Malware Analysis Report

2024-11-30 11:44

Sample ID 240224-2p1vbsgh9s
Target 240224-2cs9qagf6v_pw_infected.zip
SHA256 e51155ce803bd9b96b91c822e41969c89e0c9e162aebc7643c23ed9489eb75b4
Tags
lockbit ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e51155ce803bd9b96b91c822e41969c89e0c9e162aebc7643c23ed9489eb75b4

Threat Level: Known bad

The file 240224-2cs9qagf6v_pw_infected.zip was found to be: Known bad.

Malicious Activity Summary

lockbit ransomware spyware stealer

Lockbit family

Rule to detect Lockbit 3.0 ransomware Windows payload

Renames multiple (10647) files with added filename extension

Executes dropped EXE

Checks computer location settings

Deletes itself

Reads user/profile data of web browsers

Drops desktop.ini file(s)

Drops file in System32 directory

Sets desktop wallpaper using registry

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Modifies Control Panel

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: RenamesItself

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-24 22:46

Signatures

Lockbit family

lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-24 22:46

Reported

2024-02-24 22:51

Platform

win10v2004-20240221-en

Max time kernel

185s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe"

Signatures

Renames multiple (10647) files with added filename extension

ransomware

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2200714112-3788720386-2559682836-1000\Control Panel\International\Geo\Nation C:\ProgramData\4A2F.tmp N/A

Deletes itself

Description Indicator Process Target
N/A N/A C:\ProgramData\4A2F.tmp N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\ProgramData\4A2F.tmp N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\$Recycle.Bin\S-1-5-21-2200714112-3788720386-2559682836-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-2200714112-3788720386-2559682836-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\spool\PRINTERS\00002.SPL C:\Windows\splwow64.exe N/A
File created C:\Windows\system32\spool\PRINTERS\PPji44z5q7v3c3v3ecwgeqlorrc.TMP C:\Windows\system32\printfilterpipelinesvc.exe N/A
File created C:\Windows\system32\spool\PRINTERS\PP7t1nh94yxxc3kx2rccnnomng.TMP C:\Windows\system32\printfilterpipelinesvc.exe N/A
File created C:\Windows\system32\spool\PRINTERS\PPxsm3mefqusls1mz977v55zk5.TMP C:\Windows\system32\printfilterpipelinesvc.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2200714112-3788720386-2559682836-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\8O1xgE2fH.bmp" C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2200714112-3788720386-2559682836-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\8O1xgE2fH.bmp" C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\ProgramData\4A2F.tmp N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\fullscreen.svg C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_unshare_18.svg C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libsdl_image_plugin.dll C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\hijrah-config-umalqura.properties C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-72_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Wide310x150Logo.scale-150.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageSmallTile.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\sl-sl\8O1xgE2fH.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\nl-nl\ui-strings.js.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\de-de\ui-strings.js.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mraut.dll.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_opencarat_18.svg C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageStoreLogo.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-phn.xrm-ms.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\System.Windows.Forms.resources.dll C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\AppxMetadata\8O1xgE2fH.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Security.dll C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-tw\8O1xgE2fH.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosLogoExtensions.targetsize-336.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-100.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul-oob.xrm-ms.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sl-si\ui-strings.js C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-40_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\sql90.xsl C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\offsymsl.ttf.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\8O1xgE2fH.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\System.Windows.Forms.Primitives.resources.dll C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\reviewers.gif.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Snippets\ShouldContain.snippets.ps1xml.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\AppxSignature.p7x C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\root\ui-strings.js C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare310x310Logo.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Drawing.Common.dll C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\UIAutomationTypes.resources.dll C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\OSFROAMINGPROXY.DLL C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ul-oob.xrm-ms.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\charsets.jar.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\clretwrc.dll C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsSmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square71x71Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pl-pl\8O1xgE2fH.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\InsiderHubWideTile.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageSplashScreen.scale-100.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\vimeo.luac C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\xmsrv.dll.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green Yellow.xml C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\Diagnostics\Simple\8O1xgE2fH.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\Flash.mpp C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\he-il\8O1xgE2fH.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\ChartIm.dll C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\FetchingMail.scale-200.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ContactPhoto.scale-180.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\StopwatchWideTile.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\people\eliseGibson.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\AppxSignature.p7x C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-80_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SmallTile.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themes\dark\checkmark.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2200714112-3788720386-2559682836-1000\Control Panel\Desktop C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2200714112-3788720386-2559682836-1000\Control Panel\Desktop\WallpaperStyle = "10" C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2200714112-3788720386-2559682836-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.8O1xgE2fH\ = "8O1xgE2fH" C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\8O1xgE2fH\DefaultIcon C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\8O1xgE2fH C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\8O1xgE2fH\DefaultIcon\ = "C:\\ProgramData\\8O1xgE2fH.ico" C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2200714112-3788720386-2559682836-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3372 wrote to memory of 4528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3372 wrote to memory of 4528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3372 wrote to memory of 4528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3372 wrote to memory of 4528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3372 wrote to memory of 4528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3372 wrote to memory of 4528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3372 wrote to memory of 4528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3372 wrote to memory of 4528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3372 wrote to memory of 4528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3372 wrote to memory of 4528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3372 wrote to memory of 4528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 4376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 1784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 1784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3320 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe C:\Windows\splwow64.exe
PID 3320 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe C:\Windows\splwow64.exe
PID 3128 wrote to memory of 4868 N/A C:\Windows\system32\printfilterpipelinesvc.exe C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe

"C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe"

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.0.221703634\814505030" -parentBuildID 20221007134813 -prefsHandle 2024 -prefMapHandle 2016 -prefsLen 18084 -prefMapSize 231738 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c689382e-e536-429d-8812-e5181e4ec57c} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 1664 193f4365258 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.1.1222809071\2140617454" -parentBuildID 20221007134813 -prefsHandle 2340 -prefMapHandle 2336 -prefsLen 18637 -prefMapSize 231738 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfbc4f6f-6120-4ba8-937b-71a3d22aac44} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 2360 193f4367f58 gpu

C:\Windows\splwow64.exe

C:\Windows\splwow64.exe 12288

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc

C:\Windows\system32\printfilterpipelinesvc.exe

C:\Windows\system32\printfilterpipelinesvc.exe -Embedding

C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

/insertdoc "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\{8AD955CE-E683-4106-90FF-B9A7A1032CC7}.xps" 133532884972590000

C:\ProgramData\4A2F.tmp

"C:\ProgramData\4A2F.tmp"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\4A2F.tmp >> NUL

Network

Country Destination Domain Proto
US 138.91.171.81:80 tcp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
N/A 127.0.0.1:58776 tcp
N/A 127.0.0.1:59128 tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 91.65.42.20.in-addr.arpa udp

Files

memory/3320-0-0x00000000026D0000-0x00000000026E0000-memory.dmp

memory/3320-1-0x00000000026D0000-0x00000000026E0000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2200714112-3788720386-2559682836-1000\AAAAAAAAAAA

MD5 d4463dd36d036cec88ce458f34bf7c27
SHA1 4a6fcbdfadcefa932f4cde6413e3767ac8018c86
SHA256 25a0a8d4dd4664be3ff6cd7219dbb402784a789a3d53221f3ab894f022ae33b3
SHA512 a89ce59e100620e416662f2a0a3b27af2f73d6af605d54f5e19ff8d4be310ebb5941417539783f02c37bd9ca97f3f7921ed293878e10b2cfe9992effdfd447bc

F:\$RECYCLE.BIN\S-1-5-21-2200714112-3788720386-2559682836-1000\DDDDDDDDDDD

MD5 a094365c99e8a4cf0d651cd6001f9c37
SHA1 20ad79460bdcc9cc4de1c6f5e6471cc43e157341
SHA256 2b8218d7a3cbd7a3359f4c66aa225e6761d73749cf5e228b959b3405f6a28196
SHA512 5c491366150addf638377eca1bfc0020317d327200ed4f065b7971102000b594cd376b4a50bcab38ef59eba404cabb7c59b0c1f911048af8801f6c62566e531d

C:\8O1xgE2fH.README.txt

MD5 03776d7fc884e7dac5501b18d24f354d
SHA1 bbcb2720d5059e47a6e7cf46fb157ca52cb27ec5
SHA256 441749090d1947fcd5ab715fee81be6e809f0d2d0b15430d119365f28c906e1c
SHA512 bc74a203946de88318f018ef00735041e12902e0f7547c24fdd09b7509ad22f8de233e91e514f7da49eebfcac1f3c86361c87337f19e0d29f4e945d1dcff05ef

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat

MD5 b54efa2fc20f6700a494e955b3039ec9
SHA1 b80626132a7b832b3ebd2d6a1059e0d1db2dda54
SHA256 3014a0e1cc3c66967ebb9c3634259a2e5af430564b76752b6bdd76d6a4b4cb4d
SHA512 b83334010e6a2b44b106f51359095917c0f2c584a7117e4f1911fd758c5b746aa7eb64592885944fad451b302ad1cf4fd91ffe8aaba5ab5f1ed5cbb1903c71ac

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat

MD5 adae70d89189cbb4c669a69e71357bac
SHA1 0f95ecb9fa1d4e6bd365bbc846f03f0c6b63bf61
SHA256 2fdb92745ea6a1d30371a56355cb14b12c2de5f9f62052d585db15ac8775fdff
SHA512 4707df79469b54363d69993b01c8f0656aeb18667b61fe4df27e7a1a65a7ebe57f2923a294bb5ee5cf72be97f325ca450ec4275ce62168748201ff2af13c81b7

\??\c:\program files\internet explorer\en-US\iexplore.exe.mui

MD5 a757ef093a8b052f15423a522f1ab751
SHA1 7401eb46d15d2c314e35cc75a6dc77ae7fe1a58d
SHA256 ab079f564b736c69395cd3f2336d1455eb76f142332b0a50960e98a609bffe79
SHA512 dd9fdc11aae788a0cc5d0f69cc957dcd54bc6c688884293f009603883cb21c85472a7f88ca020ca78b20b0dd44b125e23f2208fe6622e8b49e69df3c50010cc2

C:\Program Files\Windows NT\Accessories\en-US\WORDPAD.EXE.mui

MD5 0afa8e0b14ca86b3a756e7c92fd9015d
SHA1 128fa2a10ae6538c9f787bb561f03c008bf22940
SHA256 94c245f6fe5c5dbe3f9e23bcfcd6a48e2c64f36963bfde0c45c652bec70d46ea
SHA512 f917fa8326db3e1c1eab3e61b4726bbeb332e9712b2f3c59af9b9e5fb6fe8fbd573c2b522967673a3b0ed0931bbc29cc0a8459c8927550ad7e146d3c05a0a1b9

memory/3320-6973-0x00000000026D0000-0x00000000026E0000-memory.dmp

memory/3320-6984-0x00000000026D0000-0x00000000026E0000-memory.dmp

memory/3320-6987-0x00000000026D0000-0x00000000026E0000-memory.dmp

C:\Program Files\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui

MD5 39fd3d435e486bd305bb0e3431871e94
SHA1 e83619cd4547d348ec37f6749686e1dc0c94fe20
SHA256 80a86d087a6aa83b0940079ffc8616db40b431cca6c137a14a873666a5c7a3a1
SHA512 bad06e5f084ad7f8e37c7180b58abd9c99a03be5009c2e9b37b5d30d2acda814b4bd4dcca55e3d15810e80881921bfe73ef3514a1a55c057c9d12cf5ff674eb3

C:\Program Files\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui

MD5 b8d47af3eea9bbfd2fd027fd8119d4b8
SHA1 5aa842412c128cc23497f9c03164980ff1a717c7
SHA256 ab8618937c912070a1948e7254ee065f6d62b0d9353f8d410a10cdad53f6bdde
SHA512 1b6e334426b9034210d54ca91b517e2e962327bb8e9dc1e6b0fdc639d04178b9ca0a3cb56fd0e6b53718aa6ca48f61b21260f28ce7a5b58dfb22225add631414

C:\Program Files\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui

MD5 a1f04da4f55c932775872eb9637b4ca9
SHA1 58abea669be7ed5b4a903b6b7bdbdd2b854111d3
SHA256 fa525757746d9ce02d126e644e373a39684d7b051f6a14416b176f884fa57f18
SHA512 f3f665109d36b97806d19ea37fe68566b7d59ae5bae6f65fc7ee3d2f361813e9408aa8d01e5df4642983511ac01a7d39a46986f0e303f689a44fcd05c0b4bc0f

C:\Program Files\Windows Photo Viewer\es-ES\PhotoViewer.dll.mui

MD5 f2cbd2c8b326dc5ab935efb9abce93f6
SHA1 7fe624a13458c63905e64947d004182f438840ab
SHA256 2c649f20f5c4a2e85eeb3faec7032029cfcc671e5bd56e04f48746f7028358db
SHA512 f24adaf687dc0c32f0576b2b922b6b3cc6acb74b1957de6da98805bc9592894be6a51e06ebb7e3b93432990b1720e9077f2423cc9787ff3082a4ce6733112f03

C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui

MD5 05f50f1487af417a6807d709f5d355f7
SHA1 f343444b0914a0f6c738ddc14bb03832b6d57843
SHA256 af59bd08cd5e3199cb0e30de5e6d5d5cecf7eec9975d15e87b9cb26e1bd81f55
SHA512 0187d7f114fb0b09ea8776e001f8bc981fc44c55c670f90289367ab7150a9dee2fb61831f36ff717d48e8166f8c97c2e931f3bb75d60f6e8c1182b45e987626e

C:\Program Files\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui

MD5 974fc9ef16dbfa26ebd602b4b5773115
SHA1 54560717accee7e3455e05c00163c32af8b30673
SHA256 4aea0489ee1c5770596fee3d053f949856c9f82f625e981d68d3c14eaf9ecb7b
SHA512 429d025b19da4d58e9de4eea9ac4915ce76ce921743907b2238e5a798d3f9b6880297f45083e1a6e0c9c83248926d543a03ce35ed5810d694d3338b9f06b1b77

C:\Program Files\Windows NT\TableTextService\en-US\TableTextService.dll.mui

MD5 c9e5fb6fd385327fdeba8d4eb1450e4a
SHA1 f7fe1ea8362c0fb8eb73f98b25cf406c4f4255bc
SHA256 eb7dec19fca1388425cd1c7966e23d47e7c98ebb83976fa48aea045490135480
SHA512 bbeffd5d65b7fde8986c54bfbc38970dbd41692d75a3978562f954cf389a7989020934fa2ada60f69ea56a8c87a5d2c1cb417a5421cf12b40c01f6f5d189f4ef

C:\Program Files\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui

MD5 37126c96e4e81ea4296e69a44fca2a78
SHA1 ca527ea1da178372362536324a95ff4f4548b1b2
SHA256 3ec14cb6be55dcfc90b0c42ec4a9ac4c16e609d170502f1cce1c804697dc7596
SHA512 b145b088e6af3f4cdabe62c2953ff56b9192d9c1624943a951b4cccb4088a4a819f35b6423006fdfda809bf8ed748bd5fd3f6d99f0e48e448c9786343f9b9bd9

C:\Program Files\Windows Media Player\ja-JP\wmplayer.exe.mui

MD5 2acdb68464a8fd01b5de245de1433e46
SHA1 b2bc062d058ddc1c0e216fc223b78d699f55bb18
SHA256 b0b7facd320daac47965cb37ae58dad47184bf2a6fd39bd0e495679c903c9269
SHA512 56c378a17750e6c6d2aa86718acd95c69a985c5f4a624f300b85a2b7650f036b88d792620b0c9817d8b9b9eb6d4567b5451643f8c27a00adef845e201b7c5660

C:\Program Files\Windows Media Player\ja-JP\wmlaunch.exe.mui

MD5 58e43a712c4ffa8fb98b1fbd30c0e0ef
SHA1 94cc37d4300a0d8649feccc4e88c5e5a9bc34d6e
SHA256 692b3cc39bc0fbb5487f9da9f3a84f09e476a98fed14ff65788031a901308ec6
SHA512 f31217a92fc86fe1e40aafc9ce152380d1de27260189c0059a81c54978f24808ea91f8419825e34bfa617455ce76f12a2f594829700bb2b41fb7e4f1aab11630

C:\Program Files\Windows Media Player\ja-JP\setup_wm.exe.mui

MD5 dcffc5f28a9b0930004878802c12507c
SHA1 0a1f57143e23f2fe3414baa2f0d2c35c974430fd
SHA256 2ecdae8fcae8db3f7c7ea696efd3355441e274e9d84b8e59513176df193f2f9c
SHA512 6a86e09e208a27611c7ea47f977a68e6900894e6ab30327d953418ad922eb04b2fbef66ef012d14306d62562afcffb989fbd3ac44302a8069b61eecd7e545911

C:\Program Files\Windows Media Player\ja-JP\mpvis.dll.mui

MD5 ae067ba4a8b17fa2409aabbfe7cc611e
SHA1 45806b9c9daa055013a6dcfd18a7e4fbad1c047f
SHA256 ca5359441bcc287f5c71851c844bf94a53efd612820d8ce9e0642607f7ecced6
SHA512 accfb16ceb5e6c5d91bd7c25a871a1b2b0ea9d3315bc05c07a7fc2a93ae04cd984f3ef80265f4a6415e577585741ff97c721dba998d5d8c9ee942f9953259fe8

C:\Program Files\Windows Media Player\ja-JP\wmpnssui.dll.mui

MD5 fb76c882c8380e9ffbf218ba07ed39b9
SHA1 29c7142ced79d978f35e0106a96a7ea7d9731eb6
SHA256 04563a13f4e902b2fbcecc9a8877822740bab420fc59b1e2c04c7bc9c89c005b
SHA512 5de93cc79775f20ea59aeb81cded4f0ac934cae9fdf330bb4134718a637591c2f7c05c0b153e9b61e4913868812e203daee7166a0a53bda173e5b95798b5e45d

C:\Program Files\Windows Media Player\ja-JP\wmpnssci.dll.mui

MD5 2752eb74e7991e9128a86f415355e7e5
SHA1 3c1562c10a9f44dadfb67612cace3266e6ab3f38
SHA256 9bafdf933bc16d08d4ba51e9b4a16f0205cdfb9bf1e423d3e62c311fc5ed7b38
SHA512 845c27377401e679c1ded5fe1745c4c85d7dc8182d577ea91bb4dfd196a21bd4265d1551bad2c25b02f044a5adb40c6c1f9da501a5afcdac4016adaf4b3aac67

C:\Program Files\Windows Media Player\it-IT\mpvis.dll.mui

MD5 84e5c062a4795fd089de8a742efed603
SHA1 23406a3fe56d5733f04fd28b63076d52b5b24181
SHA256 4856b9bccaf9f3954ab1b708c21b4cebdd832900bde1a322f7bb8a197f4df10b
SHA512 8bcda3f1add9ac2419baa1b509dd96504f4aa299c964b5dc7117e5f55b3f535bbeee86a881ff7f702c6b713a4f54ee27ff1529c1b370f9d7d43d051535f023cc

C:\Program Files\Windows Media Player\it-IT\setup_wm.exe.mui

MD5 dd8ff95433affeae016d426413f82b9d
SHA1 556d1b9f7318027771716fde6b873cdb79d3e580
SHA256 b9341ab5c180aaf190c5733aab1d4c78fd0721dc2d105a239360794fc7fdef86
SHA512 5f2f52b8990666b46ec7021eb50b5800c2f062145d08cd1f04379d0e727585450a3ddaa7ea32d27baacce0e1b32e7cfabf081bf6293814d64e24c66cc1815bf9

C:\Program Files\Windows Media Player\it-IT\wmlaunch.exe.mui

MD5 b0b57209bbfeeae9b401577cf947ef29
SHA1 6e6fb3e0c232dfd3badb429dc62c854a84212fb5
SHA256 6a7ff1c5235e1d24f1562a2f509ebce18b8989fe0c19856124c61e637424b080
SHA512 0e9d3496cf50bd21fa23fb8967187ea25a054da9a4e0c20f7217e0153a384e9f5bea8669869d9e6dbd06597b323bc630e1b74ddc60ceae8a260b59e69108664d

C:\Program Files\Windows Media Player\it-IT\wmplayer.exe.mui

MD5 6ed93e41bd03208106716e661cba2f42
SHA1 b0bcdac61ae37bb8b31844f9b7419da70d99a4e0
SHA256 5aa9f5a27431da2d57adf8ffdbaa4c9ea6c0c5af271d6329fd8b36ec33529fa5
SHA512 1a75e1ff8ad851405f0567a69baebd87570e76e3f9aacb3035d46237c5739ce3c38726eac8155b8e6aece88cbffe7db1977f94af8b55a5177979d41d9cdf4a3b

C:\Program Files\Windows Media Player\it-IT\WMPMediaSharing.dll.mui

MD5 b01d9b861c071d5905dad7044a91a76f
SHA1 e5e2cdee37dd4a60158a9f7ebe34d36875c074db
SHA256 9f2fd3a515fbd4fe1a926fb56f2d438cc8ed27786ac5d452087cf9807d035b50
SHA512 a547449e4fd7e22fe5ae0eddf7a793dbe7c6db17397ac2e6a54dcf7003fcf78dba1688d503224cbe6ff7dca342c0c886648f3d2d82ab64d6c00915f85d3b1a55

C:\Program Files\Windows Media Player\it-IT\wmpnssui.dll.mui

MD5 6d34f2f0ea1971c923d6643c3b467c99
SHA1 6a7c083554a3c5005d4a7b91b56d583441acac2a
SHA256 e3fa96a38e5a63b75311e2b341b274714762644e428001e0544fbea48b9fd9ff
SHA512 9e3fe1bbde294038dd27c0f314dd9fa66863324b96a3c1794659b21e3952d0efa795e958349e478446edcdb756fa4d5adef7407671238d5334f40bd43b1abd9e

C:\Program Files\Windows Media Player\it-IT\wmpnssci.dll.mui

MD5 445b3ffeff4ac308cc1c6dd15f64849c
SHA1 7a4d3c0ba3ac22b844496a360f41c3a590b5b177
SHA256 4519298fd89e60a8b8627e943ec58ddb24fac8baf6242c34cd487092464a6415
SHA512 8460cec4978dcdba0260e89f6837dec2834cbb2cac1256f4cb4ce11840c8c5d9eb6c4a6cc95922e4741e523f607a18cc605e351ff02105e621960ea7d4d14b66

C:\Program Files\Windows Media Player\fr-FR\WMPMediaSharing.dll.mui

MD5 35d5ac72a2dcd407afca06e1fd10d679
SHA1 a6f01fbbeced1dff02024a034a29db4f6120beb7
SHA256 ffbcbefc39c1c4b584c9df422f624cd8f4f310130c261db874712dbefe1f896b
SHA512 6a7a95b19c6679d8a098116c20c98c9dcf3755bedf1fb8932e7de173daeaafc4ab4d6211207699710d4e85212c60147a64abf4bb3dbc4b445549d6f357eede00

C:\Program Files\Windows Media Player\fr-FR\wmplayer.exe.mui

MD5 3abf88da948fc191dc407b929efcdcf0
SHA1 a9f65a200b4e22700a673e8dd1d141fa45469d40
SHA256 3c00f57a41360273ce817207c6fb35d0d194990bd73e8cf2028efe67a02b96aa
SHA512 60d278f9e2b7009d892e977c810cf886b7d55e6868a94b16a7179cf2650eeed64f62841bd70c0800b13c2b0831a6687b766f91999cb9b44a1fc2aff104a8d2bd

C:\Program Files\Windows Media Player\fr-FR\wmlaunch.exe.mui

MD5 7f98d1a54885590e0371f473cb907cec
SHA1 55a620d0925b033009b6e3c032ed32bfadd77ee3
SHA256 85c174b8d93e5174a412d537bb3518d7ffea4b8fdf9427e2664ece38a3899f78
SHA512 35d7f59ebac115fa8336f10a98c1775b93c9eb1d75ade8dabd9ee6cae7aa82def2fa4abdaef52730af8b5117d8696f71ee7a4182204e2c7eab6c67a60fabfe1b

C:\Program Files\Windows Media Player\fr-FR\setup_wm.exe.mui

MD5 0db205c55f4b05d1fc2482f7a3dfe867
SHA1 38629596de9285be264dae8689afda40d432355c
SHA256 6ef78770bf69b841995ce13993d9ed83b2961f6afe409a54cb687325271a4910
SHA512 b97bd0be954bde882b3fc3a68295d359a7d50712c54056ec819357be3af0dcb2d3b02c837ecf956d16f84876150b444f8e18331575e9cced8483cf44b6bc0c39

C:\Program Files\Windows Media Player\fr-FR\mpvis.dll.mui

MD5 bab8d825a01944b28096222e404b12d5
SHA1 388563b983581388a50ae3f2d0ce2afdaa8b8a47
SHA256 280cb6cd5e612e2d6c79a510b90fe96f8003f014097355f9f99774627b2913d2
SHA512 482d19afceeeb6629d90e316c413b47aaf14a55f16cfcae5c5e2dd2e7d55930220991aa4de6a4f40f5f76204216e3f3308b1888de6d13c3703bbefa246fd43a6

C:\Program Files\Windows Media Player\fr-FR\wmpnssui.dll.mui

MD5 d506bb9ecdad29ed0a38aca51d781bd6
SHA1 4208df9039b8535ab14cd6d7d51b5e1c8beba1ae
SHA256 d3dfd164e45985c347d268d8428aee53d0559cd2304d726238bc732740ffde91
SHA512 a806bef5e325c6926808713af3927f46ce96f94a783062d83aaf086c68dc15789def52fd613c95fce9f5b02b6eb46c46f37cba3905faacfd2dd9d475d147fdb0

C:\Program Files\Windows Media Player\fr-FR\wmpnssci.dll.mui

MD5 87f738b07cbf509563afed1dbd68c3db
SHA1 a1496589db040c0803cee6f2805c1e0793a02cc7
SHA256 34f29c5a57f7328283bdf3dfe4c95866d4ff2842763086215283cc12f5caf8d9
SHA512 49cb7012c48651580c7737b4bc4dc8946b535c743eb9c708b26b03f0335570117ad2063d25654042323156ec905fcff7497b3005851b24d04c71144544d2dbdb

C:\Program Files\Windows Media Player\es-ES\WMPMediaSharing.dll.mui

MD5 2e790b15bcb1ebf121e3361e93928a18
SHA1 66302bd83e8cbe22315c81c111af9818ec6cee65
SHA256 03dfd99d3be38819c1db89e39ef5b6d470f9bf70014a5a3a9eac0dfeec5d217f
SHA512 db4b25327a6dedb4355c4dc6178881a5c1d634b5a2321e372f73a79c62e016f7bf67844a2be3e416e26df1b30c9221014f48055014b408bd62b84c766d27ebb9

C:\Program Files\Windows Media Player\es-ES\wmplayer.exe.mui

MD5 227475ed64e2657458d744a8a591ce18
SHA1 d65e0e536fa2e8edaef7d554426dbaf7cb2f2410
SHA256 c25fedeeac5d55a29764afd9a6f627124ffe089d9b114603420b955b302b9e33
SHA512 a40984ef8eeb0c1caffcdd590e4c17ee43b6646e259652f4506d8468f892af08774794168bd5ba71bccc8c96759220f9889212c5edb351cd45c4bd12827d1100

C:\Program Files\Windows Media Player\es-ES\wmlaunch.exe.mui

MD5 d0307638fa102d321a5758454d401391
SHA1 c8a44509ac3ad32dba822e44ace513bf1e9e2edd
SHA256 8a570997d19ad194c6acd86742f8a3357603fc2c57e760c438334b5164781036
SHA512 5b17fe265c58a05078ba7bf393bfc55cd59890fa8cfd0b68c3d3eb97238b8d3a63aca26973dd6973c4192872a6363cf07d4923b0960ecedbef0b0b38a67bec6a

C:\Program Files\Windows Media Player\es-ES\setup_wm.exe.mui

MD5 ab9cdbc4172bb364e621445112447094
SHA1 8a0bb8e95be9fd923cbfa4833ca8f65e89271e28
SHA256 548009a78ee471d6afae86ccd441aa79b88d0bc185db441aedc43630aa13b08f
SHA512 608031a30a52b38a901f0cd4b8489688f7afed565b9fed1b9dd36c370a54ca64a425144c2a404a9667c879acd92cfd919c1829cdccc07dff5324028c7db07734

C:\Program Files\Windows Media Player\es-ES\mpvis.dll.mui

MD5 57f7fdb6421e271db2fe7f75386a3019
SHA1 51e05415fdf9424589e211176356f7e61565955b
SHA256 00fb06b0127546f79dc8d0761d776d67a9426e354bd2aefbbde2aede40c9bc8f
SHA512 5f26c31f39275d8cf2e3650bceb0032d27769af0f10997f7acd6c7b00f90571df49ef4b881021492c3cbc7cceebb5c64338738c5b2ec6e7bb569e485fc73d74e

C:\Program Files\Windows Media Player\es-ES\wmpnssui.dll.mui

MD5 6d4d1139aab13dedb99eba4085365ba9
SHA1 a598f2a7ad292407a71ba4b5a4c5704cf107b2bb
SHA256 9f36af2d9fa3beb16b92f7a2bca0fefe8415afea550d8638c7082502e8d41657
SHA512 b53ccb84e16a14915c1d7ff9a2522ff64d067d913da8363ab748ba598263c1ff6a9bce05de3fd4627da5fa8b67898134eab4167130733ca592ecad99bbd66b3d

C:\Program Files\Windows Media Player\es-ES\wmpnssci.dll.mui

MD5 1483f33aae936c7334aff46f80c58925
SHA1 47dd00d49c659668d940af28bde23e91be699686
SHA256 30260dea5768fbddbabb5fd13d889a873b9d7e6aef61e3a45c5e089bc66a2528
SHA512 3fef7de092114b0805a1f98657bf616c227a11faadf6f41ee5c40c9cbc4b60c55f2d339fc46eefb6c398001663cd6353c3effe8f231bbfaa0ac222e9714df0ef

C:\Program Files\Windows Media Player\en-US\mpvis.dll.mui

MD5 c15c6bd1f9585b84ef5ba3f43722cb08
SHA1 d84abc561aa67c89db19444c96305b4d747401d3
SHA256 af0cc90134e22acdf3499b31c07f37078da2510d3693ec3799eb9f87ddc436fa
SHA512 8aa3e86ef26741ce1be96e444ee9ef0954aee88158544863de26a41b83871455e6f83d012b26a4ec5de429484b7d821ade9dd434eb17271e5d7c78ad42e075c9

C:\Program Files\Windows Media Player\en-US\setup_wm.exe.mui

MD5 fb4db00a264568570ec4b8824f73dca2
SHA1 4133faee27328e998e571b391ca74b1c405e8c52
SHA256 c9e481cb8cabcfa645ccbbddfdc8008140ee4bfdf1a176d9066d866af9bd8870
SHA512 4424c236370d65446fdbd357f6640720f34dbb673a08aa5d357446b20dedf5b5bbd245fad7574a161b9d9d04eadb87db5a7c4846ac7cbb48d40a3c7dc7240fc1

C:\Program Files\Windows Media Player\en-US\wmplayer.exe.mui

MD5 00e2a5e1080dbcfb94bfff98775c996f
SHA1 c731f5eacd8862a6cbfea3713840f53dfd63c657
SHA256 689ad1f1844a78501f23e377602dd31d623832c4eb7c6f7b0275c512a6b54374
SHA512 b8e6b45795dc7810d8b0178002180092ebbd55de348da7ad9fcf9494c3f929adca8b5cf40110ae3bd856a52335def7635b0f89c6f383fe75757776efae66546c

C:\Program Files\Windows Media Player\en-US\WMPMediaSharing.dll.mui

MD5 8ae6637e731be57fef6d27825892f80e
SHA1 421dee02370550d8ef42bf497a11c6c4927cc58e
SHA256 db8e0ab6c7935106d3c510cda486554c1357d8debc589fe991e278e8c6c653b8
SHA512 14b82ecda9943179f6fe0d0a4aa160a314344658468fa570283537e983cb6233bdd43fe70055d3c81b57013fe54b47edafb34a3a260dec514d8552444c28104b

C:\Program Files\Windows Media Player\en-US\wmpnssci.dll.mui

MD5 85a182206367e401333a5cda8c9e0b9b
SHA1 07478aa0df1068f26af3b1c2a4695e99197bb0cc
SHA256 08f9bb340ef96dbebf2872700cb5c927a92ac9f5ec58d506d11eab6a2c0558b3
SHA512 421910c8aad93a0bdbe57b51169370a03eca7f5ef15a625150899da5cb7ff93e3b176a8513ea66ebde5a52e65e59d8716d74026a90429038551fa9e0715d9157

C:\Program Files\Windows Media Player\en-US\wmpnssui.dll.mui

MD5 e6dccdf6c48becc7ef3b9bceb3318b38
SHA1 18d22a01c17f5ff625073e2035b11f071d81a786
SHA256 fc7d7b20cc0f7b0d25b5e11e68db15bfe0cb1b6e0a8f5fffcf7c01da6fa98eba
SHA512 dfe67f94832fbb2313653d1801617e7d9985301ccf8edb62e26d765f44f1ba82ad7fb1c6cd89f30591e5721b1beec6e07bad004e94ea0d1305ca324e33611060

C:\Program Files\Windows Media Player\de-DE\setup_wm.exe.mui

MD5 3be462ecafbc9d12d6e27fec758a8c99
SHA1 922748714591d80025ae8ce9f917a7497ae88f18
SHA256 d90009da606c3d176bb2c0bd4602ab4c4a6ba4f620ba729d3398b9a4657eb5bf
SHA512 8c1f83f273d74e89415375e6750ef562373d6073ebaa163fc15e15a4259d6cfb4f0b2ad82c187faaf10fc2b686b2e97dca1e7aa1f4c8b08afafb3c7ff6aa2f31

C:\Program Files\Windows Media Player\de-DE\WMPMediaSharing.dll.mui

MD5 b31a7445cd71eb59972cc9371d136b82
SHA1 6c63f27bcd02af3bb0a4a72aeef5e14bc1128428
SHA256 6ea6248e9a9ec667a47b57e718551c0cbf2dae5036e6a6e67bdcf78d916dc70d
SHA512 16c7dbb4544f9982fbb4c1270a3a3a2b6cbb84697846a22abc9818a39d62cce002aa13c5739b700002e121e8412d5e7f2ea586f09fc1daadf57b684276e60c17

C:\Program Files\Windows Media Player\de-DE\wmlaunch.exe.mui

MD5 bd1e7fcafa88ae52e61ae5eef295890c
SHA1 587379f1eaaf2c9bf4af7f1fd8297ddd80be13ae
SHA256 a98a365760b6c2079f55f130b60236e07654f148c990d5f1cfbb542647e5ae1a
SHA512 227e197fc31b4c594446df3226d88e4c26bb884c29b1c8a78103d4a3d95f8eddbf185061eabe3c5504ac718a027f822d846fd06f455879b8fc7598167f9adb0a

C:\Program Files\Windows Media Player\de-DE\wmpnssci.dll.mui

MD5 d0c2600d5c5c5655614b1a66c5299ed9
SHA1 ab462f5f0f3c530ae8f50e9b60b55be426fa1f04
SHA256 50dc305f1b85e3eb3a20592d124d766df85830ce8960adae3ed6515d11b0b043
SHA512 bc16d2e085517644f93f58222f65af1f6748093bcce15dab4b626407666c0442cf5244dbd84f3a847dabd98a3a96703e8a8664b975c488724022d3415c3fd53b

C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui

MD5 40454c7637827dba537e7874a0e41b96
SHA1 e3678b1acd03312bfd58da3e7d2f46609f5d3e4e
SHA256 6bc224a40b5b67d14eeb32862022d5a0f5462d4218f91e142983817e68f85487
SHA512 93be74316e6d768d043cd094dd0076330df9df736c6390b0d66ac129e1e83d183bfd677cb4c6deee98a5de6305a96a1a32b647a373b15f99b00ed593dfaa65cb

C:\Program Files\Windows Media Player\de-DE\mpvis.dll.mui

MD5 0aac672d274a3f6eabcb964ccb62f65b
SHA1 7142e93339c82ec430c49b448d600d27b72c323e
SHA256 5c799dcb3f85aa3a43e634330b36cfbea51a6b0e7216bdc68bdca1b3fafaad04
SHA512 a39c3e1019c3e0df06c7e225e12040f8f3508368912af9708dade3f7916de57cf389c9848bcbe30f71075ce8a28d76b297cfffc26e860cbcafa3ce46708e7767

C:\Program Files\Windows Media Player\de-DE\wmpnssui.dll.mui

MD5 44a0bfeb801745398aae731453847c76
SHA1 00a7fe9331cd4a86f8339f7157ab64b527d8c7c8
SHA256 33ac7f570f9a0b905baf5ff9fd79b578dbde5ad0932d1ed2b222b1ee5c1c0a38
SHA512 241d159dbbb5d292335921152f4b6661096ae2af354a3071682ad8dee7f76cb78f7dba881d12acf5ad79fe7c68e86cb2e598214c0169a0be5cd0dcc46c24f13e

C:\Program Files\Windows Defender\ja-JP\EppManifest.dll.mui

MD5 04d459ef7fb2926d56e7abf8eac402b0
SHA1 87e1044c66a72b808590c374c7dff4aafa57a929
SHA256 ed743ea7984165dd7abfb186aa8524c075a29a1125a6f08426a3ae276ec290e4
SHA512 8f273594c12546d91418539e9a8d2a4c8d8a95a4acb8a319925fc1404a91b057d332691c18947f35a35b0159f635be6e4564b053c14fab7e0ca91f6b216c625f

C:\Program Files\Windows Defender\ja-JP\MpAsDesc.dll.mui

MD5 0bce435e26a520ba8f66b598d3c8a08b
SHA1 1b8d541b34a42039f44a62b2d1f39629c8dad700
SHA256 6fa8662fc9b0bfa54b5afeffdbde72a3f0ce08f1223193643808b8a2acd16222
SHA512 90d27df76ca017e062957d124d3bc279a9bcde207110af1837edc5d52c7ce949bf0c28df4cf2790839847363feea1a20e70a6e51c49d0838d0c7b41b29bc4d43

C:\Program Files\Windows Defender\it-IT\MpAsDesc.dll.mui

MD5 46332a6e4a480eadacb74a618890042f
SHA1 8497dbf9f397950018a8b08d5e16c19880ef1276
SHA256 cdab08a287cd0c8d82d74ffd8416f45f197841a718607f757a7b5ca2a5698268
SHA512 2a99de10e4f858ce7d2d59934752885328b90d33a302ef76d0c35d1afbf6adaaae7b06af46f7976872094ff4325890678033c78613f4630f57c0350f9b436631

C:\Program Files\Windows Defender\it-IT\EppManifest.dll.mui

MD5 7bc563f25ff0900a1413e6fb4c6fa5f5
SHA1 4ddc27bdfd36ab233ff8f8f263b13c58df3f0899
SHA256 5d3e693f51ce83bdc1159af8280da22e410058870e1b26b656dd78cc2653b1f5
SHA512 b1a6cf8c31a9f6986bdbdb043c723d9a2b9e1557eddff29d20700699d08f07d270739e4ea3c3a9ce92f779d816eab713a9392021d5cf9a809b83f175b0e98f77

C:\Program Files\Windows Defender\fr-FR\MpAsDesc.dll.mui

MD5 01167c59681558b21e028eda9941cf4e
SHA1 68e565b0e8d7e5c0542e48fed46916a4703d8eb7
SHA256 b8fa7537f454a7e93973cacdbd05706a45d8db642308e68a8044e82476d0b4e7
SHA512 7665fe7911c823b8eaa2fe532d1879c05b793ab81c71b9959d200e432da06c3c858a3595ceeb2c9836032cb3b38a8ad0766fcb032f39e185dc504950546cd78c

C:\Program Files\Windows Defender\fr-FR\EppManifest.dll.mui

MD5 0be631cdfeca32c9463cf454e700fb4c
SHA1 03590dc93cd12b81e11f231340c27ed8a778749b
SHA256 f3ca68d9edcf5f101cd4877208719b443ecc2b0ec05b8cb8bf91cd6eca9bb608
SHA512 7b48edc4b6140b09f0eaff894fed048c19366ab815b5319c829470ce91ef174a2db390aa5f8d09c99e78de04daafed5c8cdf8116e749abc5a06e2c83ff7f3c99

C:\Program Files\Windows Defender\es-ES\EppManifest.dll.mui

MD5 4d9e947ae9f2b1ccd276b1a97fc81db1
SHA1 039a1d58705526adc87782e6e8db3c0e262e5a00
SHA256 eb97a168d6e778fb23bfa9b85390265e9c375de6635cd04f8edf706912a91161
SHA512 24ef71525a159801bac6993d36381229341afd39b1fb9e12f86f1d876377d3ecb77d9c823851d79138c598ac67dfea726b32bb3c73a68f6f4b1badc4233ce5d9

C:\Program Files\Windows Defender\es-ES\MpAsDesc.dll.mui

MD5 20037ccee61f64f2a8e03dca9d3c1ec5
SHA1 bb39752ee0f7a82b66ee3481739d9b44db8f1394
SHA256 e9b816d2b74a525d3c1842f62777c96185a8c8568a55d5b0021b429ee7074cd1
SHA512 d2883e9624036e4dc792455f73a78ff9d6f4a017f8b18c5bcfacf1d955b34b837ebed10e71cc2514ef3be7f0be861cc68ebc857947217139466c4cd1ba78d039

C:\Program Files\Windows Defender\de-DE\EppManifest.dll.mui

MD5 a2e844bb15741eaf313deeb5623abe1a
SHA1 b20cf3035b19dd2ee7d9f7d39d23defc8fef7260
SHA256 8ec89bf1e3a5f83f09d7e200a26459f153c9e85f76c9b12990fcf3316700e151
SHA512 d20e35370d42a21a193c08d2116752d3900210a0fb0fa8a1714776fd10192b7ca2f914cde140ad15fd2a2808bd668b08b2630a175fc910155d6d8abc5c80235a

C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui

MD5 4c96a395f5f0250b29b6dca7a43bb010
SHA1 40ad077f52a616817feec9a0644c44cc16a4db29
SHA256 82a6d533b4172c3a6e6266fa5e58dd24b8d84ee5ab9adb547ac71cdc343dbd5e
SHA512 ea7c79d7f09a5eefbcd0b8d8516ef89275f75225270518e2135f23136317bda2b14107073253f11e0bbaf3f076e91c3b90bb446f0f612823ef13c518eebab2e4

C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui

MD5 6d2194e31b8295f0fbfd1033b6ddf76e
SHA1 d7889d093035c47ca14f20fd4c14621ee439ee68
SHA256 a1f8dadcae02b22d26754b419265d1b76558a50d9345159d2010f14797b465ab
SHA512 403198e9a576383b92268f27ee4b7f325fd419e01d3f0fe1e58c4f58a5a1cbb614f757248506303e053d04a7ad91c62f7bfb053ad6845bdb6541e3594786a9ac

C:\Program Files\Internet Explorer\it-IT\iexplore.exe.mui

MD5 63be9b9952951dbc5eb822303c47893e
SHA1 92ece66d08c043b0d7bd5ad18125391eb3898605
SHA256 5e18189e36b94d66aaf437343b4b5c114f32d6459651b882abfa66fc05024553
SHA512 793f75e09531d633bf9d0a7f6f9301ac4133e64af301ba3ae91a6701d066e8e99882d5b5ab48bb5d2154dc0fe62e5bb28cbd68cd2b997b76bd482549ae43a245

C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui

MD5 a575ad1ade751d570b67bc21d0643ec1
SHA1 25d3bf4950cb8a8034c61411d7e245f695599a8f
SHA256 93fb252e3daf2350b9ab540fe6a11797b5b454e40ee5bd38cdc33aec3f33c45b
SHA512 3371263a0cf0760d2fc23dba332f2fdf3b4bd8fa8fa3e4328edd88daf09032eee6c675459cfea902a7b5079a78ddb0dd6fc1e2efe8b1d54b926c4fc60b8fe47d

C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui

MD5 252794b89ed06e8669ca50a97021fafc
SHA1 f470c6ab082f56f5285eb2cb0b53f6bd393db3c2
SHA256 cf286c53dca5dc673196f6f5f862ddb81dcd9b4fe3aba9e39dbb44db24cfec7d
SHA512 e74f1ea067f9cdfe18a47209e43bffde6d2fa56fc9bb59a50fb17f46ff5e44d2191bd815109eeadf7a982e8401fed5e3e4977b101672fc73003a0ec667c31dff

C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui

MD5 78252ca51e4a26ba41cbe498f0b07e76
SHA1 147e424ea13df10e56efdf78923afff317b8655d
SHA256 a3e7307481b2c6648d7a03fdc8091327829d20c8c2a94c0b86106b26e1f2a321
SHA512 48a2f3069ff4e0567e7bfd31d94b9333fd5f261b68f076077dbe764c80c71ab7a2fab6b3126eebfd06488f3565fbcf9c6d36e04735fa3f7d0bcafcf0d079f1b7

C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui

MD5 1144d23c952a96a4e3ad42b4306aa3bc
SHA1 7026a2c6503dec2b217476fb9b9f587306a1beb7
SHA256 27c80b1b3a623c788b29d9c05d8f613f5af741357749f7869af36561a7158f64
SHA512 80699422ad95ff1dd80b0c8f608ae12b96603641744ca87834f2cd8df7d9abb4a9ec2bb51a4f322921fd6d0df891cb4e02da3eb46e6af72556519d48473e9921

C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui

MD5 302755064b801da6e3289412fe16b729
SHA1 40d4c8298983e7a76bf1a3a7bb4920222c749c75
SHA256 f77b4c6087e47f8b31df624f21c3d401391ca1b903fe9775e4e55386cf11942f
SHA512 817ef071b93593c77f174b75db37fb70a9e79763b8e80ade4f64e699f212d948d7c5d296ab40d998e63ea0e1f045b85f44eae7c3e0644918aa26e5a3acf8567a

C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui

MD5 491273d978571dd1fe28137cd6d321de
SHA1 e30c300cfe5404becce42d9f274147ffa5bb022f
SHA256 a39c4517a60d3daca687a302c55fb04f420cbb99df61b0ac2040afd51b1ef59f
SHA512 8f8fa70ada049efdedb3a806dbfb9aaeb283f7da0206777f0426ab1fc4d2115381ecc0190c9e37036142dbd34337db625d58bf2715afa38277840b39c1fdcf63

C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui

MD5 89878ec406d1e322de65f1067bb56a58
SHA1 69f19e039461dc331409320b43abad0e8f547080
SHA256 22befb673cb8a2de10e6c094dde4cd05f173d5a84cfde59415ba59449aea5ad2
SHA512 2679dbd93bcb7fdfd75f69143d08618571d2c1a77d005e4ea96e9c54f6452685d2b7d47910c758392daee1331e8cc43dd70c97200565ab42bf35051fda1d4cbd

C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui

MD5 80ba5e72949e6bfd1c07959ca0abb4d8
SHA1 3473ecc14aac54ea063e768c51281b1f433b4173
SHA256 8977b9317dbe50d2694c4f62830edc004599e3c07e313608af0859f5014d1d7a
SHA512 35c866fc73808c54af7455e31bec928aa90eba9cd68f6528601af6a23cb948ac322aadcf612db2acb5d575a379cb936f1819195fc98188c2e7c8893329357758

C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui

MD5 67ccdc06164c683e0d4758152120ec1b
SHA1 f6388fd01c666c7809394d34a6aeef38bf3cec9c
SHA256 ee3415fed01259922cc8afb45b2383280ed140db6287f4229faa5b90f97232a4
SHA512 0baf313f621c045dacdc9e084a903102dbb821b33a4d3be23737836dcb5f4bfcc26729f2a631c6882868c6cea0851db44f677092462e36f3793f633cb2fb416b

C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui

MD5 043d8a8eb34076be0ad70213baa48159
SHA1 df20ddf7fab8ae28a0358b5a988a9bd6342cc8f2
SHA256 0aeb06f1025e5d3d4ab710e88a1be0be213dd71be72907bba9ad0ef4a1d5971f
SHA512 ce815c92879fa3d510b8c0485bb43f5c0993e64e5f54af79bb8a3e21ef5491bca80e8582f910ef1efcd12c4eec19f5bb5dec895151d0fd9788964f2957126f4e

C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui

MD5 fe519c7eb5b2b06819f184908e928703
SHA1 fd84e513b938e91b91603d94b0ec00946c80bffa
SHA256 e939ce81974bd268cb21a240a6c90a1572ef1f6c92b51d2f02f546104cd96c3c
SHA512 a95a97b13bd9c5d526a42e752d983fe252b8e9c08d8d8583cd50d3211b5cdb71ad092cfe78bcd95a3b2cffba4f29b7e50028c56ede7d149b23043c6f385d726b

C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui

MD5 7d0dbc5bb235d3b1fba9850a2e659434
SHA1 2cce02eeb418df64cd3df7223d004ba96fc59443
SHA256 de1d168bf67231c55eb015c17edf197077b58f900878f6ebdea01e3ff76d03ac
SHA512 dec2d8a48eed1fbf52014b5cac16a7d9651d2e89802e32bd1e88bf214f873d78ac716fe94bbb1d88d5747646b208a225b1152c8882100e31c134d8269f1cbf79

C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui

MD5 763c7b90eb78d2c018a7db2da2ece547
SHA1 83f12cf2c4800fdde9e74e87547c7954523ea188
SHA256 b0bc3d652591989d61132da147f8088495790a8289ae716ff34422382742cf63
SHA512 ad3fff9e1984caa47798f0b97a6819c3b5e3b0090093a2d457ee837de53fed47179aa2b385b50581d901331eefc7c0d990254ab63eaf9a8907f8a4fc7ae51f68

C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui

MD5 1cd77ee10cb14b42f1769121a6757325
SHA1 ebf9ed911934da9483619c20bb8ff7c4497516a8
SHA256 a4d1910fb997d2ebbe4a37402bd8537a9c68588657eb71d7a17957151119063d
SHA512 73dd71cc601ce8d60c2cd4b7d895c86eed2fc20442a5eaa991445351efa69d091718f0a99675cc636cec0950f5f1d3f8b69c82c6690a31780d2e6bb76194403a

C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui

MD5 d4e4bba148c0dce3d8b89b89f4c7614c
SHA1 84e094b85fc9fff2ff661619dfef662ccb08c71f
SHA256 e63fb5abd4f68990e91fb7a1f43fbb725fa3b39a1e30ecb4737e3c873bf22617
SHA512 9829237cb1b6e4f7f560f8ee28de6de69970c1b205b42a660f0c1a0662e2cecbb70b17edd1e1df8694352f525db1c7648ec2cf94952c2d0edac330ea30675b79

C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui

MD5 fb762b60503aef60e2d6008e38a60885
SHA1 d9f7eba4191f70077f1d548c15bedc354083fcc2
SHA256 e914b6c84a7f12c5d63078c69459bb3d2c38da545b707c743cd37e2696c0c79b
SHA512 c6c2c82af95f657123e7d1a7b29b5098f17d4533d81b2e2cd1e5b963b2ad4f44a0dc18f6dbfbdd829635a2d5ba9f826fce93fd9a3806c9eed4f77172b3ba0392

C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui

MD5 78441997036a3a44f30b3fda40ccb6a9
SHA1 18cf53e9198711a9751d1faf102df99f7c3e99a6
SHA256 cf535ea6c58ceb19c73f2c2460ae978303a547c156b8176c68086e2602e329ff
SHA512 ba22ac6b1a0c2e33736099e92e4d9449ee895c4fd34b955fbd2914aebda2d821682e366616a1743f09c3fab3a573d878f7c7c6c78cab2c4e5004717f2fb2ae16

C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui

MD5 99af77e778f7d090897293a052293574
SHA1 713bf2c51d088743228ef3442a2c27455656d211
SHA256 069791b99ca69b96f41370233a50f76f4ba8e12e5bacee6308db0a5044fc4294
SHA512 e9e033dd74ddfc6f551687e3d0ea2941021005092158b7eb64d4c28ee82085168af663e322b99759ad15f9663e17d2e1e680ebb1ec05c93056b311c19f077b54

C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui

MD5 131a24dc0cd53ac7754921673522a7d4
SHA1 c67e5b07f988f1ef1c7a7205a5ddc5bcfc5d9ed5
SHA256 eceb3c8c67016b1a3b3b4ceb21b6001cd6830864391d77e0b47ecf4b96d694a2
SHA512 80d0b6b652432c68b8a222f6ad43f74a1c4696a8f915a635045342b63fdae554287ff1894eed2e61b8cdf095a13e3460fbcd16535cd7ce0b37996730285b63ee

C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui

MD5 24fa6e7f561efa3ab5c5877c461d947a
SHA1 fe37f6ac52d93ad2601a420a5c54f86ce4be844e
SHA256 c11a1a2ac5b95378f33e9326fc21ce0110e5157122364d3c43b199f83d3119c1
SHA512 5b9bf1e96d529be53fa35212510e9a514a1ccc750da44ed4f7c73415d1cf51709d2db6eb92314f88bd1c098ae3e472d85d08c75540231b8d1f398fe85f7c71d5

C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui

MD5 bad170074dfb9a17cc6bc4ec5f5e5e86
SHA1 0d4c4e0d0f4bbccea225a32f676c1f9d1f02b10a
SHA256 fb9633dd39216146b52b7fc87d97535dce0e63fd444595fed508433b93c96502
SHA512 340a57898a6a6d0088cecdae7571b624b95b88f63e5be1873c75424446fcfcdf9ecf915af60954e1d05c4b5f6bbee63742231cbeedc8c008639b76069a8a9d54

C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui

MD5 2dbb6842173bedd9e93bbdaa229d2e91
SHA1 3c6d424c870ba0d674cfdae89b3b28f4d3860737
SHA256 4da1a011aef5fb2da21c1607cae972a1a849c986e189e64ef9e8f29518e77b40
SHA512 6c09d7f0635555f475fe4e6e441c2872ef467ad736c1677e44e32f6b1d7a2427cd21ee06e56224cbcd70b06a99f7c65246a38b7bde600f4fb5c6e9398dde7e3c

C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui

MD5 a81b53d9f243651c800452a0bf6c7393
SHA1 0dd9321eb3010e93b28c095f4f589d316633de25
SHA256 c7db58b8d21023c5b439bc94026ed01d847761730da51fa2d6ae2d44f74af133
SHA512 4b3b25b596c7ac2a5c7acd4d0c6c437bf8c97ed795b32582e2475da59183bfd9a31911917f3d67b878bc261fa7bb5d396c24fe07eb77343bf50340e25d4ed9ad

C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui

MD5 e1261626d124a4588f1735e5210e7c8e
SHA1 ce0478b60b9e1f9d984483655db5ad5273090f67
SHA256 413d1938956d5aa1f0e1487094b783d161a0938a63cc93af68c0f8c8962f800b
SHA512 0fd8f36c8540fec3a08024ff4b8dfcef76f0481f679d8216823c14306f22a026d3c2418953e424d5d43bc21f490510965c3af434e73c474edc475f721e769aa7

C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui

MD5 e53f12e071bc314cf682d4991529c355
SHA1 a51b74004c8eb4e7cf1fbbd6226f2240c6d4bb11
SHA256 95fa1638a480782d801594caae376450455b186666f1d9e59a625797fc28144b
SHA512 1b2db8924a691a42d557d7236e1913ecc3114fa288bb692ffc61e4f954890a7964f6ad8b614850f0b7cfa60fb1d7c50a17059f6c2228d39f859c41e8f0569e03

C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui

MD5 27ea91f2d26b95fb4c902ee24ae29fc3
SHA1 6ae34f38648f21188721efd235b91da5bd5cf4af
SHA256 b2c4e1028f0f47a2a66547651400752d902fb362abb2cb61184a48bc638d1e14
SHA512 acb84703514abf1bfea873a9ad86305fdde53d7b5cdc97ffb0c8cd4a2f76035bb33665376cb215754fcbc77d1cca63986334378f91796279df46e5c14980e852

C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui

MD5 1f3f8ba15734f9d455ec03409f5403c7
SHA1 b0bbb0a851b89f017c43e950c8b66308fd8ff04c
SHA256 c6864c97d14d656658f0f36f334636589cef937346ed232efe6476582d287783
SHA512 697898674c138ec3864ed8330809602c1521ca6c56f5d8b689cf7ab199321de077080b08d1db528e65800ce7bfcda687be7c70112fb0d20fde50d68f01c03cec

C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui

MD5 8aa842d0d77a39775674b81957194ed7
SHA1 6e3edad5ff72dddc0727f9ecfe3b4441d8930fe6
SHA256 28d1a924863451aaa8cec91aec2d237159c78c8b59ace2516d887f09519bdc5a
SHA512 a0823c49239bb8c15d801d90630a66362b53c2d36710ff39f01021c85f86b49b2673860e94b0c4eafe7642f3430c4c52825415376105c9ffa995975021d94d08

C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui

MD5 a7da6ed41fc911210c3c8cb66304e769
SHA1 6a6552d491e460d4a37d83b3675b8f81defa2c97
SHA256 27e83a9186173438cc4836715a9e6e919e3fb69e6a5fd4c57b4d15f33dcdd08a
SHA512 8efacd3490cb3a42fcef9fa537b654f3e20ff28a133ccbb2c6deb691b241120b6a5399ef508706c4d018918af34bfc2bf0895e3470a3c901611a581f9f33246d

C:\Program Files\Common Files\System\en-US\wab32res.dll.mui

MD5 372846b9620469727b8f70f942d80c86
SHA1 3c7e56a3e2d8deda4fdfc3654acacb551b22322b
SHA256 1192d2c780105eb1121a3e45a0b1ca3cf2e5e26b1502c8df58d7cb7148ac891e
SHA512 ad88fcaaacad69496d8e50e6e30d9c2314d5bf950e36383fa0994450ac2b4487adc0f9404e9de8365ff54a3bb84f668f366c8d9d973bc25e0dbfc0d8abea67b3

C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui

MD5 8b57a49ade692040d8bb1821f0773ba7
SHA1 bd2721f97349cb124642bdba214848f644aa7339
SHA256 797421a39f112d18464489e329f3bc957ded6b6a09f31b0c8c6d6e85858570d8
SHA512 86858465100edef94e0cee2524fc52c9f8c14aee795db730e8e5b9cd632528c9ded85934aa2231a9059b07439933bc4f50da99583d5f7a010ab4ca4eebc924c7

C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui

MD5 984c2a2a8c0bc118f2edcafec42a4f85
SHA1 4f1d3106dd0e948840ae2df1219e576d30d5314a
SHA256 b162e8efbd670f27d5a2765db39033c79eb31bf4a3251b201ebe53e94223c27f
SHA512 2a66d260dac02de5f1d30ea77c63ab1b8f25deea055a8bcf993cebc0945ed6433b6f30f054731cf77186eec82c41e29860c819220e12029a571bb72157c559d4

C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui

MD5 854dc1c3496d656b75e43facb35256db
SHA1 38dde2ea7810d33a189055b92a760a6d688d5d84
SHA256 5b7161beb6ea6383db8401292f605d2f9d624438c42425ae120929430cd561fb
SHA512 570067101d1159e20bdc24dfd19bfb75442f1ee4e963c4cee56d5dacedf5fae0c22c026c0efed8a1ed13892358df75a5bf5a72493bc40a65b782dce29aa4d61a

C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui

MD5 341f7c7bee07b49587078f514427297e
SHA1 fc6a9d1da38202b3a4d05047ee165922de060cec
SHA256 e31ad4b3b5f533e2be0d5569fd56adbf8d4383253ad47f7d41b014be8e01dd54
SHA512 480610fbd123fa5ab38cc1291ac35923d927ad3a998d18ea71325cb98dcd2465636dcfbb94f3f187f52e5d20d5f87a94350120de48224833d32d628adecc49fb

C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui

MD5 18ed81d28d03970171bfe6bd93d4af25
SHA1 a85315f0b9bc821267c3a3d99fbd881a43aec6de
SHA256 e66cea5065b870613744861bb30110258645f4da479587ae4de5f0dbf9689f83
SHA512 61b5b53ad3722ce59aad354a3eee38b1ea887db5376d5cf59f5d10701dfc8ce90622e5c43f062ce8cd67b6d14289b814fadbd62d6815a3bb53c79e6f345bf979

C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui

MD5 ab0d2e53ca7b7ddbe6a30d8c27549c3b
SHA1 58f8c056af66661df3994ce83b51c6ff6fa6e5d1
SHA256 77c1a6d1ded5df81b3062c43733dd06aacd7023e827866962f0cbba48026c7f1
SHA512 17f8c0ce0b1cd4cf310c9ec29d339f6f15ab46fbecaca17ed0c79d3e5dbc19440c920d7f1926b9ed30004b8a27714d23289986ecee3407642e233fab33040d46

C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui

MD5 98e2c554dc24654cbdd17dfa1414f062
SHA1 80ab5d89203f7375c5cbd3aed2abafdcf65ba779
SHA256 ab43c5b4127d478aaa4428aaff9f90971b8c249cac0eed24e5fd576497b69c9f
SHA512 4b21edb34c0a525310a61652b5799236c98fb2f69982057f3ad951c3f256760245588e4ab35af512d42d77ab6674ee120d8744ef66c892dff7190e6504e14bc8

C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui

MD5 50b24ebb4a19e3a41fe54080a2cd85fc
SHA1 24c972c9cea4e3479dbb9645165ce47ee3c8c403
SHA256 e4a37e63ac2a2cc4c89d6b06eff865e5b89b1f9544f0cac0713ef598d6e9484e
SHA512 4236fd05c07c5d7fcc0c9d3df316c37e6c47f180ed4ab7b09b2d33dc977ed125d12c2ee26f30d9f76e93bd82a30e6684d8e5cbe34b3c3b4ea218fd4ace9901cb

C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui

MD5 f2a674643e32092bc123e49e115aa412
SHA1 ac38dceabc5401a580540e3291b1012f872fbd18
SHA256 bdcaff3710ee666bb712b967bcadcdae593890dfa275c99602c37a90d13ab648
SHA512 3f2a68e978e388302f56807f286dadaf565f7596ea497ef224b339ebc5ea1fb7567a9b868545c00b11062cad716b3e311ee2d37977d2b0b3786a418acb75cb98

C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui

MD5 6eeed79e7ee421b1f22edd7b639f7704
SHA1 6436a1ef7528bceb55aac2100700dd9fbd3e70da
SHA256 b2b21d291c57a2da11d441c1b24c445dde1fdb134fb8853dc77d335f8e438261
SHA512 a4c9d1c0804162fee55619dc673d5538b25eebfbe74ff8f2b6794bd11abdb73cba76cd90ab35c734e7233ebef4281d63f90662a8ccd78e15638321d0f22ecbbe

C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui

MD5 4862abb1b8c09c67296fbd017800a8aa
SHA1 6248fd5cf7519bb3f67c74750cbfe8c6cfeff8cc
SHA256 8fcb73bd48bba79dbff259a5b8dcc92b282a9d60d1553e8e02338fedcb50f07d
SHA512 cf4029a5d0fc5098d357084964d14fa89c4979363b276a664b9c7698d2f28a2782c16b3d6a3fbbc9518f6b1ad8bb6a2993295d93c156110e17edaf0f064e4889

C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui

MD5 bfb121c0a6d0d4211e4a774f6e33cbbb
SHA1 19fe97ef5e21f641e0f17aa1c3d020c77d60e33b
SHA256 9888873e26b602a63be3e23ae5558d0fa89c6fe99633ee8e50c6070f210b9127
SHA512 ebb9f105ee34b7ca276d780bc4d5f42e9c54336cf77210c1ddcbbc5dfb49449bbae45c4ec74839d9d30f4462cfab98f2372fb60960ec48f45652d5010f49bf60

C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui

MD5 a95e5027a5db910ef6750cf5789e16ed
SHA1 e29ab79e86ddc7a45ccf74eaa0f5b0c64c053f58
SHA256 335fd571c60a47f2ebd53297cc121b8e0468a6b039f7f85be99f216b998fbda6
SHA512 9a1ceb057c81570efec3beaab05b7d5ab55c5ffd105703db9dd808180f3006c7416919ffdac1a1a49db4812e1de01faa6ac60476ca3b555e94aad598b0b57192

C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui

MD5 ce35a5be111b66cfeda662fb25432497
SHA1 b84d094662f936b0f056bd952867245c161d07a9
SHA256 b27d9cbee554089cf978369eba47aa68119f168eda2bc4379dcbc4e6cb8839e1
SHA512 10a41c864ccd13f1b09418a493498b7d1ce4a1492c5912a36864f7fd73698531fad6144fdcd9e63825fc259ee8690aa0e93780ba65080bf75fe94ccc6c06fc76

C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui

MD5 86a9064af800b0e112ec585cbd65e86d
SHA1 b821491678178fe3b2a2e8e28795e28482f31160
SHA256 05bc7335a1c3525484116bff212e390b57d8069382b622f7fb9fe19ce9a7a75c
SHA512 db1abe7e13cfb8986cdb71c5db2cec427ab98a3fc2dc7015988b41bcaa14195ec899ea69217436c10eaba3b5a64f9eea90d7e828bfe2023168a8bc9b2dbb83ba

C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui

MD5 93e430b3461fee17dc1f580c49de0b33
SHA1 4a9fbff3571b82e7aa07127b4a2dbf3c8e388a99
SHA256 80bcfa74397980e5d24e94066ddc74b2195fc9960cb0897588bec7a097a09d26
SHA512 49916ae1676d916343c368d9c3fbdf243d486575fb9b57e168c9bd9b1d790ea6de751aa273e4efc2abc77b391f691cf0738bcf019d609b03774b972d34f1dff8

C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui

MD5 f45059fa2520338d83e44c5081a66247
SHA1 8ab73fdbf68a6aca36ffc0425d12cd7bf87f4b2b
SHA256 2dcfb26a2e901c490615c5d68668f96e3dbd49296df11c329c0f4e81e9971263
SHA512 1b4317fc45c22c58c57a00faee2f9f81db0f27218e7fb66277c6a0eaf08f99c26e5f7d65dcdc67801f6f520fb5f397ed1b48364142b9149e0f694111ae08a9e2

C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui

MD5 b198a6551ef98a622efa35f9c1e52dca
SHA1 4450bde6fc2ff9dbbb065525b1f990f5ff8a7351
SHA256 d6ed908e5e994f5e571a199a73c4abc0327144e552b3a1282a33475bc6373e1e
SHA512 d7b4b4bd031d6a5aeb7debb0267471dbb59434282501f920fb306493d2d765511c02970779e83d0259e183d1734de7a758e9b2f36a3208c42829cb7196e44f52

C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui

MD5 06a0068b4e6604924b403651f19ab631
SHA1 aee0491fcd3fa2bc985a808cc2ba09723a4c98e8
SHA256 c9d597479ce4ecd81f71ded68bde1524cff9fdbb514f75424332e54ce186af1c
SHA512 b23f3c52a9c19097c88ea1d44c4338fed00834075687177c826ab01725b7a62e5e1836bae712159a23813c1288bc1aae1f44a0313eb68ec980d9ed2b92ceac8a

C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui

MD5 50bd99cb7fc785765087a21e6695731c
SHA1 1485df003010ab2056373b754e87df5aff0c5584
SHA256 e22b2c4035b464cf5291f8b9f22f8218e37da2d2d9a090d60e335456d6e694ce
SHA512 5579c2b7623b9cb794dadaf6bd9dd4f22a1313e033ae206d5b8a62ed6a546eb79b0a62e4bff11c95d6172049058509918002c761b88eff4ce7a86b1465c5c3f1

C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui

MD5 a0ec8d84efcaad2fa21f39da16ec02a0
SHA1 76c731ce216ce993c4ca28ade08e5ebde3d5ce84
SHA256 a3b296b7071ed4c6726c92cb69efc76aaef70f74a3dad62853a5e4dbd225c24b
SHA512 422ffe98c535c7cdfbada633b76ba89e939856dfb52e72720a1dce93c6579b1a5da15685624ee63b2f96bbe4eabfa8f785caf9589f3591486c10eb7d3ce1e224

C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui

MD5 d7ba08315428b732c776680b00817744
SHA1 b764ba527225f61a5bbde0efed6d5cf1e9223683
SHA256 b497d276bc158d0b56d9c71eadbe6a74c13e52f44133378b80555c12243d47ee
SHA512 e55dbef04efacef6a5152a7e7238df11c48ee243206df5d3f9fad6bd870aaa86e5b5229188b9f3f70592608eda9b29b3d9875b2d16c2b7546620c4ed3cabf6ff

C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui

MD5 f20582143adbb445afc2e14eb978405f
SHA1 56abff9e91968b406da4d850ea813ab229f6a63a
SHA256 773a74b708b56ac20dcdfeb57829f3cc8ea7475f988a4e8b0df27ef18e081571
SHA512 32f20089130175aac3dff35d966dab42c67bdc670f3b370aded0625da5cdebcb5df87d7637df92f6fe51449e4831575d88f9f19b2d05e436e2f42157d2c41fdf

C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui

MD5 2259deae16702043f750de3e51add549
SHA1 ae31d24237521036375779cb915e4077148c7714
SHA256 cf98f28957cfe0fbbffc4cc9f026a24e2a96fdeab3c96d4ca9d28e5e95d2f5d3
SHA512 77e89d5981bbc2d900ef39c97f63d9e0faadec500f58afdca708fa3ae96ff6f47347be6f3119eb9d5cc5854fd10b27a19e4c302b62417e40a49020a8aff9bad0

C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui

MD5 518c6603711d95873618fb33e7420efa
SHA1 a66297d6d12377b3ad143b037f529304cdbf1702
SHA256 347a59a9848b7c81b68fa2c343ec1b552d264021ef4a726b481d2301f2d7ffc7
SHA512 2f9fdb6a11b620504edd208a2bb66b5c25194b8804238dcc6e0d2c17b577f0bae6b5fb7d2d3780732d4b3b457820e889d815b594b89297ca045480e6cb996c54

C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui

MD5 bca852bca5dfb3f490becaf3126427b4
SHA1 f84b9d483b1964be014b352d63e4cda5499cda91
SHA256 851894d4d6f71a012592376a38ad084a10b62d4464a66e8701d9bc453eaa8dfc
SHA512 dc7ac2921101b8cec9af4115271036bdb9d45c54f3d9f41dd5b13416cf105aff4ecd790a86e2ca17fe12b76a24b2911a41579ae961d008356859423c6082915a

C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui

MD5 05381f7bbd04792941b83bad8ebd3841
SHA1 ea386a012eb5cd730a6c9283629feec9a2a1ca4b
SHA256 dfec1343a2a38ccb427ee0b0bfe226be2d1dc7e051a07c9a9507426967440783
SHA512 5024f1bd628f5b951cec46e32631be9b8a2d98b7a766498c5ad9140d29c622122b84ad35a9d86624cf6156104028dee38eb45f3a8c0cb07f343d7c0656770d6a

C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui

MD5 84c607f212b4cc3698057fe5fec6d5fd
SHA1 3b920b8e0ebf2094149d11dc878df13a165c5c76
SHA256 49cf8ceabc6f8b5b3427ec77bca8b79efd400347f62de9ce6a52e2d142be44a3
SHA512 97f1d1a16ae5c81b4b8bdc82a09ce88f5391031fd8241741585fccb0eec11df787262a907b6cfff4774d2500d8c859bead4adee528d4e3568d7fca295a4005d5

C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui

MD5 ebcef985aa9643a733fc408c5b036b17
SHA1 47b229e8905befd6e85dd1ac01437ea035d0a9f0
SHA256 069c5d1ebc47b1bbd45348c3c5196269f83f4863a7176d67842b6f6e39c6756b
SHA512 704c47e622684557096345867d9b08d50788b03a45ed7e8d5a6488bccdb69756437a823187b239fdf95c1a9ee025a9fd5335510e5f9cdf8f3066928f9ba783f7

C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui

MD5 6d56c96c77417410fdfe17f9ebf50cd6
SHA1 7bff5d01d47c2e60e68b235f93c7c990cb203027
SHA256 310418624e502b2a8192246dfca6083c09564b756f720222daf279ef02d1d59b
SHA512 70c25418b8a6287acb31213c42f35db1867b2079bc075d3816dc70bb4404c03f4fb488d1912ae6e2ea21449aebfd3a8e96a69c421f6a247fa6c4a4d328922dba

C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui

MD5 efcd88f5ef41d28db237adbbb2888bb9
SHA1 b553e26ef351d832bfe9b9f0462ff702633e1436
SHA256 20a7aeb1b6d585a8c85343b8911dc51e24f21f4fcc889d7bd3168ccd863ed4c0
SHA512 2a9eb26f9d8bd0722b90f6ce3d9573ebe608036af6ab5d907f99825f464780f3ce5be766f166e7df1b086aaf80c0ce690f541069e903bae28d3c750ac0879dd0

C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui

MD5 c3ff270417d8b17370efe5f8f7e933ba
SHA1 581878ec660016b740169edc165d7e00fbb10afb
SHA256 166bc864d135ce68fcdaf6749eee0025b3dfaff61b639f8d72231f7a5140941a
SHA512 fb647a5e13c97b5c19d0de3bf95b36c7a50b1d0ba906c6d75566bd9fe20fdf43dcc6db97715aa211cdc43883eb996089ac86edbca58319dd008f32ecfce2d533

C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui

MD5 0d706ee621d9209f8c0100d4af9fb3d2
SHA1 1381c9ff3e1c7b483eba2792d86b020b0786e0cf
SHA256 e805a4cdd4d298ba0436f214a876f040f7d3a6e90fb478a66b03d3ffe5ad5b17
SHA512 e84d0bcf73bec83e15c9694d37935a0462b7d63383ef386a13d4495673f772f1aa9033a80ad71e2f788041749c0920517dfd797ca3abe5d160d79a638705f8fd

C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui

MD5 53fd8aff3b33a0212154f42255fa8763
SHA1 fd2f2f7aa65c1a549b49f9cdc2984661a300b8f3
SHA256 a6d12269bcce580c0d49750ed1e0115f1fdea61a23b64c569211c6b4e3fd37f2
SHA512 561bee5b51bf2e6d0dcf0c352e861728d074f84f3aa92033c490e8f6c0985254f06919e49710e5e88f7585b0796b49ad21ced3c6c1f5783abf2583b265a5f1ff

C:\ProgramData\4A2F.tmp

MD5 294e9f64cb1642dd89229fff0592856b
SHA1 97b148c27f3da29ba7b18d6aee8a0db9102f47c9
SHA256 917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2
SHA512 b87d531890bf1577b9b4af41dddb2cdbbfa164cf197bd5987df3a3075983645a3acba443e289b7bfd338422978a104f55298fbfe346872de0895bde44adc89cf

memory/208-22285-0x000000007FE40000-0x000000007FE41000-memory.dmp

memory/208-22286-0x00000000025F0000-0x0000000002600000-memory.dmp

memory/208-22287-0x000000007FE20000-0x000000007FE21000-memory.dmp

memory/208-22288-0x000000007FDC0000-0x000000007FDC1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD

MD5 fbc1ede9a33118e088ff85f499971e05
SHA1 df40b45b1322cabec557d4a9218106f11df1bac2
SHA256 cf0137aa0d5c11f38f0af15b288d20b35716f8f5591549ca92ee8bc8b6587416
SHA512 8f79c4e92243bc6a5c97d8ab1600b903ad5b861f7b65524b75bf769f16c77ecd516008f60681ea22316619aa9c55e1b8622ddb2522492ce73aced8b334bb3d07

memory/208-22318-0x000000007FE00000-0x000000007FE01000-memory.dmp

memory/208-22317-0x000000007FDE0000-0x000000007FDE1000-memory.dmp