8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6

Analysis

max time kernel
94s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-10-2024 18:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
Size

175KB
MD5

6a5385a7e3a32d785e5e1e3a6b75bd30
SHA1

e7a958a1ec25507ef4e7780f28cd9d575690438e
SHA256

8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6
SHA512

79326f406a834508778d94bef5001c130e5e9b16a7856ca78eaa42b92ba35a5346e3cacdb13f614f8a44c4d7f1797f9b73665240bd4ebdf6c3fcc01e2c076989
SSDEEP

3072:KyPqTYzh0M2jt3MuZOjr6GtDp5BKzF6PfZxFI20cRAp:KTmh0Tt5OfZpv04I9kAp

Score

9^/10

discovery execution ransomware

Malware Config

Signatures

Renames multiple (6637) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe

Executes dropped EXE 1 IoCs

pid	Process
3648	df.exe

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe

Enumerates connected drives 3 TTPs 25 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened (read-only)	\??\M:	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened (read-only)	\??\W:	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened (read-only)	\??\Y:	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened (read-only)	\??\F:	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened (read-only)	\??\E:	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened (read-only)	\??\I:	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened (read-only)	\??\T:	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened (read-only)	\??\X:	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened (read-only)	\??\Z:	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened (read-only)	\??\B:	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened (read-only)	\??\G:	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened (read-only)	\??\H:	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened (read-only)	\??\K:	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened (read-only)	\??\O:	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened (read-only)	\??\P:	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened (read-only)	\??\Q:	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened (read-only)	\??\D:	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened (read-only)	\??\A:	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened (read-only)	\??\L:	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened (read-only)	\??\N:	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened (read-only)	\??\R:	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened (read-only)	\??\S:	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened (read-only)	\??\U:	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened (read-only)	\??\V:	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\flavormap.properties.Dominik	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\adobe_spinner_mini.gif.Dominik	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt.Dominik	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul.xrm-ms.Dominik	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\dummy\adobe-old-logo.jpg	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ppd.xrm-ms.Dominik	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\Dominik_Help.txt	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ppd.xrm-ms	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\fr-fr\ui-strings.js.Dominik	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.Dominik	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\fi-fi\ui-strings.js.Dominik	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\pt-br\Dominik_Help.txt	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File created	C:\Program Files\Windows Mail\Dominik_Help.txt	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-pl.xrm-ms.Dominik	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSIPC\zh-CN\msipc.dll.mui.Dominik	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\server\classes.jsa.Dominik	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessVDI2019_eula.txt.Dominik	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\selection-actions.png	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-il\Dominik_Help.txt	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ppd.xrm-ms.Dominik	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f33\Dominik_Help.txt	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\css\Dominik_Help.txt	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\Dominik_Help.txt	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_nb_135x40.svg.Dominik	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ppd.xrm-ms.Dominik	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\drvDX9.x3d	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\selector.js	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_tr_135x40.svg	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\msadc\en-US\msadcor.dll.mui.Dominik	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CONCRETE\PREVIEW.GIF	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SKY\PREVIEW.GIF	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBLR6.CHM	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\cs-cz\Dominik_Help.txt	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-pl.xrm-ms	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul.xrm-ms	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ESEN\MSB1ESEN.ITS	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RIPPLE\THMBNAIL.PNG.Dominik	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SATIN\THMBNAIL.PNG	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files\Java\jre-1.8\release.Dominik	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files\Windows Media Player\es-ES\wmpnssci.dll.mui	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-tw\AppStore_icon.svg.Dominik	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ARCTIC\Dominik_Help.txt	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ko-kr\Dominik_Help.txt	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\RHP_icons.png	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\management-agent.jar	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\playlist\jamendo.luac.Dominik	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\SYMBOL.TXT	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-oob.xrm-ms	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1036\MSO.ACL.Dominik	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\vlc.mo	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png.Dominik	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_zh_tw_135x40.svg	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\nl-nl\Dominik_Help.txt	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\java.settings.cfg	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.Dominik	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\root\ui-strings.js.Dominik	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\zh-tw\Dominik_Help.txt	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\da-dk\ui-strings.js	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\plugin.js	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\Dominik_Help.txt	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
2000	powershell.exe
3392	powershell.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 19 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	df.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
4792	cmd.exe
1824	PING.EXE
4624	cmd.exe
1836	PING.EXE

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe

Runs ping.exe 1 TTPs 2 IoCs

Remote System Discovery

T1018

pid	Process
1824	PING.EXE
1836	PING.EXE

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
3360	schtasks.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2000	powershell.exe
2000	powershell.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeDebugPrivilege	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
Token: SeRestorePrivilege	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
Token: SeBackupPrivilege	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
Token: SeTakeOwnershipPrivilege	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
Token: SeAuditPrivilege	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
Token: SeSecurityPrivilege	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
Token: SeIncBasePriorityPrivilege	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
Token: SeBackupPrivilege	2924	vssvc.exe
Token: SeRestorePrivilege	2924	vssvc.exe
Token: SeAuditPrivilege	2924	vssvc.exe
Token: SeDebugPrivilege	2000	powershell.exe
Token: SeDebugPrivilege	3392	powershell.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
224	StartMenuExperienceHost.exe

Suspicious use of WriteProcessMemory 54 IoCs

description	pid	Process	procid_target
PID 3144 wrote to memory of 1056	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe	85
PID 3144 wrote to memory of 1056	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe	85
PID 3144 wrote to memory of 1056	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe	85
PID 3144 wrote to memory of 3588	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe	87
PID 3144 wrote to memory of 3588	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe	87
PID 3144 wrote to memory of 3588	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe	87
PID 3144 wrote to memory of 5076	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe	88
PID 3144 wrote to memory of 5076	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe	88
PID 3144 wrote to memory of 5076	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe	88
PID 3144 wrote to memory of 3432	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe	90
PID 3144 wrote to memory of 3432	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe	90
PID 3144 wrote to memory of 3432	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe	90
PID 1056 wrote to memory of 3360	1056	cmd.exe	93
PID 1056 wrote to memory of 3360	1056	cmd.exe	93
PID 1056 wrote to memory of 3360	1056	cmd.exe	93
PID 3432 wrote to memory of 2000	3432	cmd.exe	95
PID 3432 wrote to memory of 2000	3432	cmd.exe	95
PID 3432 wrote to memory of 2000	3432	cmd.exe	95
PID 3144 wrote to memory of 3152	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe	112
PID 3144 wrote to memory of 3152	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe	112
PID 3144 wrote to memory of 3152	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe	112
PID 3144 wrote to memory of 1376	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe	114
PID 3144 wrote to memory of 1376	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe	114
PID 3144 wrote to memory of 1376	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe	114
PID 3144 wrote to memory of 2948	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe	115
PID 3144 wrote to memory of 2948	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe	115
PID 3144 wrote to memory of 2948	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe	115
PID 3144 wrote to memory of 5764	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe	118
PID 3144 wrote to memory of 5764	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe	118
PID 3144 wrote to memory of 5764	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe	118
PID 3144 wrote to memory of 1004	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe	120
PID 3144 wrote to memory of 1004	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe	120
PID 3144 wrote to memory of 1004	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe	120
PID 2948 wrote to memory of 3392	2948	cmd.exe	122
PID 2948 wrote to memory of 3392	2948	cmd.exe	122
PID 2948 wrote to memory of 3392	2948	cmd.exe	122
PID 3144 wrote to memory of 4792	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe	123
PID 3144 wrote to memory of 4792	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe	123
PID 3144 wrote to memory of 4792	3144	8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe	123
PID 1004 wrote to memory of 3040	1004	cmd.exe	125
PID 1004 wrote to memory of 3040	1004	cmd.exe	125
PID 1004 wrote to memory of 3040	1004	cmd.exe	125
PID 5764 wrote to memory of 3648	5764	cmd.exe	126
PID 5764 wrote to memory of 3648	5764	cmd.exe	126
PID 5764 wrote to memory of 3648	5764	cmd.exe	126
PID 4792 wrote to memory of 1824	4792	cmd.exe	127
PID 4792 wrote to memory of 1824	4792	cmd.exe	127
PID 4792 wrote to memory of 1824	4792	cmd.exe	127
PID 3648 wrote to memory of 4624	3648	df.exe	134
PID 3648 wrote to memory of 4624	3648	df.exe	134
PID 3648 wrote to memory of 4624	3648	df.exe	134
PID 4624 wrote to memory of 1836	4624	cmd.exe	136
PID 4624 wrote to memory of 1836	4624	cmd.exe	136
PID 4624 wrote to memory of 1836	4624	cmd.exe	136

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe
"C:\Users\Admin\AppData\Local\Temp\8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe"
1⤵
- Checks computer location settings
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3144
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c SCHTASKS.exe /Create /RU "NT AUTHORITY\SYSTEM" /sc onstart /TN "Windows Update BETA" /TR "C:\Users\Admin\AppData\Local\Temp\8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe" /F
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1056
- - C:\Windows\SysWOW64\schtasks.exe
    SCHTASKS.exe /Create /RU "NT AUTHORITY\SYSTEM" /sc onstart /TN "Windows Update BETA" /TR "C:\Users\Admin\AppData\Local\Temp\8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe" /F
    3⤵
    - System Location Discovery: System Language Discovery
    - Scheduled Task/Job: Scheduled Task
    PID:3360
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c rd /s /q P:\$RECYCLE.BIN,Q:\$RECYCLE.BIN,R:\$RECYCLE.BIN,S:\$RECYCLE.BIN,T:\$RECYCLE.BIN,U:\$RECYCLE.BIN,V:\$RECYCLE.BIN,W:\$RECYCLE.BIN,X:\$RECYCLE.BIN,F:\$RECYCLE.BIN,G:\$RECYCLE.BIN,K:\$RECYCLE.BIN,L:\$RECYCLE.BIN,M:\$RECYCLE.BIN,N:\$RECYCLE.BIN,O:\$RECYCLE.BIN,Y:\$RECYCLE.BIN,Z:\$RECYCLE.BIN,A:\$RECYCLE.BIN,B:\$RECYCLE.BIN,C:\$RECYCLE.BIN,D:\$RECYCLE.BIN,E:\$RECYCLE.BIN,H:\$RECYCLE.BIN,I:\$RECYCLE.BIN,J:\$RECYCLE.BIN
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3588
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c rd /s /q P:\Recycler,Q:\Recycler,R:\Recycler,S:\Recycler,T:\Recycler,U:\Recycler,V:\Recycler,W:\Recycler,X:\Recycler,F:\Recycler,G:\Recycler,K:\Recycler,L:\Recycler,M:\Recycler,N:\Recycler,O:\Recycler,Y:\Recycler,Z:\Recycler,A:\Recycler,B:\Recycler,C:\Recycler,D:\Recycler,E:\Recycler,H:\Recycler,I:\Recycler,J:\Recycler
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5076
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c powershell -inputformat none -outputformat none -NonInteractive -Command Remove -Item 'd:\$RECYCLE.BIN','c:\$RECYCLE.BIN' -Recurse -Force
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3432
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -inputformat none -outputformat none -NonInteractive -Command Remove -Item 'd:\$RECYCLE.BIN','c:\$RECYCLE.BIN' -Recurse -Force
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2000
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c rd /s /q P:\$RECYCLE.BIN,Q:\$RECYCLE.BIN,R:\$RECYCLE.BIN,S:\$RECYCLE.BIN,T:\$RECYCLE.BIN,U:\$RECYCLE.BIN,V:\$RECYCLE.BIN,W:\$RECYCLE.BIN,X:\$RECYCLE.BIN,F:\$RECYCLE.BIN,G:\$RECYCLE.BIN,K:\$RECYCLE.BIN,L:\$RECYCLE.BIN,M:\$RECYCLE.BIN,N:\$RECYCLE.BIN,O:\$RECYCLE.BIN,Y:\$RECYCLE.BIN,Z:\$RECYCLE.BIN,A:\$RECYCLE.BIN,B:\$RECYCLE.BIN,C:\$RECYCLE.BIN,D:\$RECYCLE.BIN,E:\$RECYCLE.BIN,H:\$RECYCLE.BIN,I:\$RECYCLE.BIN,J:\$RECYCLE.BIN
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3152
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c rd /s /q P:\Recycler,Q:\Recycler,R:\Recycler,S:\Recycler,T:\Recycler,U:\Recycler,V:\Recycler,W:\Recycler,X:\Recycler,F:\Recycler,G:\Recycler,K:\Recycler,L:\Recycler,M:\Recycler,N:\Recycler,O:\Recycler,Y:\Recycler,Z:\Recycler,A:\Recycler,B:\Recycler,C:\Recycler,D:\Recycler,E:\Recycler,H:\Recycler,I:\Recycler,J:\Recycler
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1376
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c powershell -inputformat none -outputformat none -NonInteractive -Command Remove -Item 'd:\$RECYCLE.BIN','c:\$RECYCLE.BIN' -Recurse -Force
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2948
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -inputformat none -outputformat none -NonInteractive -Command Remove -Item 'd:\$RECYCLE.BIN','c:\$RECYCLE.BIN' -Recurse -Force
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:3392
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c "C:\ProgramData\df.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:5764
- - C:\ProgramData\df.exe
    C:\ProgramData\df.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:3648
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c ping 127.0.0.1 -n 5 > nul & del "C:\ProgramData\df.exe"
      4⤵
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      Suspicious use of WriteProcessMemory
      PID:4624
    - - C:\Windows\SysWOW64\PING.EXE
        
        ping 127.0.0.1 -n 5
        5⤵
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:1836
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c SCHTASKS.exe /Delete /TN "Windows Update BETA" /F
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1004
- - C:\Windows\SysWOW64\schtasks.exe
    SCHTASKS.exe /Delete /TN "Windows Update BETA" /F
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3040
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 5 > nul & del "C:\Users\Admin\AppData\Local\Temp\8c811b3c0ca435fc3510239e318c76c5978ab537a3c912bf74bbc60f182937d6.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious use of WriteProcessMemory
  PID:4792
- - C:\Windows\SysWOW64\PING.EXE
    ping 127.0.0.1 -n 5
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:1824

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2924

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:224

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:2980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui

Filesize
5KB

MD5
eec0f28fc4bde96aeb7d8540ebc1ff58

SHA1
20fe697437f6f73a03bd0f7ea79b83f4f98973d4

SHA256
05274d0ee77ce425473a8b13c19f85096b16a29554d31baf5be442d3754a25ca

SHA512
dbd0d76a11a07a1222bba0417be2565cbad354e64a908f8d5a7dac5ad6ed90a04faf6c52fb95d7fd6fe36ad1471b92a4d06deca176951ec574f02e41a1996287

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui

Filesize
27KB

MD5
f97a53b4d2510620f4fb081639d72703

SHA1
a7c4cf766b8ff1231daeccdafe366bfb7ea078d7

SHA256
bdea86f2f1229763044c414e1a518acc51380dea770fe7edab164112ebd0b60e

SHA512
9ed34086c39384bd4b1c1a607dd6a901a57eed04469a1d27200ad0ad1c6c156042f96c3830764a3d0bb79fbc2086ebc30e7faf0946cd9a719996e805ff0cb50a

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui

Filesize
3KB

MD5
910de58508350b8aed8d45b3714b3695

SHA1
f8211571eed91e7cf5aa07f8599bdce41ee4532f

SHA256
7794c6bc7f8e08666b060dafc23f5c11a014c63b0b4d5447ff98e702b3419544

SHA512
7302baef16ed8e67e49df8dab66e4e93b1ffff6f2673a4e95769f9c13653354cf7e30b31850694031640169b16c9bcf8da9a1954756a4a1188c57f358130bc1c

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui

Filesize
3KB

MD5
6ccf4c0f6d3db6fcda833f063f7f0d2e

SHA1
916c17948f6353872fd6851fec467586e14e2128

SHA256
aa49e39aa6c75c450bb77ff5482bf05423bfba7a5b257ff662dfd82696831236

SHA512
21e97b05455f1564a6d6f95815772e034fe41bce640640a2c5fb53bdb83a5bacf0aaef9a0a43282bbb8d1328362daca5577f72b18ebde305d71d2eaaaa36d7f6

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui

Filesize
5KB

MD5
62866ed24d7384e350e464fa57918119

SHA1
1b023467f1f5178b0e4703f4fb5fec32b4cdf574

SHA256
5f24b831af241e5a8e8bffffeae03fe237644325e40dbffaf7fba267cae89000

SHA512
9dd1d4ea74c78a8e45e615596431cfda27376c65d08b16465d68fe9b8c48c2e1d168f14e66a85fe70e3b4afcf44fe211e0835598ad281624467ffddcd3cb95a8

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui

Filesize
24KB

MD5
8ab70b62d786f8eaf38ff0526b0b7aaf

SHA1
28c7eab59c6509c829feb18710478e0bb74751d6

SHA256
e9424d93e1808772c9ab0c12a392c59c29ed9573f7c7bc010b474b4c11e7b0db

SHA512
be3be3938b892bac54f776e68e11c71eec0814da3a82b4a28fe5f16d5461450eb735747f1a2e4b66e77781c24cc7a490f97d0cde2dba05b455b5dba4941e6be4

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui

Filesize
3KB

MD5
3479050ee43f84b172109401002e7ad9

SHA1
fbadd124bafe5a662cf25e943f6acb950b556b34

SHA256
c10b4087186273fd5fa515ac5a33de5508ab9d3c9038ebd6f32eaf00aaf22bcc

SHA512
a7783aff3837efe5933880af8c12a6893b8186b906908b4e3c43befbe8dd4fbe6886d01f720ceabb328dfadc7709fcff59ca8a607dea4dce8ba41dd8fbff03e8

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui

Filesize
9KB

MD5
adc1080f3e3a9a9cdd4534641490876f

SHA1
65415a5df94733170c5c5cc2c3ad855e9e24d4ad

SHA256
e913ab61ffe53192680a1d7605702d1349cdb1e37b6d0a0f5612bf0609d55b07

SHA512
a0b47fc3f4cdff8f5cac8db11811cc4ee728f42c85661f99ae39e405aef7db6fb7d746b4b8da7fbe657f165344c62c949d20f6c8c55587699917cd71531bb8f4

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui

Filesize
3KB

MD5
96a32eb81cc3fb1271f15cfb75abdde1

SHA1
f7b68b41a3e723dba44af25f955f4883612ce4ce

SHA256
664f8b567fba4959db4eedad8d43a3d308dc4eda62bdf5fe3606bbae2607020f

SHA512
68ed591543d45c0cf81c96da64e37a1aac8ab4f2e6bae8345a3250fcdf503102c057216f19f24da1353d891cfbbf14d6bbe4291f200e48d8034894bf78b40c46

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui

Filesize
5KB

MD5
c6f52409ec17d7b5297665ec2e8136fb

SHA1
7e24155b80cc87782ff4fd789ab9c433ed416757

SHA256
70103e6edabc7d6cd094a1108be05f106a7224669ca37d216aa35c9527291603

SHA512
5d326e9d0b9a65a93cab15d170d7585b03fc189f5dcd51fc974ee5b204446b2047d1114bcb8bd7a28a29191c0782cf0c698e62cac4b13728777b91855be0e8eb

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui

Filesize
27KB

MD5
a2c7b4334ccaba55ae7f30de83c2e740

SHA1
4701a4382eed902d0c7590aec1f63fcaff3db52c

SHA256
ed09709a01b912bbbc2267d1d3eafbd0224405b822c70a411ebf713be7f77274

SHA512
7e230d977cb75400c17217fc8dfed39ec28380bb0e81e9066b1e252b25d5c6282ab175d3e238006093108a5b7239052e0cd8b66705bb0fe6d1f43030e1dc1305

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui

Filesize
3KB

MD5
736c0318711465eb5ad9e48109df38b9

SHA1
61b32aa67a933c78a249d6cab6a38cfdaa172abc

SHA256
8805e7bc55347a98c28e0cad1f9121f03e5409d4b31244ede9a22c73b79689a5

SHA512
3fa09cab8d00fedbf24950043252308854aeb44e09b3b431397e9c18d9ffb53e20c7173f11eee8230be22943385c39e6c8e0611936617e74bb6ff63e8b3b0881

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui

Filesize
3KB

MD5
0e456644114f6a752664d66487584648

SHA1
1abdabec7fe5b020289a0507c8aa4078ff6761ac

SHA256
08f1b4b4e366d9048786d06fda980de34e732398b4d4303d51c221a796a1a084

SHA512
7f96362aafaf9275acb0d3b5b4ccea216f6d95e7ed38592da0d59e71a74f49ece3cde88cfc79a21d1343dca5c5310e3b7dc336d1a073a5d532624a90fdc717bb

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui

Filesize
5KB

MD5
0a67c5bd704173f55e25a72f944f9a2e

SHA1
54a9c497dd91d53d5fafcf5a14b86e965336a614

SHA256
5904a43112faea562e2f3d131a1ddd5b5336918cabc79e804ea67d3ffb14e58d

SHA512
cf8a64ff19983179d0a3df6c2226f5cc6c3a55c048668bf68cfb17af5837ffeb6f56c330f218b0c6f89e8a94d654a638809c313d7cbf577864563b4586f3ee42

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui

Filesize
27KB

MD5
b16f9eee34abe63b73ff03a5d98451d8

SHA1
f07862c7853e0419aba53b66eb53eef6609d462e

SHA256
cefe3056b6c3131c5ef631af427379f557d1c555370950ddc22c33ecd2cdebb6

SHA512
a7861a7a084bfc8da536315d4eea07433610b3e89d9866510a5ec6d9f197cc2c544bb31074a00243704af253318bf87bcb3171972611696c00b7a4d9f55d7062

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui

Filesize
3KB

MD5
2d486cd130255810974dfb4e986c4270

SHA1
5410a1583ee759739bc4d6cad5691a51ff0b8713

SHA256
12a155d6f1ffe496458557ca22997367c0716c341e1497b1f715b5b6e207db34

SHA512
1f531845ee8ee84351b968c1ca87b319951da6849003ee3914c6c0893bb998c09b84a6e63d8eb8fae58841bf03bf3a6466e0c6b09734cdffcf0cc28aa26cc6bb

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui

Filesize
3KB

MD5
229d0b94931974c7896bbededc37c1c0

SHA1
1c97d16f6cb2e199a87f2d3986d7e84814567648

SHA256
beeffb9ad246fe9c86fdd584e4c1f5d0632418e4929e5abcb0b4076b2f5e4a4b

SHA512
94abff600d755cb5b5f61f3c1b0a138d1e95cf787a953fc856d7bafc61c496f2ab74c95878d8b48105b164e6ebb628a430754d6eb5dba3657f2598dfa75db980

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui

Filesize
5KB

MD5
1f18c8e8d255868c24810ff3711efa5b

SHA1
fb1eee023ee7c15c9f0e332c0392d354d030360e

SHA256
b1aa52be6bc544c62bc7770e27874864074f823a1f47efe6028a84bbb7420ce0

SHA512
bbf4e7d9299967a5f9e7c3de30e948bb1e0cc628b473d4f16d869033738d6c2b4d0a92b8fa950671f6e71eae42d949a5fb3a73183e4fa7a168e78a43f71dad0a

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui

Filesize
27KB

MD5
a214da5105431df73cac62e24fde1c6c

SHA1
28a7a02b58cd80dbb171ec174ca292b5a089791f

SHA256
dca9efeb30b7dbdf63a285bc4653429b72f60af6a71acbaa56e3cf76e01800f5

SHA512
6bdc1e12518e8c912851d82ffb9fc18885844985ff1baa13753047d886d3a0e7a94645f4545c38d4a2981d05c4385b9d80474602cecd5222273e0605d975ac4f

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui

Filesize
3KB

MD5
456c59c2cd76a459a079c9470d905802

SHA1
54d9f351e965be396bdddda8d1cd5c38f8e7cd60

SHA256
e62f684bed39749a7138f32b807cd2594f84c4ae900fb1dc053cf44d46551cd2

SHA512
0e1ba94a609d00321f9295e307c0a5a23feb677d04d156f310b5f9053f3a2551018129274aa7fcee073045674526001634f3029e0f77ef4d6a9bdda6fe6b986d

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui

Filesize
3KB

MD5
3c09f962d91ea844b82f4a041a00a8ba

SHA1
9dfb3a6bbe3ce1cbebf069fc1e44d094295f9274

SHA256
70530a6cec3b1aaf50ccd182346f41fc67d5a84ef5930e07c602dd4277e42b08

SHA512
8aa9873f941f7737d8007fb37b98677a4471e6d81bbaa771c937d2837421428c46128fcf4e703cb514fb48597b86401363882900f68b4f9751e17da1f29b9686

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui

Filesize
4KB

MD5
6d1bcf6887b593109505e3ba21ace3dd

SHA1
94d251afc6920124de9860075f850c59dd8a4ce1

SHA256
c37e3c6cb467425543ab046f60b5915c357d520af074b1272f248d85b3f9a526

SHA512
e07fafc971af5191f17f202357ed3c34df5c13b6430475284d703663324884b767f50f1e3d78019668db44cf0656fabb18fbaaa1b9c20d08a2f25a1c6910cab1

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui

Filesize
16KB

MD5
6f619327f0daf90e23f85bfcd0d18db2

SHA1
d28916c05ac9eab78a1a250105f4696df7f01198

SHA256
16f5fc8959519ca76bb486d9c2680fcb5d4f82dbb9ee0dc9f6b2f687aaeddad4

SHA512
3191878ee40828529aed6adf3db0c169a1d12648b680247759a4cb2390454f8a54edba2288bf50d105dff7cdb106acca0437a0e1e3c6966be4f394e864e5db98

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui

Filesize
3KB

MD5
0efe2e07e5fa113821c31f4b6a8f9788

SHA1
59aa1191d85af11693247b41c1d0fbcd57c71fb2

SHA256
5d94051cb636acd35091fc0e7535cac08284cb0ad923bdfed77f4922fbc265c1

SHA512
adffa186c95220e262ae35e83208b512c7ee66ba0f6d84fd18151b037c8754a2ae0debf2351e8dc3461a6c01ce4c51f3e32231a399c8c2646eb6174e91106a1d

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui

Filesize
3KB

MD5
3a83e739ea5d7c49e198c6f9a5f9ad45

SHA1
951afb2a1ad42612d3bdb5b46158eaff0d861bb0

SHA256
f2b08abea7c82196a1b9458b2407c7ff2b1529b053e67cab28a8d3add0aa5aff

SHA512
46e596c2176650bd774ed5a13b4ba5d51ab7ad50b7644b62e735c3c331c28ef17e3d9e8a33d0e1497039226f23c7549b0c264fdd5b5f4140e54f4376b81a9bb5

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\uk-UA\TipRes.dll.mui

Filesize
26KB

MD5
32dbab9298beda9275562b94043d998e

SHA1
48e2d1b058727ab2c051f9a21a49dc3f8f9802f4

SHA256
d71fd60a3078e3fef54f26a88935204b0a7f38494eb8766af4e7d4bbc1eccde5

SHA512
f89ac54f79daad99d7f4dd0275213d42100b33ec9ac4f248d451c848110807d5ae623034d9f920a79dcb84384519aa2499fe94acdd0a26ce35e70a1e723cfa39

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\uk-UA\TipTsf.dll.mui

Filesize
3KB

MD5
a96f9460fd7bc57a8c98a87caedfe240

SHA1
44b4c323d3952218050fd00762b9e980ea46b0d2

SHA256
220bd9d0411d2864de21db75b7dc8efd89db940eedbe3ba162d554100cbb6766

SHA512
9db0fe4becad273b6c4f71c4011150350951d8982f83f37108acae72e6fd053041b7f9f4e98785672eb1e00ecfb9460a800df28d0eb0ba175c8e582079b2d0bb

Download Submit
C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui

Filesize
56KB

MD5
55c123f41e6728d992cd11f14eedfd80

SHA1
979a1ce2819c27de51ebc403858ae5ebcff1dbf7

SHA256
53807e3e76147a226f9eb4f0b9eca9fdbbd77340eabe8257ef73d066be499f62

SHA512
4174728a0418e3113fb01bf82961525c76771bc0f476b0bd34a39449a06a238d3e49fc7cf95a6de37e4ce111d13f2f5e8d9618fb215e06c80b4ebd02159e8d60

Download Submit
C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui

Filesize
47KB

MD5
a1515289e1fc9e2c1810568278ba3fc2

SHA1
fb03864052ec7403c31529541fd4762f74d1e9c2

SHA256
791fed636238b8bc5eb64d31566932b4897491897b6a1b7edc10804b853f410d

SHA512
2a2084004c5988f8a1ff7a2cd3333e0d3c0a154d54c71e6d619d6133609daf473a1cf030e69e9b6ad7c52753f082e2125d47fea11dcb99180829eacf0109b690

Download Submit
C:\Program Files (x86)\Common Files\System\Ole DB\en-US\oledb32r.dll.mui

Filesize
47KB

MD5
eb4e71ce993da1dc266d389b42184c9d

SHA1
7c7b93eab328c79e280d97eb385bc100f493d870

SHA256
a3d57f500f9343c4274f5c081d90a6c07a280b9eb9344173293ff606ab501c1b

SHA512
49b8596b61c599160ee491633c0c17ff238be5ea816bae5dd73e0694570ecba83aa32ee6a3fba7ef3bf9c21856b8cde1750e64f9d0f90216ede969de20f34801

Download Submit
C:\Program Files (x86)\Common Files\System\Ole DB\en-US\sqloledb.rll.mui

Filesize
43KB

MD5
10f906bf39859985f5e9ff9c6610eef6

SHA1
3362eadc07df0bb49b058b369c77d33bca824889

SHA256
cc06d7bed8e5919a322e68f737c087d9b2663e8c462c068b50263c9bf8274910

SHA512
f235535a3004f429a6456543288679e676d870a83cce2a59df9521b01fdd4a2dd31ff1f10f71ae2b93b897f14def80bd32f634eb9310027e121a7ce5aa1bb0f6

Download Submit
C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui

Filesize
53KB

MD5
faeacd07eda429c61b34a9071db1e7f7

SHA1
d5c5b2104108b6e062fcf69a1315093e4ca540d5

SHA256
9c5a2e92b62390d5ab854ec3794087e0590591bce53490da9acbd52a5bcea2b1

SHA512
4edc3cacc2b95b882db16fd2d4b17a773c1a63b55b196c810579ca0d274bbe7723c5c836af7921f805f9a4ac6e9242a4f965edf3ec27807039b6caf8aa93bd83

Download Submit
C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui

Filesize
47KB

MD5
aa7a2d00be5f0f2f62bfd88592867ede

SHA1
520bd40b77befe37a9b112df74f5ae0949a2911d

SHA256
5f74f401076f8707f76047352749634fd48489ee31092f7370d109212a5b338d

SHA512
e64b96c63313bdb327eedc3b88335cce21cb61d6e8dfaf632e7fbc621ffae094b52c0b5463d0936ba56b712ef87079ae2afacae47f2ec54bbaa525753987c06d

Download Submit
C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui

Filesize
57KB

MD5
fae44f47b6dcb64c7d93cb3ef9833d63

SHA1
0340d774eebbd7f7354d734ad8cf9f5059923569

SHA256
5eced8fe02f951cb8a9de642ccaece5aa21ec2f1c2709d4638791287c27d16e0

SHA512
9818a99164e74041b27c900942c5ac970381892be1edbf2f6194e992733ea1116a6db7fcbe1e4363adf7085bf2aea9678515e61645e7be8eb741e9edec923fc3

Download Submit
C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui

Filesize
47KB

MD5
ba052f228137667c3390037d6d52a8f9

SHA1
90a11e297873d78303f36ac7da8872e704f8d445

SHA256
1db4b5f4f9b869034645f243cba0cc02f00cdbb9896b3f2e0e877eee096c7fce

SHA512
d55f0f6e6d5f863c2e5166a82bd970e180fb5b777fc0cc0988de233acdea41845a5fedd7a31a4f26ca33d20c9f8d760a83a88d1a9f04165c6624c5da6d7e5cad

Download Submit
C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui

Filesize
54KB

MD5
9168ebec313367031a01c365c1ebd021

SHA1
09aa5095165e122f023ee17d1e0da659e0b66b48

SHA256
70185256c1b7a18c00a678602cadc22b75616bd7a32e5a1004a26591c0ae347f

SHA512
16f6e78a6bfaf3aa89604460e3e1f42a07257c883fc88b61b2ca60798f242000c38740cdd11c7cdaf681de28dbd6561e12d34fd4bd9730d46bfcb1cc9ec78df3

Download Submit
C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui

Filesize
47KB

MD5
f1433f0fa6b209591082a03a828439db

SHA1
5d30ed9cdcfecb74bc7bd58e2585603fccdfe9be

SHA256
82f27039f9df49912d64ece68f844b905375b10f9c5a6982bad1e18c21abefef

SHA512
3a3a5cd3deab580379a63235d3277a31169da0fa5902a7de2a7ac18a55571b125587c71b2cfe4502164799874cef20f8b74794dc7fb9dfab7de3c34d757401dd

Download Submit
C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui

Filesize
32KB

MD5
affaa6b98d913294338be14e570b17c1

SHA1
7fc12f9040c1a3248c3ac6671efee4f8162cfca9

SHA256
884c6899db6906de555f254a903e0786ac4206d57579a3c9f2310ab42c0be8e1

SHA512
71f14913a4c2bddfb0dae7d4da92a1e9732b89559af1f4e57791b1160af2f5188b1f30603cd6e8ef6fe1a225642aa34ae84dd952df2e5cffe8aab4ad039c5204

Download Submit
C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui

Filesize
37KB

MD5
1444d6947dd71592873b301750302a34

SHA1
63a606d6bdfe9c38ad45e89418136fa7999642c1

SHA256
968751fb1e659ea149f8a030912a071599bb38db406af8fc023b4942af427e7c

SHA512
f50628a27bb91cfdbeac09c014917f89bc15367cc4eb0b557f0c78e16ae648a28ff7fa7c2d025935ab254a0c76741373c5215f8105618d25f0ace5adfc6689bf

Download Submit
C:\Program Files (x86)\Common Files\System\ado\de-DE\msader15.dll.mui

Filesize
20KB

MD5
5f6f9e46787a14cf6d9e0e3becb2aab1

SHA1
df69f442eac0fe6626b601f43eb5d82dd41e9fe6

SHA256
8687b0bf7e0a6041973c69428be8ac73deefe71bb3101e8dfae8796b1d5d152e

SHA512
8facf62c301d74c7cac23c7a39fd3c2b807beb63e96fa865113fdd8d8e2139f95372da366731749a987f8f0b35efea9e4e40a06b1f377054037b9f94490d76c7

Download Submit
C:\Program Files (x86)\Common Files\System\ado\en-US\msader15.dll.mui

Filesize
17KB

MD5
a04622c312df15c1e18807d3d2cd20c5

SHA1
bf622090fe7e7e4f81b7ccf6ddcaaa10ed5fb754

SHA256
fd2b260cc6f0e38cc49f070f4d0745e0cd4ddd3a204448532dc3b4f8c9ba2e4a

SHA512
a1d137f30809917b1d79e19e4a2761fbcc5ca2439a8078919c54e06dcc351e6e527f45a726504b4d729565ea3520307eb8d1e031c1e58f607cd569a70da7a2bf

Download Submit
C:\Program Files (x86)\Common Files\System\ado\es-ES\msader15.dll.mui

Filesize
19KB

MD5
2df591628962e047ae58de54f629cc51

SHA1
01487fb60513df848cacfd86461767130e0a584d

SHA256
b1a0638d08fd3b46b2030262d9461243d132a2fa1f6b7b431f73ef594a4878f0

SHA512
6feaa1b013e146cd4f9d7109a76c397c93fe3999ec0a0e0846bd1f96a063eb593372e3bc8a6689955f3767d2a41de2f4cb3404243cca11439b513abb3919e77b

Download Submit
C:\Program Files (x86)\Common Files\System\ado\fr-FR\msader15.dll.mui

Filesize
20KB

MD5
397f23732c8a310f5739363d715477df

SHA1
1673e640c6048f57e5ba13d81b7574049dd2e48f

SHA256
ac57fbbb02518dc530d6026c49a2032beb62d56f127bb26d7943dabd8dbfc04d

SHA512
b046dd53bd1a3fed66fe79a2fa3a04ef6617aa9f915fc9f5eeae4ca8bb0052e1584e7068d1b53867d92b0867df6b1947ef0346368d4e6ff683f27c6b27d6a3b3

Download Submit
C:\Program Files (x86)\Common Files\System\ado\it-IT\msader15.dll.mui

Filesize
19KB

MD5
9ac389b24dc86ee341707012a1aefcb2

SHA1
1dcd147100b67a4de09084e19871183051c2fead

SHA256
e76f956e8f8ac259e1e382c70e2c64bf184743a7b6bcc35668ffd57cdca344f4

SHA512
fb571f7d5695610a0678e2df9ed613252e88abd8cd56e708f3c9e6697f714679d8b3c557c7e8516e6671362f4d9aac42b967303b66b656e60cbd7e6e579db5e5

Download Submit
C:\Program Files (x86)\Common Files\System\ado\ja-JP\msader15.dll.mui

Filesize
11KB

MD5
98d8d678b666e5cd0d9b29166f12c7bf

SHA1
c476e0af743291bd321bdb5ecf638b8f8efbd1a6

SHA256
f605e4ca5ebd8f40f4ff2a7fec58f5a551cc6af36840a661bd51595bcece1609

SHA512
9308dec0a78868ca15e0448980fb59e130ead4ef68e3d426d76383eca0ab597cbd3600a7695cb25869ec89f6e472902272696065d909fbeb90e38d4bf8f02d24

Download Submit
C:\Program Files (x86)\Common Files\System\de-DE\wab32res.dll.mui

Filesize
102KB

MD5
0d372a26fb9566c33152b6ad4a231cb7

SHA1
cba47e52aee0fa37873a5cdeff830f416ef696db

SHA256
b1f661bb10516528412f65ff17f72e0d3f058b6c3cf5fe3864e4caa11587b474

SHA512
c7bbbd9f59f13e325efb2b3def0586e54ad00a6f86a5ce1a95bfac8150ddf1387a16ac850c0de1a7064ad5b0ccebecdb79909ae24460711feb90fc1c8fa93890

Download Submit
C:\Program Files (x86)\Common Files\System\en-US\wab32res.dll.mui

Filesize
92KB

MD5
bf4ebeaa1cd87fcc94fd26bef9dcd036

SHA1
0966d1af909ea30fa69014c5f8a82db0f07bc0d2

SHA256
3507716fc660fa157539db1af9fd006b78e66361d35d4bf5d19367169ccc430b

SHA512
83c357ca1de5e03cf4e1a6487c3bee45c7b9d99d17faf181077f2920c8c9698b189b2ef1f94501637d5db68eef16a5955f33fca727535e31852fe81379682974

Download Submit
C:\Program Files (x86)\Common Files\System\es-ES\wab32res.dll.mui

Filesize
102KB

MD5
746c6a9e34d55d82e19c0af62f3854a6

SHA1
50d71e8503cb0adc2281a684d6481f2b464db82a

SHA256
e3681f65baace632f5045e5b7a51897e155e6cc487e111bfaf75c711f249383c

SHA512
02c3890c55a6bb53da236482dcc98332365f8abf5bf27aa221ed0083d5d1066579fc6e67522094701df2c5c7f3da92daa2b00d8be3ad8177647c5e890645106c

Download Submit
C:\Program Files (x86)\Common Files\System\fr-FR\wab32res.dll.mui

Filesize
104KB

MD5
072b4158ffaead1563670322dda96007

SHA1
52cff80d2156622a5fb799c11d2291f0e94d744f

SHA256
a554da0b46221558ab849901f539f73a37d1315bbcd41eb3f396e9c748a3c873

SHA512
893d47820ee5adfd8fdb0bd2374ffee7fbaeb76b9e742f3438d5d99b0c70e3b5145b4c9f8a2bd128071ffd044092b38332ef19d08a8f96c788fa97536163ba55

Download Submit
C:\Program Files (x86)\Common Files\System\it-IT\wab32res.dll.mui

Filesize
97KB

MD5
d535d52cd0214c580b64ebd3e32ff1a6

SHA1
09cddb3f692730fa893d1d8207d87780803a0858

SHA256
38d969ef6808a2def884bc0c808053d1179811f5dc106c713dc7c2118ea3628d

SHA512
04d79cf2c5ae49d65f21963c9ede2be77d0eaf2857837a76ef41da93bc318771ec625ab366b77c26bcc41639cb4d440c11cf3f301e38e5c22317be2728e8556b

Download Submit
C:\Program Files (x86)\Common Files\System\ja-JP\wab32res.dll.mui

Filesize
69KB

MD5
aaf65618fb0daeb5a36e22ebb4647ffb

SHA1
8e9fd701bce01b120bf6445fd45b3ab912d3633d

SHA256
6ff5cfe535fffa399accb50ba3a1900273dc77b92e200497191305cd24d3d88b

SHA512
5b3bae60e2a3de6462366dd1596ba3d9572448d1f687379a398da65724b1ff59b9506647b54a375fef3b745c5bf1509a4ec7d3c5f5d94063f8be4841b7a2f804

Download Submit
C:\Program Files (x86)\Common Files\System\msadc\de-DE\msadcer.dll.mui

Filesize
12KB

MD5
7a113664a952caab3c8d9019029edffe

SHA1
e485496dbdefdf46b79c47c4b41aecf37ff42e19

SHA256
280f2edc9cf50f70567892389f4aa30e9ccd02378eb194de72eff2f77036b5f4

SHA512
0fb7fe74485559e198b8d17dc986686178829e7d4b44750abbc508b8a6eea1f307c32ace8bf9a50e2721b5038a65546fba32e855f5242d23e1dcfdf393087e25

Download Submit
C:\Program Files (x86)\Common Files\System\msadc\de-DE\msdaprsr.dll.mui

Filesize
9KB

MD5
70573a11e796e94a1702455839156019

SHA1
e1ca279ece69fb9cb2d77e833057dd2e9f9d3fe2

SHA256
50f0dbbee96de8c2f1111304a14e98ca3623c8577bba04ab4fda1790ec94c9e2

SHA512
a01a2ff4320c06c812239a121f4bd2dacb65358429ebc9d7939d9a31f2d5409595d91f1ac57d3b38e362613baecf71d90c860700289b0437f705f8bcc890952f

Download Submit
C:\Program Files (x86)\Common Files\System\msadc\en-US\msadcer.dll.mui

Filesize
10KB

MD5
81373d9a5d65b069a508921697161ba8

SHA1
9a3a54e211564dad730d6fb5ddb81d58d0027ac0

SHA256
26c34a5b303806699683f7d2c89e6eeebfd2449cc93e954a1aa40163cfc3c270

SHA512
d2d1251d895a9d4721dbb76f35e27d111c3f99f029e7520516964187ff9fab0fa4e6e9669411c6adc9d6964fa76723dac07522966c200e8204925d326441ac6b

Download Submit
C:\Program Files (x86)\Common Files\System\msadc\en-US\msdaprsr.dll.mui

Filesize
7KB

MD5
514436e3c7e03d0a68139ae8dd5d5dce

SHA1
4bab6382237a1a783d80ef078e469c1a9be97746

SHA256
9083f5530b7ad6a6830e0117083e872d93544dd4a7b64d32de227e5ead5249ee

SHA512
86ddcbb73bf44bf1fa339911f460e7ce0f7a5450f9314b7136f6ea5ad433bddc7f12cbe96e100a092a929504493d562f415f4d83a05cd06c8e5febf07f34f3fb

Download Submit
C:\Program Files (x86)\Common Files\System\msadc\es-ES\msadcer.dll.mui

Filesize
11KB

MD5
80d0786dc87ad1630f20212b4727c2a0

SHA1
7b7aa06961102defb5a436dc4929e34cd5cf9920

SHA256
8c8e7cf2c5734b98370e9f41ce119504ac9e7ceee4cc48bbafa7a2b1f3e21edc

SHA512
b31e7cd2ffa05bfce9341ea43adad7f343a9690245e32f713944cd50c4b6a2b7415a85654b51da7af661291cfe7ef2194a1c8907228ddd9a085ce68d1ffcb433

Download Submit
C:\Program Files (x86)\Common Files\System\msadc\es-ES\msdaprsr.dll.mui

Filesize
8KB

MD5
0ed9c525f35d5f253c20962ecc4bb8e1

SHA1
887f06894f3ec80f3a82d729ebd5a3a78e96327d

SHA256
0554955b8b9dda1cf062b5acf2710643d40ffba811e108710e972af2963ba233

SHA512
fd13cd12334abb49b4e0195e7abeb4b8d3ca3c2d345610855d4a940f5cf7ffe0608e18b59e83cb3958ed18715461de41b2c58e822d68aa58db4b82443d281056

Download Submit
C:\Program Files (x86)\Common Files\System\msadc\fr-FR\msadcer.dll.mui

Filesize
12KB

MD5
a98f9484bdfafe7707fe3aec9986a6ac

SHA1
6a2464a2a5b80a84fd4839118c3a98b5766fbbbd

SHA256
2a19fb3880869e0196cbdf716bb01463d3a2475d61d036e538097bff75011be1

SHA512
5babf2cadd017402d3ff2946973abebe820844828d98a03e166f4e8469ebd8d79ab6361ea741d4b3a2e985cebb87fcc9ee4bee8f107060df184f031ef6c9406a

Download Submit
C:\Program Files (x86)\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui

Filesize
9KB

MD5
04532bcc56ca657fce55caba55697c72

SHA1
8f45862e1dead36cc43f03fa143eacc50ebae124

SHA256
2b91889e52270ca65f3b4d99e6d95d5985f208c8b898eb308e231419fadded14

SHA512
bde32b41b7fce4242c5f9f7da137e38036760a07061c1a40ef39adb22e70b3d08ae1858cba9a7f24702f54aa5eb6500665e8ddac301a193dae1093a6416f1a9a

Download Submit
C:\Program Files (x86)\Common Files\System\msadc\it-IT\msadcer.dll.mui

Filesize
11KB

MD5
1f5ca9fdf274cb9f4c8fc8b9c1b751b3

SHA1
36d60acbfdd04914b1738060a5ecade98357ab51

SHA256
1b101e2a1ae74f85cc13ac56090948efb7199465ee9dec29470f957f96b9559d

SHA512
77eb984f550092a9938c31e122047dc65979b7c2cb3363bcc2f1bffc76f27ceb72c71bb309a35dc533a40902f59f8890e7a50a4ceadf5b433f19e8740a79c90e

Download Submit
C:\Program Files (x86)\Common Files\System\msadc\it-IT\msdaprsr.dll.mui

Filesize
9KB

MD5
700da1ef022aa71e778df1eefb3ed0f9

SHA1
bda5aca82c1a37f62c22ca58fb96bfa97770992d

SHA256
cc54aa9bf23094b0a595dbe0e2ce7800b6dbea00b7870929cde12cad497f3ad1

SHA512
7503fb301a49b275c2c48937dc88d739ef10dde5493e7a5c76a348423a7986ef2afb7fa6dcc3bf44d7ffe6465a3b29080e15a19055ce9b08ae694e554af83b88

Download Submit
C:\Program Files (x86)\Common Files\System\msadc\ja-JP\msadcer.dll.mui

Filesize
6KB

MD5
10086a7203a98a57afb54cea8a4ce840

SHA1
d7d098ef7b5484852988189693d3720eeed924dc

SHA256
8f999c1930a18ba7064bf4388266adcd29e81f3528b74e18bedd1ee4c1a51382

SHA512
6f803a0922b8dd81eb224e566d3634659b1cf1a27b8cb27173604e8c95a8d494bdc12c5b8e798ac996142396a80d0c319413006087a484caa7911e4e6a207a14

Download Submit
C:\Program Files (x86)\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui

Filesize
6KB

MD5
aa9283d86ace59b0d3567a22a7d79a26

SHA1
acf183c3337c0cce985245654efce4a427864dfc

SHA256
ab09d4d287b2561d936fa8c4028f0e74fcee56385754af0d078736be9ce4d80a

SHA512
edb93c4f104deafc7b431ecbad2138e88df00572155caba898061bcd50996fb521ff66238792cc97ff47c6bdbde489a4da152311027137208b5f00bad5d60d1f

Download Submit
C:\Program Files (x86)\Common Files\System\uk-UA\wab32res.dll.mui

Filesize
94KB

MD5
14d10dc59844971ddc2983f93ff927a9

SHA1
640ae3888c65220ac418fbd90bd55c4a25ea71a2

SHA256
0b411a579b0f69bb68244ae877df1a68f5334c8ebea396b05331a1f0dee5d88f

SHA512
72c008cd86a78cfc6b478e57064813da17c61f22eff580b3cbd38e6e4d04a9bbd5907079d7aa60c4a9adecf270fc24781fa996b6b0b750fba3d2785342a57821

Download Submit
C:\Program Files (x86)\Windows Media Player\de-DE\WMPMediaSharing.dll.mui

Filesize
3KB

MD5
5f16bf5f4020d12fa1d96febf6e23cae

SHA1
e64c1a680dd684eec720e794d600e7bfa791ab59

SHA256
5b26ce0becbf5dba4995f49c6b0f51292e6f57556f73e9950fc51eeef9212b0b

SHA512
606cd920a61ec78bff065db9dd58504acd975dcb3d9311c64016d4f8b5ed6108c0e923d4e619a6099629499438e84e45188e7616096cabe7623125d589211828

Download Submit
C:\Program Files (x86)\Windows Media Player\de-DE\mpvis.dll.mui

Filesize
3KB

MD5
779342fd72a48798af70a09914d9b229

SHA1
2bf08245672ac8fde29e1e85b98dfe46567da409

SHA256
7f5d8dce14a104a47ae2675d0dc63e5171828cbcfe6486128f888a51442413d2

SHA512
06564da8f9b2829e45f64a7890c07fdb102aa347b879888e0da2d3c7a37434bc1b23157ce5e3a1f6b99349cbf70b3cb69653a6ac2191fce32a6b77364d4e5087

Download Submit
C:\Program Files (x86)\Windows Media Player\de-DE\setup_wm.exe.mui

Filesize
61KB

MD5
f920f83b875f2b9836839d7d1d4a6b5f

SHA1
8bdf76781d52f41e484878c27faf268eb8b16d66

SHA256
1b197ee83ce543845de26f47683da038bc033aefc13958684246890f4c827267

SHA512
53d6c68f387131f5a6c5217f824872a415e463301587be575d5e7dd2bc7bd5b2226de75f4eab4dbd067d12f9bf9bc7ceb5c7c984e1cfa9bbcef247be03d3ee27

Download Submit
C:\Program Files (x86)\Windows Media Player\de-DE\wmlaunch.exe.mui

Filesize
2KB

MD5
b42f100f2d6917eea6501325001c71a8

SHA1
cb1930c419f2c7d7b1cf7f3b47a2cb824f315e98

SHA256
8dcca95d13373a56fc599ed90cf950d5fe741152401cc51da764373c68503e16

SHA512
90048f58d8f894357936615c047963336c53d68677b8c7c4eabc17bdca894b1b454f384d3993c49298cf493252530125b9073e1071a26a7c337770f14f49f679

Download Submit
C:\Program Files (x86)\Windows Media Player\de-DE\wmplayer.exe.mui

Filesize
3KB

MD5
a26d0db5c1575a7e705fc6bf670ae65d

SHA1
4fd2733b0c5537dde7feb4e034e5ef6ab49b14d1

SHA256
a64e453f058cdecc58396b1280b10d911699398ce45e0619c334f75f860970c0

SHA512
cd54c1882dfb5c9dda8bb371679d99cb4c2ec24f13581ecb282a3b7aabf02e95a771fcd46562e6ee3a253a44d17ccdd15bebb600858ada95ec09092881c05562

Download Submit
C:\Program Files (x86)\Windows Media Player\de-DE\wmpnssci.dll.mui

Filesize
4KB

MD5
487c7952e8d5536a9e4078c25dd121a1

SHA1
3fad8afb8785ec93ac18c352d3b1545f1bb2e9cf

SHA256
447c612b17a0879a9efb2d18ad838b94a7194e70ea6dec2a6fe71bb449cb8315

SHA512
e837fb5d15cc38e0744b29e2302f35ccd2ed7166b00702ca26bca4894f35a92126a2d55772ef39dfdc1ed9fa38b7c31db8a6a8083bd909091254184840eed5c2

Download Submit
C:\Program Files (x86)\Windows Media Player\de-DE\wmpnssui.dll.mui

Filesize
3KB

MD5
abf076980ed33f916cd87249bd08c6ea

SHA1
345362fb9cd512465838036ad0dff0c140804e19

SHA256
2ac45ec1331f2be07b147954c1f149dd49211ee69f0ffe15555f50c3aad2e263

SHA512
e1e4e245af0a7103c4dfea500ce448d3625970019df9a98f21bb9460089e7664a4e3e6401f965d68887d6e7f578ea6cefff30d5870d38f8f903ce7d4fdc60334

Download Submit
C:\Program Files (x86)\Windows Media Player\en-US\WMPMediaSharing.dll.mui

Filesize
3KB

MD5
6f6181a1a2798dfc08fbca3e7ebbdfdc

SHA1
38924ebb1c8a58b4c30d7218ef8aca6d02ebcd4e

SHA256
3ad9fec8838441e1280864f85d1e11996703beeedc0fcd1d31b5392305ce9374

SHA512
729deffd78063ae3550b6a3c1c9265ce1ab368c041783cf23b68b3ca9442e2073936d085a8be11182a9abac539a39d439104e2ecc57d67e6fef75d3c81c76175

Download Submit
C:\Program Files (x86)\Windows Media Player\en-US\mpvis.dll.mui

Filesize
3KB

MD5
eab1a9a009cc7dec5f7cf6b0feb5bda5

SHA1
439e0b695cc7a337d67e33d290e31b9fd483e10a

SHA256
3c0812aff2a66131c214d98e254bc5b707973c91831e0da249a8a2ad9e71c767

SHA512
cce117f5471e500cdd0b1fe97d976bb61777cf17e7dc68a4888db87457b1ee253a9705194b51f740e87e4383b0e07ac123f897c3c1173c585e1b1027a5466dd2

Download Submit
C:\Program Files (x86)\Windows Media Player\en-US\setup_wm.exe.mui

Filesize
53KB

MD5
dad72e281a04173018cd5b235db24e98

SHA1
4305326b8993366eaff2cedd93c6bb3fe1a0cbf0

SHA256
fe2b16f7b799fcc6d63dbd079e42acd05fc306ef5e41ba3a9eafbdc898e778a2

SHA512
cbd2576f3bedd65295130f55fba7a09f555bed1820d19ed580a9883ac26b48d5dcbe6af9418817582fc5fa760c764f21368010604dcaf4b324829853484f6f95

Download Submit
C:\Program Files (x86)\Windows Media Player\en-US\wmplayer.exe.mui

Filesize
3KB

MD5
0dc31bad6d81ed5c99c46dbb828c798e

SHA1
0069dd8490a9aa3c194fd2c666da95c0896ca95e

SHA256
e5ef680c2f90488824330d215b6820d39c877f1252a9f8de351a065f3720df3b

SHA512
1508f22213d62e90b3d93e3981f2114a8ab4d8f8fce7875cf7b55d9ed0a57c57c26a00fd727be959b705f0151546ea459efd627defbee6fb4df41c0b1181c2e0

Download Submit
C:\Program Files (x86)\Windows Media Player\en-US\wmpnssci.dll.mui

Filesize
4KB

MD5
14d814cbe3aed095a219992a705d6ec3

SHA1
cefea71f2743f62074e17d2352ebd7e603ac0ec7

SHA256
43e0b75681f24b49640c335d1d5a9b40d1cd4edb912e30ea9bcc75a1310f5562

SHA512
eaf81d93ad6c0a505e8e4d146461d40b77e3ea0a144d87b99f46cb4c4ec340e1d31a5893f4b94e66db1e2573c1211874bc21dbea50ecb653cdf83bb98585efea

Download Submit
C:\Program Files (x86)\Windows Media Player\en-US\wmpnssui.dll.mui

Filesize
3KB

MD5
f85815f124e3a32dcab0e75a6f1e366d

SHA1
0c1ddf90b241cd4393dabd10efb676362642dcb9

SHA256
69afe11346f891aa90c7a535cba7b45d5ddeb105d0996e14be282aee310d619b

SHA512
92c3072c8a5933692fb0f3945053eb3c4a216388a6ea2afd4eb10e15ca7aa5ecb4b4f6d3d618ddb3e3db0c9bb2c1ce289f51f5f2f2646c7d768df042142eb3aa

Download Submit
C:\Program Files (x86)\Windows Media Player\es-ES\WMPMediaSharing.dll.mui

Filesize
3KB

MD5
f8b6ad015cb6b4c3efb9c58084ceaa09

SHA1
c54afb80e79a47fe08d3e08c8378e6682f78ea2c

SHA256
76390dd328c90b05518381c8c7978e4d1c42809c0eed76db1e9d282e060a9738

SHA512
06f44b249c9b708e02d90c5e548cf411bc47a741b97e490bcfa24055153265b85c4bb63c30d756218b009200e5f6c9c9e9c77d79d71248262fcace71f71cd0a7

Download Submit
C:\Program Files (x86)\Windows Media Player\es-ES\mpvis.dll.mui

Filesize
3KB

MD5
23942a3b82c7d9732ee5aecd89082b2c

SHA1
5ac37899ee496aea94fbecbe3917586690ba1a3f

SHA256
e2865c7081d554eea9bf586a730bd0db43f87eacca90ef595d27389a796d7e86

SHA512
c8db72b2afd1b7220a9e52c0c145bf74dc2cb01ce78417bb8a37d6c98f4a9bb9e244a0a01373199d310cce0855209a559b93dd3f0b52dd28e410a5e76e7bd22b

Download Submit
C:\Program Files (x86)\Windows Media Player\es-ES\setup_wm.exe.mui

Filesize
62KB

MD5
a94ebb20af4ca824b42524817ff28f8e

SHA1
47c92e3cbc69f5490f9a19beeea16db8046947f6

SHA256
396011ef440357c5c853580f6ecea5851c760489713a7556fe93726b45626d65

SHA512
f9a13281e1f6b1bd444768ac1985fd3b26ab1ec294d3b49c58039b0dc0d9f8fc5e7e50fc5ddf9dde5c86586adfdf41d930f3e098ad4eb9f71bd6b5bc6e455e14

Download Submit
C:\Program Files (x86)\Windows Media Player\es-ES\wmlaunch.exe.mui

Filesize
2KB

MD5
48a5f7b85077a726ab721aa01204e50d

SHA1
78f3ac635ff0d885c380903b21b5e5624e791a15

SHA256
edfd2f1399327801a32a34e044601292c8f74e823b60788459cfa4aca847c53c

SHA512
267b4d9966d51a4045a2b0fdaac816f7b55ecf44f8abf7127978ff4f46a6f515a787d636359c92a36788b999b40be4bc56104e83a7f14494e841791f849df6b3

Download Submit
C:\Program Files (x86)\Windows Media Player\es-ES\wmplayer.exe.mui

Filesize
3KB

MD5
b0ab7baab634ddf5faa900ec45a478e7

SHA1
2a6169f716d56745edba10a313fa583bb1099070

SHA256
fb36f96d94cd06511d619267fd93f57dc5ba919215b86e07febd2d06690a496d

SHA512
4b0df5c94d289c356820d3393c537f5fb507cb52dc011d404efea88f598c277d8f470215bb3fcb2fa18640d592db8ad97424471542ca606277810535ace04405

Download Submit
C:\Program Files (x86)\Windows Media Player\es-ES\wmpnssci.dll.mui

Filesize
4KB

MD5
914907a6b9932264ac8b3a32561ca0a2

SHA1
0973a200cc249539df23049caa58df90dcb8a626

SHA256
cfe951fff7853da8993fb5da5053c09aff59da023a068dac181b2b1e9422f959

SHA512
0d5dbd89214e07c50fa1164ffededde8c6258e97ca16817b0a3564f87a5f796905e33cba994033a724d4ae2e9aafc9dd14856ddb06c0ec12d762e9588ce22aa6

Download Submit
C:\Program Files (x86)\Windows Media Player\es-ES\wmpnssui.dll.mui

Filesize
3KB

MD5
5f307d9276cc528ee05c1b7da5474933

SHA1
ba76ab9452cbb3e7a66c66f48a0c6a8c88d4591b

SHA256
cfa6477878ab0f2c9cbfba2fee831018dccb2587c4f1f3a0dc5bf76f94a5c855

SHA512
671db4fc33aeb934ee22a697a4bb16562ae3f046ac4e8f1c39cdb4993fb8fff5c222606c7994a98b4f9938a87d5cf711792e7425b474b7d01ee872fcdb5b5ba6

Download Submit
C:\Program Files (x86)\Windows Media Player\fr-FR\WMPMediaSharing.dll.mui

Filesize
3KB

MD5
6ea0471f41b1787a35c0a3a8b600de96

SHA1
f0c196e3bc8d7ccb4b0bb84404843bc6f31ddae4

SHA256
2cf10064c5900223273b1897255521158408da0544d34b6d77f6c0290426c4cd

SHA512
49a23eed4092b08da5d040bee04b05ada01b1d7cbddef7ec493fb10469b59b6268b16f9f9e0008374160ab48fc25df5c3079a73b1d30dfd7febbaf39693c9db4

Download Submit
C:\Program Files (x86)\Windows Media Player\fr-FR\mpvis.dll.mui

Filesize
3KB

MD5
e63f7fea8c0023db9ccf63ead83b770a

SHA1
dc605c8df5dfe098f8c9f5362de4bd9696f1ff48

SHA256
b67e657e4dbb9ce0fb0d106348d625f93209e3cdc4f8f63324ceb1daa75e6223

SHA512
7bc3cdaceb58227bd5462f2524f20f7fad91ab57fb619558b67bba38ca7ba418874457e921fd77ccfd0b59c775a4cfaad3870e8415c2e5165c4bda90511eb3ac

Download Submit
C:\Program Files (x86)\Windows Media Player\fr-FR\setup_wm.exe.mui

Filesize
63KB

MD5
1711fc719655c59ee29c07418dfff2dc

SHA1
8777719dc8d6ee3865adbfe3b91dda64f8014150

SHA256
697f14dbe36c629f8c6e155d7a4fe3dd064fb3a7a3cc671225aa91c04b6e667e

SHA512
4a8c71b3f149fb40ad999fca447e2222b629f25cd748eb2e0a540d2d548efed0162ad6b06f9a35fe55592f62728b54110cf67ae425579406d40de362f375ce04

Download Submit
C:\Program Files (x86)\Windows Media Player\fr-FR\wmlaunch.exe.mui

Filesize
2KB

MD5
a58d9344dd03d1f249e2d5571b6554e1

SHA1
1fc88cf08de26de251711c3d28cdbd9b23a11ef6

SHA256
8ac5e9e1399decbd10d8989f63b514e36b1ed4b6de7ca21341e694f43ef3edf8

SHA512
70c18da6b7a39976a41648b53051b0806c55bd1a247fec884af8736d29658f67e5b29a88345632117c2e671c1e7c1f56fbf05e33fde533d75d80c9bf31aa9ea5

Download Submit
C:\Program Files (x86)\Windows Media Player\fr-FR\wmplayer.exe.mui

Filesize
3KB

MD5
29f0bceb35d7e2700e36e1d858afadea

SHA1
3891d57339ee519297e8ab9d72f1ebdd949401ee

SHA256
7910a7db9c4ae7906d96a3740e981d0fdf55ff420b7d350c4c68319e5559b6d9

SHA512
358995d49153a458db1af73898aebbb51c2d3cf6f3de37771bef77df0e065e8bfe8f074219cb441d0b80e02454a0bb6d51c4d940a14135ed7f92935641efd1ac

Download Submit
C:\Program Files (x86)\Windows Media Player\fr-FR\wmpnssci.dll.mui

Filesize
4KB

MD5
fb54f095cc498bfce224d6e16a4d365c

SHA1
019dfd53682685ffdba319df7e200a53da26403b

SHA256
b64ad983003bfdc927d5b78cddd930355d272c32a456f1a495b0acdd14c52c3a

SHA512
86609e46d01dff22382185860c74a855b8c077246261963ed92f3d1d9110e7c3bf8fde864eab1f5935d9a11976bc3ff4c702bccece8ebbd4efed311206ef31c5

Download Submit
C:\Program Files (x86)\Windows Media Player\fr-FR\wmpnssui.dll.mui

Filesize
3KB

MD5
6c97d27a34a3710cbe58f1ea45d7b12e

SHA1
839b73559cab549d197f68088b068186dcf36dd2

SHA256
57b55b961d9b6cddbbed8ed0768067d86e0d68557ee7ba468c3211ab3c88ab5e

SHA512
d41f973639d942943d398efb407d84526ad705e9a5def9cba74eec1ae48ccad252df2f4fcf6f85756ae0958edbebacad0f7b3e1fa508e550d67ab28abe7b4640

Download Submit
C:\Program Files (x86)\Windows Media Player\it-IT\WMPMediaSharing.dll.mui

Filesize
3KB

MD5
2f05009d4357bc67be6e536b4681b33d

SHA1
5db33b89cb2a4b75370d57bf52fe98bf2c4bd060

SHA256
8c50b70dfb11b802b33cda6c0df1b9c1b0a3bf47d63931338b8d6e45c237fef9

SHA512
adeefc478b6e05e0bb6e7e7c05f8fc1308163d0bf53ccfbf434c094f64f5d59de09a382d4108aec80faa57f8cdfb9ccb32682475fee1aaf754741e2fe1472c74

Download Submit
C:\Program Files (x86)\Windows Media Player\it-IT\mpvis.dll.mui

Filesize
3KB

MD5
d454a06fdc1fde1f1e6b73832899492c

SHA1
543ad3ea303f44c519918336dda1825698b6bc2c

SHA256
8f17af3800a43f2fc0748140e4d765dd7b2f5f36a0412bd76445fe8dd3eeb382

SHA512
3663eab9341a7d5a5e2648a0629aaa0f113ff09dcd2100df3336cd3476a6409a13269d0a6efa20bc6261977c324e1763cd028ae528197d11ecba34ec89ab708e

Download Submit
C:\Program Files (x86)\Windows Media Player\it-IT\setup_wm.exe.mui

Filesize
61KB

MD5
c7b6b3d94de0b0723bc1f01aa9128531

SHA1
ae4c27b5791a8f188c3871d4ef85f9d78442f546

SHA256
60926703acfc61eedc2ba4e15486c65fa380b8718045ca0fccdc52ff9c54856a

SHA512
75950b626f0d4a6fb660a46305e4965af204b108184540b3d1b398385c8db95c6fe10a6296edcb120952f86ff63cc0a7cd8d20463e2121f7e825909dc6b92810

Download Submit
C:\Program Files (x86)\Windows Media Player\it-IT\wmlaunch.exe.mui

Filesize
2KB

MD5
13f31fd6fb7c84d31d445082f0c7c026

SHA1
50a5e40841244596f8fcf9a6f704103b3df1870f

SHA256
9fba05d5802a1d80de3f3400084150d9c582b6876ebbc6daf460fd780bd7a70f

SHA512
9d65b518f0b8d507e0c9d2f2e138be656fe41f89cf597ca31feb760b0f66c1f5211dec59f1195c850cfd2df2011b3b867239fbf8bfc911ac290d58b7d692c588

Download Submit
C:\Program Files (x86)\Windows Media Player\it-IT\wmplayer.exe.mui

Filesize
3KB

MD5
df79b6dddeca16253f75697aff79f082

SHA1
6ef84332902a6be7ee29176aec484aa0e235dec6

SHA256
5f0472190fe46b02e84e1fc5504150b3a967f2b8691816a57175d18d500c8388

SHA512
c9fe33177a409652208f97fc9330c7b49e848e86cd32917f683abefa004790b42c55ae97793f85f095769691b3a43e5a93bdcf42e6e6477611c35e5dd40d92ea

Download Submit
C:\Program Files (x86)\Windows Media Player\it-IT\wmpnssci.dll.mui

Filesize
4KB

MD5
00074680cb3b8411f5511b38d0a001ef

SHA1
29ca0def90fec5132236acf13126988a5eed940c

SHA256
1f9fe6c0a3a35ca1a9dca9119b4ae3250a57c10f745c4c17ea25227eb085570f

SHA512
03fdae557c0f241b1dcb45eac2f4c5a56be67b463f170a0f2e6fe98f9225a4811a1fee06ca1a27c88ac54cf8ec4f71ca5b9be477bb53bee9e304e36efd1f3398

Download Submit
C:\Program Files (x86)\Windows Media Player\it-IT\wmpnssui.dll.mui

Filesize
3KB

MD5
87922c429c177b60e159ad3c82606e8a

SHA1
d72d6bd4975da1f2d12dce2982631cc7126b5ae1

SHA256
69d12a4c56ac7702b290ed293451c7902d38b27529e8093f9fbe45d0bb3fbe4e

SHA512
aa4a7f0d0ff52a0d911ee70559d6fdaac716a0566b27b70d81c2942c8e590392884163bf21583728e25c5f26ba9a2f0f14fb9e9aef97a072f9532d9e9ed15e67

Download Submit
C:\Program Files (x86)\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui

Filesize
3KB

MD5
883d2bddd312a83d560d96627c7f6a80

SHA1
48ac104b5672fd1f84202c813f8a20bdc2f7ebf6

SHA256
d344c15c22cd00d930ba02f84fa6070aafc4dbe73d66f8252f0496f210462615

SHA512
a6981200c4551f88b8f05dc648b1ad44e22b86292a936f5280848d14f6365247cacd5fb1d2737d55a42a3e90daa8617f1fababfeb33f90e767c18c2a6fdff30b

Download Submit
C:\Program Files (x86)\Windows Media Player\ja-JP\mpvis.dll.mui

Filesize
3KB

MD5
5be0132adc663b91fc85031ff1420d06

SHA1
6eab457e70efd9fefc3638429081b469e65d53ac

SHA256
5ff5d6480c7f1efe622446716f645d85fbc852aaacf437636af06dc9902a3380

SHA512
1ae0698aaa3c5ec06e9562f4df4568c1ecd3ef63940d8ecb63b22adb13e2ee50576f45aff03c77c2b2d5f40b410507e68eafb36bdb977c390fc3fb9f96d02009

Download Submit
C:\Program Files (x86)\Windows Media Player\ja-JP\setup_wm.exe.mui

Filesize
40KB

MD5
9fce5f7f15149615142e569ab55bb84c

SHA1
0c668d8a2a6b61ab2f6f92d4ddf6ac6df5fed78e

SHA256
82f11c064d4629e01e0fe12f9ab45e772d52ee93a4350f31c8417568bfefc4e0

SHA512
48ae4b5d3c8efefe3745ef170c04882f4b584c0ad5bee32b9c1e5e49981d16d99a235841de0ee850e7d8183242a525ba605ec72aabd1e82a1d89fec30f65a431

Download Submit
C:\Program Files (x86)\Windows Media Player\ja-JP\wmlaunch.exe.mui

Filesize
2KB

MD5
0b8591fca99467fc21f19a21e7ce905c

SHA1
cc499ec1c75dcf34c255aad0efed9ad37e37cac9

SHA256
e8ed66ed2fab370555e5d7f9d52ff67afdc41382069d8711f31b086c9d665ba3

SHA512
f69c9222911a882465edce2bb1885c691f69384bd895739ddc1250eea9001678343b9227ff61b268166e4415a4c72a039b5ecf7b34dc2d531ce945ea5b1dfdad

Download Submit
C:\Program Files (x86)\Windows Media Player\ja-JP\wmplayer.exe.mui

Filesize
3KB

MD5
cc5a932d950d202440ac8c0f26be6b4f

SHA1
ebfedc6934cbe47a99cf4d593708838be42679ec

SHA256
6c894adbdbee4e5d248ccd87ad8e301113bdfd194012add3af9451df502e43fe

SHA512
f9f643411898c4ec08ce2f594d4dcc69a6f6b576495d83ec0519e22d8f121de58bcb6cd32ca44a9c011742b2f24242dfc92a9d1a2af585b5ffbfd9ddb7101988

Download Submit
C:\Program Files (x86)\Windows Media Player\ja-JP\wmpnssci.dll.mui

Filesize
4KB

MD5
b3170cf55d3b1acec7ef7b89a54c6951

SHA1
45453a0896068a8a376b8c1ffd277bd3c0fc6d0d

SHA256
ce4d1967716581fc55e41708a0cada37b3a44914044ee096a7cabea6d6bd106e

SHA512
aeaba11ada84efdfe58b4d3ca740b2bd7d64c9fd42e589c441b569d420cd277e53be8f0445bddf86605472fbbcf234566ab7b3ef0c4948f65d4b168b42923b00

Download Submit
C:\Program Files (x86)\Windows Media Player\ja-JP\wmpnssui.dll.mui

Filesize
3KB

MD5
c812a5b85c8b21719f28d300fc6a9ad8

SHA1
b2001161a630eaa576e75952c830ed21e50f5a7a

SHA256
e4379571d0a65e6ee8da315454af9c7cea934d213e822884a60d321c80235b81

SHA512
2f0851ab548aa17bc0287120f153ddd8988fd83c182580f1a863d0f6b2f44ae2f574b473f3454b09620271a15cd5094ec283c6cb6478da1aae34c630605265b7

Download Submit
C:\Program Files (x86)\Windows Media Player\uk-UA\mpvis.dll.mui

Filesize
3KB

MD5
300a65cbe204afa3191da14fbf97ad42

SHA1
ef08b1f1a5980f328db7433d8710e97d0d33a2ec

SHA256
1028c02480c56c8fb330b1b6f5e2dbc470f335da7cccf0bdd911228a307b28dd

SHA512
6134bac20a64adb8d0395797e7e8cb9a7d7a26c86cbbf4ced1746110507727c16af9b710897a5a5e3ef1dc5c427a0cb532b7f19dd01b8f77ff52f4f35defae2b

Download Submit
C:\Program Files (x86)\Windows Media Player\uk-UA\setup_wm.exe.mui

Filesize
56KB

MD5
d2c0b79989d8719e6cfb6d6c35744698

SHA1
a19baf6b61194b3cfee8e9a5763b9569312f2f4a

SHA256
893431949a4df9f98a483c5042ccca2948d32f57ef9d8bbe2b6574fdbcdd3809

SHA512
500b4276cab2b78527a66a7fb1960863a2dd8f81b4648c162702bc2c5321097ec9a794951679de62eedccbb5f10b08d89e423c7fab7c20894f7544827ad48a00

Download Submit
C:\Program Files (x86)\Windows Media Player\uk-UA\wmlaunch.exe.mui

Filesize
2KB

MD5
10e9f64281cb89b2119d9bfcc4e6e2fa

SHA1
0f1e1e9149d2641ba44445657558fceb101bd0ed

SHA256
9fab3576dc97642ac6c5aa4fb5336bae61be30a01ff35e1f02f988af3852f80b

SHA512
3018787e84a7f11e14cd1c1fd29ed1c567f283015a80d42251a15c61e27d7dd874e2651a30a45694d646c533186931ff13858200a03fc07cf242ec420e998996

Download Submit
C:\Program Files (x86)\Windows Media Player\uk-UA\wmplayer.exe.mui

Filesize
3KB

MD5
023f455a5f1669cc0845f9fea63f28c0

SHA1
7569966010512231521f3b14210c2159b9e0150a

SHA256
8191b672bb4c75e03f034966f7fa15db0a0dad5163f7ef7e8b666b9ef940ef1e

SHA512
bc79b60424d9f7b934bc93fe320a4c23adfa8e7142a5b4bb9a8a594e8d5c1bdf74df320e7b158caaba44a4a48648dab85138dd1babc768148f24cbc89a3c8c95

Download Submit
C:\Program Files (x86)\Windows Media Player\uk-UA\wmpnssci.dll.mui

Filesize
4KB

MD5
bf87f15959d8959695f033b8a067d256

SHA1
d296d08b0d4c7d37a1425226916c74cb8a32031e

SHA256
6d06efc99018fdbd8db11fce3898b5bf7f73b788935c3a82d36d76fed7acd55f

SHA512
a3e797ba5648d61cc209cd5e8dc51458d290b59cb5314e16fd2221ff026858e282ef7e14c9cdf0682a06610ff1baef1018c384d7214da1307c55a0f67243330e

Download Submit
C:\Program Files (x86)\Windows Media Player\uk-UA\wmpnssui.dll.mui

Filesize
3KB

MD5
bba9f1dd214ee4e3b9e7aa865c6d1491

SHA1
7009649c3a16c34b03c9d30ea3784c7a95982494

SHA256
15b3af0ac667b20e42e7ebf00fb503ba7e662ffbd4742cbde4a8f46a5cc2ad8c

SHA512
fd0ae509e365c02112b04fdb95f475df6814d1dd22aed07af16681065f21de5bedbeb83354e9aa808c95ec963b2c5925fb36a52d4a1c6b5f2f02e792ce600b70

Download Submit
C:\ProgramData\Dominik_Help.txt

Filesize
543B

MD5
51f91dadfe4357fb7230949938d4786d

SHA1
b020f84574d8810a275ed4ae57e945df838316fc

SHA256
0d67b4686d72fa7f566443e4636c7f116f0e5716b4f9002125e359151139520f

SHA512
585ef6bae2dd2389ebb8d0cd2face54879e6589da8899ef446350c3175a179253006a3e035e34ef675087567ece327d70ca9cfc39092f92ca23598b4e02ce1f8

Download Submit
C:\ProgramData\df.exe

Filesize
6KB

MD5
39728325879572ffe56a194319f2731f

SHA1
3898a219352dd3aedc54ff924b01317107c9ce2f

SHA256
8e3ff1907d973d91167c2d74ac8414496d7f430687eef52e3201721e01513761

SHA512
7d80af3e2df1c02bfda76e5ada4b4ce25921418cfcd7f26434293e746968f4187f6c9cf5bbb1c7c4703117eaabdd958700f7b1cefcfa44bd11afe95ad7f1599b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
968cb9309758126772781b83adb8a28f

SHA1
8da30e71accf186b2ba11da1797cf67f8f78b47c

SHA256
92099c10776bb7e3f2a8d1b82d4d40d0c4627e4f1bf754a6e58dfd2c2e97042a

SHA512
4bd50732f8af4d688d95999bddfd296115d7033ddc38f86c9fb1f47fde202bffa27e9088bebcaa3064ca946af2f5c1ca6cbde49d0907f0005c7ab42874515dd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
16KB

MD5
e8dc9575823b20a75200d617d373e3e8

SHA1
da31bffa2d971a17d37709cd7211672b4ad31acc

SHA256
85505c66a000ae65802acc4dbd404bb11e3d2b0690a16bcc4beab2a0f1b881c3

SHA512
9826ad562209aca4c51c168a991b3ef4374e782850df92e6323a01077132b3384f08ca93d4ac29999f47dc5cb80bd6e9a56b59635fda134c03a525635fc56189

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat

Filesize
13KB

MD5
a73830aa40a1c7ca00fe68ee4cbc4bdb

SHA1
f946b1c49d7f149aa0bfadebcc2d71b5706c275f

SHA256
47c4c606547ed578741b498eeba643d1f33b76b76629c6b59f4e0e422e440960

SHA512
72056ae81b6ee9e2d0719fb2ad1200f876d2c265ec9aa91f05aa62b9bc5ea5b1f2bcfc25e12ce2f8e338633df32b580791b69530e73b73ac3f344691a3f7384c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat

Filesize
13KB

MD5
800c619d129acf489f2281442000c361

SHA1
08a47fca4c09d04547c58e0781bf59531d70cfd3

SHA256
8933465438adc5c5193eb7fbadd6c6e7565d2d460fa517d0bc8f21cee49f4a65

SHA512
cf467ba93136084d23b3ad4df5330c028ecdb3e93500196f57c134a7bb3719fe2d4fe0e0f378e8fe10937e9c02cca4b4192b6e54d6a18721ced257478ec12092

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_s23w3020.ohq.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini

Filesize
129B

MD5
a526b9e7c716b3489d8cc062fbce4005

SHA1
2df502a944ff721241be20a9e449d2acd07e0312

SHA256
e1b9ce9b57957b1a0607a72a057d6b7a9b34ea60f3f8aa8f38a3af979bd23066

SHA512
d83d4c656c96c3d1809ad06ce78fa09a77781461c99109e4b81d1a186fc533a7e72d65a4cb7edf689eeccda8f687a13d3276f1111a1e72f7c3cd92a49bce0f88

Download Submit
memory/2000-1427-0x0000000007060000-0x0000000007103000-memory.dmp

Filesize
652KB

Download
memory/2000-1537-0x0000000006E30000-0x0000000006E4A000-memory.dmp

Filesize
104KB

Download
memory/2000-1393-0x00000000063B0000-0x00000000063CE000-memory.dmp

Filesize
120KB

Download
memory/2000-1298-0x0000000006370000-0x00000000063A2000-memory.dmp

Filesize
200KB

Download
memory/2000-1993-0x0000000007420000-0x000000000743A000-memory.dmp

Filesize
104KB

Download
memory/2000-2016-0x0000000007410000-0x0000000007418000-memory.dmp

Filesize
32KB

Download
memory/2000-344-0x0000000005E60000-0x0000000005EAC000-memory.dmp

Filesize
304KB

Download
memory/2000-309-0x0000000005DD0000-0x0000000005DEE000-memory.dmp

Filesize
120KB

Download
memory/2000-202-0x00000000057F0000-0x0000000005B44000-memory.dmp

Filesize
3.3MB

Download
memory/2000-1529-0x0000000007790000-0x0000000007E0A000-memory.dmp

Filesize
6.5MB

Download
memory/2000-136-0x0000000005760000-0x00000000057C6000-memory.dmp

Filesize
408KB

Download
memory/2000-131-0x00000000056F0000-0x0000000005756000-memory.dmp

Filesize
408KB

Download
memory/2000-110-0x0000000004E10000-0x0000000004E32000-memory.dmp

Filesize
136KB

Download
memory/2000-1325-0x000000006F800000-0x000000006F84C000-memory.dmp

Filesize
304KB

Download
memory/2000-7-0x0000000004F10000-0x0000000005538000-memory.dmp

Filesize
6.2MB

Download
memory/2000-1609-0x0000000007170000-0x000000000717A000-memory.dmp

Filesize
40KB

Download
memory/2000-1681-0x0000000007360000-0x00000000073F6000-memory.dmp

Filesize
600KB

Download
memory/2000-1722-0x00000000072F0000-0x0000000007301000-memory.dmp

Filesize
68KB

Download
memory/2000-1932-0x0000000007320000-0x000000000732E000-memory.dmp

Filesize
56KB

Download
memory/2000-1957-0x0000000007330000-0x0000000007344000-memory.dmp

Filesize
80KB

Download
memory/2000-0-0x00000000027F0000-0x0000000002826000-memory.dmp

Filesize
216KB

Download
memory/3392-10275-0x0000000006170000-0x00000000064C4000-memory.dmp

Filesize
3.3MB

Download
memory/3392-10284-0x00000000067E0000-0x000000000682C000-memory.dmp

Filesize
304KB

Download
memory/3392-10285-0x0000000070360000-0x00000000703AC000-memory.dmp

Filesize
304KB

Download
memory/3392-10295-0x0000000007A10000-0x0000000007AB3000-memory.dmp

Filesize
652KB

Download
memory/3392-10296-0x00000000065D0000-0x00000000065E1000-memory.dmp

Filesize
68KB

Download
memory/3392-10297-0x0000000006610000-0x0000000006624000-memory.dmp

Filesize
80KB

Download