Malware Analysis Report

2024-11-30 11:29

Sample ID 240228-rn6dbadf9x
Target 0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1
SHA256 0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1
Tags
lockbit ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1

Threat Level: Known bad

The file 0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1 was found to be: Known bad.

Malicious Activity Summary

lockbit ransomware spyware stealer

Rule to detect Lockbit 3.0 ransomware Windows payload

Detects executables packed with BoxedApp

Lockbit family

Renames multiple (9603) files with added filename extension

Detects executables packed with BoxedApp

Renames multiple (8909) files with added filename extension

Executes dropped EXE

Deletes itself

Reads user/profile data of web browsers

Loads dropped DLL

Drops desktop.ini file(s)

Suspicious use of NtSetInformationThreadHideFromDebugger

Sets desktop wallpaper using registry

Drops file in Program Files directory

Unsigned PE

Program crash

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Modifies Control Panel

Suspicious use of SetWindowsHookEx

Suspicious behavior: RenamesItself

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-28 14:21

Signatures

Detects executables packed with BoxedApp

Description Indicator Process Target
N/A N/A N/A N/A

Lockbit family

lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-28 14:21

Reported

2024-02-28 14:23

Platform

win7-20240221-en

Max time kernel

122s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe"

Signatures

Detects executables packed with BoxedApp

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Renames multiple (8909) files with added filename extension

ransomware

Deletes itself

Description Indicator Process Target
N/A N/A C:\ProgramData\F5D4.tmp N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\ProgramData\F5D4.tmp N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\xa1Xx3AXs.bmp" C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\xa1Xx3AXs.bmp" C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\ProgramData\F5D4.tmp N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGWEBHD.XML C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_mid.gif C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD00449_.WMF.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ug\xa1Xx3AXs.README.txt C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Windows Photo Viewer\es-ES\ImagingDevices.exe.mui C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ApothecaryResume.dotx C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\xa1Xx3AXs.README.txt C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\BloodPressureTracker.xltx C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0195248.WMF C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-windows.xml C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository_1.1.300.v20131211-1531.jar C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGCOUPON.XML C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_foggy.png C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\CHICAGO.XSL.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO01575_.WMF C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Full.png C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\TaxonomyControl.dll.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ERROR.GIF C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libskiptags_plugin.dll.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21435_.GIF C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseover.png C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CANYON\THMBNAIL.PNG.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Panama.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\WHOOSH.WAV C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SATIN\SATIN.INF.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00390_.WMF C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\drag.png C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14691_.GIF.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15019_.GIF.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Places\LASER.WAV C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0200383.WMF C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SKY\PREVIEW.GIF.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\MSOINTL.REST.IDX_DLL C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FORM.JS C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\highDpiImageSwap.js C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.CO.TH.XML.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099153.WMF C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\REFINED\xa1Xx3AXs.README.txt C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-oql.xml.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18200_.WMF.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libtwolame_plugin.dll C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\XLMACRO.CHM.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BD08868_.WMF C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\xa1Xx3AXs.README.txt C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A

Enumerates physical storage devices

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Desktop C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Desktop\WallpaperStyle = "10" C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xa1Xx3AXs\ = "xa1Xx3AXs" C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\xa1Xx3AXs\DefaultIcon C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\xa1Xx3AXs\DefaultIcon\ = "C:\\ProgramData\\xa1Xx3AXs.ico" C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe

"C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe"

C:\ProgramData\F5D4.tmp

"C:\ProgramData\F5D4.tmp"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\F5D4.tmp >> NUL

Network

N/A

Files

memory/2988-1-0x0000000000400000-0x000000000053C000-memory.dmp

memory/2988-0-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-8-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-7-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-6-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-11-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-10-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-9-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-15-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-14-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-13-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-12-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-27-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-54-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-55-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-56-0x0000000002180000-0x000000000226E000-memory.dmp

memory/2988-53-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-52-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-51-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-50-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-49-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-48-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-47-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-46-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-45-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-44-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-43-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-42-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-41-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-40-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-39-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-38-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-37-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-36-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-35-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-34-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-33-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-32-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-31-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-30-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-29-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-28-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-26-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-25-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-24-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-23-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-22-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-21-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-20-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-19-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-18-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-17-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-16-0x0000000000540000-0x000000000063E000-memory.dmp

memory/2988-57-0x00000000025F0000-0x0000000002630000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\DDDDDDDDDDD

MD5 4c4e65122a25f8cc30f153a88df59a08
SHA1 d156aee1b9bc2ed57ef22636419dcf787b0e5d4b
SHA256 eea62d6f8dc9d4256168e15ae5e2cd7caa4e038ead7478700a9410c750dc52fe
SHA512 5dae93eafe6183839adf3f609553cd6790a88ab8a85604c3c7be64fdc221eff47e3f47ece116b2413120da43692f907f07afa1ad06fdd60c62ad51cb67c63a0b

F:\$RECYCLE.BIN\S-1-5-21-330940541-141609230-1670313778-1000\DDDDDDDDDDD

MD5 fc17516cec98077d961dac4e0618f5cc
SHA1 6e83bf870a584c47162eeec312f138e362216a12
SHA256 83bf40fd9b74665b559a8af376a4608991ba9ffad7d5d52b58467da2ac38c897
SHA512 2d762745bd0afaedf3e97194781a172c586858561d99c6efda34a454ff569eca163f52839f8530c3d598e319699f4b80cd9a171fca761a171abb6a48a3dad9b0

C:\xa1Xx3AXs.README.txt

MD5 b086e40671776e1878d78e5b77d87b29
SHA1 afc25200704f5e355a80a719e86a450295177606
SHA256 c99243fd5b4b2b5be708c0f30d095e515517f1e26a01032d05ad5ec6d6e4e2e3
SHA512 e813443a43ec149dc783d8f41c7e0abebf79ffa2718c33747a8d4a5cdc7ea1f9cbbc7ca7b2738ed4b724f246b0c56fa9f48c19f941174ddfc976216221480474

memory/2988-3229-0x0000000000400000-0x000000000053C000-memory.dmp

memory/2988-3314-0x0000000002180000-0x000000000226E000-memory.dmp

\ProgramData\F5D4.tmp

MD5 294e9f64cb1642dd89229fff0592856b
SHA1 97b148c27f3da29ba7b18d6aee8a0db9102f47c9
SHA256 917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2
SHA512 b87d531890bf1577b9b4af41dddb2cdbbfa164cf197bd5987df3a3075983645a3acba443e289b7bfd338422978a104f55298fbfe346872de0895bde44adc89cf

memory/984-12883-0x000000007EFA0000-0x000000007EFA1000-memory.dmp

memory/984-12885-0x0000000002020000-0x0000000002060000-memory.dmp

memory/2988-12884-0x0000000000400000-0x000000000053C000-memory.dmp

memory/984-12886-0x0000000002020000-0x0000000002060000-memory.dmp

memory/984-12895-0x000000007EF20000-0x000000007EF21000-memory.dmp

memory/984-12887-0x000000007EF80000-0x000000007EF81000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB

MD5 7f27454eaef7f9b468f1ef44a3d5ecae
SHA1 d911d785deb862f5debc340913aa89e9e2921c1f
SHA256 fc3a9ec0dadfb2221392efdab42b87ff93bf2081ac08446ac038f5d3e8fd192d
SHA512 49bb2770d16c7a9f9adb2dd67f4dc2b4244fbf8dc19998e076e007f0ab503b2767a8318de3f2837e24d9c4bd019fc7899e20c49f160fb2c3672233d058d3ec8b

memory/984-12917-0x000000007EF40000-0x000000007EF41000-memory.dmp

memory/984-12918-0x000000007EF60000-0x000000007EF61000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-28 14:21

Reported

2024-02-28 14:24

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe"

Signatures

Detects executables packed with BoxedApp

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Renames multiple (9603) files with added filename extension

ransomware

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\$Recycle.Bin\S-1-5-21-2727153400-192325109-1870347593-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-2727153400-192325109-1870347593-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_da_135x40.svg.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\notetagsUI\main.js C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-phn.xrm-ms.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\en-gb\xa1Xx3AXs.README.txt C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\complete.contrast-white.png C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\hive.xsl.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ppd.xrm-ms.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\colorimaging.md C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\pl-pl\PlayStore_icon.svg C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Windows Defender\it-IT\ProtectionManagement.dll.mui.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\PLANNERS.ONE.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-pl.xrm-ms.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\eu-es\xa1Xx3AXs.README.txt C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Videos\Help\Unipulator.mp4 C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\dtplugin\npdeployJava1.dll.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_share_18.svg.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\QuickTime.mpp C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppValueProp.svg C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Voices\en-US\en-US_female_TTS\common.lua C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-white_targetsize-16.png C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Fonts\private\FRSCRIPT.TTF C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\ucrtbase.dll.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_reportabuse-default_18.svg.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Date.targetsize-16_contrast-black.png C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1036\MSO.ACL C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_sortedby_up_18.svg C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\osclientcerts.dll C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_download_18.svg.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\LargeTile.scale-400_contrast-white.png C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\en-ae\ui-strings.js.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\kb-locked.png C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\Common.AuditItems.Resources.dll.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Templates\1033\RedAndBlackLetter.dotx.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\System\msadc\es-ES\msadcor.dll.mui C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\OneNoteAppContracts.dll C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\rhp_world_icon_hover_2x.png.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\xa1Xx3AXs.README.txt C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-2-0.dll.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\en-ae\ui-strings.js.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\logo_retina.png.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarSplashLogo.scale-150.png C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL083.XML C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-black\SmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionMedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_TileLargeSquare.scale-100.png C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\FSTOCK.DLL C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\j2pcsc.dll C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\warning.png C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\pl-pl\xa1Xx3AXs.README.txt C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\2.0.1\Diagnostics\xa1Xx3AXs.README.txt C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ca-es\ui-strings.js.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Store.Purchase\Controls\Xbox360PurchaseHostPage.html C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\AppxManifest.xml C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-36_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\id_get.svg.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\ms_get.svg C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-16_contrast-white.png C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\iheart-radio.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\xa1Xx3AXs\DefaultIcon C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\xa1Xx3AXs\DefaultIcon\ = "C:\\ProgramData\\xa1Xx3AXs.ico" C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xa1Xx3AXs\ = "xa1Xx3AXs" C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe

"C:\Users\Admin\AppData\Local\Temp\0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2320 -ip 2320

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 448

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 200.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 202.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 198.111.78.13.in-addr.arpa udp

Files

memory/2320-0-0x0000000000400000-0x000000000053C000-memory.dmp

memory/2320-1-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-2-0x0000000000400000-0x000000000053C000-memory.dmp

memory/2320-7-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-8-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-9-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-10-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-12-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-13-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-14-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-15-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-16-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-11-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-17-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-19-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-18-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-20-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-21-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-22-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-23-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-25-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-24-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-26-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-27-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-29-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-31-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-32-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-30-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-28-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-33-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-35-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-34-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-36-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-37-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-40-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-39-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-42-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-43-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-41-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-44-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-45-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-38-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-46-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-48-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-47-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-49-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-50-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-51-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-52-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-53-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-54-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-55-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-56-0x0000000002590000-0x000000000268E000-memory.dmp

memory/2320-57-0x00000000026C0000-0x00000000027AE000-memory.dmp

memory/2320-58-0x0000000002C80000-0x0000000002C90000-memory.dmp

memory/2320-59-0x0000000002C80000-0x0000000002C90000-memory.dmp

memory/2320-60-0x0000000002C80000-0x0000000002C90000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2727153400-192325109-1870347593-1000\BBBBBBBBBBB

MD5 973f042100d5ea09138b4ad7e9226172
SHA1 5c3e711bbf5507506902f66cc9008fbf9b8c71b9
SHA256 07e8a4c2a8aa56f7cf488be633b1b0f5799e9beb253e5cc05d39dba1d734167c
SHA512 a08339a0dbe4a8dc498813b2f91493b3b4e09d6cdef54bf8ba619a222fc5e9c5dda81266d1d2fba9ccb9df7f9a64f49f20b8fb5a2e45314aa342e5a97ad87aff

F:\$RECYCLE.BIN\S-1-5-21-2727153400-192325109-1870347593-1000\DDDDDDDDDDD

MD5 e4d653c3c7e997a7db107038add3a95a
SHA1 963948fc5c9e462c1cd52f7caf53ec39c26cbf8f
SHA256 df10c4312c1c2675936d0885605e7554a9d3a3272d5a31f91291bc2c1d5b547f
SHA512 b3b59635e45715d00b18ad35389912ed15c4cdf6b55f17669ff548021473ca51b0d2469c239a92e334a303d50dbd8e38a2ee79d03e95dc99b61e679b1d9f144c

C:\xa1Xx3AXs.README.txt

MD5 b086e40671776e1878d78e5b77d87b29
SHA1 afc25200704f5e355a80a719e86a450295177606
SHA256 c99243fd5b4b2b5be708c0f30d095e515517f1e26a01032d05ad5ec6d6e4e2e3
SHA512 e813443a43ec149dc783d8f41c7e0abebf79ffa2718c33747a8d4a5cdc7ea1f9cbbc7ca7b2738ed4b724f246b0c56fa9f48c19f941174ddfc976216221480474

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat

MD5 c9d316cb9972e9b0270884903377b574
SHA1 81d1eedfd992649eb8f35916dc1f9e08e22de625
SHA256 4f5546c9c6a49f96cb8fcf0a25856301f2d9625378b55c418b6aa658e5154018
SHA512 f70018b497e1a2f00537825f34db3f9b8312cfe5bd6458eebc6443c4e04b50039d106ccb33925457c9867242d039307428e810e7b274ee6457eb2be2b3295e21

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat

MD5 89d94decf03187f66e87c6c7d9b24df8
SHA1 3d1bf61341dc7e293949a097b56d9ad8d8c74c2c
SHA256 879920ab5c99e912b6f2f1905c5e8b6cf08c84f35048980ecf39ba250b22afbc
SHA512 2b1ad3bca5f10bf15bc4da762c43295db5a1372d0c6de5a24a948f875c08a100d1f09ffcdd5dd6322767adf96fcf7ce2c07298d141a3fc60ddec19dfedb2f758

memory/2320-4356-0x0000000000400000-0x000000000053C000-memory.dmp

memory/2320-5272-0x0000000000400000-0x000000000053C000-memory.dmp

memory/2320-5273-0x00000000026C0000-0x00000000027AE000-memory.dmp

memory/2320-5274-0x0000000002C80000-0x0000000002C90000-memory.dmp

memory/2320-5275-0x0000000002C80000-0x0000000002C90000-memory.dmp

memory/2320-5276-0x0000000002C80000-0x0000000002C90000-memory.dmp

C:\Program Files\Windows Photo Viewer\uk-UA\PhotoViewer.dll.mui

MD5 de6b812ea53fc494e4cb3bc8f5b59192
SHA1 996eb54a89836d67148fde57f2938bbfa8b96b9e
SHA256 d3e7c8b480ee9aec5bb74cee7b34c0e3a15d6f6a4b75aaf8fbbf91e00c6d97ea
SHA512 73ec770fe79fe434a8b78e50c407ddf228dc59fba58bf85e518788a1d0c3fc64fe6c6ce3285805985943d5d4f28c76496ef504b723fdb7f37bac7d6c13a23a98

C:\Program Files\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui

MD5 d2d777b8651e10d1b60a573312ba4ffe
SHA1 56ff0dba174251ab906aa10534769e368d7489b4
SHA256 a9a84254ada6904e08f4dc51ec497dd9fd23ce4e703bacea3b5da076dd7c35d6
SHA512 db44a5afbfc4be0d4194907518fc3dc70c070f27dd54dd038c3f7fc99905d9a30d057e0199f37761fcebb50c5479a2795f99b04a0c295d40c384ceca9857ba5b

C:\Program Files\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui

MD5 f93b6893b21963e16e0ea6b105e47b27
SHA1 303f86ce8d63e2537995fa3e8ccb7f2873c68adf
SHA256 ef13b96f66a29994dc5cbd7f267d00411c2f81edb7bc02effe65820fa22f2d72
SHA512 634f47fa016bd5fcb97b08b146a7aa0bc22213819ba201f35144a67799b6b68b378bc870f01bf0ddb75ec4906a3d41b2e29f3c529a7c1c27e70ddad074905b4f

C:\Program Files\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui

MD5 52a7490bef942a3d7ff8bd051535cc69
SHA1 4224a868bae099dfb9937073c94f579c7eb84c54
SHA256 2f517c5dbbb70e14cedc4ae942f97fbc3798dd778d2679f9156dd554d0e2be55
SHA512 cc1ae29df0c3948ca82e977d800e880cc871467879ee6fe0264c73b9f26f2db8cb04c00c0e472f46d7c2be26d5fa467b90348a48f0eb3a07d78a9b3ca0f61b37

C:\Program Files\Windows Photo Viewer\es-ES\PhotoViewer.dll.mui

MD5 f3ce0f4a8d3cf91021ab951d3b203e18
SHA1 9dac58a18c8e1a00410a243ccf820f53efec7aa0
SHA256 f3d6ab4a944f6a508a739cf5573a15f0045663a5a15b609316c7234adfb1946a
SHA512 d3c5c0f2876c3d6ba5db978086630d24ace979e56dfbdaa05abc1b9f7eb5e96f61964394f3d1be111efd3dfeb98b372a28f5e6d102b42499193429dd9ed2e067

C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui

MD5 4e035e417d76f9dd69272a64ec650505
SHA1 29fa997793dbf670b8c25d6b399d5550c7e87892
SHA256 bc9fc3b970ded9973e93977318a35c2459a5c71f172b2226d8224ccd05ba73b4
SHA512 3e407cc3dc6aa58a503ccb4dc9180b697dd9b9f130e41ea7405ec1fbb0b3909546b45bb167e584ae1258465d6146fc4c9753cf1ce5f565716d842e6746639747

C:\Program Files\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui

MD5 16ea39aa5edc4dacc19e758f8a71d406
SHA1 f59728a9ae7e4f108f277d3cf38376c3e433fd40
SHA256 d3e16b27cb412a60ce066aeabc74fc73ba5241b6037ed0780523e95a3330eb06
SHA512 9faccd7dfc062c20f9f80f542ac7191f67828a59174253dcfc1e3e6e76b5bb734dadb8159cb53d3bc7a85a36088c841509595439021aeb58ef0435b945061b28

C:\Program Files\Windows NT\TableTextService\en-US\TableTextService.dll.mui

MD5 d48569678a55f69f4796b5c79e571f40
SHA1 ba8d3a10b40529ea6448f42139afb4a0cf169e67
SHA256 e22f63a69656fb16535060c3ff3760f48fa778c8c8ba76a14e45880ac2fc9fac
SHA512 5691787960427d901981f259b54f4cc0df46b7d2ccd2ed24157a35c8b71329d9377b682292427e7fac076d2c81f6dd2aa1ad4bfcbc420e339b76ef1ee7369d17

C:\Program Files\Windows NT\Accessories\en-US\wordpad.exe.mui

MD5 91676bf9faf4912d00349d1ddc8b8737
SHA1 9c89bc9f68e91981bb40c33db5fbae78efea28d2
SHA256 98dda192ff887ade6dd4b03404d3aac871b74ed244ed3a363876ff29f7b2ebd4
SHA512 9bd7731973699d180e5be808f2b0fb59c30b1d212f2143b5fba18d27df077b3cab850f1edffa9d750dcece06e3037974b034cf089ecb367c4a547a7aeb09e826

C:\Program Files\Windows Media Player\uk-UA\wmplayer.exe.mui

MD5 369c2651efe096efa17cd68647d961f4
SHA1 eed9d3f233c989bced94affc165c37463460577c
SHA256 e28fca783fb08d1919b1af667d3b6334c2d83801888a3f4ac6a002f8f361a7a9
SHA512 cfdde95e530114130ba585e0a448750991686ccd66322dd24798ae09388cdbf0df0dbc2efdba408a1e9da2e15b26d178b716076ed25d5977c71a8e97948af149

C:\Program Files\Windows Media Player\uk-UA\wmlaunch.exe.mui

MD5 e50b1c83ad845ee4a87285e4197178cd
SHA1 d7ed36c60dc110a0bacc1e3a0f68ee9b9da17bab
SHA256 56434ded316eea0a0cb3ad7e64a04121a649f4031d4bf4d9be216c267f1da4cb
SHA512 77d8e4271e02a29b47d16c8b56e4872cc68f44332397ad4aacaf0dfe798638a96813ce8655413c7a2c46c6dd8c4b6e6a60d8c256f1b8ccc17ce720365130dc3d

C:\Program Files\Windows Media Player\uk-UA\setup_wm.exe.mui

MD5 c5b9814b1bd43052899a3ae8f4d77621
SHA1 9f767639976ec354ca20ce76edf2d6e7e9ef35ba
SHA256 4bf6e896128a223287723f78ddde74c84213217549fac2e3069164c793291e0a
SHA512 7664579602c50655dccbd8801140b3b30fe3beaaf8b8d022d7e6f03475a51cc5d6c3d6a7d6689b9f41fe3910fd66c9725f6ec4087cd9d66ae150e2f7840b27a4

C:\Program Files\Windows Media Player\uk-UA\mpvis.dll.mui

MD5 2dd89d88ee430533c10ffc37883c6ff9
SHA1 d0b6df59a2f301d0f4a96173d17cb2de45c8dc7a
SHA256 fe98d4627a427c84dafef856249ae75c35dc8bfb170f536fb5b4f68d16b0123e
SHA512 e2eb1308fe1c2de20793d0825d0d05eaf1e1bcb31413cae625ff6d2cef333682671028023811ac192e8b10fed0361363bcd4fd482e2b4767afede27455d4cc99

C:\Program Files\Windows Media Player\uk-UA\wmpnssui.dll.mui

MD5 b6fda37ab35b228039b0b3486cec85d1
SHA1 33c2f4e67a08d24e6f3ae1124f0cb47af294eef1
SHA256 d955db4c90f525878500e6ff6437db01dca4e0705b7d11d8150c278107b0a8f6
SHA512 18634ea77e6cc292f66451c603affd0242423a35313994d97e500af3a724057f380fe6c694976996034f813e37cab7c1751d1864b0445acb8c9b17d07bc66f97

C:\Program Files\Windows Media Player\uk-UA\wmpnssci.dll.mui

MD5 ae1fba7e65a3ac712e628c84d7e468ef
SHA1 23519a8c15598f846241d88c55d578ae8579f50b
SHA256 4521508e8ae8631e3029ecebb697029df1917fdf09164abf118ff75bce5abe47
SHA512 d1a57844d61269a1a91898670fbbee610aad03d21a9f5e158cd2c74b5badbe0aedd761374d40bd6f001d905fb4a7d7deada4a847d993feccf35fac72a5a5f6b9

C:\Program Files\Windows Media Player\ja-JP\mpvis.dll.mui

MD5 1d143a8fddeb6f126a5d130b00004495
SHA1 4bc72431940c31e33d91ba0db9708a4262bcbd65
SHA256 8ac70620f485f768b575eb66a353222aa2afb73a867cd92d12efb50a81b65b0a
SHA512 74642dc2fa99e96852e8c6d38098141dc9d605bfd0f3d4fd7b55fa42d2847eee37b2759ada82453b24a355539404124c8b41fe6c12e65fbc51f3264400c3a4f1

C:\Program Files\Windows Media Player\ja-JP\setup_wm.exe.mui

MD5 64d11bcbc2d95264c0d1f2bfff2228ef
SHA1 30d93afa4caf00657f0eba7fa95323fd7c8b4c58
SHA256 d422dc0522af46340d53408e7014455e44cd6ee958e6eb374f2fa42d48a66439
SHA512 feb9b3b3a0c7d6aebef9603e3fcf9d57eaee9e863c6c9c688adefb56700e5cf4b87d2ffc6219400e230264bf2921169a2c8e7dceae8210631544c6c000f74993

C:\Program Files\Windows Media Player\ja-JP\wmlaunch.exe.mui

MD5 67089ba723aafd13f18e15e22abd78c9
SHA1 1b1d6b47e4a463f1e4f3e840e0079b76bac0c9d3
SHA256 5bd938231e931be5d4ffaa94adcb1a1de4fbd3cf10de6f0fb667afc7e6f5505d
SHA512 1e6d29010d6717891b4666b587ad4a94788b418a840ec72a7e2d93b922fe539063247ddd4ef86085a393deb89269e0e5115a0ed68693fb5148b3409d7af4b0c8

C:\Program Files\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui

MD5 6e9cb62a9e9a05c356b5fbb344338889
SHA1 7b1452a6671430b575a944b0f7a51a33595c283c
SHA256 49462d7017c387c314d447c79ee22b6218e8af14f4a7b4cc7f78c63320b28f20
SHA512 053c04494f5708eee00d9c20a19653e919855af314f46cee9942faa366b31264a9a4ef83f03ba1dfa7e52c4ec7b9fa5b67d0ba7f4d33aacdcd9b54b4a5a43852

C:\Program Files\Windows Media Player\ja-JP\wmplayer.exe.mui

MD5 109695560f3910df0526219e612ace9f
SHA1 3d7ea791e05a4f02607523e7e68c3e8e000452f2
SHA256 d082904026c67d91edc89609510eab6af99a903186b32366884ab53d6f232683
SHA512 0a6c8246072c47e7fec1769959c5f2b1847a9b55dd734eb1c945fca544eac3db5097638cf9da3186cd4c6ffa048c20d83e8a074097cce423c42c002f0904db2b

C:\Program Files\Windows Media Player\it-IT\WMPMediaSharing.dll.mui

MD5 16e12675da5dae9780d2af70c5c466a2
SHA1 6bb15a9ca676ca4b2aabe344ed3bbc6891c588b5
SHA256 48f8bacc5d0bc656c5a93edae90a49e90ee9a038e22ea939805e5c79810517b9
SHA512 6f161aa816028e7fe414d196d6f7e7d69b3e54e7af07e272f3839877970662ea5a0a2a55638231ad7549bd765739409d0d5affccefed68f7318fa97d6337cdad

C:\Program Files\Windows Media Player\it-IT\wmplayer.exe.mui

MD5 ea787bf378b68be509ec7037e34cf2b9
SHA1 436ccdcd2ff3a85a15636dc59e4cd1bacb4c858e
SHA256 27771a793efa21f4158c8ae1ca63a9075f8f6728e9bafb4f8e9484362463c0a4
SHA512 00c52ac7590b33f4a7883642d25e80f49ea7c344a6fdf184b4527cfd80b03c454dc0d6f2580d30c218871d89d1a0a3ef834beec96dc2f39035f47816eca6a372

C:\Program Files\Windows Media Player\it-IT\wmlaunch.exe.mui

MD5 5eef607ba08d782f7375766cb87f4554
SHA1 9cc624d6475bc223584d828dd576e7a2ac49ff58
SHA256 3c9856f8f698e184db598a242a66b6ed3ad02b6c890c87ca9a1220766db0883b
SHA512 8e92fa44b7910d15c56751bdeb216ae95fe9f8adeeb574d0e516882fb43dc311a8bf2e9475877ad58ad21b0886461046707a19e593fabfde13c7f5252309243e

C:\Program Files\Windows Media Player\it-IT\setup_wm.exe.mui

MD5 781770b00d24353e3265e8e9d0824a41
SHA1 3162309d5b244c83d9df5853001e9dadc0a50efc
SHA256 6a02a64491fbdfa8ae84da46d40a49eb44737204fc2c9deccb27f974bb0ac47b
SHA512 d34c5250e6638ec63857176a0aaa4fdc541028db8e3d3d78a5c318263acc5eb8b8be1a073f96505ceffaec4fe176a61f61ef19ca670c9382ddad66efcb2cd537

C:\Program Files\Windows Media Player\it-IT\mpvis.dll.mui

MD5 ac1fd60b2581053dcb98a577c02bcf0f
SHA1 cd1fecc6d8d9e096d30dafd999c9f16498d358c7
SHA256 455c10c4d503c2fb597ccdf9c643e350b5118894ffa2b213ae3076fcd8c5ce90
SHA512 d6066c4bdf3e8890212306c19f129b005b420ef25084d0f7c8134288f8fdf6bc59462d6b974cadc894c5d63e4850e51a94599ba353b3938f18908ac577cbaa89

C:\Program Files\Windows Media Player\ja-JP\wmpnssui.dll.mui

MD5 daf7ed7e5c9a8d47fcec9c084c381320
SHA1 581fd6163c339966f6ec26d6166360291cb0809d
SHA256 95aaca7222f4bdb0bdc13c6dae9a3dd421a981cbf3ca15665d7ce06d4bd572b6
SHA512 0b4b0a9662f58abcb78242eb9183bc9bbf923dbec78259f4506c1996b3a50664cf7b63c7d8934a2fe940ba5d7376317bce7c0f340b36251f4bf11fe4f2fb6121

C:\Program Files\Windows Media Player\ja-JP\wmpnssci.dll.mui

MD5 57a6f37b0aaebd64c07995de15ce0205
SHA1 ee451d2a9c57648600fb418437d499e073d4bf65
SHA256 acdae5d8b8cea40b9ccbe78e0f44ebfae4804dad61b9454eb210db6619073590
SHA512 e9e78abcb5626429ac3dd7f93d12e4b53ec2085d59ab87a308906a4cadf103340cdc12266c000ed594e33b5369ac5d8fa6f5bdc8b26d4b21f85787e255f18806

C:\Program Files\Windows Media Player\it-IT\wmpnssci.dll.mui

MD5 5bd0aee774efebc259e944fa1a72db11
SHA1 85ebfba650e4c64a77d0f6afc2e824d16f1f26cd
SHA256 934fa7e9eb515f078bac23223e628faa4b1ee9e32c0c64b1a3b7b0d50cf3c273
SHA512 81765b7e61f3b1b1c5c81c4ef2e24dd9b67fd0109ea42ed4f78433b50eb4b44bbad786b85ccf798022bdefd0f76c9cec77984fe9115f07441aaf4c8683b7cf14

C:\Program Files\Windows Media Player\it-IT\wmpnssui.dll.mui

MD5 008861bb641b0cb201a1951741e5aea7
SHA1 6f1762b1666d6ac68dfb04ca5930d3f801df7183
SHA256 271ec1af2fc95b93a00d9e7c333346ea799ca8fc9d05af4ab8946e515ac6fb90
SHA512 620f2909184e6aa6e04336d93853f96d513171eb40f172285163f3501d84ed8ae425dd5addfb82ba27a0fe1d4adc291424fb75452b597096e70e6c1134991fe8

C:\Program Files\Windows Media Player\fr-FR\wmplayer.exe.mui

MD5 16b6eacb25312c7220b00a410c6c6dfd
SHA1 4cecefe95cc39faf34f5cf6afd67e449136b8ac4
SHA256 be15c06ff69585faca214e376323b7daebf41ee7222d45fbcf2dae9739bb060d
SHA512 b41c4a7773edb572fa2d78f6fde543f7bf2377eb607d72070eeac62dffd1aa9a0863775b43ab8c0ba83776a7f6162c73053971dc2675283538528d2493a5b83c

C:\Program Files\Windows Media Player\fr-FR\WMPMediaSharing.dll.mui

MD5 50e6881049f51979a46c80919aa27deb
SHA1 07bd0c0f06c34556b225ecc7e26c80784b8cfc04
SHA256 facbc8e24a6fdf6851774824c886175676c547c55bf479651b04521c0dffc1cb
SHA512 c732f0d67c4841fb365c9ab8a242b206e78ffc1ed5a2f7191df9714b482b035fc099af6a700268dfaf644035b3133f6edf917c200dc5402ef8016138f8757dc8

C:\Program Files\Windows Media Player\fr-FR\wmlaunch.exe.mui

MD5 5ce884592ba3f8846365ad3e36d90d66
SHA1 a01129c49e25dd0285f6b6594c07ca295456869f
SHA256 1232529478f69d97089c1e2b0477b6365a7e925c4d70c4a1cf41422a5cfa88e2
SHA512 2f994ea4d7d9ea7b898a23166411f3c4892e9b6d6d776dc0ac8a708dda8f22b95b3c085075df8ed9913d470952fb8fe774cc917a4ffd02b01a0143499dfac103

C:\Program Files\Windows Media Player\fr-FR\setup_wm.exe.mui

MD5 ff80a1daf1a014b7694e9923a62461d9
SHA1 8dd34d44da87306d174b8020dc257dca07b6f143
SHA256 405ca325bf03209b010a4b56076228cd847c7bedc6ed0fad3967da5762b9403f
SHA512 a9ab046924ba6c3b4cc464335e88fe8d1f7a1502e8c476f794c95e4d5c7a2a05bd9881b109c1176b4e3e373dd8026ab970399237c1b9d3cb3965ceb3c0426bd3

C:\Program Files\Windows Media Player\fr-FR\mpvis.dll.mui

MD5 9b1e6531a96abee1e5f0e2cfa2c5c632
SHA1 a148d8d5646e0f66f49916e9f9ea9033f4ce2ae4
SHA256 0c09ffd43ad2268fea6d25b61228065405a9dd769859bcc0169c5975686ffce7
SHA512 ed2257d4ffaaff4aa675fab50b49d953528e7b0f925235a47184ef7b427b6f408af9d5daa2c83789cd7f9044817318ed85a4d66ee0c71bfd31898b679a639d81

C:\Program Files\Windows Media Player\fr-FR\wmpnssui.dll.mui

MD5 0f39ca0f90324d744dcdafd4c9b753ef
SHA1 c4f7016a96e25f9ad0623209b7ae0f807ff9ad68
SHA256 cca81bf67e1f85565d782c834199cd1216ff1cf2a2cb96499ea20c99ae0b7091
SHA512 ecac6d4edc1251e1f721f533aafc07faf28a039e6f1cd9f5b95a32b555152280bf416527c72d501110dd8082d13e7bf6ff8c3db64085d97a14bf65bca09fad59

C:\Program Files\Windows Media Player\fr-FR\wmpnssci.dll.mui

MD5 c1ac6ad37b8e011035a9c71053b723fd
SHA1 843260f8ace56d0dd45d2b2eeb4eaf0469fd577b
SHA256 6336c85b585308bcabb0e24601646319103924165e67586d16f11c8d053295c6
SHA512 73acd7b2f2bc3a931e2975640dcf8a935efe3ddd00f2ce91b62dce8e468fa562e0e942f94c9e7529415914b0559731448f6fa00d14b6c01f3f4e6b74d38ef216

C:\Program Files\Windows Media Player\es-ES\WMPMediaSharing.dll.mui

MD5 7566ef5e4f6913ba25929de353222291
SHA1 860c804230eb3d5dc8d0843f8db0012b7d3cd303
SHA256 ebcb68206a50b7d54a67d9c979aa81891cb1b5e37d431c57f7250406a90ab361
SHA512 6f8502ef58071ddf0534fcf9da78600ea805a762235ed3460fd19929ffa2ffc09ea9e3247d12609ea247898ef945f3a5d3a7ffa847f620d8d1845cc51eb4c1fe

C:\Program Files\Windows Media Player\es-ES\wmplayer.exe.mui

MD5 35e59d51a5f790ef7c05ac729e780e36
SHA1 f9d2c203fa32ccd6014953b54a86f7fcac4ec91e
SHA256 ed0ac5bed97d4a5c1071ff9515b9cc43773a27d42e01ed15479e86e9a5133450
SHA512 4d763ca2578b40569a5bc5bdc723af10b117aacd36bf64712ffc8484345ba54b1cb5196906b88b378b5baae459246f1ca594bc159b80e409b117331ef7929fb9

C:\Program Files\Windows Media Player\es-ES\wmlaunch.exe.mui

MD5 933a32d2608074644e2fe87f5229fcb0
SHA1 e093fe101ca693f54d0c40994bbbb6843ae7e41c
SHA256 596920650b87a2e93e8b8b2545c2f1c33d24920bde6ce8a5c16eb7efb2f33091
SHA512 6edffff590b5978e30ad0306f75fe8911b43b4df083a48865c53acd66f39651d10f024d255379fbaabbd7b6940c06277ea3daa8aa9c2d1e74e7905eca4323139

C:\Program Files\Windows Media Player\es-ES\setup_wm.exe.mui

MD5 3aaf39f6f6a3596ee4d38cfb74d11ad3
SHA1 14adb2ebb80aea2d4ce11400f7823b1c9040c637
SHA256 1317a948bb89fd12cc6ea5ebcee3b728a33841601cd59201cf75b7c0d8c5ae69
SHA512 6399c988fe3d94817e6aa0f1c93465982c15df0f004042c900dc3eb04a1d775fe95e6bccb9bbb2004f56743ddc8c2c0eb27172b043e57831e84491fdb3e38fe1

C:\Program Files\Windows Media Player\es-ES\mpvis.dll.mui

MD5 ce628973dc6aa2c0dd23f966aa317539
SHA1 065b7069dda0f988110f39bec55bc360a664f7b6
SHA256 1b059ab1c245cf5fecac9937532a4f02f8b81ea678500d67cdb787c3d9e0b7d2
SHA512 a5fc0e180d062e32284c7bab72f26717a619ba19123c651d1d8cce5270e0aba67ae03d3b5d3b5bbe875fa27d2f597c7fae2091f2e0049982b51a829789c9ca87

C:\Program Files\Windows Media Player\es-ES\wmpnssui.dll.mui

MD5 5a5847c773bc1525746594fff1f62759
SHA1 863f64470a8262aa8d24537e46e9e79434562124
SHA256 c4a7ed3eb690dee9fb775da4388f666587b1b257b7a987a5f9c8aa613efdbb27
SHA512 ea5d568b4a64c1a45c5cffe5464aee57f73caa99b14b4c55f2d9ad351153585e7dd1d64aa19db45ef21b1c14e96168e3eb53a52025f0ddc13302e4f1998668ea

C:\Program Files\Windows Media Player\es-ES\wmpnssci.dll.mui

MD5 4fc7da5c61d5c8b377d8424d27305054
SHA1 98442002fd74feab7c1b2d33d6e36edaa42f7bd5
SHA256 0cbe2243e5d49d386fb8b051adf6b4faabdef5fededced602fd481a51483db85
SHA512 0f383474e4a5f2d38fdc24e44668f2ca374c1bb77088d9f904ebf7a6cd81115d5bce25eb67f6ad4fbff323cc7a8f70feb04b7bb59929dbad480df0b876b0367d

C:\Program Files\Windows Media Player\en-US\mpvis.dll.mui

MD5 7469f881751528244ad887f208a6381f
SHA1 bf40fd7a14eae8696fedb5c43987bba61a74aef5
SHA256 a21d409626abd6c7179112fe9bc562404954d46d6bc506e1f57d71c4bcfd7357
SHA512 8e90b28e9ee8f20b9513a02d7b13f0d4a66b98d0823526897d8d7ca83d944733e8db9d68796838be53b97f65300544922d0c75ee24ebc4c8bcbd684c00d0a4f8

C:\Program Files\Windows Media Player\en-US\setup_wm.exe.mui

MD5 f613a4670927160e63c371f7ac0315aa
SHA1 c9014cf5a8d94529283f52df701efa7343083a0e
SHA256 0574ada92b71ab7ac0e08757c4cd40ee12de7968f9262b219fe74aa6e1271761
SHA512 6e9e6c14e202a5c810d1554dd448e9665ba072ff94e300ec1f704a901f40a189eb269884cbef8c96de90483543830d91ccc8a8631a2ffe28cbb37a4137c02bea

C:\Program Files\Windows Media Player\en-US\wmplayer.exe.mui

MD5 4ed655224f068bf73b995a347bdc254a
SHA1 4791fb2576de922442b8fa9feb75fbaea9b2cdb6
SHA256 ed27e537ea6cb91ac5e6ae1f999261e9ddd77a750ba918e0c389f4b9cb46c0df
SHA512 2e24467f880a33b160d10a3c9350fff20f5c91eb514751397628b4f82b43620e85e39096a31c5654d00825f60b09f87fefdf955b0ee2470105a3e9729edb0709

C:\Program Files\Windows Media Player\en-US\WMPMediaSharing.dll.mui

MD5 f124887cb26dd69c29c029002e9a274c
SHA1 89ca915d71f746b16f2fc88732e85bdfffb27f2d
SHA256 bfd6834e53a6d0c7ed1dfb54721034a39ebf3fae5a43e4ac82cab52c109846d0
SHA512 a86cc84d9a63cf121d2314bd1f3c9194e1b4280178d263e5ac48de02d956c2a41ec80e90808188755a30a631ad16702520790312dc8d5c1d7ee10d959b584517

C:\Program Files\Windows Media Player\en-US\wmpnssui.dll.mui

MD5 c7fcf561d3cfd1238abf82a80a31caea
SHA1 78981c3b40390ac1ced570ffee43b1b7622c9738
SHA256 64fcb0023a0dd1f1c809810e484854e03324dbc7fe6fd0f3a0a81082efe0acfc
SHA512 4879fa463be198a991fb8b4a452c43e041045db72be2db1be1aa5e0fd6bcf72ad0ba89d1b124164b405db80272493693ab2896b0c875f238cc2c3a662886d61c

C:\Program Files\Windows Media Player\en-US\wmpnssci.dll.mui

MD5 a1f0d4c2bbb6015398cf547006796e66
SHA1 132d961d5845b0beee8d892c65ad4694fe56542d
SHA256 527b4b8583fe6d6420152de1e31b105398ea273cd6ee5112884ec4ab68441f16
SHA512 020b46e815b205a7d2a4f36fea0f1db21feb231092907ac67bf846daa6ce19821225982a887e6b8c86864da010ca8313a652b816ba7fbd0bcb4f172b3b7b2c09

C:\Program Files\Windows Media Player\de-DE\mpvis.dll.mui

MD5 b722cf01254ce3a6187d3142fbbfc338
SHA1 34853d649be79546d0cedb83b4585a8740f9a851
SHA256 c8119ce235ee94a9afd9670c106284996865242cc9f93c60cf5f46ef399caf1e
SHA512 b894bdf104d30a0dd58e46c98f5ab83dc7ed909b9e5ab317266368defdb6155fc35a46bbd6d5eb46665f801bb58a17801acba3591ea26b80e990f1c3ed52fbff

C:\Program Files\Windows Media Player\de-DE\setup_wm.exe.mui

MD5 6a3eec1cc1bbafc71c379f85dada51c4
SHA1 ee3c3aed5e5996e944cb2ac3b978ae49fbe32750
SHA256 e9278cbdec05f62a5f58aa94ec3bcfedf4f256784309d0d7c3748457215b8410
SHA512 ea3e7c140938891c0a7f1824359bf81da45aa8ec1e2214b637fc7ac32bdc56a59ba8d28107e821a8376e7cb2382d504c6ea888caac4c4114c974822524d8088a

C:\Program Files\Windows Media Player\de-DE\wmlaunch.exe.mui

MD5 f433c4e37da4249d70066f11351a410e
SHA1 32a2c102fcc913dba013d083a1526188a010ec66
SHA256 025cec199e28b153292d49f2070cc7d6adccebcfd1c5ce2fe9faa939ce10f875
SHA512 54f0b8f43483ada4a8201244197eb0fe84a38e62650618e7917d7d056f1edeb850927d52c23f0a981378f50f9b7dc50cd31b8f67bd1afc9abf87dd13f5a3fa5b

C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui

MD5 dc1118cc5ca12b1a300984d40e412684
SHA1 b8cbc9dbede0e2f7ee111b911c6fc3c193348590
SHA256 e9ddb5761832b86bc9e24001ee1cbb3d414b08aa3bbba5d86775ab900ff3fb4f
SHA512 a141ed119ca8abc10d3b13a3be18c8160ba93ef10d9b788290a76916cedca969ca1b927bd6708f472e55b603775d485f2abdc347840694c51d831272472f63f2

C:\Program Files\Windows Media Player\de-DE\WMPMediaSharing.dll.mui

MD5 e5253117fe1359ab2149bcc18c374bb3
SHA1 de0166c8f374ad8b1b1de47973ffeea61ee4f24f
SHA256 7559bc89f45d5db7004c76bd0b5cb29ef1b3bfefb4824fc53b5bb64b1e3647c2
SHA512 0caabf2087f98dbdf2e792849c6efdc4265aa5e3e5e952491890b66f1bba40a38ebf9d0bcf56ea6618d2075ca8ca33726bcc95fb06e83507c332c3362ea05c65

C:\Program Files\Windows Media Player\de-DE\wmpnssci.dll.mui

MD5 6753ad2256567d677cd026fa31163eff
SHA1 3fa5b954dab96f510e96333361c3a40ed22e131c
SHA256 9db6b8b44eefd60568b26cea096241904535ec2b756d2aeafad6eb469da2657d
SHA512 60fa91cca11063c22012f1a929a58c882b84c80bd2b7d3cbe2d4590538a8f766911624b90b46130fb3b7b3b5207ca045b6cad1baf679b8a6f69be6db8e966e4d

C:\Program Files\Windows Media Player\de-DE\wmpnssui.dll.mui

MD5 1744640a5e45616a7fbe751ed2e1c74a
SHA1 e00da06908d3e0750a0a738eb799611a7fc621ea
SHA256 90421c54d397c9162f139eebfdea695930e1e243c6adece5fe74f911b252e4b3
SHA512 767aa0f73abfcd108f2bde99e92ccfde248dec01497c3f63112c29d6e8dd15682b3b83ce25e0e34a14eb4819be2f4ca8c903bbe7868e0b3a2a2e1e9cef30b909

C:\Program Files\Windows Defender\uk-UA\EppManifest.dll.mui

MD5 0c196c2ddaaee7b533e106fa1013ba1b
SHA1 20bfc18569b8901cde0ee7de5c38a29db05c2af3
SHA256 0b1c3a7becf07b06a7b1968f6c6fbf124fbea36fe5b103984870b02fae51668a
SHA512 a1adf8ee041d64914e5a8eb625c4ee648276ed33ba41050ece56392f802d188b4d8c0f3797225119798db7a22eca684024ffb61ce310678ce168ca48d13a6859

C:\Program Files\Windows Defender\uk-UA\MpAsDesc.dll.mui

MD5 8231444c3a1c88c4e7d2b1f89d19d7e7
SHA1 a376e8365ae0ec132bff55a8af2ea6d352d8a438
SHA256 4fd636511c5368165b147fe14aa1e881be9ef942ec074901f162038044cdff4f
SHA512 e48fe89afe1198283424abf27ec742dbd860edf63a631b4f00964e1edc2ea37864c1ff7bb63e502a4515beb0c3f7e9c866237ebc3fec2ff27b1690cb82154491

C:\Program Files\Windows Defender\ja-JP\EppManifest.dll.mui

MD5 a09af7640361200de60a9b3d5dd6eff4
SHA1 7bce190eaff6408c08810ab5f4b3a00f2b4504bc
SHA256 750c6a13cdbf9c3f2f6a6a789d5c45fe012cdc6de07a2dd457f2af0260506c6b
SHA512 3b70b6d05ec37623b69059089848a41108841336a314a8cc673cb16517c87a09c9782ded2bf83a05b2d67d7bf8617a2567f8256583da8d1a7ae23038b9cc3692

C:\Program Files\Windows Defender\ja-JP\MpAsDesc.dll.mui

MD5 bb3d3bfc4085dd21489078b52c471dd1
SHA1 644173fddb80c7aa9b6ebb167d05f455b682aac2
SHA256 ed767683c92d0f213fc23da5e562d647620c0236d4aab4a362f04e0f19ed5804
SHA512 c604b1945c3764a853ec5ac345be311b141e81fcc14ec9ea461e178cab93d0be6453d1c8f43ec657877faa233aba7aab503a9e026527473ff907db17db951f4e

C:\Program Files\Windows Defender\it-IT\EppManifest.dll.mui

MD5 05ef3a3ec75da45cdb40bb2ce4a17d94
SHA1 dd4075cf57303ea07149e34ebe5abafac2bf0c30
SHA256 165f050e2f5766ea3b5622201d57746138acb4733f83489ab862b35a55a65a39
SHA512 47a7674d0de2e16f132810ff6b545bd58b4c5aa25de6e258a0d870c7992ffa722f80d225f2f4d69c53c08693a6ff5937032969e970f8ad31737fe2e8176609cd

C:\Program Files\Windows Defender\it-IT\MpAsDesc.dll.mui

MD5 494b3428ac1172796d795cb332486e8f
SHA1 e165bc87f77d041be3b48460d2f710a48c2eff9e
SHA256 26b39fddb87855e8d0a0134c5fdc9e37fad9e52685a95e15bc6fad596c52265d
SHA512 fa3c24e8d68f354a7bea7c849608f49d2d0c8308db2212575a1fb445c43280d2461e0e2b28416d1ab52b5ff7b238939d98930705366db9759ac23f6f7fe6e696

C:\Program Files\Windows Defender\fr-FR\MpAsDesc.dll.mui

MD5 79c75e9822c7b1a67d7fc5c8ece66fa8
SHA1 2a27276eb4cfa40a9bfc418c85733cb079021ad1
SHA256 e3b3d295f6c98091c36bd89c6d7617db22e18db491e43357914893d0cd221522
SHA512 05a998907aa90d42c991614b869e8b0977121d37d85938e1b7f2807caed0c9b205e88038ec1148f84a97e8eca0e9d040a318d248e9add4c2223d03013a54690a

C:\Program Files\Windows Defender\fr-FR\EppManifest.dll.mui

MD5 d1c734501187762c711fa69f5e09bbe7
SHA1 ecb4f2e0fd84d44ea46ae3a0b9dd34b241846d55
SHA256 2470349d6cd1e610c68ad0b7fa69be829c940b4f1239d7a20d26c4fdc5f706e3
SHA512 df5b7b2fd23c3573cdb54ad4723d8f114ccca20f52a75312f2fc12f679eb6e40915ba816acc48cc93560e9baa68ded4351526354fd518155dc963c3b21fcf2eb

C:\Program Files\Windows Defender\es-ES\MpAsDesc.dll.mui

MD5 02b785ad46a7bbd52e1b5346467405b2
SHA1 921ffa309d02609660ce9bf59a68de61181001c6
SHA256 c06e65f221bc98cee5a72caa651a2bc7e82350a5ffc28fb47bbe93948415aa76
SHA512 7a32ec5e020299468ecc40d6c1d6854e8d245a2a07e9cf5c6ebff8241bbbc5c90dc3f90ecd98cc453a6a1093701f987896d3308bae8ffbc4d1c08b255cc99df0

C:\Program Files\Windows Defender\es-ES\EppManifest.dll.mui

MD5 c2e42e2856ba4f2054d2e01bef0183f9
SHA1 bed5d8b33b71224e97a1893d85e767c7e17b7e99
SHA256 fd3382bc55bc77553a631f89f6a6f488643e2692f8fef5766777a156336cfc52
SHA512 8af5abbd0cc9c8c8c5dd459964e7cbe2f15dea980fca953d4b75211a03b59748bbb6548c0b230b82b68909a30702ecc114886ea3d42f10f0cc4c7d95ffc294dd

C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui

MD5 d82942e63fbcdb462905ea497c98554e
SHA1 9a8f523f963ad9d7d8be9c70f528b6da928141a0
SHA256 102eb0c8492270033e1af03af5738c718159986ed213de24e482b50f0917db5a
SHA512 3dae78cc8fc186480b8e93c57378c18f189a958fbec857fa2c12904fc97dbc2c2c46d2cb56818643eb0ab3ed6325f5d3bfd23be9b36596428d81b7890e439877

C:\Program Files\Windows Defender\de-DE\EppManifest.dll.mui

MD5 2c4f2a032b39d57b8756c8ede729bca2
SHA1 37d81126b6e9c34c9fee9fb85dc0cf940e63316f
SHA256 2e39242029c33217ea44aced5ef0fdef9efb6040d6ad53568a2a18dae8152dd7
SHA512 53aa4a5342debd82254bc7b54b4b2a25fb6619c2cfa882084804edc4bb6628aaa4d7d535fbc128ca95a74518ca51ab6ec6806e090fc68f176cb903b27888a7bd

C:\Program Files\Internet Explorer\uk-UA\iexplore.exe.mui

MD5 969edaef84e2e15a484e2716cda18d11
SHA1 54904f254618c91b57349417793e747e48273401
SHA256 d47fb0943b8876abda3f5af7dc1813b8ad6f2490b614df2cde9b9011457ab2db
SHA512 586c4e4ef99d89302dc007c503f6a8a2d2aabb1ddb95490de870ed9e8fc8ba3a6fd1191d4b0288eb89325dc88f63ca237598a8d4c6ab829c09fb18bb824ac4f0

C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui

MD5 6693b5d4a29bf9f32f4dd869da16adfa
SHA1 3a0468e24f6fbbcbaf49a259d5335a33f8ebb8a4
SHA256 96cbc16a6f345f882e2f0ae53db9dca277c1e10efd5a48a7a73c9235593b431f
SHA512 d3723ab6d58500b899a841f9d520eec2aba07b85ecaba2c58a0f6b27d09e9dc3c7cfbc882d91dd2077e928c3856cd335c73cc1e952bfa03ad35a6d41c0040e6e

C:\Program Files\Internet Explorer\it-IT\iexplore.exe.mui

MD5 0f7c09371a3d7f82ee1c707cd6cde229
SHA1 68d683bbaec343d437f00a4cab17185614929ad2
SHA256 1818c4555e05857d38c9f3a935026a239922904ce198d24daeb539e24ceac328
SHA512 ef490ac0ab4b8371a064f76e58aad25d83736a9d10c4ac27c761294ed99448cc3cccb49ef59ad334fd377dfaaad394afdbd4c9f816389b0d80fe4103f34458d1

C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui

MD5 391d0cb7f7758f785013c1641917a93f
SHA1 b9c23786bd7016484e290db08dd164fca299bf2e
SHA256 19b014788d05a947c96a7a51e04bdf053f6f9dcf8ea2a80db4e909e3e2fbc18c
SHA512 d4df0dc74588ff346f2a2f95244f11cc7e5b5b05c28f237cb4c8ebead009fbbd92dcbc0bdebeb26a0ecc8289e409f1bda7fffa47b44528e74cd4ee4bfafa19ac

C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui

MD5 b8b9781ac198c3e4882efe3b1707de88
SHA1 6980ea2af5a52d4faf485d686916bc177b17ce35
SHA256 6346b7268c66a0ee78a22def4b9b424ba303115b6172a0824cc73b87f2d97230
SHA512 4240abaf127756d2ed5817e66a52ea9849e1d51087252fba775a799097e60eaee30d73de851a95b4ff0adc7ad2f992ffb4dc3f27f958f96631376c7ae893af97

C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui

MD5 e6894783e82db5b1930bcafb5aaba60c
SHA1 95777bd1127cf9bf308fcb8452cc8d6a2233ad79
SHA256 874c9038a9d045ea19d14ca8f7090f58fb1b7d2b270b22128353dbfbf6aee3ca
SHA512 c32ee9db2c4a68b500eb852c9d3c8da21a4c2f0ad289ace9faa5f2e41793d3b309224ff55c1113f624c4537df437eaf0007085ed5c5a5e0cb43a2d6fe176c8c2

C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui

MD5 ff067e2407ad31474c6aad534c8e1642
SHA1 933d1f07c1779eabc6aadfb94773ed006ad9706f
SHA256 f86fc44039a070fb5f20d3fee379827191821172041199d654cddcfd2916a6af
SHA512 a8d246676929ef63d9f65d0f578af6de6d724c05711d96367410fb9852270101085722a913d37d3bc100d28eed19f7353d2ce40ff1f8549671593b967cbc7605