Malware Analysis Report

2024-11-15 07:22

Sample ID 240311-x2me9aca4s
Target 2024-03-11_0878876cddf35120735b78b595026fd4_darkside
SHA256 2038b782c400aa80ebf5089ac0138b7c811e43d39b6642a7ca065fc59dde054c
Tags
ransomware lockbit
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2038b782c400aa80ebf5089ac0138b7c811e43d39b6642a7ca065fc59dde054c

Threat Level: Known bad

The file 2024-03-11_0878876cddf35120735b78b595026fd4_darkside was found to be: Known bad.

Malicious Activity Summary

ransomware lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload

Lockbit family

Renames multiple (7465) files with added filename extension

Renames multiple (7609) files with added filename extension

Checks computer location settings

Deletes itself

Loads dropped DLL

Executes dropped EXE

Drops desktop.ini file(s)

Suspicious use of NtSetInformationThreadHideFromDebugger

Sets desktop wallpaper using registry

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: RenamesItself

Suspicious behavior: EnumeratesProcesses

Uses Volume Shadow Copy service COM API

Suspicious use of WriteProcessMemory

Modifies registry class

Modifies Control Panel

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-11 19:21

Signatures

Lockbit family

lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-11 19:21

Reported

2024-03-11 19:23

Platform

win10v2004-20240226-en

Max time kernel

149s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe"

Signatures

Renames multiple (7465) files with added filename extension

ransomware

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation C:\ProgramData\25A4.tmp N/A

Deletes itself

Description Indicator Process Target
N/A N/A C:\ProgramData\25A4.tmp N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\ProgramData\25A4.tmp N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\$Recycle.Bin\S-1-5-21-983155329-280873152-1838004294-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-983155329-280873152-1838004294-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\irpHHEyS0.bmp" C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\irpHHEyS0.bmp" C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\pl.pak C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-80_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedSplash.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\msdaorar.dll.mui C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\REFINED\irpHHEyS0.README.txt C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul.xrm-ms C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\css\main.css C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\models\Email.ot C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNewNoteWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-phn.xrm-ms C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\List.txt.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\uk-ua\ui-strings.js.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\uk-ua\ui-strings.js C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-60_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\AppPackageMedTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-100.png.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\jscripts\winrthost.js C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\skins\skin.catalog C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ug.txt C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\en-ae\ui-strings.js C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File created C:\Program Files\Mozilla Firefox\irpHHEyS0.README.txt C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-phn.xrm-ms C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CollectSignatures.aapp C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ms-MY\View3d\irpHHEyS0.README.txt C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\[email protected] C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\irpHHEyS0.README.txt C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\themes\dark\irpHHEyS0.README.txt C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-24_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.1813.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\xaml\onenote\ShareMainPage.xaml C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\uk-ua\irpHHEyS0.README.txt C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\DVA.api.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\Hx.HxT.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\irpHHEyS0.README.txt C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\rsod\onenote.x-none.msi.16.x-none.boot.tree.dat C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\rhp_world_icon_hover.png C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\ja-jp\ui-strings.js.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\s_shared_multi_filetype.svg C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\find-text-2x.png C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\da-dk\irpHHEyS0.README.txt C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fi-fi\ui-strings.js.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\arrow-left.gif C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\ZX______.PFB.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-20_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File created C:\Program Files\Common Files\microsoft shared\Triedit\irpHHEyS0.README.txt C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File created C:\Program Files\VideoLAN\VLC\hrtfs\irpHHEyS0.README.txt C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-phn.xrm-ms.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Exchange.scale-200.png C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_sortedby_hover_18.svg C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\AppxManifest.xml C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-80_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_ES.LEX.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\xmlresolver.md C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\selector.js C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\2.0.1\Diagnostics\Simple\irpHHEyS0.README.txt C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A

Enumerates physical storage devices

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\Desktop C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\Desktop\WallpaperStyle = "10" C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.irpHHEyS0\ = "irpHHEyS0" C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\irpHHEyS0\DefaultIcon C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\irpHHEyS0\DefaultIcon\ = "C:\\ProgramData\\irpHHEyS0.ico" C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe

"C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe"

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\ProgramData\25A4.tmp

"C:\ProgramData\25A4.tmp"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\25A4.tmp >> NUL

Network

Country Destination Domain Proto
US 8.8.8.8:53 148.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 201.178.17.96.in-addr.arpa udp
US 138.91.171.81:80 tcp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 28.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 195.177.78.104.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 23.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 196.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 185.110.86.104.in-addr.arpa udp
US 8.8.8.8:53 152.78.101.95.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 51.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 209.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 185.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 58.189.79.40.in-addr.arpa udp

Files

memory/3364-0-0x0000000002770000-0x0000000002780000-memory.dmp

memory/3364-1-0x0000000002770000-0x0000000002780000-memory.dmp

memory/3364-2-0x0000000002770000-0x0000000002780000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-983155329-280873152-1838004294-1000\desktop.ini

MD5 37ba2217c8fdeddaf1e77e93fde92c97
SHA1 1a0e6d7784841cd15b1d10dbf147f350036422e7
SHA256 3b34e6e7f5bf0eb1d655bceff7c8742ab2f7cce4a20d38fb3cad64471697373d
SHA512 0c6009d8762b30e5449aa29306771767ecbcadd196e08112a4064b6528d157e0dc9c17cae7429ab8652b6a957d2f30c9116afc318dffdf86fa1b743bea078e94

F:\$RECYCLE.BIN\S-1-5-21-983155329-280873152-1838004294-1000\DDDDDDDDDDD

MD5 9acabddbeb72a7a4756b71af9f925019
SHA1 35c9d3c30a4debfddd5b0e35e2e9b0f4fd3b371c
SHA256 220465d1dd9e5a9641754fea457f4e2470905d5a574cf901ee722aa3ffe23862
SHA512 4fc91851f41ae93af56897df1efe2985239f36ebec6dff740ae23fa2269b929bdf05bcd4cc729d78fe132ef1eabc5f166fdfee726eab351d983a0b041c7b2c6b

C:\Users\irpHHEyS0.README.txt

MD5 0ca43b603c208e8f1e4b6b3fa4377256
SHA1 5e2f8de89462329ec8ee3fe090caab3cd921c672
SHA256 a9d9c9d24b449cb89129948d25b146804ab91d6b76862715f9389b1afc9d8091
SHA512 3ed177dd6ebd12e3963f5a8e1dcd1c4464b714ffa72e4adcb4205df253da6eb2e8d41b6713794995f785a2a3b59967e418bee4dfa4be7b05f775255e15a48724

memory/3364-10114-0x0000000002770000-0x0000000002780000-memory.dmp

memory/3364-10115-0x0000000002770000-0x0000000002780000-memory.dmp

C:\Program Files\Windows Photo Viewer\uk-UA\PhotoViewer.dll.mui

MD5 4698469f12bfa61d22f76af8d2e57782
SHA1 b01ebb22c2d11dcd9123d91ebc429424a6164402
SHA256 b7a40799970c8545dceb79132fb8c9178bf30f66885888a729c5f973606419de
SHA512 e02498d9ea23227c3c76fe2da49ce1e926a3c8267baedcb56e888990eb9ff760c5a9b9469d7104d07fdd4e3ea14181d8d03f0cec7a6c8a10276162b37f3999aa

C:\Program Files\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui

MD5 2e3101381c7b2839d368061e36e9d5d1
SHA1 aa6341a2dd4a0661a455877695cd4a289507242d
SHA256 d168201b11a5ca68f612bc5e427b7de631743d093cc2d2d1aae92250714d53f6
SHA512 54d40d789b876600d2471fb99a03c59b3a8d3c34d7b3185deb57adb2f6b6128998e0f81467dfbadcd78d9fa1ec10ab8518e1fedc7eccf92d3e113a17b4c5c4d6

C:\Program Files\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui

MD5 de56fb6c67541ed41b333c71d550fcdd
SHA1 f7266d027a8ad5440930e8905a8d5bb5006a9b6a
SHA256 c55608a5f4ac41161e1a6df47be9215e90ed14a314613f23c6a9747842c35320
SHA512 b4ce4fcb4e05cb616bbfdc14bc165313421967e40be6d0c1487b4a7772797986ff74c89e9159d18cdca4e63e178cdc6246aec15362d74b7ed8e0abc233e27ec4

C:\Program Files\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui

MD5 9414cba40347dc1d5383a252081428da
SHA1 aa16195258800103ad285830b252c791c7c6bbb3
SHA256 7f7c19adaf03502e6d23739a5b25262bce32e627a9cc023ca1072edff2c2cc6e
SHA512 2683da862f31b6f96d9346965887a3ac95c2f4c7963e03045de3b1e387744a0274da7da4c742bb8c2f47831d5d0b038c843de918a21aa76ddccd2c25ae3ada1c

C:\Program Files\Windows Photo Viewer\es-ES\PhotoViewer.dll.mui

MD5 0403ab0e7f1a562b2dadf9129ed79772
SHA1 bd1be5a8796161deacc0a78351395ad7de441ee5
SHA256 8cf1901094ec46fd960108d2b010da7503d771681959f48bb15cff3be699de92
SHA512 b2d2ef0c00d9e2dffd07e828dcdb1c83c3b8750a3281a21fbd0d528f15f00d17d3f4c654f6676584c96262afba38456e281f38ac34064e3a5ea9193cd07a6b2c

C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui

MD5 3df4170f36e19b64f3ef37d3fc9c1d79
SHA1 5813ad8921c38c4c7298bb2ebfd45bcb877bd82f
SHA256 5327b9625735d61aa6faa0b1ab3e1703f5d8dd4394cd37ee1ae5baf0f8f37bf4
SHA512 e9209b6be4d6de619a102a3c47074e1ab41a3798aed6e2754f1af1ac95caad91049b6353137f0333a458d7ed8753891c503795bad1d495cd1ab0d6ea93e3126f

C:\Program Files\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui

MD5 4b44304a364ea992df2352450c6df696
SHA1 d6ca019d9c04e8f5ca30343fc60695707de143ed
SHA256 69175cec2d83d9769250fcfe6a6656339b92841a67d66907b46a275a12dbc762
SHA512 345a22748e895b74c0a095ac501baf11cdf7fa9d4dd1b166e47bdadd74dcd1926f98b1992cb38414b8dea8086dd95034637edbc452e56eb3087319a5631ec96d

C:\Program Files\Windows NT\TableTextService\en-US\TableTextService.dll.mui

MD5 c7c1544f2d9f0e5fd064e0e078dc7c43
SHA1 e58f176dbb558ab88693e937569d9dbfa61cc1ae
SHA256 5e21acfeeaa6d02aa519ff42d64293ee29988bb9fcf680338c77aa56ec365a1b
SHA512 efaa8445b520b8e42c2d4103b6af0af66b7e195ff2a8af34d4b7b53c49a7010aaf88f3af39dda7ff3e25a77f8e17834581a4a12358c97924b2ef2033d6a7badf

C:\Program Files\Windows NT\Accessories\en-US\wordpad.exe.mui

MD5 352b6a1b6fc3e4ac640f68975b289c41
SHA1 ead08d646e0db28c21bd336212b97ec7866bfc6b
SHA256 d9b6669395431e3d278173e2af5e2861e0f4e4f4219496db2d8f85a05be0edd3
SHA512 3c16d23422d151cf98c59067b981d3f607022f361de051e142786c823f50a1274af4d7d09063df52d60841fd06e0e6313765233ec41f3ea82ebe08e5146f6cbe

C:\Program Files\Windows Media Player\uk-UA\mpvis.dll.mui

MD5 e6cf48e5730d785540a985819d897b55
SHA1 f07ef76e7bd97ad7c6da5399933bfeb9a22e2039
SHA256 9a727438fc97eb7c2574d53eeae19ae003223cbfa98726bafe880f19b4f889d9
SHA512 649b4881269e97456cd6d3213aead38d5434332c56a5363cceb0c78cd089d1b172a03c175df4df4a252857562bebf023f1adfbd325e67b0cd909c95d3182ed9c

C:\Program Files\Windows Media Player\uk-UA\setup_wm.exe.mui

MD5 e57369d978ee8a6c0ed8b88db46c1cd1
SHA1 5ea4b963a674b07a0dbcd48bcc7ba497f7a4362e
SHA256 52b31ac70c2d76ea779e0543af05d0eac1975eaa5f66acbd980c1b23e1f4f9a5
SHA512 8629005aec9a3c966e9f6d1e57df150ac21e2efbd526d1965d664351cb7a3eede048c329507230449007e709ef75109b36c9fc95615d1bcff930d5842bd87896

C:\Program Files\Windows Media Player\uk-UA\wmlaunch.exe.mui

MD5 190fc11000393d87fa13ac5dc416c1a6
SHA1 c2f9ead1cecd23988b466b9dd849ae6a4205531a
SHA256 0e94dd91b5b832659407a462875c0c54d725f0782c78d3831e1e9b00c18b9373
SHA512 afce284f45ae1d6406ef5a2717eaec44c641448709802ddbf7c69a59c1ebb94490a35e659319a2ea27499710cb0a750d64dcffa4d5e707ecf520d7800e66b5dc

C:\Program Files\Windows Media Player\uk-UA\wmplayer.exe.mui

MD5 6a9ad4914f30dd6c8ff22ed8badbb6ac
SHA1 dc525e9d813afc08f5045b9db278e54f571b76c3
SHA256 e8beb0f7f0f7fee63e73d257850bf94d68c410642a42ad63e1be36c1a1286b1a
SHA512 963574ae4aed239b3ca99fd374fe50bf19ac48a86a379bc42ab4e43207d6bdcd4388fe2a6878eb599e0db38f1bde72cbdeb34644cd75f009c20cf2ea96e46e5f

C:\Program Files\Windows Media Player\uk-UA\wmpnssci.dll.mui

MD5 0d2e385c92810dd67f5a7b41af874483
SHA1 122ae3d0db303c41f38b0739cb42a603fe145e1d
SHA256 49da052af702686d7daa06fb749be4d89d1fb1dd60bddfb42a563c5931d027e9
SHA512 5de6a9169d939367178dda594faba82b498d7124b7ac58ec1f69e3feacb7728dc586999b72700da5a507301ab7f77528ba99785c83c3c283f52bdce6eb991765

C:\Program Files\Windows Media Player\uk-UA\wmpnssui.dll.mui

MD5 8a97fdc98a182fe935e344493edd44fc
SHA1 5c67ff921fc7921ee1aa097dc34c574deb5f0daf
SHA256 51e40b6dd165749ac137387a9cb7cb8dd1f46b277cd8fc0aad5d875b665e121e
SHA512 a0eb2a64ff22d626265441e0e208cefec85c8fb639aa07f5e916a10edab7cef6a390b4ae08d7a66e65c851df8be44490e340d9d5d065138aafed4fe1ad0c49b0

C:\Program Files\Windows Media Player\ja-JP\mpvis.dll.mui

MD5 d52a5f3c65c7f2814ef12b5a1934d725
SHA1 7353ea32ead574742f3557b4a1b6cc70383cf44d
SHA256 719b0de150b72a17e787c5b4f94af934c088733d83814e5996197aa3b4d60239
SHA512 96344111c2070b7f032b4f590f8448dcbb1b28ce23e70a415d32057c01d46532ef09f02e25275f55423cfc92dc2826bee03507cef75e55c59de630c439638eb9

C:\Program Files\Windows Media Player\ja-JP\setup_wm.exe.mui

MD5 b71d3d83a4aa32959b43b7f9a8a1d9ee
SHA1 e42add5468d30d151ce8825e114bfc439f9da3ae
SHA256 9ad473ea5d48f23aa61848cb954fa701592a09530d5bac71d9c8e66ff468d097
SHA512 ec20a3501e671d76b61ebde0905a77e50536bc6bd5ac325c3d3816b112a6969810559e9683b47546dd4233c33da2d47c47126ce627938497093111ac030a7f30

C:\Program Files\Windows Media Player\ja-JP\wmlaunch.exe.mui

MD5 ab96469b53696063ae2a2be2b27dc999
SHA1 9847ce945bc24d6576afa3f80df80915184d5674
SHA256 65862baa69abe01560d424c3e3da9beb74c9d8b604f2c21013cb059e84068a88
SHA512 23f01a7e8d8cc441ff38b5bc21ba0822b094402b20b34219f51eb386cc7a154618b8d9d119d72d0ed092f822acc3724dd75532b46f1d74ab82df228ef6938efe

C:\Program Files\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui

MD5 9558d1ee910e29ef8a8fd53e185d8e19
SHA1 7234da305e7ee20ea8a56896486c0573f044459f
SHA256 727b16799c98fbe6e7ec96ccf08f406bcebf2e90f72728d8b8bf095e1c29f28e
SHA512 645a913d334b00f94f61d220aff18121920a2b0b7f64fcfe6a5ba2f17819ff3bbff0740eded65b0b05e4a1fc36b632a45b682c7afd750c7c7c0694862acf9648

C:\Program Files\Windows Media Player\ja-JP\wmplayer.exe.mui

MD5 94ca16299ecba3bf5d3038c60c39fbf4
SHA1 be9952e8cd3c80c6065ead34e16f8d2eb52f8dd3
SHA256 92f03520ade9750cffb4aed3f6f7d48d88942e2dc0fa04a0b1357e6640906889
SHA512 df6c9950492b2e64e6f780b5094f2c8789314f03d29eab40a76b23c0e7cbca44991552fedbc4ec0ba424c82b255f84cf265cd7d8f2eb8831d39905c3a96693f1

C:\Program Files\Windows Media Player\ja-JP\wmpnssui.dll.mui

MD5 983db5ab8e920e9d1c4512769c4fee2d
SHA1 8f7d3657d4594ca81953c4c717112f8e59059c0b
SHA256 b913bcc2851272dd08d248aa6e39c47a52c4a61f327d2dd8dcced235220e1624
SHA512 79781ee9f5ff2d8e539a44853d6aa4faf281c46db4aad02a6ba80b46a876fc8544d70136bc8f7834b39ef7c93b89a29759a61251737b55ec3d752cf58a01ec5b

C:\Program Files\Windows Media Player\ja-JP\wmpnssci.dll.mui

MD5 b7fed9e5c1c29520c2a5ca05e88399fe
SHA1 cb247c9329da07c1d88e9d2104ad9a2b0570fb76
SHA256 e40946ad32cc3ba8a6daf28ea0a37cc2f790c1e2a254b1a0bc9280ba7ed8c0df
SHA512 cb86c1373f6c8948500d366d7da539c5dfda95154442055823e66e605fcb3fb07e20dbaed8e27b9784e410c6d732e35af8cc5b20643bda3170e5625090904521

C:\Program Files\Windows Media Player\it-IT\mpvis.dll.mui

MD5 f58cb6dfcd845e3eb25f5143ff77e597
SHA1 55eec95070465de9d9bbe64b6332df42e5496570
SHA256 e43e770d109e8dd6abe9e50a2470854c40be98d815232b24d35f4123b66accd4
SHA512 590da966d3c929c3c1a0497c58b2e1ca8f092c43d9a36481329c621ccedc566f0828cce4ff88ae313b9aff4dfcc666f1bb9665504d932094973d6bdb37f8039c

C:\Program Files\Windows Media Player\it-IT\setup_wm.exe.mui

MD5 bf5bf89f08b84e47350834c1928370fc
SHA1 519b3ee387a49e66f76846686786b33020896890
SHA256 0c406dbf3b21e594a0864a0eb53ecfe52bcfc2d4106e81dc90e0d9bbcd0fa2be
SHA512 2ceed182247192d7d48c3e1678550d4172055ba1018267e83f0ac4e3c5699f01486962427f7889ec29ed927a83884adcc5aa007b855ca947dfc531f113781d1e

C:\Program Files\Windows Media Player\it-IT\wmlaunch.exe.mui

MD5 dfa6a78c60b27818d96caecb3a13b100
SHA1 0acee9d7e730a13b85935bc7a263751092ab0f2f
SHA256 8f7da616fe8ebfb10a5ab784b1a626a88100eb7292496c219882e8b84a9451ac
SHA512 88233b0f4fa8360f559661767cd32b430b8bf1b442e4062d3a2cf5cd7cad10913530704fe26f663ba3a64de8ad8f3cf416c08dc65cc9c8ab0f91802a36bc255c

C:\Program Files\Windows Media Player\it-IT\wmplayer.exe.mui

MD5 d5e71da0e3c4c038f474a3777118212e
SHA1 cc63611e60c1e5f3cce01d659425b6b35e2cc53e
SHA256 80f4ef5a084aed60e65c7c0d95d33b5268671ddbc010f3357311b876f3423d71
SHA512 90e78239239da306c895f4a1da24d4efa30b03c5f60692aaa3459ec2b6a4801071585d952db3910b49f1b6583d9d970aaf861e5a9309dd6c0943479d569e4631

C:\Program Files\Windows Media Player\it-IT\WMPMediaSharing.dll.mui

MD5 9b7336d05a60312fe31d61753d4cef76
SHA1 ff53cc024418b72cea24b5fa55fdef559e423728
SHA256 c94b1ee520d821e361e9f8d2230577241601a5a10ef186c3ddfd7fd92a4e4c7b
SHA512 a4974757115d81b0f0ef859730b04781692e8214d5ae4b13054afdf1f66b38c497ccac51a2a751b2941b2df3aa9c51721be9bf18b4f280dbfbbc109b752263a0

C:\Program Files\Windows Media Player\it-IT\wmpnssui.dll.mui

MD5 1a7654330d1d4d2238013679404bee08
SHA1 5c0ce1974a7c62182111c1a47c23107c0e0d23fd
SHA256 d372d686a3e9bee8219f88c04b01a3201ad3489cd547bdc267ef251f38c29bba
SHA512 6c379853da246d5bfe126b20f87cc04b77cbaf0ebbd5533e5f4c093a066f236dc3bbce33fe599c9f5781a0123d339b6b3e5386b8de2f4485b08144c6a7c4c781

C:\Program Files\Windows Media Player\it-IT\wmpnssci.dll.mui

MD5 fb3eb1c0b45868397c5614a2e43f05da
SHA1 43bd1d75f31da9b54621e3783804ecf288225744
SHA256 6db5a6d91ed8c5b8020c89c30bebebb3d7ce55d4f467f1f067d0ea8c53e63ca0
SHA512 e9d5892bc20a6c39128757dba314a7a729ef6be4764de17bca29faf780d6ec77f6adf4ae8e1094fae082527925cce9a04a9d7804ec29bbdec4fd0c2918207ba9

C:\Program Files\Windows Media Player\fr-FR\mpvis.dll.mui

MD5 167de371fde00943e30eb734cc73afe5
SHA1 e5308f7f0b259963bf661427bba674cfca2112c6
SHA256 a822c290490b70bcd0c2f2562a6c87a795d16f5d5bb20d104a406bc29de9d881
SHA512 6543b4751b1f23137a6e5611e535b8f26168f888be7d6a7c6fcaf37a87af39a5f30173509ab3f404cdda713c1873d6949dbbc80cf13bd438d481693b5f683359

C:\Program Files\Windows Media Player\fr-FR\setup_wm.exe.mui

MD5 cd35c33a247c5f29285c8cba6f8fbcd6
SHA1 d1470bcdf5d490a21fbaa945d8936bc6bbc15ff0
SHA256 b6e929297d9c8b867880fedacca42ed0e9ca0ccdb687bbcc536b052e253f5079
SHA512 0257c27428f7d265d56513fe90fa8e62342bd81cc66de1b472cd3bd3e78facdad3394ef79a5d3e87ede6858de7ce75b584307f354f95d01d3b095d060a3dd95c

C:\Program Files\Windows Media Player\fr-FR\wmlaunch.exe.mui

MD5 e06f72ab8315cf53c77f671e36e5dfba
SHA1 14e97c11242e762c8021696ee1a6da1353c831b1
SHA256 8ca0bda14c11724391edf6a593a8ee3da89ecf539d0fad56669cc89d55ecf914
SHA512 f588bb8523c1346331737aa5db43996ce07583981dca7bf974627576cb681ee72dfe20952b4c5490a75346f305e571a764c4707831e7ac9c7b07e9ca7b4060ee

C:\Program Files\Windows Media Player\fr-FR\wmplayer.exe.mui

MD5 ae6847f2726e512700b704b4694c8bc5
SHA1 ed3a086edb9d23108e25f3df53812c96a3a16290
SHA256 fd39c8b79e11d43b14fcb8cc4ab32e47aee8216c5c3d6ed01572bead06929dc0
SHA512 49b300d74a88599751c611dd72883fcb5741911b0e56cf3d631cdb94f22ed874e0e81deef4abe2e197a72f6e1858a9cda68dc9189630d69b106561c137b47c02

C:\Program Files\Windows Media Player\fr-FR\WMPMediaSharing.dll.mui

MD5 dcaf3afa89b84e525c815ea705ee449b
SHA1 3ccbb5fb4b46276dd6a7036d751f1b93c0440652
SHA256 7cec7c36ad86cf74f115db758ae2905c4f5c3b0c829087c8dcd7aea49347e067
SHA512 d24dd415cf18cd16efe747d2c1cd14a341761ab342728e50e2ba00433e80c59bffe205e9293d33f8037c97aff2526e228a92b310a315446b8e1fa74b9c4b0736

C:\Program Files\Windows Media Player\fr-FR\wmpnssui.dll.mui

MD5 258fecdea66b8ecc66da70635b334e25
SHA1 ff9e6fb830b8f04006fb5ce5e2de8fba6b85245f
SHA256 6a933b7dfcd729fc66c316f6417ca1fa4c5bd59501f6b7d7b45ffd7bb396d8d6
SHA512 49d2789e7a20ff0f91e42a866817f56789316b49580ea6b754c12328e4ebd8411014059fc0a015886cc7267d5a59ad920165247d4b21a14b74289b63255ef386

C:\Program Files\Windows Media Player\fr-FR\wmpnssci.dll.mui

MD5 3a0e3a3cfa958bfe61977dce3f5919ae
SHA1 30f029c81ab245249137b364d3bbd73b572b9ec8
SHA256 63672819db2f49c895ce8a4aa5fe0ad504e90e5f54b966a32bb3d95436fddea5
SHA512 d639b6d5463393a50edd507916a00baf9bfcbf8798b7eccbee842c514966b7093086a06407f9eafa621274b8562744e9653637b7b78945a969469fe1b7ba45e3

C:\Program Files\Windows Media Player\es-ES\mpvis.dll.mui

MD5 1335e6613cd5976222d3dbd3674b2c1e
SHA1 bae91a5b3ec9926585dd77cd5ff354e0597c769e
SHA256 ff087c4bda12b0c1c67ad7dcc7d18158be23734643531117b95023a8d6676865
SHA512 ed2051e28ea78a50657be948dd5a07832fd94ff0164cc134352de74307d15cfb903985e52274fdc3e16ff1eb136942bc9de77d7883794e38a8aeb5d34a9fc761

C:\Program Files\Windows Media Player\es-ES\WMPMediaSharing.dll.mui

MD5 955c1b6e7c9f317868f56c98201086ff
SHA1 bdb70755830bdb6c951b14695c95d552df07be0b
SHA256 4d90f5fa52589b4cee3decd9f6fca3e696cfdfeeb493e74cba488525b2da46a7
SHA512 f72aec50fd75f908b6081b2f9666ecfbfb2cf1f8c71ed0239ebd74cf20ba91acd77aeb3abbd4f9a4bf02e91da1ea09143521d39f29acc57cc07436b5ffb69b66

C:\Program Files\Windows Media Player\es-ES\wmplayer.exe.mui

MD5 b83604e19bfa24108d56f084396ade6f
SHA1 eb1c8e57c160a4247863291d286c4a40d3a7d430
SHA256 c627f8027e01a692829a28f353eb66f81dc69208683aa89f1a92b7d89eb478d3
SHA512 9094443d39eb978a1e229d25be32ea3433aa6f46dcd6cc23b998e1ad8d47c7eac342f0a30d01d1b8ef4d2c0f1d206b232b87436b5aa38a13569f01658bfa6d31

C:\Program Files\Windows Media Player\es-ES\wmlaunch.exe.mui

MD5 88b9b990ca7eaa582b5716c17c4ee063
SHA1 bee442d97614312e2061b34f24ba80913037859d
SHA256 98aaec79fa6d9ac3473456cd50d811a2e30dbd063ac559fe29310efb388a53b1
SHA512 acd500562f4d52ea7e80b400fa88495aa0141ef04dbd40773e84cb023496ff57308e26da0e4af670de12d402e3e9dfa8ebca7d4d4a578648bee1711e0a15897d

C:\Program Files\Windows Media Player\es-ES\setup_wm.exe.mui

MD5 4db5cdaf2c41c013a0c2d7e5e56ff13e
SHA1 380ed3c52a6284f70dcd65525e6fab7202737af3
SHA256 47790d4470421f77790d3a0cfec4f8f244fef84c758bf8ec691862296961b2be
SHA512 a2141366be7b8daf5f04e933d1ed73ef37f543e13633d080d045fd844ae2941d4f4fc52461b551e703658ec182613a19d0236bd247f110e446ab4571931b93ac

C:\Program Files\Windows Media Player\es-ES\wmpnssui.dll.mui

MD5 ce897391553e46da8edccf76663b7bcb
SHA1 cbab81bef00ce96fd7b5760b54fcb3a502d3a7ec
SHA256 f164b6c598826e343c29e1aa6e2ae1a293a1c5ab1c9f078122d89e7b5601c7cf
SHA512 292fb8fef00abc318bfa42efe351689fdd4344f3108eb9719296653b911a5f4a24dd4ecfa1333efeca90c7ba7d0d085f2a9ae5044b6631cbd6781bb2f37acc37

C:\Program Files\Windows Media Player\es-ES\wmpnssci.dll.mui

MD5 e3e3bb74ef623c650a587ac6de7a3517
SHA1 29aa35e73e92aa0dbcabbb6af610ede95af13e40
SHA256 644b29a148e721641cbc42facb877640bdee2fc719d59da1151dbe078da22842
SHA512 22219f1506e621b695dddbbcbb89f2599e1805ecd822030b93e4858668c575ced7bb601863383d69bf7c0776078df60be3795139091d41bd43511bdcfcda8976

C:\Program Files\Windows Media Player\en-US\setup_wm.exe.mui

MD5 a49546d83f288e31b839bb4dec5f4110
SHA1 cff8d6c6a3ae79330ce14487badb1a805f16ca04
SHA256 1c0304ccd36c95bad9e6141e2d6c838353cebfa61b20e08ddd22efff38362478
SHA512 d05360e57ab41d5bdb97a3d70730fb103a08db818b91e8987e550306af378741a158f2ab854832b2cb581119b30cda160bd967b65640296029374918484d008a

C:\Program Files\Windows Media Player\en-US\WMPMediaSharing.dll.mui

MD5 f4e27b26611b6a5e495e46fcdeb0753d
SHA1 1203dbf32de7e43f9a35cf9afdcc10505bb67b3a
SHA256 8d4bc7f9848b7387b850f58d5f4f547976f3c48369c3a3489b8e11287c3c137d
SHA512 6b6b17e9dc0a1d509b3f58a0685a5df7216a558af427bc8895561fcdfd383327ce24621108915414c4050452478a80ad4c67fd9366eeec1f14fce92f8083189a

C:\Program Files\Windows Media Player\en-US\wmplayer.exe.mui

MD5 0f5b6ce2449c5db5e1391da53bb611f2
SHA1 0c88a1f17faab69ff095eca4ff403e887fd74a84
SHA256 a328dd3c2796032545760d2eb089c49fd45186d3ec37ca4325fe63689f9bcf33
SHA512 c38fcbd91d2f7fb7a20f95ebc047e61cad5f41a2aa4cfa3d841d53681492d5762787e60d9a309185611320a447acb2241798ee22923c9485967be2705b6b7374

C:\Program Files\Windows Media Player\en-US\mpvis.dll.mui

MD5 c4ee3128648a69939ac51d09ae8a8515
SHA1 861cf7a6d1c5076e98d6ffe2ba5009d90e02e08d
SHA256 22f72bf5236abdc8dbdc6f871793df01b58384ba4ae9405adea3f1126f11423a
SHA512 727ab688b7b3126ca93a28f776e4049b9a73cc6a58ed5e50841fcec95fedc479f4cf1edbdcbc7f458be42019d5b2c3f759aec81956854f37ee0fa94e995623a1

C:\Program Files\Windows Media Player\en-US\wmpnssci.dll.mui

MD5 4f459be4bc87e528e390008646e2c32c
SHA1 7b3a6582cbb31299918139c7b8317cb98665a933
SHA256 17111b5ea4b6b049c35861cf7787708d692b1861f873c51eabb21cd6b2e8adfc
SHA512 9873236d45c14e510e3b74f0722a4191c646493257ed2192f275f466487d930dca9fb78be69af4a2de98b1cc5d323a1e94f548dc8a98dddbba916f2c1cce4fbd

C:\Program Files\Windows Media Player\en-US\wmpnssui.dll.mui

MD5 3796fe856f54ae5ae8f76502bc28abff
SHA1 146c786acb438a1b0bad3b7a188e8cb0c00c97c0
SHA256 1aad6a256c4c2f28b01b383305e7b970eb309e4b08178cac932744ae45bf9b13
SHA512 b2e19bcbceb9eb49fa800dc8cafe989c59e45dfff1c222c2a00c14ef6d7b0792f63afcb7bdc35460abde55f3f0d93780f454dda0d25f0300490d062007d295a2

C:\Program Files\Windows Media Player\de-DE\mpvis.dll.mui

MD5 55bbac4e0fb584d44707b7faf0e77b20
SHA1 a4c5387cf673a85985dde2373c4dda7166a1ffca
SHA256 053692609b853e3fb047429d8ccaf318a47d6a6d9ec747a912ea9d25ec2c5bec
SHA512 067673590586138084175af7c39c90cc5fed442492d07107586f665bd646bdd1be78f2a651e5ae0e86e022398ce259caac3d6b26d346af641a747b67c6093f5d

C:\Program Files\Windows Media Player\de-DE\setup_wm.exe.mui

MD5 f3226b7f0790b705531bebaf72585f03
SHA1 8e27ab73de9bfa7e54f6ebb0952ada4541ba8d35
SHA256 938b6b88dff81854da245c4234032070e468178dcb7e43e3eddfc30e26fdbd59
SHA512 f9e7a1fb717459d6169feac740208b36c24dc697216294b4f7a17a0b658c18b3ba7d0bcbcf0730dc29270194905776aa86fabe85c139f9e8b01b43d377fb121b

C:\Program Files\Windows Media Player\de-DE\wmlaunch.exe.mui

MD5 e643f42aa879cd3c5763ce5232e641ef
SHA1 14512d9639b71c0bcd7806edbcb8551623ca7d60
SHA256 fc2f443bda4d73df2a7fbc5f430174ffa80f2508c3eeecb157d355cf81c6450c
SHA512 dbbfe65ebcc7ae968ce77ca460bdda93e41b232385f673440588f9429f1ef4f6d582c26ff200d3f0bcbe4e6e67a3b52c518015d1e2f07e4ad3d587f9df95ebca

C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui

MD5 0b7df83e11bb48fb6856007fb9da9677
SHA1 df0f96e3d49aeff3adb5217b3ea7752b7a8a1f2e
SHA256 2b3bf5321f28750aa1a42f8afa9bc0ead784acabc4bc0d20dcf654c0384ff328
SHA512 228354ca35d746859857b2a7e7175fc3eaac8f0d76b9bf524305f7a82fbadd7623ee11929695b8d08175eada4f8747d24eb5046c73b3924a3dbcb8a7d1fa0c13

C:\Program Files\Windows Media Player\de-DE\WMPMediaSharing.dll.mui

MD5 0d87413b7786ea70ac70a087fbece8ce
SHA1 dcba36fb651cc7a5f461437041832d0286357cc2
SHA256 e1c9f0aed5a0d7d88cc3f230c9f3ee730d9a750e4570d492a1d8e72b68e920c9
SHA512 1c14ff32e3c17d67c6c019d5865733b1a3c540d46fc49d7d78ee50e84a1e7028e0b636ac6ba205b19af0b4be3856b83bb5863f855adbc29c7fbd5d290be630fa

C:\Program Files\Windows Media Player\de-DE\wmpnssci.dll.mui

MD5 16cec6e7a9d3441cc94f573eb692637e
SHA1 9a05d963c714b8d2524a2ac8f4ee83ef34c81a31
SHA256 c3e6cb40841a376d831c794ccd4312691d9e056c0c700e142d839eb614d66eb5
SHA512 30f4268b58a43e3145ed5f7f2536c1a93ed0bcf2ec0abfb23e5f46db1327d360c2bd299986b74d46704b2410291a62bba41696b0df708d60df87b5c709b55390

C:\Program Files\Windows Media Player\de-DE\wmpnssui.dll.mui

MD5 b150b4f999dc102f0794cbb5331287ce
SHA1 051b371a43975d39d5743391286bebd02e529247
SHA256 9d9f4b91cc494108960e4f327563ac182437a08ca7d02c9f3c2432956f5b637c
SHA512 bf1c3d57417d3055846177885e1c243dbe1d81526a028d8d3c024063436a53df936164ab8aaad446c5fadb9259e9e73e7bd40bb17392110114e263e9580a2bea

C:\Program Files\Windows Defender\uk-UA\EppManifest.dll.mui

MD5 68fd64095735753b9f3f481834cbb982
SHA1 05f5c87ecb4c81fa08c8c8a91bb01c242fa3b29c
SHA256 fcf10b25e73b506a2954204fca3bb0d4336b05c5cab1592fa69ccca8922593ca
SHA512 f7b805b8e62cad132e6301f3371ddda6caf856d51ab216b1cd4efc17ec367c058e368714c69f50d9c2d5162e3666d659f2efe832f020d239b572f4421c25bacb

C:\Program Files\Windows Defender\uk-UA\MpAsDesc.dll.mui

MD5 71c4df646ab66915c29bb3d99e73e559
SHA1 b45811d534425546010c29ddc16f5c058277cded
SHA256 339f4327e466f7af04ab4e38e23d598b47e60da1bf05b723d2fe4597044cb820
SHA512 aeb049d980792f761bd3442e789b462080dd377bc8d01aaad8077d2791a2989967030fa9bf0515f78b8880b5b090cf53a8b963eb43520f79278399c0c13a92a8

C:\Program Files\Windows Defender\ja-JP\EppManifest.dll.mui

MD5 6527371fc355c6116d00074de3458705
SHA1 dc6a374ea283e92e5eaa8b90a953dde782a09552
SHA256 6c5b017da37fa14945b1ba02e541718fb8eca3ffd60c9e9eb8b68b802e17429d
SHA512 6d52ade999e6fb486fb94437d12c7dde6092e70a34907758f362ecb527aeaf4c28cbe71e769268c830be223a60798ffecd2c5677cc2940dfe993724846e2648b

C:\Program Files\Windows Defender\ja-JP\MpAsDesc.dll.mui

MD5 8aff13180600dbabede0b932eaf61d1e
SHA1 98877ced051e549e9d679739882939945a1ba7bd
SHA256 63ff30c2e101419b65306459cf25b9e3e21a8e27dd84c2f80d78dcf5a043838d
SHA512 bd7dc4d2f271b6c7e5a095ffb591f6a71b6b0b83df95f90280a1ba09d5196a5f17b9d686bd339165b522678bd810cf87b321caf28196847ef986b6068c183091

C:\Program Files\Windows Defender\it-IT\EppManifest.dll.mui

MD5 1baaeecf5d6c4dc6f1984f3511a428d9
SHA1 1f04515b1688eb142584f3ee7046a566b539ebcd
SHA256 e1e8c3eb971c1e4f8608698e4bc87ed16830f9d84e27a7926f39fea8588fa854
SHA512 37f645f00a6c1a750ab875a43b79935fbf421c0d92d9c4191cfb38ec3fb5e0e623312b975712a9a3e75db3d4ca9a13d997b79a46af3cb9d3a6a96bf0dda5c716

C:\Program Files\Windows Defender\it-IT\MpAsDesc.dll.mui

MD5 2ed1ccb9bb7ff5738f671600db02a4f4
SHA1 06a933c5b3874d68062a0aff4235498832740984
SHA256 9018cc9b02c06e2521f54f6b9a5315739623101f06ef4c8b8c6f6a0088e6e6f3
SHA512 cd874b6dec03728088a4e11aed7771652586a9ac84e91ba9c7003f4c5b67d0d90066fddcde5e138be9d29c0a9a17ebfef1e353339ab399863e708212507d9d9b

C:\Program Files\Windows Defender\fr-FR\EppManifest.dll.mui

MD5 882fe41fac77dbb1989106c1b1539645
SHA1 2772556d13f5c79b07644f6f066135ec7677dc06
SHA256 d1c625e6b40e48ddc95809610c6f9a942983ef13995cf36049bf616908511431
SHA512 f8f97f0f473fa6f3fce0f7d4debfe8254a97c3c90fcb8761335fd3418db4841ac6e9b3a948fd5f7e4c79165f548fa324ab8bb697ef0f647a187de36bf83979f5

C:\Program Files\Windows Defender\fr-FR\MpAsDesc.dll.mui

MD5 41fe3ad0565a59782088f3df58e598f9
SHA1 e6a7f827cdd1920c1ff374d3c16ce4a1be8664e2
SHA256 b8ace3cb3dd6e3eefa44d9dc840547114676d2057b5cb49158c24a910345328f
SHA512 e006f9ff3c441bbbfad10a4b5d7d11d9750f69ba6d78891bcdfa9607f5775aeb7cf502031df8fa3dc51d900de642f98369c12f6950aad562b090b2bba137fb5e

C:\Program Files\Windows Defender\es-ES\EppManifest.dll.mui

MD5 4eb64b18f31f3e8eb135234cab34edd3
SHA1 11fbccb8cf56b07990ca2004fe74830f433a29f5
SHA256 88f5053e981c2e26930dffc4949d621df6f0ef369b3f4b3feda8691524990715
SHA512 7f17c07621d015555a58372392a765ef9049cc9ed1622b7ffc8f926b15ee72f84c521770d7a03fbd9cec1f9042081e2d5e602ebeb288b648b248f7c08c2b2831

C:\Program Files\Windows Defender\es-ES\MpAsDesc.dll.mui

MD5 9376b831829a3873443b2985ba1cfae1
SHA1 b2371e38be1d4df7a4a6ce99ef5bb158957ff284
SHA256 bb7701d28a84113308a9a9dd9ef2860b06ec242e82138d10d7e4356cb2315c6e
SHA512 8274c48ef67a2f8178251aa02c6c464f179b6e1e3c5086f2ea7244025ac19f6fc050517cdd3bc8fe8f60a152e42bae26fa407aad58dddf615bd3dd6883163e0b

C:\Program Files\Windows Defender\de-DE\EppManifest.dll.mui

MD5 529c3ff4246fbea07d7113f2c4a982bd
SHA1 7db605d7f94241a64b25de1423e34c644302f033
SHA256 c55ce7bde56b0ed718494f60f55e32152f448a8607e551a55be129ed5c235ca8
SHA512 9c716d8e24c7e66c625f22d4fcfe0b617f72993fdbd0c698a05a5b5cc963fc4a690b324c11ce2d5b2e90abe579d0c02c9a49df2d2409feaeb6fca86e8ccfe767

C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui

MD5 35d6eaf5a9877e017a5bb88e227ebca7
SHA1 00c34b5bfc0ff726651b841c263add4e4e4994eb
SHA256 e526e4bef98759208a59fa4ed7d902901c034638b5580246dc47ca1b64dbf3c4
SHA512 08ff9201e4117aa5876b0de9ac1a8274acf1cd95b80ab772381e95a1d686bf015c4e1eb2e3d17e56a2d7b8b3b0e17ef7d7ab803df4fd0e4e603985affa16e726

C:\Program Files\Internet Explorer\uk-UA\iexplore.exe.mui

MD5 774c2e3719620a5aabaa44e585de83b5
SHA1 7cb274a439191ef8658b1f73b1f63abe7a3b6fc5
SHA256 dd65cefd7e105ec053b860655844b6270696daef603ef8372036b5c2e5f78c8d
SHA512 dcbf09b9c62164a3e83646603775bfce0dfe8f850980ad8cc64a04c0b1c3b0a79f2b1b5668975e788fc4137b1133afe1d16554c6a35a791d3a4fbb627fe40f6a

C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui

MD5 e77da4f6de2297f325c55e98be304d62
SHA1 4b2a072af7075342e19c6d3e98175cb9b3328de1
SHA256 98b10680ace3cab7605cfe85f284be968fd22c76dd240375d3ec6bc1143d318d
SHA512 db5b5c8a1d0a34937101ca474bde3affa53666ea75d51f7a1067c974bfe608a04e03bbe3ec8817b922a5b0321cbb91908016da3052cb2f43ef04a3c1103fae7f

C:\Program Files\Internet Explorer\it-IT\iexplore.exe.mui

MD5 a0cfa1d5c65bcdc85ea60bd21eed5c51
SHA1 bd197a04f8ceb0788b5a1780a5ef54284a35b87b
SHA256 7b7ee32593cc67c5967c5de4123c2e83dee44fa5c52e2429b2001b5799f3b568
SHA512 f4ab1e2781fa6acb0f0d391dd038b8f3328ef93b557c6a54e31c050923cefa12d71adbeace70ac2d78d17c76ff774acafe833fa3730b694aca6d33451f071149

C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui

MD5 f96346e0b09544f46d8d36b0de0dec04
SHA1 2fe87377893b5749d6c93d919d26dff309850339
SHA256 daa870ed817651ac6aaf3d695eebdf4f04e602df8df84d489151115e3cb7e2de
SHA512 e9be3d16ae99be287c61c5f71c3139afc84f054d8354d9c777ed9bad472249c73edfe9a62472a4ecfa6e27ffda59a8ec4ef79098ad6be6835a792ac50a76ba01

C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui

MD5 6970966151e15604e79b1f722afc44c7
SHA1 50df243c5676ea98dfc4969fdf12a7d0429d0f9a
SHA256 80ae221585712201fdf1485e12ebd4cfe5361789213ee29071311e42662251f0
SHA512 0f810bdcee4985515207b265bd9cb403291995fc00bd1dfae84cb70f7eefa1097bf6f1f1b79348484f5282232730e3d5b8f51de919ae78a34217bba9e1c8cea5

C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui

MD5 eddc6cea11815be31ac7a0f004eff06a
SHA1 ee1e75139df3293f75e8f684c0228822f41c9791
SHA256 f354dcfa9842bd2f09c8432c34828127ce0050a1b5d20a0732fea9570c67e86f
SHA512 f0103348796b0b6a728d6385c15baf806bcb8d5ac2598bf49716e864da8719aa38636b5e3ebc8f9db55b4e9bab99efa8a47c6216caa80a164bbec0b46f97da33

C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui

MD5 a1b94b0a4e61dc9bbbb0cb834dcad64e
SHA1 c28dd438414d39f875bfc357a3e97b8a6d4ec26e
SHA256 e53ff43b08dc5919301513b44ae43248e84c5749b5db9019b0987fa7d3a3b74c
SHA512 857bdd2b2f36a9cae4370d1d3912ed7e0d51870fe6034e5e671671aecb76d863a9a30f13e473ffc80f5d52cde87afb51ab16ec2f0ad4f1810bf54e398140f720

C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui

MD5 cd51a5858ca1bebd6fad592780e43d1e
SHA1 d879a829dd00832014e0febe34fd305f2c92e5fe
SHA256 052a99551cca4486faaadd646d4ec4b808e35d239195234eb4aea15b8680fa56
SHA512 2fd3e88a58fcdb5364e381bafd4c289f6f2a8b3d2dc3d37a41c864fbc2e2963a4197e41c1940a2d8a76ef0902f5bee5e6d2eda92e2eb35ad65df89e8c320f71e

C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui

MD5 a3789422ca7943892ce1e3e563bd6e07
SHA1 83c40e8e45cb6ded622d10fc8df64352d5657923
SHA256 01628529de73ea6b0ef93a0f086ce93fa97da8e055ee73980910ab8811602063
SHA512 cdf6d350346d6f3356366f05d9382aa23860e17499eac8667be2e86e2490def468d446f4612ddff747262d32ca5cc6125442b2dd1039bad6f1dad4491c060e4d

C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui

MD5 f31ab47000d8ce8413efaa0339654070
SHA1 a33979c970f801a80ccee1a75f7e5de73c7a23da
SHA256 83245766b01f159f15306f8a297ff76c965f90f3ed3a2d445e51a52296b8f140
SHA512 363629883236b79ef18dadaa918c9444de5ed8088ea04258008553a0e0ed9df77e226b1047119a741feb8916903cc89e84c823ddb7fbe424729e0b77ffd527a4

C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui

MD5 89cdfe1153a2f1730598d001fe6cacb2
SHA1 3e0d70a4ba36774315ec1d4663f61e173c21aacc
SHA256 631731587c293d4119dfbd54d722120706d04924db4695a97b6c387ac20b6503
SHA512 41ec3d1285ece52c58866daa1783d6cc6bd9a403086ad8fa947a3a6aa2f811ed0256eb53da16d1b7413d9791ee6a45ec292071c2c52b2e339b0bd8abcc6ba117

C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui

MD5 c3c75fef6d2b5c592b8f805ab5906cb3
SHA1 fcc61ff628d4510b42fa2f57c4b00f8587f57ef2
SHA256 e5be13aa5d5fc1628e609d759493d8d96e4297a9205480d8541799a8b6b7500a
SHA512 282881552a1d8bcb49e7a6c69a0af28d876dfde172f1a3ebd8d59e691bbbc0dd4d2938f0bd9a736c092083bb78ff36e4b5ece9856eaf9011587e7fea4d006a44

C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui

MD5 50ac5738c68bae5f4e0c0e1a25665d35
SHA1 7873ed4c233b5b57ebc067c03fb5fc1ddb07e100
SHA256 e6407be7ca6b99d92ae799a17b504b12a73fd9d03360236192af867582c94ce2
SHA512 7441494db1a390d1e58406e44641fd38b0ce47c31719aebea91b696e7f409f01cc0c6f3d8507f11b47db5da7b140456a02505d77d0ca3afdcefe491a44a238e6

C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui

MD5 78bb6ee1a93f1796bec426b2ad073410
SHA1 4208ffa5207cee11537b0849fd8b0cbe0da00685
SHA256 d41b12f485e75d1c4c3fcec64f2d76c6428eff28a05dd195e148941c20da7497
SHA512 a6f9640ea229cc92c332d10ec9499775a41585f5d6ae7fc2093cb484afbc2771aceb805d3e5a52b413ca18b75d642907396ff13c4c54a6c43532604268162eb3

C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui

MD5 6838a1d9cec22035a8947cc0ceb71537
SHA1 f6b34dcd1b9f154835d357bf2826236149675adb
SHA256 4c75879ae4c8e84b85b4bf439ba6cc89e833fea005a102082db5cf735b32cb10
SHA512 974b51ac3217f7fd5d4299fdf372eb3efec557436a4175181638a3e8d57402c990ea57c7106c70e33fbe88d676aafef69c87e0b371e9ea9ec4e326ce8b93732b

C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui

MD5 ab5cbb7a5a6b7d1a6e5d0515277ba903
SHA1 be1ef915474f4bbdf1661553adee89fc00a0f021
SHA256 a1e7a1cab68cb31d53ad3386651c093011b3963aad018017c1a95c80ee6f5e72
SHA512 377b14849287a8e41b0754f2363783225c196c197ccd6ef7cccbb36e728723da659199d8807215f9b21a22aaab5f9c8098ddc9babc3f45de595ae2e9ccb164ec

C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui

MD5 d4544abd300f6bac3fd66cea21052ac1
SHA1 dd9acfca626ac72d26588085d6a171c0393a22fe
SHA256 1386cb7c8b97a765ea56ceacc0f9fe10e710f93abfc77f61cca5d107d2c55933
SHA512 0ee56403519d87bffc13efa0e9cfd4c40c0d462533d811636ddec60a89a2e9e622a833da4c98f200e6f60b8a0a6a0399e980ac504cae269d40ee7213908f93ba

C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui

MD5 861a1a9273d3a0f7740381efba16ffdd
SHA1 516fc80a6da79cae29f9cc07d13e2499932f0dcf
SHA256 8c7c8346ec91859ad17bb563bc75b0c3b4f8a4b41324e0fae584d946e365aab2
SHA512 d6a1031d685594d4c282d7078d870f53fa068901d21b05fe45c3935ed6b086ee0d3d8938170db3528dcef4d5057ca0c0ef87c50d589ec3286f0b8ddb1890b24e

C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui

MD5 a8932245cb933e03f82abbefe2c710b5
SHA1 9d07e9c7a55a09c3368d8a9a39087fb572d11645
SHA256 4c6e7ea059bd050c559db7be5e31c89226923f53f22f20c351d2faa353186ed3
SHA512 ff4201177b60b7830b281805794561c7aa490771a107ec98997f83dee7a1c3ad6b71c60f76870eede9592ecaf4608a45815f370222df00f374c22f568dbcf095

C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui

MD5 855c6d4fbd91568102d810fa3c3de912
SHA1 29dd41f363cafaa001541befa343bdc68a19b83a
SHA256 b099bf04808c6e9b4756302afe3760fda81f4afe20cca07d3fe50b6ed5171c83
SHA512 f04b313d6293f5493af3abbf68b4d5ac90c5f1a75d8cb6348f5bec3df11dcecc9ee0ad879e99b7d77d4649e72a541c7f8f3cba26535735d8d59a20febac2a70b

C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui

MD5 5a26a2c483f6fbd4f14fffffbf308719
SHA1 c239a005a6f93d6170b7c0d9e6057b42ea354e13
SHA256 2a1c7df396a126f4375c805c3ec9ecd4def072f57e1ab675d7a38b84d5bf0c9c
SHA512 a659bbdd6a81fe138fda0cbfddb8f95b8eb6702b765dea3edbfe4f6826bfe878610535062bd38f3c36c7f09ba5b380eef31762058d561c9ff8ffc64ca4c96352

C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui

MD5 b2f051bcae4b4c167751e2f929454be3
SHA1 f2096805f0b8025ff5dd5024111dcb96ca3348f1
SHA256 d0c272c513a0a0800e411210d68a9ac8323e50b557107a8aa985262efd4619a4
SHA512 d72dc9dd5df754dcd4c3868fecc6f128da427568805d7c0d2886094665d34e5becccc9e10ff2793fa18bf94521f4df2ee6870cf0c013dc2a26cbcd5ac31a811b

C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui

MD5 353daf4e0c10928746f5b97354ebce80
SHA1 cc56d1235f5f389a079831c0e37ad023e65f8c6c
SHA256 b36bcd95bec03a43bc70138871716c225363115b59badd2a52a396284569e4f7
SHA512 a4cecda4f8550b691288fd02756bb8fe94a6ab8244d91d6c15fa0aba99324968bc007a9921fa3afb3cbc115ff6ca23b2d8b46a94e41e4c5cb3b362adc4b5f95b

C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui

MD5 00e5bebaed8831ea884d23ce2f6146e2
SHA1 e8f70f90ed8d384d6ace6a18cc198116641092cd
SHA256 78b2790c6a780e9d3b5aa95e733fbb873ee404f3d97e65a52b7cb2a9d7e4fa8f
SHA512 60d8dacf91504f0a675cff57692f30f7a527f9a70096f21a8678cbbf182f19741e3eeb2ceca61ecf0a79c8cebf00fda387e84273b17caee86127a26b44ab5b97

C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui

MD5 4566f7580c59003404ecebf17a8ad77a
SHA1 a266508e629b1a29852dfc9d099aab7e7b2d1462
SHA256 8cdba297adc58b53abcb7bdc722044b4e45b3912722292935c39af28763cc1aa
SHA512 c8b26103ca43f565c31bf6fd731c6165b702c1c658a1cfdd73786b0a07298fba1d693b3edcc2c94c29c4d6a8fba6ebaa7ee57b0e70d1575660e04e162c9e8ade

C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui

MD5 12bff118a9c696b45065eed842d4b53d
SHA1 4c84e8adda2a80117ae9334a7d48bcb15fd9a00c
SHA256 38364a09fe869f6c4c158cffac49d2845014017d72043cae2bc0062bc5f60ee6
SHA512 6fada3fcbcd4ce334ed43cf6ca17747104b24a628d66b8c5852e766e521e0cbcd0d733f1ebef2a8a1fe1140ef939cabd2713a4ed4d4c9c41b46392755c237931

C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui

MD5 a1d75a497b07296f7804abb0529d9330
SHA1 3acab075aad060b82a512005582b2a5ded91a238
SHA256 86182fd07b2303992f4434871a43efc11d71d446780a0c43641dc3f661f95eac
SHA512 226bf28d988f90abef22b9b08dbea6b3bc52055d070868dabbd0f46b9e7a1de77aae0c64ea0d0a1c9f4fc72e2c9e8531e3ad82ba002095b64c30ec51c2d55a7a

C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui

MD5 551bd4b3faf5d4b3b4fe00343d2d7a78
SHA1 93c25c437e1b501d10e06eb04a0bb3ec278f2e81
SHA256 d2be40ea135c7710bddfeb45ddf267392929575c061efe4c4cc3a516c6ca3ab9
SHA512 57226e5a14e30e1f907679c00d8962dcce8870675b47bd41e6d01b892e8006bb218d37376da69cd76f4285cc8514c84f653ecbc15fcdf67530e47bb4cf7ebe66

C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui

MD5 e57579bd948feccf29daf53d0104c1c4
SHA1 7c0fa04d2134e7fbfa5ff3ee3e2e44eb959ebc7a
SHA256 bdcb4afba3e471e225306809d493c5acb8141de0e5906ad582ff33f3b738795b
SHA512 3e79d71dfb567857d4fb03e2086dcaab83d5ab700fb8f8a4410c3042a7df96a9db6d4acf9f5dd3b0467d373347ac9e00b3cb9b83ab530d94dfb0ac7dd5233e9a

C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui

MD5 2242b4ae4f66ea7aae1f5c729ba8d4fe
SHA1 68559e46d5c75a3fc2be33fb733c1d5efaae40a2
SHA256 b66f4c1f85eb69288a5ab267165d9eb8f461919f7d4a23a99bafa1fc7c942810
SHA512 d00b8d4174541ecba75ba7591c2df78d30bf25c9cc58ce8627e81a19419a3fc9feec4472ae23df7fcf258a8d28b9e540342516334d55b69ac08c13ef1d5cb6aa

C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui

MD5 bb5421ce050e1517bca8a7b6787b5748
SHA1 7539bf19f2462a4416756860b0a87abead28369c
SHA256 c9df3386c65a51915f8abef691da52b2ce98e7a1bc9647a4cc15587d202863a5
SHA512 f128fc440a32b14ac4f460b01384d1a5f32bf44b6dae7aac111fb69dd1b0865c5f2f9888e97e691bb09c0be3c6bc7851ca638430711fe702b74941fc975fa14d

C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui

MD5 da6004f93a902c49051262964e0da4b8
SHA1 f1b63bdf4bbbf3f3984bb62324b372af9f516cb0
SHA256 a658859e8f718693c79bfcfb645b85479c3dc69022aa8ff4e56bca88e71b9e78
SHA512 a40328ba2257474b72b00399059f0aa2d21b4ccdd9f199c61d5a70d70b95bd9448e5a14878dc105c2d0fd947b7ffdd0140c619cea5b9ed519c7d17fa25d23fa1

C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui

MD5 f0e2ae31bd0211f7e6733506ad211605
SHA1 c6dc28272212ebbbc17d40382336ca631ac42f3a
SHA256 d77fd72f921fb749cfbd061999162ce3082034f063097027d4cf0792ccc8bbb6
SHA512 135d89cebae3849d7deb64f4a6f9ff29ff739ba94f6d1d9288c1a0f26444f8c32bfb30fbbfb810537bbb01f8ebb3209c8502de927fd320d751be16a884c21626

C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui

MD5 d86cc53d50e9b3af60f58a4cee8f63fb
SHA1 739b90704772dfe52929a6db3542c358846f7fa1
SHA256 8238d6afe73c13e77c15c36b230a5112f32b068bd67e7e091e269d8dffebc95c
SHA512 8daf17b8fe2f3d8fc279968e5408ec2ef9c9ed11f33a6ce8be6fbcf266716940f7d7e3f69fb9d99a0952f93d3738f4d5cce3815106964c5dbbfe14ccfea5a652

C:\Program Files\Common Files\System\en-US\wab32res.dll.mui

MD5 f0e0e5c86ab2623dd69fa99387aff132
SHA1 a3d6b42ec3cf512f0d590aa22596ce0fb18cd96a
SHA256 9947c709868c32c13269f07237e1eeb78d66917665a1acc77d78d136732ea111
SHA512 a33c373ff9c6e513ed638dc16f8cd7f5811aefab092acabd85241a4f4f31cbc4998360ba3a1eeb7bdcf7597e8b6bbdbcee8d823ddc8128a3a430f1db8de040c2

C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui

MD5 d184fe086f55e8ae33a8d2c09b00b567
SHA1 bd4db5ed1ff6f8f7cf9ce201de402a282e870f5d
SHA256 5a3fc1a04461036e7f47056a0d047f5116e68cd9823e3fcbe3f3cd78be293a5f
SHA512 f57a1bd98ba648e938e444cd3368dfecf1af53da730cdd65b6977f18f7ac7a86230665e467d64fd337920c07736c7e516a3dc7e1c57a14664f438345e57479ef

C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui

MD5 b653b898426cdd00d61a1ebc5c793a39
SHA1 1a1ef844125ca8128506b159e2e73747a7f94be5
SHA256 df57ad02963aa9f471bdc55f81579806a6316b453f799b9ed74fbc3d9c61e1f1
SHA512 93515e4317d068e332cbdfb2cc89a8649b281398b45beb36c09392e86369e34615c4127fa136a7941040d1b4fd568dcb37c715b7d5c3b4f9f698903474e854be

C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui

MD5 178bb300b76df8d9a1d0ebb1b9f90cd0
SHA1 bd0d602bd3ee0eaaaee2357d2c42615833c333e8
SHA256 031a74a6851c9df1e6075068da29a9943acce49418d2fec144d6d4cc839e4289
SHA512 0311b0f418a354223e0f3057235282d6dcd487390c77f68c6ab3e77fc92dee39f3ed24741a8a30bd8ba21db5b5f7ef75acff318dccedad6beb8735ba844e578a

C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui

MD5 d665b40dbe8b645a1cc8044628128333
SHA1 d99ff8fdf4e16847563cf25a725b2ec5e76c4d34
SHA256 4c04448413c231ffb2172a64e072f00d636e31cdab951b73dfd92274ad912c61
SHA512 6a1a054236e3c53171b2ecef7277ee3012e3ed3189ecb7f7e8f3c72cd4457fac2eea26aa874cdf06b879d502728748a06c5ed8e8674ae142b8c4af330bfaa099

C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui

MD5 71c5e4a895ece3b4204fa55e71928fdf
SHA1 044d01d578ba8271c1a28f4bc35a34f766272db2
SHA256 2d01e1da0aae0986e5a9025aa7bf1f12b0a141edd29d77bffcd74917a1f0a10d
SHA512 8a4f766b25671570b1e116684d33d7b4cf921171e3f99e5dd6a10d57307d2d96b8a75971a06cdc8ef81fe8bd96c209bf8206e55ded5e26456997ba208a697cb9

C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui

MD5 43d398c0f53a1810f46a54f3c4ee7a1f
SHA1 d727ba5999b7f5adbb1973c924f1a8564b6b189e
SHA256 b141d8daacf9ceb2e5cee77bea4e34aeec093c2f05d06ee958c149c485bb1cd5
SHA512 8e76fa9ede7aad1d6375fa4364190d0e7b5f947c68ae9330f5e731f368bf6f5db61a016cd0418605047a44b18b3bc94a100eab2cad9167d6b78b3a71e5bdfd48

C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui

MD5 78b5b416df421a91e4fb5eebf7cdeaee
SHA1 cd03ad20f675f3db6dde7fc8e668f7513ab5012c
SHA256 c035a120a85b3f17101c0b5ed86ebf4fbc0de9b3ee265873c987e71013862cd9
SHA512 c0722e12e785320e2d7072c20d6875aab8dbc8fc226d05dd6c59ee7f0a8aa80c6f5d30df568d3956b3f6de98fcefa3faff58b2b560dfb7d21a8e643fdb680c11

C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui

MD5 da647b0afd6fe2a216b377ed05724cf4
SHA1 6fdfe86da9187f25daee553504c583d9073ce4f2
SHA256 5188f8900ea43195bc0e22a5ab99eed64f4fd8eed88241184ca9702d60c22ca5
SHA512 199ca244037cbb4a294e8b1efeb7b38c2ab7897217644bfc0685f205264b33edaab44bbb84c432d782e21d73b2069ffa59b2d72a3b1dd2ced02bb2aa70acf70e

C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui

MD5 a7cd900c676e8c8d9ecb59b910221af4
SHA1 41a7f7ae6039cface0c089e38c89412e89847245
SHA256 fe62cfe061da2fb845cc307baa0ae0b70a754b2dee5a2dcf5eb6fd76943bcc83
SHA512 7e397ffd9492a54d3cb218e01bf847664b9061e34167aaf3e083117db0d176ab0a42f6a4607f024ad8f49534e1882e32edd12e1b7d6c1aa8ae0f80dea8b3d302

C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipRes.dll.mui

MD5 89aca8c2be82358b99d55a8c0eb032db
SHA1 40af735974e143f645ff55cebb1ae3ebff75ee2a
SHA256 e2af78c3568996913a44aab291b6702c2a7fc3b4bfb1d694e2946f323da0ff1b
SHA512 461599fa5434bbaf591edc7593dbe0ce89d28c88a34a0e37950ee5f7984daecec5358f2e236d3ef0b6b45666b3235732e0cef287bc3780e8b56b380e9b82a483

C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipTsf.dll.mui

MD5 00fb9d9a75cd8c7e9507ba315a75be11
SHA1 3c6f94ecdb28a2b729e38e15589b8a9dfb65ba19
SHA256 fc97a3530df995fc8f02b6430e0db27310421ac882273abffa96fbf68aceb6cd
SHA512 7763aa88e580eb3d0f0f1105fd06545b493cf47f1e31a646074ae01f20381b7fd1a2975e6a2d06a1d93f52a4b0e7e28f1e63ad85220df081bd6d03ca495d7288

C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui

MD5 2599d299a5752730b6aab4bb39047823
SHA1 e19112e5b128a202709d64b05f301e360c3452bb
SHA256 3869b543fd68b97483a80b6f6cf50a5917f7a0fa9c6b3408dc8f88510ef9e7d6
SHA512 78d81e40493ee9149739d435294c3c9bbd43bc057c222ac3508a69f5266c787d5c899d4df352ad57576d9c7e9e31d261aa48c2788e67ad40ec0c676b58dd74f7

C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui

MD5 1621bdf7d26b8c5714d1e88e64f88de4
SHA1 def49d5c7851dfdf4723224c08b5fdef5bdec648
SHA256 6013a48e0396820badd8104a80999095d32aefd3785131113333494a9da907b1
SHA512 f001e412d4e4af960e726ab647cc629a11c42e9a556383bb0056f58021fec6b694b4c0f09dd7883db9b2b4024ae19c35a1935526a17547c91a41cf35b61dc030

C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui

MD5 e0d34d9e8ae0b1ca7ce79fd491357146
SHA1 ebfb191988f465270de382f664268d8ac48a9a4e
SHA256 86a763f242244dca43628f3a0d7f492e2ca0c57af73128238fbaf182a867d391
SHA512 4131e1beecd70b1c20b277ccc986c33985b901997295eed3fc281c9b0b76f74776b4c1dd0e57723825a8e892324bcf120c2023d8a75ae562d81619189f408a2e

C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui

MD5 ba9be5a47386b621555ceffb35412bab
SHA1 340fb86aa2a894f2fa727ad9fd56d9ce73ab6bdc
SHA256 075a271c63a2aa180d0491bdd0b3b1e0b14166e48cb932dc3fc87ebbac8e6784
SHA512 6d723b965c07cb81db3df4cdf2e3d27193278ba18d45ffd5bc8bb2e20c149d3c600e84964350bf4b79f11d6d117bf0fcaad2423a1c2bb56030b0f2c6ad094589

C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui

MD5 dff827b5ddcdc471aa1ca6ed212b2aaf
SHA1 de3eb146608185908bb1df527cdc987325a2857c
SHA256 d512870ad3debb106add3f8868cf24859e18d3b0f4e8ae21fad16dee53bfe247
SHA512 32bac9fac1731cd5654048a5bb872a21a345dd0b7ec7c4058dc6f0271184775173aa23057c830fd42a992a7c97829e9ae9f3571204ca54b98352f8de28a6fa6e

C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui

MD5 295863660ea159adb09cddd86c8bd0e6
SHA1 64721d8fc101a2040ba10755dd2e86090edd0a4a
SHA256 f4677c9d7a779ca976c2a7f701e072ea762ffc17c100e32765e3331fe4a9ac5e
SHA512 e181fc8ce93b196b5c2f6d0fcff993098139cb7abd8d6b86bd54991c944cd43f34f17632bb1638ca3e591a3e7ab5b0335389d0050442b90c3c704f532669317f

C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui

MD5 ae51daf70597660a3c513e8d82c814fe
SHA1 344df9eabaefb8c94ab9b54f03062f19930e47b7
SHA256 d3e46e8852458def02a493c7a5c8690f66a1709b1947ed879901a879f3ab0364
SHA512 07c5aadfacc4850253504846857216a5b27c9590156970ee5346318e6046476750d8e1fd3c7094d1ccd9ce0cc00f6795ce6235b05287ec8ec560f6f59a7d5fac

C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui

MD5 91072584de1ac9f2e7b6b7e7898b6a29
SHA1 2b3a4871c81293182d07bc3ce1ec8bf1c4092737
SHA256 0f8e19418e5d28eb95f53430adff29d1471590c8a98088969320ea69694c285b
SHA512 7533d12cffcfd56c3141720f365c80a11d3426430158017a0823cb4c84c7f52479004f1c8a5c33e50286bb6dad6d41fa78e729221bc15777f0b9057a2f44ad54

C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui

MD5 3c7a1ad94173cecaa66224b97b680531
SHA1 8293206ada368f388c3990af61a829f381f56ec4
SHA256 715498aedc669e8a67c6717a64b1138ec3e9bc6d70d3e54659c0c8f3967acaea
SHA512 6a19d886dee27233b0da7b4069215dc8f177f4ba7b0cd8a0502b87afbbb1ab57e79ad9f4b53be631661731223e658ab6549962cedfb3a917d60b49aa733ca012

C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui

MD5 e4e5b0c2183125ab48646cb0f7cd32f5
SHA1 778ffd980cfe5272bbccf35e168fa2c5ec42d35c
SHA256 012ed5146ad7227f4d0532446cd8c58c0fd6be9e7207188516751172d81b4670
SHA512 62449b391a2fda995d28ce0098711a0acbd5d71b55acdfeccd92c1ae78c9a1a725e63a891856ec072e6dd83209527e17de8ceb3699abce94163a1843f991be1d

C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui

MD5 1e23f457be3dd35ffb2ad1e2d3e2dec1
SHA1 59735720150681bedc86c63bd0f1ad17b073d1a8
SHA256 634d57c4a47e14763403e4b5b10331ed8d3539f06d2412b6798ac5c4e2d0fbbd
SHA512 b2596aee4ad5330759e44c0dc0b28d12952a17e9324a045dc4deae84b950e990f65e8524994a2a286888b709de78eeec23d6295275ff0ae0ae0a6792552c5f6b

C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui

MD5 465772211ad1943056f0ed04661fde23
SHA1 5d12d4285b1ffdfd4730e85cc7e73ab5d98de589
SHA256 326e4d1faee68a57df71b4bddb7b4db4a93a75bbecd359a1a5d1b173e17cdc7b
SHA512 0a982d2314b9eec544c7cac55b804467e5169fe5d75048b059d4479abd882182a149722624d69bb27b5ed397a376049e57016652ebc89065e8878bc4647e3bcf

C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui

MD5 b6a2201c952fdac0be28f0b9045b17e8
SHA1 9b3c1b48040914fdb02f086f771ec839cf50623e
SHA256 2d05ce08cc888301f3c6e8f4cf0b237b6c9687438e93ee6b2970bf7b7a70090c
SHA512 3eebc8974cd5ae16deb1652f498c6c0ccc0ed72c51e1e9404717342bdd5e76966f8ed65d2809fd37ebb3e117cbdc64aad061aff6b5131f2c766755ef31f57431

C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui

MD5 32bea91cc83425aa80a8dcfa94c34a50
SHA1 cc5219c5814b5a54669d2a06264e10d5f1454954
SHA256 6a8ebc1d5ea31125f6624f07020b0161a434c189c359b73d2c94297709f79e2e
SHA512 d7b67c6efe7632edbc2f5e16c9bf34dadaa96e777f9e7c0e0269c63143ebd173ea4087c18bb55eac6ae9f0f492a8e3587217b7b3c1671607e44ab682d7f6da20

C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui

MD5 05ba5bd62df644848b4c8e71c7d13183
SHA1 de0e420002ae92cfda3753010904165aa3d6617c
SHA256 41ccb2fe7931a9c557c8483bedfcea7f7245c4b93678725b278dbac8bd80996f
SHA512 2f995136aa354d9e1fbd15012b28f1517ffbd367c7bb20957f91f047d1401cf10af5a1b7fc43c4da74aff5f742dcf0ce603ad3e2efe04a86e995cf4b031def09

C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui

MD5 a423b56d784060ae3f0e25eefdb7a9d7
SHA1 190a4216e46219fbcf764f7f947788808d3ca00f
SHA256 4c895abb35c1ae379da5a833f3370e1842ac12cc24e8dee3766e4886ff3c3885
SHA512 b50d154728024c9db656ea98be0b8827751b97d163e5dc1caa7fc812d3c285cf2bf322b220ec85a3ea3be1f2046c2cd25c94fba7032fa1e79d49bae9f9912716

C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui

MD5 9f6535d4d9abe8e209b3337fc5e57533
SHA1 cfa6370faf913ccc05a2e3de42c8649b59b5add7
SHA256 0eaa8a6c2dd3507136160930fd056f4201a7017f7b5e4ab1c28f4dbbb24a2131
SHA512 6e032d36fc8b7969598f164cc04b5e7f754dff2e5ff27305b3f0f88c9be55a3750be34e9fea5148fad34043dcf58189711b10799630b315ed007025a239d23a7

C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui

MD5 311f43b7769b02c04e357f155a7cd3c6
SHA1 916b640b329004fbef17eb255242e2ec127ddaca
SHA256 26ef1933a1e96a4167304989d2b7a856d6de838f2426f3a9cba62a1aa52892e8
SHA512 76cafd8efe457fafcd482066013886567907ed268f3dca00a852ceac886f3dd454510b48c26a38acc18a94546061c748fcded73747a8842aa805d3d352281f8f

C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui

MD5 5945bfc6d5161098a0a1951371ddafe5
SHA1 b4cea7f4b7302f3efee8e1312e03685dd1722868
SHA256 19e3bcf54983067029aa1b0b21d618cf390cc8841437b6c4e1ac6d81f94b440e
SHA512 1a0e123f6a0b898e1f0ef397498a7a8a3a2f2055b8a88e0c5527d1e7f2334ccfdbd3bd92ec0e4eb9be342fba5022ff928bdb88d68883ee621ad785103e2b1fa6

C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui

MD5 e6a76d3ee70bf1c2fbcf362b2f53b141
SHA1 6e9c6a1cd93ae6744f080e3161b12b1e57fa7d58
SHA256 7d2dde74ef60eb3179a7151a572d2ffbdb5a8dbe596c47b539056299cd6c6914
SHA512 0edccddda8a449a0b82b62bb3d4c2e104a11f5065fa00112b4bdea95737fb9ffa97e46c5e9bc911d79dc5257d3598dd48f1e92062c3d35bf812b8484b3291428

C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui

MD5 9d567f65d563b0ab3329f04192202cad
SHA1 8497f0883ded609fdea4ffb70d80126d359df6f7
SHA256 a1fbc2df22eec00d333ac05b2bc82c598ac80286a1493fc45d0f626cfc579bf8
SHA512 155efb568a87392c22bba5be4fa6802bb178641c6bd5605903e13ec7513ff50ad902b4d715411c281102348c83a402e08a62bdcf1dad4dcf32f2853e123645bd

C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui

MD5 3b11f05a4d520adc7a6913159b68a712
SHA1 733d42ec481eddb80589fa7a7202e0daa6a53356
SHA256 b1e2fce4a25782c089e3d451b6f8ba82ac8a65d4372008936b315b590809b4d6
SHA512 5ee93edef14757fcd9917619205e3cd424dc5a527a16c6d9c3afaf316a16428d8696f0da8dc9a0358d27af045a6bf6919aeafd58ae47921ca2825f55df91d683

C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui

MD5 276bfeb50ebd6a69fb792b6830294cee
SHA1 99e24a65d381fe8457f6ac6e14b3cfa33e91f379
SHA256 d51c0ec87b88ead139498a973c4820804b1c33a7c95feb123c15c9bbe65f479b
SHA512 d9a7735b5e7981c208b8deb432c850a6e9f1c2485dd1e0b5f16df4095b48991f882ed9301121f2c4b863636ba5abcbb2b7227627dc6cb6cb79b63761fc72d737

C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui

MD5 713eb353b0309f2420e63f723e6345d3
SHA1 45b37586d0dc44f06ac8de361a559fe2e29f1aa3
SHA256 e67af555ff0426aa8753bacadec315850b4e718a3a4cdc3e551b55c06bebf54e
SHA512 de7826559ba3f02a67bca35b25c698a2a2027c0f0f0b3116c18a2c2e2814a69b02aeee544dc45ac3f51cc45907e6bae898a4aa2b0cf9b7434c48a8096c77a61c

C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui

MD5 7da7c74dd8b000ea54883117b553222f
SHA1 fdba961d5ffbb57337aff0b8c2e151c8647faaf0
SHA256 0248614d1cfc699c6008d592524d49b6819a70876f18a5c9577e27858e4f9d97
SHA512 398fac409afe8ecd7ce224269aed73647506cba69c08d0212dc4faded8cccff2942ee04506e8de6f0c38a2044ad914c5361f6bbe382387eb4265c0470874d6c8

C:\ProgramData\25A4.tmp

MD5 294e9f64cb1642dd89229fff0592856b
SHA1 97b148c27f3da29ba7b18d6aee8a0db9102f47c9
SHA256 917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2
SHA512 b87d531890bf1577b9b4af41dddb2cdbbfa164cf197bd5987df3a3075983645a3acba443e289b7bfd338422978a104f55298fbfe346872de0895bde44adc89cf

memory/4492-17531-0x000000007FE40000-0x000000007FE41000-memory.dmp

memory/4492-17532-0x0000000002480000-0x0000000002490000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD

MD5 ed455a014533c68b5e94f7538f1559cb
SHA1 93d2816a754ca11368a0cdb58804a86ee16eaff6
SHA256 153d6c199ad5b38c5972c19496e4fd8f138b11bb45d6efc82c4bc17e318a4aa5
SHA512 07904c93e19331da9bd1d9e6df3774128bdb9a1f0261520e8645c63b46e23f6c5e6953d366aa6c37c68e0e1fa04b21643b2119d5f731825d861b666d39947828

memory/4492-17544-0x0000000002480000-0x0000000002490000-memory.dmp

memory/4492-17563-0x000000007FDC0000-0x000000007FDC1000-memory.dmp

memory/4492-17562-0x000000007FE20000-0x000000007FE21000-memory.dmp

memory/4492-17565-0x0000000002480000-0x0000000002490000-memory.dmp

memory/4492-17566-0x0000000002480000-0x0000000002490000-memory.dmp

memory/4492-17568-0x000000007FDE0000-0x000000007FDE1000-memory.dmp

memory/4492-17569-0x000000007FE00000-0x000000007FE01000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-11 19:21

Reported

2024-03-11 19:23

Platform

win7-20240221-en

Max time kernel

139s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe"

Signatures

Renames multiple (7609) files with added filename extension

ransomware

Deletes itself

Description Indicator Process Target
N/A N/A C:\ProgramData\ADBD.tmp N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\ProgramData\ADBD.tmp N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\irpHHEyS0.bmp" C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\irpHHEyS0.bmp" C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\CONVERT\PAB.SAM C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\CHICAGO.XSL C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA02389_.WMF.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WING1.WMF C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SKY\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\irpHHEyS0.README.txt C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\az\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\CalendarToolIconImages.jpg C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PARNT_04.MID.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Network Sharing\ContentDirectory.xml C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\ResourceInternal.zip.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\SettingsInternal.zip C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\BORDERS\MSART12.BDR C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\EN00320_.WMF.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA02426_.WMF C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\en-US\Sidebar.exe.mui C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\mscss7cm_fr.dub.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_OliveGreen.gif.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099164.WMF C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\Part\Comments.accdt C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10302_.GIF.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14866_.GIF.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15132_.GIF.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18256_.WMF.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0232171.WMF C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\clock.html C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BL00242_.WMF C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Windows Media Player\fr-FR\WMPDMC.exe.mui C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\mset7fr.kic.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGACCBOX.XML.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME04.CSS.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US.txt C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\Java\jre7\bin\server\classes.jsa C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0287644.JPG C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Adak.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata_5.5.0.165303.jar.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng2.txt C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00423_.WMF C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\StarterNotificationDescriptors.xml C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\J0115875.GIF.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15274_.GIF C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0315612.JPG C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\HandPrints.jpg C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AN00932_.WMF C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SKY\SKY.ELM C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ko\irpHHEyS0.README.txt C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\irpHHEyS0.README.txt C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File created C:\Program Files (x86)\Windows Photo Viewer\de-DE\irpHHEyS0.README.txt C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14882_.GIF.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15059_.GIF C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107314.WMF.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\settings.js C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Lagos.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Desktop C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Desktop\WallpaperStyle = "10" C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\irpHHEyS0\DefaultIcon\ = "C:\\ProgramData\\irpHHEyS0.ico" C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.irpHHEyS0 C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.irpHHEyS0\ = "irpHHEyS0" C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\irpHHEyS0\DefaultIcon C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe N/A

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe

"C:\Users\Admin\AppData\Local\Temp\2024-03-11_0878876cddf35120735b78b595026fd4_darkside.exe"

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\ProgramData\ADBD.tmp

"C:\ProgramData\ADBD.tmp"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x154

Network

N/A

Files

memory/2456-0-0x0000000000120000-0x0000000000160000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\BBBBBBBBBBB

MD5 9eae36e218700600dd3f40333a87fe80
SHA1 8fe10c8ef1cff5d6ccb9d96a5dc65af87e58f96e
SHA256 2958d2187768ce8eee4248f998096ad7576076b1af3bca1ade4963b916df1691
SHA512 5c9d8ccb46fc63b72b9a002bebfe12335c3446128cd379e8a5e242d8095b3b5b8fab87e3b5426272047b287bccc7f56d559cceb05f5afee0eecf1df885104c71

F:\$RECYCLE.BIN\S-1-5-21-330940541-141609230-1670313778-1000\DDDDDDDDDDD

MD5 f2949c673b5d5e409b6f6700d0815828
SHA1 e7868d8de0a035c32fc2f51d2d29a718c7c0d6da
SHA256 9e92effeb0a1795d15b96d8aa07120110fb74c8f5c9ce1cad12bf570862a2bb3
SHA512 3bd7d3022efda0eeb79c07bedc4950b8bd2f2540f6fbb86ea77f773de5d10642e10546ca6186fe9419ca77e2a32c3fde534f7609326d6eddbf4b1eedea124205

C:\Users\irpHHEyS0.README.txt

MD5 2b1c45a3d04bb8f9388165562a1b3bd7
SHA1 745aa08f7fb10e67868db8fe5dea89a237a91a87
SHA256 03d0a1852f40bda9dd3a4f6cfe635544f4559965d2c2be0234696a5900b3b451
SHA512 8cc8fef1527a761416da658e99da5167e59bda30c47a6a1b2c14478d6615309b3536d193c4021d19a93444ba231a432dcdf8074010275494b070f8e89995f9cb

\ProgramData\ADBD.tmp

MD5 294e9f64cb1642dd89229fff0592856b
SHA1 97b148c27f3da29ba7b18d6aee8a0db9102f47c9
SHA256 917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2
SHA512 b87d531890bf1577b9b4af41dddb2cdbbfa164cf197bd5987df3a3075983645a3acba443e289b7bfd338422978a104f55298fbfe346872de0895bde44adc89cf

memory/540-11288-0x000000007EFA0000-0x000000007EFA1000-memory.dmp

memory/540-11289-0x0000000002360000-0x00000000023A0000-memory.dmp

memory/540-11293-0x0000000002360000-0x00000000023A0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII

MD5 4b59e824a2e060ca8f067a74ea5bef4c
SHA1 e7bdf4b434973c7f83d903b2588d65d3a22dfe96
SHA256 db7b38b6230885b462f6eed8aadf9c0cea332e66f7b5d4a28cd7a4329130daa6
SHA512 55bc6a5c30a97fc86f27da4321c1b6ac6ab61ba1023b7be81cc4e16f7b2fbed84861e1cea3658098321c432b7d3358e9828ea0eb929def5b6cfb30b9d9934524

memory/540-11303-0x000000007EF80000-0x000000007EF81000-memory.dmp

memory/540-11305-0x000000007EF20000-0x000000007EF21000-memory.dmp