8a519ca8cfe09006df2d65d61f7faa11907cf555
SHA256 fd55ce35e5a1fcbfd7148cbf9a288344028c4f2721603df9e1ca07c81ce08950
SHA512 af79eed383c6a0e423809ab0a3f32356c8459ae3fa805d6fee6d63d6b5bb48923904e78ab620ea896c4821f8f6033306e3bf4f8d903d3f464660075e03cc23c7

C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui

MD5 b0c4a06d7697a8318a3ba47b69743464
SHA1 89dd82633fccb67402c57dce1336717a265e130b
SHA256 ef4afe43c8491d96b6f20f37ff190fd55c1f65ae4a851e240d66bc15583b8ff9
SHA512 fc336b7dfeca6c75e6f8e36c2fc33e1ef4ef1760002988a1eed92291f7f7038d2eb0ace32f81b14d56fdf817a71cb150fb8504088d39df443312aea450f7d288

C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui

MD5 f0cee6564cf74f345c75a09d15608c2d
SHA1 cf43f9a7898660a7352fb2b643f21a0e851f521d
SHA256 99f7f10388a25b604376204359a3ab3fe77d016b701be035fbdf5b44ff6bf0f5
SHA512 90d0116dbda09c8f70c8e01da57d8c0e16d44ac5fbe2cb0984d7dd2e5b47e54f5c74fc0170e3036dd725fe694d5d7db2e9bf05cc3be31b280173585ceaa3267a

C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui

MD5 010c22da98fc90af257b4f9ee327fcec
SHA1 cb67ffea823a866caa58cd24495d5de32302d02e
SHA256 f81cce6dae9ec9f0dbba7233a5823a4baccb47927e46355dad793adcd01c4fdf
SHA512 bebb0a3ab9a26170cb482849ce64fa85d2a3d0801b59489ec7b2d5de7ea724a712058b515e02fa884b54a5fc8033caa2823cd8270e03d692a4afd1ac4c58b2a6

C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui

MD5 216caddeb50c6909db4e8fa485f6af8a
SHA1 8168250adb83005b064c8194e519dccdb2a80c63
SHA256 08fa351daf02f40cee1fd88e68f03709a272b45c1d7ba09f92009e46d8358dfc
SHA512 65cebd366dc8106b5248a15342cd47a8ca0844aa00711a37561e72b48de7e48bf07e53c99b16fc4975c73a74ac6582e8ae405b4cf64ccb5e3da4b75124c7a43b

C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui

MD5 f0149fee540ad4656b707c3201d6e6fa
SHA1 cc2b91926663d6c41b45aec340d335b14538b9f2
SHA256 0d68375d78b15c6981627e512cb719b7dac2e40eb052fa5a26d9fd0625c5b972
SHA512 18790a4264f849944ae540989658cba77193be64dd9bd1cc5b3a92176c5e493b982ec3c052f91ee881ee44154d4839e57c81afcda5896b333e4a52fe0014a0ef

C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui

MD5 a76506f34fee3b0e82db8f5e5fa1fa04
SHA1 22e7dcf77089c86d2374bb10ced41fcffb808cf0
SHA256 cd3893913eb0e5ac0eb77ea5d5211460b72a116cd5a6896a40b836e929473bf0
SHA512 73c86d221d56d6dc3787a8f284b197d627ce283c0941a40346f2434688bada81a12649add8529f664097fbed692bdceda5d6a8fca52e6444420b05188ff439ce

C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui

MD5 04dfbd6b3df81db24e2350702de0a5c5
SHA1 9e18178088b0d91e24553e85cd4b7119652105c5
SHA256 cf56158685cc110f3e52c784cec0604723d649a215e7ac974c6a8f8162d65b64
SHA512 f3ce4930d6bd2277a66e6e8b2006dfada7d22fbe7dd63ce51d3cf9ca16461f85afbfc566ca8cb0e5aa4e594a04234fa899289b1cce3529fad78871d2c619843c

C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui

MD5 1317fa80909fb72519ffee4806a88f96
SHA1 b23ecb0a8cdfd92526b901326b53b0276e534231
SHA256 6a7c5efc7ae53064a8353fa0ab2909e0989626901faf7ab770afb32a9c88ab60
SHA512 be33707a413e83fcec6ddf79c275700f95c51dd39bda2f08a27e01d50dd485874eafa9d41ec0158e1e386f98f04f7c8efb69225b49dc97a2b52eaf44b9384a7e

C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui

MD5 55ab5ded9578bc890abaed3311c34499
SHA1 aeca626caef60246259070a2ad6ed3c42d11ef54
SHA256 6c83fcc9e152e139e19cf587a573d4e46228346a5e75269f4557255d109c149b
SHA512 7c7abf27282f17e8caebffbd60c58ce894dd15d128f4c963da6a3ece4ec2e4d65f595256d819d946d68d4e4c0bb2134a2614aea6a8753cc33f1ceb233aae84cd

C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui

MD5 544636599201360f503f8a6a338bb51f
SHA1 ff41b971d4fc181acc287e5f1c0b76d7ca67a4a2
SHA256 0b25485652d97eb45be188b26c2398d5b07accbec7ce65fb30a0ce388a216ece
SHA512 d5a91580b75d184c39704488bc3f6a96e14492ce1cae750dda49e0486009df06d6135c17dc300f58aa63b94220ad5617153e5707f3e07cbc6e14ecd5242b8b06

C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui

MD5 6da114727d73aeaa71c54e4aa755659b
SHA1 b6da229ba3982742e4e7bc1e1af30daca8ddefe3
SHA256 239e79a0fae37d8f93b829eee0e12b0a2da22a0a4e1f93a30183bb2690fb553e
SHA512 417c4fd038829e61987ffb4e7df118b7e55090ab257433ab79b0f15efdc499c0be1b23b015f4eebefa1779e65201750a99850d49a19a7e1c84d8c872551a5ca3

C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui

MD5 30c7352b7510d4d895dac3b915231aab
SHA1 4f2e01c35d0b2f95ed2e21a23ec77bbd51dcdf31
SHA256 39862b6ba74a9f6a3446f2795d468ddb096d436ae7dae5c9ab491573cb39751d
SHA512 a07ed3205f89df56f4c3e0b37ee593c4d71207f93de136f271ce8dd028c8b9e3f3b9b46986aa5ccc3b698f06702f66f02df86187fb8947050960c9e67ef2b180

C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui

MD5 d8fea0c5eaa9c82271df85b095ef0668
SHA1 e4660f4272d04719579531c2adb56ba173bdd890
SHA256 c14197df541795b6136ebb293ed11552ea951a88a01c15c139e3b398d43657f1
SHA512 6eb6a4a2885d07a9abc01c843177bdd396925df655d1327cb71c36945c900205a432f392574b7ade549c1a953c6b1aa5b76d648973b620673b63c1faf2396aff

C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui

MD5 27332373329fa837af0e93b4a92a5218
SHA1 a92fde050fb55af0f0066ba3a0dabec6e816c6e5
SHA256 f0598c7fcfa5822a4d133dc76e61ac8499acd9293b6ad3f6771587c0beba87ef
SHA512 c2c1eb13c8697768c713880bab84c1617ff7eebbbe2799ce53035aea020db4df81cdea13c767b90d4c2d81dad4edbb8d7c706841b5c5ab959f16813318501e24

C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui

MD5 12c6338f74c60ac26db0985a20495e09
SHA1 ddfc6f385b2edef924ec22bf8e5aaaef0f6859d9
SHA256 f3fe06e5035ec8980b23d80ebf8e23451eafffbe252c05d03b18a3b0a5c4938c
SHA512 236c3e9c5502bf9347462ce2fb5fe2cb112f50d677001c3756542dc4f89a38d480707f830785d8901cfb2740eabfa1d90b0fbc8216372423eeb8753933a059f8

C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui

MD5 99b21dc7d92aaf8695271c8b8faf79cf
SHA1 d7c2bfeb27237b9f89a9f5a0a23ca968daedec7e
SHA256 1b670acd412262bfabcf81584b15ddc35eaee6b80c6336a1d4c068175752cf54
SHA512 6e60246f9152b8135ea734e5768bb1e66fddb0b6dbb2f3c32c6102d706201f2d9e8c56c5a64198dad64af780073b90bc696a2741e4aa0b97f38b04a416b43861

C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui

MD5 24986e335056d72e668cd520aec135ec
SHA1 b8667c1b780b209562d45d57c2492ed5967f55e5
SHA256 92a5560f5631caf3fb90a1c8648a29e1a1a75f097b88e4e59d3c9b3f854a3a16
SHA512 89204a75e242da5dacc9c190e548e1df7624226f1dea820f3d3c1d943c0a05c56861cefa09c8ab0a42476c15f1124d1e16a513becd75b94e08745838b3e6e58b

C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui

MD5 4fc1f27261aebd3ab59fbd6c19003685
SHA1 a917f8bacb49772a70cc9de3cb2093382165a1b7
SHA256 2f78904b4de46245c80fbbe9c89bb9307b3c4b14604b46b27dfe6e9009657bb6
SHA512 dcbae03a8e97052a61909d8737d4d683569141649bb167a4b7572d3c7070c39893e20a82203ab425e7dd0d996544039a8c8239a849c9a411f0d462791ea251e7

C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui

MD5 66277777787f01a77130b887d6b1c6d9
SHA1 8c5c50f3210235dca00823410f222ad557effbbd
SHA256 2878d70e44e4c40ec9fcd3afc56d924ca3f4308e082b83fe5629a270f8a77ff3
SHA512 169ed79082be6d73894bbc2c13137b94599c404394db5b939944c0caca3afe7e4bfa7e52f45dbf05b2ec7f87edd11f36a45e70e2a70ae93d17e33ff94a7305e1

C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui

MD5 d8d235600445e1b7fe6ae457e91f14c8
SHA1 3c83a3ca64212b70491a7db1fac29ee4ac7facd7
SHA256 203b3a5fe024f27c2c34d454e44b8cea5e26e5825800df0391e6ad224035ad01
SHA512 e2e895e904bcefad10ada254317f23b24f91d1069c16bb3af488036172e14ffc0f61a4f50380c8f49daf4c40f525337b972e7c83612735658f960beba6d5fab1

C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui

MD5 efefeafba7d055917db34efbc1a43327
SHA1 575a5696c8b1be8443e9c043a9cc7a4f58d31641
SHA256 5f918f20b58be0356f4ccc066bea8e6b17b2e6b9e9439fbec13c9e20d8cc62fa
SHA512 393496b69a409010aa5eefbc799d0445ceb6ad9a8f91c8b9b3027c1ea5d4f768575ec138a94a65c724f357eec5ae38dbb35a93fc3cbcd3f6f451e445d144dad1

C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui

MD5 bb920e6c192bb83d427212dceefaca84
SHA1 b70b358d19f86f6eb45cb1e50f8db8ba8b002036
SHA256 ace25600e021f4f0365e87d293ff3c51840b1f5cfdc5f1a82e4e4d5c71dcd87d
SHA512 534a9b5a989ac9a6a7f63f208c29e7b1e02b52450baf8bc3fbbfb0778aea1f05d0da1a2fb05d731d8938d81eb707a9e08d34433c5e52ca6b01e9844f0dd2ab00

C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui

MD5 df618d590696cf971efaed8dfcc32f92
SHA1 f1dfb991ed88003a5c5d1d8e065a09111074662f
SHA256 0f7ea37909e394935839cc91cb5a1f789195d1327df751ddb7cc699bad9d02c5
SHA512 05c87b08fe143b62d0441ea4d5dc42c607b8df6fd17f1a60c570d48655b80220c18d876139757feb4f2f9184183184d6693eb3beedc5151d0d5e57ddb270832e

C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui

MD5 6f68beae90696c415ecf8ac611111292
SHA1 4f3f7cfb79bbecca1ab0c44ee70dd50d63240579
SHA256 26d35056d93ad2de36008398800ecf5340c03dc7780a532222dc25ab377960ff
SHA512 905468a45befd215468db26f34d818bbfd330ff5fd6e71556a2c88f1075f986524dec3ca36a5fe5684ef3763e502fd7b92f75c5226893b461d89a823cd9bbfa1

C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui

MD5 3c28e141da45b015352fbf38b57dd75d
SHA1 b95c67f0c58c2ea9e946539f195365bda19e6adb
SHA256 0637941bf47ba6484d960e97346ae851189b53e0d43968313877043fb22efacf
SHA512 760c3acb86ce423a868272411b60489c1ee91a79870f0d5a0e0fba515177c2789dff4ad740b3ae5320c1c91f22a53b38bb8c153c3b4dfffe262ebeb1e9f26f1b

C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui

MD5 5ea3883bef139c1b2cdd27bcf0c05f7d
SHA1 0e4e741ae5c76fbb5ac82f01d11f0413a6b0d8d4
SHA256 4ba3d88b66b0c9dee9da54ec514f08550701d79717a5b06c66e0b11a8aa7325c
SHA512 2bb5486ed676d90f7b981fa378901f09026b5ba30a577ff0ad4774bc301f815faff7175916e116abe02a3fc5208cb37f4b717c2ee64c7f555137a6b094f3c5f3

C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui

MD5 a6da023fb88007b0c57158859cbd5f68
SHA1 3d58197e0852c6436bcb71ea4fe045eced366aea
SHA256 3945f3c66450219dd0acc2919560cc19ac9d5c4e6ac05569e931c469dd7a78ef
SHA512 6ea0d577d90b3c4efa99270d0f7aa44290fb63934133d6eaaef285f9aa1984b2b4c9b49d2ca80aaf046f68d8472e163502d3e836a36e3eb85fe01ebe128bc37b

C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui

MD5 d569973430b84899366aa1d55b9bf1b4
SHA1 61f701d4868f3b7a673e9895b9756bb6797a635a
SHA256 7ec4a8b424a0f4d87633a71fbc924e7e3abca0ab1f2ea44e6e96fdca8b3a2731
SHA512 be3ac4b8de930ee6e7f16b9db0d0b237ea6dcefd57b2f43083fa6b69f90930befe9ab3d964ddd1eda4f7011cf3c7a2f376889ad78f0a9633e42ade37782f36a7

C:\ProgramData\2CA5.tmp

MD5 294e9f64cb1642dd89229fff0592856b
SHA1 97b148c27f3da29ba7b18d6aee8a0db9102f47c9
SHA256 917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2
SHA512 b87d531890bf1577b9b4af41dddb2cdbbfa164cf197bd5987df3a3075983645a3acba443e289b7bfd338422978a104f55298fbfe346872de0895bde44adc89cf

memory/3304-22251-0x000000007FE40000-0x000000007FE41000-memory.dmp

memory/3304-22252-0x00000000024C0000-0x00000000024D0000-memory.dmp

memory/3304-22253-0x00000000024C0000-0x00000000024D0000-memory.dmp

memory/3304-22254-0x000000007FE20000-0x000000007FE21000-memory.dmp

memory/3304-22255-0x000000007FDC0000-0x000000007FDC1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD

MD5 9250b01bd3f584e35ac45b19cd0b5bbe
SHA1 8fe6dcc7e23b8d99c951dc53d89463f961755214
SHA256 4a0505dc16e3120824c976a01fa6a8651cba5454aab9fe3dcb383ba299422f21
SHA512 89add9d712def55a812ceba1ca07bec2b73875a52c5263cc45d6d4c78d4f42aef537cccc99496af22d30349c2e46db492b1d76efe6e38c8cdf34ab581d9b8499

memory/3304-22284-0x000000007FDE0000-0x000000007FDE1000-memory.dmp

memory/3304-22285-0x000000007FE00000-0x000000007FE01000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-24 22:26

Reported

2024-02-24 22:29

Platform

win7-20240221-en

Max time kernel

141s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe"

Signatures

Renames multiple (8892) files with added filename extension

ransomware

Deletes itself

Description Indicator Process Target
N/A N/A C:\ProgramData\7A8D.tmp N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\ProgramData\7A8D.tmp N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\$Recycle.Bin\S-1-5-21-3787592910-3720486031-2929222812-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-3787592910-3720486031-2929222812-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\8O1xgE2fH.bmp" C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\8O1xgE2fH.bmp" C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\ProgramData\7A8D.tmp N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SL00298_.WMF C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ARCTIC\8O1xgE2fH.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\README.HTM C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Windows Defender\en-US\MsMpRes.dll.mui C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\shvlzm.exe.mui C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\IPEDITOR.DLL.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\QuestionIcon.jpg.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\CONVERT\1033\ACT3R.SAM.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\PUBBA\8O1xgE2fH.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Windows Journal\fr-FR\jnwmon.dll.mui C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA00810_.WMF.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\bg_sidebar.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-windows.xml.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\SUBMIT.JS C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Essential.xml C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BD00116_.WMF C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\main.css C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14980_.GIF.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\BOMB.WAV C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Desert\TAB_ON.GIF.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14578_.GIF.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File created C:\Program Files (x86)\Google\Update\Offline\8O1xgE2fH.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\8O1xgE2fH.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GRINTL32.DLL.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\EXPLR_01.MID C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH01242_.WMF.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA02450_.WMF C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\AcroRead.msi.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\library.js C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\RSSFeeds.html C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\css\currency.css C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Windows Media Player\en-US\wmpnssci.dll.mui C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\calendars.properties.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO02051_.WMF C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_CA.txt.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0182898.WMF C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0212953.WMF C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\System\msadc\msadcfr.dll C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\8O1xgE2fH.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Fortaleza.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\ONINTL.REST.IDX_DLL C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR20F.GIF C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME41.CSS C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Java\jre7\bin\jp2native.dll C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Control Panel\Desktop C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Control Panel\Desktop\WallpaperStyle = "10" C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\8O1xgE2fH\DefaultIcon C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\8O1xgE2fH\DefaultIcon\ = "C:\\ProgramData\\8O1xgE2fH.ico" C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.8O1xgE2fH\ = "8O1xgE2fH" C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe

"C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe"

C:\ProgramData\7A8D.tmp

"C:\ProgramData\7A8D.tmp"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\7A8D.tmp >> NUL

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x150

Network

N/A

Files

memory/2020-0-0x0000000000DB0000-0x0000000000DF0000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3787592910-3720486031-2929222812-1000\desktop.ini

MD5 7d0835f3be441c75715d29bfa590864e
SHA1 7a277475d24fafea3eb2ff19a505defe27edcd6f
SHA256 026254d0249bb213de960a855190352e8724f1253aaf2533d32f8e3dedc82255
SHA512 b8daf0b16b834969477a12935efd03d3582349aec811d60d0f9fd6d71d9cb42be3b4df5c29cf85f2eb992c9ec052a56de231b05df50f4ac72928ed9d3f9a5f5c

F:\$RECYCLE.BIN\S-1-5-21-3787592910-3720486031-2929222812-1000\DDDDDDDDDDD

MD5 ad285d4f3c4538256dba20f2e8a13376
SHA1 cb36c7af638feb4f52ea82dfc2d9c3ce819d7ff1
SHA256 d15616e7fa36ffde8e7611efc22c6448949a38d42272a999515920254dd7f5a6
SHA512 504bb0e1ca97c82b9e36faa2148a60d448743a9c65fff32d0301f82a1468bd13092849aa3d9ed5d152f9aab75638a09fdd9c084a26e46f80c6acbadaaaf43287

C:\8O1xgE2fH.README.txt

MD5 03776d7fc884e7dac5501b18d24f354d
SHA1 bbcb2720d5059e47a6e7cf46fb157ca52cb27ec5
SHA256 441749090d1947fcd5ab715fee81be6e809f0d2d0b15430d119365f28c906e1c
SHA512 bc74a203946de88318f018ef00735041e12902e0f7547c24fdd09b7509ad22f8de233e91e514f7da49eebfcac1f3c86361c87337f19e0d29f4e945d1dcff05ef

\ProgramData\7A8D.tmp

MD5 294e9f64cb1642dd89229fff0592856b
SHA1 97b148c27f3da29ba7b18d6aee8a0db9102f47c9
SHA256 917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2
SHA512 b87d531890bf1577b9b4af41dddb2cdbbfa164cf197bd5987df3a3075983645a3acba443e289b7bfd338422978a104f55298fbfe346872de0895bde44adc89cf

memory/2940-12807-0x0000000000400000-0x0000000000407000-memory.dmp

memory/2940-12809-0x0000000002100000-0x0000000002140000-memory.dmp

memory/2940-12810-0x000000007EF80000-0x000000007EF81000-memory.dmp

memory/2940-12812-0x000000007EF20000-0x000000007EF21000-memory.dmp

memory/2940-12814-0x000000007EFA0000-0x000000007EFA1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD

MD5 cf8fc855ff263ab5275086a7443543cb
SHA1 45eb45caf82fb979da8d11415df34abd9b2ad760
SHA256 9419fb78fa238c0b8dc6dd03068d12e2129d9d4141b6edc81eaf8c19d741d9f0
SHA512 e8a0895146f320b3f976c25b58906a1fce9614c2b92ae7051a41d410966d3da2c82c33ce585b3b2ec3dd31aa7d0fbd937d58c36ebaf7e71903d64ad3cfce7d7d

memory/2940-12842-0x000000007EF60000-0x000000007EF61000-memory.dmp

memory/2940-12841-0x000000007EF40000-0x000000007EF41000-memory.dmp

memory/2940-12843-0x0000000000400000-0x0000000000407000-memory.dmp