f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053

Analysis

max time kernel
100s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-11-2024 09:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Size

146KB
MD5

06f96cb31a2b655835130a09387fb401
SHA1

bb27f7e6cb3102c017c44a5bf8d86c16641e593b
SHA256

f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053
SHA512

2caeba7d1404019e2d378abed794b97dd4d14c646c51d6a9950cd6b677afdcf10f7263469f725d23251e11fa0913f5126743c6255d0c32f1583dcbf1c7c13744
SSDEEP

1536:jzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xD11h0i9TJmr7kZd9V78ny3OxTIT:8qJogYkcSNm9V7D1pTJmr7ksy4IT

Score

10^/10

defense_evasion discovery ransomware spyware stealer

Malware Config

Extracted

Path

C:\xEJOHNVZF.README.txt

Ransom Note

Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm. Backups were either encrypted Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover. We exclusively have decryption software for your situation. More than a year ago, world experts recognized the impossibility of deciphering by any means except the original decoder. No decryption software is available in the public. Antiviruse companies, researchers, IT specialists, and no other persons cant help you decrypt the data. DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT DELETE readme files. To confirm our honest intentions.Send 2 different random files and you will get it decrypted. It can be from different computers on your network to be sure that one key decrypts everything. 2 files we unlock for free To get info (decrypt your files) contact us at telegram first . if you don't get answer in 24 hours then write us a email Contact information : Mail 1 : [email protected] Telegram: https://t.me/AzureShard You will receive btc address for payment in the reply letter No system is safe!

Emails

[email protected]

URLs

https://t.me/AzureShard

Signatures

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

Processes:

OfficeC2RClient.exe

description	pid	pid_target	process	target process
Parent C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE is not expected to spawn this process	1044	3700	OfficeC2RClient.exe	ONENOTE.EXE

Renames multiple (7599) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

3B30.tmp

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation 3B30.tmp
Deletes itself 1 IoCs

Processes:

3B30.tmp

pid process

5060 3B30.tmp
Executes dropped EXE 1 IoCs

Processes:

3B30.tmp

pid process

5060 3B30.tmp
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	3B30.tmp

Drops desktop.ini file(s) 2 IoCs

Processes:

f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe

description	ioc	process
File opened for modification	C:\$Recycle.Bin\S-1-5-21-2878641211-696417878-3864914810-1000\desktop.ini	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-2878641211-696417878-3864914810-1000\desktop.ini	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe

Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
defense_evasion

File Deletion
T1070.004

Drops file in System32 directory 4 IoCs

Processes:

splwow64.exeprintfilterpipelinesvc.exe

description	ioc	process
File created	C:\Windows\system32\spool\PRINTERS\00002.SPL	splwow64.exe
File created	C:\Windows\system32\spool\PRINTERS\PP046wbjw0y0gee7btcsehevxj.TMP	printfilterpipelinesvc.exe
File created	C:\Windows\system32\spool\PRINTERS\PPaje9lhmva8s23gkv0o7fkdi0c.TMP	printfilterpipelinesvc.exe
File created	C:\Windows\system32\spool\PRINTERS\PP206e9vzyco1jlqlrvhdi3l07d.TMP	printfilterpipelinesvc.exe

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\xEJOHNVZF.bmp"	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\xEJOHNVZF.bmp"	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

3B30.tmp

pid process

5060 3B30.tmp

Drops file in Program Files directory 64 IoCs

Processes:

f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe

description	ioc	process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\xEJOHNVZF.README.txt	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\uk-ua\ui-strings.js.xEJOHNVZF	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\dd_arrow_small.png	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-24_altform-unplated_contrast-high.png	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-125.png	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\xEJOHNVZF.README.txt	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteMedTile.scale-150.png	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\vlc.mo.xEJOHNVZF	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL002.XML.xEJOHNVZF	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml.xEJOHNVZF	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\it-it\ui-strings.js	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-us\xEJOHNVZF.README.txt	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ha-Latn-NG\xEJOHNVZF.README.txt	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL012.XML	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ppd.xrm-ms.xEJOHNVZF	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\bun.png	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeWideTile.scale-200.png	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-72_altform-unplated.png	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.targetsize-16_contrast-white.png	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\index.win32.bundle.map.xEJOHNVZF	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\it-it\ui-strings.js	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ja-jp\ui-strings.js.xEJOHNVZF	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_neutral_split.scale-100_8wekyb3d8bbwe\xEJOHNVZF.README.txt	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-24.png	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\SearchEmail2x.png.xEJOHNVZF	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\nb-no\ui-strings.js.xEJOHNVZF	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\zh-cn\xEJOHNVZF.README.txt	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\icons.png.xEJOHNVZF	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fr-ma\ui-strings.js	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Images\contrast-standard\theme-light\Settings.png	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File created	C:\Program Files\Windows Portable Devices\xEJOHNVZF.README.txt	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-oob.xrm-ms	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui.xEJOHNVZF	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ru-ru\xEJOHNVZF.README.txt	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\hu-hu\ui-strings.js.xEJOHNVZF	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-rdr-fr_fr_2x.gif	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\new_icons_retina.png.xEJOHNVZF	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\spectrum_spinner_process.svg.xEJOHNVZF	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-white_targetsize-64.png	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\Scripts\Me\MeControl\offline\offlineUtilities.js	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-36_contrast-black.png	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\notificationsUI\xEJOHNVZF.README.txt	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\msadc\es-ES\msadcer.dll.mui	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\css\main-selector.css.xEJOHNVZF	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_folder-focus_32.svg	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_sortedby_18.svg	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\DataMatrix.pmp	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-200.png	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-80_contrast-white.png	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.White.png.xEJOHNVZF	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\uk-ua\ui-strings.js.xEJOHNVZF	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\br.gif.xEJOHNVZF	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-36_altform-unplated_contrast-white.png	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxAccountsSplashLogo.scale-180.png	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\xEJOHNVZF.README.txt	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files\Windows Defender\es-ES\OfflineScannerShell.exe.mui.xEJOHNVZF	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-phn.xrm-ms	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-oob.xrm-ms	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\xEJOHNVZF.README.txt	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\en-ae\ui-strings.js	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\xEJOHNVZF.README.txt	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-16.png	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe3B30.tmpcmd.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3B30.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Modifies Control Panel 2 IoCs

evasion

Processes:

f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\Desktop\WallpaperStyle = "10"	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\Desktop	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe

Modifies registry class 5 IoCs

Processes:

f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xEJOHNVZF	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xEJOHNVZF\ = "xEJOHNVZF"	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\xEJOHNVZF\DefaultIcon	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\xEJOHNVZF	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\xEJOHNVZF\DefaultIcon\ = "C:\\ProgramData\\xEJOHNVZF.ico"	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe

pid	process
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe

Suspicious behavior: RenamesItself 26 IoCs

Processes:

3B30.tmp

pid	process
5060	3B30.tmp
5060	3B30.tmp
5060	3B30.tmp
5060	3B30.tmp
5060	3B30.tmp
5060	3B30.tmp
5060	3B30.tmp
5060	3B30.tmp
5060	3B30.tmp
5060	3B30.tmp
5060	3B30.tmp
5060	3B30.tmp
5060	3B30.tmp
5060	3B30.tmp
5060	3B30.tmp
5060	3B30.tmp
5060	3B30.tmp
5060	3B30.tmp
5060	3B30.tmp
5060	3B30.tmp
5060	3B30.tmp
5060	3B30.tmp
5060	3B30.tmp
5060	3B30.tmp
5060	3B30.tmp
5060	3B30.tmp

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe

description	pid	process
Token: SeAssignPrimaryTokenPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeBackupPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeDebugPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: 36	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeImpersonatePrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeIncBasePriorityPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeIncreaseQuotaPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: 33	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeManageVolumePrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeProfSingleProcessPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeRestorePrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeSecurityPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeSystemProfilePrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeTakeOwnershipPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeShutdownPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeDebugPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeBackupPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeBackupPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeSecurityPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeSecurityPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeBackupPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeBackupPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeSecurityPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeSecurityPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeBackupPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeBackupPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeSecurityPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeSecurityPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeBackupPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeBackupPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeSecurityPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeSecurityPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeBackupPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeBackupPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeSecurityPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeSecurityPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeBackupPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeBackupPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeSecurityPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeSecurityPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeBackupPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeBackupPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeSecurityPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeSecurityPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeBackupPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeBackupPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeSecurityPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeSecurityPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeBackupPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeBackupPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeSecurityPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeSecurityPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeBackupPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeBackupPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeSecurityPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeSecurityPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeBackupPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeBackupPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeSecurityPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeSecurityPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeBackupPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeBackupPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeSecurityPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
Token: SeSecurityPrivilege	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OfficeC2RClient.exe

pid process

1044 OfficeC2RClient.exe

pid	process
1044	OfficeC2RClient.exe

Suspicious use of WriteProcessMemory 13 IoCs

Processes:

f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exeprintfilterpipelinesvc.exeONENOTE.EXE3B30.tmp

description	pid	process	target process
PID 3292 wrote to memory of 2608	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe	splwow64.exe
PID 3292 wrote to memory of 2608	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe	splwow64.exe
PID 4352 wrote to memory of 3700	4352	printfilterpipelinesvc.exe	ONENOTE.EXE
PID 4352 wrote to memory of 3700	4352	printfilterpipelinesvc.exe	ONENOTE.EXE
PID 3292 wrote to memory of 5060	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe	3B30.tmp
PID 3292 wrote to memory of 5060	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe	3B30.tmp
PID 3292 wrote to memory of 5060	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe	3B30.tmp
PID 3292 wrote to memory of 5060	3292	f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe	3B30.tmp
PID 3700 wrote to memory of 1044	3700	ONENOTE.EXE	OfficeC2RClient.exe
PID 3700 wrote to memory of 1044	3700	ONENOTE.EXE	OfficeC2RClient.exe
PID 5060 wrote to memory of 1720	5060	3B30.tmp	cmd.exe
PID 5060 wrote to memory of 1720	5060	3B30.tmp	cmd.exe
PID 5060 wrote to memory of 1720	5060	3B30.tmp	cmd.exe

C:\Users\Admin\AppData\Local\Temp\f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe
"C:\Users\Admin\AppData\Local\Temp\f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053.exe"
1⤵
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3292
- C:\Windows\splwow64.exe
  C:\Windows\splwow64.exe 12288
  2⤵
  - Drops file in System32 directory
  PID:2608
- C:\ProgramData\3B30.tmp
  "C:\ProgramData\3B30.tmp"
  2⤵
  - Checks computer location settings
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: RenamesItself
  - Suspicious use of WriteProcessMemory
  PID:5060
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\3B30.tmp >> NUL
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1720

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:1120

C:\Windows\system32\printfilterpipelinesvc.exe
C:\Windows\system32\printfilterpipelinesvc.exe -Embedding
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4352
- C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
  /insertdoc "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\{23D84394-1939-467C-B3FA-280030CADFC7}.xps" 133759625011210000
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3700
- - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
    OfficeC2RClient.exe /error PID=3700 ProcessName="Microsoft OneNote" UIType=3 ErrorSource=0x8b10082a ErrorCode=0x80004005 ShowUI=1
    3⤵
    - Process spawned unexpected child process
    - Suspicious use of SetWindowsHookEx
    PID:1044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2878641211-696417878-3864914810-1000\EEEEEEEEEEE

Filesize
129B

MD5
c2d12c00361270a0ccc905cf57074f2f

SHA1
69e06123ffe4b4e4022fd4dbcf071ef540e1c028

SHA256
b23cf5ace891d54db974ec6c023e58ea97dc47f715cfbf82afc81a1a91f08e53

SHA512
0523c7aae8d97fbccf2c57f49a6dc2f07fd24d55197c4bff3522364c72e8fa47eae887bf1be399ce3f9a1ce558117c0d067de82701d35f90f6412639dd6258cd

Download Submit
C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui

Filesize
56KB

MD5
712ecf5a18713cfe77f10cbf4dc06541

SHA1
22c5fee6bfef26e69a163f8103ca3da82417fd6a

SHA256
82e1c289bfd35242c5b344ad5b6e60cea1fc5ec4f97fdafba8e77de06ea663c6

SHA512
884768ec9ea1b40bdec66a7c6cc4631df71092f1fdd6a98a9b8567a058eed465413324ea631644110c05bd2bff7bc99c5cc3a6323ffe4d41bb8366ce220cc304

Download Submit
C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui

Filesize
47KB

MD5
1d64537100dffd527251fb34563f60ab

SHA1
d0b35e60773e8b7bd89957c8ffb8bcbb6766389e

SHA256
06ae31b3d070bff1a5efcb192844ac7dde2d05fe27825bcc9bb87ff6dd4642ff

SHA512
a5d7c07dceb994770b6b444c30075b3322e7c13ed35574dc0258c4723a3b481b54e0ecfa3aaa65450b3bff7c14e55d7ef569911499ad05c0ed40872eefd1d1ce

Download Submit
C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui

Filesize
47KB

MD5
d4f55427b6eae0890e7c58b93623b177

SHA1
3c33b11f1cdfe2ba42a205b3ebaddf139ca70fbd

SHA256
da8fc476d9ccb701662471e4b1de9b1f0eb30a7a5ea347a612c4a1c751493955

SHA512
301cbe3827d36c53553bfc17f86e193558d9499a1f457d283610c7912a0c4842021cdfcaeb5da6c44281232ac4e7c52a6740608eb626cf02b75558380643f54b

Download Submit
C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui

Filesize
43KB

MD5
b0b12f9d7d4e1c13f632512069778c6f

SHA1
07a01886277e84810d2b4510428e68557b457807

SHA256
5a78bdbb02933dd0c0246b12ae6c3f704a74796852b1efbf8405953afe0f388b

SHA512
88215a91dbb02c0744ae1f0a5b082d7cc9360c65ff8adcf769205519e686ac4ef98c0a2dd3ddb0fc0cfca310159873b4688cc8d36fd769268843cda5e4d23751

Download Submit
C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui

Filesize
53KB

MD5
6f1fb79f3879191531a3ce725c8ffd59

SHA1
7b0cb81d55570e585f63318b56e52280a1c563e4

SHA256
9028726cef9c81354cedb0c3c409b7b7999c169b4f6d90ff876a9d34b4eb51ea

SHA512
d46db4e8036cd5e3874ba6a4ac9665e8ddb7700e8f8d78d79325e112bd863d7796d8fe1ae0c03efd6ede983a8c87605509356433f26c9d1318e72dc739644bca

Download Submit
C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui

Filesize
47KB

MD5
7e91ac1d85a3e0a1b9617e1ecaed9a75

SHA1
4798167c25ee912f4baf9919264b39e1f8685c82

SHA256
38dc59014029f225b3a153d2e617fa6cc4ebe7df153010c21535720f62fe10d5

SHA512
f501baaa60d9d1092c1c1edf9894a00775e68273c9c8440d92d08ead6baa6a92dc73570336bb82845125565c68fe126d8c18b6f5877f84c4295d3cfc8c7bba25

Download Submit
C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui

Filesize
57KB

MD5
aeef05095c1e0b40f34d6d6e2b5e332c

SHA1
b23ebaf14884223dadbb32df066f8b61ce09c296

SHA256
af2623e44740a528dd13daf5cd2d804a0ab32651c30f56263804ba8ee1bbcf58

SHA512
db332b6c2ec26a3a27b49511249ca31e5dce12ea08bc15fd61e557c8ea77b6b601a41bed4f12685f45ee8b8dc7ae3632acdd0d8536d8a24e4546214cb7bee326

Download Submit
C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui

Filesize
47KB

MD5
369f9af2b83d58a517bf7d8a9d512543

SHA1
5be399fab9534669eb9b4d0b81073f0ba884a8d2

SHA256
f681d25a76d048f8155ffa231d8cd7f6d4bf56981bc5dade9192036874f2d369

SHA512
321cbca8105005bd3745d8b82c0fac07cc4d0c78a1c5ea387d27592a69b338cc9ea4ad5a58cd85ac98b78791d4879a5d6418d34872c83ff5ca2dc6750b7d8b60

Download Submit
C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui

Filesize
54KB

MD5
fc2dccf9717cb41888e607859b66aaa0

SHA1
bf59a9b37a2429de159340447647b3e518795328

SHA256
50046f1763156b6fedb31ba16fc5a466e105b00af5789cf7fadec4a1ebf11ab3

SHA512
fbb57a8b6be7a150ddaca87a76413b7fdf336366916b13b3b7fe07d58098467af0909214ab20aaf073fec4324c094485a8209ed4cddeaca239af26f7c0c23a14

Download Submit
C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui

Filesize
47KB

MD5
4ae19c374a3c084ba5cb7c2ca34fdc31

SHA1
c98c889dd2d0e4a86668f995fa2dc98b0ea9878a

SHA256
45bd6b54f376c05fd8a5d19e7461f42a44720a85ea38fac02cb1f84d3c0256cb

SHA512
40196fd69e876c5f99f77bd1874f91ebc656c4e61896e2acd91f08eec965c22cbe0d2b745d8e512c7afc20239c2669611cc90e2d9c55ba6d3e708e5999dcd1d1

Download Submit
C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui

Filesize
32KB

MD5
2338b8cedee5c6371d95dde96f5c81fc

SHA1
2daf0b160d1520f7bc8b5657f4a33bbe1813453b

SHA256
c492d55e58429e7f3bc255ad0d3be327a4b527bca2ff262c57802b5286f38de5

SHA512
c2ef7f87e464c09e4e2fbb57d4551dc62e9902450bf945126825dcb458aca1b3875af33aa9276d09de7a394aacf2c2d39f9fac032c659df2a09df097c963a8f5

Download Submit
C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui

Filesize
37KB

MD5
2d4bbf82ba50590f2d13df4b3f6a9f3e

SHA1
cb39deffc9278d775053bb3da07b813dfdb8fda5

SHA256
524b9af9d3c1d0f88a809f4be1d9a505f9d85ef735b03f8c1271bfb4ae38885d

SHA512
b9557e7d3e257b2c8adf7e255837dcf0a384e934c40621afcd4ccfb00daa89c8c1cb7972965e391c118025bbdcc32e5d9042b603aa4674bf9c03415ec8fa3694

Download Submit
C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui

Filesize
20KB

MD5
e2777781855ae033a970d370dec99992

SHA1
7286ef798c087d5fa53b087118e50fa65ea42844

SHA256
214b96c2056cf2491002b8a436f61fc3984049d0bd1db3bd5e9d3259e015d772

SHA512
71317fc1ec6444c213ca8ddafda6e2e46d9b2442537e565641bb4a3bde67133c373323b0f7c722e3fa9d6ff2613cc69b2edf881ba824b797aa56e502586bc8b8

Download Submit
C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui

Filesize
17KB

MD5
b8319d2d5dbf909a6546c02a108b93ff

SHA1
3db25b7ff13dc9f8f7e7a9ab96f8df533c21a37c

SHA256
89a2687a6fe4ff279877f281aecb47d347a6574bf41a8d24bb87ba01f3570cc8

SHA512
ce3f96a0c62e6e1f3d4ba7a16346b8c3450286340232e88eb84f45cdd3ebfc5d2eb2f2ea02d36c5bca42d33e8a53ce1fdb9a6bd92d4326af51a65284c4f212c9

Download Submit
C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui

Filesize
19KB

MD5
12c0fdc62983d2085583f5e21c236c69

SHA1
a04fdb1defa5ae5f2b0f238788f34f50084da771

SHA256
400c0ffcb59a8de8cefa157c81ec1b38eda024bad2abdb5967130e88b48f3d47

SHA512
df12bfaefa492d03e5f64e6945ad7288a976e7676a123af88f1146994f297bec7dba43829f3503ca0473bd372be82a9038f29ce687f93f6b33d0f3ebad46d0d1

Download Submit
C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui

Filesize
20KB

MD5
6c92bfa972acdbc9b3701a83ced84a27

SHA1
bbb425c3ef4ee9f29909e240e3a872aca92b9972

SHA256
b0a37d6992b94bb921658dacf0515f312198a6e455256c07847eb475f9e85a17

SHA512
a09bfe2b9b4a9f221a795f68024011bcadc4f178eee347042e1d9a0cdfc3deb81f8d0fecf6ebf4cfd19ac7a9aaaa63cbe33367579097971c85f008972669dc7f

Download Submit
C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui

Filesize
19KB

MD5
af68f2ba1a45e020022113e92bbca20f

SHA1
980482a8ac46a42d1b954f5597087850a0b6a362

SHA256
5871ba1d6361deca7f5cf7f236ac2a1a04e588dc85b500c2bd7bdd4c3f876e70

SHA512
362d6ca2a27dce4788ab1a63bd03e3fe02c18eefae402b8def72a632cf8e3059dc3b8e32b5b8e030078dfb0087156a9d2a4c0fb0a2518445d437d3abe7a8a369

Download Submit
C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui

Filesize
11KB

MD5
4a9840159d0fdf321bedea82a5440de4

SHA1
4cff8f8c87126172f05d4a596925528cc1966e2a

SHA256
848131a28da3411adaa9f75ac06cccfdfbc8071c5122b47c786e2cc0559f7799

SHA512
35fed2a76aa30e8234f2c179b279370f2c8d79da72ae1b250ebc8e9de85c0cf184c8dda7ff25cfcfdcf533069fdd0a2cf47ada02c89278f3c73a03af8dc0610b

Download Submit
C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui

Filesize
102KB

MD5
eabed60a26ed444861d1a6628b845ce0

SHA1
a094996ad1bd0ce63a8d8797fa0eb0277e765e2b

SHA256
ff9c0f1823b25e7918e167e2f9fb4be53bd39b203eae3d640734146fc08ab862

SHA512
602ed25b5ab9f97a9f2bc4518c387480f4d69e92f149059a5e143545ded00482b18901d593ba2fff6e01535da719a53a24157f93dd5012cb793919b15790a5a8

Download Submit
C:\Program Files\Common Files\System\en-US\wab32res.dll.mui

Filesize
92KB

MD5
3891eef722a13de4a447a22c02d1aba0

SHA1
2a4286e08268af0054819cf27874b078f5a23c8e

SHA256
c8aadc97c14b38f04a56506e7379c477e8e2da8651e18be21283f4f14136a3a6

SHA512
43d1309b9edc9b9565a4bd8a9a4cfb9f8a2331a5adff46e359d794d31f542bac23e6d93e9cb4b7a65703d01fbd9cb1e338258d9dfbfb913235386d60cd543d80

Download Submit
C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui

Filesize
102KB

MD5
7408defcf4c629eb72f12ae500c4a40f

SHA1
d03ca651bb50e20d89741897a65421893e0bacca

SHA256
b25b686405bfd964a03a539e1974e3ca2c4ae261d2c97a435c5f4e81d3866d36

SHA512
ddfb993fcaf83efaeb6ebabf5704543b779462f009db22ac2195a35f226ee5df3df2c9b1ba1863a464a73d7a0b28ee666e27e0af9462adce8c0e644b10e83dee

Download Submit
C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui

Filesize
104KB

MD5
afabf4797411c6f4cf2c0c97e422c02c

SHA1
59a3378cbdaae9aaa65f48a4457dd7311112fdb0

SHA256
3eb9169f6894474154e4c148a6d88672c7fc08e05ae319b4268311e4afaf770b

SHA512
276c5bc418a1fcbba9c0fd38e9b82dbaf449afc9ddefdb94895ac8e992669ec312fb3d48236013ee97f47e01985b2fd1b97478c0c44cba7ff780d5871ffd94d9

Download Submit
C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui

Filesize
97KB

MD5
bd430624db3ae06bcccb2aa271217314

SHA1
4d1c7dc7ddd7534459b6d5a4bbbcb115b3abe705

SHA256
131e81db1f4abb692fd3e23c78eb0e8b9904cc6c62a985ac4877e00180518f74

SHA512
b16ca392a447e6cd61bdf5726825dbd94458d3a6f9a865d875d678b77cdab87783ca8d4e503ac00474da4f2ece401f5815564a74bc09f8acbb1ef942ed3701b8

Download Submit
C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui

Filesize
69KB

MD5
a50f0fec071bd4d82f0a6d134750f66c

SHA1
dd6636e199303fc790bf0fc01dec106e0282d84d

SHA256
1677754d7f0922519bc14ff90b8a31e40c4b2602c597ebfe66b76d4c3fe2d779

SHA512
af2e2be9da871d61c7e0a666ae0fdb37fb719942b8284cdbefb3621e49125a06b9e1e40ca71c8e71658c7eb62ae92b950d704f00613c33b4971aff75fffec1d4

Download Submit
C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui

Filesize
12KB

MD5
44ee66ac5510a53a5f47f7aa0e9d5fca

SHA1
31a1a732e74b5e3efae1051a7648bce919dd44e5

SHA256
c274d9fa8688b6c82c2ee2a380ea23ace43db7729bf148769982c7b2692b64eb

SHA512
be2a058e05f150cd90d58b724d32aa04dd6640ac5242034c1bb4182321af8ccc1ad8a15a7a15156470c7765b9d14abd43e11d071d3628d42f1548bcaab5d1669

Download Submit
C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui

Filesize
9KB

MD5
5b589d18cd75279269ecd0c6b4c942a5

SHA1
3774dc55afcbe28580dce4d4597d5ec23a8528a1

SHA256
606d5aee970fed95482091f36be0e89a6eed59a4ee966d140723153d407ba271

SHA512
8a671d50fb1671e02ada62bc10d1b456e5f4b2da7798c123d27130c0462c42a3c52accbf6f8f891e6ad0cf9b4e1feec4b84ba457e1638257087f7efa0b277579

Download Submit
C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui

Filesize
10KB

MD5
b5dffaad46ca9f4b7a9ee676ea82dc26

SHA1
838514e438064f57f6948f06df74b0c23aeac366

SHA256
f226e1b1b049b00c824f0847355e976c9eeb5d7a8ed587f682bcff193918f5ec

SHA512
4e06000eb713f5884a28a9f2acd65f1d6675ad64fedc382634118b7c5b7f5f9f40828ce41244ea2bb4cd1e57ed0bec3ad37cd588ef6c0018d5caeb450a149e1d

Download Submit
C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui

Filesize
7KB

MD5
27e5dbc42b05ec91c242ca4f52a4b71d

SHA1
5985a03b82d425a0038097585d5252854d9784d8

SHA256
9b0ba804f4dc9dc2ee5802e681c12933073eb84b071c9923939331675ebf4943

SHA512
2ddaf9c4b7d291d8fc9ea985a7b75b629dd03d03f0cc5dba08062c7ad7475f30683954bd90f63b0ce69f42c4e3c780a8b95f8253bb8b4e9ed4d43f102fb54e42

Download Submit
C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui

Filesize
11KB

MD5
e8f67650979becf61e8ce57462b33ea6

SHA1
1cfa95542d53c0f7a520c158b02a02b90b211040

SHA256
7a04085b485d7daca67fa812e8eaf37bb5e3d40427498cdc8cfe96892ec2ea97

SHA512
ecb22f99123779d28de4c95bec2401eb1f3fc4381b69a009120ac8750f690338fdef3a965e902175129d75ae37a7a2086efab9dba8808bcc7ff31cdbfdc29957

Download Submit
C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui

Filesize
8KB

MD5
9bf9f03f5853c9781c62c60a5d18f488

SHA1
4d8dea1418aefecf48d802e22b8a29ab6e40276c

SHA256
25766430c4a9586f8cfabc7394a03f145c484bfd84477293e3e691785fbaafa2

SHA512
f98459b22931ab0df0bc5a4771c795ad9cbc5baa12dbcd61d2ef8d873ad5feb283992f77e85851cf599121ba232c437a65a90c82e3ea200482ad4c8997faade8

Download Submit
C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui

Filesize
12KB

MD5
73e85e8e750fceab234ded3943f5c321

SHA1
e3c8bc64aaa588b15c7f66c894a16d389faab68b

SHA256
154f24abba58f8038ead9f325d2b10b400361ab22ed2650d50a958ab41ed6ef9

SHA512
da24865292d7a8b9cc77aaee12f54634899e21b1914482faa35fd1fe49b94014d37635e185d8ce3ceb7bc0478f8b8b175cc5e4e4ffc9fbe7a9e13f11dc4b80e2

Download Submit
C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui

Filesize
9KB

MD5
0b4cc3804cc452a274a8c9a56d2658d3

SHA1
1c09ccbcb1253d0a0bad7c53caf59de027e3d69a

SHA256
0f05f910b4e9487b41861193b7c0a2bcf3a79fba9d7e184dafd4dc66646d5111

SHA512
8bb91f4d700a15b46f7dbca7b119f40a77469313a7303e07d7884a4fdd85959e9ba50e56d507032a4f359415bd4b146e0176e580b74ed715ee88f6887cb24445

Download Submit
C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui

Filesize
11KB

MD5
f344c3732542fa57d0bfeb9e8bfa9dc5

SHA1
bbd2eb4cd26ed58cc8d3dbec78d09c9f4403a326

SHA256
383dcfa6a8aceea628a00eaf12a3aefae1e965fd3a3c0bb7da9e8ab58bd9c13f

SHA512
1deeb9f179940a9992f2dc1c6397de19c7da030f7b65343a5f12d75bc89981fe05d36d232763db42d8ff9bcc8462fad121f07ce73bf12634a0c7919ecd8ce87a

Download Submit
C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui

Filesize
9KB

MD5
a46f9aed579971cfb7ad7bf184a7d926

SHA1
aaba9ae4483382accb7b5b83f128ce85cd655b13

SHA256
89fd42cc58a5f494e84d4ddd7ea02187b2fb4d97b8b47baf5b3ebb8982fa45ad

SHA512
1feb8f9d8f888ccc912187469ba53f332b232958c766ce303291f563906539186447b8e75a30f4b018be5d3b011c1ee02469cad0d86f9a781421216e22f6f69d

Download Submit
C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui

Filesize
6KB

MD5
5f9ab6fa867805a9e105f99238ccf732

SHA1
5ab551f627d61e3681d433787735e328944e6381

SHA256
6bc76a38d9bad1556d56134e3e9cc2000fe54659b2febec8a79a74d03a75a987

SHA512
46f0039832f6820ca634e7e9aa1c005f964c7eac0af05a349565da6fd33d63f42d7531638e463894987e60f6a608bee5505a7401ad29d3d454a8efe7a620d078

Download Submit
C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui

Filesize
6KB

MD5
fe29d46929b21b1153361d259fcc6567

SHA1
8fa886172fd763f8da2aca8cee6c6825ef310f1f

SHA256
dce956aca58e530dd86057e738b3d3b4c57573781584c13f2bb6ff1abce7cabe

SHA512
3c1b327076491c9938ae50cbd893906856897d0c02941d5902d43358d87178fe120da92b999bcf56d510d89be6fcde64f7bde40e96eae9b8cde691296c548c28

Download Submit
C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui

Filesize
94KB

MD5
606a19222e8ab85a1a6263916b466f37

SHA1
789a6653557ce9f2e5533afe130a444fde462684

SHA256
371e9e894a607c6ae5957086c3a761464a8cc43dc97c9f1049c7d05f2382497d

SHA512
33912d4ad5235249680c4514f5425f136ba9a5550d95df644d5917ad2a87acb46d9e4f6c03185f8c3c6be350db6a911958a7802e375989e1748536b20033fed9

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui

Filesize
5KB

MD5
760e2abf3312bab3721244e61a9cdb97

SHA1
0b83307b8ee2aa59e261a56edeacad1c850ac908

SHA256
58f0959e7a58c24a4c433967ca7016d1cd516caf52660daacf37c9800d45b898

SHA512
d82b77e0520cb189d8af3cd367dcaedf29a7885c9fe4900a12f329c2cb633e432c7545f1961d13a6af4c2a7bb55eaa7725970eb19e4833866197bbbe49d52864

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui

Filesize
27KB

MD5
e679ff4ab4de8ff25b88ebcfc9f01610

SHA1
ec502f82b390f79c798c777e7a2f9bd1668c0f51

SHA256
6d6db9aa3158eaccec0ce8dbc4b598efeb1cdea1a2457c2e0b7383ba164405d3

SHA512
6fcef4b33e384feb41c43d80e78be3ff67bbe199c7f3a5b578bc2726574436219e09519fe006ce8b21d7c08ebc0ae08801f08356143046f79854ed4c5976276e

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui

Filesize
3KB

MD5
1b1b181c7301ec3571720a2f2ef2b09a

SHA1
69e89e617fed4e08da2c0b70ab1b2f5c332fef32

SHA256
7c62bc3de13d91d9c0fb3a7ccde0eaee949960886888b80fcfc4a36aabebca51

SHA512
8bf96eb493959ad6f1d168ed73d653df8d99addcc1325b6a29d4a6a14115e6dc86ca7be0b3272a508718818f031df9e31659b137b638514aa3163b19e6d9f458

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui

Filesize
3KB

MD5
3dcb2b8bd8ca36593428606f7bc96cc0

SHA1
00eee7f3314ed2646f699f45797525a79c97b3b6

SHA256
bade57214d4968aeb6ddaeafa6aea63cca2970c6fe2a1033aa29de18b710983e

SHA512
40a61b055ff3e6a2f354522604d2446983d9ad73e6484e14951c9557c9e1b91c8dc6293022e4cbff9c9cc6962990800ea68a01bce986813dbaf26b1fca15543f

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui

Filesize
5KB

MD5
258fb0eff7c8217f22f05b8620194716

SHA1
e0e8e55b672479a3f39f566c890664fb4c544748

SHA256
f11c76d5fde9386c4ab9989d28777aae86e25f9cbd79616efacf18355fe9eac5

SHA512
35e9bdb584f7b52f4afbe40b8109c6d149a7df27bc91dbdc70489aff406e2a6727d5e9a696c39ac8857f894d92d4965b44072a1b2183e6773099344e64ab17e7

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui

Filesize
24KB

MD5
97d5f7ad0b666bb948c605d9c316e0aa

SHA1
482941e22478c115076e8dea79f0ab3bcb9eb0b5

SHA256
b3212587cee28eb638612088e3f261dbe5894deda1e97e3d2d8187ce0770f2e3

SHA512
07888f61f7295e5c12bc3eb9e79cec8f53afdfd96e7c0929f8792ac9f6f59b4b84a4bd8b21287a32ec25ee2d326cc791a701d8cdb59d40eb2b710e60367c21db

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui

Filesize
3KB

MD5
8eb00d6cd43d8a80ddba5dcbefd3e2bc

SHA1
c4195faeab57fd5d0c71b7f68539cd8dfe91bc91

SHA256
369929de1b704ae66cde8950de006a7577acf9b603da585fa27ae71ecf915b4c

SHA512
d0a3be50f9c1dd4c378baa9241f37c7991ff8cbf53424538d1907acb8c35dcbf20d47c7d649fb31650f3ae6f19fe0bf37333c5c777a96f081351bdcafc8740af

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui

Filesize
9KB

MD5
2dbc717273097325689ddd2fec4a5a94

SHA1
87726c1cdf480ac34fa2890e0bcc544be21a0f98

SHA256
a29f9d452eae6ce6307e8122f25c3d8651685b17211d53e30b4ee5b8a73259c9

SHA512
7b957f2b56b3e410a939a7d3662c8465fa813deff4897cdd1d467be32170c1b1e40488ecc919856d70664ea31042c93f95b77dff49a365f8ec34945a958520f4

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui

Filesize
3KB

MD5
7cd3a4be0f00dbe168b552d7d92ede05

SHA1
2942c17df8f838ed4768ceac4bed642fca53ea8e

SHA256
af76ca287839739ffcc5fda9a26763b2b5bee28ed62ffb2f6090828af7335448

SHA512
0639127b8c73f3f0a66d47c9b7d7887bbdf8aea24297b6a95f304d668787ee71851f3a99ebe723cb7b5f5e1e9ba81bce89336835c18cce7542dc7fb86b284798

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui

Filesize
5KB

MD5
e9a02a256c17e9ab4e35275f4b695a82

SHA1
73389b05142b2526e2b46c59abeafa5f62196e19

SHA256
17e27cdd0fe042588b4642824674fab6e456bb39929477d493658fddb5566063

SHA512
94977ede283e51f23da6755c64bd5746d36dd84ab4cff68b1e152235635ccc664965748bab888a0ac8a1fadf37aefd5edd8cc7701c09cf7e9f6099e891e858cb

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui

Filesize
27KB

MD5
8aaf501c23c1eeb45a8d90faa4d6329a

SHA1
de2eab161ed8096e7b47ece5330530a0a7543e26

SHA256
6210a61e921bd465bfe549225e54a23a04c3df4ac963b5c750d1ded1a719abbf

SHA512
451cb627a6f5abcad433a895393334ffa6c2cf6db15c6172c341001cdd9b7d8dde37aab4e3b894008a45d8399b2803009f02eaea3521ae8d5cb1877d6a25848b

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui

Filesize
3KB

MD5
8bb6c0dae7157c638326b67babf0533b

SHA1
b6e869a96ffb36946c893efc5353e5efa9ffcafe

SHA256
c42213f3361b623c08ca05e5857ec667baf8bab5c4bb4bf83f1ed1b5da49937e

SHA512
6eea40896bee7d3652e58abc50fc7e246fe5ac6b1e0b868e2005b381635f54875ea3b8e6b7d3c639bd40d9231836a57ca3e1ace23f01e462b46ed08a9d217c0f

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui

Filesize
3KB

MD5
36af55a25ae465ee3a2c024971f7e0d1

SHA1
fcef3476fa5479881521ca084796fd6a57ad3a47

SHA256
b5da86e206fdf7d2da76744a1bb1ed04a5e0edd70637a5982855e97c6c57d650

SHA512
909702190485994f1dd79ef47c5d1e4ed9744d96104b881eee7b0a588e92a96637108fade0a27722e0e38b425806f8343bc2c420fced2c880e45b8ac879ad089

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui

Filesize
5KB

MD5
e95d085e67be2fe3d92ec052284af485

SHA1
f77626c1aeaca26e85896935c3b8d67dd42525b9

SHA256
78f78dcb968f9035c2d12f689c2a230c7f0e65b99ad447fa411ba7467dc6f630

SHA512
908ffbd7462281b0ab18dbba0a451760e46625bdf336a3473465a45658ad6a5ed850e725cfade45ac3a694a8f447182c14b98a31bf5113da99dae0095ad7eec9

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui

Filesize
27KB

MD5
5831adefaabf6d8dc6088126867c9d57

SHA1
b6166bad84d68971011bd93b771ceb5d5ac7b289

SHA256
95e3edc9d79a2377b5b0d0218712f9c1cd4b65336845d7b7aad804c090a5fb0e

SHA512
dc5c75e9b44b955528db916c4d4590a8d7df7ff47edb8052f149ac0fc518038002910f5397b91de766939558d7a2bfe9c1736feb16712b189cabab887de4d35c

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui

Filesize
3KB

MD5
209b2c9ced3e2deb0bfd48a4762a6b13

SHA1
fb632d889a4fb98ef1a84f30021ee7b787196506

SHA256
c252ea0f84f3b7db3c359ccd96e2e6d87366863dbaded46112f3a41b569dcd53

SHA512
369212824534113682690ed917c484b73782b72089eaccec247f6fcb3c0d5116e017b3358e024ec855639b31ac6f565ec135f96772fca91d71c64b48edd71a40

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui

Filesize
3KB

MD5
db6a282c2e29b81c673f708d4fc7c263

SHA1
9bd670953c31dc00ef51ea28e18286421c38e38c

SHA256
eacb0076fd68084f1f547fb8dcdbfbb80716cdbb3f13e127df3341b66f6a4954

SHA512
88273a12e49f9ffe84f43ad03b7f9160ac4b05919aef217196103328a452936c5ef20d2a8fb56abf623c2363eee8f6bdf3602da1f1e5a18626a07cf6548cd6a3

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui

Filesize
5KB

MD5
d133c4fe1b82092570b6d8863d13ac32

SHA1
3815440c9727fe7adbe6f3dcfff70f1f3581bf4f

SHA256
9f2a2308e39ff8534f5cca773796518844d4fbacb3eafa7c78ca09964ab7fd35

SHA512
7d20ea5b2bb638ed8e6f0ccab3cd00b3fbd4b761801606da4a6e74621acd0b2e53820dfc1c1b404e5db1c74d8c3a50c9687a805e6028ed2e739872c3c589ebb4

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui

Filesize
27KB

MD5
e76f8ac418dd2d323456484d692c780f

SHA1
bcfc49a9fc10290a4b39ba9e6cff60a666df104f

SHA256
f1b2e13d42f98376ac86e2dbcbe8d6f933870732d7cd08cb81baaa15fa05c65a

SHA512
1d5e0f948c93352dd7d3507f75a8efa8c26e98593ca5c046262ec6c7a0bc895da1d5c2ebc333f9aeeaf3269f3836653cf5a6e71a6722623d69a54831ec300a8a

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui

Filesize
3KB

MD5
35b48c1fe8828ef1f88b2b97f50b14f4

SHA1
ceb23cf4149d1eb34d0b74483214722e1e34325a

SHA256
6d2aa31bee81e0ca43f7a8329175fe6d4613f8a48eb64f0b92b289b0e4568a8c

SHA512
d1f510b78b1aa6a5757fb66e500832a238018cbe11a1b5f58ebb454b6ec3a50f5569c4fdd3fc406c48db21a19ee123587824c68f5ef414e0122800c77bdca485

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui

Filesize
3KB

MD5
4573856dba5f7fc5e40c45e2cefcc47f

SHA1
cd98592ebe64bec7facfaa871f996bdd39ea66dc

SHA256
fcb9f1f1fe114186eb3b9840ddbc4e36b79f6b828e37b526c0b70fcb6279933d

SHA512
695f4df54c142d52ec4ea51d657eddc61b4364eeb2af24ab4ab2d7a00768c1ca29869f807112c8be42559369723c9243a20d0451cabcf670d43c9c33cc2992fb

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui

Filesize
4KB

MD5
b90b0e270798aed30bd7f4b027af8098

SHA1
7543e5d9311e780a89284956553dbfff6d3257c3

SHA256
67a552e165fca404029d1baf4007449f9630513791b3f4fe6a0c44b677f04248

SHA512
3de40c91563b5c8ff8d9e64c54a5cedee6e1b6de0cbe137dd3833ed154585046bf2745c03689873ce3711e0fb096572a42d2925282f5d493d536da0d560946e5

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui

Filesize
16KB

MD5
1c45b0f5d290e2b694c1f25651847ef5

SHA1
b1f9eb145b4b14639e1674a10b94a124b99c41ea

SHA256
cca8e7a267e9102d4a5cd92caef3c1a3d95958f5423deac850b527da7697af92

SHA512
19aeff3ce33f3ba7760980d7c5b02a2166377cee91f79c04dc96149f8eb49647d033203d896d0e58cf960496783721a3f6d41b19a288018605a569db9071c3e4

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui

Filesize
3KB

MD5
9915f04aae936a89cda27792f0e4f3bd

SHA1
04a6c55a0ca01969d92eb05abad9143cdded156b

SHA256
0f2f0f2cce19e0befa3078261bf34e543ee44a5e9a2e513de62a22246c81bf4d

SHA512
75a45d4c008ee9c9a51ef0241b74fc9ae558f49f6ab123ec2f0eb6b29a7ac9e6286228eb6bb2ab38221df882711c134bdc9dac199cc6b0e7460528fb573e2cd0

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui

Filesize
3KB

MD5
71a47d7a7aae54cf6b4e267da1c5fac6

SHA1
fc48e87eef2dd7b55388ba3831e02d5c75d313b6

SHA256
5c550d41515a439047a9d634dd1f77d197cf95941eeb9d65c9e93f3d8c761c21

SHA512
fe55040c69f6b8241f21516d4056a075746894e92ed49c325639f204f5343266b0364308728c34dc185c316e2fa7668a39c6a746a25d2ea431a5d84ca0e12f0f

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipRes.dll.mui

Filesize
26KB

MD5
b5bc87b458d48879a20b591562b00547

SHA1
54da5dac3ff5f1605252ceeeae46c05d62f3d796

SHA256
2ccb4e6586275e10bddc2627500f0e6373c8a2aad02b2cc9e634b68862b64f6b

SHA512
4d1e9c5cd2c27c45e8c9efdd1f6efd080fd5e73cca4ff640f619dfcaf9b3a1c11decfe663ef33f54f132e36b1d7f59cbda485b5911a5b1379a0c29ebcf0e58ea

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipTsf.dll.mui

Filesize
3KB

MD5
0665bd6fbed293db30084dea32964324

SHA1
e93d450907795c96f3d996eb893776ed7db274c1

SHA256
e1473322f742f5cdca2c50731d26d244d9a642f1658bcaecbb5d08ab44a45a2d

SHA512
317e8d75364e77cde47e47fb1d4f1633d7c3d0f4cc9e734680eb4781f49a7d5a198361d4c4073ed1c7e37b86cecaffcb15ad661fb444a53357d17cd075db589c

Download Submit
C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui

Filesize
6KB

MD5
e2214cf773dd483a5de8c200b19d537f

SHA1
c4005ee4b7ec84443d3d36bf690472fa26e8bc16

SHA256
2e797020a6835b828c9c3d80826c15fca1430ecc8eaa29be761377c60a81df53

SHA512
aab7433b24ff5316ec241bd9c12c8cb31e4210aac46d1caed383f6da34d6037cc532e4265d926c2427f216a03e9d84702fefc58b844221ef00ca0f2f41f3d045

Download Submit
C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui

Filesize
5KB

MD5
d68e37b2936e7958188cf0a2157f8d66

SHA1
6382336d8490918f6f21bf5d97994b032176f978

SHA256
e4edbdd9bb820a89f388f9a64cc4ce6faaa27ece45188148a3420268c175b9c6

SHA512
70e7e1f4fd290bbf52de9cabd1b2c0d0a451863336a5fab233b2fb42e91600e2417fe3da70e7bddec1910d0cfec98220498294d977fcf3dc245cdc8673067492

Download Submit
C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui

Filesize
6KB

MD5
2e607e7b8ed55dee1974d5ce017c94b2

SHA1
6e11056205cbc432b84fe058701f4055dbec8ec5

SHA256
009af5c27ad2e192c64f77d860f09044d33b03d0e9081ab207e15b6ed359e601

SHA512
d97b812489427d909e9c8b2b525116dab53ff9de9a98b6d6554b629077815a69cce112489edf6485397cfb4ab36ef1ff3879dac575cc54f9e743c86c5082a4aa

Download Submit
C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui

Filesize
6KB

MD5
a79980ef5688645b5c08325d4f2ad751

SHA1
6dfba14626407833d2935bfcfb29c725446c02cf

SHA256
a9af3f64e278d489a2d873917e6073243348d3c860f50b801b5375544c8d875a

SHA512
dc2c336c72baaed1c592def417ba89441935c0028d31376844bfe50290714e3516ebc0d46d246f4f7132a7349651914270bd26bd1709faa5fa12b2edff242719

Download Submit
C:\Program Files\Internet Explorer\it-IT\iexplore.exe.mui

Filesize
6KB

MD5
42c34c2bd5fa064d04ab573cf8d7615f

SHA1
864e8d330d6e08fed9b7a4707181784916082c4e

SHA256
6c25afbe1a0ab8859bc1d570af326cbc8bba233f1b796c9ec4f488569f684201

SHA512
ccc681842518004095393e3517e74ef6032d1f49e12db27330afed0882df6c25d765bf769384e3c36cf31d6e797fba33246445cb003ab7796b9ef8f3fd9b5d63

Download Submit
C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui

Filesize
5KB

MD5
31d3c61adaf7cc6728bea3c27535e8cb

SHA1
8fe9fe3d72132a310e3a247a8ed18dfb2843a015

SHA256
b02c2d943ce35cc1a24431d2718d892dc5ed21f56517571b302c5ef6ff3b81ab

SHA512
c8bb51611166b3d910ebe27d5d2786e74cc7cfa30645dd74c6d2679cafd15e94e6f0b40ed8a0f7b88e65ca06e187c6658a7702ac00b04ae7718dd8c6a227d9d9

Download Submit
C:\Program Files\Internet Explorer\uk-UA\iexplore.exe.mui

Filesize
6KB

MD5
d625ed2add73cb4469d94ecbc1e0dac7

SHA1
6ed3742b1d198210b39c3caa3f7c670cd29669f9

SHA256
96b51316d221f9afd915b539fddc44ab19b824b39053cce611bdda1a57b6c610

SHA512
58ce8c170bb0260dc2d064bde62744ffb2eb16d5a97129bbd984c96572efd1e5633765abcc867456b5a92188beefd8bda02c67d1bceafc0a33861dbfba53b3ea

Download Submit
C:\Program Files\Windows Defender\de-DE\EppManifest.dll.mui

Filesize
2KB

MD5
0eb2c2317425eee74f0be18dff4231d4

SHA1
0dd327d52c244533ff68252cf5d02ddd587f7de6

SHA256
b83bee3eef69c590165af5df9f102fe181af5c2349342d3f2e5ad4170c2515d1

SHA512
e86923aab995a2168223783e3387c4ef788e2b9d1c553d5c941ace7426ca7f40e097bb3c15b58924f949d500fa0d4986bd8dd096de4955a9b7cb6eb4933a4470

Download Submit
C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui

Filesize
60KB

MD5
b1de31696192dcfa9f72bcae7b2ad69c

SHA1
d46a3b173e49a3f9f96d322f0cabea2fbca99363

SHA256
d65db33c47ec42c573dedd34147ff4917b26ac77fae1ba46ce9f1da06cea4be0

SHA512
96e5564cc0c48637c7827d372fc8666be1cc827d0f08cbd6eaa2245555b603c4b890606669bdb0421bd1caec55bfc346a5cee883ce1e3ed055ca5660dc9f6faa

Download Submit
C:\Program Files\Windows Defender\es-ES\EppManifest.dll.mui

Filesize
3KB

MD5
42f039887943d38fae1e38bd6d679bf6

SHA1
d8d518872663e61c05c985653b37995942eba501

SHA256
bf908c1857a171096e81ba079b83f9e6e028f6a6b7defc92f2e94c55e9798926

SHA512
3d86f2069feabe2531121350dbbaee6100e3d0345a164ea0c120c3f44acfe100a6df3fd3d5369393ebe3e3e3c2835876852cb650d81c9da3acebf70f86ccee59

Download Submit
C:\Program Files\Windows Defender\es-ES\MpAsDesc.dll.mui

Filesize
58KB

MD5
4327bcbc8f8f4c5010421592fbb90f89

SHA1
d34e9ff62262d75ff29d3d1ab92e9278ec6aab06

SHA256
d6fc93c92ca1c1d017921c24e108ba688897c1745fda36e7e9d9b0b8d6260d35

SHA512
86e61749026159087e1b98cb4a6907c791076b772079135e4a19231d8d4d34db0f5c5deb3e6b3ec0b5f2b45a7a5b3e96d773c654648a718485f714ea66dc2db0

Download Submit
C:\Program Files\Windows Defender\fr-FR\EppManifest.dll.mui

Filesize
3KB

MD5
f6d1a400785bf6435c0b656709850f55

SHA1
c0d18c4bf3380c661d1c2eb23a8c572a69d90b12

SHA256
dc95daa0217da7082a018a3eac59be5f991ae21a5d5bbd1c6905804259efe981

SHA512
4dc74b08025977769d613d9567825dcc708a84f0ac58b97493f5503fd2567e60278286675a29df73cca0d43bed4c8986b62a30d0e29cba8018e3804b52aad005

Download Submit
C:\Program Files\Windows Defender\fr-FR\MpAsDesc.dll.mui

Filesize
61KB

MD5
3da5d7a5da4c124fac98d8d9debfa772

SHA1
3ec09afd850e59878c20ea223e6fb90d9177faf1

SHA256
ec50cfaf40d6b9f4692d68c7da555a79c4ed2a02e873e4ce36cf0b7c206385b5

SHA512
44ad49cab7b42a29c1ddd76cfe53d5dcf4ed49280c392ca49aac6cf3d795907c55b7f66d3233101fee438402ee77101713163f4c3411f8090093e72099c5c9b1

Download Submit
C:\Program Files\Windows Defender\it-IT\EppManifest.dll.mui

Filesize
2KB

MD5
779d6cc7bf126c19d9b20cd39b3271e7

SHA1
a96729f9af2f661dc0329ce672ac4af4c175ebf8

SHA256
89739768e6c37771ce3ea79e82c0e9937d7eef8cfda39887ef5d344509429eda

SHA512
23285a027076a2e49e3776a26357976b2497928e13e68f41c0f44139b1c120df16e69793085dbcb1aa62d7e61ea79e2fa36b3206e661b5991c368480c80f3866

Download Submit
C:\Program Files\Windows Defender\it-IT\MpAsDesc.dll.mui

Filesize
57KB

MD5
60310c763c08ec511c18d5a6167a28f1

SHA1
e938e34ce4f0af014bf8082137bcc589ab5479ce

SHA256
f1dc6656ea3128910211a5ecfd34d7d06fa5be63af43e7777bbbc8f66d38dfe7

SHA512
035deb0e75be4e2c3b47aa32321682ceee27680488051078c8f86731578a576e303e1d0fb5f7a38dc741cc9fa7b6d025db04aba5a527536f8fc6d4c1edde63be

Download Submit
C:\Program Files\Windows Defender\ja-JP\EppManifest.dll.mui

Filesize
2KB

MD5
c17e7dd2f4c330c61c8d7b633d2ca17a

SHA1
01d4ce1cbf19467aca367bdaff07a2e908b03c84

SHA256
1d9d73d8ba5a61523b2e2ef5841f0e414f0324c0faf2bb43bb72dc502d0fd957

SHA512
fb1c6189b16f2e1ca8beea1f795faf88d95f6713476e904206f587fbe7db77a83173b3eedc92889b2bdf27b49e7655ec22ba863a4f0f1793322358529e64ae38

Download Submit
C:\Program Files\Windows Defender\ja-JP\MpAsDesc.dll.mui

Filesize
31KB

MD5
1e217098badb4d21284e303046b6c9ed

SHA1
89823fb9cad22ba4c39731ced9c8e41c75e88724

SHA256
59ffe91bcfc4b24aab8e19b903e3f4e201c7f35ae43253242cd65e407ff70518

SHA512
a63bff7159f4d8e0b91a3edb3b0915344aa29f133fc9f77eb3a9c077c6f4bd3e55be323e1455bb4df3f1bd6b7f30729638cea9212f8335e4b523cbb39309b7d4

Download Submit
C:\Program Files\Windows Defender\uk-UA\EppManifest.dll.mui

Filesize
3KB

MD5
2e78600b9895f1a015309bde2bebc643

SHA1
ffe0623f770a5a8e079d3a6a6cacf781f6e6699c

SHA256
abda928b62ca7165d6ad6bb43816424b9e50354bb873e1fc8e0f1cf37273d479

SHA512
52a25228be9ef4fe27db57150d1e6f62216bb2a22c49235e92d5fe9d0b1f38f6782a2433dd61315f822734d1cddc670c6739e2275427c41e936d5f83b65dd788

Download Submit
C:\Program Files\Windows Defender\uk-UA\MpAsDesc.dll.mui

Filesize
56KB

MD5
c116119c482e1896ede7d816944d5eac

SHA1
5cde835d98e7d2b6f8daa4e033bf64819823b324

SHA256
8df530e435d702e4acff58718eb28d79c692e8346bfe65856f6746b8cb45c991

SHA512
37e5241eec98799e3422d025ca762f03c4b79915d41d4dbaca3ca1b833fdffb490b15479927b1c5f32ba2aa4a5a8a1a4cce19b85faecfcf38944d9557c90db95

Download Submit
C:\Program Files\Windows Media Player\de-DE\WMPMediaSharing.dll.mui

Filesize
3KB

MD5
228574cc2f6eaafaf24db74781b8da61

SHA1
b7d638ecbeee81c486460ad4551d3d159a6fa532

SHA256
5a73b81c7b12318e6f8756c77541be1946bb867bc5d77d9eba852def459b1eda

SHA512
da3ec3b175a34b2720183542c76cfb3b45b26d41c26a530dc375d7024361f680761a865adf457d145e84a388c8760367bdfb6649fc542407463813689da0c564

Download Submit
C:\Program Files\Windows Media Player\de-DE\mpvis.dll.mui

Filesize
3KB

MD5
a24ce5aca81f526e62c46c81250f9061

SHA1
fee3f6d0db0e0109f4c6aff18f896de1d96291da

SHA256
1ad1340ffee9086a72f154fc9a1e84dd9a0eb9edadd281deab3fc02ae0618e20

SHA512
e9de1cd651d5716f19b744336b29a36df527dc565220b746d0c8781ae332a247390c17c74b8fa76116ba8d31a462326937cf5f7e443b0add2cc6cb8cf26d4788

Download Submit
C:\Program Files\Windows Media Player\de-DE\setup_wm.exe.mui

Filesize
61KB

MD5
70073dd5bc9577c79cad4315afdcf8dd

SHA1
84c95cee755266a5e2f30c4d13473ff40aeba0b7

SHA256
22892a688cd805668cdb07f0dcff36f24c6fd82b9c74a4eb609c84644b23bf73

SHA512
70f42311d6a1f4aea8403ea38c2da7e6a5d015f63954bd66df65640716614df12192f1581e009b6de4c9065d2db17dcff6d1eecb74146b06efac8473ac703bbb

Download Submit
C:\Program Files\Windows Media Player\de-DE\wmlaunch.exe.mui

Filesize
2KB

MD5
d4426e08b7ff4a02523ecc32edfd58be

SHA1
544471e9728df8931e91e260e63a53ab702a7f63

SHA256
f1b3b2bdc207a745be82c60a0009891850ae574d80324368e72835110328b19b

SHA512
5c6b7765346cdd5f065d19b168436f9471a2cffc2670ce88133c832d4c9b2c9a1d20110eb11316d10bf1df61f60fae21bdc8146b56c9373c19a1e95f6dfb00e7

Download Submit
C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui

Filesize
3KB

MD5
8061906269d9ef59f2a6fc306a42c198

SHA1
921c7316044564760c4885118e7e7807d7b9ceb7

SHA256
0454ba1fc8b17b9dbcd1944292a6d9c347ef35c78c45d4993bfac2a8cbd5d5b6

SHA512
8ae96c1d7562ffa65e722c09d2693529791f567c761c4866f09e2fe6f898a1be55ea2b83bda06b0a063164173e5f54a2ebabfae12cf6056b066323bd2b38cab0

Download Submit
C:\Program Files\Windows Media Player\de-DE\wmpnssci.dll.mui

Filesize
4KB

MD5
693ffb1bbb1589614e90ef2f1348138a

SHA1
5909f15998fec0e858c9024e041cd5469294613f

SHA256
67061745846ca97a219ee88b06b2ef4595b53889fd7176621befad0962a7061c

SHA512
7d31af502bf8805d019c5539bb803f9e816909d8fbc39e6c95e0a02f0a8753c7070d5625eb064d531409f55990a8796aaaccb2f1bd767948418744ba90d619a5

Download Submit
C:\Program Files\Windows Media Player\de-DE\wmpnssui.dll.mui

Filesize
3KB

MD5
a6a323ff98270ed949dcbae18ef2c707

SHA1
ab966f0bdf3b9b565e483cc257a3278af852f629

SHA256
802227dc2ee6a5c67730e7f6c9a8d5ff53c6e00710addf171b7b4f1874be5bab

SHA512
c23d25e875a63e595c880351293f40b7b17dff9979af182a18f81e7479fe383ebcefcd6a74c72c8d7d90a84e29b5bd1d5694d8a0020c4232024a8a448d229cc6

Download Submit
C:\Program Files\Windows Media Player\en-US\WMPMediaSharing.dll.mui

Filesize
3KB

MD5
eb8b87871efd523eb2859419af677864

SHA1
c03e8846ff9b23a81d14f21548618fd5906f4d88

SHA256
b9d8e5adcbd00e5c110095cb2f79be728ccba1d20450b1800e662c708af40c3a

SHA512
0eec8328e1502f572f27f1cbe8e089e7d2dde3c53ccc46e67fe0652a5bc6260be5211e03b9e4c2e952bf509e5ce71c94a31d6608322b0b5d327fee5e79b487a1

Download Submit
C:\Program Files\Windows Media Player\en-US\mpvis.dll.mui

Filesize
3KB

MD5
24928c64fc6a51f8f5119b94a47984df

SHA1
5587ec609cc6db0b5ca91e584145a222f57f3bc1

SHA256
1199f3fbdb54898635616a35fdde323f3c2e3e22de061d8d40b172fdcfc98071

SHA512
9465c0928e63067f4588f830985b4e64c4a523e137ff1ab5c980a8413a325a07c3b877a2a3e3a5080963f2e5494c83341737b84722362d1bcfa8aafb32a38a6d

Download Submit
C:\Program Files\Windows Media Player\en-US\setup_wm.exe.mui

Filesize
53KB

MD5
6aba3646691a2ce1389dc9d91af6d75b

SHA1
1b8da955b748de1a6483ca929646cdec63c9f75f

SHA256
fd4029412cc0f000cee382f02a51e25dffce15c63e2bb88c08c3b1db4d42c316

SHA512
e858d7bad9e034e40e2bd655f73f744282630789e63a653557dc25427c11e06aa5fb475dedc95c2225d44586a7c843898f185a70310933abead05bf688cf471a

Download Submit
C:\Program Files\Windows Media Player\en-US\wmplayer.exe.mui

Filesize
3KB

MD5
a349d0d8065ea60c121ea92ad6e93b2a

SHA1
1f81a50d7cd0d64c69b56aeb5d604441a0858a21

SHA256
8a20ba8a94aaaa90da9c80b30e641545f045003f3a0b1fc7aea3b837e599927b

SHA512
61bd4e17e1d9b20bf54ea93c45c8fb885677434f53cdb8839a59576a48152b71e64fb0bbf91749194763d7fd43f76e52cb2260de4f9d31e3a15108b56fac8675

Download Submit
C:\Program Files\Windows Media Player\en-US\wmpnssci.dll.mui

Filesize
4KB

MD5
1ce5e4c786d2da104d020112dc9398a4

SHA1
f66892b3167c3412160121ec99936d96258a2830

SHA256
9ba557304e7f78f30ad9930fa78962b8926c22d52f0dc375ee888333e8ed630c

SHA512
34d993c51cdc1a57a90255e4784fda299a95bb6eab49842246118f33216c9da5a09c0a759e065c25d51631a50e1086105399b6470df10f869b17d2735e413cf2

Download Submit
C:\Program Files\Windows Media Player\en-US\wmpnssui.dll.mui

Filesize
3KB

MD5
321573045a33c02a8fd73045de0497f1

SHA1
dc4a4b899d803453085638967cdb0c1cfa48d3a0

SHA256
25fb04c436b16dc3400548a701cd11eb125f39fb05ec290cdff40acc711f597c

SHA512
86e41165338591abfb52cbf4ac6509f28553f6090fcd53934be39ec7ebcec41ade722e207d5d8df38a4f1ed497415ad2121931d46fc64c10506de45fa2ede654

Download Submit
C:\Program Files\Windows Media Player\es-ES\WMPMediaSharing.dll.mui

Filesize
3KB

MD5
3bb0333667f11feaf56d4643e488b747

SHA1
2bcb280555d1b1b0868e1c7d4ba3084f77c8ac8d

SHA256
0c4ceb2059b10932662f0fe94b96f4b3a3d296809ea7ce4ef831297f3877a755

SHA512
b63aacef53131ec68b64ac65ac5508740530c236376372b7749dafe346daacc7a2fc614fbe6e0533e855b46f1a2a5032d8d94a8224abbc4d697052db2e82e946

Download Submit
C:\Program Files\Windows Media Player\es-ES\mpvis.dll.mui

Filesize
3KB

MD5
60388d2d17e8c1faa70c7ea0c0bef118

SHA1
b9fd3843242374be2add85a5f739b75a4ddd94aa

SHA256
6255faa9ada4408657a9691051b670822d0803321e8d372ad0d9631252e14032

SHA512
4d699c28a679436a24efbf7729c5b39374527cf9148064ee3170b84e766efbda2414b0317de580744bc3aee182039815b04c26e1d3596e5bc02bf76cfb2f43f5

Download Submit
C:\Program Files\Windows Media Player\es-ES\setup_wm.exe.mui

Filesize
62KB

MD5
c57d699ad5ea43bda611fa83d187792a

SHA1
22f5e8606a0647d244d363b9561f3448496a91b7

SHA256
b6dbc301cd19af7dc2bc6b9899bdbf4fa8d55d9bc792f75659cf6519fa24a6d1

SHA512
e5b2148dc9db6c7a8634cb6c5e1aca20ce465d27035e98fe85e4810629d9ed58705d24dbedbcf96a991f7ebc290c10248510b3c4d3e75d61354e9ff36abaf902

Download Submit
C:\Program Files\Windows Media Player\es-ES\wmlaunch.exe.mui

Filesize
2KB

MD5
472a48c89679191f69e8cf8c43cee6c5

SHA1
850cdd2e5652b1888aeb6d4fbb1461549d13a63b

SHA256
b13485b66d5eb7480c8e743a382b99073988c1ec4d44e05d0a43ef54439c4eb8

SHA512
36e83d7a41ba6b60bdafb4c22d19ac14de5e2930e2bec1e524cfe9f2604b370b86fd13d02aa80f074a3799cb37ece23c87056394531222047d51f7ef2971e08c

Download Submit
C:\Program Files\Windows Media Player\es-ES\wmplayer.exe.mui

Filesize
3KB

MD5
b87c49a841af695034c9e627900787e2

SHA1
db592a608b7e0dc5ab8a53624ff11e3391fb6779

SHA256
6acb3bdffdaa1f94e0e3936e954d1bfeab1cfa38ceaf9c709c67d08599f99a44

SHA512
39a9a339fec6b5fed83badf146e48cc18775fb01b656a8ef21c9b31ac5a88b6298a1e25fe514fc8d5452d0667f2944d4de0e1be2f443fad17aa010d7bb4a9958

Download Submit
C:\Program Files\Windows Media Player\es-ES\wmpnssci.dll.mui

Filesize
4KB

MD5
405a8dec8174de8c99fb0c22ac45628c

SHA1
7943ccbd17d09f6c25968dc09a2d60a44d04f382

SHA256
d9be3d658b9e43de7d603923e503d6bf56a139ed1a080174c49512d8aca52e07

SHA512
e44d4234e47903764e8bc4edc0c4228d360ce03aaedae3019fb30c09ec78e855220eb1089450893eae7e17b82b80a3a3128e82a1761fa60bfe8ff3c0d5e216ba

Download Submit
C:\Program Files\Windows Media Player\es-ES\wmpnssui.dll.mui

Filesize
3KB

MD5
ec65a4e277b67bec1c96d354a78d1bb9

SHA1
77d7a135751818cbe61646eb2461a5a538629765

SHA256
127266fd0e61081b3990aec2ce89372c2b8136730f6a33ff95471b4c15721abd

SHA512
af47cec76e28877fc267c6fe0f22a1af6f3642d50ee71e9cd50a436e31419d2be94abd3811f30b75a30d50dedf80fa2f2e38d4c26d630b13c477d2f2c128d661

Download Submit
C:\Program Files\Windows Media Player\fr-FR\WMPMediaSharing.dll.mui

Filesize
3KB

MD5
512baf95841a1958c0962393869ef609

SHA1
16ed8fd895d5d98065e00de158f68b73558ee515

SHA256
3c6d397910fa510627f872dca96ed7251e1415e41edf023e99b942bf7872bf9a

SHA512
d6c22348af700fda2fbd6b33c33928237a066ad02d548267f0cc0beea2658c8e40831526bf46f3b983deefcdad3526a8fd8c52b1a9da6383526f3734467d10d7

Download Submit
C:\Program Files\Windows Media Player\fr-FR\mpvis.dll.mui

Filesize
3KB

MD5
3bb03ac26a17b775db76cc0b361b1450

SHA1
2695b8c6abba5a323791a6b1cef1b58b4b7dade4

SHA256
0b6c1fe5bbe81eb798d34af69e675f860f9ffee5fee17d9c3107e8d6a13f09c7

SHA512
15ba634245236a7f48d91238e4c341d992af6260c1a431823567fe9fd92b468439c76e0637f1c6159255f4fc97a765eb188721484f30a57f7a6b4e127a48d81e

Download Submit
C:\Program Files\Windows Media Player\fr-FR\setup_wm.exe.mui

Filesize
63KB

MD5
d9bafea263d0362ce4408f2577b52bf2

SHA1
6fc8dabb4e99e793ba0296c3dff75ab37804f5f2

SHA256
8ec360ce7208ee516e77e91e331890123f2af04450ff06c408766e8a928e5d5c

SHA512
b52c4d46c729da3fdd43ca82751cae50611ce673e58eed4bbc5c573834516181609e3a47288b098155280c15a71b7440e02586a4462f8c5d0945f5ea140470cc

Download Submit
C:\Program Files\Windows Media Player\fr-FR\wmlaunch.exe.mui

Filesize
2KB

MD5
ca653eb69614a9a2086a496595af881a

SHA1
569a130aa3933fad55dd168d6df96b2a7bc8fae7

SHA256
f646fdd1f4b0893395d1aecb5d9aba2e3c61a42fc9619aa92bf3239a85883f20

SHA512
c464f9b8f2c2bde7fcf0a5d128e7f158956977d596992b38ce36eacd8dcfbf8fbc1aeaaaf82ef4773439eceb583cebf22518a900e3dd1b190169f7ec2d397842

Download Submit
C:\Program Files\Windows Media Player\fr-FR\wmplayer.exe.mui

Filesize
3KB

MD5
696873e24385d3bb36cd708adb8ff805

SHA1
40d041bb44fed7625a2a65084db177336549a6ad

SHA256
0aa0083483ff91ddb04ae1303757d386058e3dd6fa5f68d6e7c490aa2fa26921

SHA512
c3e042a385472db964637049c724d0ba6385470b29e461ab7ab5cab79e3a01493204615b521d6022eb28e824d2a0b06b0e908193deecefbf23abab9cdd79515d

Download Submit
C:\Program Files\Windows Media Player\fr-FR\wmpnssci.dll.mui

Filesize
4KB

MD5
40d01efe95e12cffd1db7154c5a4614f

SHA1
2e9710f3d48a53bab190f3a2f552798d123cce6d

SHA256
dc7d728bead101403e11d13f8e7971ab6dff7933725b555ef8e01ed1d55ea0fe

SHA512
9c51bae4732bd3ffcf6c5c7b75125799da9288007c2cdd980d56d840ddfa68ff00767e9c69dd4ddfe013c5b0578a3224d591bd700080857b2a538faadd064ef1

Download Submit
C:\Program Files\Windows Media Player\fr-FR\wmpnssui.dll.mui

Filesize
3KB

MD5
5a7c1efe506256f6698e8e5f583748eb

SHA1
4a376fca3324a852dd5762c6244610a1a5adfd06

SHA256
3666bc1d8b07fcd4111cb727832e3739543cd38cde85f579c7ae8e47b37ebaaf

SHA512
4f177792ddf0689651491c5a627464b9d633ea15806a48520167b2e6a0b3c86cbc103bc91ad2269717589fbbfc9f612914341b624e335631552b8da7f0fb5478

Download Submit
C:\Program Files\Windows Media Player\it-IT\WMPMediaSharing.dll.mui

Filesize
3KB

MD5
da99a340c7e1587f0e90dc9acaf05410

SHA1
ab798aaae66b683f45ec3c6eefbdd0b37c50ebe8

SHA256
65e7eb16271e4050aa104ba702fda21be93bd8f825a54d4d1976597085aab50c

SHA512
5dda009fdee83473c2d840d1d53b0e507bfb4fef56084cc41cbcfd78fdf07c62102821c454c4800a4b679d1dcb4afeadc75a12d4b829da636849ff6156198341

Download Submit
C:\Program Files\Windows Media Player\it-IT\mpvis.dll.mui

Filesize
3KB

MD5
28ddd898a446efabc231e533f4726e4b

SHA1
f232dd7dd56d1c95ff4edb11a9678051bdf0bc5b

SHA256
29cd2acf891ed46c2e1ad8b0ba06dbadbbde365dfb17ca00df6ec17a3c74d931

SHA512
d91c2f71f538a4e0f234c6c6df628c2210e728959e4a22ac0625c843d3d08a1040fa2f4417e593b1d5d1c61544feabac6b893fe83d2c02709bb58b7207c90b87

Download Submit
C:\Program Files\Windows Media Player\it-IT\setup_wm.exe.mui

Filesize
61KB

MD5
4f778150e47764548d5409af7b99d288

SHA1
46315e6ca8b917d58d730e8d0213c7e3441cf4c2

SHA256
6de55d9cb2aa5660c76611f2c2cc0df8b810c72cb3395e44a392e6fc8125715a

SHA512
259a8ee146c9a73fd3a942118aba6ae27d8cc3d64c7a4036011fc080dedf438fb2f76708f92ad6d0ee511f225999bfe755eef14056890910169bbb15e080bf92

Download Submit
C:\Program Files\Windows Media Player\it-IT\wmlaunch.exe.mui

Filesize
2KB

MD5
44f2c8ac9f388a95a9918b470be8a93d

SHA1
67f267fae37d3c5839a08fe1fac43d91c4a7fc45

SHA256
2d4ca03851bba1d0ebae4d1dd324608d1d3e5e4b4a1b434ba83f4b457191fb8c

SHA512
2afded8f77b9a19429b2adb8edd0445eeb07832e7d4259f0fdb4b492dee79c3315662b632d72355cd4224e1510253a40679bae2876c906e397ae6dd7e3481d37

Download Submit
C:\Program Files\Windows Media Player\it-IT\wmplayer.exe.mui

Filesize
3KB

MD5
e3b13e065937a908e440dc4c2ef18105

SHA1
9b24a733f3b0ce19ac01ac784de5ed72fbefe2ac

SHA256
8bcbb50116ecfdebb2532e12fb62466f4d70abcdebf7f97ab04ee4945c03d8ed

SHA512
ae5f5db242761ee685c2dc849eab931260a1a89217e58f0a16e179f301079f191c5f71a55b8011c986e6b68391ff68e9ca9c4eb27d5b177ce10fef1d3a8c14e0

Download Submit
C:\Program Files\Windows Media Player\it-IT\wmpnssci.dll.mui

Filesize
4KB

MD5
ae54fb60b938d991dacff1cbae1bece7

SHA1
aa8189bfa89585718de322fa4e54e0e17b1740f5

SHA256
fee8008909eaf7736647288a46fde5905be6d580e45bfc480a70232692128bab

SHA512
1323153b4d7468f03d180ca803ca7826f5b481749d9736ef59c337a028d41275c32de71966b9d8a0e0d12ecb64e85714b55ac7642e26bb1e8aa835994ffb2ace

Download Submit
C:\Program Files\Windows Media Player\it-IT\wmpnssui.dll.mui

Filesize
3KB

MD5
d1d29604d61dd0f2a4a85be62977bb7e

SHA1
edc24f64eda8797495aa3ca2eb084083723b19bb

SHA256
746bfd932821d69253852b1c667cf68614d719615a241310f0296214d2251fc6

SHA512
84d87088f75e293b16462ca04234b290d213a615252d1ad38ebedbec724d36481de5d9879844a725efa6abc91708d5afa07622b708adabc2e838a3e2f9cda0f7

Download Submit
C:\Program Files\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui

Filesize
3KB

MD5
974c99a1c6680c900a07ffa3f9d865c9

SHA1
d57830c92b0895c20ed0d09acc80af95ab83c608

SHA256
17a0fa819fb502e24a6ac0d2f4b4a29027c1f466d01f1c794273a02bc0667fba

SHA512
fba289955e3ca9b8f90cdf2986d25c382fe7dd686a10f6f5c10a417e1771a9769c4fb42ed5e24e4087d44ac36906df5547470a0dc61b14e009e30f2eb47e1e67

Download Submit
C:\Program Files\Windows Media Player\ja-JP\mpvis.dll.mui

Filesize
3KB

MD5
5c7a3c236f307f6edfcd2ba64b88539c

SHA1
f1b1d1ba113ce2b04321be47f64a1597d10cde24

SHA256
57292cba9774ebffa053e57e13595671e3a08fb3be8f0ecaf38e043a2f69a99b

SHA512
e7c8b614469679392a0d70978840f23b4e6c2d8675b243263a22e152f0dc9022ec7a439df317fe7c7a954bc14ac49f8793f8fecb00f3d0c3c16a40b225101a1d

Download Submit
C:\Program Files\Windows Media Player\ja-JP\setup_wm.exe.mui

Filesize
40KB

MD5
c355e4952e29bafc70c258dcd0c45e31

SHA1
e53c667b79d0a498d56b7cdb895030bb500206f3

SHA256
d5a5c37ce50e908a0706e32b18f9848d752e3a2c3e01b43e23ebb3de1b735f74

SHA512
18ea178d9c0e981cbb75549e9ce93d10607b585f59bc3fd9fcf90407e9afc1d0e43e557310bf23b1e69279f1b1b3f7a1103a8803b70f73b734b6f20deef63b12

Download Submit
C:\Program Files\Windows Media Player\ja-JP\wmlaunch.exe.mui

Filesize
2KB

MD5
29fefb167ea533bee46d3824122dd9c0

SHA1
47c7dd70f75b111bb6bd7f80e9383121e7ecd739

SHA256
bfd44bd48ef7a46976c41080350135dea000803fedb41cf1caefed01465c2f60

SHA512
d171a2a170df5092dd4da105dc7c0cf337dbd9b4ea18b7605ac9b2a5faf4e7e7a876cbc2ef3cd68f65d526e656d5fdd6674b5390a0c1d8c14781d08ef0f8ed2b

Download Submit
C:\Program Files\Windows Media Player\ja-JP\wmplayer.exe.mui

Filesize
3KB

MD5
99075fcd816df4d99f6def2b227cf5cf

SHA1
45edec1d6caadcec2056bf39d91eb0b7f99a2666

SHA256
3be33cd5fd0a1a30cad65977fa90edffe40dbef43ac130ac951d712385acf327

SHA512
49ab805c22aab413c0cd71626a4cbdcc56e989099cb5469687c46356cfc77a56c5b8362adc135ecbc578eb0c50a8d63414850b601d576173692e871cc872ac72

Download Submit
C:\Program Files\Windows Media Player\ja-JP\wmpnssci.dll.mui

Filesize
4KB

MD5
366c179eff4c4ee8a64742412df21bac

SHA1
be292debdc1d7f1bf48574bcb007b17b4cd55923

SHA256
5b559993096455cb2d284fce9800f2870c3d2b17e518cf842f5f68336c1ac8ae

SHA512
ca88c7c0a9c0b6be9946940f4a516955788a700c3af718be5eecab10a256bdc05b41fa234eaadc9a98e02e1eb171e94abb78fd0d43b74988870ac06a5a67aff0

Download Submit
C:\Program Files\Windows Media Player\ja-JP\wmpnssui.dll.mui

Filesize
3KB

MD5
aa0f59e94094f124ee8a00716fa94dd6

SHA1
e34846e5222ee436789caca21baa52c89c4549a9

SHA256
e46c3057a2b4776eb1e34478d0b8563e6172a50cde15b0619463b0a9568e8728

SHA512
dd9a6ae88cd1823e381b987c216c391fab8e1ae8e46b925123b22ad2473533e67efbe115fd5e350fb8c3119d95a05280ae43a5a748c348cf86d7bb84bb2526d8

Download Submit
C:\Program Files\Windows Media Player\uk-UA\mpvis.dll.mui

Filesize
3KB

MD5
af4e0a7c9ab84a1044bc8e451a67fe0e

SHA1
e2b2669d5b4f4b53f52d2c8a30643b5e84d97a54

SHA256
7716370b97760440cd5319081b117165c430a43269f256d7a16a7e1350c7bc83

SHA512
613c75062bdafca12af82ebb94db914fbad87e4af89bf6c50dc10dcfb31488d47dd8a940b56e353c8b0fe4edddb124f4cc494fbffc89f98e8cda86f5a71bdb29

Download Submit
C:\Program Files\Windows Media Player\uk-UA\setup_wm.exe.mui

Filesize
56KB

MD5
cc924bc9cc1021520f1a7dc3a9c367b6

SHA1
b5a43e68a0921277f50b3d6e9de01752c87e3465

SHA256
5314a3f668b5b33746d38abac24cffd44566f3cfbac565aeb3562274a9be296d

SHA512
2995dddc843f9365a44798a678f3f3cff868081aed480c9aa3a3cc87a837e8c9008015107c6870ff8f398a9696c3f489f7a72915e6ece047834cacf1df396f0a

Download Submit
C:\Program Files\Windows Media Player\uk-UA\wmlaunch.exe.mui

Filesize
2KB

MD5
24719b712fbafdcbdf921cbc55090313

SHA1
5bb3a7c50dae333fa086b0810b223633b9b58149

SHA256
ef73d6014b2934721960243dfd1389979af1c06c49b9f773e2de7d7709b61051

SHA512
036e892e5aac85fb9d56f24dfe1d54b17d24d581d45c4414a751122171cb1ea6c13d3fb06673795c455ac19ba0b05347ff4b4968f81b34c61c2d1d4403a3d6ff

Download Submit
C:\Program Files\Windows Media Player\uk-UA\wmplayer.exe.mui

Filesize
3KB

MD5
37f49d68c38c850323c610954e2b179a

SHA1
75e1792a467d821e940d69c8a64bf1735b73d7cb

SHA256
d9994d27a4fb905a2a28466a3e232e13d05fc24d3d73a8a8fe2a7443ab8fbbdd

SHA512
ce313b8d909af6276eaccaff6035f5270658ddce375d88296c934cbdbd8c6d99eb16da827eb1d3ec72a7736531d0beb89a3c4eb8a406e1f69aeb20bdabafaba9

Download Submit
C:\Program Files\Windows Media Player\uk-UA\wmpnssci.dll.mui

Filesize
4KB

MD5
05d82fb5218b84f22751ee35cf7f22c3

SHA1
38e2b5e46d760bb720a468392aaced6ea992594a

SHA256
a837c070201d73c1c8ee38e9a68ac600229de54a0b1dac680dbfa5b18a5b8bd8

SHA512
02af986b9852a5b1e6a69ba7bad6a17c384ec383b0404d1c975f8a371cb4fadbe51eb869b6165dfc0bddee66e6aeb5c177521d561c277c439b74937a90a9282d

Download Submit
C:\Program Files\Windows Media Player\uk-UA\wmpnssui.dll.mui

Filesize
3KB

MD5
362d3e55a62c1aa6a059847032313535

SHA1
8d4c0275635c4e65d72b93eb30ebeabfce99c01b

SHA256
af371544a51edb6fb4b34ea5114a0e5ce260e69bb90c007f64380886a98800b0

SHA512
9d2d63f75c16b0e1f39249331ae542d97f58245954a2000dfa815626178102ff5e31bcb6ad987f3ab8f40ea7aad45af98e74cc3c8171c84718c67336dac272cb

Download Submit
C:\Program Files\Windows NT\Accessories\en-US\wordpad.exe.mui

Filesize
49KB

MD5
e369ae2bfc5c4343dfd3be29662ae539

SHA1
b34d54c0141530269c930819784670078234c506

SHA256
b1b022e5c3f8e2d82cb1f9538ccab84929dec995f135146e11637e1e08ca05e9

SHA512
414b0be76ba54d29f891037575aa546ba4f434f68cb7ab4f35dbfea6105b510b5066b78b652f1febfad9ec3bdd251d9e05587c8c55b8ac058c959335cdf8d4e3

Download Submit
C:\Program Files\Windows NT\TableTextService\en-US\TableTextService.dll.mui

Filesize
8KB

MD5
939d705695eaa8cc43f1cafae7a4ebac

SHA1
fa41c09ad74346840a187fe450e4cffa7fd4ce5b

SHA256
489c0cff42aca694b03df8c7ecd32e83942ec2fa249bb6016cf0aa349b95cc64

SHA512
74e172d9285ec1c474bf88990f03869000a88a32cc35a3a3d06afa2d8373bde40922753ebe126cabd9578f09a2f4c166aad01dea1dbbabd1de12c715a2ac7de4

Download Submit
C:\Program Files\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui

Filesize
18KB

MD5
933d2c1945f5c6312a6f5d7c65552d42

SHA1
4f14ea2182921b5a3e8468b500c217706ac71adc

SHA256
43fcfdd185fa3fe62721679cc33994b3be0d418bd3b4e07d076f45647e2db3ac

SHA512
60052ab883aca641c73a8d207cf34df78bde1fead3e48c5ee131562d12b156c35557a10f8fb244625d775dd26ad92ecc5538a1fb915e5def35b46b4574775c19

Download Submit
C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui

Filesize
16KB

MD5
d0711e73537ca9b7c5c93bd4dbc277fe

SHA1
99b6ad85e7e49467d1fa87255a589b3aa1007203

SHA256
27060d05aa30c3f531e10db56998af22483565950722a31fb2c99e0e182dd7f5

SHA512
bbc4867eaf4c2c83ba9ea45561eb63f44a43506f98e7b99b96a80047e2db82103cd016f5729e8eaabea20453c1e8caa4fa57a31da75bbe3574afb3cf1ac762e4

Download Submit
C:\Program Files\Windows Photo Viewer\es-ES\PhotoViewer.dll.mui

Filesize
18KB

MD5
6aa16f97b5ebbc5d19916d19e67111a2

SHA1
cf0d9375b3d870b42f85ba8805113abea6a772b5

SHA256
c89e49f82a67ec7f8c93075c85a21aa2a160dbfe5e755237db16fb2825372423

SHA512
4c4f3d8340c84906dfafd349712085782b5cfd8ec8aa59c05147d0657643142f6d50eadfcb432c11e2f740ea4a284ee67d1646133be0184d187fa05a87ad9941

Download Submit
C:\Program Files\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui

Filesize
19KB

MD5
40b7aef98500a941b1ee397c46275920

SHA1
dabb35bd1a70e7e427c115bd541b9c2631400a67

SHA256
f6c5b306b7dc1350b7e921772471e7a20204079abdf35ec4dbd7d443b89cf15d

SHA512
0d3f8f72c42118c2f43bfa0eea1c5a89e0ee45fc64780171867b348280989d2103bbc82afb42e9cb9ddf71429de75428c9bcb088e01b59783f37a18e42aee815

Download Submit
C:\Program Files\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui

Filesize
18KB

MD5
2d80c23740324bfaecb807a61e3e7a7e

SHA1
51b4c7528ef13e08163c7bfa4efc4ae131172e08

SHA256
7f2d2588e69c851ddd18efe30c7b90282a227eacdf94fd37aaa8dd2d8f6ee118

SHA512
9bf75491875100f408799c1142573bcb5de10e8ae160bdba06ed600cf6e48b47f5a707d29866046c5626d1eb64391e794de38c7445bf6f6d2492bc8cff05b076

Download Submit
C:\Program Files\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui

Filesize
11KB

MD5
04b400d6728dea9c0b3d26a1af1f6467

SHA1
67b0b0ea8fb5aaca2c98cf574503d7e6dda8a84f

SHA256
74fdcab3ae0419904e865b9adfd8f902a44dac08449e7ac2e9e5040c0eb5b72b

SHA512
83a3e3430da886adac4e8b8e2a07cabcd01b21e8fd037ca0b4e621472a75a83cc54f28d8c2d59300bbdc7a8d4da36ad8ab5988e5a6bfd53ac27a962402b5372b

Download Submit
C:\Program Files\Windows Photo Viewer\uk-UA\PhotoViewer.dll.mui

Filesize
17KB

MD5
c1c3f9a74ef493120bc770c9fd30d49b

SHA1
eecdd0a0edae7790168de15c757d9e59c0a04cc6

SHA256
b464ed5a6a92825e0afddc0344d6b873d900b1d7bd9316fe0c952db3ca20b412

SHA512
c51957c17091adc712e34409ddff0fb7736c1bbedb75660e9774d244baa9c1902f0f30ad98f0812993015b06a5e5af8ad6d70357878b34ef239965e351c83516

Download Submit
C:\ProgramData\3B30.tmp

Filesize
14KB

MD5
294e9f64cb1642dd89229fff0592856b

SHA1
97b148c27f3da29ba7b18d6aee8a0db9102f47c9

SHA256
917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2

SHA512
b87d531890bf1577b9b4af41dddb2cdbbfa164cf197bd5987df3a3075983645a3acba443e289b7bfd338422978a104f55298fbfe346872de0895bde44adc89cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD

Filesize
146KB

MD5
c273657dcba5ad5e493e042b3f68d838

SHA1
2ea44ab54790858de1a5ce9e368bb7aece8cdfb5

SHA256
8a6d42d641e33e7ed512f3dc6f5d79c81a40a8ec2fd374a43862a41e00b3c9b7

SHA512
6327c02932f41ba5c59fe23a1257eab4891998ec6456428c4bb1115ed43c5e6cf2ef61dbdc6575564c5bce1f34680411da1cf0c06e1f83282916d1ff5d07194d

Download Submit
C:\xEJOHNVZF.README.txt

Filesize
1KB

MD5
7ddc8e8e786ba6fa3451c47157954689

SHA1
5009bf60c3086a2b0548e6d153e96c999831179c

SHA256
898cd90eebd58203c0c73c0494376c81ff8a67805dd20b8a8ca9c55b488c70e1

SHA512
e463de35276cadad44e73b5bf947637e139dfa5c0805dce741ace629cb2c51644d0918be8662d48ee30f04e1aaf3eea7f8992b04379cb7a9aeef6ca82dfe70e8

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2878641211-696417878-3864914810-1000\DDDDDDDDDDD

Filesize
129B

MD5
0dd86cbf14ecaeed7d710b181b5b8982

SHA1
0b5d9a847e92bb23d7fd2e76ead594f0894a8ffd

SHA256
2706a850a367706f45c11602fb835cb1fd3b7d287f41d33d41e6a58495393520

SHA512
a9ec98f7184778519bba03c3ab86aa31d4af0d43f95bba125abdfa20bb5b168a93da4448829a11a6e9759bb4771e643534069676c8b84ba8d3f0de23e6897c88

Download Submit
memory/3292-2-0x0000000003310000-0x0000000003320000-memory.dmp

Filesize
64KB

Download
memory/3292-8270-0x0000000003310000-0x0000000003320000-memory.dmp

Filesize
64KB

Download
memory/3292-8271-0x0000000003310000-0x0000000003320000-memory.dmp

Filesize
64KB

Download
memory/3292-8272-0x0000000003310000-0x0000000003320000-memory.dmp

Filesize
64KB

Download
memory/3292-1-0x0000000003310000-0x0000000003320000-memory.dmp

Filesize
64KB

Download
memory/3292-0-0x0000000003310000-0x0000000003320000-memory.dmp

Filesize
64KB

Download