Malware Analysis Report

2024-11-30 11:43

Sample ID 240224-c6ntnaff8y
Target 2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside
SHA256 0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1
Tags
lockbit ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1

Threat Level: Known bad

The file 2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside was found to be: Known bad.

Malicious Activity Summary

lockbit ransomware spyware stealer

Rule to detect Lockbit 3.0 ransomware Windows payload

Lockbit family

Detects executables packed with BoxedApp

Renames multiple (8925) files with added filename extension

Renames multiple (10608) files with added filename extension

Detects executables packed with BoxedApp

Reads user/profile data of web browsers

Loads dropped DLL

Deletes itself

Executes dropped EXE

Checks computer location settings

Drops desktop.ini file(s)

Suspicious use of NtSetInformationThreadHideFromDebugger

Sets desktop wallpaper using registry

Drops file in System32 directory

Drops file in Program Files directory

Program crash

Unsigned PE

Enumerates physical storage devices

Modifies Control Panel

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: RenamesItself

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-24 02:41

Signatures

Detects executables packed with BoxedApp

Description Indicator Process Target
N/A N/A N/A N/A

Lockbit family

lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-24 02:41

Reported

2024-02-24 02:44

Platform

win7-20240221-en

Max time kernel

137s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe"

Signatures

Detects executables packed with BoxedApp

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Renames multiple (8925) files with added filename extension

ransomware

Deletes itself

Description Indicator Process Target
N/A N/A C:\ProgramData\B857.tmp N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\ProgramData\B857.tmp N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-406356229-2805545415-1236085040-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\$Recycle.Bin\S-1-5-21-406356229-2805545415-1236085040-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\xa1Xx3AXs.bmp" C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\xa1Xx3AXs.bmp" C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\ProgramData\B857.tmp N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\libposterize_plugin.dll C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\MAPIR.DLL.IDX_DLL.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18231_.WMF C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\en-US\ieinstal.exe.mui C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\AddIns.store C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\bdcmetadata.xsd C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\REC.CFG C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\ie9props.propdesc C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_up.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\es-ES\xa1Xx3AXs.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\FEZIP.POC C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15134_.GIF C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_read_plugin.dll.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\xa1Xx3AXs.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10337_.GIF.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\calendar.html C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Windows Journal\de-DE\NBMapTIP.dll.mui C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mai\xa1Xx3AXs.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-outline.jar.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Places\TOOT.WAV.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21503_.GIF C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Hardcover.xml.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341534.JPG C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO02265_.WMF C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ICE\THMBNAIL.PNG.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\xa1Xx3AXs.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\ospintl.dll C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviewers.gif C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_10_p010_plugin.dll C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGPICCAP.XML C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Biscay\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15273_.GIF.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\ACCESS12.ACC C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0150150.WMF C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA00396_.WMF C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SUMIPNTG\THMBNAIL.PNG.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Windows Journal\Templates\blank.jtp C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_zh_CN.jar C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_zh_4.4.0.v20140623020002.jar.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceYi.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\TWRECE.DLL C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15132_.GIF.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\Origin.eftx.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Help\HxRuntime.HxS.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host.xml C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR50F.GIF C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Slate\xa1Xx3AXs.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File created C:\Program Files\Windows Defender\ja-JP\xa1Xx3AXs.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21331_.GIF.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SKY\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\xa1Xx3AXs.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\js\calendar.js C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A

Enumerates physical storage devices

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Control Panel\Desktop C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Control Panel\Desktop\WallpaperStyle = "10" C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xa1Xx3AXs\ = "xa1Xx3AXs" C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\xa1Xx3AXs\DefaultIcon C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\xa1Xx3AXs\DefaultIcon\ = "C:\\ProgramData\\xa1Xx3AXs.ico" C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe

"C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe"

C:\ProgramData\B857.tmp

"C:\ProgramData\B857.tmp"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\B857.tmp >> NUL

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x154

Network

N/A

Files

memory/2220-1-0x0000000000400000-0x000000000053C000-memory.dmp

memory/2220-0-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-6-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-7-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-10-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-8-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-11-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-9-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-12-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-15-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-14-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-13-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-17-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-53-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-55-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-56-0x00000000021A0000-0x000000000228E000-memory.dmp

memory/2220-54-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-52-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-51-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-50-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-49-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-48-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-47-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-46-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-45-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-44-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-43-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-42-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-41-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-40-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-39-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-38-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-37-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-36-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-35-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-34-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-33-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-32-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-31-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-30-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-29-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-28-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-27-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-26-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-25-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-24-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-23-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-22-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-21-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-20-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-19-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-18-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-16-0x00000000002A0000-0x000000000039E000-memory.dmp

memory/2220-57-0x0000000002600000-0x0000000002640000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-406356229-2805545415-1236085040-1000\desktop.ini

MD5 3e7482d1ce7cae4e97f20892804e1e37
SHA1 2fd970c759009ce1129c27ce55ae85235c94390f
SHA256 d0356463be8ec8a00740c8b1d469984f685657fb275e79ece7774d371ab70f74
SHA512 6d497afedba23c01d720b2aff4528a94037ac54f3d1718de4d18dfbc3356f0a41965025354d486460ed402b17b650261909ecf187a17776491ac247cec3ee5f7

C:\Users\Admin\xa1Xx3AXs.README.txt

MD5 b086e40671776e1878d78e5b77d87b29
SHA1 afc25200704f5e355a80a719e86a450295177606
SHA256 c99243fd5b4b2b5be708c0f30d095e515517f1e26a01032d05ad5ec6d6e4e2e3
SHA512 e813443a43ec149dc783d8f41c7e0abebf79ffa2718c33747a8d4a5cdc7ea1f9cbbc7ca7b2738ed4b724f246b0c56fa9f48c19f941174ddfc976216221480474

F:\$RECYCLE.BIN\S-1-5-21-406356229-2805545415-1236085040-1000\HHHHHHHHHHH

MD5 5c86bbb75ba8747fbe409a05bdd1ca03
SHA1 befe559dbcb16b96fb2c54d1031ee0d48d732f3c
SHA256 bf0b54ade5352ad53e1cbf21b3d23594e539b97a74f02c9c324cb7f47de82a93
SHA512 9965f3121fbded354a9cfef1991e727045695b9b5b725f20e7839854d9ab80304e995c4d112c93e571eacede091a922235f43a7cb74a7e12a1654ac4159b226f

memory/2220-3669-0x0000000000400000-0x000000000053C000-memory.dmp

\ProgramData\B857.tmp

MD5 294e9f64cb1642dd89229fff0592856b
SHA1 97b148c27f3da29ba7b18d6aee8a0db9102f47c9
SHA256 917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2
SHA512 b87d531890bf1577b9b4af41dddb2cdbbfa164cf197bd5987df3a3075983645a3acba443e289b7bfd338422978a104f55298fbfe346872de0895bde44adc89cf

memory/2220-12905-0x0000000000400000-0x000000000053C000-memory.dmp

memory/1460-12904-0x000000007EFA0000-0x000000007EFA1000-memory.dmp

memory/1460-12906-0x00000000022F0000-0x0000000002330000-memory.dmp

memory/1460-12907-0x00000000022F0000-0x0000000002330000-memory.dmp

memory/1460-12914-0x000000007EF80000-0x000000007EF81000-memory.dmp

memory/1460-12919-0x000000007EF20000-0x000000007EF21000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE

MD5 002974a572d45a93b989ce5ac5d0175f
SHA1 dd22cb4664bf16277d7aadb70925410c7d446f8a
SHA256 eb2714a203b99ee00abec127c57090a7af72a5cdbe887204fad69226f81e094a
SHA512 9cb785a8f77fe5a3b5575b86c39a08f12b34edf5706f43f273dde5eeafd5eb71a2f4b8b28d8416498a72974f4bc5de090f774f59853d77e8f59085110475b2df

memory/1460-12938-0x000000007EF40000-0x000000007EF41000-memory.dmp

memory/1460-12939-0x000000007EF60000-0x000000007EF61000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-24 02:41

Reported

2024-02-24 02:44

Platform

win10v2004-20240221-en

Max time kernel

122s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe"

Signatures

Detects executables packed with BoxedApp

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Renames multiple (10608) files with added filename extension

ransomware

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000\Control Panel\International\Geo\Nation C:\ProgramData\25D4.tmp N/A

Deletes itself

Description Indicator Process Target
N/A N/A C:\ProgramData\25D4.tmp N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\ProgramData\25D4.tmp N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\$Recycle.Bin\S-1-5-21-910440534-423636034-2318342392-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-910440534-423636034-2318342392-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\spool\PRINTERS\PPqyev2y1tvhgatppz05kj9oo9.TMP C:\Windows\system32\printfilterpipelinesvc.exe N/A
File created C:\Windows\system32\spool\PRINTERS\PPg4z5j64a_4w0kl53dp1uukl8d.TMP C:\Windows\system32\printfilterpipelinesvc.exe N/A
File created C:\Windows\system32\spool\PRINTERS\00002.SPL C:\Windows\splwow64.exe N/A
File created C:\Windows\system32\spool\PRINTERS\PPlrcytup4ijkxw8bymshxm1mn.TMP C:\Windows\system32\printfilterpipelinesvc.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\xa1Xx3AXs.bmp" C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\xa1Xx3AXs.bmp" C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\ProgramData\25D4.tmp N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\inline-error-2x.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\large_trefoil.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-72_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUECALM\THMBNAIL.PNG.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-phn.xrm-ms C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\ReachFramework.resources.dll.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\System\ado\msado21.tlb C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ca-es\ui-strings.js.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ExcelCombinedFloatieModel.bin.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-rdr-fr_fr_2x.gif C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Review_RHP.aapp C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-400.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\[email protected] C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\am\xa1Xx3AXs.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libcrypto-1_1-x64.dll.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-black\xa1Xx3AXs.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\xa1Xx3AXs.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN108.XML C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\xa1Xx3AXs.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\zh-cn\ui-strings.js.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\fr-ma\ui-strings.js.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-32.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_pt_135x40.svg.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\LargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraMedTile.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\javafx.properties.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-150_contrast-white.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\hu-hu\ui-strings.js C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-80.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-36_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\modules\common.luac.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART6.BDR C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\ReachFramework.resources.dll.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sr-spc.txt.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailWideTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_nv12_plugin.dll.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\security\blacklisted.certs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\System\msadc\adcvbs.inc C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\es-419_get.svg.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\TestDrive.Tests.ps1 C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\css\tool-view.css.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GARABD.TTF C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\Flash.mpp.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STRTEDGE\STRTEDGE.ELM.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN109.XML C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\CERTINTL.DLL.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ul-oob.xrm-ms.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\uk-ua\xa1Xx3AXs.README.txt C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\hr-hr\ui-strings.js C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ui-strings.js C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\EntSyncFx.dll C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-150_contrast-white.png C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\BIPLAT.DLL C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A

Enumerates physical storage devices

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000\Control Panel\Desktop C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000\Control Panel\Desktop\WallpaperStyle = "10" C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\xa1Xx3AXs\DefaultIcon\ = "C:\\ProgramData\\xa1Xx3AXs.ico" C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Key created \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xa1Xx3AXs\ = "xa1Xx3AXs" C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\xa1Xx3AXs\DefaultIcon C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3960 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe C:\Windows\splwow64.exe
PID 3960 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe C:\Windows\splwow64.exe
PID 1744 wrote to memory of 3648 N/A C:\Windows\system32\printfilterpipelinesvc.exe C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
PID 1744 wrote to memory of 3648 N/A C:\Windows\system32\printfilterpipelinesvc.exe C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
PID 3960 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe C:\ProgramData\25D4.tmp
PID 3960 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe C:\ProgramData\25D4.tmp
PID 3960 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe C:\ProgramData\25D4.tmp
PID 3960 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe C:\ProgramData\25D4.tmp
PID 2948 wrote to memory of 3492 N/A C:\ProgramData\25D4.tmp C:\Windows\SysWOW64\cmd.exe
PID 2948 wrote to memory of 3492 N/A C:\ProgramData\25D4.tmp C:\Windows\SysWOW64\cmd.exe
PID 2948 wrote to memory of 3492 N/A C:\ProgramData\25D4.tmp C:\Windows\SysWOW64\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe

"C:\Users\Admin\AppData\Local\Temp\2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3960 -ip 3960

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 448

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\splwow64.exe

C:\Windows\splwow64.exe 12288

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc

C:\Windows\system32\printfilterpipelinesvc.exe

C:\Windows\system32\printfilterpipelinesvc.exe -Embedding

C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

/insertdoc "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\{AF107ADC-1797-4990-B85E-894891819EBD}.xps" 133532161444380000

C:\ProgramData\25D4.tmp

"C:\ProgramData\25D4.tmp"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\25D4.tmp >> NUL

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 106.246.116.51.in-addr.arpa udp

Files

memory/3960-0-0x0000000000400000-0x000000000053C000-memory.dmp

memory/3960-1-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-4-0x0000000000400000-0x000000000053C000-memory.dmp

memory/3960-8-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-10-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-9-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-11-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-12-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-7-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-13-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-14-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-19-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-18-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-17-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-20-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-16-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-21-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-23-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-22-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-15-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-24-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-27-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-26-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-25-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-28-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-29-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-30-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-31-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-39-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-44-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-46-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-47-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-48-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-50-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-51-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-52-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-53-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-54-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-49-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-45-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-43-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-42-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-41-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-40-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-38-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-36-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-37-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-35-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-33-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-34-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-32-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-56-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-55-0x0000000002480000-0x000000000257E000-memory.dmp

memory/3960-57-0x0000000002580000-0x000000000266E000-memory.dmp

memory/3960-58-0x0000000002BB0000-0x0000000002BC0000-memory.dmp

memory/3960-60-0x0000000002BB0000-0x0000000002BC0000-memory.dmp

memory/3960-59-0x0000000002BB0000-0x0000000002BC0000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-910440534-423636034-2318342392-1000\BBBBBBBBBBB

MD5 3aaa4b6937cf599ac48fe7475804cce5
SHA1 94e3e00f457e4d375aa30d82a6a769d8775fc7ad
SHA256 d96e7eca9a36cb71b337b21581414726609b9a919ac52a4f2d3c60786e30b565
SHA512 e0acabfa5df43af820ff9257d3c27d29c9307e25613a7f7370574ba76c081810beaca36d4c79fc73c94facfaf3cc3f971f55df86800b0ad902e80b98b1cd4dc7

F:\$RECYCLE.BIN\S-1-5-21-910440534-423636034-2318342392-1000\DDDDDDDDDDD

MD5 e7107acab65b73cb1df4113da40b38c5
SHA1 4f8c3df446edeb13754d87fba6bfc39ecdaf6704
SHA256 0a3b287bd27cb423c9848614999cc5ac6329609eb3f6aabd4707d3009ccedb77
SHA512 bf53fdc84d448039c91f33eb02e8a42729c33553df93ed18fc5d69936f4f693b66bb2b81dcaf0041375a9003a4d9fbecebf7bd40850f9420e0cff1b26c1e66c0

C:\xa1Xx3AXs.README.txt

MD5 b086e40671776e1878d78e5b77d87b29
SHA1 afc25200704f5e355a80a719e86a450295177606
SHA256 c99243fd5b4b2b5be708c0f30d095e515517f1e26a01032d05ad5ec6d6e4e2e3
SHA512 e813443a43ec149dc783d8f41c7e0abebf79ffa2718c33747a8d4a5cdc7ea1f9cbbc7ca7b2738ed4b724f246b0c56fa9f48c19f941174ddfc976216221480474

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat

MD5 86c077dc4cfe63ba2618c011ad133a4e
SHA1 377a4ddb0a341821f5f4f239a3a8c56e20ab1d15
SHA256 e3b294016217026c0edb776d7e63b593cec33571b1a4d3c1018aebaa913f88ca
SHA512 0436d1aa2f1aac43209cccb3b7b6a6b5380426f5f05d07df9680ad36537f70a2fba3677b305d690cce289bbb1e3971db90421b389204111e908aeafe034fbe29

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat

MD5 564e7f5bb77c9c6be43077257e540cd2
SHA1 f490f27bc903a36fdf5906ac34163e54a534f0e0
SHA256 23f827027ce483618610159b39d8327d4b09f85f9b39da178ffe2ee70d2c5799
SHA512 5a83a9529d714d7f78fc2615d1a6c21ed53e02ffcc8323fd6d2b90ff067e1dd5d71f2d5ca485ae0fe75e0aec4f3cd6e0eb9d2151e55766c81013b40585951184

memory/3960-12277-0x0000000000400000-0x000000000053C000-memory.dmp

memory/3960-12358-0x0000000000400000-0x000000000053C000-memory.dmp

memory/3960-12812-0x0000000002BB0000-0x0000000002BC0000-memory.dmp

memory/3960-12814-0x0000000002BB0000-0x0000000002BC0000-memory.dmp

memory/3960-12815-0x0000000002BB0000-0x0000000002BC0000-memory.dmp

C:\Program Files\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui

MD5 243bb1503bfb2c0225902ba13c55bbc3
SHA1 f8f2399c364070511ecdc7c18f670a78ce5f455c
SHA256 baaf525fb7aadee58427e384215794e6f9af3eee0d7a96448cad4a50bd6b2798
SHA512 320b5b50715e807562a663c0c2517767f20b96de4b3b40ca6f78060a81d3477566e7500e76081ed413b17eebd6ff5558b5c1b0d2c2dee9416c6eaf9357184968

C:\Program Files\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui

MD5 585d5e724aaf1ab5a3bfcdda643f862f
SHA1 93bb82d055a5c1b532599bff3a59000372476719
SHA256 75da0d0887945371f67dd7ef391d7879b14cead04bd08399955fd22809c1f34c
SHA512 1361f38d8282e540589ec8e48760df7ee0abcf288e41d5a365805035ca14d3249b265829814287d679ef409a3117e888180212e57d327d0ba133e28e37102d42

C:\Program Files\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui

MD5 6fd9fa5dc2c01e5eef139e0cf27ebe19
SHA1 9608a28cdcb5783de56d0141b7d2bb43c876c71b
SHA256 398bf1ab2c34824ff64b7d012b2ce2bf1b51c4201c544888dbca0d755cc6bd62
SHA512 73fe14c355ae501b99bef9f6d3e2429bf65357b5fb8dd77e64f566f020a75f70c1d0782da900fe038804c14b64d9d14abb3fbb6f7d7a6da7b354bec1cb3267f4

C:\Program Files\Windows Photo Viewer\es-ES\PhotoViewer.dll.mui

MD5 8247e555e6102f710d74e289675f5fe7
SHA1 af09615da0c3fe11d9cac8974fa96f5866a58402
SHA256 175a136589185bc5ee1b0845a2764178f0dde35cdf98947ab315e3f424a1ab94
SHA512 44901c3b00250b489771ca244d0a715a1d7ec16470315631a65754190125fce4368f2e348184c058af39589a7c05e5791114b8fa4d09f28d02060a616528767c

C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui

MD5 c99fb1b5e730552622eb73cd5e3518bd
SHA1 e2e19cce185720c84772c5531f1faa2733c4b603
SHA256 fd0486fc9b130c2955c0290447f5e07f91b6d2c693b3de7761f2b13aae499029
SHA512 4f1edd6568c6b1dda1d5a4aae11aa9c375aed84595104f7049d7705fe3b8a317ba26a16d24f363d2880331e149d5072f39cd1f273d31e2dc479d1b2f01e34de0

C:\Program Files\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui

MD5 9844007eb6716853f0d15e419606921f
SHA1 36a24ecd3eb0ed154e5d3c0a62ffe7f635fc929d
SHA256 11ec3c7b2d4fafe595941c6549b8b8370aa2f9eaf1646ef39f0a03969ba77ab5
SHA512 dfa02555b4913ca841dc01bc6f5f90cb33593b8fe910247e622bee8ba1be6f4eb2ad738a0cb78e891bdc5e84975b310eccf45c3455d7449d524bf69dfdbfae60

C:\Program Files\Windows NT\TableTextService\en-US\TableTextService.dll.mui

MD5 f3d46e132123cd8a48b96beb4cf628d3
SHA1 76f3ffe1d4dfd4955f986d28e464345f0d71c4ff
SHA256 530736e3288fc33afc5705312544b48e65e800592b67c4ffc7455ad07333c458
SHA512 b55d17412cc9ae3b500a5d5dd907681cbd91b65f1ef6a77eed95578b8e356fd3186c38ff15f65296fee9b9c16eea6885fcf083759cc4c4eeae79c2fcbec3a994

C:\Program Files\Windows NT\Accessories\en-US\wordpad.exe.mui

MD5 983a4e1ec3bf752b904ae174c93cbcb5
SHA1 075ab4947c0cc6032980156034958482c84f1b65
SHA256 613ab858594cca3817eae078792497ada10c3d8ff89d2a94c8c3690b91252631
SHA512 6aa7d3b1ee0d4cc7e4628659c231e9773b7d967c1e6d91d49014543ea786a2e5950b3917f8ead463b2747b192f2379901736e7fdb3caab7d40dc68c78e4a3a98

C:\Program Files\Windows Media Player\it-IT\WMPMediaSharing.dll.mui

MD5 7de53a6ea964e73bfc89f17c7ebbc010
SHA1 f371e6b51e4b772b0d3b9ad7a76a61a7b9bcab35
SHA256 1d8815e9bb86773b2c6e1fd0d3feaa4aefa16d3a6502404d2c614e659d127b28
SHA512 d5f066390da2e1efcecaa4a2007aa119cd512368e50c39c217547bf9dd62a17816890d6c12f0579e7450a5eb4fafbe9835d5ece07b7adac9520eab2cc9b52872

C:\Program Files\Windows Media Player\it-IT\wmplayer.exe.mui

MD5 9e9c7dffc51ee3be96b83e65add08f46
SHA1 27996e61af81a8c2921467277627ea86d1d04356
SHA256 e0ddf58fa122038a2a94e02c3a558af939deb413479496a1bfea5630dad5ac8d
SHA512 0fcdd33cbceefcee2a48c5cb6c83a041f6859dee1fb038dbe1a8fdea162ff7adb70e223646ffd205140d44c956578e927e68b03982ddf508f11f8f3824c92830

C:\Program Files\Windows Media Player\it-IT\wmlaunch.exe.mui

MD5 b0b8bdbedcc26706a4b73a0644626f0f
SHA1 ce52ac7059cc6e9e36af10714a77e3b46f368d6a
SHA256 9bbd4b5613ed3a757d8b7954ac6ccc4927bb2070e3d749fc8cd98b5b3bf00adc
SHA512 5d351d8e3243b73e3230f18b30e8144bb7488192f93f7c867f57ab607c0147f0e29c61275d7c0163dcd71c7868625b49e73de98488880ba10d59a793bd2fff25

C:\Program Files\Windows Media Player\it-IT\setup_wm.exe.mui

MD5 952e8b171dbd701868202e47394a47dc
SHA1 f3220b1eb5025fc6c23d5d003c8352cd02dff34c
SHA256 13a1812627de0cf0a0c9487ac9c932d33b250afaddf6ee80cdca3e4912fc2e56
SHA512 e73143e71fef90b13efebaa837671988df7816353bf54e34b10eb120fd8fe0807425aab6ee21f8e2b5a5209d722bc88de82659cc0d7c0676e601315860467f22

C:\Program Files\Windows Media Player\it-IT\mpvis.dll.mui

MD5 78b8ef21eb64888aeca294e59e194daf
SHA1 b03bb90fff4bcce4857f585258ac7243bd6368c4
SHA256 d8265a9a6af0a6eeb2817f9549d162ad474949b245285508759ecaaf8addb389
SHA512 dffd417fd830c9c93a52fd67da1562e4c3d69a13e4cb8529191e495eed27db9cef0af22923c16098e64e0f6edaf0fd603deaa907b765707b8d95ff6edc4b1faa

C:\Program Files\Windows Media Player\ja-JP\wmpnssui.dll.mui

MD5 ee20e1477001aff75dde16783c604e7f
SHA1 8ccf190478f6fa556d7e299535997f6ef63c746c
SHA256 2c8ef57fdc80544c1b90d2d0eb05e691bf37f9f6e273688c88007f39071852d4
SHA512 d4cc2b62da7d917b457efdcedfbb4c7f2437c28fbed55409236e77f7338d36535b11e62e91dded94b23d4fad6078c911889933e6bf76e490689b317100decb90

C:\Program Files\Windows Media Player\ja-JP\wmpnssci.dll.mui

MD5 73fe2decefeb2455f75710e87aa5fb10
SHA1 a4a9e49f4341439e1b35678005bc0fccd41f7995
SHA256 9cc2e930b843d8c4cc38b9c97e67e9fc7dc20e70caf777d14056080dce9aaadc
SHA512 418926cbea652a763d716c15d1e9a627b0c5e8c9770ae824c61ce76aad651e487f779d09d2113e26727a309bbcb3304de84393a16a10491bf284e5e37a998198

C:\Program Files\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui

MD5 cd4d7f1970bf6f6e7a47caa18ebe6f89
SHA1 32c8af399f908d6ba9815e02709118c50076b574
SHA256 161a593baf8d7c920af90d8356cf653042879ad100ef839d57e03793881cc1eb
SHA512 26c9fe58313758c87bacb1d8568599252b70f547aced74f83c000c42537e36bf3c13e9823e5a13ea0e6480e2920ff4ece3a955eb8350b375e214736f2e42abd0

C:\Program Files\Windows Media Player\ja-JP\wmplayer.exe.mui

MD5 027ee48d5a21b0e902ae4d44331493d2
SHA1 198851a6e34addaa40733df893875215bd218e67
SHA256 c35a57b087ab5dfe14ee6081657a7a25006c9d2dd05b5aaa6258e2d8d6b28bd2
SHA512 61e47fea8c27e88a145c967b74959fdf66dd8a4c4cb053699bfdae54dc0a8f6924e04070ea00d4fd8d9a9c4b82bd1174c9b1cdf095493996c0f60514bc6fe958

C:\Program Files\Windows Media Player\ja-JP\wmlaunch.exe.mui

MD5 565e1cf4ca10e81fe61ea66e8e79ec85
SHA1 da58be019e7700f768fd79974d5ff332fbc21e31
SHA256 0183a0b0a938acf98a368967810d99a8973f06db31d44a28196144e1862b1258
SHA512 47916deee3141c80c90c838f9bbc52b1c3c88c1f0e4b4a8b80b648e0817e4cbc1126e96a4bae88e8cde5fb6963e105ca41e7eaa22f5c93a9564eb4a17e642324

C:\Program Files\Windows Media Player\ja-JP\setup_wm.exe.mui

MD5 48045739082ca8c43e8055457f1a64ff
SHA1 10521d4b0d3248b9ab2e427448ed64b9ea43fdc0
SHA256 f8723fec56ee623a109cadf470ea4caa3fd1a5b0de39648cc9dc381417c88f62
SHA512 5cf5643541a7f80a9c5559bbad824474381bd37ddd4da7e70a2f2599f504b91384cd0307aa1f770d88cf95d077446abd8207362a30c6caabb1cc1159e9788011

C:\Program Files\Windows Media Player\ja-JP\mpvis.dll.mui

MD5 74d93ad63297ee0b1cf0b0eddebc081f
SHA1 b08f24ac28b5dbaec28da23c708883a8c74f7fe7
SHA256 04236f521247d0c6c3d0501318b0d6b1eaf75e2f02cae7e7ea8b3a700ce29aae
SHA512 91c5ff08005554af2dc281bfa2b2fd91058aec7ff0256cdf695da8b1d7947a350d3b055df2bfe4fba4b4b8ca625441fa0219f996be4bbdb5227c39d1edda97b8

C:\Program Files\Windows Media Player\it-IT\wmpnssci.dll.mui

MD5 7847bc677f65e976da6bf99478b721e9
SHA1 40647f4eb57cf71e5841c0873a8b39cd95f4f026
SHA256 571a38d4e03500e8942f4fd8037f356cde96120cb9c6e0bf0ddaf180887fa1ca
SHA512 144cbce268438ce7a402ca53d87d13c4c98c9c71b9155e1d5f45899fcc09a064aaaf4ab1459a29401789a3b43dfbe816b9d80ead17aa92d667956bdf56425856

C:\Program Files\Windows Media Player\it-IT\wmpnssui.dll.mui

MD5 c97fe1ecb7e90dc715862474ad7975a4
SHA1 081bb7a99df97f1798b1fdc755438091d5dfe9b3
SHA256 81e8a1472c7b7ecb6d2e43b97d9338f6fadaf80a25b54f8ba4550479cc9c8526
SHA512 6a35ed398994a1239b47bf8c2e10483e2cd05c40bb0ce053faaeae1ca3a57c183351822156f832673876a88c9e0f1220b494beda4c17682848e3f911f7a5e148

C:\Program Files\Windows Media Player\fr-FR\WMPMediaSharing.dll.mui

MD5 4ad7b93d6ec98503cc5418781dfcd10b
SHA1 d032cd565d59dda931d3f3740dc9016c26d2210e
SHA256 9e3c2aa6d88c660c9d81803ff2d1d899c897b6332ac068a02b3858081d7ca1f4
SHA512 cd31d28b6eef013aa06888ae70f716783b8d688d9754e5df79994bd97089043cbf24bf8446cdd28b1b45166949e04f07decd572a6dcf3ba5b4b21d230cc38974

C:\Program Files\Windows Media Player\fr-FR\wmplayer.exe.mui

MD5 81a4ab2079fff31b0bbed565ced85cf5
SHA1 5d46ba213acf850b6f802736f5fb07156e8baa39
SHA256 c423f1559956e5d181bde014b6e7b161ad9430873684077e1f89f2397b597773
SHA512 04cf0df4ef96cfffa55c8d62788cc5a12f37a635dc750d7c1c6e4db675f8a21e249661ddb8b84654edb1dd7ac0adb5e00ad2b14f173687748f7f3837cd50f582

C:\Program Files\Windows Media Player\fr-FR\wmlaunch.exe.mui

MD5 d3c64efc653cbe0563676569cd5c326d
SHA1 b453afdec3b21557c59b1eb0c48cf4a7b1d0f627
SHA256 905eaf25d016c8aa7bb77006f9604034ee8f01d0921b44f45df21a90b3d43a7d
SHA512 ec030645f3ae64dcd594feef59f66e09581844097e32944fa09ba1dd829a5c38cb1020cb4deb3286ffeadc50ff5ec62d05f65477bce161a1e18a2f632e461423

C:\Program Files\Windows Media Player\fr-FR\setup_wm.exe.mui

MD5 fa4c9f77336a240838dde10912ba6116
SHA1 7548dd31c6ac595b1d1bf5188ff79d0cb97ef572
SHA256 ededc591cd4ea1fa2c0d255e8113305a7466e9e61df6702a614a4ddd959549dd
SHA512 6952fe0ca3c755fbb772b6d05d81581ece6a0c1ad60966a686777698377ecf9d86e5113466b3876710b1200237e2937b97d2b3bd44acd5bd8ac54fa5979dfeee

C:\Program Files\Windows Media Player\fr-FR\mpvis.dll.mui

MD5 b7f60157e7da4e74d360357f47a9ac26
SHA1 5999fd734ab64806227163cbff0d504924cbf106
SHA256 6578a399e01948d021861c1c507476499bdf4557e3640e5e0d30f7170e17db5e
SHA512 f452113fb12efb7a6b748151d015204ccf2e53c5ff814c28fa39b6ccd979a861234b9b99227fa4f5bc9ea08507c3ca87550630f08574b25b0811238369726a07

C:\Program Files\Windows Media Player\fr-FR\wmpnssci.dll.mui

MD5 7ed12de4d33e9c563712ab940914670b
SHA1 11a7522eb9abb5b2bed832be6d20dca22a081ad0
SHA256 1447cdc9e75fd98410f895fec88fb99054fb09eef19fa3cfd26b749fb2f8a49b
SHA512 3c2ba2a3877f041ebb2591a1247e69df1e811ecc30e9c3b946cc76a73a8944753498d953e676c2b5ac549795836da2d8e16277e52e2d65daad15f816de76d3cc

C:\Program Files\Windows Media Player\fr-FR\wmpnssui.dll.mui

MD5 34043ffb664ec0995a0bdb080ef071c6
SHA1 dc34d708523cb6474e0f461393017d5f7600e1b2
SHA256 1797952b8a1cae7026e954e4adb79dd61d7c74eb2d455bf313e9ab74d6a31a16
SHA512 e3027e5276097b73a04f166194c9a5c6e0a9b0157651ed46b17cb2f3ca7d0f6bdc49c8c92abe3014cf00b1d0e863106f69b84069b177d490611641dde3325f39

C:\Program Files\Windows Media Player\es-ES\mpvis.dll.mui

MD5 45bf6e604f1a6ecc319cba18920c35a7
SHA1 21e83801d27797caceec47451bf954f86c645772
SHA256 f66cd9eda72578aa2c3a4fee93255c9d0aab2decfb0f9bd490c0b394add91f00
SHA512 7beacadf89fe0436c0eecf4f9cbe867ae7311d1f678a8b339108a6d96a4823c82febac87e93c71ef1625e021c5fbb5586e0d2d3898d7bd799830ca70d901dafc

C:\Program Files\Windows Media Player\es-ES\WMPMediaSharing.dll.mui

MD5 7b6f5411d6d95850d5f201a60181c688
SHA1 45032726f2f0ebd267954eb0093bfe5a42ea52a3
SHA256 4a66c139d225ebfc7ceaafc0890185174a024661221bc34f1098b41a8a454121
SHA512 4e0c8fb172299bb007fd646f590bb345c90e10bf2742bd6f16bf9fdc32e130d481350a30014a478a3279cd1564c93841700718a600c36d60f1500098a80b0288

C:\Program Files\Windows Media Player\es-ES\wmplayer.exe.mui

MD5 8a7476d0633263e30dec67de61c7a00e
SHA1 34635a9976303635d657fd3dbb06d526f2ba395e
SHA256 074bfd022c4f73ed258f8b0e80c5aaa95bc8b76b162f8120e8ce745cc1857fe4
SHA512 704e52159c9452b05c93d0e2f501e7a15591f53157f848cab3611936f7f75e4c4553623d79a8cd0f87113b99090f622337ad77d46df14a4cec03049ac8a274ce

C:\Program Files\Windows Media Player\es-ES\wmlaunch.exe.mui

MD5 6d88c76473757f44ec369ba656aa5ee4
SHA1 9eabd5e46cadd5d44c66fe688e9bd7ee98542955
SHA256 a8235de1ec4a469f335fa195186d70626db16607ba97ab329dbebbb607401df8
SHA512 4eb29c08a82e14d190ee77f2b1efc6c1cb40807e20b8af5ed38eafa54a0de29ebb36caf78fecff636cdadb5001a94996a687921cd94a1d86e9d1a3c4872b774d

C:\Program Files\Windows Media Player\es-ES\setup_wm.exe.mui

MD5 5b56b724a43960658d856c4930246016
SHA1 db12fe4addd7c8c20ed59db81a2b2f33200d7715
SHA256 e0b77e519566b7230ab5300607e8294971883a3eac0c798db4e9e32d21787754
SHA512 5cb1fe35382e061804289dd9d8f7160160e623da3686cbcba420f5de81580d077ebc4d583fc02f3f5dcb0a25fe602804542fe1ac108891d16748d3f5217d35f0

C:\Program Files\Windows Media Player\en-US\setup_wm.exe.mui

MD5 61b658d505f363d943e5aa7320d5cc35
SHA1 39699d559bcdb36d8f7e14dd29fc7b20fa5c16cf
SHA256 3a97ba29c115d0f6bc6cbe74aabeb7c43e60c113f027ba5b563d810fce8f397d
SHA512 ee86bafe8780de01fded88deebc42b653b9a4ddd2a1a1aa604509bb845d8ea497f7dea497ab332c424814501a8a64f826b74a1f02f576ead83c1f8a9e4d34617

C:\Program Files\Windows Media Player\en-US\mpvis.dll.mui

MD5 835f27366f62b55370187a322baf73f4
SHA1 5c235c26c566f0c252a83e24fdbd8f3a6d870ae6
SHA256 2a189d0f514e735f6bdc36ab0433356fe32c79ec5eb935f5ea765a86c7296516
SHA512 27714f3818c071d33dd1c5f6945d920d7fab7363f7c3f344de97647f3abb3709dd16e146f55107dc94ab78c98f02e3def9ceaba58d9e62c51755278e56ee7e5f

C:\Program Files\Windows Media Player\es-ES\wmpnssui.dll.mui

MD5 912965e0c8b182dc8ce3270425cb7177
SHA1 f1b9febe836865fac166d3cf74a5ad02128102e2
SHA256 d7436ad71486a34d3c99385551f308fd239322750deed54f20ba9e042c9382f6
SHA512 6f150c67f40c5bb8846d0d69f7fd2c823f3d8d457cb97651237b8482d5a30ed176b86c85aa4d619950dbe91adccac76115b433f8e0cbf08fb3e03af89b45631f

C:\Program Files\Windows Media Player\es-ES\wmpnssci.dll.mui

MD5 6e5cdc115669adc848f647c0453df1de
SHA1 93c214c1338992c26e600f426a179445bf8a3f65
SHA256 2fcf6442a76d54dbc82d027bbd253fe52abffa41f340e1b149862f03c8ac17b0
SHA512 e3489c67a880ccd27996b2a1bde886ee2b51dd94d37fdcd4a5f43f1b98faeefda8dc0405bb75d31ea71968f428bc457fb99650cc5192a562aabbf12c18be2c7e

C:\Program Files\Windows Media Player\en-US\WMPMediaSharing.dll.mui

MD5 5946330c52de08ca271b242bfa80b856
SHA1 89bb67eed27c04c05cf35986f75aaddbb7878f78
SHA256 4e6d1bcfe6da2e5e774e49ba7abf9b83fbea019cfa873187214431d3302e2687
SHA512 10d18201224447732cde58761810d42b66e701a0e8e06063f107a0694ab9731846aebdcf071db914f7527f73591e9dbc782d83e55e88fcc34f0af85d55af21e7

C:\Program Files\Windows Media Player\en-US\wmplayer.exe.mui

MD5 e89fa9835980dced5f86a6881ebe3193
SHA1 e6755aeaeecb37ea8d90bcca1b3dcc50afb0ac2d
SHA256 a8eb0cf9704a225b565ad23c7b9667473314101a8f0b7588e73f1441a2bb5638
SHA512 810f6b8c5e6f1e1ec998261adba5dd90a159c8974c7a3def7eed1240890543e5f52181979c1328e10d6c3301484cdb8e4c8d3fc75d8686de17b424e6e7666d54

C:\Program Files\Windows Media Player\en-US\wmpnssui.dll.mui

MD5 4332f72e8ddc85d4735fc690d68298dc
SHA1 9e3c33d8404f78792e2858355a3b77ace3f74e02
SHA256 24c7c18fd3c945003207c03ebe44ae76f631a3c044ed973201d4b4e47da32dad
SHA512 123a6bc7b6664f1ddb5c49c82adffbd798b9c8f538cf835c9d3847e8714b9bacecbfc42e27b56d7fb940d43293c24954c165322cd87e2c6a544281597c527b72

C:\Program Files\Windows Media Player\en-US\wmpnssci.dll.mui

MD5 46ed8cb582067a50a5a1d48408be3d31
SHA1 ed9522995d10dcbaf13df30f5bd66d5346f64407
SHA256 fc47f6cee6702ab029248aac28736cf2669dfa28ce2e008ebb5618488c0f98bd
SHA512 ef305158ff67d1e063a6b16c70fd58374d5ed7025356e1ff72f3fc6d93e4562eb935f1ef9471b958bdc2061fb21756cb826fff7853388d552a29afaaffbd5d7f

C:\Program Files\Windows Media Player\de-DE\WMPMediaSharing.dll.mui

MD5 9b3aa7e61cdcbe1bf8daea4cd6867b4a
SHA1 937089b659867bdbabc0f3f3d7baedfc2c0efaa1
SHA256 51350436290c5c2e3d644816091ef48022724dc09e4d1c95f10827bcda0d8949
SHA512 5ea0a94c98ff610f16d021c578a896621b155ece29df9317a54cfc100044de42bec5b35d846c66b47c5e9842c2dcb7cc4b12a1f4fd953f4dec33e73471ec088e

C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui

MD5 fb6fae33b4f9f4a3baf6eee130df7040
SHA1 24199e70753e4a1d80b788ca93522f7c104d691f
SHA256 50ed45a23eb636d7d3be7fa784dd3dee60b4fef53bdf3a2b35d2c403dba065ee
SHA512 d92b6c2ed840c669892a9ddbcc7b3e8373400db98eca662f4c84a208d350964dca11cc9370055d838d9eb14460103b2a8d3a8f688a4a08039c6f0ad612d6a4c0

C:\Program Files\Windows Media Player\de-DE\wmlaunch.exe.mui

MD5 3601b5786b450ae9783a84b2926c6ddf
SHA1 b86215f2f16fed4a6381541764ba93bd903645b1
SHA256 a059bca5d62de7fec7d290674cf3299f7854607e431dc149048ca5c2ce20051d
SHA512 b227a1e27e4ce4fe71c6525723c1819b297bfdabeb2717ecbc96dfebefdb3cb2aa0f3e266fa5424197569ff9df57de30c1b528378b0b410dd4d21b9aa03cb7be

C:\Program Files\Windows Media Player\de-DE\setup_wm.exe.mui

MD5 7699cc73aa8f4bb541473ce0dfed6832
SHA1 96e581103c6273d2edda18d70904e9ad5dcfb85d
SHA256 394dc80d050d89cd92e7dc2107d25b9ffa934d784cdee4eef47f3a8eb2a4c05c
SHA512 2db6b7b46a6b2ce5e13614abaeb2a6b37d571b51fd8e9e6ca622c40cb9bde51680c41e523fced56a7b50fccabfd6f1b91a89abf53bedb82a9e8dae7ccf5201f9

C:\Program Files\Windows Media Player\de-DE\mpvis.dll.mui

MD5 e0dd44536a7e9e7a37ca93cdc9dfd34d
SHA1 1c4b38d8e9b8060f505bce9d92dcaa8deffcb70a
SHA256 9dd86efedd6690aef301d0788278e63588f738a870d8d60701fc2188d16bad43
SHA512 e43c27b23baf73f119a1d2fc8fa2a128f8af0724c934a85018c555cd95934ff4054ef07e2c206ee2f288afed4d84672686b1f8de6b6b2d53797e51455e314a04

C:\Program Files\Windows Media Player\de-DE\wmpnssci.dll.mui

MD5 3e75e7aaf7f9e5d65ba0dfac60dcedb7
SHA1 6cff00919fe3ac0b7cfe99b40aea2940416a488e
SHA256 aaa23b19e1e2dc749654767a5006eb7ea1e2f1ffd99858557ad0c11d11dbfb8c
SHA512 26a62533f1e405499f3474541a4fa962c5c7928af69a0b16bf02fa590cabdf44d51f1322e23d6f8a15a5f1bee16aaf776bc6cf5d33fb2ff54b3c56f9cc92bfa1

C:\Program Files\Windows Media Player\de-DE\wmpnssui.dll.mui

MD5 6ef03d7dee1a59ad8450e3133257c395
SHA1 3740e5d1990f9039e504a47640c8ad1a6a0531b2
SHA256 26e49957e39f2f60d3532503cef477854c75352e3c91a41d81c7e293d7891101
SHA512 d099b922da2bdc4c1a952f1c27c3f4d15e1cc65be13cbcaa8567d1495f9b2a9a201dea37e79573102415c722750d0ee34e7218458b34dc18028aa704402214d7

C:\Program Files\Windows Defender\ja-JP\EppManifest.dll.mui

MD5 1f29496d1e799d31cf0c0059712a594e
SHA1 d7ef6bad70eafcd28b093d02d5a5d5368d41c782
SHA256 33e92c3dd3126cb338ae80868cc3dd4f50b4e62bfad0f6f985b7e4521c8ffd93
SHA512 30c7163de72c0e2489b87dd46ad6a200e9a9ac141ece9a3ae0796a1819a673e9cb430f953ef89b438757f44cee71f10e9030eb69e03a72a70de1e20c35575ae1

C:\Program Files\Windows Defender\ja-JP\MpAsDesc.dll.mui

MD5 1523feaf9afe4ee9f9deb78b79ca4e87
SHA1 3d1ce3bed86b156d6d8bf003373cca04447b1e23
SHA256 548086fcbce08749aae22e9edcb2f9cb2272881e7b7ed5c79e70973f4e20bec0
SHA512 eefc0c862f3bb8bdedc04f911a00d548509abb8f9e790f4061f1fa5147ec8bf5556d3174a8ce2ce23ea6575ef5f4dce8c0c23ee6201598b102fffa8ad68c32da

C:\Program Files\Windows Defender\it-IT\MpAsDesc.dll.mui

MD5 05834bacd279e006fa86a61625fa681d
SHA1 5ddd550b7be907ba362a046cac159a117abd3c7e
SHA256 5efad30a9b2856e2f6ffeb459d7540e49d2596df1dfc15842eec5a405f7acd4e
SHA512 7236d175e9a6233898be0e58501363886e93bdf546e33a20047ea4e1e7e3e9a34f6e58bc5f176d8ff83dd466a3411384b1859e443606835d7aa5c3545fdd98d8

C:\Program Files\Windows Defender\it-IT\EppManifest.dll.mui

MD5 99d35ed6342a28d1fbcf548b2e376cee
SHA1 179bc10c642d9c44676f3e26f3842b9f6c70b87c
SHA256 33d8b2f37b5a9a4ec4d83275e990b3ad09a2b4b454c13523d1318523b400a194
SHA512 9653dc1d1ac294b9b8e8323c750e269660a8b5ddc80ab8e4affac8fefb2fb89a59595e74958c70ccf2803da074d9cb79b8ca2031be8cbf71b1ca640ad4705559

C:\Program Files\Windows Defender\fr-FR\EppManifest.dll.mui

MD5 9381ea11a45980fda332cbf11cfa6058
SHA1 088edb6aa5e1c87cc8a338c86f5cedabb4571719
SHA256 4a3e5266ccb892316c0fda8a12fb5e8a2e89ef4c9085b9c8000ba5c5d5ac333d
SHA512 17bc861c6527dd9c1953715d5702fcb553ec88c437adfb75df14a12445ce8a16852618632bcc53aa80dae06308755fb3ddf04058463a8b073a15f33bba987a51

C:\Program Files\Windows Defender\fr-FR\MpAsDesc.dll.mui

MD5 5e3a1b4871b1d1a29f5d7ebcd881897c
SHA1 f4b59b919fc186c62cafda8e103715c8e2c07cf8
SHA256 299979a2289fdda152dd0e1b41101ab8716a16c4a01012767c13bc217a331d44
SHA512 f9624da507fb0f8780870a5f72804fb9628ced391ae01fd4cae5cb48dc263407d961c8f4cfac47b96792072209ce9de24915a74986028f1242251c68f0fe45ad

C:\Program Files\Windows Defender\es-ES\EppManifest.dll.mui

MD5 e1883160e671ec5f077370cd25e00878
SHA1 5726f0f28037369657775f79d53a50b015469fc9
SHA256 f2e4b67f9144e1df190a5ce86f1c6b91487865b227638148ee44d8ab2b512e8b
SHA512 a886eece21dd32367246242c0fd0026eb0eb65914e0a565ee5900f281b69b57bb8c97d91678b9a5e25ae376e3674e7d22468e4fc58f870473d26a83bcf96ba88

C:\Program Files\Windows Defender\es-ES\MpAsDesc.dll.mui

MD5 69cee6be51a745e8f835aa26577b6c5c
SHA1 196cf94da724590df7ffe6be8e4f9f52ff5be2c0
SHA256 85f525a87bb6cffd4f426d39250cb13deea236d3e2871e13636f99c565918c46
SHA512 a7fe6c32f0b4eb4cc158a9fb36243688975056190adb8708b2af4789b419dabb9c8e13a3fdfdc8065e1c87d16ac7a00b8226401bf9979ae6ec8d22db99d54a15

C:\Program Files\Windows Defender\de-DE\EppManifest.dll.mui

MD5 9164d029d2fedd3cd31f61e59df9cdab
SHA1 6dec6c0df571debb09c566593347b9f5a5d14504
SHA256 924776924c3a56667ebe437f596c610050b1721bbec8847be45bfb7a32266a28
SHA512 d9dfcfeaa607df77bf79d4c1b84e303ae81eb2f076b4f992a355fa1fdab9821615eb5b25aff17c92e08e7aa1c14a2a04013197afcb5cc9cd0d6f3bdf69474c43

C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui

MD5 54218a30901f19934864a548071388ef
SHA1 a27089f76944ee4f23440d55d08956a03fe62c57
SHA256 89612fd34ca9b9622064da065a18452635ca2bfe638f300320e7e83ac22a8fcf
SHA512 516ace394337a6968c6c4f483261713ff632d416cf9f4cf90cadcbc38831cf32005663e5bbe2fa97c792708f6f29e5ceccd44ce0a2bc64e99de53dfba129026b

C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui

MD5 737b3558d6238f83ea7a7f5593178dc0
SHA1 bc3f0f60c6039efec6ccbcfbf09e1be62ce815ec
SHA256 f3ad78187f927508ff524101bf1da817ffd4bb93ab81799b1428e789f4302e69
SHA512 aa5d663ebada045290323f9a39888a5567626d3e2188a41ca340ad9ee272f782353a095d987e5fd07ae0488160cbbfbbc73813fbcd96336e5ae7c2ed1014fb68

C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui

MD5 6731505fff58ce517ac6ec129199d07e
SHA1 677eb19e2a231b41d7b8fd51bc3ddb25d853b437
SHA256 45d6c07668399edf6c69c06f1a66e3593cf67c6a4870d8a0eba00de66a05f9f7
SHA512 991279f5839ca28d4d7f9c4195d93b7f53bb8bdb53925e96cf6f9bde372454034ea7d567550dc0fba4e76cf28145a521101cc8e6770ad4f6ffbf128773074451

C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui

MD5 60bcb8d3e0b76288b2e1a7ba5c99aebf
SHA1 146e2e87b5ea514e22ea4cc38d59236066d4cb75
SHA256 755d9b64c4a71a193c640771d11b0356b7215fe97b37041df844a44e2d1917a2
SHA512 9ff3a739628c75d9339660ad1e7f7ffeb87f9a310e2bd53cdf56903b1f092a45fbb55de08abf6cedde6ade1b2ec9226b8f4376c5558bfe75b5f9916107c27ace

C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui

MD5 38080108a89b26f5e2fe3f5dca59d3eb
SHA1 0ab7599f86c6d7992e310bcfcfda94667a8c3dfd
SHA256 90f833f3d88ddd1b41b9569975cc6150469342c8a5fb9bc67e7437cc6ecaf343
SHA512 b6c0e14a37df6a3176afbcbc21757a60d41567348ceca65f0c1bfb41c54939841bdf1ca68301ccd8b4be4afab5b3561522aa4275ed10c112bd6a38ca086d2d64

C:\Program Files\Internet Explorer\it-IT\iexplore.exe.mui

MD5 51ac0fcfa049c2f00a7f40814e5cab6a
SHA1 cfdcf7eda8598bc959d43c3f268547b2edeb65ab
SHA256 e9983b7f32160f6a3ef74ebffec4bfb520c4ab8295b87a17edcfb16519b809ce
SHA512 35204054e2d320e27baa315c93656b4dc349485264e099d22caabbd26443435a0b4c78980bb5bd372f0ed61008de807e3a1b23abe0dbfd772c52587d4e8ec0e9

C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui

MD5 fc4f34566bb6f4b6c5c5770fb411869f
SHA1 c51a079232b9f8aa3d616098ec3865d2fc1ce374
SHA256 9418f643351f189ea2fae827b32bdadcfc6ba6bcc99db68ca5ecf99a3aeef181
SHA512 22e3c461738a101679685a3fed73fc0a3a9e52729c7aabf55ade861ff40157dfa036b47a0d1dddd0c2bcbcbc3d5add5b16b99ab869c7d95fdaece5aff72a9805

C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui

MD5 fafdaafbb255ee0f35db18e5a00925a7
SHA1 0776f7a3272adaeba295af6ff582ac7608190c20
SHA256 1b993b7f8719d59454504650a7ad3274a0c91c1ad6be14fa7bd4636702c30bd4
SHA512 6b174a82aa2791007232c417932f01196e6a147fb042d53781b314a58adacc9d0d78c558fc6591afcad4205a2617cc9075e7e82ce092daa640288b608b51286d

C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui

MD5 3e00643f1f468a29087e31b33b473c93
SHA1 5ec3df68e8fa16d5c1efd08490b4348abb5e3729
SHA256 5f08c47bcfb8b28e2fdda8c71f031f1d38f157924b802a0ae02cec6e5390acec
SHA512 26d33f0710b05fdfe3b6b6bcc839c3050b4c1662407474939f51f398c7e49199a647c5b761984f532d8da3f83d0b32ac391bdbf62e5ea00ce7e65db0a927039c

C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui

MD5 5bd967f0c123fa3de5c436fb41d55f54
SHA1 633b13dd372ca809706c3d58f5ba149e5d232db8
SHA256 6d59d75a97389626098fcdb5bb674c01b55fdecb75ade650fc5b21ddeb0c6660
SHA512 c9654102a5770b02dadcd1a961ddf3f0fd7bc80e6b6f317bd5896139a7bfe1e44f5d7207e73c328dd3def91a34a0dc6cd027fd15d7fdaccdbdd502c9a9ba8055

C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui

MD5 83e9a4c45260aeffb76c163e0a7cd7da
SHA1 7a2a7c05ab2911e6c5f1cea8a5efae247ca57118
SHA256 ffb05ff62068ae122908143df536c609e9805411fd3b1fdc1817d8f45b6bd813
SHA512 771569693309fc4fa7a16bba559baf7101de048e89088fedb354d88e7dc73dddc4c432b75509111559585f0e85cbd14b378d73c017f9aa7407b711e26b690eb1

C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui

MD5 53c2749ca615d45429ecf806139754a4
SHA1 16af61cf73702640f800854b0fc33d646136ac0a
SHA256 13957be6dbc1bbffea59632a8a907e2db0426b60cc002d574bc978ebd00a41a1
SHA512 393f3cb4a9c6c4c1204f09692b624e24177765d400755c83cc1370c21d179bc869f763a1c75972eed73d71ed899f29763abe9c1afd7b6bdfad89e57279659879

C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui

MD5 41959a4884753f8b19b6a29fff146db2
SHA1 e60ff51e7814ad83478a7088fff6999ffab11da4
SHA256 72f980ec79db2f649a64b37168dff5492e58cc32d7501e086484e5e196fd37a7
SHA512 1ec8741211f1b3ed1695dc27930cb77b51fb95d4dc254366bc0bba6563d6ab47e3e0a5a1bfeb49f955e57ad25b50e00be85167e8b184f93d7c4326e608ddb4fe

C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui

MD5 ea0b888b7b3644da2599e360cda214c1
SHA1 de606a699800abb88e7c0e7f4cba7e333006bedd
SHA256 bf2ce98c2c3d39e533b68d1d57ad5b6491ef7da27803d6c51e2fae1439185491
SHA512 0eba2743dd68eaa3cfdf8cdc013315cefb8de3ce9a6b3c56475975dac812ac3a3d54e9c6429aa9a9b10fe1f6fd5636a542b36b31f4aa37e44f92e93fb4e3011e

C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui

MD5 f8c5e09e6b9b2fd97f03329626194f63
SHA1 6642958e934dd4270e87c47a3d59807ef945d39f
SHA256 65eb4a25b7ff5201a94182bcad96023b531879e07aafb00f29e3fa202d9b8960
SHA512 bcecfb5bb8a9ce87afcb4e6fbbdc8864909a479e2ec1216d324f957eef8608ce2ca3f398629d5823677b980078058fe2278b24e37a43c3837b932b907769c5e1

C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui

MD5 0c8c465d22109da63511bd4177671855
SHA1 f077e2f69ed1e9de867f234f1cfb91de029077ff
SHA256 76cccb3ad32da1c1f5d040807564b73b004e269c9b0f8f7670b19dd15d98bad3
SHA512 7aeb799a937d5be4cc543eac565d5115fa6af78fccd1655c57a40669538f0795013425e5416d80fa38f76004ed447c084083f18bc83add7a724403a81dd6f55e

C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui

MD5 4c9120edbd2530751f53be5bac6dea45
SHA1 ac018129a3a4653542f4cfdc1b7837450ee551ed
SHA256 a6c04bcaeb514db4a6688cd15bccb0541c7423374577f2cbd1e048dfd667616b
SHA512 64d6e9a3c99feeb4786398b3e5433a1ec0e87ef16ee630741f2fe9e2693f490d96df326808ce911d7ad401b6e1d3363118d7255727fca2f8891603b73c885ca0

C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui

MD5 0aaf4cb20863d8e090092130d4ad12f0
SHA1 bcfa7b9b35d44a9b5930f4a9859954b4dae06057
SHA256 3215a8ee2b09a677e97898d738c186f8331ff012c300a07d1f2b7173b3e3d359
SHA512 8b556947d23ad0c58dd6883346aa9fe96210cf6a1fc0dba150cd0ce74626d10607424e71e2963bd4378fe8b352d5b4f9afaba45aa35e1c496c5c158890b102b8

C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui

MD5 0b26fb9de3fe9138a6bd54417421afc6
SHA1 d8bbd99e4bc2750b329b8372f186737550c84d32
SHA256 e7fc0c7c3fbe0a2130e1f97cdb8c0e0e8e023b59739f5ce86837f3947c2ce653
SHA512 035f17fe1d94b0495bc4c09508bc41eed8cf0ad3d5eaa0b3d19eb2bd37a7958c6d52503f133b1627cc03e1fe73acbfc18e4d91b17dc7f13d05a3044309aaf065

C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui

MD5 8aa4de97e32856fe0cbecb21112806bf
SHA1 8e3cb777e66e4b41c561bcea6a0bc471f046e977
SHA256 02f8ad6ae02045f3c98b865d2cd408acc423ad43e3162596cac7b2500bb3bd2b
SHA512 11def94bafe5b3ebeb942f4effa65f0d80d492cf901124d379d06301e0719914623f5c036784f1491601f2e0a33df8df8630261ad5e810c0d3e1650c64611503

C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui

MD5 a93cbba82e860b0394d203c1e93d0bc6
SHA1 ebc1b3ca60a3aa2870656eae52c0b892431f6837
SHA256 0124ab5d7b8fcb1c6caf02e006a6588c3f4584d58a6f57c3f7c5ae53bf932faa
SHA512 e5a2c5be86d27c63bf4dfd59221660aab19c142940df4f247f7312dd668656fc904e29969c0d98b52c6329e910a0c5e3776b8439a62ed508b33e86a802cd26e8

C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui

MD5 b02fbff27c18c84c14699ae61393494d
SHA1 76eaeda98018515d8235031d387893125beedbcf
SHA256 8480e41d84898346921ca124adda5b2d77d500bc61260e6c83dac52d32cb526e
SHA512 20b65bd9a6d7c05149823344792f35f7b207ce887de990becd10af6463d013dcd69d46c2dbd68020ed3e40b5688a51dca2696f65393c9103d9a0d0fbc791494e

C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui

MD5 5a58bfe1c4abf91dd33783660701810e
SHA1 d9fc22e0e02a068b3589d5231386b514544d6161
SHA256 a868d2415538c64086328cc10ddb992f6af0528b91829882d9d6065ce769ca83
SHA512 e607978007e68db8d76731ac70cad3f3bffff4cbd39073d712881a564fd9189dedc07a0400fc02c786363ca0efd369a4d34f5ca0749133753bd3e0ad851a332b

C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui

MD5 dabeb48d58ee0d8bcf1f5fe90d6752a9
SHA1 e113cb78f69ba613ad3e705d5f395b3db50977e8
SHA256 f3991c4986d6d4e07533a40cbf916f3b4c1e9cf0ada2f703e4d3f9fc3f86832a
SHA512 961754d5ca6be5a74eba499c762664fa5228641fa81bff6c04626b9ffa2561f0cfa48a793ca2cafbf257f1ba96b0a70fc3b9cdbbaeb700cd035e52e0f7cb63a8

C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui

MD5 725c94ebecfa270e04bf781794398e8e
SHA1 800e38a9f2e662d156539b09fc64013254c7ca4b
SHA256 e1dd54e6a2076b8a99cd86fb8f574f458d9f213dbef84b9fe7431d84b05ff2cd
SHA512 604c67d7db46b1dd7d152ec0497ce4953af2e3cb13afe1205e42d596d96db18d248f48ebc3d3ecb6846a8ef29d872220a47728eb8d4cbd599313ba01142a6df7

C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui

MD5 c6e80b4a73ea21ae78acfa3c347b4124
SHA1 c349691b4bd6936d672daa4bf7e03102cdd05f39
SHA256 d8cd9a2bd5c3c04fdc311f23a464ac234c4aea9a39cd4e3e69a9dae41399afd8
SHA512 140f012ad3ea4b11069b0bc891e4de669b9deac33d4beee968a116bed15a5ab9b8ee460057abf96144c1eed1adc7b5b79537b0b90359bba07f2d6b26ecc0ac34

C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui

MD5 87ed513a1a00fe5eca7df8f0461b2259
SHA1 cfa84119069b94d8d8e184fdeacc64ec5f4526fc
SHA256 8c7514d01e9c37acc7dafa793ed9e189e276732c49ce92dbbf99ca2fbf95e53a
SHA512 3a7fc54148098395207764c7c02110195a89d86eb1a0ce87429e7a6b5ed924b9d874e4e701c3f11f1036e3e4a398ea4b5d3666b37d2440149896d40a35661675

C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui

MD5 3a2265edad848ca94232609268ea0312
SHA1 2d277d54411647e63ac5d650960054660b44981d
SHA256 143bb5851c924a6ee56a2bbc174dea09f374d3643156fb002f511619ea93effe
SHA512 7187aa3c4b82d2cb2fca7cce7103785418de9d36798950b9a21418b086b7d615cfbe988cdb4f74419e0248dd3b3a7851421eadef52e11ada62e627e15b80563d

C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui

MD5 699484386374552fa8f9e677097603fe
SHA1 d03babdaddb3ebefaf2c66ef48b304dae1d2864c
SHA256 4d652f6b3a5ee53148a2a5f16c139bac584b7a6eba32e37a831c1ff3cd2cabdf
SHA512 40b3a6ac4e1aee2c68702caf0072568b81522bd5cf0ebae53833a09b0733d316dcbe799cde02b76b195267e5ed5b9707fa7bf42a69d09fbfc09ad607e77cdc59

C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui

MD5 0f0053ad7787d04b80bfdb4a33c595c5
SHA1 93bd224a05c8cbe8de6213e213e419fdfe3067be
SHA256 37ce98821fdf679666df72e26a771b6eef0c2ddb17462ed45cc59959ff20249f
SHA512 a815dada26998e9dd2f71f674ee07fc3dafdcc8b52ad299182d22ff055c5fa4b46bc0e01ca9e3cd07cd28094589a65edb9ddc6832d03ab8b8542926156599959

C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui

MD5 99abd4a8869898caa538c1fc9af659d2
SHA1 07c6d265b830d41b0fc6c5690e6bfa748093e5d1
SHA256 61839788cc911117ea871c9ea3567af4cbd3a8a5012225c3be154a490f06b269
SHA512 fd2c526286e907dc58efe2d8e0c21567e01363438d9186fafbbe5cfb63433556accbbadde1c1108c38da370f62c42660140b08c5cdc7965d6ec45d94151b4008

C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui

MD5 3123a032dfa11bc33f3d89f9c70410a2
SHA1 e73c59f3e53bedfe0f0b4c9a7c04f419570cdac2
SHA256 217e2ab9c79a7cdfc2eb6f83426bd657d37d9298179fa449e1eba323c4994cfc
SHA512 b7a18a4726a45f9a147b225712d6a4b7a37b07a245b4c12136a4e531196bde9ea133ec30e9a3abd323905fb197028545e4ba3d0b00d716898f4201e814120a89

C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui

MD5 2e7746c3d7661d02b723da426129c0f7
SHA1 874827b086a06e1efac8234395b665a0fe35c4e5
SHA256 804a2d5dcbaea069ba07c1f340b04893fab4fea25d3b932ddd08160982ea990f
SHA512 3e0e7e6f91b6d3bf34b73cb09fb3667c46163664ca8d174594699f8efd5ff99e98fe9b15bc34db93579cbec9f1ffd9ae897de86d1c71cd240fb72069555f1fa0

C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui

MD5 80ab139439a7525eb5c37f1305d3d86d
SHA1 905e3f95bafe2f67af182a6a41fe2b90a66848b0
SHA256 c4eb2e9ea095e795adc496a5c78a7720a20f6f6ba4533353c85e610365f8c426
SHA512 e0bf67b5bd70347985067b4d658878a69578a0b557c73746a1c52ed7cbfad56371564fc4d5978c9f61fcc6e519ee38c2fca5d5b4ffd1898c7a078896c57b0b0f

C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui

MD5 c560a458f23be5ec4d95387cd670cbc9
SHA1 a7abc4518e90f5cf630c677ee0594ab725015aa6
SHA256 eb5ccaaf01d012103bbd958b7226486dd6d649f07217cea1c64127134779ecad
SHA512 fdd59ab5351ed8361b48b58df976fed66cd3321a244980709898582de2fb8027d992b2b488d6b1c83a5b4fea49ded804a49d84c7aebb8d7c79eeaed79b2447d6

C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui

MD5 a1ebead7f25a967cae662f5f060701df
SHA1 a4a8e7bd4833b34b180c5bc60fdb7bdf5dbe8022
SHA256 bce5e45ece8abdfcb10004d96c33b41bdd63ec2c8add20a89c24483603177b09
SHA512 68e6f12cee10a48373347ef5649105de0ec388d14e95cdded12136346a93e6d45b1539887d4064dc6342e1463384c7cf50f4a321a2f011c3f1dc81762b152cb2

C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui

MD5 95e878fb8fa95b3532024d5f62816b16
SHA1 c6700d01df10a5e75361a15a1b04da53a5c7a591
SHA256 d96bbbe4cf0ef3b50718123c233a9bf5ddbfc135b45d7e4b92f31ac673ba3684
SHA512 0cd35c628becf7dc311a341aff08c972be386c71164299a983a4df274c63f18e002065a20a95f7e8d47d3363fed46951098a316cce638f205588e9f3d5117fe5

C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui

MD5 6629e7f5929315e252187fb6c8f8f153
SHA1 115ffcaa8a17459f10246f6019bcd5848704124a
SHA256 33eaf1db5cf5c2dcfbce587e388528a956fff12b5f0995e8843e68f06b0e0821
SHA512 be4fd549dc893105e270729957c9d61062446f3aa957f32953d8903b8637d725f17e03ed44698db8602e1d58cd411f4286267a000020bc9a448a615cec2aaf03

C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui

MD5 57df2278a2da264112c5a1d0c15f69b2
SHA1 6f4f8f35db1b7026dbf39161f604aedbc6c6a952
SHA256 927f41990d173ccd0220e9e5fadf6670d1a057c43135d40bb8858f20356bab72
SHA512 db8332059997e1795c7231aab878d5d03b315f00756928b95b36827eb686c0766ad315b85997fd8a0a0578788321d70614a72f9cc674c44e0bac0885f9fcabd4

C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui

MD5 4ab256907395aac6d306e91ad5482c39
SHA1 b1023d04527bf6ff4854b1bf3cc1960336712155
SHA256 800c88f6588393e5a24e91246d92cd9fe7f496a54612ee767a214266c4a733a4
SHA512 4f9dab5b59f97f7ac5a7fbaca2affa2006179db04f44cf3d0a46b1f86893b1d29a0e956129ecaf23fe2294439d8ef3db4c3c323914b6a84deaeab388d47e5f45

C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui

MD5 aa94b85afac5f0385a2ffd45ffab8c9c
SHA1 6e67d4dcf90cc768d7c24e39706337ba0a6fb411
SHA256 48bd5c299ee992e352b762ce0e9adf9679af06bb393e8e0844a009cad20f758a
SHA512 4c513ccde1d495de4b30705ddf2206d18164610ab512c2d040911ab65e7b97c8603c20499fa493770985ec61303c6ca30991c60a973cbe6085d5f46f1c69d8dc

C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui

MD5 4c014b4e4d13bcdf5fbe69c902dee85f
SHA1 b5bb6fec0095b2f35a50ac450c813d1c03c83884
SHA256 c420ad4012eac6d7d593dc25fe76d0d00fc3352d34cbf154f19ac5a74dd43c52
SHA512 8cdd0fb79ebaed58dbf3bc88ed606f372682d4f1614dcd6e7dbb66292dbede83056866036e65176ce6e2f9810208ebd67b933eb4cd3c84cf838c66aa3d4adf54

C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui

MD5 98aab177a827c4bf53ff655fc6689545
SHA1 63313b6d97b2677722b86a6314ab1a3cd60a1181
SHA256 fa3cdc8260ce29ef53cf7702aa81516c3b6a077e0ec02c15ff2cf83ba0af3360
SHA512 3253f0f36416465b4266da35ad524f12d84c0699f733755fb22cae00c2c68cea8ac7407982b256dd7e416dedb0599bb4c44a1bc30b92e81c9915aaa476ccb715

C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui

MD5 1babc3bf0e3ae011ea8087086b104e0e
SHA1 d5ad3e3425a7dea5cf28570a8b2727b8a8b3a47a
SHA256 dddec71588d8af99e7c70d0768ccfb5e3efc64f32cbd0aa6317172f15febab26
SHA512 62200e8b405b778d3914c935db7f304db06356b494a80f3b10bbb21d741d234f023cbff2621238f9e46e3034c77c96a64d688de6d633a4df661b543c534c208f

C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui

MD5 d71f5507413b9492611e838a4febf6a8
SHA1 dff9e499e145abe65dd5f23b3ebcca7e302efc4c
SHA256 4f5e04779a13393b9b989a0c3879ee1ead376add403a5676e68c00ef86859433
SHA512 138aff4dfaeed9fb09839d470362ac33eeb15d2eeb7a4dd9ebb42db4b265673b150011da4a53350105e8fb6eccd8786ab0af5e2af50ed7fcc8a8ca8ddcec650e

C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui

MD5 c329b438a22aec062daba7532ff1d855
SHA1 38ffb9da7a8f22266e0a1f98ee4462c5506617ba
SHA256 1b90e0cb89ec18e7e6fe9be9e5b40ee14e4fbffb04ed6a651daffa74e2cdbf1d
SHA512 d581718dda44b72a1e6d44f4c07ffe385b02c0b5549178d26c6b997a268bdd67d59a095a0bb2cd43c2aa9b8248e1ac842d6ba666fb7b5ba5ab14ce4d2d13cf5c

C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui

MD5 a50f338a5fdf6860c800d76cd0608be2
SHA1 31ff16d61d1fc932165b0521bbb43ac3c031202b
SHA256 d3b7215de9be572daedba40a37f8403ff7f129da7da03c819a15a2094ca12587
SHA512 dfc87e0d81d7ca85bd2b4005868b7092b7bac5a3252e12a2818ae3c3f83b0809500f300832540f8c6f2c4f946d8c6e548f1bdd61bd0f1f05bd08e8f8d95ed0a0

C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui

MD5 1f15e53399671303cd03c964dafc5faf
SHA1 606f6cebfccbeb21f38b696b063739f256718bf3
SHA256 2064bf8166333499ca9295ba27f2eb9c176a67c5d6d1c35ddcbf3e04e22a36a1
SHA512 b88b206361520dc485e22139aef9ad9dea895854b9097dfc2176d4666fd422dfc17e10df8f366176ab3234079abca90563d39863a636dd8f376b18ef283e4a10

C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui

MD5 cdf153602639841b38475e9eea30e6ad
SHA1 a0c418259b885f232dcbc7e072ce4e6a3da74723
SHA256 6640ba5cb34270f95def6302dd3e3c2552b448b1f509ff423b20a6f2b1b189c3
SHA512 5fbf67dd1cc996d225b81496c471b0e11562d6c3cc56da8df0e9606ff45ba3bb5df9643f0eee198eae42e78a1a4797f17c2972d9aa78a4e850fc6f1bb78bb2cf

C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui

MD5 bcc33e220ddbda595d53e43e84b0accd
SHA1 c2c27543df79b9bee6f593a1976fd6c97370cd80
SHA256 e5020e59e8d551f7097e49e7b7dce174a6fac16d13909ba82611934a7977b1c5
SHA512 408f31e01c52ac40d8ab1282b846b7d821312c97907b6ff576c3c24eb54efbba8baa3c4b517778d74af9ac9e0a95cdd5a2ba80d2a74afdeb8182f18b55842ff4

C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui

MD5 ba3af54b514c340439911a70188ff357
SHA1 c7184af3043982eb7beac4393b1d48c2fc58e661
SHA256 5fc29608f474b5e42fd7a59788527b0727a02c3e39d804fc9fc5314d895da894
SHA512 020438ea643f4429c281bb7ccf2a2f97752f656f0de4536e2de21faf414a28430102cf9bbcbc28ee6e540e76e9d934bf96834ab736363b169069eca7fa56c854

C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui

MD5 1292a8f56927a15c11d9293473d93e38
SHA1 14da80a443e2c1b1dac5686af4d9fd55645c2aef
SHA256 7dcd4fb7e37b653839a55aceb083c854fc27bef3777a88951b7c696640e50525
SHA512 b4441cbfbe5e77239d0c7ab3ed8e5aac1301f9769734c5c508f220757fcf779c0bdb6e37c870661d87d378c6b6fcf213ae929faeba1bc89c17106a0fc83c1568

C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui

MD5 aef5431c6fdef71f55c97eefa06236f7
SHA1 902929830ebf9e1ffc3a7ab02d38b684faa18cdb
SHA256 d1a1e41c77f36851b50d3134575a2ad89d6e3da673aed2d93782fafbbd35aa38
SHA512 b16cc776d73d52503f6b334dcec8fae6335159d80bed93e993f0c90224eb1ada03c30598f35857d590cf9aad855185fe636d41f39bd94409f4c0b47985b50193

C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui

MD5 f88bb0fc3fefc20c45af29bf47bcf5e3
SHA1 231c9f71d712bce19edc761a02e414f3c123d0a1
SHA256 da97f9fd1f5f07fcd0714a9c7c64a85958cc0bd5db8b6f37a1afc149cc7fc207
SHA512 a82320000e85d914e790421fa46cd6016573414491815c111c53a96bc2e7431bb157dd625b5b811594bb7c315fe0bb02ebf9d436d4904fed99061b81878c41f7

C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui

MD5 9914e13fc82d975b1a48b58fd847cbed
SHA1 5be1282f131ce0253e2629fe2ca430c4049c3531
SHA256 8abbba73058a8ff2319774a6f441d4322a5d072f0196a6d4efebe66d4f14393c
SHA512 72c0d15178e0298314b0db8157b2cc5806e8a218a10d6f11e727d683930c0b1019d6818a4d1bbb4bc90e5a8d6f3714e473d5e2320a7f60d9db8511d426465e87

C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui

MD5 03cfbfd98b7d5ff23cd00de3ee006fbc
SHA1 50f7bb00b7fc782ed5d051d1c505658ea76ee1ab
SHA256 35849573a24caeac7b87c4eb284004a58f99fc7f0b4ad3fcdd7d6f17fef6ad72
SHA512 10cca516368b43a684372a54f94796ab2095519907e36c7a9a1857162707a5ad91fe750e325c8995a878c8320b16f37e2aefc7c077ffad1c9edb97c9d1b686a5

C:\Program Files\Common Files\System\en-US\wab32res.dll.mui

MD5 21a03d99bc4c77912018de286035c0ef
SHA1 f85fb862f9304a6617aefec82a02c0cd19f071e9
SHA256 e7dffe211be82468292e52614e9965af631836e78f174d3f8f6f48a7326d7b3d
SHA512 01d117b8831d5428f7ec3a273fb2ba41e92a6d2dafeb702469859e716bee17548c9cf15c2657f7ce9f882540fef2560101c5ffbc35f19a54f91bbf16c294a65c

C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui

MD5 6429fd2c777040dae81c87f1e45376ce
SHA1 57267549197a8058ddd2b66f552f8846d8c17fdc
SHA256 08e51b0795e3bb0b32f1e4d29d205549c820ad623bb7b48845f5e7ed27b22c34
SHA512 0f7f332ed346d5b6c88567c8768fca25acb0a0086a66bda2e10bd5eac5c58cf205e1c7ab8b8af6d44329e027678abded521ada7e397073c8f2b60c03f637ce03

C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui

MD5 27833381a475c7bb8443e3de316543e4
SHA1 7ffbe4d23ad28e696cf867a138a2a0acef3241cf
SHA256 8d957bf8a008c528358f1bc45805fa051031460625b13e5ff74b4b5f7671f6c3
SHA512 f2d18f3a6a50f2d202e3e49fa49deb0325a1bb924501196568ec4bbfdfa0a658e2248a24023c9c4c4109eab27d42a7b0acb62814092ec1c2ca5c84094e44c1e0

C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui

MD5 f06388bcc3241e5dbe67543635135f98
SHA1 849cbf5fae485da099165824d534143592e82017
SHA256 7e27c8f9700f074588a7ec1367d890e70dee0d89fdaa9f6cc4d31398e51868a1
SHA512 451aadd11c50d3023c6c77d9c0dc30b12f5a0d9afd3733456249e812904b0e7334ee540a30f5b64e3ede47b2d66fc19b81b5ce11454f880bc7de330e7bf18304

C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui

MD5 0c7d2bc1bb54f160cd3f826393a8c397
SHA1 65f12f42238afe5244710e8940bd56c099d3764d
SHA256 7da23ba357970900f2299164ce697a75dfb9d3707a37030a13282345aa2eaa8f
SHA512 25923237bebdaf0a1e4a998cb5e33b7e73d37e41e170e1b70473ec52118e3bddd2184a7e974306f67b0478150772e7a0e165ccea63763c3436341203ede51cc6

C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui

MD5 b8a9e6f4e2bdfddef4904615ed128f59
SHA1 7b48f3ae9dd9253d6037c95c3d4a6ce5715aa1ea
SHA256 6602f312ad758ede0641c7afa9d7288b92724fa37f032644381fff13c9611072
SHA512 a161521add378dd139ad2f2b2c692a0e06f18883944b002a1015c5553dcc2874b86987528d178d6770e8c93635ea6cc619828c85bf42674535640af43923172c

C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui

MD5 873689ec54a3e49c5e39dff62a0f9c75
SHA1 346987eebf12038bf9f6eeb1c8f3d27045f1a55d
SHA256 827ca9ce8c16c1bb17eddee9b59fd01797575d2490d35ee6518985363c3baede
SHA512 add65ecb91005bc43841046677e7f3498cf4efdb28a0b7d7e9b92d1955956b94a91dc70df0332477af036e4f28978510bcad4606efa24d6cb6e46beadd80139f

C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui

MD5 e948d82c28ed0d76c315d64ef1cc6b0c
SHA1 d255fc95e95556df17b1cfa8742ea827526e28e3
SHA256 3c3aea41c73639c30c0cbe04cf445d5c45d430bff915d78e12cb68ade4d99f42
SHA512 eb8ff9c73954e3b29102a95afe2f68a1d6d2c9c871cb0fc6253bc3019298793ae6a32a688158275427c5b1d3ad811516b7d8e8dc124d9a7f2f45eb9234a17751

C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui

MD5 5df76570be54775da4b49b71f325a396
SHA1 0d4a1b9425e1d42c5c536ac210c40ee2b44d2f0a
SHA256 b9cd8a75f615fca4dec9bdfae8fdc6eea91f0385e253786465a2284421dc7af6
SHA512 36103c89e59ec23735c51148a385c68a7cb6b95e533fef546b991af33ed929ed39540004bd6f4da54fc1b8f32bdca36ab32768f5bb9a0b3b4f9deaae05d98917

C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui

MD5 4d052625d037689b4b1fbe33e380c998
SHA1 2c59e2a048c4140430b074ff6c7ca10a097a6540
SHA256 5874222ec169103a1ae30fd205dbe89d4cd2e4d24d985423f5c533d2f2333ffc
SHA512 25cbcf67b2450b01fbca6d22c8ba60d63eea83e557c3fd670811c93d34271543c11dc552369ae8352eeaa4ec951c3938f9adca5ee58a17a5358ed002b976afed

C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui

MD5 8465e36b0a80032cbf2de1c14af6d2dc
SHA1 d50334212ea9fdd79b09a79aabc41ebd62b6db81
SHA256 8ce42326708678f81e6dd5196b84d3a7a4fb43f5bed9a5c60fe444b50a79e2db
SHA512 92452d59556f42dbc55e04b64a2b9ce05343616cdbb0307d90af2d7b390b4c3af5ae3ac20afc8296ba7976b1dc65cacd2dac637d1b00fb949640f5d3f75c0617

C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui

MD5 77892687ae615f57ec3bde14125a576d
SHA1 e10d182cf9d9cd04984aa0481c772af396ed7961
SHA256 48b59e0e6b49f1e8bf66a0e893985efc6ad3f01cd9c6b9f773e07c2bd1e92047
SHA512 fe87217214ce82d8b9a3e2310e6126dee0c105fa80bf2a1db810c7a61870054c9e91bd67d2cda2e2e13ed923a9ceb140c3e428bb6efdd621a63d98653fe8d353

C:\ProgramData\25D4.tmp

MD5 294e9f64cb1642dd89229fff0592856b
SHA1 97b148c27f3da29ba7b18d6aee8a0db9102f47c9
SHA256 917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2
SHA512 b87d531890bf1577b9b4af41dddb2cdbbfa164cf197bd5987df3a3075983645a3acba443e289b7bfd338422978a104f55298fbfe346872de0895bde44adc89cf

memory/2948-22423-0x000000007FE40000-0x000000007FE41000-memory.dmp

memory/3960-22424-0x0000000000400000-0x000000000053C000-memory.dmp

memory/2948-22425-0x0000000002530000-0x0000000002540000-memory.dmp

memory/2948-22427-0x000000007FE20000-0x000000007FE21000-memory.dmp

memory/2948-22426-0x0000000002530000-0x0000000002540000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD

MD5 4875d7b5f43eedf625826a80797cb6fc
SHA1 70ce71e07f0fec899c013fc0126d4cfdc103ed02
SHA256 f96cc577aa4d47ae05055c91d27be18e725bc18b65deff1ceb5d005a73554d07
SHA512 5a9b00efbd313780f9d877fc732be9547980ddb80da879c51c5ea0668b05eb680e94e2d32f7c26997b99a62149f3043a96a7f876bd11e7de0cd51173ed5c2731

memory/2948-22428-0x000000007FDC0000-0x000000007FDC1000-memory.dmp

memory/2948-22458-0x000000007FE00000-0x000000007FE01000-memory.dmp

memory/2948-22457-0x000000007FDE0000-0x000000007FDE1000-memory.dmp