Malware Analysis Report

2024-11-30 11:30

Sample ID 240228-rpcgmadg2t
Target 9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141
SHA256 9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141
Tags
lockbit ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141

Threat Level: Known bad

The file 9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141 was found to be: Known bad.

Malicious Activity Summary

lockbit ransomware spyware stealer

Lockbit family

Rule to detect Lockbit 3.0 ransomware Windows payload

Renames multiple (10620) files with added filename extension

Renames multiple (8905) files with added filename extension

Reads user/profile data of web browsers

Drops desktop.ini file(s)

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-28 14:21

Signatures

Lockbit family

lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-28 14:21

Reported

2024-02-28 14:24

Platform

win7-20240221-en

Max time kernel

152s

Max time network

129s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe"

Signatures

Renames multiple (8905) files with added filename extension

ransomware

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\$Recycle.Bin\S-1-5-21-1650401615-1019878084-3673944445-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-1650401615-1019878084-3673944445-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00052_.GIF.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Stationery\xa1Xx3AXs.README.txt C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libaom_plugin.dll C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_ja_4.4.0.v20140623020002.jar.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\OriginLetter.Dotx C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\CONVERT\1033\PABR.SAM.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0105294.WMF.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\CONTACTINFOBB.DPV C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\TAB_ON.GIF.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.Adapter.dll.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\Marketing Projects.accdt C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\EXLIRM.XML.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_fi.dll.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\xa1Xx3AXs.README.txt C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Windows Media Player\ja-JP\wmpnssci.dll.mui C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked-loading.png C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME43.CSS C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15170_.GIF.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\de-DE\xa1Xx3AXs.README.txt C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Montreal.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\HEADER.GIF C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SPRING\SPRING.INF C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\WhiteboxMask.bmp.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\WWLIB.DLL C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL010.XML C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GrayCheck.css C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18239_.WMF.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_sv.dll C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATER\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\gadget.xml C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\mscss7cm_es.dub C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA00808_.WMF C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_hevc_plugin.dll C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0149407.WMF.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BL00242_.WMF C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\gadget.xml C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\extensions\VLSub.luac C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_zh_4.4.0.v20140623020002.jar C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_snow.png C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_right.png C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10337_.GIF C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\IRIS\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\chkrzm.exe.mui C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Java\jre7\LICENSE.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\th.txt C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\viewSelectionChanged.js.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA00388_.WMF.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\QuickStyles\Perspective.dotx C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0187883.WMF C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic_5.5.0.165303.jar.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\MSTHED98.POC.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\DataViewIconImagesMask.bmp C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xa1Xx3AXs\ = "xa1Xx3AXs" C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\xa1Xx3AXs\DefaultIcon C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\xa1Xx3AXs\DefaultIcon\ = "C:\\ProgramData\\xa1Xx3AXs.ico" C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe

"C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe"

Network

N/A

Files

memory/2716-0-0x0000000000DB0000-0x0000000000DF0000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1650401615-1019878084-3673944445-1000\EEEEEEEEEEE

MD5 eddcd12ac99a55fef0d1ed0bfe0d7691
SHA1 69cd7c28281aa7e2c6bd87bd71787aa7d40585f7
SHA256 f6a4fce4faaf53347021643d311c1a5b8a4b34686b3ff6034a6f0d122759fb72
SHA512 fd45f352852c50dd627a416508903e9a4350fac0919ef345409f121620fc58888909b0f477a289814cc100b1b75b351a68d9ed126f656b8c054e4baf00fe0463

C:\xa1Xx3AXs.README.txt

MD5 b086e40671776e1878d78e5b77d87b29
SHA1 afc25200704f5e355a80a719e86a450295177606
SHA256 c99243fd5b4b2b5be708c0f30d095e515517f1e26a01032d05ad5ec6d6e4e2e3
SHA512 e813443a43ec149dc783d8f41c7e0abebf79ffa2718c33747a8d4a5cdc7ea1f9cbbc7ca7b2738ed4b724f246b0c56fa9f48c19f941174ddfc976216221480474

F:\$RECYCLE.BIN\S-1-5-21-1650401615-1019878084-3673944445-1000\AAAAAAAAAAA

MD5 98c5880786fd0a2db162f762db572591
SHA1 42208d6c7346e658c2da052ddbd86b92bdebe92e
SHA256 06d9c96545771d7ca67fa172a30c66713f6fb055373cdcc8483828b516272f8f
SHA512 6cce79408bb2d546be90028db081966eb29192211c143bff39713b32589989e64751b8c106ae85f1666a343105c31b6ecab622e240e0d517c0b6c5ed47051dfb

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-28 14:21

Reported

2024-02-28 14:24

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe"

Signatures

Renames multiple (10620) files with added filename extension

ransomware

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\$Recycle.Bin\S-1-5-21-1904519900-954640453-4250331663-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-1904519900-954640453-4250331663-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\xa1Xx3AXs.README.txt C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\Library\EUROTOOL.XLAM.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\msdasql.dll.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\dev\xa1Xx3AXs.README.txt C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp8.scale-100.png C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Top Shadow.eftx.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationNative_cor3.dll C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\xa1Xx3AXs.README.txt C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\de\Microsoft.PackageManagement.MetaProvider.PowerShell.resources.dll.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\it-it\ui-strings.js C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\MSIPC\ru\msipc.dll.mui C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\fr-fr\xa1Xx3AXs.README.txt C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-30_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\arrow-left.png C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\libposterize_plugin.dll.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\it-it\ui-strings.js C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\es\Microsoft.PackageManagement.MetaProvider.PowerShell.resources.dll.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\LargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\msdaprst.dll C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xe804.png C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxBlockMap.xml C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-256_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Windows Media Player\it-IT\wmpnssui.dll.mui C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\selector.js.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\nl-nl\ui-strings.js C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\mfc140u.dll.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\System\it-IT\wab32res.dll.mui.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\ko-kr\ui-strings.js C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-96_contrast-high.png C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\EmptySearch.scale-150.png C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\vlc.mo.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_empty_state.svg.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-80_altform-unplated_contrast-high.png C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\vlc.mo.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\msmdsrv.rll.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.targetsize-80_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-private-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ul-oob.xrm-ms.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_RHP.aapp.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-36_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Viewpoints\Dark\MilitaryRight.png C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.Common.dll.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\en-gb\ui-strings.js C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\flags.png C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\Microsoft.PowerShell.PackageManagement.resources.dll.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART2.BDR C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\pl-pl\ui-strings.js C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_anonymoususer_24.svg C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pl-pl\ui-strings.js.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vreg\wordmui.msi.16.en-us.vreg.dat.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\s_radio_unselected_18.svg.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\scan.png.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xa1Xx3AXs\ = "xa1Xx3AXs" C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\xa1Xx3AXs\DefaultIcon C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\xa1Xx3AXs C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\xa1Xx3AXs\DefaultIcon\ = "C:\\ProgramData\\xa1Xx3AXs.ico" C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe

"C:\Users\Admin\AppData\Local\Temp\9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141.exe"

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3968 --field-trial-handle=2972,i,4036376905309803364,5412922217215781933,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 200.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 138.91.171.81:80 tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
IE 209.85.202.95:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 95.202.85.209.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 210.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 208.178.17.96.in-addr.arpa udp

Files

memory/680-0-0x0000000002780000-0x0000000002790000-memory.dmp

memory/680-1-0x0000000002780000-0x0000000002790000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1904519900-954640453-4250331663-1000\AAAAAAAAAAA

MD5 5eee2d27f4bbf123816e899f86c28cdd
SHA1 dd45404431bc57996a7ffb63701074e2a3d45b7c
SHA256 728b8cd691b537b668a373b467967f899f4ad95ddc5d5b29c365438d4fe19047
SHA512 ebd1fab395f879f36ba499419156ac9f2c8f30ec6ef2b58b99d01891727bde0f2973a34c5e8e15d1dea89aea430c8ef5cfdc9476b8130942e28f9d0621791df0

F:\$RECYCLE.BIN\S-1-5-21-1904519900-954640453-4250331663-1000\DDDDDDDDDDD

MD5 923ccf7b8dada6907eaa09319b5ecee9
SHA1 08bb31a77f2b08d34bc00251c4f2752234d9cc6f
SHA256 91290690616d1776039eedd45db088fa0bf8dc1abcfc924331785de7fe6f08f1
SHA512 513b46e532ef1216e0bc105385da21c93988905d3af139e183f3478d152c45e3d68a0797c64e20895b8f7f622e98f9b6aeab59d14d08d8ef01594f484087c3c9

C:\xa1Xx3AXs.README.txt

MD5 b086e40671776e1878d78e5b77d87b29
SHA1 afc25200704f5e355a80a719e86a450295177606
SHA256 c99243fd5b4b2b5be708c0f30d095e515517f1e26a01032d05ad5ec6d6e4e2e3
SHA512 e813443a43ec149dc783d8f41c7e0abebf79ffa2718c33747a8d4a5cdc7ea1f9cbbc7ca7b2738ed4b724f246b0c56fa9f48c19f941174ddfc976216221480474

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat

MD5 bc40bb8fa64083120d812929497cd9c6
SHA1 de6ed387ba1d229c097cc972cf92d7c7ee921845
SHA256 93af127f1e450749fcad44768021eb1465485a7803b12c2dcf4a02b01cd299aa
SHA512 f50ec0087ac389bcd4df4f1159e068ffd6e5c9858fb4e98b1efbf8b3dc209c8202807de70800d568f883ad2ed2cc5cb6f0344f0c0f4bc5bbf6d464dd698f58b7

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat

MD5 cf3a6c3bd38fea2f1c4e90de2efd762c
SHA1 24276ce5f36fe40470cf8447fcbf272843df40e2
SHA256 79f7fcd995bbfab69b63d4a7c105d7a1ea630a48ccbc03b94f80fa7d99d6d957
SHA512 b3c5535cc7e279c149e6138f1185cfd48740e65fa705539f961dcdd3ac18170d4be14108190b22d28a1e872fb033037247f50a31a0bfee38d015c334f231b5da

memory/680-4528-0x0000000002780000-0x0000000002790000-memory.dmp

C:\Program Files\Windows Photo Viewer\uk-UA\PhotoViewer.dll.mui

MD5 12cc5d17c02b43eb7698b17777481478
SHA1 4ba0df35c2c209655038b98da7b3f8762b99139f
SHA256 19ad7430c20913bc1b03bc995ce6a5cd5d87d2a315efac514b03e3a088e527c2
SHA512 f25f0eb0f25541acdba56ba0e481c208881a0d92ec8c4f464adba861f54229ac45ef2f23d2f64416533cf6966864b161534d872726c0715857e13775053c4941

C:\Program Files\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui

MD5 ae0c345792b46cc5fa84250f8c07c718
SHA1 a09d961a14b7b36f5819a0483526d59586095182
SHA256 e4e15ef59a9e5590f34376d5554c38a0c5b0159331cf6e2ac338e847f3043a58
SHA512 6c53da57069a35dea74527fa55b6f4c47d719d185429e4b9a8f934b435f9a4795ad2f902f36bbc72540f88ccf6ffe76afc3781e354226118cac6823e0a570fb3

C:\Program Files\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui

MD5 34992e966517e93bf121a6235a8e1fcc
SHA1 f24d520c1d90b33def09023691e4037dd6066087
SHA256 3ef2c87607153bb0cee08e20259d6a63cf32d5bfeab3015fe3699616e42bf066
SHA512 997cda64d7f7d4d41042591e5ce9bfebe8c3580ea87f906fb0a53723d15f360321b22f0a54516e2f13bdb5f8dad76be4a8e4f76c518b7678a3a22dc2a2f303ca

C:\Program Files\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui

MD5 fd9e27f2d5d370a731fce17925da96d4
SHA1 1d8e5b1c80189db1947008413fdf5f9c79766981
SHA256 bd439bbe990833389e8b08be3750f6dd03bf372dfacb72971be2a5f7559858e3
SHA512 f607a6ce05216eefbb1d25c97a0a1f7cdd11441699d1eee3c3394640a97591bbb6fc7b4c2fb5d888d31a9a7c6e142452b6f91c337a098bbd262293c60becdeb0

C:\Program Files\Windows Photo Viewer\es-ES\PhotoViewer.dll.mui

MD5 275677a8b35c99927282c827fb316276
SHA1 f59c3ca4ca6724171a552924e101d38a9da45ee8
SHA256 dccc84baf17a14a48b8eda32ad95ba471163d33d89f8bf5775cebc5ab80b5aaa
SHA512 9ba0736f02a01e1a472bc1216ef3e72608b99351193f106789681a1b8fde21adf80c353ea614484846f43b1cb5c5b6ebb579ca33314c88bbc1e1010c50270ed5

C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui

MD5 6a4766f18cdeccf23607de803648ff3c
SHA1 ae46661787116f66920615c807dc578af418484b
SHA256 c1255099e2ae99996385e8100046bb4ea5155bf772f778d55765aab7fee095d9
SHA512 189d20a3b74d84f5eab5706071edfe6a5b3080ae2c454601a44d86b4ae2f38728c93ae776314d2b27bf2979ef918ec87670175c4cfbb7f59a63737c1313bd319

C:\Program Files\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui

MD5 0867d8d317779291e617f940f1910b74
SHA1 c85870f39bd6389d316937877ab131b43a456397
SHA256 6336688bb0808da1e593221176e44ca6983b55815633270cf572bab30c1b5b89
SHA512 1f21e70b9a88e6e57473fb86624d9e505ca55094aeb032a8e6d1d7e5b22def70e4f46dcb7951941e360bae4ac99b55832ee1ce2b2215c05a9fe983c67f6dc339

C:\Program Files\Windows NT\TableTextService\en-US\TableTextService.dll.mui

MD5 21588bd72bc43f8f15eaafce0a10efce
SHA1 2ac1c5090a4315b8cbcf81c01259907453bff5e9
SHA256 3c34c9ebcc7b10fff3487338f0cc16f8dc79acf6bb7cd8b5fa4900a531bb8a99
SHA512 452904d0b0f831ad57e2edac077c4eba2f328acedf030371dbcfa81caccc217f3e2810f12ce4cedfcb2b3d255fd73d7d8cb8aa66d6f727dfa3f5bc400edba069

C:\Program Files\Windows NT\Accessories\en-US\wordpad.exe.mui

MD5 a3be81db2a21ea1915a0bdc3e7b476f3
SHA1 de5226ee4adf476f081e702efe989a4d79aa107b
SHA256 18bfe8d6529e965079a55170d9026634b1e0d68f79b92112aeb0351802ad91fb
SHA512 77446753bf95c956acbbc480907d779d97f0ea24bf14a09e26d29dd896a991668c356bd67d3dce16deb2632197dba4effe199e1089730d1c9b1c6bc70abdacad

C:\Program Files\Windows Media Player\uk-UA\wmplayer.exe.mui

MD5 83432aa17e07e66856eb1b84a7050a99
SHA1 c0fa52e924759a6e8c6dbcbffefd5cb69a16a9c9
SHA256 0caa63e2f4f712cdbe627394e9196b71b39d9ccd0bebce90a9620fb7968e3248
SHA512 fa8d2ab55c46de9dae67e747a91d1e28466490f8d9f38f7388d3067bf4240c2ddcf792dbf0bd500780503ebe7053422e84c6b3c3273c200d57be7d16a3cd86a6

C:\Program Files\Windows Media Player\uk-UA\wmlaunch.exe.mui

MD5 639ff378e01b8e13ec75689a5f446229
SHA1 4e07f374b8bf0d085836ae688d3a0edd5aa2775e
SHA256 c16c5880cba627cc80682ca939517c4c5a96c0aa8385fd4028e1889548d4659d
SHA512 ab716069ca6ca6754734f024d2b08b3c388a4564ff195ad14465ba3cd2ddebb9bd1a2f3784af62818a4c55c7c96d57c98a8aadfd8a252828019ba75425c545fd

C:\Program Files\Windows Media Player\uk-UA\setup_wm.exe.mui

MD5 25431592914714b716c9ae1a4a3db88f
SHA1 03417493ffbf3d22a8745a356704a51d250c85ed
SHA256 316f86c731124556d38f2901cc9127e63c692e7f7d572ed5df48cc77d52502e3
SHA512 5d71771a0474637aec7f5abc6debb5362a4587e62a03c75751efeace211c9bf1aedd75a81887d93fc7b46cadc2c3de1546a8c8a8705f2094c0f3fafcc6c7bbe3

C:\Program Files\Windows Media Player\uk-UA\mpvis.dll.mui

MD5 75e09215d17055a2054699b0a338b4e4
SHA1 bfd7b45bcf77d9096ee9bf5e9fbe0c165c39a98f
SHA256 efecb12d192e14352457c662a99a8ed23710d590e2e7669cf30450ad58b13459
SHA512 e302ffafdc0a85c914a1144d479cf0ca5094b68a4766bb0a9dc37b07b92ce3e5e67b5d49bcdf3322557a7305b552d4ac64b195fc0af66cbf1f40fd8d133787a8

C:\Program Files\Windows Media Player\uk-UA\wmpnssui.dll.mui

MD5 6eff8315992cc82f42c0c923e1a5567c
SHA1 3303589b5cc66789403fd224259a71b917085eab
SHA256 adc534965ee26b039dc57ba8d214ba951facd2f751c6f8132a94a409752a9b1a
SHA512 031c55e1b6df75071bf4b620859cc54243ffd6ecf1059f6fd4a8999ee9a43753f83c3a1ee93ea8e60ba5947fc79ec3f0f0bed2890d97652f247ee2b19956772e

C:\Program Files\Windows Media Player\uk-UA\wmpnssci.dll.mui

MD5 c8c9c17f8199427d4f393ef4a853bc9d
SHA1 8059cc035194debbbcd465490af35a1d9254edc3
SHA256 a5f899af916f4ee4e58456d570f09c0ee17506270673f2911a86e89abb03bd0a
SHA512 a43a2641f4c39af5e4df1d45e638cfd9a59bb333354022afd6fdb04fe539e073624b7a07dedda81e2ff539861d6e8640031761ccca3bd8486846e89ab35fde88

C:\Program Files\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui

MD5 f9563d93616cc0297c088e70e0e9e433
SHA1 9e841c1b7c3e6f924c7baa146764663d4f4ee160
SHA256 e1ba1103e234b0b65418f8f96504b8ecda35fa0be28e4772ed3a95ad7539efb8
SHA512 ebc18cf54c5ff193b95312708e58b593790429d6efa7030906b25fcda3d38408eb771b39d8d41394b0927a762df23ddd95633ef177069f03c4fc9b440ffeb4c8

C:\Program Files\Windows Media Player\ja-JP\wmplayer.exe.mui

MD5 ad03f966a33f51e31706833b41f6c2de
SHA1 91d4e0518ef74f16780ff26541c14aaf0b2859d5
SHA256 97a71b86713ad6c3e99bc467b897b94c64c7c5ec49d77b006136f4c940a1d626
SHA512 1d81d3e58802194ef91209c6b149e85b2571c4c75d03f3bb100216db52c2b2c872f89775b27cbb8d5366b1b14481707bf837e5aef413c7d30d17a8d7bcb3788b

C:\Program Files\Windows Media Player\ja-JP\wmlaunch.exe.mui

MD5 847028c036aec4d77900947907311eb0
SHA1 eb3cb80ec3a52d57ce81a4f9d7e4c91c4fa9751d
SHA256 8f2c11c6c304085c05aed8a83d7b4bef97448dd69660ab5a31e34b1c6c12a9ba
SHA512 6dc5b289c004e7aec0455485b393d48f0631aa7b66335118c7e47e6724cc08fd464eb9729077880b44f9ee96b56f7e0ae072e2022a4ccd2c85f644201d64ee64

C:\Program Files\Windows Media Player\ja-JP\setup_wm.exe.mui

MD5 d7eeba72fc5887f9bb7c46085c1d6d74
SHA1 66c5ae321d6daa31ac50a68357167b3a74d5ca12
SHA256 115747882c9dfda99f814991f6c872be99d70a02642d6dca854a7464273d085f
SHA512 71782d678fbe82a59763440eb955c45865180cdd85dffb62c4a6a4f69fc69fdc7e03b3db2260a4e52b89e98c07274f16c240f4703ca57a811931db4c5318ee9d

C:\Program Files\Windows Media Player\ja-JP\mpvis.dll.mui

MD5 820b8d10ca5d8f59134f4110ee30e335
SHA1 6010b7618240a427e0c7e5d5ae14b95cbfe8742c
SHA256 022cca50587fb2f0654737011090bed40f0a91f5f9b5cb2cd224fe2c516cee28
SHA512 cdc8a400fc493d46f10e54b056b63b26c7004b9296681e72aa83fbc23d35166ff6d7a9de13907aa6cff0ca552db1bd4c2c4b0fb006b9bf99284290a765950bc7

C:\Program Files\Windows Media Player\ja-JP\wmpnssui.dll.mui

MD5 b812fb15b2cb28845e6e614cd5cd8a16
SHA1 f089de50f154cf68e00e6aa02b425c8c48a3009b
SHA256 9cfe18509429e1bb1e7d5073f3bacedf99eb70719084d5ea6151337dd3e5990c
SHA512 84c58e44459a944e49f3d55d52f3e549424bd0254154c6248828d7411945d75a60d5f7efda45b3965302091877056cf3d230e8675caf135c3a9d31b73ea3fcc0

C:\Program Files\Windows Media Player\it-IT\WMPMediaSharing.dll.mui

MD5 1b10b08a3053b1c8539c19ef6ea92e1f
SHA1 5a2c2a8cca28bcaa13087600093bbc711ff5d774
SHA256 e454ea19570151e539418104aabbf470cd99890085a106ec132188a0bf57bd75
SHA512 aa5a09d5f020eb30dacfce25abf6f1b252fc77a59ed0f74c1a343517ec3f327605442883d4d8b5ee15bce7a3798916650bad228acbd6a1b2d484421663ab13bd

C:\Program Files\Windows Media Player\it-IT\wmplayer.exe.mui

MD5 b81b1e9f9ffdfcfb5acc58f6c531718e
SHA1 29af06746676135b23349787b30c43f55798795a
SHA256 c5f5248ed02596ee9db5c2e9b3777b61fe0038fcfbbddd463fb2ec09ac301dab
SHA512 7181c94d045403fa85cf8be1e457182a9e204d85de7c517a00ec39db3da3fb9e47281b85ab327eae12a29645d99ead39f03001be030f0ddcc269577269b7b18d

C:\Program Files\Windows Media Player\it-IT\wmlaunch.exe.mui

MD5 ca3a69dd5e6907e66dbe0de99fd55215
SHA1 6e32ea3fa258d14dd377495dbc4f78b8ddf4885c
SHA256 1aa8788e20ea989dc212a9262fd8a16e88adec5170e67f9453c35fa0c1ff8a88
SHA512 4ddafaa2454762beb7a318404bda1fb719fe7e40b7aeac0f3314cca860ce0bd0da1d402c515563edbcf5d0bf9bc2800d835a7e5a2b7c118ab851878d76bc43d6

C:\Program Files\Windows Media Player\it-IT\setup_wm.exe.mui

MD5 75505ffac8df62976f2df7f8f0e2a41b
SHA1 64e7bc372ad0e9f1bfcb8f532a7fef49471809f5
SHA256 9b0fbbe2a0ab85767740970d628d4b26234fb2c3c8b957bdf924c3c42a4c8505
SHA512 fdb1565d1f2756d0e0312a660f323aaaf2635957dab687f140ac833804c71235d78df68558a14a833120703bd0e3cdb0ad6b634c16612fb9a07628c7200928e2

C:\Program Files\Windows Media Player\it-IT\mpvis.dll.mui

MD5 5021342d3bbe73345ea11704525cbdba
SHA1 f63e37293a042d315fd979aba930e5d3e6bec689
SHA256 fd4251a0e80b7adc7236fc00be22fcb2f288d08e9c7e0700ebeaffceb3b5abf8
SHA512 e1a3195a150e87a0e8a81dd51778f566db8b9eb7c31e9768c19b58c317c74b4fbaace3af0b568e9205ee7fb2476fb8b7ff5e2442e67a571e2a790fd1e333457b

C:\Program Files\Windows Media Player\ja-JP\wmpnssci.dll.mui

MD5 e0ebacd31ddf89c6838f6d0cce9d1f0c
SHA1 f838df33ad55967003f3080eeba16be684e9aa8e
SHA256 588528c41d83b154a872bdd1d753d1d1c5827a2ed70fec9aae5ed183972426da
SHA512 f239b21faebb4e566848e475399e3b83885b5697fb66aaebd7fed4fe6ae7a00c246f0a26b32c9163fa0f61c538d89a624561a3ee9b75e54594e03e961c7c13aa

C:\Program Files\Windows Media Player\fr-FR\WMPMediaSharing.dll.mui

MD5 cd68d6f0e3f2bcda7b8e61ddba5d1dc0
SHA1 c23204017e82bbf57756fa32b9b8e57b65dfbf7c
SHA256 b28552e9050911b6de73b9a83d31c12a7a4167719158202a9d2db1c90403c2cb
SHA512 d09d46a0829d655354a69392fbfd3dba303ae643bf8d233ff14ed52822057a1163fa760f755fd0b12d70804f09b8a0d924c76aab0f912c67686f507d8c921e98

C:\Program Files\Windows Media Player\fr-FR\wmplayer.exe.mui

MD5 0d8840eb995131adc38837eb00186c6b
SHA1 68242975dcb694802fd74db4694ed1020439575a
SHA256 6f74673bb6ddb69202fc3fa1636b72add18de8a5d0d399f9630ce27e5d56e83c
SHA512 81c2f2dba5776d647b575bca7421230b2f965879711f10b640c52a4bfdf1a03780b1d25532a92f4b198828422b6f24facb3113da38d0e7484e7c6eb587eadbde

C:\Program Files\Windows Media Player\fr-FR\wmlaunch.exe.mui

MD5 e6a306df9585a09556e80f68c3d855e0
SHA1 2068bc1401318bf5433ad9335b71dd0568632aa1
SHA256 91287e318aef95fe90b1c069387a29e1477395dea626a099e18ffa2b433cbc4e
SHA512 bc6b31752f89f5e3930d6931a8095a804221c93f2352e2281eba2d51c88e0952f9d5041cfc231d07c28bf6a08e352ae11daf0920420a33818bd74a87d7c13166

C:\Program Files\Windows Media Player\fr-FR\setup_wm.exe.mui

MD5 f8d5e55706a42d1a09dbb3821bddea5a
SHA1 b462c272561c04415343afc469d9992526f53c0a
SHA256 bfd495cfc038c7a2e4cd51c0f92a7e19c5b6b19144ae21562f020d939779d26c
SHA512 abe9120183fce309ed3532d962d2f9afc8f30e25e5348696935c12423371103b0843c6543ac4087475dd308a1b7d10a67a0afd80dcc3de6511c8e926df714b88

C:\Program Files\Windows Media Player\fr-FR\mpvis.dll.mui

MD5 89475643dc0f76d51611f655b20d4ffc
SHA1 253eee96933a94fd455a36480b4b844db2198710
SHA256 54a52d5040f4e74f8f132e2b67c7fe7256893c331760a058245b079079a61af8
SHA512 8c098bcc37dc4c16003102300ba24d732aa0e02d40edb048edd673033b537ee96baa777c1cd671912c84dc555d8afdefceacf8ef22c04f35b1f2b51ff3b3ca5c

C:\Program Files\Windows Media Player\it-IT\wmpnssui.dll.mui

MD5 33b114164f114f9d2471073ea5e4c912
SHA1 1ae0aa4bad14adfff5b5fd76a2cddd9eb3564be2
SHA256 f413a771728ec52d9267589d11a309223412f0c68fcff2de8793bf3db49ac71a
SHA512 3e8919108c2f4efccf89688a3451deab86b6166eba2dabd6a8f702394c2c4e37c2c204869eedd71c340084f00a2788696f403deeb35707c4afa4f6e1a0545644

C:\Program Files\Windows Media Player\it-IT\wmpnssci.dll.mui

MD5 57943ca11149eb63a52b9825fa454e9b
SHA1 1c3c5efb479960ed5e5282c42a84570437656e37
SHA256 81e2c28c001ea8c09dec01f8d6c0ff340851def4b57a2d936eef2db0e31af1b1
SHA512 80df7548fabbc85feb54d4a7b984544a7d6671c07fbf202a022b038aaaaa872a3c8a659994c3d8aa552585247249152dd9f8485462d76b61ca1117c2ab9ca18a

C:\Program Files\Windows Media Player\fr-FR\wmpnssci.dll.mui

MD5 79f1d983c56ce790af642170c163da52
SHA1 eed7267b5aca4882b60f274f67e65ac0523cc709
SHA256 028d688dd65300dc47034a658a948f9b622e46243b707531236b28330298a547
SHA512 c5dee4baca74598dd8308a55a7493f4f7771a2905c0965dd06227c50844d5d2e41e9b0c58e202ad4f82befade05440e134a4b061c302f230268f3cedbc156c09

C:\Program Files\Windows Media Player\fr-FR\wmpnssui.dll.mui

MD5 883b99008d0fc9048433bf6106705d05
SHA1 efaf75ef96106d698640cfefaf7e476f9ba18a82
SHA256 570e97d8a4e5678364474eee7c4b7a5766d1eac8c8f6eab4877398461cae680a
SHA512 e69e5bc2fa01a07549efe49b373223b84cce0a2df3456ce53ef09f244c806c4e1fbea09d93716ac2a7439c9f6b59dab740f8e730edf68312a30ac0ebe3986a3f

C:\Program Files\Windows Media Player\es-ES\setup_wm.exe.mui

MD5 2193cb0de4c69f6acf26f6311cbde277
SHA1 66a79a0779d2c391707604002561d656d49497d8
SHA256 78ffbbb8f5b9a923e4ee4f97fb57dbfca4f312715b44ad317984805b17f054fe
SHA512 5840e33a03e70e1126cd23ef9317f6f1d344c0cef24336c513d7cee9ea87c469b5f5d033acd2f5e3af0a4d520438e04e8c0079ddb2b1d0a506ece189722ecfdd

C:\Program Files\Windows Media Player\es-ES\wmplayer.exe.mui

MD5 83e163ef47d726599b1228997fbcd1c2
SHA1 62d54769c9268db0febe0248cd294ac9c365a172
SHA256 8432c0de8535a135a85513085e47294e6f661e200bff1e78cdc530bc632264c1
SHA512 bb5beba539ecc299dd875c9e8f125b6c3a329d818e4e04cdff3bc96730d39cb331d7013cbbcf7e0f90aaf20705365b10875a93eaa315aca7c1f2de28fe1901a4

C:\Program Files\Windows Media Player\es-ES\WMPMediaSharing.dll.mui

MD5 83dd5c1b1da7353bd62febbec5b817e7
SHA1 25c924e2ab41911cab1cf96d98f1aab71c9ce4dc
SHA256 30ec26fc37c0e66b29f5b533a852dbe1779827fdb828d957873e02d93f25f2d9
SHA512 1366e5a6905d82b1b091dff540094f18009a2ecd349dd12e31f6945653133e2363d120453c7529685c6f6fd4143e8b0f42774b0b544273f177fb6155c7e7133b

C:\Program Files\Windows Media Player\es-ES\wmlaunch.exe.mui

MD5 7b277b34037259efa599d5fff540ea9b
SHA1 1d4f4c65f9089cfb7fc0ecb6606d22bde70e735d
SHA256 d3751e8176a36cf8211da3421812e37417ac977a2881c86f1f3bcc3d963f3d97
SHA512 b4624f96e7167e5adf5446a1b61f6630f4afc800fe8cc73d1a6529c4f7358d7066e91fb9edb7e79272d93294aee738834d6bc026d3b40b36350c45c65ff0abe7

C:\Program Files\Windows Media Player\es-ES\mpvis.dll.mui

MD5 cb08705f0ce60bec5970bfd7202fc7d9
SHA1 4f1e84d880f7dc1ad15ee8ac1623ddd5882e27a4
SHA256 f558fd3cc9cecbf7c838b494bf229667e26791b5e3521d3bcc0867ca03b0bf08
SHA512 53e3bcc536aab602c4a5aac1d8337f376e992c85fa492e8f6822fa7dab961edd860dcde53d60f564a5dcaf54119dc15260aedd3e01d40c22d72bf782a9b7e69a

C:\Program Files\Windows Media Player\es-ES\wmpnssci.dll.mui

MD5 e132ced8b8ffc36761c4eb2df072c0f6
SHA1 3ab33b999b2c832db7d55f07d6b147d44a921bee
SHA256 d548eea793415eacced1b5d75eb437feb17cf202c87c4a63391e9bfcd0e16703
SHA512 1b6196b584b5d43acbdeaf248191649fa377ea1b0aa5d68d26a7dc211978fe28c45c1b26329b5e9185e2345c3ee12af43ab242b5fa594a17b32c1af276fb8bd4

C:\Program Files\Windows Media Player\es-ES\wmpnssui.dll.mui

MD5 e6d8c4d4850e4b09b0047eeb94879011
SHA1 a3e9418f0f753045b206c0c7d991ffc697eaf2ef
SHA256 4badb05992d34a00df391eb958184205765663d9f17038ba44d24db8c377e225
SHA512 98e47290912836c4b8220fea914f0a8d2589dac15d286e76f01eeb92302ace8c75a62a3954158c20ef9420305d9347d3248f3136d8ebc5eb89ddcfd84823c73a

C:\Program Files\Windows Media Player\en-US\setup_wm.exe.mui

MD5 ae43a6788a283bb10d82213efc96e8dd
SHA1 d028412d1efb56c7000544200ac6cdc0dbdbfee7
SHA256 656f4ab9b698e114056bbe2b8c584c98f9ba23ae58f4bc4928bfb211cff6f8f2
SHA512 6854dbadaec255201a460e26c81f2a6c6872bbab5e14e6507a904992b16798fdf5aff6327e011a0950d07e84d4490eb68bff4fb39b72b16e648f6558e13e7547

C:\Program Files\Windows Media Player\en-US\WMPMediaSharing.dll.mui

MD5 2525039f1856db93135673655e05b562
SHA1 7018a76de064a9416280b79f2bb423bfdca6a60d
SHA256 d6122b52d18de15763f45e32687d941049efe5087fe6ad214e0fa919fbf884c5
SHA512 0faa7d5aa02b196c3b72be5d17f50fde4ab0dd6028fcb296a9c8bd04a065d7d78937d776800ff13d770f8204b8aa1fcb70942578b417d4f9bdca2d7bb89859e1

C:\Program Files\Windows Media Player\en-US\wmplayer.exe.mui

MD5 00d82f75c89cfc7617e77b5f2a0c16ad
SHA1 2d9873c9bcbeb98c19d6f7f761edad0a06913843
SHA256 b7fb5e6067c9bdaa092acc9e34fba8dd9c5492cbab459129f855636caf62770b
SHA512 0d1985d24c126b97aff3e8522341ed1071dd0a08927c60cb174d05f6b57229149c8203a45ece3dd1b88aa872193dd2d749a089e3157b5fb49bae7abc052b3812

C:\Program Files\Windows Media Player\en-US\mpvis.dll.mui

MD5 94ed6af4bdc830c90c1479c5e6091c45
SHA1 93fd61e6c73c5341cbbeada5cdbbbcd651f743cd
SHA256 3f0d4a3eb0d7d37a0b53e3123b1c8eea2f81b1c6cd5f3e6eaece38caa4b1448b
SHA512 7a0916dd157915fe614bb9cb3e637effb8123b265fb390cad4954ff4e8699d3ec123f1e7e93895870b37a25c7bf8d3a74526131a08876e90c66e569c4c18989b

C:\Program Files\Windows Media Player\en-US\wmpnssci.dll.mui

MD5 dde29df2feef4503e453fb27da5741c7
SHA1 a26ec63d5a6ee1b89f5182e370147b491be314cf
SHA256 9a7692e7fe3b2df10ec6b99205bea8e200f74cf177c79b7ce025469ea879856f
SHA512 016811597ff993b48cee3d3a6377e6af7663842cf5056820f6b28b6a31b681c1545ce134312e110ddb75e0d46f9be9a16df8ea04085b5d5055deb9c2c5597fc1

C:\Program Files\Windows Media Player\de-DE\WMPMediaSharing.dll.mui

MD5 17b64533fe36b6a2af3a05069460788d
SHA1 be1586085f74cadc1e10f5cfd9d4e99e7977f1a6
SHA256 f2058c03c508375912d9d45c6b285445b50f8b394da885d025901b38be037ec0
SHA512 340810f2b87240ea90b1473fb353864c6764e17d6ede8466f13dd5766b232ce545579c21a8c40ca6eb99ca48511a4938e7a0f6f54f81c5a9cae9997b25df0149

C:\Program Files\Windows Media Player\de-DE\wmpnssui.dll.mui

MD5 7f059ed021da97bd173b7bc3e826b5b1
SHA1 d59d2a2e5ca2197750538f353ff8dbb3a0afc55e
SHA256 3123af35b81f6aa486e56bd8a6bfefb9faf618cab70f2155563261892f89e37d
SHA512 b1148420ef87bf3aec3df20641a5942efb11b82e0c8cdc941161a25f3386a9a25cba93766406ae4d0f6ec78cec9166660dc10f69c5ecbfc3775028c35794c267

C:\Program Files\Windows Media Player\de-DE\wmpnssci.dll.mui

MD5 8e7b1a53edfcdb5d23eea867caf12340
SHA1 8d49352daca12b67032849b6bb42c4a3b8f14877
SHA256 f2d2d9bff5b6c312f4bc01239dc71b0a1067e2f8345e6218216420218900b711
SHA512 7063318ffbbad3309f41cddb76af78ef0f0373a35754839ae45f3993e42da327832f0a430129a874363d3508df51825b7a9210322598f6b0c6501c13e4a4de80

C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui

MD5 4530b8074eb8bc685dce103c4b29a334
SHA1 344e644e3ff8afdaa7afada46c78d9b91e839432
SHA256 ea353f707084e8b03ec6904324726feab7b9c24e423546394d685c649cc5d7d8
SHA512 f13017023a4b9c973813de665555d7e3ddf1df0627675584d9a7f175881472f3a53f67e3b1f4ca18a0106210088ba09f9e1df0481e3bd9619bdca10f5548c7a4

C:\Program Files\Windows Media Player\de-DE\wmlaunch.exe.mui

MD5 0e4f45a3dc6504faf8d8eee261a566ea
SHA1 e60851165748107dfa9da672736933665046603b
SHA256 eff9a8095b7f5df612ad08a980e9f12c64d261b3677f9537f8834b8f03f12347
SHA512 5ddec0c7f9a1fda76e055fc33ddc57cd4ad8917b194692e1568d58b5d94b24f834ccaec1fb5aeeec390502500f3d8da3593d270187543d8b68d6afc44abd2534

C:\Program Files\Windows Media Player\de-DE\setup_wm.exe.mui

MD5 6f30ad870052603879e9d6fc24add4db
SHA1 6d053085d117365d2d66e7b1b2abb4920cd9c325
SHA256 ff4e85bd6ee03a4fbb6e84c12134571fc1898bf2da8b800353924dc04988642c
SHA512 0a2a3fc3c8352b9fca1d24ae8792487c6bdb63328493ea1e507e7c8ed2e94f24d0e345fe5d34079b4f01838c28331bc2bddb9ef4a7e5de72a5f0198a8f2b9c60

C:\Program Files\Windows Media Player\de-DE\mpvis.dll.mui

MD5 e32cf28c24be6e4a328015f195b33b3a
SHA1 6d7bdc454e263f16940ada4c5d5715d42be554e2
SHA256 40c4ea52b78b199de7b1965ce46f8fbda309fc57c71f0626098d0b9a1fc67933
SHA512 432801ae2ea75534011bfb2f307aaa945890d16d93888fbc24929b9fda7bd9f6cf135a4e7505667032035e8429e67255c7d9249451daad2b24ee14df925fa4b8

C:\Program Files\Windows Media Player\en-US\wmpnssui.dll.mui

MD5 3f654e2c57cbd3cca7cf1c2bba2b70f2
SHA1 1891797921ebc2620884d146c7c078835549c535
SHA256 ab4b5fcaab0b80036c6c7edad86ce5c3e771cdbe666ab23c536ee80052d24a21
SHA512 62f76da51e2bf3cc845a15bfaf699d4219ac80d4f7b784bdd0357582e56ab4cf8c8138579a4d9cc0792be8a9309613c8e10ce68d3d0c93fda520c03cbea462f2

C:\Program Files\Windows Defender\uk-UA\MpAsDesc.dll.mui

MD5 32f935ade35498845a33669c1e6ebb65
SHA1 b05a3e5276ea32b3bd536372b62893b6979f075f
SHA256 e13ace47fc549ce32310cc61f2905f06adcb1ff076b7c0c7d33759a2e987f6ab
SHA512 6d998f33cabad9cb360d1ff9f51346781d7e8cb78b1b6bfcc80031b176df85e8a42c3c2d8e4c3b0a932a9ef351c2c1daa22f782284110ce4f634271c51fadcf1

C:\Program Files\Windows Defender\uk-UA\EppManifest.dll.mui

MD5 f9bca1b17dfb7a44f34a38299f3b2483
SHA1 e6c7e1e745a376612fad34e242120e9183fbf5cf
SHA256 335b2f5f7b76882cf7d4353925c4a2dd93a264cece98a940dde9fc7a559ce477
SHA512 691a74d9b8118d1f25b7ac6025793708b8e3fbd3cb8165ce52eb0c8ebfad7b7aa622e394cb1d3c6b11628f8d8be5d295e6c4ec582ff76941380ea6ab80416eba

C:\Program Files\Windows Defender\ja-JP\MpAsDesc.dll.mui

MD5 d1ab55d8f45dd79c505754b0e80a4f4d
SHA1 f54d3c05c4f92cf199039b0277212a12e2133f45
SHA256 c74224fbcb436e503e7bb80a56a7a9e236d68ed06130b761c87e94cf819370dd
SHA512 33c0839a7c7aad908191a7e997d794ea7b798b491b737fd91170490565bebaed231aecb2e9643419ead2e306c224df80c578aa50ec648dc52e5ca0ddb3618bc4

C:\Program Files\Windows Defender\ja-JP\EppManifest.dll.mui

MD5 fb21abfaa709fe7acf9a84a7514ffab8
SHA1 cd243905caaa87e847f48f391dea034f21bc693e
SHA256 f1bb1baeee82b96eb1f1637a442eb14957d42f051d785ab8939d5ea11b4ea02a
SHA512 03f13a20b13cecf8317b0d8bfc1a09d90678e8f466e44c613994292643fcd72f3e520bf982ac8c72c5c566e65588d6f1aae6e084ae4a5fbed96b2f48fb48e3ea

C:\Program Files\Windows Defender\it-IT\EppManifest.dll.mui

MD5 73e040f18214ff388e332ce0a0bf22f2
SHA1 f7dcccadae55de28d15b1fb24e31f30ea1ba6646
SHA256 ac2f42df7e24377cd00ca1eff28a29a3af8b5f6d5027f650f7f834338bff52ed
SHA512 e55af3b1f6523716dbc2689d4342c1598f8a351f8a626634af849541eab0923210c2a015c530e30795d1195939ded5ba828b9db816a22b97ff9cdcb0b32bdec7

C:\Program Files\Windows Defender\it-IT\MpAsDesc.dll.mui

MD5 021bc8962ff5e74c29cd34b6a5b25a7a
SHA1 16eaef91acd84276e744b54e7ccf3667271eb15c
SHA256 2a2bb0cd63fae56a340eedd9dc0fd263b4810c1379c86f8150d98590ffad8af2
SHA512 84ce87d25cfdf74af907d311573b1e15a914c34818d59c6b0f0fae963de0b1daaa76f018319d4d2549d82175cf06065dbc2088697b84969a2c1ae43cfbc5483d

C:\Program Files\Windows Defender\fr-FR\MpAsDesc.dll.mui

MD5 4325e3a84f81aef70b5fb176c5588916
SHA1 88ef68217e95865d39c7e6f0c3b11e4aa8ede664
SHA256 c545dac1d426fe6aac9c6195d21d27cba72a18f62b122736e18306276b2444a2
SHA512 00855f3c4bf455dd217c457c6e1a2615705cb4e18bc1ade3b9b313f9394c1a4cd738d0b62600208a08880fe66d1db92aced5b4e86b717c17c2a19f2357be00d7

C:\Program Files\Windows Defender\fr-FR\EppManifest.dll.mui

MD5 15ff50bfa25597c904039d268d840b2a
SHA1 3b0767c7d89b22a8ff37aea0e24162906202f70b
SHA256 1c902ad9caf63dc9db8895ab38e870f4b642c3efa01bd3e619a361137a5bc4a8
SHA512 a7a98621e2439ae3163ccd861c3b409ae70a26fb79c74544d66f9878fae202b9d21ef79e399112045e98a6254464ca55e189c2cf3628323318fcaa16a6c53e17

C:\Program Files\Windows Defender\es-ES\MpAsDesc.dll.mui

MD5 44bda65c12727731983dd3a8cba97b84
SHA1 2893f5cef0ccb13917d1ae41465f02f6f2ca4b0c
SHA256 9aa9aaa37facc929b80eb0548d83b2f3dbe67c01ac8fc8f926a2e98bd9d2ebda
SHA512 888d1a1a8aa2860f8f353f28b3a28a2096b89bb8142e74b5cf710e7ddf6d78dba5b7862e5cb6425656badc7e8992d1b8044567c027ced43236a9b88bd8af2ed2

C:\Program Files\Windows Defender\es-ES\EppManifest.dll.mui

MD5 340fd1f648bd33e34dadce85edd3ddd4
SHA1 3fb0dd0103928f3a4d0f658ac2d7317485b8c19a
SHA256 b76b1c47f0e95fcf7ed3d7faa0730ea81b8a44ae57bed9d0f11125d77aa29194
SHA512 09d787c929beb93a595fc1c035124e3d2e95ed12dd41f2c470da2152588db0e85cea930ef5c20d1738ee54a361576193cbe58977b2fe99b6d7fbd164e43a343c

C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui

MD5 7ad393452f22621b17cbea76702c6e58
SHA1 ae0f2efade107a2eab9affecb25c4f1486dfdd35
SHA256 834bb1c16a4540811018088dcbe8f61bc49d32ece4bbb46c476436fc2f41d4fd
SHA512 d78d0d6db49d0a7baefe37a773aa06017b87c44722597e985b7e3db6d7b2f60f2640332994c4521bce0912b96c660a58454a50e6ad983be6934c67d6297b5ef1

C:\Program Files\Windows Defender\de-DE\EppManifest.dll.mui

MD5 ae8199c42a3195df2d6586364f3048f7
SHA1 e5f2e6e99718732473f39b32bb90c632b74cb52e
SHA256 c3f3008538b9ff6a80513371c8c97643f49cff66b3be7e9c6c5b2570fed8ad39
SHA512 3a31e1ca2d895af6f2e8ce8b91feabd1d245f7893ce99b9262a55292bee07700bc1ca30c1f5b05bc1e7b13efd78257a177144cd8c509315690a81c45a6020cf2

C:\Program Files\Internet Explorer\uk-UA\iexplore.exe.mui

MD5 dd366a22f989844ceda4db2819b39722
SHA1 3b3b9d01d31eb40ecbe851ea1848b661ca54596a
SHA256 b292e2dcb1753db01bd4b3dd214868f4be6bc180b1cd0f630db240c47011d180
SHA512 2f61a15370b0a8e5b516fce1223bb858c40198604f18acc945d824933c4047d928d77f92aea0255590397a86dfb8a3d4ba76847b860e1c471089f55bde06a007

C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui

MD5 fb08e6474f7a0b364f12d301fc68e225
SHA1 4588a14c68985bee80232a497af2ced55d095567
SHA256 0137dbb61242370e5ff95a1243c20494f62627766d50c566efb6bb704415782b
SHA512 b7fc3349600035f5121fd2831179e6505e222a09283b32d4c0b2cc35082a9387553540cb72b62ec0047ae3db5ec17d0b9984cf3924aade0a5d2a9122a765588c

C:\Program Files\Internet Explorer\it-IT\iexplore.exe.mui

MD5 e8f77f9e4f1a13497dd212f93d5e99b7
SHA1 9d61cc55e2042e8e36d341c05dcf9ba3ae734488
SHA256 30440124208ee30092a4e5c45f515d06861aa7310aa11fb08a497d90134b191b
SHA512 814360375e8f5c563266b664d2124089a39e5c7a8cce8f52d23ba51065ef022daddd15aebaa14c61a32b4577c2d5dfd625100f3b8f0114c69dcdcefef40f25fa

C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui

MD5 aba27239899e8da8607c6463dc53f721
SHA1 23d294b3851700e4f57861ed2b9191be505e3875
SHA256 535092375dbdaa363fa23c79fe615bf8c7149e64b6d4637c448b2188d2a03114
SHA512 c0f63b9cdca2a17c4cac9fd81050c61c8f781bcd736cd5da5fbeee84b84096b046fb11ab579c12823214f7666bef9b1585ddee93e71b3775f2b6da024d752998

C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui

MD5 d791ac9cbd006b75d9f534e996ce7fc8
SHA1 725dc84181ab0cb8d0009ce62383795db500f320
SHA256 f46556febe6fc7da32d47d7fe62a4f46c8c336c89fb432b88c2deb63f3042724
SHA512 9deff05fab31d7326fcbf80b0ce19144e3dcb03ec168d0d35eb6ecb4ffcff01776eb2f437560a767a23843360e31f5e8e0c96d7ef35d599ae30c8abd052b0023

C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui

MD5 9d7c183a21e16648ca87db45c9f2026e
SHA1 9fecad8118a573f36a2be6d49fde54a426810c2e
SHA256 cce8c3b07abb1fecdff113a29c33f85e535048af4f9e9edbf829f4cd313fdd80
SHA512 949473d5d89ba05c574a0f24808d00ce231d2073d8b57be3f7c87dbb991e4cba6427ff3036d3b3e7ead3d71f2839b9041b6b7fcd6bfb8f51eb94d2f02ef152c1

C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui

MD5 bf4e3cb38851e9f7b0143741b0802e3a
SHA1 64d3740c4fd986661e33fe9eaba736dede270df6
SHA256 3545f08110cedca38ccb88938270375519a3161ed661a0e308ee1c7c92953afb
SHA512 e2eabcd669818257d980afcf634e9d3b7a413f979c6c3e0fcf0cb19e0f315fb49d446c6a1c72d2cd82d570667baf0b39cd662d388440e9167932d2a9fa244bfd

C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui

MD5 5a7992ade8e1852e266c646673415faa
SHA1 a98fd85ce5abd7cec432d4294fd3dce818e5bb55
SHA256 e2b0c9e6e79c6d9ef5717cabe051ca95c7e6be3f009d73396d8aeb5777087643
SHA512 ea8ca14118e3c13b5d8358544b98b2f144a9cb8d7bc22949df71c9100a70035bd4c8d9581b2b41a8ce8acec236d0f215b172bf96e06b032d4adbbf9d44cc36a2

C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui

MD5 e5f236df9a436efd39fc54a953876d8e
SHA1 853c8c5ef8bc4409f821b318a1379f279ed95ca3
SHA256 2033dd0560539cb5370c55a7faef2d0eca5e8ef8a5a90385092f433de5ad3e7d
SHA512 a563d23b600a2bc7c3cf2035d5d22e5f09b20a6063c5ba84d97a35161f355c4c3e85c201548ea25b27d6cff530715be2dd65791c68b4acaddf0401c7d7ae35b5

C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui

MD5 cbe8671919417f5cec90416fe0418852
SHA1 e90e4cf8d2a040243997c0718fa35e09e42628d2
SHA256 7a9c27170665980387aea8957f70de4fae6a8c25ad561788c82daaf9e4ac5b30
SHA512 a4b5598eacc1fc21bbe47666d4c34d536ef0746e5f1e1f516154922e5551c383e9b5dccbee140f5f26ed83856367357093fad3efdf1f420f8399f47612497e4b

C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui

MD5 fb4d88726fff85d335964b6227d5a7f0
SHA1 8e6ddbb4531b2f07f5e4e8bd47b55f2b60bd3421
SHA256 8357985a1dba8bc3cd16496195e00d2657e9169349ac81ca1fc554aa9437003f
SHA512 984a3dd2b9d83603f0bdda99802244bb64744782d13d7ebdbc67a87b692b9d72a9835aee109092a8ca9f83893f876646fea120df4bebe14456406489b7d1b0a2

C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui

MD5 7908d05ddda7a65be9e9400d64b9b36c
SHA1 4df3af58278a3d4e0acbd27cef55276e619b9d91
SHA256 f34890c6299771c07d794fed50607a72b749f2954170e075f1ee9b95e5baa129
SHA512 35efbba7a91cdd183db5e76e646b7c20c893fb8a59c6a64a8e9b184fbc11a3370b881ad916a5879c2c7b00627fc4f7d20cf7ae11bb6515c834afbab12ffedf65

C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui

MD5 2b67cb14ab75b111a94050c267b366c1
SHA1 6563b89e4093ee2297088bbbc14f14947b03f5c3
SHA256 7198cc06e63bec15b564170c2dc84b4d679e9174638778ec8d5db78ef950b698
SHA512 10663a8fe60a6a20ae133ef9dd8f4ef5957869693e2d677023f6dbe68b94a9d13e9804470a0a9ce83af439f94df75428551a1657e56e7627d26abadd317eef1b

C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui

MD5 7bee4796857a902aba3b4c70cd728696
SHA1 df10605ea150db509b33bd90c8f16cf6740351c4
SHA256 b9b2f4f76f019a74b66bdd642e0af75beeb69eb69fb8dbcf06eca5a6cb3c2408
SHA512 1c45daa898026113ac44e5e5984ee088973134a3e0f2890d708bfb785146324629c87bda29c9750972b0a6bf95f23a41c5cc14cfbb400df5eef329f77c3647aa

C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui

MD5 39bf5afd316c89bff82e192fe2d58fea
SHA1 12be238bbb721d09d5b7f5490309c845e78b9bf7
SHA256 559bb033d638dd04cb7eb2925c216f423c86c27851c9b2db3aa451160581c1d4
SHA512 c12b18a97f6f96568b52684b3bc236456f2f62b0f6d575cb2812a19b7c74e1a6fcfb06351494effb0ea39be662da779e7f359d6ab48d40c17b3db312b75f23f0

C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui

MD5 5b85e2595c7b560e3cbffe9a4baa9bd4
SHA1 a17ef4dc6a9494789e40c7a9911736a5ca875a58
SHA256 f029f02b7a330282de9b671da59ed0b4c4ebbc928df59e11349ab79fde03c76c
SHA512 5e1a4d7994e72b87e17b554e44386a0b11a58a665f16237aea09a7c45fa645aae03b7d63c1e101d27ca43b4e4367098a62cf2184a90c4b0ffa07604baf8b458b

C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui

MD5 5839d6531754fdea8806206c6cc2b4bd
SHA1 3d2f59de061c5531e8d08969d9e1d16af07a87ac
SHA256 dad07b0ebdc8434deb756a7cc8766229683cc8f5b141878ef482c73e5faa4e5e
SHA512 362b0618f1c66d711e3bef80b3abce8337064244b7c1107210f60b4401ccddc237ea797a2a9c3c5960ce6683bf17f5741ce80a6514bc57c2d4362d5e2ce8e118

C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui

MD5 465b8c7e18d728183139c06b76dd9de3
SHA1 a1feedc30742b7edabc0d3811a8dbd8957fcfa30
SHA256 de78e68e573e6bb7e5f56d20240327d04034e626a717b44ae64b42dc72b3c71d
SHA512 e2fa7c4370e8f197a3c674ac07aeb216aeaaee81075c361316ebff5d53af0b077bcffe5277d4cdf6bfe9d51c7e579243a8cda777b33654e172b228335d043f17

C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui

MD5 12559ef33d363cfe1de477490368e141
SHA1 e20f93449310c2ecbf2b9b1d2558815b0f961130
SHA256 7731c9e1307e9447d3fb1fd2a8d8cd38a1d4f8d003c5a76be43cb70cf8b896d9
SHA512 2ea9f97dc8fb77ebf55a74e6956efb8538152f2f27c5790351625a4c7910e1c9627e80f72a87b6e26f3cc9fe1741eb6bd1c14c04670f37ef093376c4b38a5a50

C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui

MD5 07ff4105b5cba55fcbb51d40dd903558
SHA1 48987ec609d7e295d88adc58bf5ea36d3be7512c
SHA256 00af9f4e8ce48fb59fecb8fd0fed21a4a31678fff17eb3829d276b63901fd2b0
SHA512 2aba7f94599ea864b5e82505e6b07b8c01a5b5c38dd4b241769505cee4d2b5c4fca161837544e592981e8f996bbda95df6ac61f7be68491ef0b122512deac650

C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui

MD5 e3b0bdf4a01548c7b8e56c7d936ead8d
SHA1 ed28be98393068284d786be1ca58729274985ca0
SHA256 c2d8df4566d7649264f0bc4ca0383ccee9e82d55b31de13c057f0ed55490399c
SHA512 8e8cd47c8b5afa5ad4e63b9289c7133ece642934e93db3e7109016affdc3b76c9e5ab371cf59d44d3b50608ec9bf83e1c9f00ee9bb25870a26a89e55786ec3a6

C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui

MD5 65f824c7481188ce33cbc37659ec79c7
SHA1 d7338d776d5e33537164825908c93a5055e2be9a
SHA256 23b7484d5b85c496a7095b3a400f13f7834963966e2b4a917de3a841b1cad584
SHA512 68aea8d517f7cc5b69ac7f016dfd5f5f7821ddd0c7524222a01b1a11c188fdeefcfe7c5bd4bc95b12f10d4668f50cf73ae4146c3088bebb3cf0c1e8b53fc8d95

C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui

MD5 c497f73fcca0407ab0b6bc908648b12a
SHA1 21ce772c6185a098b9368acc64c2612c52168527
SHA256 1475ad1129ff98b36eb7cdbfb51f94fbf9ef972bbfab9faf6da6c974e1f7e9ce
SHA512 683c38b660b3793db273bf463b9bc260371ae85d5de5baeacfb74e45e95dca40e423bd0220aeaa380d39b4bbe4550c1af44cd67acb31aeb5c8ce8c161be50f3c

C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui

MD5 a4f35f2c71cd257d43f4f4d8427810ed
SHA1 5a7008ba04b4d2b315734da01d02f5c5a2d08ed5
SHA256 ca304003916e2a2166897ef02c8ffc5dd2362a7a998aac93e75aa02074840b40
SHA512 f5158f817a40856812f65cd4441223b7d100ef8a4af9965160363e7e99ab5da9deefe4c498eb88161d366819cadbadd889416bdfe99dc9bfa08c81e3e52e8c2e

C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui

MD5 0ce6506bf65fef0aea6d155d396ccc10
SHA1 31a1487623ebcc82c642a4494a2519263a2d2f28
SHA256 99ad8e8c3297899708f9480195396c8b167ba0af39f4529b056a789995f3d81d
SHA512 5dd59dff7c4dcdcf55e8ab9832581897e1e0d7a46fdb39fa63ed73817bf2675d7c9f2b9bc07672f4475f6826be2c5160c3321ccebd82b809b20b3d52a314de55

C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui

MD5 ec482bb600e3c51de88456e6730b1547
SHA1 5d921739c885cc27dc2220dfc12d3843ed248f6b
SHA256 257a64185b32eb6089c74b3c0698c547e6f10b1aef306eaed920c40f2e6c8344
SHA512 00ff6c3b86ee175efa4f63c6deed75edf4d4776f1079f65a08fabb06993fba3077fe5aebcfbbd1a855afcbf69064e923b5ca8ca00abae65120850f11a7ee4c6a

C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui

MD5 4baaffdf0a0232bcb8384c3be3cf89a1
SHA1 9630ce89f24c036662564318aeed85240afadcd1
SHA256 6b846bae682bad37b28ba34eee45d1e21879df25fe658fca0d3f781c5fcf8f13
SHA512 e5506405fc4e38be305a1e008c297cdaf6955f3aafebc58b0f36a0048fa07aad3b69ca1135a1e21451879aed5579c2e7ea707e147465d64114efb02e0b7b49e4

C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui

MD5 109b07de09b22c9ddfb07c6bb46620f0
SHA1 5b9b3df099a53bebd234a8f614f0091d6ce732f2
SHA256 819803fd331e612585a73ac28f44a692d109513ae375c2d0196549740cb0dbdb
SHA512 6f0291537ec23523f7e68196bfde9c9e72b6d4715edd3eebecd28a4528f1ffd5b7d6f21e0565a92b9ee02d5327434ecef2a2aa6ea672382f26df38d6a75f1cbe

C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui

MD5 97bdfe524e1e04cd84a160f4bd68c581
SHA1 e18f3e42a11b3c514fe2a3514728b51c9f4cbb1a
SHA256 a439aa47c703f57e4e1cc97158e9907cad57c0119435f60558d489cf0bacadb7
SHA512 883f97dd2d71792fb0a56fd6f2d7205eb2302aa73ae2dc01956ec29a0022d193be89171841fde8aa1bc5e467c365b01ad97afea47df9ff65f8dd3862152eabe9

C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui

MD5 2a1cfad5333b999a4f4b5a56fc748028
SHA1 426b22f5750d3e6fff7fd87bc59229e7eb33ef80
SHA256 1fa2990a63b8c5e9a418fb55cd7f98b5662ad0b594c3da7af85000bf8a0f4a2c
SHA512 9b071e1164db490769c0513f4653ff3c27cea518753ab9495b4749567b0d6eae4e5a59823d5c6c9aa04a04b9d1540590d0e11f2f8ce0d28a0b6c13fb26c820b5

C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui

MD5 0d3ef871a09cc513eefc98dfd70c4215
SHA1 20054f9e0987c8722625e35b1913a8428526973a
SHA256 2fcf8acac83e56b2b994915ad57e84c857d6ec2bdeb8f032a0a61eea4f877616
SHA512 74fc88e27adf9101d97790949ce64a6c341cf508e5535ffdb1ea4ba9f23b24eee12fc5354ddbbd228e6b8211d00bc06df7b9b345b20a1cc8b3f629d3a5bef3d5

C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui

MD5 9f207308a9c28cd2c29482e9845c6cb9
SHA1 f87833b35777948e9d328dff42b0a90958b70b76
SHA256 cb9385c43180e17b3072a4cb7a80d3b0a101716e337eda3c53de34cab7327fc2
SHA512 b7d8c595b389cc3dbd82d78fa30da2c1d783b1522c121495e24b50d9dc5d37f0f4e8e9e56553d1280716a961a86c6bc6c6397d4037cf916c72ccd7c2cbbe9899

C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui

MD5 45f1c65efff77fe4a44a89a4b47145f1
SHA1 061293760e0c60b08b5a8e122939aea25da7f18e
SHA256 0dd4d1b7284388b97751ea074192e9b9946f063a8cb107708d7a80df8e10aa20
SHA512 674c760ce5c804ea1712086b54b31fe18a2d62da868dc7ae56a5999c484bd561b2beb6f51e2d5cc46197e9fc6ea7cad520d99026a4d06fa84d48eec17418c4ed

C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui

MD5 69d3f291c14cc64dc75a4baa4bdfeb65
SHA1 1acd5eeca0fde8410009a826f577ab17ba200ae7
SHA256 13e0780c8f797e127eff558cadc00df939e5089c42a2303bfddee77a057b5241
SHA512 ddcaac5e89424d15ec5cc8526fea377df694da84ca22649c91907ee643e9fd8397d290f5338be2a75d97cd2030207ccb93754c6489daffc0d3c8dafe4a592d1d

C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui

MD5 20180022a0b9ce045e57876a99a5a569
SHA1 7f8bcbe21d2e0ca5734b4296649348107d7d252e
SHA256 b34037d39ab4305ba5c38203b2f31cc0b0491f663e643900f72d9cece8ae4cc2
SHA512 6d9010a6c0d502433ceff945d4ba5172466e1e9bf543364fc5edd56be5f140115aacd0d3b5eb0a90ea6ef0230bbef576c5e0a91d1a58dbe975ae6729e61fe598

C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui

MD5 eac83844bd7cef68f4868bba28bce82b
SHA1 d9b84d0b267b3a8d74f9b44ad17a37aec95573bf
SHA256 2b215471fe7e0cd817213761a15ba49a59800267347856ec9cb961495ba3b00f
SHA512 245eaf89be9ae6cc49d2a406c68a0bd6bc97933d6cac94309f018c6566df32343b8d1167576e6739c777385f44debfa205ec810d6d6b29f94ae2db815cf00155

C:\Program Files\Common Files\System\en-US\wab32res.dll.mui

MD5 f6b289ad6ad249d6ecfea371295be3a9
SHA1 a42641314642712adc5bd46d2262079900036d6f
SHA256 d8509d2facf838e7e4fc75796b5ed6ff68902fc87e63f675a4b2c9e9e70d5682
SHA512 f0727e1f7070b64627716b670f8ada0ad19e94fef8f049eb693ef78724574c40c6ffb6b3b632368cbfd0784ec7478c425d8af090610f385fbd9128e9e3f85a47

C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui

MD5 6d9d3766fc0f2bdfaa547ffefda96ffb
SHA1 b7070ab20b7b88d39bd7322aac4740e03b1d0d1f
SHA256 ced061ba4544d7f6ca18d07a63cbf6cc3c216f57c9626689d58e359a9ffcb75d
SHA512 f5afac42cecc70d809fd0eb570afd69d2cebdea718a7b014ff801254b38e85b848f4d2ae7e4319efbece27c59318da21de330c1805db339d9a97a860cdd667e4

C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui

MD5 272ae6a4279885d58cb7fac32dcf0508
SHA1 38745195de19d642264f5768c22625c668100675
SHA256 402890e79bb39f519d497e68b86d2e6ca2bf298e9145d7ad4f04ad95d7a07967
SHA512 0333970125eff08f95dc93bbde7dc268331932266d61fc2ab754d018e69b36e9a074ff74e3e15d66121495e27f84fb82c535b6d7f7a57b7c572ed184898ab571

C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui

MD5 742edc9f72e35ea2854cc9939e4c26b7
SHA1 26d17a5d2b909987032ad89ff53ea7260cf3ecfd
SHA256 5ede1c79903289fe11f91dd1946f1fa8d9c0d7e834388572269ecf2bd3da512f
SHA512 5829f89ee2b95e688eefe1f4db133b995ebf318ac8ddaf57c4ab06cc4d510a10a2f9da3febc2de950c3e9d826fd5420e25c8235f7626f3a6732db1b9ed14cc42

C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui

MD5 c2f701954c7debd221dba83e35478d6c
SHA1 e4b8d8ec91859c3a760a5bd19a0df816c9030278
SHA256 b079b5b3eaba3e5fa71d5bbd200a95bee254712bd69c103c270d63b0a3ef7fed
SHA512 81f9ec2f6222bc33c273304f5329543805bac04eb5c6cf37a4f6b2e5d233fb416239f5d3e093d94119a7cf783b8f931a316a6bf150511bb1a3e3fb776e30a4b2

C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui

MD5 fa80a0045870415215ffacaffe1059d2
SHA1 bc7d26c03ea01f3202ff11d8d7a84736f6494c92
SHA256 a50e493c1c88fa4ec52dd319e7703aef30ee975b4c9b1cf64e26004d37520870
SHA512 6370911c2ca3c4bfde21c991dc8426e5fb58117c0f359dfc6e858c6173ff09fc3f5aa36625fa4650e512eb64403210e311571c42f230de51e001db01c91fdc03

C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui

MD5 7980b69e42efb4937d0d166c43192d00
SHA1 132513c4f5cb968a139409210dfe0e7846cea4eb
SHA256 e37359941ee86ed803252a90ea6d48f75882de3195b5eaf862c5d051e197c683
SHA512 007d0d7150186eb065e59a3d92679a40a2ca8ba8976a546812062beadab6f377125f151a2ee928d1bd8434c5036ff7ab424258b2230a3b956993c1f76777726c

C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui

MD5 3ca6ef9fcb8a82a2b80084b9f7f397ed
SHA1 d856f38f6d72a759cc254c4869213c78a078df20
SHA256 42113c1226b498e6fc41c0c438399f8afc09e79a3d41c92415903ad0e4c4af00
SHA512 5799688e3a1587112251f84ed0a02d98b356600f84d26555eef6e0e1c34b2e3e7db296566de56714e7ebe05e8f757c6ee1ed8b26981ed0a5c10f00461f1e6af1

C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipRes.dll.mui

MD5 1b517ba229b2ec6ee62755b7e175cf9a
SHA1 654f6480ef2a10de0f587b2770e742309c7a4bae
SHA256 afcdfcbdec88321c33c1680359d7b096a2295b3077b124e3638ec8d1644535cf
SHA512 6cc462bb36c89398c54262cca54a11ba94120bcacfcf8ddb7b182b0a707b159d39ce8647e4842ae999628748c1867ddded958e7c8e34d931ab09e26b65c08ea1

C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipTsf.dll.mui

MD5 f1e60497f18036b8aa12a5db9f5fff9a
SHA1 98f849887d9967798edbefdd578e207e2c45d883
SHA256 87f85b23e5b3f6b63c38119f631bcb46efbdf9b61cc05446bf0661f788fff837
SHA512 b6c94234b94f370b0db114969e10e3521d3daf833ebfc072249c673a6a637d1de2b215eec8cd4c31b9126bd39f4ec5bc0d84d96947a132e7731e8ade39a30a1a

C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui

MD5 6cd8a661a40c5fb8f1dffd6501fc4e56
SHA1 d8c079e00988485d78ee0085c03d513f0c184053
SHA256 a076fd34c57b804a1c0c990a824cd7d354923fe0457187ff18d844316d49674a
SHA512 8d58c83d598191d36a02bd20ea8774d47d26a2c76ef95f287d3c24c2d4bc6a8de169efbb85d68864f4597e46d6ac1fb4f2ec813f68725caf67b3b28cf6cfd887

C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui

MD5 1a468db952d29e104869f4c20ec9f7f7
SHA1 1f63bba1593d1479ce90f0aeb0c3ff0cfe2fbd60
SHA256 c5f478aaaa8c973b40541852dc201446ba06f1005c6a99e1aa4541cac4752aa9
SHA512 8e8ff5ceab6e6f1ad172dfa8f030f3036627e3f107cd8db0170d52fe651f25ef4cad1b7c78ec113ec4ac8e784a395e66d0e6db4d89d04fe4b8777ae26e4dee84

C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui

MD5 5b6a911bcf183650c030a742c343e2a6
SHA1 726da46a782ae62f522ef4c3b612922177200645
SHA256 741ab9841572e272636a9c8ba1a456b7b34af0f929775e005c062edf45bc5b03
SHA512 74bfb4a87cfa8d48613d5a5e176785a8b62cb897d54b054ec4af06180ffddbd0f1060c0a3cb807b2178e973e25eaadc89463d318d843934a3f7ee458ce611364

C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui

MD5 bc68f76aa9aa95d893eaebe4e1d60271
SHA1 d028960f52249715affac207b56835bbdee7f73d
SHA256 35022374af5be35ac2882a1adff1a4af8ebb845a9dd24e59f83355cfdfb6b640
SHA512 1e4996cf686da6fc7616ff197224b59e6e72d1fbd8f586247354a968b97c5b390588ff17bfc94068b72648a5505bffe23a92a9b8043fb120f3604f76729d733e

C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui

MD5 02ec0c8c536e750a22a5e5aeee544f00
SHA1 9fc0769f37e724d929fcacb284c8367f4238a442
SHA256 60f622f7f7309e5567cb95bd4bbd78dbc6b18ff82cf00be0828fcee6399cf699
SHA512 f0410a26e2db06d644ec1c477cf9d2ec2364223701b41151e0f9561fb58218cb0ff7635022c332b60309a884d77035cd9cbb116885f7f2676d5085da154dd8c9

C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui

MD5 709a77139dfe1a898a9bc21cd5a47c7b
SHA1 39b5ceb034f4f6619ad8698a2d6ab5b16c97d43d
SHA256 111d9f40f51c66a384c9b687f759534de7726274123557a85a43d72c737b2b0a
SHA512 cd13710c3bcb2a5d4cd7fb0a33ece9b0148b069fae103846fd00aa45055337b0602afefd708b31b5f6d5f4db78733afdf005258f20d6215f16b96fcdcb9af2ec

C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui

MD5 ceeb7bab4913a4211c6a2d2adf221444
SHA1 d1ac15718146d73876c2c8a7fe7386751af1629b
SHA256 9b10ffffc88e6f093b8e4417e7a7c00a72b8db931c90ea59aee75c15a4237a63
SHA512 4f01ae723c529948f4124f2332695e4a0b7c46a3507845e4e6a914dee961026a5163a40f2f000b46912c1e5613e52053c724a8825432c1e9f04eb43f9381967e

C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui

MD5 1943f30e2c8887fe1f3e39685af8bc24
SHA1 f90ad8c846cf593e44c96e8e04888d2645cf6e32
SHA256 0268251eab55905628b65b494f911abac5b09d3079bdcdd78a344d891b4f7da1
SHA512 3e5515d5b6f49d1f621ff5cceb4d3107ae38dd2e7400cc445d24c2b3692f2084999a999dce411e2927234e87372d1d713770718992557767ada00e14a1ad6c6b

C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui

MD5 ccd1c4cb1e4a65256e1b4df610d2dcd1
SHA1 0a847361edf226c66be883fa076a9e64332fc538
SHA256 2b48b4f6e1394a49a5d9e8b17b0da9546770cbbab6e1128ecb46866c5173a9a7
SHA512 6d9b3cd80dbdd061c416e2a669f9f2b80cebc7383ac8e62a13bc9972b0fb473cef83a93b0a62060c40c1331f39652078623f77b776bfbf0256e1f5c5e2dcc86c

C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui

MD5 3debc2f3de5693d5d2b41e2331cfb35c
SHA1 15eddce5762e533024d76598e94e03d4ba29929b
SHA256 c28a2899a7bc66d9a618f2249710c03b083e50012c96ced2701def9a10508281
SHA512 45fae247ccda9173cc2d3879b51d0f48dc3e0bd918d3f8e664d6a9986be6e5aa306277598378b79ba93aff49b8953209025008e68a21e53446ce0528b2be2bc1

C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui

MD5 c519b09aba4ab16a90c63d11e2e080b0
SHA1 49f1eb9f911fad0039d3bf9434e5624a86a5d644
SHA256 5fe0d5a1f65fdc2045f8303815a42448df3db9e3218b42369a3c8331a48cd52f
SHA512 a6bd4b1636236b5419cf593731dcdefa7300cb15db037d187546a122ba404c94a55952044796138af1830503f8a2f66f85ca5d30954ec6d992d57d50d8927bd0

C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui

MD5 e6a5ed0eca5f0d56d8e20d3241383c8b
SHA1 21abe1a2b52858b3a545f4506634fddeb07deb0c
SHA256 f5a83b7d9b31f6a176a2782df03fdae5ef7009feb396bc3269b581efb86fcba4
SHA512 ed4582ac574621d1b27cf282e58bf5c8121a2789218eb759752ce4158e70a737471daaf0b2091ba19c54b5a36e7d2d55987aba2f61ec41426ba71ff20c31d57d

C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui

MD5 9cb28f026a38499432c0af1457840863
SHA1 6a87b5797592225675dcb3e319054fdae78f93d6
SHA256 92356fa35243331e85d4c3349c7d948f9661fce19c1cfe8f6c90e16f4d6d6f73
SHA512 f5188dca421fe557c569f60fd33d5be8a153f69966b8fd34dc36ff8ee767877d4ebcb0f648126fd3c12b4de7089503cb8b523407b27ed6d2325d203efc4767fd

C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui

MD5 37bac3754ade264d1364d5f30d59d687
SHA1 ee8ed8e16506cb4c2bb8acfa2235514d74678675
SHA256 c1e84c1398b6512e2882768d892d4c5eeba45239b9ecaa296058f9f25f4fd609
SHA512 3ff81fb1dc1a4ad4d37708265edc211a74f49ace64e81b95dac3f37ec92d30363c8240e7df9090a49eb23cdc4887251f855873a588c836d958737b746541400c

C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui

MD5 cef46643063b65525e5d8607ff9105b4
SHA1 ea1c8fdfad05c2502a1a9642b1d3be13c9494c65
SHA256 5f6b919fb39c3875947f02651cd455baf3cdc019f4cf36e8ab50fe054138583f
SHA512 bc7bc743353b296f6be244c0453b4ce667abeda533fa62d10de4d2ede1c77f2d900012f693c41fdcb28b1b1c0b935ff63e451c6017a757adf8ce34da60ec726d

C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui

MD5 14c6a788dfececcef27a2e350384f11c
SHA1 ba729ceda600b8f27a5f4c5615aaf29541ab31ee
SHA256 1440449a15066800049a5ef33f56413a24e324af59109a581d638040024f2968
SHA512 2767f44de49d5dbb09331a58bd751e9b6bbce9b3939515bd10c2ad123bcbaf8a8964f9582b672b3eefed7cbe426f1773c2f0836541396d3acb8c8a27787e2f31

C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui

MD5 f878a7b80c9a1ac61396c8489efeed0f
SHA1 36188332a422b23e5266f5e4dd93893f5a58d2ce
SHA256 04eceb9e16f72f75f377a97bf9c077d4acc35987950681d9a9cc3cf095f8b136
SHA512 29bca362de0cdef6e56a2ec97db1cda60994c5bc35929cc4b3a0987b1d7e007285d859c6280b234e511edb28693d90aca55c47b11adbb82ac5f3b5128c666954

C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui

MD5 5be6bb3f14199580a1354d252dbcfc95
SHA1 0cd5cfe1218819d57746b6b461767919f549d3b6
SHA256 fac166e1cb58cc2d311a12776990c227ae7365b5332016d9d9da0014ffc213a5
SHA512 a19e9a2ad329cf0d84906d5952789288c5da6047bb21226203574dcaab418156dc44b9321ab2b74ea5d26c1b596f05ccbca7f1207e1abf74dce61358f5aa7261

C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui

MD5 e7b066ac966e61396ef09df814be5f34
SHA1 5be7c505f484098b4a29ee6af74793d162f79742
SHA256 b54cd8b236135e88b5e90686889a5da762deea271b8a94ac5b94f36492c5805c
SHA512 f08e6a82368241210974721b8c6b9d686781a3e9efa70d2b87176de37f241c2a2119324ac4a7883d3a096259ed6cc8888c6629b11c8417a2e995382824f11056

C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui

MD5 a129478e6de35a4d9ccc202315e13807
SHA1 274eb3ae2a0d5f57449935b26006eb07accf7432
SHA256 291460cbbacbd0cd4b5eefd6ba472fe0590282e9d5603a0e251cd643bd0cb126
SHA512 da489476f85a8d71204e3afa5f1f550bb63456555698cd3f1495f1bcbd5db5c2129548398f3b0771b6f6facd2fcc7365916c5c3ddc45b2cbd7466fa964715a8d

C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui

MD5 55b26d08e88d6a8de5510735d8732f19
SHA1 b983c2fdc0d72c5ef213dd6f59520cae95581f07
SHA256 9b92767750ff3129cc9383e6212bb9448dde3cc9953d295049c7be61b913a7c8
SHA512 e9a0c386ccd62079dfff2ec264948b9c4c1f00f8a8ddf74cf6d14049a3ffd44dec390c94813209030da822e9c3ebf107307389c25114b8192122b2371362747c

C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui

MD5 9f621ebc365ba8c8f6cbc2baa7e02bb9
SHA1 8c7f8466a6f6bbac5d245e14f0c957179ba3aaee
SHA256 520d986432f76116035108ed81a7659875c2cb51fe53e262f70ab87ae09ef725
SHA512 dbf1c265554fae473d8863162d7c61a6577e48d033661ee1573c4644675cfa14961db0b31674998a53682a08045621f45683116b1c3d063d88ac13d5063d2345

C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui

MD5 64d332b2ad3ae2dcbace3250de0da2f2
SHA1 882f45d6533cd420f6447fab8e5433da166b4c74
SHA256 92dd9d07a90b8b84a8d1cff478f410a5151c9891deddd14469de196a8f24d7df
SHA512 4c34cf607606774add4fd6e2ea7185ae26fae43d27aed167145c5d632bdf38486ee1eed6aabfdb18fae9093a28900b857cc7288b63a8030e0e2075db7604babe

C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui

MD5 e60d86c55e2296914759eeb520552f7f
SHA1 3f7ebcb62e2d2b5a83dbe8ba6226ff29147a5f80
SHA256 3476f32e364732d32fcc0aa31ca5d0dfa347fe868199a4af2881d36470e7e952
SHA512 74d9936e32d933e2c2c5ea3603c10b048d9a33fe00cc07f895b6344c8bcbf081748e8ebcb7b1da8e21846a593437241a17dd9d710c1ebe5357bb6c0326c3b809

C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui

MD5 6c9b75e7409598d99a1cc424eee289fe
SHA1 690067bbbbbbd261fdb9da585e833084a1975092
SHA256 c51546af2fb548733898a0accc7dacb89c9bb0ac8ab4ca54d62d8eff16b93ca9
SHA512 de3cfecb5779d699d56e2a2d33af6ffa3c2f805f014234853c5169a3f67f75c15909baa380a82cae243f4467c396e53030e51ca806e7c98ece16d9ffce9afb33