Analysis Overview
SHA256
0461e6e8f234e00307331dae19d3512950bbf3cdf7a1ec32802dff62cc14c90c
Threat Level: Known bad
The file FileCoder.zip was found to be: Known bad.
Malicious Activity Summary
Neshta
Neshta family
Detect Neshta payload
Renames multiple (11282) files with added filename extension
Renames multiple (11273) files with added filename extension
Renames multiple (11292) files with added filename extension
Renames multiple (9123) files with added filename extension
Renames multiple (9074) files with added filename extension
Renames multiple (11259) files with added filename extension
Renames multiple (9108) files with added filename extension
Renames multiple (11245) files with added filename extension
Renames multiple (9104) files with added filename extension
Renames multiple (9105) files with added filename extension
Renames multiple (6125) files with added filename extension
Renames multiple (10830) files with added filename extension
Renames multiple (11279) files with added filename extension
Deletes shadow copies
Renames multiple (9065) files with added filename extension
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Modifies system executable filetype association
Checks computer location settings
Enumerates connected drives
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Unsigned PE
Uses Volume Shadow Copy service COM API
Suspicious use of SetWindowsHookEx
Suspicious behavior: RenamesItself
Modifies registry class
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Interacts with shadow copies
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-14 13:19
Signatures
Detect Neshta payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Neshta family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-14 13:19
Reported
2024-11-14 13:21
Platform
win10v2004-20241007-en
Max time kernel
100s
Max time network
141s
Command Line
Signatures
Deletes shadow copies
Renames multiple (11245) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
Reads user/profile data of web browsers
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-oob.xrm-ms.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSOADFPS.DLL | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Extensions.dll.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\System.Spatial.dll.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\pt-br\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\Integrator.exe | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\LargeTile.scale-200.png | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\TinyTile.scale-200_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_description_plugin.dll.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-60_altform-unplated.png | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\excelmui.msi.16.en-us.tree.dat.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Cloud Services.pdf | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-36_altform-unplated_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-80.png.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_LogoSmall.targetsize-256.png | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\de-de\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\pt-br\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ppd.xrm-ms.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-400.png | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-32_altform-unplated_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.27629.0_x64__8wekyb3d8bbwe\mfc140ita.dll | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8_RTL.mp4.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dts_plugin.dll | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\2876_24x24x32.png | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-white\SmallTile.scale-200.png | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-pl.xrm-ms.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-80.png | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageWideTile.scale-400.png | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Dark\Campfire.png | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\180.png | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationUI.resources.dll.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.resources.dll.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RIPPLE\RIPPLE.ELM.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\STARTUP\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\Be.ps1.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\README.txt.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECLIPSE\THMBNAIL.PNG.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ppd.xrm-ms.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.scale-200.png | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\vlc.mo.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\hive.xsl.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\OFFSYMK.TTF | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Standard.targetsize-24_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.RegularExpressions.dll | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Parallel.dll | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\CursorResourceBuilder.dll | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\bin\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\BadgeLogo.scale-200_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_removeme-default_18.svg.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\DenyRestart.pot | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\x64\MSWebp_store.dll | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\demux\libmjpeg_plugin.dll | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\icons_retina.png.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1216 wrote to memory of 1688 | N/A | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | C:\Windows\System32\cmd.exe |
| PID 1216 wrote to memory of 1688 | N/A | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | C:\Windows\System32\cmd.exe |
| PID 1688 wrote to memory of 1796 | N/A | C:\Windows\System32\cmd.exe | C:\Windows\system32\vssadmin.exe |
| PID 1688 wrote to memory of 1796 | N/A | C:\Windows\System32\cmd.exe | C:\Windows\system32\vssadmin.exe |
| PID 1216 wrote to memory of 1680 | N/A | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | C:\Windows\System32\cmd.exe |
| PID 1216 wrote to memory of 1680 | N/A | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | C:\Windows\System32\cmd.exe |
| PID 1680 wrote to memory of 1484 | N/A | C:\Windows\System32\cmd.exe | C:\Windows\system32\vssadmin.exe |
| PID 1680 wrote to memory of 1484 | N/A | C:\Windows\System32\cmd.exe | C:\Windows\system32\vssadmin.exe |
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe
"C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssadmin.exe
vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssadmin.exe
vssadmin.exe delete shadows /all /quiet
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | res.public.onecdn.static.microsoft | udp |
| GB | 184.26.188.100:443 | res.public.onecdn.static.microsoft | tcp |
| US | 8.8.8.8:53 | 168.233.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.188.26.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
C:\ProgramData\biobio ransmoware.txt
| MD5 | a7cf708d497dd6e922f91d33d14f7600 |
| SHA1 | 5e4f3f5817004eeaf4bc14a0168d86ed7fcdf6d4 |
| SHA256 | 20a5f1f3bb4614433712df1ffc67273465e766191502b8e932321f1f24fea65d |
| SHA512 | d27a32dfcc0835879ed45e221e9857c1165de03a859980f0e29ecd6d5877d832577f7d6b584aa96e24caf7ab7652387d713ef2293412bd10b6b65567ed0bcd42 |
C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
| MD5 | f70d67db9c8baf8eb24d901a1765599f |
| SHA1 | 1edf26f5215d0119040300eb1f2fb0494dd3d918 |
| SHA256 | b5b81e694e09491cde479187bdcf021dc899d421cc746a31c3908b073919291b |
| SHA512 | c80802ea6c48ec029e7962d8d4570088622546424711e297a301bbf1dd2acf33e3776a8915cb9ed0fc9f2de0bbbfa15bace94a5cbf801cfb0daf6e50febab17f |
C:\Program Files (x86)\Internet Explorer\de-DE\iexplore.exe.mui
| MD5 | cc7298adda30454a9a6737a8db835011 |
| SHA1 | 748bd2763f3bf459f6138c4b4cea807eed97665e |
| SHA256 | 24c4283b0d8d400c54ef7aae821812c6e686f0d6892ee348fe905ae11e7600e5 |
| SHA512 | 0ca6f7fcf26f413ef8efed5ed2def843044da4855ef41a895e2725cbf3815790bb128c6107eba89322f782454caca72bc56568b421b41534ff88403b1092e7a7 |
C:\Program Files (x86)\Internet Explorer\es-ES\iexplore.exe.mui
| MD5 | d465d866370de9725d0450a857bddd91 |
| SHA1 | 272415feaac10831b1345df14d2783fa052aea2f |
| SHA256 | d33f670755dc849e4d9ef2e7e183d3a276b2bba303c481965e1504802a5a7064 |
| SHA512 | ec3e516faa091412bb75004bfc84dae81063f8d4cbf9797f9a2a720719e810004df66d01814a9006496829b7847774e5aa85d6b004886c0c8dee386e2e306cb0 |
C:\Program Files (x86)\Internet Explorer\fr-FR\iexplore.exe.mui
| MD5 | 9a5a046946de11c814382eb96a0799f7 |
| SHA1 | 87850849a3611f3be8eb789449abd8149a152a87 |
| SHA256 | 747145237d9c1c2fcb568d389dcf5ba632ca6c5167805607b585d72c43913251 |
| SHA512 | 260a058bfb8ae1e55790ba33b3b50d205aa2156be5b6dabadf03d80ffb8d95d57edf3538d60d9ef34bb719ca5ee2fed1c94496704684585cd6ec0d451c7cbb9f |
C:\Program Files (x86)\Internet Explorer\it-IT\iexplore.exe.mui
| MD5 | da070f4f39b8dd43eccaee019e53a559 |
| SHA1 | 2ee2954115683781f737ed2754e7559571ec816c |
| SHA256 | 8a4db17d3249220781469b908dd7e1ea3e2a69c771f8a009a74a30ee573b36e8 |
| SHA512 | f7fd6661c902abc9a76fc6ca98908d105c260348cde30f2b2dfdbb9b4a0f95ba0c685e9a81ff15535c07b4632786a77b246a6a6e8ffe3abc33face021c317dfd |
C:\Program Files (x86)\Internet Explorer\ja-JP\iexplore.exe.mui
| MD5 | e31d7a6a3fd880c0edfdd0684b1d44f8 |
| SHA1 | bd62a7fa06ef36fd5afe32b28b2d8ba83aff697d |
| SHA256 | f124bdab2b620fdcabff397de656a4c41311113f4ba1585b554bdb818a2c3c3d |
| SHA512 | b678b6a123c9cae137dc4b37719db606beedc375e3ad0d71e9b66465be2cc13f68bd533811909fe6b068357bcd8a752c3f07291da05305678308b39a9c306273 |
C:\Program Files (x86)\Internet Explorer\uk-UA\iexplore.exe.mui
| MD5 | c8cc3629af62580eb7d600b7ade51430 |
| SHA1 | b500e625222b1450ab68afb21268c3c55c806d1e |
| SHA256 | 6f5da1d0a887a59edcfedb053cd5100fd4754d3b01c5024ac49f490fe8ec44c8 |
| SHA512 | 40b572c1470a70c996425d4dab819ba1e9924ec86940a8e42dcd2d2a0f1c8273fb0073b608e021e2af1b8eab3d29cd26f316d671cd4ab5ffefdee8ac00702b53 |
C:\Program Files (x86)\Windows Defender\es-ES\MpAsDesc.dll.mui
| MD5 | 2e9cc320021d106a3828698ff5131ed2 |
| SHA1 | abc034b5d6564d265740fb6a347da0256fd6feda |
| SHA256 | 0a105ce1b14487c64b7fc2687c2b7abdd30a2b4d256a40772b8f82c5061e4015 |
| SHA512 | 65c5a6a68d0f34709a69bb9a007906d28d1acce13a10ffb5e9582fa8dd54ebe38bebdfb12136ffeb916be3b8753322abbdb6f3d68379ca03d34083cf16e9ade8 |
C:\Program Files (x86)\Windows Defender\es-ES\EppManifest.dll.mui
| MD5 | 75b3971060db9324fb2bb8d4bd1f8ca1 |
| SHA1 | 5e5685843491953f025a5896d4fbc514ded9b69c |
| SHA256 | 26199ef1a3d2eaf7c2d84dae47421eac7837f0a3918eb57ced3b1149f4fb4ad5 |
| SHA512 | 1d776cfb93cf503bd06500e868f4bc24188e407104b7ea3a3c9c853beab61dbe7520f9ed510244bf4545ba365c183048acf0c7a01d287dbfbb52891ab8010c6a |
C:\Program Files (x86)\Windows Defender\de-DE\MpAsDesc.dll.mui
| MD5 | db3c29d66d30950f528ea17e8d2ebfd3 |
| SHA1 | 43f0c18b5ce5bd6780e2abf94311f321205e5f2b |
| SHA256 | 68da77e1bb64787067fcaa64badf8ced07156f9b835f9f3ef99678daf2ddff3a |
| SHA512 | 7ee116fc6c3071679f6715c7580e4ccb6cbe8f4a5d47806ef2e5fe5925f0fc34a96a7cfeff88d3df1ae3efc73f07fbe785cf4d57d9678cbcda4e407ac5f61fa3 |
C:\Program Files (x86)\Windows Defender\de-DE\EppManifest.dll.mui
| MD5 | 780a3d43b4402e14a3c28aba9b1b9f7f |
| SHA1 | accdac5429044b6499de3c6dced6fa047658f7f7 |
| SHA256 | 58259d2e69704c6eaa14adfedab979c3da8b0606530f065748e92717cccf9429 |
| SHA512 | c2224419f7e79206e7d00e123b4538e2f36811441158903e2f248a14bac98cc00ca51dbe01600aa79860481b0898baf06e9ecc0a78a09fb64e3ddc7d8e76178d |
C:\Program Files (x86)\Windows Defender\fr-FR\MpAsDesc.dll.mui
| MD5 | 02a4498da04c4bcf31eaeb09b4bd4db5 |
| SHA1 | 7a285ad982c2a2081093202b65224447e3408c08 |
| SHA256 | 7a4c004de5c545e9d7404d46cc43535a808c23a65bc66b184a8031e67e1630a5 |
| SHA512 | 0a5df50eb082f8191c3fa4c6a620f7627abba9b47e1681027d80a909d9b5f99d9932a8d5b9157fced6505b376e2c38214aba31403884a8c95699d181a3decdaf |
C:\Program Files (x86)\Windows Defender\fr-FR\EppManifest.dll.mui
| MD5 | d79d8059c844bab835a699f6bbc59e56 |
| SHA1 | d73bf628ad4c45bd25d483ebd11817a01f5759c2 |
| SHA256 | dc4d003e454433c5aa558fa4df63a8ef0cdc653b22e12a21f1e218159b26b686 |
| SHA512 | 538a2a8c9ea322761603310e9e6157961e85c381aa3e423c01d39c5d301010ac64bcbac1ab765cce7782d388db76a9c8e250e68b59b61aed05fe6ec2d4f99a2f |
C:\Program Files (x86)\Windows Defender\it-IT\EppManifest.dll.mui
| MD5 | 9e373d008f7c177b81fc8f8850b7d427 |
| SHA1 | 87cffa7bd424b5809909f0334465d1a595c5946a |
| SHA256 | fb55987ad956a5b3ab8c207f8e7a6ee131ee9a4e63c5cff1c9804b8a5e121b3a |
| SHA512 | 6db86f59a3ee80fd19ee5e8fa39f24a78edfa130f1b0e4fa00777733b1b5fb0127faaee1aa3be1a981499d0922d162a8cec9d06a372a5828b3dbd77ae70ec7b9 |
C:\Program Files (x86)\Windows Defender\it-IT\MpAsDesc.dll.mui
| MD5 | fe0947fd108a1900096f10cfdf2e0d8e |
| SHA1 | 36b742c6078179e40bca24e20e2fef1e547ad350 |
| SHA256 | 02736f7f614cf46b5204d86d6503f3b6ce3fe45b650d72782d529486cce106a9 |
| SHA512 | db454265f7bb7688ee5d58dd9a1acba0600c35e4bf04c78d5b4daa464397e62586bd9240e660562ce3fe8aabd0d4e427367fa6a11e5a06da12d62fda4936c474 |
C:\Program Files (x86)\Windows Defender\ja-JP\EppManifest.dll.mui
| MD5 | f8d9a30635f3a1e979040789e08277cd |
| SHA1 | f6177068db506031ccf82ba3cdc6b041678dce4a |
| SHA256 | 7453cdcbf9f866451c7145f3ec9406f083b02c108863b21c8cc07db94ef81a0c |
| SHA512 | 964fb77cec3d862c17bd7f76b63c3e521a2936928dcfc28d10e52f92d73a7e79c139d6f5898e656d37b66bd24cd733b19de1715a8f51cbe33e241d723031d4ae |
C:\Program Files (x86)\Windows Media Player\de-DE\wmpnssci.dll.mui
| MD5 | e770abdb833e55a7e62d3c1471673b28 |
| SHA1 | a79b63ffa2c98c06933491d40b9d0f6e28dbcb50 |
| SHA256 | 217ed7f835b6e45467d6b0272186b11b455aa712527fd2db9eae38e7ce62a3fa |
| SHA512 | 0381ffb9326f0408461581bbf07af995110e2969a19c2c322914381eafb7b2a33f9d5655c5eb98846b8e82e78b00e5a1a8e0fbd959619c2d1bd0a1692bc928a5 |
C:\Program Files (x86)\Windows Media Player\de-DE\wmpnssui.dll.mui
| MD5 | a8d393fa9b44f5b0ddd82808ca720bed |
| SHA1 | 4780570f5e3e55c471a273af4d9956058470c240 |
| SHA256 | 3eb63b3f85f3ef00668cced9479856f255752d71cb6029318acdcf3454448ff4 |
| SHA512 | 477e90e4fdf28e6fe88514409f165ff442611119f9911dde0b1715165103aa8ecca62cf259c5623bb6a9253ee13c8f4d800b33f6939553e01d35ad90d121c2c0 |
C:\Program Files (x86)\Windows Media Player\de-DE\WMPMediaSharing.dll.mui
| MD5 | 42ff0abdfc1ec964ad331d3f9837f701 |
| SHA1 | 61b1ddbc2a91a736567dc675434f0a2372190d81 |
| SHA256 | 223e1c404131c27598a6022328b8dbff25405a8378f71388f7c95bf180ca7ec2 |
| SHA512 | 40371a2c46ff65374d674c1f5a85c56c7e6e0ca158302f4ec06733d4b6a22e10d5a11ceb0c4e3cb754f0cf4e13300d164113d7070524cab7428b1493ed3766c9 |
C:\Program Files (x86)\Windows Media Player\de-DE\wmplayer.exe.mui
| MD5 | 034cbc0eea5cd63ea584083be7887f8b |
| SHA1 | eacfabaaf0bf338e2f2c5ee16ff6fb5a19c6bf5f |
| SHA256 | ab7c80bf567772caf912f392d4c4c23de065683d17a2661c9b36f39abb7eff2c |
| SHA512 | adecce7377daff00834ca52bdbd06e13672a9ab90206ef3e9a0c43123e1b5c651c5dcd821492cf4667c7ace0fbc4b7fb2bd90bf51bbaa42658862b315cd58983 |
C:\Program Files (x86)\Windows Media Player\en-US\setup_wm.exe.mui
| MD5 | bed3f3d92d0ed0e09f7526be02e281e6 |
| SHA1 | ab89f75b1b80372b8e15d01bb6fe21a96b98cae3 |
| SHA256 | a22dacd168ee22b769759ca79f1b00e1917ecb0dfec8370a9276a8d2bccb4d8d |
| SHA512 | 9967f190b4086a0498cca9d7975c3f68e75e980b616eda237374b739eddffb5aca07ad295d1e1fe8b2ac3646529fc9cd76703c1a36bb36cc77c83dce80e05f79 |
C:\Program Files (x86)\Windows Media Player\es-ES\mpvis.dll.mui
| MD5 | c1296e50ecb343207bce72f07c82b9cc |
| SHA1 | 9d88422919c5abd69a5f14e7c4c0659b0a75fe05 |
| SHA256 | 5b50d51e762d14207659dd89da6e8844901ce94bf38374cbdf1ca44c3745b09e |
| SHA512 | c8dc1e12eece825c19309d621dda6e351183b69aeab751adf59d4dba577c7f7a59c7b5f061155072730ce8994cb12f55a63c32e1fc1a0c77da0857ffd54d4b00 |
C:\Program Files (x86)\Windows Media Player\en-US\wmpnssui.dll.mui
| MD5 | dd72b4cff81815cfd405f9ac5692c6ac |
| SHA1 | 7efa3bb8ee7f2de058925727dd8d784da63aa0a6 |
| SHA256 | c0b2caefd22a41319032bc06da8dff194c66efa2fb7886fbcfbad5673c345a19 |
| SHA512 | 678d9fd758bb6093c7177cb186f7fac14329664d782eb57785fd1d529fad9ff5179513b65fc8702bdd40fae5ee67bc0dcc6c21925e34ef2d6f0a6663a3857922 |
C:\Program Files (x86)\Windows Media Player\en-US\wmpnssci.dll.mui
| MD5 | 6dce31a12e1ff67b8539ab8f29d392a6 |
| SHA1 | d21ffe3ce1068146b377f1fcf2b09767aa4080a8 |
| SHA256 | e2d3a5e5569ee40e935751c0904cf121c8c02ec4e70d3411ab5f6a2f4bd51f78 |
| SHA512 | 9628ef13b9f67e41391adac58d164eb47b10c2e56a4b93bfff75851bafaceaece1688fc0636fc4e1c3dbb877d001b49141ff7ed72d69b4bd3508dc819ae16ad5 |
C:\Program Files (x86)\Windows Media Player\en-US\WMPMediaSharing.dll.mui
| MD5 | eae5db3e545328c7910e4ffb30cdd1ec |
| SHA1 | 22e95c8cccfedcff8945871dfc25330643f296c3 |
| SHA256 | ad5d53fed974b755583f01d47ae1d5fcf7c739b7d8f3e601ab3ccc2332a2c375 |
| SHA512 | 37b49e97c266aca99111b6995952fb342704d3f2fec7c479d21153bfeb73bcf9b15db3fa9bd1befdd26aebd0cc21c8796e4cc2d1522003d2b2db3ae98fe83619 |
C:\Program Files (x86)\Windows Media Player\es-ES\setup_wm.exe.mui
| MD5 | e9dc4da4299c704249008c5c6b4b22b8 |
| SHA1 | 22d3a06bba573e9a1f991359bfef97dc51b2ee6e |
| SHA256 | 5bd18915c887a0ebffed12ff9b591169d04f498b3d6c44bd009aeb2bc03e3373 |
| SHA512 | b231313287676c8aa5dc16e60991d609876e31a27d1faea9b78886f32c227c6bccf3975ac8bf13aad09a852323dbc235f7ac399c974d3285a1eead0cd0e01b27 |
C:\Program Files (x86)\Windows Media Player\en-US\wmplayer.exe.mui
| MD5 | 007962d63f6f12cf3a204e5bec106952 |
| SHA1 | 20846e73ccc15e4de3eef9cb663b88cb0fb2dbaa |
| SHA256 | 61c61ab32af7edc3bfc37b242696196a2643331c020990d5885865f59b997f7f |
| SHA512 | 65f7d292f90b974a0c238ca3850a9d82b237ba7a1f405fde9dcc39eba544f58e9feaf1251f937c0889b12f4a24d78481e06914d1531b746d06461e20f9196216 |
C:\Program Files (x86)\Windows Media Player\en-US\mpvis.dll.mui
| MD5 | 94049d5652ae03244d4b3154b5e688b0 |
| SHA1 | 0ee32e84907debcc1da3b3c3558a2648ad996333 |
| SHA256 | 8c02e17d4fed3f2982464f72503b88e6ff3d3eff28b7ab6632343690d60bcf23 |
| SHA512 | 7b87a985c39692d406e4c3382a8f417a4eab903b4b7f09b8ef19682639afe3bdbd0c655569369353f6411d1b96668277a2af67576fba7e1097b390fd4b0cad4c |
C:\Program Files (x86)\Windows Media Player\de-DE\wmlaunch.exe.mui
| MD5 | 45bd05136216f17e04b7a2c783b16982 |
| SHA1 | 8e114438042284dfb7e8a15e57f3993b4ec9ee33 |
| SHA256 | f2edd86acb9f41f6b59b2ce2d9d8893cd0a271a92c1f91c8d04fa79f23cb7852 |
| SHA512 | 01b0c8e59f827b32b5d17d5b93f3410d7bc4f55ffdbbb06f6dab46c8e503bb4d5884927094802d7fc4c0b13896115ad2b3282e7c1f975c5f8123b06df8da9740 |
C:\Program Files (x86)\Windows Media Player\de-DE\setup_wm.exe.mui
| MD5 | 4a0da122d45443685792c4e8f8567016 |
| SHA1 | f7e70fa516fc7c5c70d9f51c4d8f7c3a12890274 |
| SHA256 | 10c58e5f786c1f87e0a97140dd7df9cdca52b4e7675e6b17e37ce2c8ffbb1357 |
| SHA512 | 9e56a4591e9ed0713b4635649ec9f743d1b52e9b2cb33c23e5fc0f56f0575517aedd2f9e847e5d75a3bb7a300226608d9c0e1d3a1f5051c99ffa3d82be84a9b1 |
C:\Program Files (x86)\Windows Media Player\es-ES\wmlaunch.exe.mui
| MD5 | 30911e3e5569e0686835b092b0c10971 |
| SHA1 | 3bddcaa234c9d04b8616ae4d449f71d217d4e9fc |
| SHA256 | 2c25911fc76b3e825fb3cfbd62d61cef15dbd33cbc5697e2ef12b8f29bb21979 |
| SHA512 | 78f78b3c243bf67a74db3f9c5c7b63050f434103841066c4ffc2fb4337048c32d55a080c982b2458ca9c77f59cc89079fd91a9c928a1fa6eb57b963acf11a6f2 |
C:\Program Files (x86)\Windows Media Player\de-DE\mpvis.dll.mui
| MD5 | 833651a0557c0ca6f0f1b796ec998ab8 |
| SHA1 | bd20e4d361697e797ff054b8522c777c18276f25 |
| SHA256 | d8aadfae4addbef6e885a302837040fd01c65d978779dae5cb2bc86a9b7825ea |
| SHA512 | 56ab15d6c0728e6d6100ef890188637b46feda36f1a5c1f662b538388cb60306abb6b521c81dc6b0523234d546153efef4e8763d7affde5c7aa6f76fb1028a5a |
C:\Program Files (x86)\Windows Defender\uk-UA\MpAsDesc.dll.mui
| MD5 | acc5834e82be35e90799744df61834b7 |
| SHA1 | 0382cc862532528d173505b8fc63990792f55b91 |
| SHA256 | b31324fdb7171e82e29482cbfdc2542f9eddd2f500b120278eddea58f04fee93 |
| SHA512 | 752980a713fbd03881f642f97d423abe87935324aa029cd72b0ac05d962fdcf18d47ee647955757271561a0fb3b9212456687f5b148f76a2c3f38f8a203ae0e5 |
C:\Program Files (x86)\Windows Defender\uk-UA\EppManifest.dll.mui
| MD5 | cc62434a1d8d734881058511b06c19af |
| SHA1 | 777c3040df79adfd2b29750bec0a4b4455e38a6e |
| SHA256 | 57b696ec9e0fcf53e9afa76e855cc105abb734a8933c251f41cb478cf584b453 |
| SHA512 | 7fecc4ee7b1296a25f377397ff902c8d6b81d53063f03ddf05db5ba19862f4e8fd6cd7f01a27f142046ffab67b4ab5cf3277a843658aa5cde50ef54bb022b6e7 |
C:\Program Files (x86)\Windows Media Player\es-ES\wmplayer.exe.mui
| MD5 | 0180977d29ee5820fd12c4d20bfe769b |
| SHA1 | 8016d9e8783d0cf80cb9d9b7322198fd6a736523 |
| SHA256 | 13fe848a2b0960b6fe0bee9d9e5b462898ad21286bb045b50b668e6939928bb4 |
| SHA512 | ea0b681e345413764868f47c213298a687d35fa6952c8828283d1ddcfa15d56b307d9e430e0aaa398a68493031e6f7bc91b8abe23963e0fae1979f46b633a1bd |
C:\Program Files (x86)\Windows Defender\ja-JP\MpAsDesc.dll.mui
| MD5 | 5bb0af6f7e18011ed07a245cebb955f8 |
| SHA1 | 60b30e292c3d049598ea10e3f0999931083eb018 |
| SHA256 | ca76efce6f47a2826c9e8c46cbbc0e993c2a75a9e8cf74bb22d6d74693419dce |
| SHA512 | 261c595436849b8e8edcd8435fe091b07da092e3b90b8e1951a6c434c6dce94bb91d8e91480234d95fab603639ce844bb7d77a79ba87fc29f96a5badd5d4f7a4 |
C:\Program Files (x86)\Windows Media Player\es-ES\WMPMediaSharing.dll.mui
| MD5 | efafabd3b358673b50288c9fd2aab5ff |
| SHA1 | 0a59e472bfe07942dbb2bb08cb3cef433a89af78 |
| SHA256 | 96fa3a291121433801f812679cf5515a5cb1dbb99f21956806fca2decfc05268 |
| SHA512 | 824b03a1ac07e05e27d240b59c3792fa1ff0f862ea6efd561842a70ce5fc526aa7b414e1256834a8130fc620caca0da8bfdc406567c319226c6c049c18309dc0 |
C:\Program Files (x86)\Windows Media Player\es-ES\wmpnssci.dll.mui
| MD5 | 57b7d6add039a48d85e865ac894157e5 |
| SHA1 | fc094b38cf232040b9d92b019e9bce108f0e001c |
| SHA256 | 98ad14eb9eb47325f23e7a3dd3520f059f1cc616ee0cc0bdc61e2068ec6d64ee |
| SHA512 | 8a58d3c554cf80acc747551be4c60ed1474249d66f15dc593045903ef035cf8459575274211a53924408cb53943e60bf050876e3c95e6a1df1fe50649bb37182 |
C:\Program Files (x86)\Windows Media Player\es-ES\wmpnssui.dll.mui
| MD5 | 7585a2168886907c51488c9fb1d444f6 |
| SHA1 | 6db2dd891c6a6e2693da4fedc9ce8d81b4861c62 |
| SHA256 | 524e2ad12a36bd679707c4937e12ff8172a1e0651807a6dc642a50fc34575444 |
| SHA512 | de56c099894967a0eb4cfc53a70b91b0995df229b8323183fc4fa2721fd33ee3db92b18e97cd763d63e805b1cfc28f13d69b24b6bf54e6208c44ca8351ecf930 |
C:\Program Files (x86)\Windows Media Player\fr-FR\wmpnssui.dll.mui
| MD5 | affb5bcbf9baf06e492ea6dffbf132c2 |
| SHA1 | 2d17f9f25da32caab6842fb65c1c41157f48aca3 |
| SHA256 | 011c9b9a4f4ea76261ed11b255b758c1cd4e40ed083e6a95ebd9f83ef07c5a93 |
| SHA512 | ec9ca9cb70adc97f3511cb3290e6eb4cd12dae7e6ebfb7392667dbdc2afcf75a2a5d81d7eced384bdb25c8f531f96e229ff1f4338b7fd41a03e6c1ab8b67d091 |
C:\Program Files (x86)\Windows Media Player\it-IT\wmpnssui.dll.mui
| MD5 | e809b36716bb566eddd54a5b3b263d0d |
| SHA1 | 0e7f02581c26dbd155467bb426f826d7efc03d2b |
| SHA256 | 74fbd55143035c289f0bd256ae1218f91e53ffb7c9683dfafcce4c9b4164d73f |
| SHA512 | d53079ebb03b406362c2a9c683cab4f4078859afec5ab24861d324c3e0d8e2ff7ae95c42be5c0584d5e4def59867eecea818405745c9d064b51e6e5c5db609a2 |
C:\Program Files (x86)\Windows Media Player\it-IT\wmpnssci.dll.mui
| MD5 | dea1267f29bf814905bb94369ea8dba8 |
| SHA1 | 8fade4a5477a7cf8c22da1f54ce9033c8080940a |
| SHA256 | d46c27413f14bb629a26f918ad0202df4e561935734e97dccca417961db00f7a |
| SHA512 | 4e2bad82c31f7e7d758b43c970ebccf8eacdfdbc776db5ce53e258d8dd11cd56f9282043ff1c4f5c3d4ea40dc85abc23a741392512bb8927d0a09f70d131c60e |
C:\Program Files (x86)\Windows Media Player\it-IT\WMPMediaSharing.dll.mui
| MD5 | c72128221ab2b63b049bf1da6b6c218e |
| SHA1 | c944e4ed550250c6ce6b64c748bbc9018d689cbb |
| SHA256 | 8d8822813197aeb76bc14cb905cb7376cfc548be1d39b4d965275a69d4f068ec |
| SHA512 | 51388aece871b6649d8a627a85d0dd08c0559cf0a6e6a51bc0fd9b0733569beb23deea86ac792b507dffd61c334a5f589f04f0020563ae07f6bcf867564e90ea |
C:\Program Files (x86)\Windows Media Player\it-IT\wmplayer.exe.mui
| MD5 | bfd80a7e05475abc781dcfe91bf5d222 |
| SHA1 | ad4eb815b7a59b740246f98c89951869fb7a7f89 |
| SHA256 | d0eb2a5f79be04a40f9938a46c923275a4355193f2023421a443a20434475e5f |
| SHA512 | baefbdc5709e46973ad33b4bcb2e205dcc98a7890e5216f82c34f12cde807e72ed77a34d2592938ce1bbd96f495815f229b277c69234d5c788146a0199c5e1fe |
C:\Program Files (x86)\Windows Media Player\ja-JP\wmlaunch.exe.mui
| MD5 | 34952ff88fb9b2bbbe8253ab4146c492 |
| SHA1 | 1eb6602d79279cf703be93b5dcd08b6987aa1742 |
| SHA256 | 41383b66964b4bf9bb570263005dc457f796ca574fa252de880f4b0024af6e8a |
| SHA512 | 9402612b705b66321132f5380c632ed904d1e05f6a8e0852d2902537bbacf8f1b1db33c66831b20839b23d1f7c3102ed43560e9b5c3ddd3fc63f098256fa41e3 |
C:\Program Files (x86)\Windows Media Player\ja-JP\wmpnssui.dll.mui
| MD5 | 3423d166ff04c89a834ee8519785a0a3 |
| SHA1 | 824500eb3da0ddcf6084df3b23be0658bf241777 |
| SHA256 | dc1c9cce046a3644240d4c57b5858ca0b73500be7fb347c62c7c11a81111e315 |
| SHA512 | 92d59a8fa27fd787112daa06bb609e4ee8c24ee80d27f5cf1dc789adda4f44ff90f745ba1509db292b6b6e316201acc7e3ed6655ac7e4bff106d5aef894ed700 |
C:\Program Files (x86)\Windows Media Player\ja-JP\wmpnssci.dll.mui
| MD5 | abf6f5407adc92ea25d0ca4a6e057edd |
| SHA1 | ca5ad84c2c009a1c50e369a80d0e16c7a0a2fd98 |
| SHA256 | accb453c71d26faf8f23d3bc413fcabd59d209c90345d77c4b0e163560acf982 |
| SHA512 | 81c8655b7de8c21a99ebee0e3532c39dc1fa994486107dfd4692e417c689b29323e47dc1770e5f426f9f0759fe820618c437ccd50b8c6fdf7b7924841d25b4de |
C:\Program Files (x86)\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui
| MD5 | 4ffe10c9419d5b8ba38a524b60c21817 |
| SHA1 | 3c54c03f17b4902c9b02eba4e6b80da17ba96931 |
| SHA256 | 6b58952b9a0833bf55815bafacc52541406578bc66b255659c240fbe08e03e8d |
| SHA512 | 5712ae1db94d48307c2dfada1d67ea956555d320e38a553616736f690bbd6c3b64b2e8c74f461b234bf651344fa9be904b2b7f6510b9c6a66a6f52ab2c827db0 |
C:\Program Files (x86)\Windows Media Player\ja-JP\wmplayer.exe.mui
| MD5 | 93fdc079ebded8d20eaef82081df006a |
| SHA1 | 0869a09939c882be3aeb00cba81ddc86c62102c0 |
| SHA256 | a3b9b4a9e81b155f3d1632cce6f1962ce1f35c2db1cc206fb74f6991a804451b |
| SHA512 | 5c9ecd38d853cfae4b3b5a57238d7985e1c6274cb67d7d520ab694b9d0988f255fa45dbbea68638575ffd614e6aa77d65a168a2cc80ba4695efc58adbb45e798 |
C:\Program Files (x86)\Windows Media Player\ja-JP\setup_wm.exe.mui
| MD5 | b9b337357bf4cc915a3c2621dacf3790 |
| SHA1 | 7e15d90226c2c7567c87c88ccb1dec9c53ecd700 |
| SHA256 | d9daf1bab626df6d5265d3f2611052e6f4bbf05c55b53b694d54ddbb3f88fba5 |
| SHA512 | 68afa523a605bac55704744650c80ca40cb320b44a17f90ffed7c6071aa8f9f09ab6497839abc42a3ac2fbe29aed442e8eee05c98746e9efd0424874e6f2b442 |
C:\Program Files (x86)\Windows Media Player\ja-JP\mpvis.dll.mui
| MD5 | 85d353eb16c04e897c6b1061b863726a |
| SHA1 | 9aecae86c36cabf4e050d8fdfbfa3144e9ceb9b9 |
| SHA256 | ea5ee5d2d99f46b95039cccc9061fa84b8c40aded5bff37c4ab0ecb07bf20014 |
| SHA512 | 118df5cc4e7b712533f7675d740169c78f86650fb1c0f76bffcc94d421a6caf8c23d16edba25ba582e4348729846c19971743bc5e52908f2f0337c5f3dfedcad |
C:\Program Files (x86)\Windows Media Player\it-IT\wmlaunch.exe.mui
| MD5 | 109a6c1468880a367d7ae26c679df7a9 |
| SHA1 | ac16a225d108dd54b78858faa9f98fac71dff77a |
| SHA256 | c33504729bc3b30ba510ea5b01df314711e8a5cbefbb26bebad4dd33d0f42ea2 |
| SHA512 | 442551086a2a8e3d31f4a6b837dbddfb3f970f5e5ba92d1aa535a63c31b837a677ad16d671cf0402832fd428f6cc64b8cb8f42eb4222a18b352572feeae01b20 |
C:\Program Files (x86)\Windows Media Player\it-IT\setup_wm.exe.mui
| MD5 | ae5e6678fdf420ef0fc5e758a62eb4f9 |
| SHA1 | ee3f9dd462445aab159bef27751945dd0ab5551a |
| SHA256 | a7aed301eaec4ffcb6fa59945923d19f8b05c4f5d60b5bbb380c45d9a45ba586 |
| SHA512 | ee32cf763c4a000d75da3938ac247fa3bf1f5c608ed9198644add628aaa2d791b17be5d784a4204622564c5108821b6231d64c3286addc72c3b8f781781b48e9 |
C:\Program Files (x86)\Windows Media Player\it-IT\mpvis.dll.mui
| MD5 | a2f3679062582c0133b66f708e2a3fa8 |
| SHA1 | e3409630430eae87b08e646cab459debf0671e54 |
| SHA256 | 19228fa5a7743a610043f7c87b2da8b6834066ae8b8d59fa97ee6bab3469985c |
| SHA512 | 1817c0712c384e3566325bffe684480fc43bc7ff3ac8a25080bac951d36356f77426ea3411219a941ea70af810736f3dff712ba29c124709fd706a9b2df631d2 |
C:\Program Files (x86)\Windows Media Player\fr-FR\wmpnssci.dll.mui
| MD5 | 7cec71b580c9cd8ea17b09b2b6c4e173 |
| SHA1 | 6e7a08d4ac8cacc49cb0c627039f799369fe5fec |
| SHA256 | 79338c1e580403348828a521ef13395b6f7bd43c7a39447f1ee77e6bfca0446c |
| SHA512 | 0088ce21cefc6c438721ca7e97319d8305dc9eb76d51342de3777b1ee584f458c835b147a09c581f205a1d6a9d967feb5a27d50180fa5f86e6acde5b62625139 |
C:\Program Files (x86)\Windows Media Player\fr-FR\WMPMediaSharing.dll.mui
| MD5 | 6d53b4a683385e750277431dcb295e6a |
| SHA1 | 26c0ec496d28e0c638b04b7dc5dc576ef8dd33dc |
| SHA256 | e186d6ad61f7457a811a9112d9fcc7881acc99af785905b0959f6f54ffa0c49b |
| SHA512 | 358120761cc5d261283869a69bc2c85504d9479f30160686dd04cb67a6719d6f91d14c8fff38b8acba960bee02abb7444e15c9862761cc9193bb08d9bf0bc659 |
C:\Program Files (x86)\Windows Media Player\fr-FR\wmplayer.exe.mui
| MD5 | 0f2981f22134483697dabd134991af0e |
| SHA1 | b53aeec2757acde09e4e47e795cfbcd3439beca7 |
| SHA256 | 84e5c956eb481458cbc634802ca67fb1efd702bcb1624893ef313a1f31f9706f |
| SHA512 | 25dd4a27bc53374bb1ddce1940650e5bd380d525585a68d7411d668205e6a3b859390f027a855de774b035d90c3fcb601a165e73204b1da27a25f6884bc36085 |
C:\Program Files (x86)\Windows Media Player\fr-FR\wmlaunch.exe.mui
| MD5 | 568dce1e21331471bcb016ec23fd5762 |
| SHA1 | a0b5cfbbebdad56431510a9debd7139f460eeb86 |
| SHA256 | e3ef5598af0602ef1f7e163643ecebe4fc1ab46b6287082dfb950fbe3fc089d6 |
| SHA512 | 0d0f2a2799e798b84dbbf16c989eea89e1be9535becb629ed39e91f0f15b920be0ba408b84eb222c53d4d5026a5cd00de2d78b495c43c26d2152646e78b6426c |
C:\Program Files (x86)\Windows Media Player\fr-FR\setup_wm.exe.mui
| MD5 | 48d74229210e2d20edfd5e3c3925bc56 |
| SHA1 | 80a5f3a819ff202bba350894ac8ff308a4e736b5 |
| SHA256 | 5e00c186070f3180421fcb157f74abe50cdb780d970b823f06bc2e47f16cad6f |
| SHA512 | fb47d1c652eaf5d03145dc4dd963659d606cd65ac31a6b65733d2417b8353340e30010b7d058bc28c08699c2a8a2219d5676b9c3cbda7d0bf7a47428f8e1ca4f |
C:\Program Files (x86)\Windows Media Player\fr-FR\mpvis.dll.mui
| MD5 | a81e7f68aeaa08cc0f9eb63175fed097 |
| SHA1 | fac503230adf09e8809288af13c6529ed375c179 |
| SHA256 | 56fc15583223007f073ddc58b0550682bf92189d26379b1c62dbe093cba9c7e5 |
| SHA512 | 8201fb6f504aee7567fa1165e6755d7eea57a98b633ec987b7bc36875f4d50d76e43fc1961ac6f146e82b45492d015e3e0e8691f4c68384f80cb5cee2c7122da |
C:\Program Files (x86)\Windows Media Player\uk-UA\wmpnssui.dll.mui
| MD5 | 6ece2d9853bfc20e9dbfd672e6c33c89 |
| SHA1 | db60c35aed601f98b6d714a17d8f2b2d88c5d2c9 |
| SHA256 | c545a0de41e028173e11ab95c0a6f2018653f2bfb91a52c6574085a1591ac1e5 |
| SHA512 | 0532a908b7f11606b71335609e7b9439c62cdda0bf83a74432e14bdc1759eb33ffabd77525abcbf5c7ff4d6574af708cba0881ad63ef4b68cea5217f42213d18 |
C:\Program Files (x86)\Windows Media Player\uk-UA\wmpnssci.dll.mui
| MD5 | 5d95b3d51da21befca2ba5e2eef3a40a |
| SHA1 | 6776ea4413efe7e2102720e61d917889d7ead166 |
| SHA256 | 2536dae229ddf6abef47e8a58fc5d40176af1d444ec2e8dd36e51ea22d253262 |
| SHA512 | 9c2a80ba3e9e22878f9ca561472619e32c783bf4078446fae61fbba0eb2a425b4b95c85ae2670b3192549fc4a8036b218e9eed15838fe3edf95271d7b7c9de9f |
C:\Program Files (x86)\Windows Media Player\uk-UA\wmplayer.exe.mui
| MD5 | 7afcbee11db10e80d338fcd551c2a2b0 |
| SHA1 | 81d5ab2187dd692ddd6a7bb41309a5c42f7ff05b |
| SHA256 | 2ae6f7bdc914022cc1da1ab3e5157a9835d0ee5f061f85da0153596c948faee8 |
| SHA512 | 7f26d6a0cdb4c10e14a8b4414373343f255c7ab828d01db108f9445b1239c74b84fbd89c9510697a50d542ba951af25d53724103fae66c51d250ddaefacc0ed1 |
C:\Program Files (x86)\Windows Media Player\uk-UA\wmlaunch.exe.mui
| MD5 | 017979c664de27c6744c0b8fc8ef19f5 |
| SHA1 | 0be68fd00bcb7dfd92257685f471b2d022059d00 |
| SHA256 | 58c9e8324a798010e31c99887ff26f29b1f96e595f17912fcb2df39bb7583635 |
| SHA512 | c02717d4dffab003cbedcf39d93e1dded15815724d646fb3238771890e368b2511c7b11d86790fab870b3deccf577feb85091e73ed29ad54ed4ab60cee1f1b9c |
C:\Program Files (x86)\Windows Media Player\uk-UA\setup_wm.exe.mui
| MD5 | 101b7335491a94e2b599cf47f41adcbf |
| SHA1 | bf1ab3d1c1e693eb0f8139fe19ec6fee9750533a |
| SHA256 | add22a29faa5b651ca4b4f29fdcd2fa7dc92e36b4e2ec017f02946351b80b2b2 |
| SHA512 | 320b33044a0606443edd5eace8879f67fde775a259562cfc8cdc553fe1611d7ab35bc17c1ac175f25e71d7da2735276b50232e563ffec9fb5557514d8489de08 |
C:\Program Files (x86)\Windows Media Player\uk-UA\mpvis.dll.mui
| MD5 | ed9c4e2b469f1d9563dacb0031dc73da |
| SHA1 | dd87506518a4bb5a8033f040e478b088efa0d195 |
| SHA256 | 099315b1ebb508563d7ecc9ed1ef9248fd19fa91b60fbebe512d6f4927dec305 |
| SHA512 | d71f522dc95838d3c2da447e27ee67314425d0d4bccaedab79aa1b621dc1f59db5f4129b0a1ebf0f4258dd8e9ce2091c2f0641466f54848c168e28c3b05ff44d |
C:\Program Files (x86)\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui
| MD5 | c2b1c38bd3fa3fdcb3f74a74d0d7b357 |
| SHA1 | 02b630fa5d04fe20d6449f8e3f370b6100b2a685 |
| SHA256 | 7676706cff90046330cb93979a678e926521efce2c7d7906f3f5226db239125e |
| SHA512 | f4db84d2abec5e9fd4755e6ee8794e75dc7efeb3e77325ddf54b5b6a96ba9cd7be708ba935cf3adf9d7f66aac7e603c3711018427ff232fb564df72875c98af9 |
C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoViewer.dll.mui
| MD5 | d80cb4930053c20de2aecbc2ff323fd4 |
| SHA1 | ec845ce2695bb261289be35efa1ad5d598784ab8 |
| SHA256 | 112fa8c3aceb5a5992de0ec459286c4ec239a59842448622b51a6c2da8908624 |
| SHA512 | e4de1af64b1dc1c9bce4df515876d165a464bcaefbd094e0985d63d879d6fad493ce6bd27a3ead937b8359206a6dea9900ce7956be0cb93ad0529a1069fa4cec |
C:\Program Files (x86)\Windows Photo Viewer\es-ES\PhotoViewer.dll.mui
| MD5 | 5e2af17114064f1714ba13beb9502a10 |
| SHA1 | e394eb8d045670252c2de650856727c1a760bb08 |
| SHA256 | 19777696d06fe7631d4a9637ca4a1cb6053c8ec302832062d99b5bfabb4b2e5a |
| SHA512 | 69f9df85c4cc0e0892f92ccdf3775d614416578318ec14d9c492e85b5962688cdc8ede6e7ddfc633ec1ba5cb60c4297143b7895ade82e6032a20b569cde96e70 |
C:\Program Files (x86)\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui
| MD5 | 6e00f03e1ba5b516712b9ff19f4669cf |
| SHA1 | 31ab5095dfd161292cb31850a74223b90042429f |
| SHA256 | 9d0627b641826bc33a6f3665dadcd611f19ab5e083d1447b17df5e607f222619 |
| SHA512 | 03af8101ee1e9d3047df3934197540e4f7109c1b326246376f97804b6047514ae039e2eec79b1e8c8d145a5f46de9158842dc0d3dcb4c6b95c11dd30f3680b11 |
C:\Program Files (x86)\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui
| MD5 | 7b6e666b9e2fd5d2f7321cdc052a812e |
| SHA1 | ffa3f11979e578e70ff171432633ad21f917935c |
| SHA256 | 989c00b5de3fbecf7923d0d7da21ebf37d07973a09410534ec658f4aee5b6adf |
| SHA512 | e3dfcf71a036ad6519e905074716c9e8c6018c8fd586a0a7ecb744245164471a355811fa3c2fdcf37493967ad8a7074b55c00a6adadc257bd86dc1391d207737 |
C:\Program Files (x86)\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui
| MD5 | 27ab69f85905183640a35c242981d0a6 |
| SHA1 | aaea7bb686e0050a9a6c32bf50f1a2543c64bbd3 |
| SHA256 | de705e077d3bbf41ede54fbe5335f6c8663ceabf4b387fd85e9dac2792eef8df |
| SHA512 | 45f5cca0c99126b82c469cbbcf5a76396c55b839ebfaf40724fca6d67deb5968f859623088d5464a67564e07c1f63507a857222dc543b0793fb08e290954e456 |
C:\Program Files (x86)\Windows Photo Viewer\uk-UA\PhotoViewer.dll.mui
| MD5 | ca498fece0057dd5b57cf6f79f2feab3 |
| SHA1 | c8790a7703e9061455c0efbd544fc6d7722617e1 |
| SHA256 | 71e27939500f77184b5fb6ae950e45553039b65a27d62c8c18b98fdda7a985c6 |
| SHA512 | 11a46a439c913b4f05daabb2383e0b7240343e25fb30c654dc3ae9b5502082fcfcf714b83be12d2d57f0783dfc53c7b283fcd97dfa5a603eb76d74c1c0e97fc8 |
C:\Program Files (x86)\Common Files\System\de-DE\wab32res.dll.mui
| MD5 | d69360b92c9eee5e579125e07f67f596 |
| SHA1 | 247a1fc6c0caf679244013fd3228f45576061d2d |
| SHA256 | a9013c4c903b253b3ccc1c63483dc9fc0f245bcc0f789f422c844ad0d28382db |
| SHA512 | f2ed8c154eee8e6edd36eb2078a42d84b7a3c1c496a27ef1ed55834ec22fb6e811145843fd99586557038e553cf2a922e6e5ee0ebfdb163e87838caff50d88ab |
C:\Program Files (x86)\Common Files\System\en-US\wab32res.dll.mui
| MD5 | fe4cf3681f7a0d3891c7b3d462a65b2c |
| SHA1 | b7bfdcf64c80223bcc5c082a328330209d4beec1 |
| SHA256 | 01ba565d874e6cbb787d5290b97e60be62f3b23b990c3d5ffd652db0158a113d |
| SHA512 | cc166b5bbb3ccff1dbc0f890c05b1477d2008f9a57f8900096ccb311e23576f7e937fc9225a38fb68356a1425a2f1333deb501226ff6ba4e6f40f3f9719192c5 |
C:\Program Files (x86)\Common Files\System\es-ES\wab32res.dll.mui
| MD5 | 985ad2516102f3c0572d292c341890e7 |
| SHA1 | 6ca32bf4d66b0ecd8ab342241d2ec946b26024ba |
| SHA256 | 73d46b447586a59b195290675b9de3b20d62f6ed6b23af4128a8b21198ade750 |
| SHA512 | f7bc8685c5fac58bf2f19ecc24cb5e8aea96a13d6028becaa70df1227b2b092cc315196d0be0353938843d55aaf2b0585f1bc2417c446c8a812a14487ded28fe |
C:\Program Files (x86)\Common Files\System\fr-FR\wab32res.dll.mui
| MD5 | f4f16d19cc335f1e6d2f6e65414259e0 |
| SHA1 | 3acc0d26e58abc16fcbcbe65b0f48d85632af9bf |
| SHA256 | 2df55ee0a47d9a4d53bdde89f727b2354603d4467f3f7d191c86c4dbe7c7d029 |
| SHA512 | 4f816a6acfef89899333b62d0a077ed83954b95cb81009d95a32fc8246e6d707e2085dfe9ea61c3f63bef1163bfd9661a2fa1de9ba7e9d467bb663eec1456285 |
C:\Program Files (x86)\Common Files\System\it-IT\wab32res.dll.mui
| MD5 | e26d08dfffcad64b5dfbef0e3d425b51 |
| SHA1 | 7cd3d79c8cf02292b5aad3b2870f83a2dacd3a1c |
| SHA256 | 5730885b985b859a2c5ff4ed658623c5235099cbb8f69c174ded510d86aaa56f |
| SHA512 | 9b3ef2c6e33385f1635b30acba9b79a3b63dcbc79fa1b7cd13c61fd827b3442508781ec2363e4478d0def7e859294fe84a6adbbc889eb2cf37abdea2ab29fac0 |
C:\Program Files (x86)\Common Files\System\ja-JP\wab32res.dll.mui
| MD5 | 4783d954ac08f0ddb5712eb34a296b36 |
| SHA1 | 676939f3debc5da2724f759f30b4be81b6a9e89f |
| SHA256 | 3374b34f83d1d1606372edcefe0957812594d48631af1122c3d90b658f0eb33b |
| SHA512 | 7abe69ccb61abe70bcfc25972206b5a905bd0023351401e747d8b1e66ae427262777e0fc84bde64b6de79c32cab77e7c5615c5a7444d7be456d5902b60baf649 |
C:\Program Files (x86)\Common Files\System\uk-UA\wab32res.dll.mui
| MD5 | 977d120a66647adee6abf538de0bccdf |
| SHA1 | 597dca56dc8f69afb99d6f29864105999e707863 |
| SHA256 | 80f16bd208bbd3a4dbc4845496184958b7e9f3d9de64f51ec5c4f0d76b603b6b |
| SHA512 | 37edd8ff33f2a37c3706f813ad0ace8896f91f593bc0d1bb1624cf165f7462d30c3adb91bf59b7fa58b8b5c33765332fea32df7516287454cbe9d97444a6d993 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui
| MD5 | c01fe11db395b88d31bf0831a979812b |
| SHA1 | ffc50687295b69bd879536b37969e71669fa329a |
| SHA256 | 8efcb46f2a7b93175d12b004196756a7dd73c694d0c555b8a8854d11bb8ee684 |
| SHA512 | 7c39545a7fc36b40d9d8eaf069c437490e664fa7486464e11c6ffa98c75238bf5653a539b2c94442e4fe2f35672234b286f8624017c19b57d4cff7f38b64230e |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui
| MD5 | 10b36cbdea31c01ba8eefa178b797115 |
| SHA1 | c4c4e70d269ee0211a62d47ef6f992217998d481 |
| SHA256 | 9b71eddcfd91e9cddca696f6cd79785733f3fe02dfe41041c4b1cb7485420026 |
| SHA512 | de24a3aa3c89765bd25b21c50921fe52d6f0e14ba2843f03f2a044acb68e8a52f17a21e6426849ba1b5629c0c17f08feb033fea8b35277428092d1418712a228 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui
| MD5 | a3d50af64805037351448aaf8ce68769 |
| SHA1 | ff8e9bcbf90d5f412fd1a00a740f761a3e485485 |
| SHA256 | 46221391a38e399c11a911ed4ee336b577235f30736396d2ecc15af1341328a0 |
| SHA512 | 5dec454ad7e061651562f45a41c97b24607c2e8a80b09c12978f91d9e8c4dbbfcc6924d1ff8fb523a22846afe631d2296a7c39752ce6d2802818c3d326479d57 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui
| MD5 | 7cb020bbcc608d42804614fb8cca8e6b |
| SHA1 | 1deb42500f4182b12c9486855f9f2aca26ab4a4f |
| SHA256 | ea90c39d88d2c977a16521c545b8a8d7ace6682d71fe168ddf0aed27695d3131 |
| SHA512 | 3b9d64cba86a5b436cede179295d01bad73401226173537f97d05fdd13da268983877299e5d30cba505a8f7fa0778b804783a25f259b7ccb8cfc563f3d963620 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui
| MD5 | a4f4242027650b05efe536c85e7b3d24 |
| SHA1 | 52fe16db1ae340d4536aa52a92a104f25b2f28fa |
| SHA256 | 940d1e1e377b38cb32cef643167cb0d16ec237f980ae2a263e81b02db66286f0 |
| SHA512 | 8ba0c5497a9da5f3cd4248bc780f5c495095a654a1db068a5db5b40c4560a0b05f4dc70205cbc87a1c6f283d4fae1bf2cd4f6dc9e35a2e293b6657a6dc02648c |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui
| MD5 | ea03785093cee93a3b279b8f398fe2ae |
| SHA1 | aac405d8d6d5df89c870073d59d4378f18990ac1 |
| SHA256 | 19b706d4b98887c671c7b54eff4ccc74c4bbdf42b8f05ad02feb16e4a923d9fd |
| SHA512 | 4a1d891b9224bfd5310e8cb67688d6e2d6d7c71c29cc571f7f69b8d806f655e1a386e9c613604167fc3e2ce04cf269699d43562ebad73f7ca3a6ec29c8066e11 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui
| MD5 | bc4eb868ce3a0da0121f38a723ee80ed |
| SHA1 | 0d194dc247e995ce9afb4a0ff1d0ab854f0d08b8 |
| SHA256 | 226ffb9d89b6114fd9caf78580be9c348878b87c9a504052235109482c0a56ee |
| SHA512 | abdbb5429a58fe40a22cc59d79fd2c030b14fa8b1c720e624dfc98e72fb72b4bcb8a0853909f3c7cefddbc93a556e4c24f9eac508b7bb4e376e10d6a8aadf31e |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui
| MD5 | d34f765ac135f5a70231a5a9ef5b69ae |
| SHA1 | 5b28f1515ec7887ab4fb5c6be67fe77d9c59ab0d |
| SHA256 | 5c0bbac87de04792cf3c9c9ab0959047e65bea6204959c5a82f83a613c6bd96e |
| SHA512 | 1888bb08bad7709b85a056919ba43e191adc5e3797df9ceb619b638122c4057aa350f8ac4a00e6eef73ab144690f0884fb235ea7cb38500e8df18c8951087104 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui
| MD5 | 983c1c1bade7972962861e238c26122a |
| SHA1 | d9eb792dd309c1fe0092acefc7f1a7609636f5c3 |
| SHA256 | 32927fb13e4254a439ff7063783b536ea8d555f5f8fd16ebccfee3ca94317cab |
| SHA512 | 476546887ac5428af9e6534d6d5ca03104f5f8a3260ee73cf79319affa5203e7cf6394fb6c2fe05cff03e423afbe4e157e6cdf7b4fa3b1e62f9cf51b3c60f4c4 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui
| MD5 | 2c4a4381223fcd77650f02fa380d8fe4 |
| SHA1 | f7c4fcf0df82c2de71c63f01f2accbda1b5e8aa9 |
| SHA256 | 744805066aa3d37e01a66a97d213c70d44758220b1cb3ef3e6db39d318244b9f |
| SHA512 | c9c955d0e90eff3105dad2dc035d8e0af419df10c364bdc36614a61dc15263f733441625048a8d38acb3ac9ed8a7340356570959313b53081e94e0e5c35f7063 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui
| MD5 | 18227dc8aee0ae43f47bd172c98a893c |
| SHA1 | c168f7a1b3d8aa2d79643ee1131fd45c071df457 |
| SHA256 | 6e162acd2b470a74f1c854e26e82e0edaa4e4eff31c8060bc7051b03e450b7bb |
| SHA512 | 94f2f33d3fac5bd1d5df61a5ebb87c0d2e6a881efec29123b22deed7fad2149701a98f9d29c2cdc599bf7f50f753de4cd15af860dbef2e8fac55871a2a54b59b |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui
| MD5 | 53f6bee6ddf585bc3717929d7482c111 |
| SHA1 | 5889d2ee24585a91b6318e21e0796c9b364d396e |
| SHA256 | c6d6c5d585cccc58113b5a163f27330f5deaa37211fda0d81fcea31ecab7be0c |
| SHA512 | cbc123a4a822685f744285b28aeefd05e1b1b397052d9e9554327f9e4b6e92b690bab8773474f80c95d8ad1fad89a31af2ec6a7d1012701a0b781ab23d23cd39 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui
| MD5 | 0f2c7971cdff5c016ad958cad830f5b6 |
| SHA1 | e5b08ae3a337ac98f3719013f3a835b361fbc2c1 |
| SHA256 | fa8b38f9f44d826c042547e54476b1e3c976f439dbe1c43556bc0c974866f5e6 |
| SHA512 | 971a4211c0164b8f75e2492e07581b1c1a1f29748b8582b39d02176a4114c5cbc92d8f77da1fd44593574a0636e31a6b6443d0013b69b7d599219a276fd470f2 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui
| MD5 | 391d39240b2eab240286244a719f0b4a |
| SHA1 | 911d6da49e7569969235b2c413a0ab549940a875 |
| SHA256 | 4fe688960878e4864ec94299ca0c77a609f80f8568784a9317e2d87257067b07 |
| SHA512 | 8742b2beb03bc42d8bc4272d0e6be5aae5310366931ace471a9f152d1fde75a699a7c90e675514b7a5b58acd83ae5c37e543f8d77e982bd48825b57a86b9e309 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui
| MD5 | aacc4eeb737b87937e2e81d390aa0f11 |
| SHA1 | f528f8364b748ea6d6632cb75358244f5a987c32 |
| SHA256 | 884c81ef28c4e07137301b62ade65731483ef3443a061062a4340030044acb98 |
| SHA512 | d9a6b5ad59f37f6e66a851a21b9d04402bb276e709934f24a0ebab1bce7d975702fc07218215670b2b6e27ca77f3e6629703cc8ac0e27ed1eeb8316c26bd4af5 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui
| MD5 | 24419ef8f2878217880f159b4069e6ca |
| SHA1 | 68ac21473003edd44053c1a215de32542d0bd1d2 |
| SHA256 | 5755303c6fa0f1f83c720f00b2ab1c04c72254d75f56697d7c2a0e38d536dc89 |
| SHA512 | db8d340af94c6df47f3e753cfcb70e5fb596a6ae56b0f0fafa107944a29c4986870bbaecf16c6ff02ac9f342fa38479f74af81f6fe16f24c45689ac5a77da4d4 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui
| MD5 | ca623f0cff9bde6668e7fec3902da97c |
| SHA1 | 28137ce74d3384a9c416598eee1baa3843700887 |
| SHA256 | ed222a06a8d152ecdf69e8d15f54d21ec944f526e0729bb9e9fb2c9af48e49b8 |
| SHA512 | 3e05816ba905b6e4bbc9dda24e99bf36ba72b26fcd91062eee6087e7854fc822c6f991f85a6c50f54179b376b7b0944e364c5b6113bf0b503e6783e14e6466b9 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui
| MD5 | db0590680515181f2d706765b31d6982 |
| SHA1 | 1acf9ff702f777a7e2845ade89e14e80ea0283aa |
| SHA256 | cae7422249aca5cd95dbedb9e5627b1358da885aeb0dc33f635ab83dfcac9566 |
| SHA512 | 2b923c911700487dd58ece5ee797696b03384a77d06afb775be9689a426e861e4bea44afb2a927e9c229653af17feb677b47877453403ec36ebc5f82f9aadeb9 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui
| MD5 | d88742ff1aa73ac1b8b04f1ab6b820a7 |
| SHA1 | 525db8d70ca08b756372b964e40f94e461257bc9 |
| SHA256 | 8873a7d0ae0ff7d28530a01d3294fb4b39329e99556a72eed0c2e0bdf5115615 |
| SHA512 | ec418e0d1904048dfaff1e512aecff94d81ebf6a14cca3a37d578f6b4aa89f1d01d7f06322e2d491089120b042f5489479b4d820a6cb6473351e4edf6ae434f3 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui
| MD5 | 09f80554ed94c4136cf6a01c0a90ca91 |
| SHA1 | 76bf30af26d8af5b364ad13261e7ff76be401f08 |
| SHA256 | 6e6c48b6282430c398d7729b86609c00b5200b9ebe5a3ba68fab421713894811 |
| SHA512 | 89a3a286b473e2564a996788ba81cc6f0d47089c2f51adc1f0a4c1ccc58b01df9382a6cf3223208c0d8f91f2bdc52f3c84a0a6ee79d0d4b97d7f937c3a2f150a |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui
| MD5 | 29141602fb4ef18e49f46d1d830eb23a |
| SHA1 | f27380de53c8dc999416ad9e905363ba621b78a0 |
| SHA256 | c722fcbaa50eb3114bd2b285f8e7341b8e77318c7e40c9488b87d6d0eb7538a3 |
| SHA512 | 7faac534af9a00bb64d888ec7d28f06612db98f41712644f23a20191b69bea0879b6e817eaeab408f7859a1888df07633792ed17d773ef262579d28764de8e84 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui
| MD5 | 049783ff6e961fc861f82493409f6ac1 |
| SHA1 | b25f889548595f5b0b5ec62e70fc87d9efa7bc56 |
| SHA256 | 92f49ec4807b150f03412fab6b91075939429ff79236959ac68d7ec86132fba1 |
| SHA512 | 3a4b818ffd64199412ef3500f31ab7010dcf2accf0fc341279adf4e09949970c4b304192bb150cecef72d4baa4c6bbdd2a54c00bc719b5689fa9471288db6c0d |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui
| MD5 | d08220ab335655ca47d87b3d13979fb5 |
| SHA1 | b826b3c7422d3f317c77443f9d0580560c228bee |
| SHA256 | 43df74b1ab5f3f0e8b58b4ce8fe40a5fec8b3b1a1983cce485914cd9a5e0abaf |
| SHA512 | 2f92d1eadbd662e1194dad1d60f7e3c1797ca02c06b7cb01d03c9688be912a70100a5a0bea1d62b6fed082bf09521a710fada81f148f1def01a61f383ce87516 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui
| MD5 | bcf20021ef3006551928ac7bfa3cfbe9 |
| SHA1 | ba78f21764403efca052bd6aafa913a3cc987818 |
| SHA256 | 092b49ab669d346f1647ab9848e40397c832633699b590b5269cdced3af30808 |
| SHA512 | ab0619455c6faf3bc4bb8cb904de5bc3591aae81faf65cc73ef5f1db648aede58e59c14bf00705c9cbd845a320164cb542c276519137bd12940b6d4c79f4e097 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui
| MD5 | 1a50af27d5ce2da3cab3527ec8e0e2a1 |
| SHA1 | 4458788c283203023151cba4968318e9c22d115e |
| SHA256 | 894eaca6958061aa08b140d656b27934d39119da19f41bc30bc5c49b9934c07e |
| SHA512 | 34ba8f5b38cf480099c736eada324e5f6a5633e5facd34bb39c585ef89d4e89677aae1341eeae95472e51a21efebf30b1809422b7e67aa335ff6e38809c9ef1c |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\uk-UA\TipRes.dll.mui
| MD5 | e6cf1a0480775a6cf79864820828d33b |
| SHA1 | 9bf621b0ee76757e0ed2258489b9fa304079520e |
| SHA256 | 473291c0eccbf8d86bd3f8a7d47695cab517db99ca93fce4f03fdd50d59c68c6 |
| SHA512 | 1123eb9d805b11e95f774342c3dc3bf0ab483112f8a0b1cfb8be7f947043a4d67f52ecb95278b975f1c3bcddc610a9bff4b74730891a35256636ee5d12460443 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\uk-UA\TipTsf.dll.mui
| MD5 | 481bbb57faeef7ec4ffc7ba576e9d129 |
| SHA1 | 67067ce9b6acbabb0ea200c32cf6f05d274596df |
| SHA256 | ff4bf7b1b6333230e9c6e22e0b044b4c7e5bd2450e5c14c4b6f2d912d1ba9607 |
| SHA512 | 32ef9334c90dcf5f4299f41c60b99a35d5a2dbef50d44ebd0fa6512718ed6d5e6f525b76b679ac5e2c7c801a10624186a254308a684d223bff3439c06c1ebb78 |
C:\Program Files (x86)\Common Files\System\ado\en-US\msader15.dll.mui
| MD5 | 4c6c40adce834f9016f8fd2112652860 |
| SHA1 | 0046848c51f5a374e5f3db667efac8f7ead0a2f8 |
| SHA256 | b61a35a09eaf247f385b3e345666ed07aa347294f231994538b1fbedc9fed7aa |
| SHA512 | 7629388528441589802b1e2140df137b0bf6a0175e16c1b58be34064c307c045709b38925794d993dc4729c69458bc9435e1507c6c711c511d4c8410d88e7646 |
C:\Program Files (x86)\Common Files\System\ado\de-DE\msader15.dll.mui
| MD5 | a70fd75713f42b60bfb6dd504e19ae66 |
| SHA1 | f525f704c88b977f486dd134f781ad5adb776d0f |
| SHA256 | 334013ae2e10194a13468c2cc58f1f289f44582771badb78f0e29ed24dff4977 |
| SHA512 | 380ac2e0bcd5fced29604f6b3a6a24e88c94a7ce5a7bf8cc6a13b26f68d72c592868002ba88433a88337024cfc7bec69ea452b28f62d2f7af0ef6f73008809a5 |
C:\Program Files (x86)\Common Files\System\ado\es-ES\msader15.dll.mui
| MD5 | c248eb0c0431391ec9b4068ebc04dacd |
| SHA1 | f8299cc3a0132a9e7351b7919cbd7a577bccc47a |
| SHA256 | f911c555fc2e886b2ff9e9476620cf98fd2a0443363d07f93a1f1f0701595962 |
| SHA512 | ecca75c589e8126381b09998ed7507d657ea978256a17bdf8f4267ebd1796c404182470e90f4d6cf845c6532131cc8fa9c81b3ed4aa93e80ae8baa018a965346 |
C:\Program Files (x86)\Common Files\System\ado\fr-FR\msader15.dll.mui
| MD5 | 2ef7dcc4e542fa8cf71dbe5c6fbaf32b |
| SHA1 | fa66bb4cbc876ca49b9008661326074bf9811dcf |
| SHA256 | ee371a12af16f268111c3cc3c6052a323d9cb61ceeba78460f2e4251fd789486 |
| SHA512 | 801c3895ce8dacfed0b70c61b81360651ee3c1aed3c4144cd0c4ff03674b07efb9a049784eb6ae7b4424b07d1c5142d7bceea2e0b50261da11eec4df0a025cc8 |
C:\Program Files (x86)\Common Files\System\ado\it-IT\msader15.dll.mui
| MD5 | 3015d71f915caf20d04c4de0825bf5cc |
| SHA1 | de6aedcabbe45dc69749220ebcd21e2bf054ec66 |
| SHA256 | 7af0e225d9636c735c65695b234aa4e85dd0c7d77bbb005c6d375bb4cf5014ae |
| SHA512 | d31b6c2304c4a92da6e32be5a62144d34e56f4fc5740c32f3f34bd52775c1b46a7b59514df369f93ed270a43c8413be982c97369b6dae941e7cdd5662504aa09 |
C:\Program Files (x86)\Common Files\System\ado\ja-JP\msader15.dll.mui
| MD5 | 843a04fc087a51a508a782e67565da31 |
| SHA1 | cfa01c9189cb550ec66b9ac0ef3511289493c70f |
| SHA256 | 17f7bbfb43907b4fbb252e8a8a87a3cd597fa73fcf94dfb8b7929ada0e1d16d4 |
| SHA512 | f984ae22865d7e49227c303c84b68b03c364feca778f142cbd57415a0ba0bf676e0dcbab42f518710556a8021e75a03bcfd8d995d441e04a928038d72d49229e |
C:\Program Files (x86)\Common Files\System\msadc\de-DE\msadcer.dll.mui
| MD5 | 4bd236bb94579e181ffc26b59bf8e153 |
| SHA1 | a3dfb289590b2c2b88a2d846ffaf1bce858f6d4a |
| SHA256 | c30f686d78eed2e8378116bc9c7f784611917b38e9821044c8c5ffd78c45e299 |
| SHA512 | ffc32e44e69a0dcc7cb501c531a46a35e43f15957eac25165aa6f9341c4a8b10ce2cdf59fff6994c3686164bdb95f77787a06a72fef1236191cc0e099b775fc4 |
C:\Program Files (x86)\Common Files\System\msadc\de-DE\msdaprsr.dll.mui
| MD5 | 85bd69c52f873e5ddb4b707c2b0e79ca |
| SHA1 | f72df5282dc002aefac7a13980352000d02e87dd |
| SHA256 | 255c4673cac54145d7636d1f2a1e374b9a60372a2b01bf182e03bbf44e66f433 |
| SHA512 | 47aa5ba555da1f47cc9198f7d728628e3b064bb4927a02be0bc0749bea57a9191ca67d232c833e2af16c39d1d7be855f2e327bd77c0150d06d0c869bb40b1002 |
C:\Program Files (x86)\Common Files\System\msadc\en-US\msadcer.dll.mui
| MD5 | 70bd4688126c213b72c9655a83861435 |
| SHA1 | b8d18d10ec1e0772479d07a3cbfb4e57795c145c |
| SHA256 | 12f334c3cccd9859c769d1e00f9668a2fc4fd761be9bf677d7de3ae7460fba06 |
| SHA512 | 34e038c8bebdc6ce45a6e7574e82b175ff5f990881c4dad521ffed3e5356268e9555a075dc14eb0124af839add2508670b25b7fa5231b1b4614f489b3c0db69a |
C:\Program Files (x86)\Common Files\System\msadc\en-US\msdaprsr.dll.mui
| MD5 | 74abe6fc6cc57560578fcf2c8ea37cca |
| SHA1 | 73a096ab1d451ec5831576d801b7c850ff4afcff |
| SHA256 | c538d5675633d66ca2d86ca233933ce5efed6d0bbf311bfe1db202bacd4f0701 |
| SHA512 | 914bb6447844c6114b4a01df4da7b6af73af5cb975177f4fccd29471b50e5c87701375b962a24d6a08766926347e656f334be2f8dd9c98eeac4c0f85c2413826 |
C:\Program Files (x86)\Common Files\System\msadc\es-ES\msadcer.dll.mui
| MD5 | 4af4fb8be97a9fa85701ddc11add8450 |
| SHA1 | 6f43859be83ad4accc0d37fa1cb065c8ddf4e597 |
| SHA256 | c3141a319390d135c2c260f65e98d601d0e146926231e104e423d610da2bde48 |
| SHA512 | c9d83b81aab720690193eba4893a8d600369925883a5fb30ab308458d1794cb564672f39ec9d7677c2c443853ed6a13be7ef3ea91c4ba349725cf2067b4d34d4 |
C:\Program Files (x86)\Common Files\System\msadc\es-ES\msdaprsr.dll.mui
| MD5 | 7b5579660353a2322449da5813b490e0 |
| SHA1 | 6334a7815107d0805b19a8470007e8dffe341ac6 |
| SHA256 | 0356be458668b13631b2897c22162f594990bc724527ddef65378e70888ec302 |
| SHA512 | 9eb5b0319fd840987bfe0ad252094339f41824c0ca0848b11f48c64bacf60a47f89a08f30f59209104b7c840dbeb581692622fcd928de2b438fadf218a9602a8 |
C:\Program Files (x86)\Common Files\System\msadc\fr-FR\msadcer.dll.mui
| MD5 | b05b06de33c22f8b3d4dadc441c7f07f |
| SHA1 | e344fb673cb13e00d718d72dcb37c66491465ec1 |
| SHA256 | 4d758afe58e26b7dfbc51eb326a1949dc2a1431f36e3869ecd5941a5fd9b1bb7 |
| SHA512 | 617331042fef4ea099941d26f7a239dad3f0c386c3fe466a2ab0251e64796dfc26c74d73716448046eea072a3fe21e18c96044bb08e7949bb98010c1e6076628 |
C:\Program Files (x86)\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui
| MD5 | 7c8792d80b88cc3ff849c575a6f5382f |
| SHA1 | dff67ca279dd5351af653cc89015dfcca8dddbc6 |
| SHA256 | 3e5c2bdae80b6090d7db7692b0a140bbd476cdecddab067eaaa669374f71c941 |
| SHA512 | 5f5a4b35d6afa6cdf2bc4b9daf8f3a64ff2227c5f5e2feccc73685f1225d1081f2417ab4c3acb9cca172c3dc18d9d5cfdfa2f657593cf8ab33b12e3563f3e924 |
C:\Program Files (x86)\Common Files\System\msadc\it-IT\msadcer.dll.mui
| MD5 | 08568e777c56b7a6acb1e21e056edad9 |
| SHA1 | 6f15f070d2ac2c4c9722c0025245037c1a36f680 |
| SHA256 | 7c793b7259f6bc496f32d025a06c54688b830aa28bb48efef8a79cb204f10279 |
| SHA512 | 68f9481289298f3c81701fd3ff5994922766047b3cf6f1da2c8c6767fcd114d73ba3b4a039337658f83ab7ef90ab35ff9d249c5c1acdb6d0c998210389fe32d2 |
C:\Program Files (x86)\Common Files\System\msadc\it-IT\msdaprsr.dll.mui
| MD5 | fd864adbd7bf45935864a4503b7903fa |
| SHA1 | 6de55ce9651f71b0f5cb0c27d4da106b722acb42 |
| SHA256 | ddfc2c55ac7c285f9c241fc97370a04a70f0ca25e0c5ea47427667ddfd08729a |
| SHA512 | 5cb2763ef5ea85a75957226a8fd2c915a7ffc637bed1d81c3334e09448bcf6291a2fe20a09eaa078e32876abe52316a0a64b3fe0ef5ea68148ad9325a2693ea4 |
C:\Program Files (x86)\Common Files\System\msadc\ja-JP\msadcer.dll.mui
| MD5 | d682fd75c071c7f740e25bf198afc1bb |
| SHA1 | 946341248d19509361a7d58b110c3c90e8aa2563 |
| SHA256 | 50bae4bd7b0b4cf7dd9120c5cd516a565d7baa7377d09df8c60b91454e3baf40 |
| SHA512 | 4f3f096db01f8f1cca0be3a489bf5e3d859288230b2fc8f942c2f882906571c496fe2a4c9860861e3b8b6c6e53bc98dd17c8af0718933d46b42f861746939518 |
C:\Program Files (x86)\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui
| MD5 | c7865e062225901c0b23306da05a8a6d |
| SHA1 | 53f82fb4ac08bddb7acc420af5e71d22fb2b8b42 |
| SHA256 | ffcf30acab891e79afd3a9324e005e8fd2fd208382da0ec802a7dc544a96e142 |
| SHA512 | 766cf7bad6017fcd9c05ed54b35aa0f5ad6970bdf0ba647d30c435b1676e7a9cf3650176411a69e9431ad6a529a6cb6020a912e8d3ed70343316c87e3e7974e7 |
C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui
| MD5 | 7eff0550537d47d988a489ac070b6096 |
| SHA1 | 1328a77ab6c3c54da824ed1d58cf33795f52e9dc |
| SHA256 | 8e9cde561ed052910930a967a2f5d29a83f7a6352d4ee23faccc50e59f0dc74b |
| SHA512 | 249ea13f67a46e7364d088b18f8c3a57e119d6596efe6fb150d6f25ddcb5d36fc37ac42e2e80412ffe61c5914a470bcb6569d5e557a02ba5a48191cd67580aac |
C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui
| MD5 | 6c445322c9e405005100cab687e029e7 |
| SHA1 | 203a6ded6054d34e2429bacf875f27bf711a95b5 |
| SHA256 | a2d7a29a855a086ec30160fc6a94d9b6e51dbc8e63962b28660a3d9a899a7dcc |
| SHA512 | 50d54445a237491e4e17eb95c40864287ec2e56c806cc8fbe981d596d0aed0b9bfca65dda60ce3af67fa7fd6158ccff72441330fc8e1f691a6c7da8e3e05e7c9 |
C:\Program Files (x86)\Common Files\System\Ole DB\en-US\oledb32r.dll.mui
| MD5 | 89fe7a23077ac5f5d9e7a8142cadbab3 |
| SHA1 | 417c7f5b6d228fd649bb1962e6eb252b66a6ee58 |
| SHA256 | 91240e859375affaefe19cbff697197cdb22d464be9b278b286f3d5fc8ac294a |
| SHA512 | 3a8e7a66ac1e228687069f1897b6f7cfcaddc2452c3991228c6941e6cf72c1af0c60d24f9aaeeeb2ba74eeb8688726ab4319d8281542f760ede7f195ef0fee91 |
C:\Program Files (x86)\Common Files\System\Ole DB\en-US\sqloledb.rll.mui
| MD5 | 5388a405819e4007675294f22c4a9738 |
| SHA1 | 03fd9630ae01b0cdb4fc2b62072d901fbec2e90c |
| SHA256 | 22735710052791dd9caf860efc775fbf6b51f806eb8990fb925ca36425c584e1 |
| SHA512 | d917229d47104611a96a7d44c8dd2dde76ef0690b726f04ef7aa1d59a2ee669926252f932b5f09df65562d7f1cef8b53da06abd54ef60c07ab32e2573d127f9a |
C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui
| MD5 | b19ffa9b6152c025cf51898f65b0ea7e |
| SHA1 | 142c9423dbe169ce31c60f821a99c8f443d97167 |
| SHA256 | acdfff18d1394faec664035710684269d6c7e0fa504e115cb16a1f840c8598eb |
| SHA512 | 576627c1355e917f6d3c9693f0ab06e1eda96670fe471bf8fee8c1aee03877be0f912ca1515e31541e692d53377f98d0a3553d6a331ab5f9147abee75e559ac7 |
C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui
| MD5 | b20412b218b85f5995aa2f80fc0be11d |
| SHA1 | d0debec5bd2deb73913e7fac1aa51218fe8eddaa |
| SHA256 | 5993893811ea8fc8fd756f0ed8781afc4bab32042e78656ebade4cbd038b361d |
| SHA512 | ae37dded1b450a290ff56c90548b90eaea4c63bcdf0ed9bcb87a0fbade5817e0467a3043baf7f4e9907fd1dff2cd3664c9cd4f89249ea8d3fa34efb43a059428 |
C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui
| MD5 | dcccfb201d86ac77c7da7274d0109dea |
| SHA1 | 9824b48c5828c357989a8a91459d7c312fe2dc0c |
| SHA256 | 08e479ee5b3f6795b51ffbf7fe052033991c0179048b4ec5608f2f739ab8d909 |
| SHA512 | 4bf388d8b3e296e93ff59f532776177a52e5a7e743da21b8ba9828c06b0af6d3660393d933ba4e3a4fdf76783bb12e96924a8185b232905f2f767b3ddbb2f958 |
C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui
| MD5 | 2c32bfebc46befde52b4c6da4728d32c |
| SHA1 | 5664e89be110a8f102667f259a949f32dfb65239 |
| SHA256 | d4170636e603ff306722410ad259647ff53e2bbbb65db994b72fb120fcc5aa72 |
| SHA512 | 4e59abc4bfee25a9e977df66bab7bed26b0755e3c05d899a3ea41909a5e2aae285bbdf73aba10613d4abd0702d9f20ae9e208722e21a8a60905ae1cb82bc94af |
C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui
| MD5 | db2c6da123746ea09aa0e458b7231a03 |
| SHA1 | 65124fc8cb26ecf3872d22bfcc47a4f650bce2b6 |
| SHA256 | f0fb7db5e380c0bb9b89610919b25df3caa8a77b594bba1140f11a63eef9186c |
| SHA512 | d8ca5a2e86b87e919e031b701ad25a80fa391bd8a69ac823efc1649cc8d3a5ba7fed1b6e6c595de18b33d657cb50e5a29d11871ea0b803f7bde91b69fbe1c0af |
C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui
| MD5 | 15a0931ab03adfecab279dfe77879911 |
| SHA1 | a8243f0bee47f2c553af0847da390bbc77459c56 |
| SHA256 | 47c118476fa319c8cfbb7bcfc3f2365fbac4898732b3bae60cc7ee77d112a1e1 |
| SHA512 | 582d4ecd69926f46743f4737d5fa470afdacbfc3054f2ed80f537f617e8cca1da0a9d1c24efc5470c9ef19353defad9ba122d674cd9a981d4cfe5a7ad89bbcee |
C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui
| MD5 | f22564c5cc4af0e3bed05aeb2762d855 |
| SHA1 | 72d8f48904f3d077b39032e1eb640825eb5ac84e |
| SHA256 | 9858320124ccb7fbca12247a43845bfa62da4627d062fcfb67eb77a4b6578df1 |
| SHA512 | b04870b00921ced7e84e6e81c5a6c1f0df30b20665f65cab166643216be107746e940e5a81a911beb7f9264d80813314ac3289b6ddc347ea23960aeb59fbd48f |
C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui
| MD5 | cac2ec75475135a394191d73730f28a0 |
| SHA1 | 5525f0a32f9e1b79ad0df0f5bf8597d4a8dccb0d |
| SHA256 | 1826ba49b65b809c749c3f681e90fb38a0f8177cbf226ea6c56abeaa1675f664 |
| SHA512 | f4fefffe91e8fa59ae2b6f414638a14f2c231a225578bbc11d20823fefceab796a72b7ec80e672b89803d0fb1b05f941c87b2f17129c5703bd96baf58e551393 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
| MD5 | 70546771d934eccaac0ef332cb742596 |
| SHA1 | eb5d935096618613f2e095ce7ce6772a68ac0acb |
| SHA256 | 223df23e83be2ef5c37eeaa8b524d846a0abb6da994255f21834a91775b32c60 |
| SHA512 | b42116a2374a4fa5b1974bbc83e2acf1f42163c3dda59c5d904ee650f8a05096376993fe220f2bbff698e5d3e42646c1561bfbf19e44be3cf3f963d6beefffa5 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
| MD5 | a40c1b0009a6f90f564cdf7c5ffe8392 |
| SHA1 | 978030580e0297978deaf95dfde9b338e3c5223a |
| SHA256 | d330876e8c3e1c4d727aea49858939d7ab5c3f566532315882675be088928052 |
| SHA512 | bbef1b3797470eaef3a0625527b08ad3f2a5b14666226a0e5f520a5c87b71771ccba6d7c2fb1eacf04eee9e787f78a20d14a53e930189f9b7be2f493485c64f2 |
Analysis: behavioral5
Detonation Overview
Submitted
2024-11-14 13:19
Reported
2024-11-14 13:21
Platform
win7-20240708-en
Max time kernel
121s
Max time network
126s
Command Line
Signatures
Deletes shadow copies
Renames multiple (9065) files with added filename extension
Reads user/profile data of web browsers
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\eula.ini.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02740U.BMP | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_zh_4.4.0.v20140623020002.jar.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsImageTemplate.html.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\COPYING.txt | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341344.JPG | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\utilityfunctions.js.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\gu.txt.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\CALSO11.POC | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\bin\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\gadget.xml | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Lisbon.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\Windows Media Player\WMPDMCCore.dll | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\Stationery\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\DEEPBLUE\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SKY\SKY.ELM | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.json.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\flyout.css | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.xml | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\OUTLWVW.DLL.IDX_DLL | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\Events.accdt | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system_m.png | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00416_.WMF.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Urban.xml.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Photo Viewer\fr-FR\PhotoAcq.dll.mui | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\jp2ssv.dll.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0400001.PNG.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Perspective.xml | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0216858.WMF | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0285750.WMF.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0299587.WMF.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\ProtectShow.mpeg2.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\Windows Media Player\es-ES\setup_wm.exe.mui | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\MP00132_.WMF.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-down.png | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SY00560_.WMF | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\Civic.eftx | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_super.gif.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SlateBlue.css | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\System\ado\msado28.tlb | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA00487_.WMF.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\icon.png | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0239943.WMF.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\weather.html | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Flow.thmx | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00166_.WMF | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe
"C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssadmin.exe
vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssadmin.exe
vssadmin.exe delete shadows /all /quiet
Network
Files
C:\ProgramData\biobio ransmoware.txt
| MD5 | 4cca299786028771f81f76d2c8cf2eb6 |
| SHA1 | e475afddad2af29b02cd70281c834bcdaf12e4df |
| SHA256 | 324014b0ad34a853196650fa9a9f1fba91f597f7d7038f144561d68524edc53d |
| SHA512 | 95e156f0e55af7aa6887857f0c54e466ff5f26e802043e717f7e7a0bbc83840d7d745a7b9871e2ef445c85b0d1e482f5d75b2d2ed44aff6bb9da2537b0df584a |
Analysis: behavioral13
Detonation Overview
Submitted
2024-11-14 13:19
Reported
2024-11-14 13:21
Platform
win7-20241010-en
Max time kernel
75s
Max time network
126s
Command Line
Signatures
Detect Neshta payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Neshta
Neshta family
Deletes shadow copies
Renames multiple (6125) files with added filename extension
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| N/A | N/A | C:\Windows\svchost.com | N/A |
Loads dropped DLL
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\F5657AC3DC58DC8C.exe | N/A |
Reads user/profile data of web browsers
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\de-DE\gadget.xml | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent_partly-cloudy.png | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACETXT.DLL | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SLATE\THMBNAIL.PNG.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\logo.png | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Microsoft.mshtml.dll | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00194_.WMF | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15061_.GIF | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\GRAPH.EXE | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterRegular.ttf | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0105974.WMF | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\CollectSignatures_Sign.xsn | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PUBBA\MSPUB1A.BDR | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\NEWS98.POC | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prcr.x3d.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\NL7Lexicons0011.DLL | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLENDS\BLENDS.ELM.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\AdjacencyResume.dotx | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\TipBand.dll.mui | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\APPTL.ICO.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\Form_StatusImageMask.bmp | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099201.GIF | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143743.GIF | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Windows Media Player\it-IT\wmpnssui.dll.mui | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-2.png | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\EXP_XPS.DLL.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0152716.WMF.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\unpack200.exe.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Windows Media Player\ja-JP\wmlaunch.exe.mui | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0287018.WMF.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\deploy\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\gadget.xml | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\RSSFeeds.html | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\EnterUnregister.tmp.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0300862.WMF.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\IRIS\THMBNAIL.PNG | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\alt-rt.jar.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\RSWOP.ICM | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA02124_.WMF.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE03331_.WMF | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\prism-d3d.dll | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sq.txt | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\NAMECO~1.EXE | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA00042_.WMF.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA01472_.WMF.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00190_.WMF.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\OUTLPERF.INI.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18219_.WMF.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Paper.thmx | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\EMABLT32.DLL.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PPTIRM.XML.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE02262_.WMF.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGMN001.XML | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\JOURNAL\JOURNAL.INF | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\READER~1.0\Reader\LOGTRA~1.EXE | C:\Users\Admin\AppData\Local\Temp\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0281638.WMF | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\F5657AC3DC58DC8C.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\svchost.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\vssadmin.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\vssadmin.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\vssadmin.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\F5657AC3DC58DC8C.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: RenamesItself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\F5657AC3DC58DC8C.exe
"C:\Users\Admin\AppData\Local\Temp\F5657AC3DC58DC8C.exe"
C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe
"C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
C:\Windows\SysWOW64\cmd.exe
C:\Windows\System32\cmd.exe /c vssadmin.exe delete shadows /all /quiet
C:\Windows\SysWOW64\vssadmin.exe
vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
C:\Windows\SysWOW64\cmd.exe
C:\Windows\System32\cmd.exe /c vssadmin.exe delete shadows /all /quiet
C:\Windows\SysWOW64\vssadmin.exe
vssadmin.exe delete shadows /all /quiet
Network
Files
\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe
| MD5 | 4280ea83cdb85a8b0b347caff5b942f8 |
| SHA1 | 057a37245944517cd8646780e26f2c5feb268145 |
| SHA256 | f8398f4297b8ccfefe5565e65fff65d6d969b35cd2ac4e693b1959896beca3dd |
| SHA512 | b34b870ab411bc09449fd41f58e6b4666ef5927fe93a635b1269972a556e0b84c4a0205ea2512927960f4cd95804d31404d39a9bd1768eef6130b68b01847f8a |
C:\MSOCache\ALLUSE~1\{90140~1\dwtrig20.exe
| MD5 | cf6c595d3e5e9667667af096762fd9c4 |
| SHA1 | 9bb44da8d7f6457099cb56e4f7d1026963dce7ce |
| SHA256 | 593e60cc30ae0789448547195af77f550387f6648d45847ea244dd0dd7abf03d |
| SHA512 | ff4f789df9e6a6d0fbe12b3250f951fcf11e857906c65e96a30bb46266e7e1180d6103a03db2f3764e0d1346b2de7afba8259ba080057e4a268e45e8654dfa80 |
C:\Windows\svchost.com
| MD5 | 36fd5e09c417c767a952b4609d73a54b |
| SHA1 | 299399c5a2403080a5bf67fb46faec210025b36d |
| SHA256 | 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2 |
| SHA512 | 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92 |
C:\ProgramData\biobio ransmoware.txt
| MD5 | 3e08144c681309544d6795b31a9a968c |
| SHA1 | 926d41074691d13ca0d0c9df3061a7b2b0fc5761 |
| SHA256 | e68ce3e30f06d6648ac37d753f90e6aa1e150934d63171bbc6fa6ae14d944fe7 |
| SHA512 | f42e1ce8226a2e7457098f5991cea712806eb5a543eb126981e44be0311904ed483de7c9938fef8a46716e2f207551eaf62cecef9a99e2e84e0a6c0355969353 |
\Users\Admin\AppData\Local\Temp\ose00000.exe
| MD5 | 9d10f99a6712e28f8acd5641e3a7ea6b |
| SHA1 | 835e982347db919a681ba12f3891f62152e50f0d |
| SHA256 | 70964a0ed9011ea94044e15fa77edd9cf535cc79ed8e03a3721ff007e69595cc |
| SHA512 | 2141ee5c07aa3e038360013e3f40969e248bed05022d161b992df61f21934c5574ed9d3094ffd5245f5afd84815b24f80bda30055cf4d374f9c6254e842f6bd5 |
\PROGRA~2\Adobe\READER~1.0\Reader\LOGTRA~1.EXE
| MD5 | 9e2b9928c89a9d0da1d3e8f4bd96afa7 |
| SHA1 | ec66cda99f44b62470c6930e5afda061579cde35 |
| SHA256 | 8899b4ed3446b7d55b54defbc1acb7c5392a4b3bc8ec2cdc7c31171708965043 |
| SHA512 | 2ca5ad1d0e12a8049de885b90b7f56fe77c868e0d6dae4ec4b6f3bc0bf7b2e73295cc9b1328c2b45357ffb0d7804622ab3f91a56140b098e93b691032d508156 |
C:\MSOCache\ALLUSE~1\{90140~1\DW20.EXE
| MD5 | 02ee6a3424782531461fb2f10713d3c1 |
| SHA1 | b581a2c365d93ebb629e8363fd9f69afc673123f |
| SHA256 | ead58c483cb20bcd57464f8a4929079539d634f469b213054bf737d227c026dc |
| SHA512 | 6c9272cb1b6bde3ee887e1463ab30ea76568cb1a285d11393337b78c4ad1c3b7e6ce47646a92ab6d70bff4b02ab9d699b84af9437b720e52dcd35579fe2693ec |
C:\MSOCache\ALLUSE~1\{9A861~1\setup.exe
| MD5 | 566ed4f62fdc96f175afedd811fa0370 |
| SHA1 | d4b47adc40e0d5a9391d3f6f2942d1889dd2a451 |
| SHA256 | e17cd94c08fc0e001a49f43a0801cea4625fb9aee211b6dfebebec446c21f460 |
| SHA512 | cdf8f508d396a1a0d2e0fc25f2ae46398b25039a0dafa0919737cc44e3e926ebae4c3aa26f1a3441511430f1a36241f8e61c515a5d9bd98ad4740d4d0f7b8db7 |
C:\MSOCache\ALLUSE~1\{9A861~1\ose.exe
| MD5 | 58b58875a50a0d8b5e7be7d6ac685164 |
| SHA1 | 1e0b89c1b2585c76e758e9141b846ed4477b0662 |
| SHA256 | 2a0aa0763fdef9c38c5dd4d50703f0c7e27f4903c139804ec75e55f8388139ae |
| SHA512 | d67214077162a105d01b11a8e207fab08b45b08fbfba0615a2ea146e1dd99eea35e4f02958a1754d3192292c00caf777f186f0a362e4b8b0da51fabbdb76375b |
C:\PROGRA~2\Adobe\READER~1.0\Reader\A3DUTI~1.EXE
| MD5 | 831270ac3db358cdbef5535b0b3a44e6 |
| SHA1 | c0423685c09bbe465f6bb7f8672c936e768f05a3 |
| SHA256 | a8f78ac26c738b13564252f1048ca784bf152ef048b829d3d22650b7f62078f0 |
| SHA512 | f64a00977d4b6f8c43f53cee7bb450f3c8cbef08525975055fde5d8c515db32d2bfad92e99313b3a10a72a50dd09b4ffe28e9af4c148c6480622ba486776e450 |
C:\PROGRA~2\Adobe\READER~1.0\Reader\ADOBEC~1.EXE
| MD5 | eef2f834c8d65585af63916d23b07c36 |
| SHA1 | 8cb85449d2cdb21bd6def735e1833c8408b8a9c6 |
| SHA256 | 3cd34a88e3ae7bd3681a7e3c55832af026834055020add33e6bd6f552fc0aabd |
| SHA512 | 2ee8766e56e5b1e71c86f7d1a1aa1882706d0bca8f84b2b2c54dd4c255e04f037a6eb265302449950e5f5937b0e57f17a6aa45e88a407ace4b3945e65043d9b7 |
C:\PROGRA~2\Adobe\READER~1.0\Reader\Eula.exe
| MD5 | e1833678885f02b5e3cf1b3953456557 |
| SHA1 | c197e763500002bc76a8d503933f1f6082a8507a |
| SHA256 | bd9a16d8d7590a2ec827913db5173f8beb1d1ef44dab1920ef52a307f922bc14 |
| SHA512 | fe107e1c8631ec6ac94f772e6a7be1fdc2a533fe3cfcf36b1ff018c8d01bd7f1f818f0a2448f736838c953cd516ea7327c416dea20706ed2420327af8ef01abe |
C:\PROGRA~2\Adobe\READER~1.0\Reader\AcroRd32.exe
| MD5 | 3ec4922dbca2d07815cf28144193ded9 |
| SHA1 | 75cda36469743fbc292da2684e76a26473f04a6d |
| SHA256 | 0587fd366ea7e94b3ae500874b1c5d684b5357fcc7389682d5a13c3301a28801 |
| SHA512 | 956c3a1f2689cb72600edd2e90d652b77592a8a81d319dce026e88f6c02231af06aebd57d68460eb406de00c113522173423cb1b339a41a3918f379c7dc311f7 |
C:\PROGRA~2\Adobe\READER~1.0\Reader\ACROBR~1.EXE
| MD5 | 8c4f4eb73490ca2445d8577cf4bb3c81 |
| SHA1 | 0f7d1914b7aeabdb1f1e4caedd344878f48be075 |
| SHA256 | 85f7249bfac06b5ee9b20c7f520e3fdc905be7d64cfbefb7dcd82cd8d44686d5 |
| SHA512 | 65453075c71016b06430246c1ee2876b7762a03112caf13cff4699b7b40487616c88a1160d31e86697083e2992e0dd88ebf1721679981077799187efaa0a1769 |
C:\PROGRA~2\Adobe\READER~1.0\SETUPF~1\{AC76B~1\Setup.exe
| MD5 | 2f6f7891de512f6269c8e8276aa3ea3e |
| SHA1 | 53f648c482e2341b4718a60f9277198711605c80 |
| SHA256 | d1ee54eb64f31247f182fd62037e64cdb3876e1100bc24883192bf46bab42c86 |
| SHA512 | c677f4f7bfb2e02cd0babed896be00567aad08304cbff3a85fcc9816b10247fedd026fee769c9bd45277a4f2814eabe6534f0b04ea804d0095a47a1477188dd6 |
C:\PROGRA~2\COMMON~1\Adobe\Updater6\ADOBEU~1.EXE
| MD5 | 7ce8bcabb035b3de517229dbe7c5e67d |
| SHA1 | 8e43cd79a7539d240e7645f64fd7f6e9e0f90ab9 |
| SHA256 | 81a3a1dc3104973a100bf8d114b6be35da03767a0cbbaf925f970ffcbe5f217c |
| SHA512 | be7fcd50b4f71b458ca001b7c019bf1169ec089d7a1ce05355134b11cbe75a5a29811f9efec803877aeb1a1d576ea2628926e0131361db23214275af6e89e80c |
memory/3052-1175-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2852-1176-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3052-1897-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2852-2038-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3052-2790-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2852-2927-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3052-3693-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2852-3807-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3052-4820-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2852-4897-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3052-6193-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2852-6196-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3052-7039-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2852-7170-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3052-7576-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2852-8543-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2852-10147-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Windows\directx.sys
| MD5 | e636a121fd722eb592a523bbe66f6cb0 |
| SHA1 | 2fa150c33de1c4ae310f48cd120f8be5dfbfc596 |
| SHA256 | b976f9b5432964c150e6132078453c221610b72eadeeda5b1b449dac60d34830 |
| SHA512 | e72835defe700af546d7aa088248d90519f06f04acd1adc32db2ac5f641161499a48b3f636a6f5c2b764cd3e45dfbb303be67cc9d88b591ce793a69352f9419c |
memory/1816-11481-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2852-11482-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2852-11484-0x0000000000400000-0x000000000041B000-memory.dmp
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-14 13:19
Reported
2024-11-14 13:21
Platform
win10v2004-20241007-en
Max time kernel
100s
Max time network
139s
Command Line
Signatures
Deletes shadow copies
Renames multiple (11292) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
Reads user/profile data of web browsers
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-200_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Input.Manipulations.resources.dll | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NetworkInformation.dll.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\NL7MODELS000C.dll.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TinyTile.scale-125_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\GlobalMock-B.Tests.ps1 | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\selector.js | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\release | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\List.txt.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ar-SA\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\GameBarTasks.winmd | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Resources.Extensions.dll.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-200_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_es_135x40.svg.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_~_8wekyb3d8bbwe\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\MSB1CORE.DLL.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8es.dub.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.dll | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\zh-tw\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.2_2.2.27328.0_x64__8wekyb3d8bbwe\AppxManifest.xml | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\demux\libreal_plugin.dll | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-30_altform-unplated_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MedTile.scale-150_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-white\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\US_export_policy.jar.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-il\ui-strings.js.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\bci.dll | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-30_altform-colorize.png | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-16_altform-lightunplated.png | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\models\es-ES.PhoneNumber.ot | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\legal\javafx\mesa3d.md | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNewNoteMedTile.scale-150.png | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.27629.0_x64__8wekyb3d8bbwe\AppxMetadata\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_download_pdf_18.svg.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-pl.xrm-ms | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.Forms.dll | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarSplashLogo.scale-300.png | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\Microsoft.VisualBasic.Forms.resources.dll.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedSplash.scale-200_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\legal\jdk\freebxml.md.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp3.scale-125.png | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderMedTile.contrast-white_scale-100.png | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-oob.xrm-ms.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGMGPUOptIn.ini.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File created | C:\Program Files\Common Files\System\ado\ja-JP\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlSerializer.dll | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOHTMED.EXE.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ppd.xrm-ms.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-48_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.Xml.dll | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\ChronologicalLetter.dotx.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-memory-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLEX.DAT.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Primitives.resources.dll | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationCore.dll.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\th_get.svg.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\lib\ext\meta-index | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4748 wrote to memory of 216 | N/A | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | C:\Windows\System32\cmd.exe |
| PID 4748 wrote to memory of 216 | N/A | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | C:\Windows\System32\cmd.exe |
| PID 216 wrote to memory of 2792 | N/A | C:\Windows\System32\cmd.exe | C:\Windows\system32\vssadmin.exe |
| PID 216 wrote to memory of 2792 | N/A | C:\Windows\System32\cmd.exe | C:\Windows\system32\vssadmin.exe |
| PID 4748 wrote to memory of 1948 | N/A | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | C:\Windows\System32\cmd.exe |
| PID 4748 wrote to memory of 1948 | N/A | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | C:\Windows\System32\cmd.exe |
| PID 1948 wrote to memory of 3976 | N/A | C:\Windows\System32\cmd.exe | C:\Windows\system32\vssadmin.exe |
| PID 1948 wrote to memory of 3976 | N/A | C:\Windows\System32\cmd.exe | C:\Windows\system32\vssadmin.exe |
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe
"C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssadmin.exe
vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssadmin.exe
vssadmin.exe delete shadows /all /quiet
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
Files
C:\ProgramData\biobio ransmoware.txt
| MD5 | 91fa1053207971e936e6bbad0c7e8c27 |
| SHA1 | 61a6300d327ae6eb276c6143f65a58c8f269a67e |
| SHA256 | f26d98cae64be561f1260f5cd1c2974a6dce9ffca484461b985ae1107198848d |
| SHA512 | b2794993d695cb6950eaa65eecd44dfd4f8ee297dfbd0ef26532fa9f60639c466bacd18e557798e3e28535f4812f1e928bd4862d6bc39a3f014465836d88b832 |
C:\Program Files (x86)\Internet Explorer\de-DE\iexplore.exe.mui
| MD5 | e1e3d38e3782a84a0dd6ca585c470363 |
| SHA1 | 96febb91f31818fca9325d0d0c50a28aee3d9706 |
| SHA256 | 65a25ef66041547b6964343bb2fdb0813ab43e36edf2f473027ec3d6d02a8b17 |
| SHA512 | 9810c98af68602ff90938e54dca7e5590474fdd4e24920fd91949b684d39fe592e963984aedfe016118107e74c07fb2bd117ddf769f48be97f32fb2d09d3fb3d |
C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
| MD5 | 0d79620663725ae34e8a0194e0b2a85c |
| SHA1 | b1b43e4eebe267378374beec113dc3656ae7c2de |
| SHA256 | b30a8f06a212753625f4d01f4b0595d515b5ff7855fae1dcbe586a8bab8cdfac |
| SHA512 | 4c89e9f327407bd9f19492752a4aa31557a150a98761cf17b0a23d63bab6293db96ad8a9cff67ab9e4c3e5ee8af1273b3d287952a131b171be65a5f0524aa6ab |
C:\Program Files (x86)\Internet Explorer\es-ES\iexplore.exe.mui
| MD5 | 4ba9de578e7bf12708e47cb6ab7d447e |
| SHA1 | 762793acf7f632d936ee32efd212d60cb9b7b64d |
| SHA256 | 173ec397b931e96d31a53c1a0512581092622cec0fe8bc8dc3694e3a34afc058 |
| SHA512 | befc8dd17c33c15da2b0954b48d67b00c569a7f06f08718d8ba1008d510e725c50af49d6cea222d627dcad8ead25a46fe27a4fca530aeab400afd5887707d6f5 |
C:\Program Files (x86)\Internet Explorer\fr-FR\iexplore.exe.mui
| MD5 | 77968b32b7f6669fd21f1ce6ab761345 |
| SHA1 | c2ca59456b3babcb0ab12275ecdf7288c206b317 |
| SHA256 | eca1dd64b1ee2ef15d54678f3fb6d13055ce283023310935964cce154d2c45d3 |
| SHA512 | 4bbfe414c177ae8e8f07975cbcd7a945cee9886bc7e49c986f62f321919454b126195ceff5241ef9bf4e8cc4a7fa42c5b407114466e1aeae5129d2c326faad3a |
C:\Program Files (x86)\Internet Explorer\it-IT\iexplore.exe.mui
| MD5 | 93948ec3c22a7844b763e24841a6fe97 |
| SHA1 | af4663f59e19a37f7c8c559751b1133751480a36 |
| SHA256 | fef882482ff8aa81315bf102c384f16d30eb17e571c48a21c0339774589595ae |
| SHA512 | 1ea4c5a6a8a2c1466f651dcb403a48c21320ea5af9ddd50000845244ca694295cf39e0f87dc0da5daedc072593a8b8e4c4e1a13be6f0f342aa0cbe49a820289c |
C:\Program Files (x86)\Internet Explorer\ja-JP\iexplore.exe.mui
| MD5 | 15dcfe9297981b120faabffef3a92878 |
| SHA1 | 81053d79f187d6d5b03fddc00bc236c05a59f0d8 |
| SHA256 | 21bd40f0d8317fef41d458bb42175f0f50beba399f6b2d9c4265b31a53510e66 |
| SHA512 | aeb59db3fdd314916e9d8e999474cb794e9c4d8fa9162154820eacf758a17cafedc8e2f3b9f1ef7fe8f6ca982c53cf2ab4c326782dd63a43af4a53dd93ed057e |
C:\Program Files (x86)\Internet Explorer\uk-UA\iexplore.exe.mui
| MD5 | 60ba84e189ff28613dd18fb729dfde02 |
| SHA1 | c30020a05cb3be0afb181ed3761709df508c6a8e |
| SHA256 | 4029a0659f6f0902da6ff1fa1e172b1f426c91932e0c00e33261064829fa543e |
| SHA512 | 64c12d9ff8611d6191adc8a8b512af25989676d7b5ca10d20e6dbf36079fd2498960e3244bfcbd8078407449e51736a360930464ceca969d71d421bd951067bf |
C:\Program Files (x86)\Windows Defender\de-DE\MpAsDesc.dll.mui
| MD5 | 116569f5dcf5fcee7a91cf6be7a62c9b |
| SHA1 | 8b2ecba28b0d8e164ee13d2885905ae8670159e8 |
| SHA256 | 083045c451cd2d1f9044180d892deef629afb87f69961c07c8ab6a8c45821dbb |
| SHA512 | 5bf28b36fcc8481a920ac411616db7f0e66107790e10d8637cc7164353e6c2667a1ed5cb9258124989e38fd6ea8cdb6e913ad5a8188634892636e104d17cffd1 |
C:\Program Files (x86)\Windows Defender\de-DE\EppManifest.dll.mui
| MD5 | a3b0e2e54d0622bc846216cc18f7ce12 |
| SHA1 | 4831b5030eb8b76621e4d9f8c04e3ca961229a9b |
| SHA256 | b181d7e4c5bd8d04beba862e056f8b7bc916378a02f722eafac6621ad3b35973 |
| SHA512 | c002430bb547d2355d9636de7431f17fd27ac360ab7a92b6045249290a8218b7807812943025fd0842c3b6f19634fccaa2c9a1aee402d2cc9ef704e5a2c7dd87 |
C:\Program Files (x86)\Windows Defender\fr-FR\MpAsDesc.dll.mui
| MD5 | 77485aebdadbb0edccaf349f600f32ed |
| SHA1 | c142ff70a2cfb0d1e02a3c3289b89847283c8b55 |
| SHA256 | 6ffb62599f69a5153844e3440f019eab513decb926a8deeaa4e55567904408f2 |
| SHA512 | 5dbf3ed4a8c70e8f291825c70213bf60c2c30be16ec3c364ca1d9858c614d63c1ad2b0ac2c1133b4e215e1f6569aa4b8d49c2014b4b3ba515fa8baeda3cc9ddd |
C:\Program Files (x86)\Windows Defender\fr-FR\EppManifest.dll.mui
| MD5 | 262dc3b7acd2a263f2a68008d5481617 |
| SHA1 | 182980578c28ac76b09e84c0238c70d50f9ce4f0 |
| SHA256 | 6f8ef06d79faf40d4e92d40e85c674dbbb6793fb05758f156dc263f36bb5b752 |
| SHA512 | 4a5c17171a7b1299d956c6783888d4c750a05ee1a643bcf30492373316a4191149114df28f499cdecdebf426f5c96b0ce4a45b2f1b4b5f1c9a5eb3cb46e9db53 |
C:\Program Files (x86)\Windows Defender\es-ES\MpAsDesc.dll.mui
| MD5 | 285f415092a8ad0ce641f5798880d432 |
| SHA1 | 3e56fe0618c60607821558e0bc11e28604156e04 |
| SHA256 | 4cbf3686b9586d66c704338c86ae5404421532840fc16a8d1f3aa03cbb092213 |
| SHA512 | 3cff70d898db314d96821353cdd769c224d00b0f3c6bb98a6a24c32446170de92519617fd9e28afbbc92eff75ba22b1f776a072da573a6796d05a226ec739dee |
C:\Program Files (x86)\Windows Defender\es-ES\EppManifest.dll.mui
| MD5 | ea7755e1bbbc6ea1cc1d507c2f8d7dc5 |
| SHA1 | 6be05a6d8efb23d8bb38596d370e11b93c6b2564 |
| SHA256 | 0c7299a09d8a9e8ca04e3f479f8de4d170f26a9ec4bbebeff70e69ac39272d67 |
| SHA512 | 839ac92cb3e83517ed6264b96ec44191a92aadefa9a628be79de2b4bd1ba26081a165762d3a2bdea31c55561f78462867e336ed8be1d0913a613e82b68c89fac |
C:\Program Files (x86)\Windows Defender\it-IT\EppManifest.dll.mui
| MD5 | 8039ea3a2169111b0821cd4c14c2a688 |
| SHA1 | 3fe062d4f679df3b86c7b9340626b3ff4b3f410d |
| SHA256 | e72715a3321a303527a193c29953202c5dc65f566348bd9c06991246f01d2503 |
| SHA512 | b2b06647016e72ddd693d133214bc74791fef3182a9e252e7506c10055b78e408e59f7a51c2108646e3fffe348bc6e6e76497ef76798fabe6080d07677d565b4 |
C:\Program Files (x86)\Windows Defender\it-IT\MpAsDesc.dll.mui
| MD5 | 46a84caac7bca143fd8964057e54a818 |
| SHA1 | 75e4590a51cc61e5de13621d122868fd0db5d9f4 |
| SHA256 | 6f701e7b2d133819993a1009a791a97b9eeb51af0b7340dacb1d87d25cc3e175 |
| SHA512 | ef38d6942c875c6e29fdc2021be4869ea33d53178b970cc948997fbd64f95b894b3e440899498374559b24c0be21df7c6fc98800305a85e95067619dfa63a4ae |
C:\Program Files (x86)\Windows Defender\ja-JP\EppManifest.dll.mui
| MD5 | a10bb0bc26acd5bd76d04d98985faef2 |
| SHA1 | 9fee3795c9b4c6c0c6a07f08044fc40478cd2338 |
| SHA256 | 77f682d0f81f03346006d5e8bc7fb11323ef35774305d2ca846b6bb913b8de94 |
| SHA512 | b9ddd443e6a4399d39ead727c6e6381bc35525e86f9efda888b78284b6c0b440001e088ba08da5e9ddcb3d96750dc49904bde231b5080371818637004d62515f |
C:\Program Files (x86)\Windows Defender\uk-UA\MpAsDesc.dll.mui
| MD5 | 4f0cb5fb4d841ee52aa93ec63f24da9d |
| SHA1 | 6937cfe1222c7082586dfeccf113befe7b888f4e |
| SHA256 | 2c0e99fdcb01c2d6ecb89210b64606cbc8b9efe5f3879bd232987e915de9e9cf |
| SHA512 | 62ae286a0f0949ee0052497eb488763e9edf9101a06d90f64d21793c754da0557d5beaf57ec369e13f00c4cc0d58e8be2ce3fefc35ec84a41742bba6714a0be3 |
C:\Program Files (x86)\Windows Defender\uk-UA\EppManifest.dll.mui
| MD5 | cff44fecc88139021c65790c6d561188 |
| SHA1 | d14e23af971d5a2b5f096329c9134d76b874ef36 |
| SHA256 | 4c949fdfb814ce8d883810e8829ace3d41906e59129c33adb717516e59dbe601 |
| SHA512 | 6e772239afd97058ba4a4329ee78027c3cb7a1d81969e9ea551f4c93a3354e44fdbc025302e50451d7459776888d964dc9bf0c03beca5b3e0ec112b496f347c8 |
C:\Program Files (x86)\Windows Defender\ja-JP\MpAsDesc.dll.mui
| MD5 | df691bb56df3cabe5e339fea0e430c0a |
| SHA1 | 066b649ddd02c8b150fa4bae465781b6faf533e0 |
| SHA256 | 4e341d909999f646d4a788078d9bc24f4f01724ef1aa6ca2f1648984fb068497 |
| SHA512 | ddcc7a44e345225bcdaf8ef68bfea490db2ca7554a011c773e1058e7c8bfaa161cec4a927d6fabee59638d7ed5d7bb947d162000b3c25d9fea123029a8d611e6 |
C:\Program Files (x86)\Windows Media Player\de-DE\wmpnssui.dll.mui
| MD5 | fdaf0ece38b0f0d5f4c6f5e8f9141e37 |
| SHA1 | 7047060d3d0553e45030f7a2a36bbe5169b1f697 |
| SHA256 | 2920b0d016290fdea5f4259809b70da63b93991d74962c771e5b8dcbce018342 |
| SHA512 | e60b72e02bc1c8208c01ebc6a865e628eaf6f723633054df3471621755d576db9ac37804f8bb1ae8d07b0a532e7f27d3d3927d08067a1a37f605a03693b9f759 |
C:\Program Files (x86)\Windows Media Player\de-DE\wmpnssci.dll.mui
| MD5 | 48b1158cac383f3b9dfab4e78212b316 |
| SHA1 | d79758687658742facd4863389487254f3c0a973 |
| SHA256 | 9e3ab0531200c5246e3ca3a0221e141259af6366ee82b28780577c8ec9e764e9 |
| SHA512 | e07ba4f9a8da6b2f293c5c1a4f0433b695d42dba312c31d2595cf7dd37f83f6bbcd1674ad4aad8876647244af07f6fef85ab3d378fcace6024584eaa747e7917 |
C:\Program Files (x86)\Windows Media Player\en-US\setup_wm.exe.mui
| MD5 | 4515174fa7a4a8b5ed82ccd256459a13 |
| SHA1 | a121566a0dc7678a184e5d7ed37c7f64246c85a2 |
| SHA256 | 7e96393f9da97864cd624888eff32e14456b45c33327ab35d34dddf8762fc9c2 |
| SHA512 | e0a4f50d5bfe328b0b573f72986e34eb34bc6d5371b6760fda753eaf7aead83bd05f48ad3d116d09609911aedf6b5715bd64dc8bc9e4551a6be1b62c336a649b |
C:\Program Files (x86)\Windows Media Player\es-ES\wmplayer.exe.mui
| MD5 | edb99ee082cd179d9835b347e6fc175e |
| SHA1 | 94ce930f6dd258a702b09769007750399bbfc167 |
| SHA256 | 759835fdbb7274d0481b957874880edb3dbcb4edf30fa6c9c0a01e2c0d3fe1a2 |
| SHA512 | e5f1dab623efafc87621bfe94581caf1108042876f4d57effe7fbcc97774cbdeef2d63dbaeab2830dad1f389b7a1194abf822bea4d6b16e885ab154d6eaa2c77 |
C:\Program Files (x86)\Windows Media Player\es-ES\wmlaunch.exe.mui
| MD5 | b231fce16cdfea162c359b486097c017 |
| SHA1 | 74620de97cbb8157ac4afac2f45491a95e3bdb91 |
| SHA256 | 3cd1301b62be6a55b07c14edb7a149bc3a38afcbe62b91c67431972d398bb677 |
| SHA512 | 3340a63e5f5800f02f5f2b12cace32aac3df89218ab2a2601e5bc63aeffbb33a88a5793abaeb6366c9c0dbdb8ca1634584187b6412130190b1e5703b49830046 |
C:\Program Files (x86)\Windows Media Player\es-ES\setup_wm.exe.mui
| MD5 | 6258c648df952fc0829e3014d59cfaaa |
| SHA1 | 464ee7bb75baa4be8e9dc065e6278f5b1d7c95c1 |
| SHA256 | edf8e92d5003ba8cd0840ab45ef7a268cbf694b191cdff630e0bd827966cad8c |
| SHA512 | 019f1819eeca8058ba65695694acdb459f1370b000b0f723814f3d24e8deac567789d36b2fd0c6af3015e34477dc8f2dae2c6ec14c926eb15e74740c59d4b740 |
C:\Program Files (x86)\Windows Media Player\es-ES\mpvis.dll.mui
| MD5 | 1793c54c62ad374c2bda8b7a819466e9 |
| SHA1 | 84328800957cf2a6aa68d3d4fa9ae22c8d681a10 |
| SHA256 | e89d803b367f991296694e09951a70bdd591c4d54e483dafb2052f52e9b19e4b |
| SHA512 | ee76cea4a70b50c30db0689ebd28a72f114d331c4bfdd97a7c49c5f8a02877d2c074275c9decdf09d98f345a84a7157bcc295e1c2f3428c851c89615efdc31c6 |
C:\Program Files (x86)\Windows Media Player\en-US\wmpnssui.dll.mui
| MD5 | d3e8d867b1316003c8ec992df1a4c4dc |
| SHA1 | 132faabb1687c6c3ccd9099899ebefd213bc9c35 |
| SHA256 | 0e438140dfb177f3bb4769fc6cfe64a080e0b6830cd124c96331079bc8caf8a6 |
| SHA512 | 99860f94e723059a831e7e67a1aae6a771dd28055903a6578712ff47121fcefcb0ff68589b60b932a899cd1a99402ebc0b49e6a2e72799520e6f6815842c05d3 |
C:\Program Files (x86)\Windows Media Player\en-US\wmpnssci.dll.mui
| MD5 | dd6c2228ec5fdbe1fe0be212953d3c3d |
| SHA1 | e277594f4f5a0bd7b061510cc7e6f4aaafb3d92c |
| SHA256 | 8dbef8a6e7d5949e04af1d6fe996546d6fa6fbb69ec05874b8994da19c9d37b3 |
| SHA512 | 67f2ea85f125569fb69cd287fcbc3be3dfca5b6c04b11f82eafa63743e316e9852b9c51e997fd0239bba43e403af2991d3c11c563c4c9df8594d9d6ee74b4636 |
C:\Program Files (x86)\Windows Media Player\es-ES\wmpnssui.dll.mui
| MD5 | c155d1344039930e2577345e3b716803 |
| SHA1 | e4d2fa15143d5e61be1de659f0f788e40b388da6 |
| SHA256 | 0507d63da72fab4ba8d61b96283f173e7ecaaa6c0dc9df17ff868f000e7242cb |
| SHA512 | bb6b95a1fe24cf6cc2d27c0acfb3ca87191b9d077b9b25742934a045d8f45cc7ec3b04b232080a922b52b4639e1396673c20af6f458efefdbddcdc74c8c2ffd5 |
C:\Program Files (x86)\Windows Media Player\it-IT\wmpnssui.dll.mui
| MD5 | af84d30dcde1c64b31cdb454bf2ed312 |
| SHA1 | f61035c13fe4eec768fa4e544a919e78275a9819 |
| SHA256 | 0c1a4c975bc892299f8ae6cdcdbb2ea9e01af0716cbc6e3ac80b352c0fdcaa69 |
| SHA512 | ac058df8782c44f388aad75d379153a23693d985cac2f0f0dfea27dec46ffb22e50aff74dc5bed7d7506db63acd084b07c82392bfa84a5f5c710650a93f249ab |
C:\Program Files (x86)\Windows Media Player\ja-JP\wmpnssui.dll.mui
| MD5 | ac9d6d40966b5ad9a066feab52f6b7d3 |
| SHA1 | 36656f04bc43d73405aee9a18c122af414156117 |
| SHA256 | 258fd90f5bb9e4e59656e20eb8f01eaf9e0cb424a3a26b2fbc630099e3c946f4 |
| SHA512 | 479002feeb03f85a40cac971c0e8511e7ee4830c1f772238c8a034bb7654b69c495224681881d8d02ceef7dd19696bb3b5c21fec9afded19a9f80144918a8b4d |
C:\Program Files (x86)\Windows Media Player\ja-JP\wmpnssci.dll.mui
| MD5 | 162986ebc1f7e9199f1eeff2b42c00a9 |
| SHA1 | a4a465d752f8a05df0c0fba05ccc21867a44c294 |
| SHA256 | b4ff198e91ab50c5c9409b1f5e706d11a9f23428b92f988d2cfbcb37b62b1eab |
| SHA512 | c3532305c7cfde21a295150bfe8a11650c25180e9b3dc381b327d6bd06a23f42f5a487b16f44877484579891472cf5e84658676ea8fbc1be4ed141ea599c02d8 |
C:\Program Files (x86)\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui
| MD5 | 4b91cb2ca087683687ecdb805fa8b613 |
| SHA1 | c1450c8fbe6fa2064b0ac862268c516e97ae2c39 |
| SHA256 | 2bdd67348b3bfebb1db80ed72af01b9534dd51937088caea1681a740d28e67a9 |
| SHA512 | ab9e8b37d247b3e2c521a315faa15693e52d490cfc75e355c4849279bfabf6895c37b21fc3e3a387b6fc3126f4668b310872143e59c28a528d7bdc6ec326f23b |
C:\Program Files (x86)\Windows Media Player\ja-JP\wmplayer.exe.mui
| MD5 | f3312db596ae4d53067ca8aa1ad1781a |
| SHA1 | f2ae56182b0e8aa82cf11177a1779ec10de220ae |
| SHA256 | 22371c4622ed471e2a947a75787d30170c8b59a7832d533472a3d45c4b5b57c3 |
| SHA512 | ae697d2dcd73e092df5c90f583ba7a024a96332dbc146ad71d2ed3fc544e22ffa7d9fe32110eebf6920fb0af451f0c217f171f74a9f4ce3f4c078fd784140544 |
C:\Program Files (x86)\Windows Media Player\uk-UA\wmpnssui.dll.mui
| MD5 | 15dc1abfd3e3cf25274bb8ec9e52f4f0 |
| SHA1 | 804851de93e284a688fff1d13adf379c35b4f1e8 |
| SHA256 | 073d6be0fbc285f59d8627f968f0c10731d9e66f360fbb6384c5aabfbb13502e |
| SHA512 | d459b7a48b6006e45c28c1e48d46d1fb7b3e20a7d19cb28eee39206cbc520c6cc6b8fd24da6a58748a17db9d6169863b72f9794c3306ae6a03eac346698a45df |
C:\Program Files (x86)\Windows Media Player\uk-UA\wmpnssci.dll.mui
| MD5 | 1e25c290344f9e51cc6741bd343e806f |
| SHA1 | 007e047eaab771895849c97519a97755fef3d93f |
| SHA256 | 8c48d8ddc25a262da31624a895347212553e0ce3f32bc6a671a00a99a41f434e |
| SHA512 | b3cf88c7e327af249db36df9f18152d424d9fb84ddea7d15f9dbba751a1d9a43ba94032c8ad4c8e38613ae605aa6a847c27931688408c6d05388763401f735b7 |
C:\Program Files (x86)\Windows Media Player\uk-UA\wmplayer.exe.mui
| MD5 | 6b428e00b5aceba3e6f1511a13ea804f |
| SHA1 | 7e974a5d782ccfda7b9a288e378862460b7e9c4f |
| SHA256 | 44049a1f89cf75fa14bee91227c7f6fa0914d1d66e1bcf17e6ed80cfb376d3b8 |
| SHA512 | f62706e28cb10436d06b30399b5a3d0b3d2808dad476f0eeefd6b54186c7985fab9c51c3144dad0bc52d91af9a1bf067b6c7223166c26db1e183a2b30a07d7b9 |
C:\Program Files (x86)\Windows Media Player\uk-UA\wmlaunch.exe.mui
| MD5 | 7dd3ac385051a42b9c825b29ce28c695 |
| SHA1 | 5a840eb14d0fa61be85c6093e68744a9e15f6c51 |
| SHA256 | 2c19bce7bf827e720bc82a366ce205f8792c1b19cc2271ea9b238dfd4c740d75 |
| SHA512 | c48c98b1d1f93a6527e50511e5e879cb155eec601f5534f9f3445b839d72440254440a0fce8b7b9b222fa216ec1c3740af4249d446011e5c35acf0f5f67de73f |
C:\Program Files (x86)\Windows Media Player\uk-UA\setup_wm.exe.mui
| MD5 | 3a85082082636ba9a15ca81b36761467 |
| SHA1 | e32443a3a6283ec56039b060cb90491b5107c832 |
| SHA256 | b56c890d863dafd0c0ddff37032720aee3bb7b59ef90266bae2fb37beb12255b |
| SHA512 | 924c3538bc90da1c0f96567fd3fb022efa781f7d2f156ae7443715e1d345774db0c3c3cf6e708a797e87ca50b437506e52d0ef2d93a5b2fae98f269fa556730e |
C:\Program Files (x86)\Windows Media Player\uk-UA\mpvis.dll.mui
| MD5 | 7e071cb80967215ad2520c6f1b86cd2b |
| SHA1 | c11f34b58c007f0ba4dd1001ad361c6e4ce6949e |
| SHA256 | c318693961ce6664107fc86f7930053f6a2c7575ec48428e5856dc3a2eca8e74 |
| SHA512 | 7b39a185c99162c67f2e084a3c5c700db35baeeabd6d51106f96d7a349e93d8da9db90b89f02dd7662ed8e7df298de8f2b2b063c79ed84ba962d846b740632ce |
C:\Program Files (x86)\Windows Media Player\ja-JP\wmlaunch.exe.mui
| MD5 | 08796bf0ea8679ab8df0b7cbcdec8235 |
| SHA1 | c0f5e9e83bc65a13159943a6e6e510add030b9f1 |
| SHA256 | 362159d1caffd110f9f03e537835d1dcad9da0814bf4d71ecab8b625b897219c |
| SHA512 | 83b2479ccbeba41f087c8484ca9a4c8045e4963cf529562555eef46b7244ba6230353e31cc869b00bf8e3fca7ac5b8e1ada2cdc96b3aea739efc7769695a1b28 |
C:\Program Files (x86)\Windows Media Player\ja-JP\setup_wm.exe.mui
| MD5 | 7cfa1f8a8239f8a6895f6133482c861a |
| SHA1 | f9c0b47024a91d76c769ee5ab31d80c8cf699672 |
| SHA256 | af6459d7278094867df8af4b9b4e0b004419b62314f060caef10bbc9d70ddb73 |
| SHA512 | fba99bd37a5382e6b9d9a2434f1a2546d8dcd2819a71d91e54cd33a088a78a04d3bc10abfaeedfd7621dab07908cea5a48739c54ac2e020ef0289e512af8a618 |
C:\Program Files (x86)\Windows Media Player\ja-JP\mpvis.dll.mui
| MD5 | f78b4e911a4ab39a52087e9c7c59990b |
| SHA1 | 29b65509d45539fa9787f1d632d5f9c7f4838655 |
| SHA256 | 3e63b67a4c452fcca91fbf9d31c769cc3594158d46b99c4cdf5d732c4bfd02a8 |
| SHA512 | ec93d95eeeec32d28e6f01b82365f083b92c9069391513abacbc00173857b593d1e62b36e619e6503c39a172aa787cc1d47d391ebe70262a566d05a84995828b |
C:\Program Files (x86)\Windows Media Player\it-IT\wmpnssci.dll.mui
| MD5 | 87680107b88425c6990d70effac125fa |
| SHA1 | 7be305a3fe4b9ba77ae81d2320dba5b380c0faf8 |
| SHA256 | bf85e92a78c0e1a1dde3367eb3ad3dbf5c52a72adc0115e8d4284c0b88820a68 |
| SHA512 | 05e0b977ad0c6612e85e4e662cf6340e9b28260c6dd1008756be4209ac60d13fb8a339f8a621c38eb2155ea66d1a677ed92ddc053f70ce91f0298d59ed972fb1 |
C:\Program Files (x86)\Windows Media Player\it-IT\WMPMediaSharing.dll.mui
| MD5 | ad0f33483abae80b441c7a9333259117 |
| SHA1 | fd8ba8d639ba566d381defd292528823cad32be7 |
| SHA256 | bad247ae3b819bdec54b49f4308b3e6bf837eb509305187f8ff0fb81da289314 |
| SHA512 | cd05582eadb10c1b452d42c84ca097d2fdd6e8cc4a5ceea0afced9776fdecf7986650a6825980369a7fe75eb02e9e366ea76f4a4a1cf2b4653081563cab6285d |
C:\Program Files (x86)\Windows Media Player\it-IT\wmplayer.exe.mui
| MD5 | 34ab2e441ef39fdeea2a1c6867391030 |
| SHA1 | b61b9f18003f8c65af8f74fc285d1e175cb92f97 |
| SHA256 | e06fd3d90e685881f0f1fa83d2e677325306728fb2549c2967ebc155e1ae6707 |
| SHA512 | a2b8efd76deda094ea74173c50346cf796409fc77faa57e3d182d4ec0ce710fc5620c2a49f33a90048a4f6b4a8b0d7595e909a07c578bfd31ae584e53cbebb25 |
C:\Program Files (x86)\Windows Media Player\it-IT\wmlaunch.exe.mui
| MD5 | 9b32b5f7069ca3867f7b8d32ddafeb08 |
| SHA1 | 174e230730084dfb6a3f1a75885971142091bf1a |
| SHA256 | 1fac11b3865d51e29179922046d9c3bf34f7778f143a06b53d9eec9d8bfe98f6 |
| SHA512 | df70c7ab001719489f9a9c3ac2cceae1f3cf2595e9b354d05dfd5f026ab21b17a38fe0261438550ff5ec0f070bf71e05e604a3433653e5ae39d09d76dd1efbe0 |
C:\Program Files (x86)\Windows Media Player\it-IT\setup_wm.exe.mui
| MD5 | 122e43ceaec0c294b0d3fab4408be5d0 |
| SHA1 | b7ad29a555b046e16e70ab8f150ba5fb17413d3d |
| SHA256 | 534ee4a14d35a1844af751edf14f7572aef15b52cfac0c40b5cc83b6e341da6e |
| SHA512 | c953f381f312f7a7069b757034ff28c0a33af095eb080ddbde95026d4c6e656c5f2ebc3566c1d6f1b157a8187304068c70b5c958e647dfe78ece80607a28c967 |
C:\Program Files (x86)\Windows Media Player\it-IT\mpvis.dll.mui
| MD5 | a29ebede4c6f065785c67114826aa2bd |
| SHA1 | cc0f3877c45728384387cf6f961bd06af105cdfa |
| SHA256 | 9beda22da8f998767c195061488780871c056c80079f8be65797f1fe2569436f |
| SHA512 | 45e070ac51c85bd47146319ac54a30f3cd1b8fb9125794a388fdd916189ee20c5841b4a71eab4db154266cf5219518ce6bd2d5e00d3eefbf30749a364a2b2cad |
C:\Program Files (x86)\Windows Media Player\fr-FR\wmpnssui.dll.mui
| MD5 | 5d2ada9f1bce7e0fce930b0dd926ccc9 |
| SHA1 | 72f4d592495f5341a5fe55c29d0b5323adaf614c |
| SHA256 | 9d55b8c9bfffa1da7ce8c6317f6ccedc49840c2ef5f76d71ea930ec9ff102df7 |
| SHA512 | 026d0903d063992066f2e1b61998006933fe1655dd89cdd8a5997df4abfc06ee96c77bbbff712fb6e36e37e990028918ed7f601550dd37b9716c7b6cb89901b8 |
C:\Program Files (x86)\Windows Media Player\fr-FR\wmpnssci.dll.mui
| MD5 | 4841cfacdbe4a7765e048d5132973475 |
| SHA1 | 9811db6f20cbabf962970f708f763de83d0b8590 |
| SHA256 | 0cfb724a3f7c192f67228ea9ac02cab6ec918f9f8fcdcf156800a21ca236b70b |
| SHA512 | b759f79abde029ce5e77d6ae5ecc96a06652ef1ec04440ae054d306400dbf9415bd5ed8507c473058653a796bac88172ba33cd8beecd2012f9274e651e823f7c |
C:\Program Files (x86)\Windows Media Player\fr-FR\WMPMediaSharing.dll.mui
| MD5 | 8c018710419b056e02498b82dd9a1ae7 |
| SHA1 | 77fb77e1e69dd1c36d3200ab7e9df6aa40b97a95 |
| SHA256 | ef394db8d2d96ad23ce49a3756c8d1cee093aa6201f4612df40a74d5074d0ac3 |
| SHA512 | e32e0ccf60c37c5d917ab0e16b8185df9e6ae57160b4494a2ff4cd92815b444b6924288a28982f4139c8766e37c5f5aebafc4edf889685bdd47472a4ca86c01a |
C:\Program Files (x86)\Windows Media Player\fr-FR\wmplayer.exe.mui
| MD5 | 921ce5c76cfa1d08661a48a0abec6d29 |
| SHA1 | a8f0a49481a2198524e16b25104078c05b9db0b7 |
| SHA256 | 1ffc580aa9e5c1cfd31bc8ba95102bf37a40ed2ec961b1a62742c2298fa5030f |
| SHA512 | 28cbac8345338d94a313b83e744e01660a94ac798e17e7c4f32214f1dd0dc5049f38088638da4eb727739792fb9066ae0eaa5eec3691b6aaa0d99a9e511ffd44 |
C:\Program Files (x86)\Windows Media Player\fr-FR\wmlaunch.exe.mui
| MD5 | 10ad93166fe2c5d404b8706dc1ab4d92 |
| SHA1 | 2dd6fcd9127720ccaaf9b1a70760e24741a6b038 |
| SHA256 | 78c081bf24f242be6dcc25fdb7b5435541021c66cb469a5374d4d0df605c14fd |
| SHA512 | 8a30b96c8d50f516ecc489a569bdd846a92e75c5cdd7a724f543d48e0bda12410c0711f74fac5292b89f0c324d5c7c55261e05d13bd7d7b328b12b406a2cfcac |
C:\Program Files (x86)\Windows Media Player\fr-FR\setup_wm.exe.mui
| MD5 | a18c3918ca42459352a49aef66e91374 |
| SHA1 | 5b2379136e99bf6e1d510f0b4e562e0a3f00d4ed |
| SHA256 | 9f0e59dbd552fc1bb7080789eac14721e765bfb9db0f90b4099910889cf90fdb |
| SHA512 | 8ed02810f82cd0045e5b70a4bc27f1044bff7851f4822ee39489b2545ecd1480acc4bbbf5216148d3d198a25da733f3160a294f3275405d1acec4865e3ef4cc5 |
C:\Program Files (x86)\Windows Media Player\fr-FR\mpvis.dll.mui
| MD5 | 6c85d6121c408676c5ff64ff27e78a27 |
| SHA1 | 3543f7f527cdee3c5ce81ab20729a70a46bc9c4c |
| SHA256 | 8e2c7fef2fe14e4f211cd4fe0bc85ac1aa413adeb68dbc0e09ad9ca0ef2d94b7 |
| SHA512 | 183d80c012a48c8f6762d1c9db47b55e803a62471c0716bdd6563302cc7979ab7cae1738e599526798d8a5287984cdb5a2cfa65b4acbff8d3bca150f4f5c3952 |
C:\Program Files (x86)\Windows Media Player\es-ES\wmpnssci.dll.mui
| MD5 | bde5a17c1b63c6e509d019753c7f6920 |
| SHA1 | 00cdb618ecf172f39bacb69efd1ca3103f9c65a0 |
| SHA256 | e7e3d8187f39df8c85877662da841e2bb4ed1f9db695ace9fcce707e2477e906 |
| SHA512 | 69ded5bfe7b99d5e8e4772c284c37185d26d68b7c4bc2420391a2e41153467dcc38291d87495f1db6d5195078209b79108011c7a095795df870ce733fa004b7d |
C:\Program Files (x86)\Windows Media Player\es-ES\WMPMediaSharing.dll.mui
| MD5 | feb8399c282c51384b901ceb5943a666 |
| SHA1 | a0074acc74dcb9683dce372524cf7bc5d31a6553 |
| SHA256 | f797f37ec36a363be15512a3c2b299de5904481412a7dfef09e0ad3b6becb69b |
| SHA512 | ad794f24dc0ccc52d0e3b60070471f9e0772c4a8d466a2401d03bdd12d5c82d31ac99a731a36cef8ae3c12e4cdf63eefbe2ee4c9ce0a5e1899741997a3435592 |
C:\Program Files (x86)\Windows Media Player\en-US\WMPMediaSharing.dll.mui
| MD5 | ff5476dea3fb1068e8c5fed7aef0efd1 |
| SHA1 | cf14b273aa5645ea7af0bee10f520da72b676469 |
| SHA256 | f881232ec591507153354a419ca331e6dac7898774159800329255576237798a |
| SHA512 | 03d900b890bb8b552c574d055a0f96502370e2144193bdc1b2ba292a93f9281cd00f7fdb23fde3f94a38184246738669fd39f2b85a2321b46bf202700c99a682 |
C:\Program Files (x86)\Windows Media Player\en-US\wmplayer.exe.mui
| MD5 | 06af7fc0b234599f95413c78e6af7850 |
| SHA1 | 4c228030443307f08e22bd5b188f8fbfb5121ac8 |
| SHA256 | 6de750e5f9c5bcf1b928bb91e8d8c1400f5235d52e91f5d1f92428a6664ae00f |
| SHA512 | f4c068064cd1225fc41f8768e9d2793c0ea723c47fdaaa98fd852f0b413e51501eeb12457c4bcb24ddd4f1a6dbc4f360981b9c7360adce4b6b00207c32175ec0 |
C:\Program Files (x86)\Windows Media Player\en-US\mpvis.dll.mui
| MD5 | 555cd6c71ecbce056687e06ee7757670 |
| SHA1 | 9a15db2b4cfe1c863788b3d76bff4b4b1d1c6819 |
| SHA256 | cecd2b2ad98ab6f16386cd0fab6e0b99cbc3f816ba4084e98c1fec5b6de6aeff |
| SHA512 | 5f0de40f8eab9a05f37a073972d1b3f2f0d9cfc412bc32f2966aa37ec2694997aa557a494f11f833f8777f9b351076a68377d2660dc161fc8befc6c7832560e1 |
C:\Program Files (x86)\Windows Media Player\de-DE\WMPMediaSharing.dll.mui
| MD5 | 7a1af3c65168f41779efba3e68c39873 |
| SHA1 | 119a837b3f9e2f7ace7a969fdd20b40b7b6ab515 |
| SHA256 | 7eea0ee57a0b8bec8ed1b2c19a0dd002acc5ea0b17f081636cf7b6773f911b61 |
| SHA512 | 7c0430c6f1eff14e3b721b19f4657a105138c920217ac038582bb26f8f93eed5afb61d81569cbbb7eeb2fbda37ccca627fff0e24dbb51d620a6e615bdd0a4e3b |
C:\Program Files (x86)\Windows Media Player\de-DE\wmplayer.exe.mui
| MD5 | d054c9bc8a8f306ff3bf12768ae83127 |
| SHA1 | bdc7585e7574294be835334fc5a942f309126ce7 |
| SHA256 | 42f84b091559266dceb51d8c6eeac64af1ed39217640b0e0c2dba8b140014fbb |
| SHA512 | a9c90f86216ab958d934cc3f02123813770ba44de2538b2ac240db569429310bd2f45ee2ff3480312fcf64f1eb1611f9505446a2f2d65f5cd222fb0df533db11 |
C:\Program Files (x86)\Windows Media Player\de-DE\wmlaunch.exe.mui
| MD5 | 4edec79d7d386c83d5f65fb1b4c8c12e |
| SHA1 | 87efe4e776d3b9ed2f04b8ef16517a2845c0747f |
| SHA256 | fa5fc9b7c7701f8a39d3f28d47a822dc550fb333409b2f19ba028692cd1f0aba |
| SHA512 | e0403cd0002f6cd24eba2635471feb15ec946a6abdc5168a72f01e333549320e8b7b8a0e8a28a3498996026c796b69274e052a7e0d33b295ba819edf9b6595a0 |
C:\Program Files (x86)\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui
| MD5 | 7ba0c7a24ee26f5b3c377ff7ff1727f4 |
| SHA1 | 882a8ae2b86342ea7813e510c39ae397f9b7b6f1 |
| SHA256 | 5ddad22673fcade7f2e33a870fa376f46fdac56e959c167df8c31d6b8bf26292 |
| SHA512 | ad4202952aca89cc4764440ebf5c9da7d8ac245ed066ae521f683ef11a21b5e3990cc4a5cc10ddc689654c3cfb20bd149027c849ce95159d484174d358ff67ca |
C:\Program Files (x86)\Windows Media Player\de-DE\setup_wm.exe.mui
| MD5 | b2cab4782f7246dc95ce1e31f99fb94d |
| SHA1 | 3166c20e592e197ebd47771f6c209a90b6200ba6 |
| SHA256 | 8e6501d0150de4aff92f38766514c74a18d5a859f62c226784d69f304bbf16d8 |
| SHA512 | 92f5e31683cece0ef7fb0f79841bf1ea9077c2d8844eb5f6ac708fc1d54067f954f5b61df7ee48a5a960c8ca3a8ba47e31e814069df56f3c39f29142d0f64125 |
C:\Program Files (x86)\Windows Media Player\de-DE\mpvis.dll.mui
| MD5 | b8853f5fac7140fac17596495596bda6 |
| SHA1 | e04562b98380994e9509bdf9ce3a2b4cc0993f22 |
| SHA256 | c77e4eff1dd2b10c8e3b36771860f543f3a676f04a6d300907101b9e98bdf0cb |
| SHA512 | 4517d758a5c62dded9c8efd67cbd8f9a400302ee0d8fdfbbddbb70fb7ea93c4ff770f0d76dd8df52177d20806a4c37ca57e2acbf009151ca8495867ff6c00337 |
C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoViewer.dll.mui
| MD5 | ff619235b481d61dc5d44cb2e1d289f3 |
| SHA1 | 0b2711d50c80514ae0850c798c617c1767730700 |
| SHA256 | aeec24bf94e7972413257408567d738df2048d620ece45e9d03f89fe4fc140cf |
| SHA512 | 2e4a1182df03f300407fdfe17a1d6ff384584818cf0a16c6f0fce4b5a79d6ef8cbc857e6a9744422b0c1071283141484e9273e593eff0cf18e07896b9e37b632 |
C:\Program Files (x86)\Windows Photo Viewer\es-ES\PhotoViewer.dll.mui
| MD5 | f52c6f676d841e25d519fd3784f37f4a |
| SHA1 | 693a3a981dfb35ae07e825c743c0d56a143adc06 |
| SHA256 | 087fd1745f927c4515e93168024508d6e655c38947771afa98aeb58cbdfebf96 |
| SHA512 | 4b772202cbd8c02535f6ec080615e2f75282fc3cd73bed5ad8a119b66318430973b8263ef4a1b8df7145aa1e858ff0dfbbd25ac8a6095d314416746160fb100b |
C:\Program Files (x86)\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui
| MD5 | a4d92322269d4f689e91d76f986eeae9 |
| SHA1 | 0bd1f1de0e0f961893c3cf901546aeb5bbd4469a |
| SHA256 | 4d2dd00e4df24d426573b12d898fcf345979e4343a6bd7c94369194212014290 |
| SHA512 | 935065730b15faaec24a8f7f9bc7d68c224ab8b0c454a557f69021c8436317cfebc46988892479db5900c4699b2efdef7061d53357e4546cb613adf538484337 |
C:\Program Files (x86)\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui
| MD5 | 52b077a500fbd76f50b69bf56de5f40a |
| SHA1 | 64421f3d25d9694cebee85ad4c5d2fe8dc1f728a |
| SHA256 | 9b7ce42b23b80a32adf87b9f1fb9610aa8035c0a65de27ac4add078d4fac0639 |
| SHA512 | bd1d05bcb1be517e20e24ca7b1c1482986e79e09ef2f4e58ccdf7006c87f02566260badc053ab7eea7cab36c0758e4130a33368d97c871b1939c89e8206bbe8d |
C:\Program Files (x86)\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui
| MD5 | 34372870d9663e44edeb08873b04f5ef |
| SHA1 | 86fbcae666a10deb1dcae772c3a2f6cc060760b1 |
| SHA256 | d00975c8f4addc629b27e24d0326bbb87a141e150421a832b2dd52a042f15da5 |
| SHA512 | c345582f596d4afdc3b729237598303939d8f00a98d9d945054f23e86683093a94f8d6865fb9fe73c7073fd8e171dd6c691fddf610a3d57e52711977a3424188 |
C:\Program Files (x86)\Windows Photo Viewer\uk-UA\PhotoViewer.dll.mui
| MD5 | 6ee002e05371997a9c2328d6836dd0e1 |
| SHA1 | 325f318f492959dcb9da4c86d536f6ac6761f5df |
| SHA256 | a072a53d39ee1981102949cdb23b3381c8e7ab53c8a678d7f2a54411f8d0cd7b |
| SHA512 | a7b10a0971a1c86fc7de9a9482eff568acf699c6b956a5b793eac7cfd83f05c278b2ce1faa21b8e12feef096ce17d34743a126aefef6d5b9201d4b03f647d504 |
C:\Program Files (x86)\Common Files\System\de-DE\wab32res.dll.mui
| MD5 | 825729d223ba21b2731736e7512e35bb |
| SHA1 | 64c8054e0be4935a9c1d7dd8f4d6652a9936e120 |
| SHA256 | d7d2e7971e7181985ce159106898746a568770c1f9da85edcc50b1edff9502ce |
| SHA512 | 80b8fa6f5759f97d5c95afc9842a32af23a716a765d766243c19dc7f8f9d4f32f40d3977c030d37c81aa44390df965e97f8f742d10d8b0a8e1d2aa8ef5808722 |
C:\Program Files (x86)\Common Files\System\en-US\wab32res.dll.mui
| MD5 | 0a6c0e91faa7672a1a807f869b4c997b |
| SHA1 | 1fb75a84dc1cf183779c88be9c5b29be2b94d8df |
| SHA256 | de253796a3c0403295d194dc016bd69439a14cfa099d0895c56875ed1964c283 |
| SHA512 | a9cbb7d266c80373095d1c5c130e2117d0138ea9e2e24d5fba0e01fe2fa741e814d3676b863531e1f88c09c1d0d76a9609ac25dfbd58bece8eb46c91014d1cb3 |
C:\Program Files (x86)\Common Files\System\es-ES\wab32res.dll.mui
| MD5 | 9971ba89ad705db6fcf9cbc1921a379d |
| SHA1 | 92b32908765ec2345331794175225d6dd55243cd |
| SHA256 | 370901ba3087658e62bf74284b8e243052ced6aa56864655079c4c353c3e5ce9 |
| SHA512 | c3955d0ede1b3d71d8bb3585438ddf196211528b89860d15f5171b6ddf73ffdc997c7af3dfec1db162cdab8d37adde0a28f0eccb713b4a5acb4c54bcf1376db7 |
C:\Program Files (x86)\Common Files\System\fr-FR\wab32res.dll.mui
| MD5 | 80c442d228ea7b3f767135dfc76eabb4 |
| SHA1 | 9efaa5a028788c5d7233ef1952aea0c780d8e624 |
| SHA256 | 8301087e2f3cc456237ece713fc70ba56ba7f1af535241bc36108774d8800d21 |
| SHA512 | 1fb4a3171181740449ba83a782f0f0cf74b113fef350a1a8a6649813ae14eee63dfddcb7227061ace228cbfbc76a2f98b75be549146a55a969afed7553c16794 |
C:\Program Files (x86)\Common Files\System\it-IT\wab32res.dll.mui
| MD5 | d8c33dc050ca1637a20abd5c3fb8374b |
| SHA1 | 7ac231cc6dd0a47cb8a823d5a5e70cb9a6ce07fc |
| SHA256 | dfccd3a2837abb7b77f862eba682a0afba1cffddef931d591229eba602fe69bc |
| SHA512 | 198cf4c92ae7ece6b3749e55c43a2e10f57a447caa54a0a3da5b6582c1db0ac63126e58fc63c8e8124cf6646c0400b3ae796a4178e7679adff6a420cedf0ab9e |
C:\Program Files (x86)\Common Files\System\ja-JP\wab32res.dll.mui
| MD5 | aebb6903b876dc494bcc7cada0408a9f |
| SHA1 | c98aa24083b209a622331cb873a046ab82eaf687 |
| SHA256 | 02293cf240dd9a7b3cfc9f4e582ab9fae13f512760bb1e389b30abc969137370 |
| SHA512 | 9855ed4b8d159ece4b445ee8b3c42f88625bc017beb269a17ecb1f7b5c9d41bd899a24fc968ad02d739343617054496b0df9e968df209b0d1a3c2beefcebaa23 |
C:\Program Files (x86)\Common Files\System\uk-UA\wab32res.dll.mui
| MD5 | 5cd4d0b302f123b54df6277e110e7c6b |
| SHA1 | c8a729dcfa3d4151ee4c626176a97f88d8108072 |
| SHA256 | decccf6b33dd9565cbc1ea00a5bde9d59b0ff7ef90c3b5e075cb15967eb7ce6f |
| SHA512 | 65be85ae15132ada1062be7d5b6b64d40690bcf6e726bb5303421f0af7fc5d2d5bd43f300b3345b98ab019f3c1adb2c2d5417a6614d9d3495d4651ab79048963 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui
| MD5 | 56cf1f0425ca988df7d19b5aad526fb6 |
| SHA1 | f8eb6d2992adb857ad9a2ab9cda4de4dfcf3e298 |
| SHA256 | 8195dc4eaf7ce4975baa9c587e3c85de8be0da87f8ce5f1645796dbd26e9ab5e |
| SHA512 | 3ccdeb992085277561889c6663dc9fcaa58c1bbc49ca881f83cada7eab575a88e22a79adae3e83570432f52ec66c6a64c7e4ce5d4bbc168acd658a8c1de62a8b |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui
| MD5 | be12d5b9e11216eb1f67d0462073dba9 |
| SHA1 | 454a0ca35be3874243060f5ba92ff95ececf1669 |
| SHA256 | a6b5a164cb372e377e68e2edc2ad36643ea55eeb197ec502535d67ce8436db53 |
| SHA512 | d2e4973e97f5159d4e40db90254fc15c90deb372fca72999f756389259233dbd77dfd0bbb8faaa9c47fc5eb8d5fc02983fb3b07864d3be3f2b2019f0c409ff57 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui
| MD5 | c8b54518b1d62e0e740743f8546985c3 |
| SHA1 | 1878563dc88c8491568666f65af3c34c07b918b2 |
| SHA256 | 4600939577c890176a64b7e5b7dfbd161e62861b9dc976495b65dc60a2343a44 |
| SHA512 | c6d9d311bca93851b8d7f8421a5f0df812e1a828eb7d5653eb8b9ddf61da6a90e70abff6eddd3f1b4723b64c7899a23831d9d2d89c56da61fe129d5a7e592aa3 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui
| MD5 | 7aa29704d2d3e09b0006e961aa4f8387 |
| SHA1 | 4cccfb75a64293585833fe921662c9a5ad60c203 |
| SHA256 | 691e868c8b9680529d74803f461bae9a4604963aca8b4546697f4120256708b0 |
| SHA512 | 334c15b80ce117ebc728c9b414f20123b2b3b0cbabe490c72d933fb7ff14e5e83563f8fb07e33b07f4b9fdc885c80aa9162bfb554263feaa965ec79cd4d54103 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui
| MD5 | 8f572c5d841adeceedc1db9221058f85 |
| SHA1 | 668a01ad264a314bb24d88b225e4cc49d0db4772 |
| SHA256 | 8209a1e9d35baaea55893e61d151745220d6388440833d8b365e532d81a98224 |
| SHA512 | 86828143d3a04476e6f010fe8d24cf86ec7e0b769914af62981c74c44c44b3a5b20cb0fcb869b62805dea8ae9eeb9892be5084941e4252fc83ddbf749bc405ec |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui
| MD5 | fad84ae4c0c80844c6513960a1ba6023 |
| SHA1 | e839b7f92b4e996ff5e14ee365356125a7330d1a |
| SHA256 | f8b360790726f5fe9d32a079b2e04d9ad4b4c132bc2002b4eaa0885645c82bb6 |
| SHA512 | fdf2d5ce723398b2e5a30dedba375800b6e25ed663fa8be5246250678ef7a8521e52f1388e0edcf86cd1ac89d4a09d00717dc057c5ba5f7b06f21ac0273d577d |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui
| MD5 | c2b6617bb6f6431642f5f42c2198a8b5 |
| SHA1 | d40e48f54af0443732afa62936e02e76b960aeed |
| SHA256 | b04a13299baae5553a3e5d670edf240c7f35154543d7b8b487258fb694f0a9e4 |
| SHA512 | c6acdaa40d4e1d43803ace3836631b150ebff64c6b65b5b4349a98410f3782650d2dcfb1b9cc923aa33517f4aa1a58d7fdf10a567eca3be7c64e1205d3cb3988 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui
| MD5 | 74e9d26ed29b1262555b6c0517e05d96 |
| SHA1 | 53ec61e6c11e8729f3c8a4ca61e4cba0ecfa7c3f |
| SHA256 | 6bd4798a4180930888fdf5d5692fb5326bc37d11ac45eb97a13c379da65be595 |
| SHA512 | 449d6f4b7885ec38ae5a82c8c6db98caa85fc7665de4aa4d477d933ed13c14bd0d83b2873d6d552535fc8410e0bd1a7d017a1414954343bdf9d96d9099c9ac92 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui
| MD5 | 3cda1d21f1259834c4ad88cd201dc9ae |
| SHA1 | 10645013cd5d479a9c9a8b6662852950f429906f |
| SHA256 | 2df9df820eca68de48d500096675da516e675d181d17c054632f52a308d4403c |
| SHA512 | 3cd79e81e2293a47e02fcd65c3473f2c290d33152fdaaa4d947375bf39756915db92275ecea4a43ab4502a216a998082352d2091fbd8273cbb0964886c7432c0 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui
| MD5 | 132ca319eb653fed4d5a9f4b62f96ae9 |
| SHA1 | 5f0c7d734531fe270b07668157712cd6d07538a8 |
| SHA256 | 5f6d6786355bfd17cd021aff7d21808b661e622cfa2347c98473b67d88ba3432 |
| SHA512 | bd7a690dbc102f192a4bfb5478aa702d293a2cb8b083665a939f9c47b4329e026489f39fb78511d93b11c4990da568c1bc8670d8c98d707dc209893f08c79122 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui
| MD5 | a5e077db6ac0976cd96dadfbdfd8d0f2 |
| SHA1 | d7caa91a3786ec902535b683d1ffdbda92a0ea08 |
| SHA256 | 2c26590b3e7e632e41ce73721f760e0a5824a342b94afc952f137553167d7a23 |
| SHA512 | 6428aaa8957f147dbb8af81fe5641b3b031418cd7f9189782c9b0ec54016f91c4bd8ed4856aee3ba6cf617769562955abac1ae10e23f0ccc27fa92290f221d4d |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui
| MD5 | ae8c910b4adf1fb1f3fc91d16d9aa8bd |
| SHA1 | 966a388a37f543cc7d4387019e5c53cb95def9fa |
| SHA256 | 7701ce0dad9742e67098a34c66d6448adc8926039658e9f060e0ae32a315f856 |
| SHA512 | da34c3194791bd169ce018ff358b68669715bb46713d84bdaca8c922120d2eabe10c9ffd58c3ba2c382cf775bd8b10e5aa4ee33d18eb47da4a233a154210c0f0 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui
| MD5 | e863cd6084dd5465f8fa0569d41a8fff |
| SHA1 | bea8aaa97cf7819fce8b163da8267fb1e18c6b81 |
| SHA256 | 3385e9a180e0535f6049343262aaa5069f8a3fbe1beb1b6b29a03252333ae75f |
| SHA512 | a8b1aa17b56cb1afe2159342467fe4561b413c4aad1df000c18bfca9431fce7debcad4fd2437b662960bc963da93f01c320503b480688a7051f43931f1628ab3 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui
| MD5 | 1070b1c71346263ae6ec39fcaa162c6d |
| SHA1 | 7b6b557e08106b1e49b76dee1aef54d5c3038922 |
| SHA256 | d878096dd3ae0335f90456fcfe0fe089b227ee2731cab983496ae1cc1fca2412 |
| SHA512 | ce3fe21ae23f6bb0a0499b2c3ba9d10e84044befd02d1d98184fae9f8cec4079664fec7109b84c811fc921a0b652f93834133a170ffe5bb08f92f56eef2e26dc |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui
| MD5 | 18797dddb8b340a458546df78858cd50 |
| SHA1 | 087c8ff71a272052c4e64e5f658a84d9ddbacaa7 |
| SHA256 | c89b251d7e287f67d5fb7b86cfc71f3024a5aad3d682da9bbd9428c01664129d |
| SHA512 | 3d7e762332dd963564c2111f0917fb8a747b6c42886e513965c15c38336fadb5303d03b6a3e2749cf2639c603fa56b121a576a56892b374b95eb97dd801f4120 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui
| MD5 | 84d75393af9584feb91830f557ea66bd |
| SHA1 | d0f6473aa766880be731a2222767f1a64c481105 |
| SHA256 | 0db8a9c0f679e2b92edb3a4c80522b76ca9a668a5c1dbe929ebd6a5cffb5d6f5 |
| SHA512 | 97fc479d02e13d87360c5cdb9451a221d09cdf22416702c840efa5351c77545155d49703b7e0c197cb80ad616fa1bf0bf6de45707d6b6e16bd175192c0a30ef4 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui
| MD5 | 03e5fa15aef2537749f32e74e6f53922 |
| SHA1 | 833bac5bc4b3836327f5e2cf98cfc54f1a8ba8dd |
| SHA256 | adb0ad764d7f4faf7e5689e18d75456b77ea3252a00f8aa6897c8c99fd35fdbf |
| SHA512 | f3f6d872197c52a5623d6e02569c87cd7ccc2a32588f1911d0ac50baa9f38196fa3ef9beb5b767c2b8195aa70c65c52fe104970c0e2b9c28de007dd3dd64caad |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui
| MD5 | 983ba59ec140c4c7c1bcf05b69c137c9 |
| SHA1 | b0842434b9504a710982d3253ed53c4d7117035c |
| SHA256 | b7fe306a2ae16f9ae0fd281ca9e8c201fbd3de4feeb68791ea336b4eb38a817c |
| SHA512 | e5c8462cc053d4e194883fa97182fad6334e2e32116f7fbcd5e87885a18a46c14bb152e41fafff5952f768762461300bf588b8e8e80796399a6e1e7f16dc507e |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui
| MD5 | 0bccac9ce1171ba0805c7b08786acd78 |
| SHA1 | 478e4810fe33ec78984f90da65357aae914b9dfb |
| SHA256 | 896d3352d805f8774fe76e8e7221217900e2aa1bd9462d67a24eb79fb87b1f4d |
| SHA512 | e94eeee4b6aabf2938d7a00f51043976b97d04e35f1e3189c830b1ff518244f98657054db0239f86d514a313bc8acf9a5282658a6e22becdd292cbb72290cef9 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui
| MD5 | afd26afd0fc32224b5b52f2b3ae3bc0e |
| SHA1 | 72f4d705992999fd6a859ed9e0a23f16a06e420e |
| SHA256 | 8bbfa71640f01d7e5c86707cf872d956e33c66b8399396ea287801a32853dc95 |
| SHA512 | 229a05ca12556e049dcef7bf06f6169e4a9c9e017f92b1f96968b6b66784e5c80fbcb3e299dfa237b594bc2ffddafedd9b70d03cce9ac73e352f18980d443190 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui
| MD5 | f37c501f24eba7289bba7aa5d9fe54b8 |
| SHA1 | b4425f3debfddc979229c4d69e4e59c0ccea5c8a |
| SHA256 | b66df621b404c4c30288ac17dd913157dc2b586e762d24b1919506efbf0c5508 |
| SHA512 | 2a27321c8a180160d3bd047b8abef1af2230255206f42696b53bb1da578cd9f36d93d976b33aee571e311300d8ecdb77eacb2a56dc35d602b60222f82783c8ed |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui
| MD5 | 42f9793066a9082476665e743aaa1dd4 |
| SHA1 | 5c23dd8599d0d2184db6c033f801fce965e14546 |
| SHA256 | 1e6389eb7427f49f9548a86f70631ef4264e97f36088a8acdfb219c4be274a71 |
| SHA512 | 2c8e143daf2b37d0d60d60b48c4a2996fa1af3a0fee17a2b87f9cbf7771dc769728fbb568ad15495af4182fd8f8aaf96b4a08c2dc67e6d4b5bacec6096ab5a5c |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui
| MD5 | 2a59b7f39a7f9ff6a806eb65227b0af1 |
| SHA1 | 8910131b339aac1ad195683dacbbeef338d2ff62 |
| SHA256 | c14576d06b59755738a4d7cc895a104a910091e3ee90a3b0fe064862bbf951ec |
| SHA512 | 86a1317d8a5cf8ba67008fdb9a8e21b86ebf3baa3884e3fff598ac1a9777877c99d86619c92b5e17a2600d43313cf8ba4a73fecd11ac9d2672cdc4c0e54c4957 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui
| MD5 | 936903598d089f53077a850e51d234d0 |
| SHA1 | 9c69dc24d2c4991e06f3891718034b2f42aabcc9 |
| SHA256 | 936b2a67b8ee5fbb345f61dfa0cdc15269af6ff662a3f84e834f656f2b8fa04f |
| SHA512 | 1ee6c0ef854264eb05faddfc32caf8099500c6edccc1b5a79835ff2987eead5747c9726f0edc96dc31a3581d1e5b94f3552a5721d320bb8c18e5e8950125f35d |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui
| MD5 | d32ce88ea96bdf6221b833c466d0650a |
| SHA1 | a635cc3a15e043f40b40ed0bed4245192c7a85e3 |
| SHA256 | 2e4714e8bf5cb59fe9372a8d3c0e7153b0723217e3b05d9e7297569630d90bb7 |
| SHA512 | 8adc572a0ad47132bf266452f1e4b47ee516e16a116a1c5015698a0652165796a1f2d1c0ab0e081d78952f26b2a73394092737ef18a95bb68f0443ce20a7a2f0 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\uk-UA\TipRes.dll.mui
| MD5 | 4e3b599045c53f5eaec637d5cdfd114f |
| SHA1 | d7edfeffc06629a44aaa7084a2415c373036b300 |
| SHA256 | 579a981efcf62e29421dca6326a60c1a1dc871436d96e72f52196d3db7662426 |
| SHA512 | 2ef7e2f3f47ab83a03cc22d66d79b529035de3815442ee4e246304305c2cdb978eb734103ee4c5b3d9872d7891e130aad57b17f26e2562b7d6bb60e0a1fb8072 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\uk-UA\TipTsf.dll.mui
| MD5 | 8ed2e4a2fd55d9015a94d8db2b68d332 |
| SHA1 | 27b6b06f2be162df7da817e05c2a3d494d57f872 |
| SHA256 | 8dfd903f979ca6c5116b126becdb1909294219c7a95740f8ba0abefce545621a |
| SHA512 | 9c7e1eaf6399dcda8c9b15f740c96dd3c612644022309200e5da9efa25a7dadacc4bcad688ae6e867c29d0f859f94fc2580efcd55cc440513ff7502332cfda21 |
C:\Program Files (x86)\Common Files\System\ado\de-DE\msader15.dll.mui
| MD5 | 89089271d420d97b125ef94a753d50b7 |
| SHA1 | 264ee920a1a1b21989c1e70df49cd9f8b5d283f0 |
| SHA256 | 2bc92b2eae4ccc6b05ef19d274e5db90c58ca9f3ffae49295d5e90a1969e6f27 |
| SHA512 | b450b8f34c552e202ab12d40a7c7dc87dabc8b79c71a73ef31d932b22e65c72ea99cc0441e195f7808f88d46f0f2655f8f74d98e0a9e10cadc93b8dd41a1ad75 |
C:\Program Files (x86)\Common Files\System\ado\en-US\msader15.dll.mui
| MD5 | ac1771e91c6491048943ec8762c521a2 |
| SHA1 | 84d3a7f7cfd23711c8a231d7fcd6814f9394459e |
| SHA256 | b64218903f77a117a3ca9e9235f835f60e7afcafe484ae659767f12761a40987 |
| SHA512 | 208bf17839f2c2e84bbbe98090159324750c8d0944989d601d7b317c9213fbc7a88244c77e7ef906e2fb59dcb72eaa9d5ed59cd4f6ca0ca0243b25b72bfd3c4f |
C:\Program Files (x86)\Common Files\System\ado\es-ES\msader15.dll.mui
| MD5 | 4cc6fd7d971c5f5d5cd03ee51de5c194 |
| SHA1 | 71578ed512990f68d36df2499cb475a5665cb285 |
| SHA256 | 194414897f871f969452916c8a0b6f7748bfe3c40cf70d324342bd2d15df685b |
| SHA512 | e1cbd96dc34d1a6272fe48c0dcdcd7496291a19409841c3a71f695fbb33d49173b3266ad9d1f9d9febf50221a21b95eea2cc2d86e64d47e6c886696f9bb9ae3b |
C:\Program Files (x86)\Common Files\System\ado\fr-FR\msader15.dll.mui
| MD5 | 1b757d01bc1b766aed05f58e985d8df0 |
| SHA1 | 206e9bc04d762897301d9f2646fe82a1136d2ced |
| SHA256 | e0de121009b442d28f6c99b0c3811c71c383bda92cfe5d123f42b0fb9b32e405 |
| SHA512 | 621a371d96f95766b9d212e2059415972d98dbd9278f983f7d68762b8ad53197b51a564176fe449049e5ed1d25a09cef0dce1fd7b807512c43735ee811f048f0 |
C:\Program Files (x86)\Common Files\System\ado\ja-JP\msader15.dll.mui
| MD5 | 5b2c2d1cfd7525474d115e63f610bfc0 |
| SHA1 | c645067efa8a2bcb907d157a8ab5fc1ac9d59e93 |
| SHA256 | 8169d93d5b1aa92f9cc91e4c3d297c205f8dd8865223165663df36ee469c7af9 |
| SHA512 | 8b072b171b89c1a709f03e362b2c39b10bae052564688b9a8c85853d003683561254d1497aebccf00c1d2ea2b19ff3970b4b4b47785919ac3483425c290f6cc3 |
C:\Program Files (x86)\Common Files\System\ado\it-IT\msader15.dll.mui
| MD5 | 50f0c19493ab0f4ca90540e44dee54bb |
| SHA1 | 1cd77560d591844f6cb1dd7d6cb70fa5d7c187d2 |
| SHA256 | 1f5c5e6fc9b5913abb5b782540ef424165fafc84b6354e0d8595e3a0244a3f2a |
| SHA512 | 280b118eb5ef427b8788ac92c4383d4af866cce3ffebffd52a6639fd0b92055ffc621a96578f4b1e04bf164205473c6c47c66c9ba266a358f05252e48e139078 |
C:\Program Files (x86)\Common Files\System\msadc\de-DE\msadcer.dll.mui
| MD5 | 3a1ad891c8907d70074957007fb5a748 |
| SHA1 | 58849cd5109b3f94d653c6926c8fee3fb142c147 |
| SHA256 | 8c5d91e16dd501d6e62c1a17feffa2dca161841f236387029dab5241df6ffb11 |
| SHA512 | ba4df946a82bd587249be27371b377c15169ae9b525f6fcd7735a7808be4a252d8ae5c93f14f7077d5866e2ade593dfeb7decb5c9d889f67aeb5733224d953e8 |
C:\Program Files (x86)\Common Files\System\msadc\de-DE\msdaprsr.dll.mui
| MD5 | eccb589d9dd06111adfa9f3a9c7718a5 |
| SHA1 | c335ac391ab2c958245b40142e4e60bce4271763 |
| SHA256 | 88bd9685d0b7df0aa992c7e5d86f53e823b4b0bdf642c80707288242b7f17e6a |
| SHA512 | 33f93a1dc0f2d95796bf52e8a0d4165a0373ec9fad96c56692a763a29ec56c3b46191969802e5bea072321a9ff3331cf566e8a14ac4c0b38b8244e6b94641cad |
C:\Program Files (x86)\Common Files\System\msadc\en-US\msadcer.dll.mui
| MD5 | e2fbcb3f924e172ccb76da99368e3eb3 |
| SHA1 | 665bb4ce9b5d9798c9ce399994076b11aceb1641 |
| SHA256 | bc0389b2df45b6de3a614a194ff1bb00a2802ca8a3ce0688823788e4e1095716 |
| SHA512 | a503f51a68bcce0596984d3cacaecf16bfbefb2824d5565d92f7b9e075bd33e8b6853f649918cb74f5c0129f331b6b2a3104ee2365c1e4e38d3f0da943bd1342 |
C:\Program Files (x86)\Common Files\System\msadc\en-US\msdaprsr.dll.mui
| MD5 | 4390a101ba8222ccd5f47001d309f17c |
| SHA1 | 3b2d6a8bd12906517dc2724ace2b0c83f289c2cd |
| SHA256 | bacc833a538936b16d999e1ed07b0941282e10731e7edff88ea6adcc4f6021e5 |
| SHA512 | 562ca697512fc0dc390be5658526adae9eec55db394c6edba0c2f1075f7d703d96bb9cb821fd4a7f5db5e1ab5f5565296062fbd4b77b67a8e1b6999d960805ac |
C:\Program Files (x86)\Common Files\System\msadc\es-ES\msadcer.dll.mui
| MD5 | 26abdf8ffcbab8a7a6bb621eadf10a86 |
| SHA1 | 04413205fe0e6464b910af07e07ed072035be69b |
| SHA256 | ae8499e7b634a5f1baea563735ca0657cca2a700ff14e51e16509bf940703983 |
| SHA512 | 334b7b0d2e80813bf86c6cfff778bfa4e5b798a77b44d04462805b9e4be11c397d6d98a8377900308d33812f533a4f4bd7908171cc11089ac5e3e78ef23619de |
C:\Program Files (x86)\Common Files\System\msadc\es-ES\msdaprsr.dll.mui
| MD5 | dfce248710514573888bad7be1f48d2f |
| SHA1 | 738da7d734efc38105d2a48dba25820ae3895552 |
| SHA256 | d02fb67da02323c7b76b35c5488c01945f3675b9434e55aee5e7761a9b2c70c6 |
| SHA512 | 720d9bdcb3a5092fd59704e27fdcc47092af0cceb409c526e586bce4bc7a66b595718f4d7c13deba5be101c3b659c68a5fd14bbf884c082276939b94a7fbd883 |
C:\Program Files (x86)\Common Files\System\msadc\fr-FR\msadcer.dll.mui
| MD5 | 2266058ab6752bfa615950f1afe870b8 |
| SHA1 | 5b93d1ee4391712c23a88f69c633f00f6a31aa9f |
| SHA256 | ade4a41a4a0d46a9ffc92a9b50ba4103c8d3afc30ce442d64143861a6032e0c4 |
| SHA512 | 0707c1ee2c5617a0f09b3eb4b1866fb3ea4fb9e78da53e7ba3ff062bf66a7a3379d435cb8b8f099d4278ea25da6879179a35e3673e8e9bd7d5368ee22d120237 |
C:\Program Files (x86)\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui
| MD5 | 181e626aa416b05abb86d53cfb5f66f8 |
| SHA1 | 5046806d7028e331555a2e292ddd2c86e4effbf2 |
| SHA256 | eaabb83ad4519947359270ab8d14cec4e9908c0e5373589e33e872f00ca16b6f |
| SHA512 | 4d92a0e24c2059600046bb58e48d8e7a78b7c37f4aa769c98c5c22533fc8c8bac74ce94542d983985facd2984d54d30053b6feb12117f78c56080485a5ed3642 |
C:\Program Files (x86)\Common Files\System\msadc\it-IT\msadcer.dll.mui
| MD5 | 568945a60847af1fb5f8a7a8b47a1c28 |
| SHA1 | 137d7d83b27d9bc143765e391adc6c46dde6627d |
| SHA256 | 8f27f621ee1f194ad05e5a9025f0866f89fc10b186b0a906f4173b58f7ab94ab |
| SHA512 | 106fd837b04e20ca9e2d0333687974020b26021d945cc021b342f39125a7f0ac8d59ad2cb9d2f10e080a3c2387e629ab509efcd08cfff99441e76f527b81f7f9 |
C:\Program Files (x86)\Common Files\System\msadc\it-IT\msdaprsr.dll.mui
| MD5 | 4f8c93718233c5b397b4c39e1251abf7 |
| SHA1 | 2271ddedf8a8fae13d3d564d63560bd48c8d30fc |
| SHA256 | 1fc95d56ec50fc2a41d082059de22cc583c28cd0dc30be69ad76c14eaece1611 |
| SHA512 | 3485e50bead9edd0c83732c7f7fa7128b89e1c5ba181ccbe95de491add0cfe098afd7383bdaad47755fe4933125bb48c260ab439e9d5ecce89c370274ce9df01 |
C:\Program Files (x86)\Common Files\System\msadc\ja-JP\msadcer.dll.mui
| MD5 | c73aaf7d954e8ae0af9d22cd74ae141c |
| SHA1 | a3a63573a1f5cdfc16d4128942d07fb5e12652d1 |
| SHA256 | 1b221a0ccd4e33be0e93e800e775410dd203b3c7216eecefeb2164f5ada69a4b |
| SHA512 | a0e06ffd3189c359cd4a20d8fdf6d80c06e9ddb8d1bb49cb9e0575262ae0d913c7fba96a3da34ba528ca254f6b24ee8ca6ffeeeca26dba74852447da0e4e1a7c |
C:\Program Files (x86)\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui
| MD5 | 1889de517ee29969b6b2cbce6c6991a3 |
| SHA1 | c43f5d94ed4c5c32a960699b1eb582fc248140f4 |
| SHA256 | c2b7e16ee920db4bf70376580e59375300e4e8a0be09779810af0c9af5d9661a |
| SHA512 | 2065002e413dbf55bea3cb45fdc858490adfe90431edf7787a7a32aafd7c7f907a1993f7481a14369df977c2eb7fc7bf2745507ddf3132df5ffa7ecf1be67a4a |
C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui
| MD5 | 5f4943334fcb2c8dd3b14dfc262fe49b |
| SHA1 | b5b494d0d4f0c6783bb616f4c3e35f39e108794d |
| SHA256 | 2ffeb53baaf0e13844872128db5d38e2e35b5b0e1fd60efb2778fd55505a9712 |
| SHA512 | 08f5d801160695998d6f61382e4be1e5d4373b629fe343407466120c1d0da25405ba9a08edb3fe9d18c88980a6682a50ae47d5a6b13b5e40bc2bafe0b1955ba5 |
C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui
| MD5 | e53f5900d3120b5e273fa662c76b9c22 |
| SHA1 | e3076f4d2c7495a6fc386c09f15dba0f8d2bb1e2 |
| SHA256 | 314e0395587f18cc8d752ff5eb308d4fad089d1700b0077022eaa279f3522fda |
| SHA512 | 8cad1abbd94a8237a688a2e28e71a938be1ab90e62af249dad5aa7f64d8e1ab10d3b3000b4819bfc41dd6f4d2c6dde57e1727bf1013df83502218117eb4004d7 |
C:\Program Files (x86)\Common Files\System\Ole DB\en-US\sqloledb.rll.mui
| MD5 | 5207e493d11fc8895d1ea5e55ee0936c |
| SHA1 | acc2a53c136e2d7b7bf8c1bbddf6794d00733906 |
| SHA256 | 698c015e0112ca24fcadca240b9fff75a0597a440bb8a846f16aa4969fc170b8 |
| SHA512 | 25f556e34acd41e19d27eea7c160f8235c356bf8b64956cb107a192b4e0ad1f91678494a04530419a0943492d763722c26848bd8207c821bb7d2ebb3a80fe7b2 |
C:\Program Files (x86)\Common Files\System\Ole DB\en-US\oledb32r.dll.mui
| MD5 | 6b2a5a581a406afec632446f75034599 |
| SHA1 | 3a4510653b7cc149e3d7049b7de7479100ef4d8b |
| SHA256 | 09a111aae904aaf6355dc35a41039d731280e01cf2d2629a112ee8d002e9f8c8 |
| SHA512 | 8b7dc65c2309ccdc9a85446b8174e61248ba2b2937605ed7507713516e62e334e877cce89661f1f5a62fb11a2147f8e73ca996f23a7c88cb1c64c58e967437b8 |
C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui
| MD5 | 612a76d2b90101d1200a09003e09dbad |
| SHA1 | 6ec29a7d70dc4faca0a55cea08e9b16f67d4c8b2 |
| SHA256 | aa830c371dbd76e6947fd1a2f13c19994def7c31d4ce9025e0541758579e4ad4 |
| SHA512 | 7835e37cc526cc413cb8c3cc8f0f7903feabbe92fe7aef48e3d0567adf5611bb4efb1fd92658440a760b13b1df7e635aa825dc0f7a93392a42239779cc0397f7 |
C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui
| MD5 | d2968f5735c372ba2c995470253d82c3 |
| SHA1 | 089d1f9dbe5eb2c0452b0ca108070b07bee47a03 |
| SHA256 | 240787551a2b8775ac32169313861383a9314370e03dbdd80b7d137d23277558 |
| SHA512 | ac4dc015990aba887ddc5dc31a61781bc96eaf9260ed605bb951c9ccc30b79f2a53f6195a76a7a0e39c2df0c8e53a725d558f8623400bc59301f44a0ef37791d |
C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui
| MD5 | f6ba44dbca620b449341aa6f177d297d |
| SHA1 | a81187d6792b1d9348fa1c19764b392025c92986 |
| SHA256 | a6e4c3efb30a85fca6b5ef909400f2dedff23001fbc0b61dd33e3f10e5964db2 |
| SHA512 | 4cb9b789afc67bfd5024dbc6265cb0440541a0c549f5d90f92bb32f753da70520e41b0638f4cc40da768ae4658c6f3b059a73e86609456ff5889141e1ea63a82 |
C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui
| MD5 | d26d976b64afa3288339a1bfed0a68d0 |
| SHA1 | a5404fef361e2eb24a5ea60850163d94afa867e1 |
| SHA256 | 58ccdfe3052b6c415a18c3ddde1fd02135dcebd188a188d1fe44349ed744ecbf |
| SHA512 | 0c9873b225a74ca3f713b5c4ab21e4cd69e97f722da2c402657e4bc07ec10d5969d730e6f4826cbd18a3d8c485e535bdd6c37a6e979dd5ecbe939b7b6d244e07 |
C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui
| MD5 | 11b933e7a32873a87af316ba11b122e8 |
| SHA1 | ef9412b497f3c65737978ba8562185d92b50b778 |
| SHA256 | afca257983947d446f2407805a8ad3738317f7a70cc8961469dcedba02664c96 |
| SHA512 | a81a8063eff67b5c895951efdeb261522b9190a5ad97171e76605e3dcf3c3c4ba3cb5ac8e4af1a255411ec2c8724541def6aebdc2ec4dc6f99b6691a5249f175 |
C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui
| MD5 | c711321e49909d868553e6df3a7f5107 |
| SHA1 | a8a84dd39478c8ba0f9d0ec3606cc46e06091974 |
| SHA256 | a6f3e9d64b8746b7d82cd269efe8466970376600fbe013875d14229858317e36 |
| SHA512 | c75b48e93e02bfef7f6b9479a891dc8121c42ed3942a726031ce1dbd9bbf3e0404660c22a78ee10080cc0fec01f0c3832ac1c41e7c4d5adab23142442819ca58 |
C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui
| MD5 | b862aea85ce46292fb24ce889eacc867 |
| SHA1 | ceeaa152f7cb25bdcd865df2f284662388c0f580 |
| SHA256 | 02a5beeddd80d14e64c5573e15a42b74b176ca804bc46497a594c3c83f60bc49 |
| SHA512 | b03c0055197c928d450b9de108b14a3d5e8662c9eea76005f6b9eab97afc16530f1bed3179a6356a16b66ea97aa96176b6683f9901c6e502f3cd260f0b45d28f |
C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui
| MD5 | 1f87df3cd49f434790d295c6388f4395 |
| SHA1 | 1547dcf082962d712f7808a189f9ef73432b5fb4 |
| SHA256 | 546b238ec9fb346ad5470900b94dd85ea79b19b9eaf895fdfa494e04e2b6f7fb |
| SHA512 | 6584dbb8c36f908bc5e0a6d8ee8aafb89a3e428fbbf25be0811a62cacb7d3dfd6e3502ca181b9a216cb6d71254654625f62b310aacefdcf10286dda410369298 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
| MD5 | a7c276137c056934ab68c304c319033e |
| SHA1 | b34abf232a61e7e11a2c9c1b777862a7290cce89 |
| SHA256 | 8d4c88156d0de75e86b2f8ebadf8865f2eb56416b6cce1241fd69e0d10a5108b |
| SHA512 | 7742027aabebcc76c7a64e5f8ff00c0de5e19f3a8d7e25dd354731095cb3c02db3903f5f0bbc37f61d30744c94fc4e3b4aad1c2b5e666c6769c25245b5716368 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
| MD5 | 9c7705471ec2a3f6d6d50aab780f2dd3 |
| SHA1 | 34a9a47603ef94b30ec5b9566e980ace3b8a1215 |
| SHA256 | d895c139325ae22213dcaef7d3b2cc745d5eb06b4b690e068364b58e8c9bb3f7 |
| SHA512 | ac2bc1fd7cc5b98eb22f0968fce395d22df03efbdef8f149f6eac8fed0fc1f61cebf14d4eb425804a5bb6ae139b1fd894a634fc2256e13064f1e7fa958104a0a |
Analysis: behavioral10
Detonation Overview
Submitted
2024-11-14 13:19
Reported
2024-11-14 13:21
Platform
win10v2004-20241007-en
Max time kernel
130s
Max time network
136s
Command Line
Signatures
Deletes shadow copies
Renames multiple (11273) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
Reads user/profile data of web browsers
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionMedTile.scale-100.png | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\AppxManifest.xml | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\micaut.dll.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ONPPTAddin.dll | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Resources\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-48_altform-unplated_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\ar_get.svg | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-200_8wekyb3d8bbwe\AppxSignature.p7x | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ul-oob.xrm-ms.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul-oob.xrm-ms.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL103.XML | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\153.png | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\organize.svg.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\jfr\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\MedTile.scale-125.png | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Microsoft.MicrosoftSolitaireCollection.exe | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\SharedMemoryUWP.winmd | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\osfproxyimm.dll | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteWideTile.scale-125.png | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.dll.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\VVIEWER.DLL.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-1-0.dll.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\StoreWideTile.scale-100.png | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-oob.xrm-ms.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClientSideProviders.resources.dll.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\MSB1CACH.LEX | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\en-US\MSFT_PackageManagementSource.strings.psd1.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\css\main-selector.css | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XDocument.dll.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\ReachFramework.resources.dll | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-black\SmallTile.scale-125_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-150.png | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsFormsIntegration.resources.dll.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\sk-sk\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\pl_get.svg.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderWideTile.contrast-black_scale-100.png | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\S_IlluNoSearchResults_180x160.svg | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File created | C:\Program Files\Common Files\System\Ole DB\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Controls.Ribbon.resources.dll | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\TestDrive.ps1.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Programmer.targetsize-24_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_pitch_plugin.dll.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\misc\libstats_plugin.dll | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_scale-100.png | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ca-es\ui-strings.js.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\questfallback.png | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.OpenSsl.dll.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.targetsize-64_altform-unplated.png | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\PeopleAppStoreLogo.scale-100.png | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ro-ro\ui-strings.js.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-pl.xrm-ms.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File created | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxMediumTile.scale-400.png | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_invite_24.svg | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-pl.xrm-ms | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2400 wrote to memory of 804 | N/A | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | C:\Windows\System32\cmd.exe |
| PID 2400 wrote to memory of 804 | N/A | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | C:\Windows\System32\cmd.exe |
| PID 804 wrote to memory of 632 | N/A | C:\Windows\System32\cmd.exe | C:\Windows\system32\vssadmin.exe |
| PID 804 wrote to memory of 632 | N/A | C:\Windows\System32\cmd.exe | C:\Windows\system32\vssadmin.exe |
| PID 2400 wrote to memory of 2804 | N/A | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | C:\Windows\System32\cmd.exe |
| PID 2400 wrote to memory of 2804 | N/A | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | C:\Windows\System32\cmd.exe |
| PID 2804 wrote to memory of 2448 | N/A | C:\Windows\System32\cmd.exe | C:\Windows\system32\vssadmin.exe |
| PID 2804 wrote to memory of 2448 | N/A | C:\Windows\System32\cmd.exe | C:\Windows\system32\vssadmin.exe |
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe
"C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssadmin.exe
vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssadmin.exe
vssadmin.exe delete shadows /all /quiet
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
C:\ProgramData\biobio ransmoware.txt
| MD5 | c8a67f8b8ce607ff54e7ea29fc000450 |
| SHA1 | 4fc728744bb78a8c29f05c67e067d3af755c9cd9 |
| SHA256 | 9a0cc9b664d21fc01f93ce946d8426cbfe4a38623e2b6fe06c967291fc9840ee |
| SHA512 | 43148dce167a73b32b26a031e97ca75b8f7be8bd0391217d855ed7ae1feee09a9a7a4f356f30d054a9c157cf29d25b24fff321c96f01cedca86cc348f3f556e9 |
C:\Program Files (x86)\Internet Explorer\de-DE\iexplore.exe.mui
| MD5 | 3d50edc282e670f5fb9e6b645c555eb3 |
| SHA1 | 45e29290b5a6168386086e2e5648c520ed2904b9 |
| SHA256 | d295c31a4125b479fb2d4c949c4cf39f39d8ad871da7436fd51ab27f479aaa23 |
| SHA512 | 4b84c067243ca45a32aa15e43c3b458e1a0ce6b300c237aaeeb703d5beb4bc183c260dbaf445b90ac2d4548a6be5c55fe461b1eecbe5f65328eeedaaf48bf03b |
C:\Program Files (x86)\Internet Explorer\es-ES\iexplore.exe.mui
| MD5 | a232c4e7c5802067ef9d193a24086403 |
| SHA1 | 1e39e3248fc12088d5d31639ded9c05567165425 |
| SHA256 | 734f306a94a45e68b3c5ce86e4791dfb7da147bc2922f3e94ff731dda1ef9937 |
| SHA512 | 7ad7c3867414534a6d2f83d0a7e3ce81e8c0485fae54f0e48d0a20255d711e2805e27a6ea149ee9f3db2c91e2fbfe266e434573830b20e284efb00235f51d420 |
C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
| MD5 | 68f44754575b747bfec321f7b2b1acd4 |
| SHA1 | ac6b5510ab1a375915fa41613673b542c51d2e28 |
| SHA256 | ff317e956f9bcc5eb1349cf691c600699220bd0451c67475327b747707232a5e |
| SHA512 | 60ba0df5fd606f1b6a63cf01bbdd2363799afe6fe1a159e93e80feb12e47c1639513aca936dcb9c53fd0583badeb656190af7e9d3741dba17cf18d5e2176de4f |
C:\Program Files (x86)\Internet Explorer\fr-FR\iexplore.exe.mui
| MD5 | f58aaeae47a1c742b23b118168e69e7e |
| SHA1 | 46d50e55a92fcf50c7f5d0a06cd9f5ae2914a8eb |
| SHA256 | e3095d1af7b66d7d085062e782e62e9efb70217cedf05b5800343f6995b1d7e8 |
| SHA512 | abb8e9f520ac12745c866ddf9c094c4b727bfdab608e3d45b61f3c41ce61d0fe788bf50426a33b51f556af4078718f96da86ea693c0a3ffdca509ba47c917b0a |
C:\Program Files (x86)\Internet Explorer\it-IT\iexplore.exe.mui
| MD5 | c52bd9c630e857d73b1aa89adeb8bf7b |
| SHA1 | 9bed2b1032e31f65b7dd91c2e038bb7f05a10f66 |
| SHA256 | c8d9a3a1fd12b88f58de698ff7b9729c55e4e92c2d62789cf42a06708d3ef6d0 |
| SHA512 | a0d69229131c70b6b931509e3e54f3f5e8e38c81f2a3b821d952fc37e7b0bded4e100d70fc55a9b3f168fb6801f90c90463a2c3641693572f18c92ccae6a4510 |
C:\Program Files (x86)\Internet Explorer\uk-UA\iexplore.exe.mui
| MD5 | f94624af53b5973823c32ab0ee218a5f |
| SHA1 | 213e0b44648e678e1792ad24d9ce7a8c0bbf619e |
| SHA256 | 32598a992ec8f5d09372b956e9586f5c4c9e446ce8625259f0c46cdde3641a9f |
| SHA512 | 04d7089e2f79f588d0673cc5a3aad5f1afb8baef2b8e523460e1e2abd317b30bac67e9b53663324c121fb418f6dc0f296692db1ed9417711432ee351e2a2675b |
C:\Program Files (x86)\Internet Explorer\ja-JP\iexplore.exe.mui
| MD5 | 60f3aebb3b3e1d9beb985741043d42f8 |
| SHA1 | 154d2ad7f9ad150936b08109d5d543dd5e396085 |
| SHA256 | 6e3a8fff1b4ee1a7070c77564c3c18055911e3f5625926d1cc0af2d1f707a8d7 |
| SHA512 | 43205c8fba7235512d16de29de2f11efa86ceddbf26ce414a8026af4bf99d46b837b5b2b0bb6f32d6c3f277c04f5fe69ce7873aa92f82d3f315563020065ec53 |
C:\Program Files (x86)\Windows Defender\it-IT\MpAsDesc.dll.mui
| MD5 | 98c5f7f12d4917c9e0abdf010ba89968 |
| SHA1 | 4ec95e2b10a2f2462c862bd203abf65e204fdd16 |
| SHA256 | 8f97b62b90cb4d1bf765c6b7ea989a169a03cf9bf955c0fec34658f109b0b3c6 |
| SHA512 | 389dfbcf9480ea2054ba49307f8628bd36a07fe37f9667e0495737185748eea67e2bf97930b29b93860e277f170f398ac85fb09fa6fd5797cdd9bb582d7d9c6e |
C:\Program Files (x86)\Windows Defender\uk-UA\MpAsDesc.dll.mui
| MD5 | 745600b6b3f56525bb025b8952fe41c9 |
| SHA1 | b18d7121bde2e1a8f7285442f96be059802acf3f |
| SHA256 | 2a51a2e82edc12f55ad66031ec808312af1c860f561b062d4d09bb2e891c4a89 |
| SHA512 | 02e6d45a5545a120eac069b1bc9d7be8d5daa516d0691acf554eb08210213d15002d7430ce0593e3d932ad4a66b05b98051ec9d0ad7d32b1ff0305dcd9be9cd6 |
C:\Program Files (x86)\Windows Media Player\de-DE\WMPMediaSharing.dll.mui
| MD5 | 3ec86ba7a3bf25060c3b546680d0a165 |
| SHA1 | 843ff8875af3020c0360f8d2f90edfecfd362ddf |
| SHA256 | 8a928346f69c00de651470fa6791ba5d45471fe827b3acba63010f252cc6748b |
| SHA512 | bdf099c7da4ee42248c57321322af13253304aac5c28c2cc86c8f242e323e869f7da98f90129585af1a3d57f6a0aed2b1f9c51d96953183e39c764b225213037 |
C:\Program Files (x86)\Windows Media Player\ja-JP\wmpnssui.dll.mui
| MD5 | 36e2f9f44892cab94a1388263e4ac903 |
| SHA1 | 24187905b5506bfbad05d18ca7b4b96efef7e47c |
| SHA256 | a024c747a8aa93d0f22bbc6c9b66f4c8e820d966880a873622701b935800d5e2 |
| SHA512 | fd85459b49f52243777d51a2b86900b8f4632c9773680f5548df06cb38ec9cb5545e78dd2d6cc0598630e220fd93140816eba7adc7b0ee0aad225e5be1fb3a04 |
C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoViewer.dll.mui
| MD5 | b002300714db9f27b6fc1d173c64573b |
| SHA1 | a47be74afe54b0034850cf7a6fb20de1204f7e52 |
| SHA256 | 0e27c1f9fda3e81038cec2b41bad80397e77f20f902a223996586f6c586df34e |
| SHA512 | 8576b1a742ba523624b33ef2a32d1383946d7307479f5e8698fde6f7adc37b80a8a53803cb7af17d16b82af36576c0276bcce0fbac865bee09f1b88b24bef076 |
C:\Program Files (x86)\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui
| MD5 | 0e855853531af3b5840fcaab1f64ef57 |
| SHA1 | bed32cc61559ad59d317945aa50913c47eeebd8b |
| SHA256 | 11a3c461a60ac16a898450545640c4de3fb7f9c0e0d91adebe420253a4ad0469 |
| SHA512 | c5418c4ddd3bac4e30de980b8dea20c9be918130e92fafff62500549a4dc5b7d4069f7d3ac1eb1b383dbe417968e9ffe2bd032440289cf4083d01e7b7a80dff2 |
C:\Program Files (x86)\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui
| MD5 | cd65c2bf5258742d69d8f0a1a08f2e4f |
| SHA1 | a9038e3e6dc5b325c75089b09dbb1547fc297f52 |
| SHA256 | 7b6961740a60b9f752a0892c6b3e6b10e05e6f881cd86a5ff84c12d68e72b13e |
| SHA512 | d73b98b5e10cca9ca1d2b4fdaf2426871e36b24f2487acdfdd437ec31152178bee9f86d68e5e0ceb15b47e6f875fcd268f3147f40dbf082d9754d8908f9a5867 |
C:\Program Files (x86)\Windows Photo Viewer\es-ES\PhotoViewer.dll.mui
| MD5 | 9cb9c10517a56be070a7e9ef10f9cf58 |
| SHA1 | f62997b08402174a41757fb2e2fbd07aba2df372 |
| SHA256 | 506e27d6f29f44e2e808f5141657d87808e9da354d20caceaa93b27d6144b558 |
| SHA512 | c6de8f37477251a24eb906a0125a5fdb7c5237adf1d5db4691b3b440718d474d05fff3d1196cd93cc06c8ad3c12be26ead83f6300b02cb42b521e8ef94b9671d |
C:\Program Files (x86)\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui
| MD5 | 1525bee25bc1f54b84140b45ff2ab0b8 |
| SHA1 | 0fdf7686af95816d62c444136de096b0e47294c5 |
| SHA256 | 383488a4c8ce6082a7b10dc8faf6416f9fbc1d1e23452f9001f40344ec750c0b |
| SHA512 | 6ee1c0e682f806e01084ff1707e4e26cebbd85268db57ac7846f0a732075c6fcb8fc8b354f66476139c44a8c34cdde8be4189d6d6d2d58172e26c6a2396f4f7b |
C:\Program Files (x86)\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui
| MD5 | f9f3cdb889018186a70cb6a708c33b96 |
| SHA1 | f6a0dd62fb56413bdffaed0cdf3de19bef3da299 |
| SHA256 | 0378f0e7c3aeeb055e7b826fd1390e27736150da02a3e5276c49de434a509e13 |
| SHA512 | d3b04546f4442ba891f436e8ce8b0a10c8000c59e3c03cac98e753c2f38791da6e46ce55911984e9ec9108845d46fe73eff3c76abfa7c394d30cbc2652f3116d |
C:\Program Files (x86)\Windows Media Player\uk-UA\wmpnssui.dll.mui
| MD5 | 1b0062b69b87dc08cf5a87b772ec7bca |
| SHA1 | 7c390de7de640877c24b1534dad0d0467215c369 |
| SHA256 | 32ccf8480525956c79d7b0a7517f5e1c04f353a935e34ab61dffa1f0f55f0d0a |
| SHA512 | 6181470d74decbc944197bdbf5ec55ebbbc4a3886e2afe54a31faeb00f6245e450a56c88cc36cc57fbbc3bf0048de7fcc08dbe9ee5ec8883b5b2bf6f7d70cc34 |
C:\Program Files (x86)\Windows Media Player\uk-UA\wmpnssci.dll.mui
| MD5 | 921cd88c459d787d53f41103fcbc706e |
| SHA1 | 0ab363bfa0ad15d3e1c40014633ab39661f86919 |
| SHA256 | ce2e69f4752d481e1ff8c1703d4a8480db8bb7ba3d3ce6cae59cb391b557b770 |
| SHA512 | 8729543ea85cb8e5a6d5248df093833d0012973bc8df3f3895984b4201cb6cde08c3856973035b6e306588dd46a6843bb881440514a95211b13b3d01c82f4f8b |
C:\Program Files (x86)\Windows Media Player\uk-UA\wmplayer.exe.mui
| MD5 | 4dd567d2208ae516d5faefdd74bfb92e |
| SHA1 | 06b9fcc0db2cabcf3ddc1a2ef076a181f51eabe8 |
| SHA256 | bde5197e592914fa556924656cacfd2a272eb8efdb2c25282f6250eee2086e37 |
| SHA512 | cd4782d1c4cc15d9d18d4912a5fe5b8ecd41354cec08d647bb7679b4958570bafced4e5578d1b4d0f081975ee7ec51c451fa10ddf23acc5cfea585f4f76c3151 |
C:\Program Files (x86)\Windows Media Player\uk-UA\wmlaunch.exe.mui
| MD5 | a2445b27ca9df05fc7ce3213c2ad51cd |
| SHA1 | 2a6eb9a86179a126a6f2b6cbdd5f1a74dfdd3171 |
| SHA256 | 07f11b866f8c3dc571e8fe71f0e60d8b23ac133c389387e9ff43684e52097db1 |
| SHA512 | ecde62a07a7edd276198e7022fcc129d615e4096bc2fe5d9962e68fd5a44e42f543b8fda237c85a66a39f766b5abf96aeb6ca4d008d6266292a044eb5bdc5e4f |
C:\Program Files (x86)\Windows Media Player\uk-UA\setup_wm.exe.mui
| MD5 | 534a725200f0d927108874d785b14fed |
| SHA1 | 75508603b342e4acd65a45bd5ea203d0e1882232 |
| SHA256 | 85c0f9a35c8cd52e37d5776a966db38d1f920ec7fc764c23d011bf602598561e |
| SHA512 | d21bd8fb3ac401d21623820455df3bba1de6def413c79177f43b9725916a80a5183a3324740f77fdf9c3046050af29990b819507b5d4700c9f50de75e130da1a |
C:\Program Files (x86)\Windows Media Player\uk-UA\mpvis.dll.mui
| MD5 | c4e64f8d08d190ac093ab7fc76bdd4dd |
| SHA1 | 790dadc63ed929081e146c0df1ebf707e9e22335 |
| SHA256 | d73c34a1abaf3ba0c3cb77ed3be0a0ed62ff1da00b6dcbaa8098fd164f48e789 |
| SHA512 | 911e8bff527c1d2899e2022a5a0e2d06c2b9bc39d7ff9461e6b33861d14a6942f1bad6292abfb852a12ef732dbadd9cc8970214e7ad59f600a142271c2fff6a4 |
C:\Program Files (x86)\Windows Media Player\ja-JP\wmpnssci.dll.mui
| MD5 | 277833704f55e6616c31ecc7258af49b |
| SHA1 | b63a095d7e5555ecf533dcc47dd432c7b3b5dd9f |
| SHA256 | 1b020eaae5a01eda1f4a18a81b2ecb8861815d49129e28751c91b63570a2cb4d |
| SHA512 | 3ee3033d54a2052843171f1b26e6fd33ba4ea78b595e27c3fff688104f6ac0c7e36d2c312de2cfab3a60c9fd93d6c31588145e208928973806ef353a0e10720b |
C:\Program Files (x86)\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui
| MD5 | 6542e1f9636558d80d0c4f44b6c9f076 |
| SHA1 | a3231aa72f9a8934b07feef0bbc9ce29834fa39c |
| SHA256 | bba612c78c8e93aaeaccb7c9a14276385abf0115e7d8226bc84d2973f8d3f646 |
| SHA512 | f7caeec44e0745ed9a168efeab175a8175fb8fe405b69f3f195409b88a3e7850d53f611aad843b445d67a808287e162d34cbbb3beccaa0eca1f79d7835a039e9 |
C:\Program Files (x86)\Windows Media Player\ja-JP\wmplayer.exe.mui
| MD5 | cbd4a1dbcc2b1820e6db1a040d840591 |
| SHA1 | 1928c5be373145d0ac2dfba9791195708e1887d1 |
| SHA256 | 0d241f0ad27617c89b0af84964cbc1499671c06e275a04464fa04a771d224eb8 |
| SHA512 | 1bbcdfffda5e1246365a64858c9702eea6e47a155e4027a9d471117cf4abe953793b2a797fa5ca96298ba29c68aab60599a8a0fb8d1e55c5a9791c1fa6c5a2c0 |
C:\Program Files (x86)\Windows Media Player\ja-JP\wmlaunch.exe.mui
| MD5 | 494c71c5eedde5da5d646b2ca27664d0 |
| SHA1 | e76b9792919d815ac21b35d3671eb2ca0d383592 |
| SHA256 | 39c09616f8c4cb9c0c413c46308cd534649493c8b4adfeacf593f1d01f147fce |
| SHA512 | 343daf5978e84cfe5203e9aefdc3a14ba396b2035e9c365ea5b289412e12057e43b60bc7006d3e57cdc02bba007f188847b84ebe58e44a03ee0d7944bdf8ccc5 |
C:\Program Files (x86)\Windows Media Player\ja-JP\setup_wm.exe.mui
| MD5 | eb4317ba9f02b1d45e06d18e6c01c8e6 |
| SHA1 | 2d42b7ea5677035cc3aff49c49ea4a0be4b2228e |
| SHA256 | a7de85389895de80098a2c0837a64a1b0be11e5f30dc475b490cddc007f6eb94 |
| SHA512 | 45bfa0f8652cfa792e3dc4a69a01972bd6218d2d8f3f2101bbb2d610675ae1984d1fe7867cda7082edeb3091f1daaca5020bd60258855596dfb449a15ff14db4 |
C:\Program Files (x86)\Windows Media Player\ja-JP\mpvis.dll.mui
| MD5 | 90d33066e3ef861ae50d3887353a34b3 |
| SHA1 | 9261d5aeaae11ccf43a3165788820a1da7527ea6 |
| SHA256 | 3315e968f32e767f3a3c6e930e5713762146d004ae4b6bfae0ca69b60b7ee733 |
| SHA512 | 2efa5284347a39f3981ca6d9b5c5bcd46a098484577e20e8167a3663bec250881561a4148d6b763b036f216e4de1612cc59ea64661f8c1ccb3a906af6f96bc50 |
C:\Program Files (x86)\Windows Media Player\it-IT\wmpnssui.dll.mui
| MD5 | 4d7240b408b93509255fc6e897d6a924 |
| SHA1 | 74eb773d73dc4a20c0ac3d9d2e0ea18fb361ca03 |
| SHA256 | 1e5b6c13a39a3de298017aec8fc29aa799c479852883585bc16a188b370b4af1 |
| SHA512 | 5d50940d6e8cca5219a7297dd75b2449c3c14666ef7cf6529db8afe895fe3aa93f287d3d357ae211043d56a59ae817cea00317909d26dad069120055852a5537 |
C:\Program Files (x86)\Windows Media Player\it-IT\wmpnssci.dll.mui
| MD5 | bb9808bd45ebd79004314365d8c8deec |
| SHA1 | 8c16c8eccba7afafd280baa630381f86a222ff59 |
| SHA256 | 0091e341c2d27972d1641af6abc7c8de5ad6f501d67da1734f247b7259ae371b |
| SHA512 | d91bf3b44550b6836e6100d6627f0e21e425d97617c5dabf726874f0fe614600bcbd88547849d631b72492e1610a197ef8071e45be25ae0f7ba9ffb043d4de30 |
C:\Program Files (x86)\Windows Media Player\it-IT\WMPMediaSharing.dll.mui
| MD5 | 3c0111b5799b4400fb628ef2cd9efd35 |
| SHA1 | 8f00bfb4612098182fcf1b53d959657a4dec5209 |
| SHA256 | fde2ace34385244f96853961a328c652a6bc47fc428ef4462f33f1bbf44192b3 |
| SHA512 | 2833e71f82c891048bd13763b9b0f05e4118b06d01d3f1537d950e196f821a21e74493bedff7a1075940d7c9c57b6fe1c29e0330f944f86b8e94f85be1ea70e4 |
C:\Program Files (x86)\Windows Media Player\it-IT\wmplayer.exe.mui
| MD5 | 0a195aa265ddef68ade10e6623fb39e9 |
| SHA1 | 798de0b30fbe8536c8a332a513a3ae96f680bf2f |
| SHA256 | 68fbe098c2716f076204894d175afd64365ded1fd2f4c2f1ad9efb18035543c3 |
| SHA512 | 0bee00721283041d1546b15dc5351a39a55002d0deabe095fb5bee1a58e0e13f1d31e948a57990c51da276df024ea7a12a41120fd31d731ff9e96e859b010dfb |
C:\Program Files (x86)\Windows Media Player\it-IT\wmlaunch.exe.mui
| MD5 | dff66e5064295a29d0c3191422e61342 |
| SHA1 | 64e999a911ef877d60540c5ece1ce285143f41cb |
| SHA256 | 7e1930ea792ef18874ae4ab2bbddc33fb6621a3cb45e5e6b75940bcf2c7a33f8 |
| SHA512 | bc57cd60b3eff9c34b44abda8dbff611982bbbcc60165c31bf9211d1524a03c96a5653bdd517a8689880195968b2e47038733a7e30c06748bdc754ae4d4332b2 |
C:\Program Files (x86)\Windows Media Player\it-IT\setup_wm.exe.mui
| MD5 | c9d3e6aa043f40c0b3823e75f1e311b4 |
| SHA1 | bf739099ea8eb834378be1de9fef6276d6f43988 |
| SHA256 | de25fffaa4b108866c8f41fc02211fb4ffa1291054dbf647aa43f6cfb517c1fc |
| SHA512 | 47e2c140b96230242d91f8dd9ccbe7045452e62faf465242bf4091e74745afb978dcd69ae2c2cc41c55abcdc9daf6c0d62181f34e8b8a0c95cc56571aaa64459 |
C:\Program Files (x86)\Windows Media Player\it-IT\mpvis.dll.mui
| MD5 | 00d806dcc2cfe2c18dca83c18e4c4887 |
| SHA1 | 44f5cb7439e718ed7b3c06c5abe2c744c6c16a5c |
| SHA256 | a30e792874e3dbc518a37d762ff5418f5c7c26b1f34709fe7ca57d344fa0e7db |
| SHA512 | c9b36e6af5178810d81a872403d33b5342bd252b3bcfb012f34f3a689aa296a301e8bae6161f0c23a1e909ca4036b61802daf5186d0d8314d470c6d4e31a7c75 |
C:\Program Files (x86)\Windows Media Player\fr-FR\wmpnssui.dll.mui
| MD5 | 31b1dee539387cd0796338d194292d37 |
| SHA1 | 9a162f564e13588c8f89bb0f2127179673260983 |
| SHA256 | b917fbd3a98f3dd3a407c28c86b37c79bf8a4e725acff24163bb90f40301df74 |
| SHA512 | f2a02cbbe94bad644225594328b4bf9cb588a056aa0992b5d6c0d08e20349aafe7ef72dee479b490b11d859a9db6f9dccdbdef9dba710bff5683d9a063779218 |
C:\Program Files (x86)\Windows Media Player\fr-FR\wmpnssci.dll.mui
| MD5 | 128a53c0b5d58dff0a75cee2249c48d4 |
| SHA1 | 08c9855b8bf2eb25502a427f1cf911da17fe3f16 |
| SHA256 | b9470daf4ce341e7f0c5abac5a0f840c5d7276aadf5d9134a500143a99c3813d |
| SHA512 | 67d83f6bcd1e1485a2d6b6cada639caf0a72ee675a3ea6eca53a6af0685e84cdf46a8c042fa5e5c24b7f7cc593b0cdd4fb895cd468e6210ce6a909bde0681894 |
C:\Program Files (x86)\Windows Media Player\fr-FR\WMPMediaSharing.dll.mui
| MD5 | a5543b59f4ca6eb8f7f8e867808a8d09 |
| SHA1 | 9e82275cfc8ec1368983aadf3d3ff1b1d669035a |
| SHA256 | 74a25eae0ad54bbe94f85e6ac4552cca3cd8e3f4a778fea2649ac9a11b6b900f |
| SHA512 | 6ad3e58f7191999ed05f953757188b7b38dbb0d881fc544bb5a5df513c2f2a75a63d1105ba3e8a55dbb5243077ea311b9b5227ab607bd72791ad3af92581bc22 |
C:\Program Files (x86)\Windows Photo Viewer\uk-UA\PhotoViewer.dll.mui
| MD5 | 0815f8d9e23ae6067ef6527ae094cfed |
| SHA1 | 90372c71d9396e8701cadc1056f1bb1568228e04 |
| SHA256 | 9eac2002f63d3a02a5e6a0fd914436f42b3f67d7bd4263d4582689abcd00f60a |
| SHA512 | c37ff62d2fd02929055a18342f0d964e17a95134ff3fe5a83edd57cf038ec267972f5184a25967b49f1e6dab97e9ea1dad9e2d4c79465555926e06c64ec5b9d5 |
C:\Program Files (x86)\Windows Media Player\fr-FR\wmplayer.exe.mui
| MD5 | a93c869d27c6bc062a230e6cb920bd8d |
| SHA1 | 324f76ae5a6781a28c7e8966a5f5fba5edd427e7 |
| SHA256 | 31dd0560a1543508b7267b0bdc469b843f57ccb364339d586e844d436feedfa7 |
| SHA512 | 4fc55fa389711f3beabbbce0c01d6fd0de010d2a3a34623bcd1f08f373308c7ccc20cae96be0e5e00000281534fe0d16d644214cadaf44cbb9af17d81cc99025 |
C:\Program Files (x86)\Windows Media Player\fr-FR\wmlaunch.exe.mui
| MD5 | 60354fd7f993aed64aa163d14886fcb9 |
| SHA1 | 033e493e4fb1cb830cffedbc2ebb97a3cff2fbef |
| SHA256 | a3f29a32e1e640ca8f2c190fc3169fff2359e8ab09af3d2f2e0513209dc1b862 |
| SHA512 | 288ab2af2549570c35bfe50689800e278b89d891fd0a8b5e8095c4e0ec44f0ad363befe16103a502e1021fa5eadbbe987bcf8ab27c8d49f36db4116c7fcde4e4 |
C:\Program Files (x86)\Windows Media Player\fr-FR\setup_wm.exe.mui
| MD5 | b1ff1ab6b1ec501da6ccab8cfc6ec675 |
| SHA1 | 5de32f2ddd5fff9f634d22bad1ec4b2a3abdd75c |
| SHA256 | 59091d6cee78daf175aff8ddc8fffba6561d664437e03b20ea942bfb35f9cb30 |
| SHA512 | 51f4719027cbccff07bdcfaf11ce28a9be44cae9fbba8cec5467f0100bc5bb491c700591ac0f33b520218aa8c69c1eebfa42fbd83f254e149d4a3b40674a1b18 |
C:\Program Files (x86)\Windows Media Player\fr-FR\mpvis.dll.mui
| MD5 | 3486e5cd5bf6a5bd14af2f5400665f0f |
| SHA1 | dc22c8657a9f6a5c93e3912703a5b05b8cd9b378 |
| SHA256 | c6017ffe39dbb27e3e10420e6500cfb8b443270bc690c26e2a33f940ca031a77 |
| SHA512 | f7b892a1a103c80b1e5a1dd5df592250b033fce6743998dd9d70f19a4715f21a4c55ab5b6cda448d74fd9ea81ab374196efc43fec7ac2bc12919e2902c5b0bc3 |
C:\Program Files (x86)\Windows Media Player\es-ES\wmpnssui.dll.mui
| MD5 | 556ff3a145729c65a1b0da41e813ff90 |
| SHA1 | 72a29d82c7506a098abebcd7e4273ccc8086bb84 |
| SHA256 | 0ca4a4e792104227a44f249d5bfd9648c2903a7af9c989b74d53707295136048 |
| SHA512 | b982066034ae0c5f9e19a22542ab07f6125bc9d5bedb17d0a7e9f96f7653e5eb9363594007200a69f5771d62582819c894d896e8be898ca2b8805a51d9f8a4f6 |
C:\Program Files (x86)\Windows Media Player\es-ES\wmpnssci.dll.mui
| MD5 | 549fa0cfda6cb8b1b5e833394434867d |
| SHA1 | f3407099c1162334eabfee74a043f11b69614d32 |
| SHA256 | 84f9a0d31273ca535c4fd1d7f71a43eb0bc6cb0c5916649192dbee7d8ba17660 |
| SHA512 | 01c8535ad3123510f0da3ceeab401810f720ca9b4d37e340ad86bef72b9f74daba87e0d07864eeeacc35fcc429f2e8adfcd17cf2cc86b3ed21fe338992fd3af7 |
C:\Program Files (x86)\Windows Media Player\es-ES\WMPMediaSharing.dll.mui
| MD5 | 894c67f103e19d1d31b8dc16b8e3e490 |
| SHA1 | 0b0bef58100700d643653930899435895930e623 |
| SHA256 | d446512de9974f0404cd632c0c5a149dc327406673597852722fa0e0c347ccf2 |
| SHA512 | ccd32ef455aec2b28ba4297290bffd0cdee54884f490715f9fa59d1ef420963ca613c272af6d01af4da43e171cf0944f867ac3b19e8b1b05219011947b8fad36 |
C:\Program Files (x86)\Windows Media Player\es-ES\wmplayer.exe.mui
| MD5 | e434e843de202a6d71bdc7c94365b824 |
| SHA1 | 6e8d4944252e3f4b8e1a8e71facdf17c3b4e6367 |
| SHA256 | da40aef23f088d7b35b9da5df003009169c29bfe427768cc8e952c410599dd57 |
| SHA512 | e52181a397f903b91aefa7bb2b035a11398246104af8a59db7def1c8efa9d9e7f04d56ed01e1349616cf33ef37643358ee59f30258674f15df14e3235d713f9b |
C:\Program Files (x86)\Windows Media Player\es-ES\wmlaunch.exe.mui
| MD5 | 0b666b7902654b88346e2f3c6fac0cd2 |
| SHA1 | 753247f4d886b5578b2a3ed2354cbdee83234a59 |
| SHA256 | 9c1cd1191a1562115feab95ba880132358da01fe4fa2703a4df019270118c53e |
| SHA512 | adf60fe80dc904bff0671b272624d622de3cfd5179b7194e157fc5d1151a237a1c938c6da5c57d1a81d3cfd33d7b75c680b5941d12df38cebb225f37f36c3dd6 |
C:\Program Files (x86)\Windows Media Player\es-ES\setup_wm.exe.mui
| MD5 | f6a1f42d7b1ff710e61a4b6373cb8b10 |
| SHA1 | 61d08be27bd534f12609aa22cff6513bd378d0aa |
| SHA256 | 08dd5bfbb20769ed969e4b7bea0c505f1184bda167cf44e91bbdfb6f854e2395 |
| SHA512 | 82f788a318e0c4863f7fee0ca27f2ecf23f3befe2d36bc46c006afdceb930792a5a5959aeb554c23db19151e41b9b68349c1b8488bd0c04627671d7753fb6778 |
C:\Program Files (x86)\Windows Media Player\es-ES\mpvis.dll.mui
| MD5 | 2023b65c4851a982f429051ffaca9d77 |
| SHA1 | 50db94435dd85010e4cca841a945182b272b7924 |
| SHA256 | c56a342cdab3a37bea1fc7baf1097c5d8773ee44d2186a7093c2a4b0901e0e38 |
| SHA512 | 145efd4b27cdb4deec4ab0b7a74e94f3823c5b66a9ed87f5c450623db0daa3fa2de6f306d37d1fe223b078ae0f228930ccb1bfd1e4de81e646ee590022fa8f30 |
C:\Program Files (x86)\Windows Media Player\en-US\wmpnssui.dll.mui
| MD5 | 721b845902e17db62961720087b8c966 |
| SHA1 | 1413ca9840c62b14bb372ec537d50625061c3fbd |
| SHA256 | a5d22a59afc25fca90e9730bde82de829f17c4f79006ded0424f88cfd8a099cc |
| SHA512 | 310ad6f398308ed0c90d7497734941cc95bed02c0a0d1d52a229beba6d72c576c416a64a0f287afd430904ab52be08680507441e1ed236c78e85be89fafaabcc |
C:\Program Files (x86)\Windows Media Player\en-US\wmpnssci.dll.mui
| MD5 | f0ed1f139fca3498eeae20d9595250c5 |
| SHA1 | af5e1c2c166380aaf0a8acb27495ee18b564001a |
| SHA256 | 47b85ee3323cec09c71cd81ff20ba3e9ace181886b5e5db33ee586fd1477337b |
| SHA512 | e66b70c4dc104dfaf04f0b5d68c24a51a9f7d35796c471a433f09faee72ffa9e464e5ca0e927759efc1aca4bee0368c8fcbb86bc296393469ab8014ae94b4b54 |
C:\Program Files (x86)\Windows Media Player\en-US\WMPMediaSharing.dll.mui
| MD5 | 1ce06b9b32ebf50ebf0e7fb7ac98361c |
| SHA1 | 9b81d06d6eda9ab6e44a37f667884b38fcdfe083 |
| SHA256 | 4512eadbbdb10ebdde32d158ba3e3fb9d513a36172bc55eebd5c5fd7eb0adbd6 |
| SHA512 | 332ac752672c738e2ff52f0cf9664e356d2e79f4689a0451bfa29a8a7b20fe23b1d1f610b673dd81acf922df6288b96d262c7b1b9ec4d89d2407c81980f6ebcf |
C:\Program Files (x86)\Windows Media Player\en-US\wmplayer.exe.mui
| MD5 | 636a4f85bf1ef20a7f0a541bf20a6b25 |
| SHA1 | fac5cb967066e8aed10788439a157c9b12664ace |
| SHA256 | 7e892768dc9e0e17770bef5420df4434c223f51580038bb63ccdf74627979352 |
| SHA512 | d26872a83817004c4e9c6f14d429a1e7c3eb461c0a117a41a2ce2f3e4c8292cad3687e16fd0e0878134b45813e08805f3e28acd3aea7c01e15294b71f24a6aa0 |
C:\Program Files (x86)\Windows Media Player\en-US\setup_wm.exe.mui
| MD5 | 53bbd43b4467068892cd2896463bf125 |
| SHA1 | eaa89935ec4b130ac08b943affdc6dffe2ba31e2 |
| SHA256 | f2c47b7136c78500caa17aa3447b65a941097e2ac1ab0eb74237282588ab59e5 |
| SHA512 | 8025a60f9dee65747d70ccb7ffc3b631ce3ba9e19f65fbfb11dfd23b463ea44d79e429e2a7473940adce2df6dbb1b86fadffcdf03720723676361f092647dea3 |
C:\Program Files (x86)\Windows Media Player\en-US\mpvis.dll.mui
| MD5 | 0994ddc7ae15d5da37dd05042a756da1 |
| SHA1 | 4278f7024d366309cdbac2ee097314d2f976bcfd |
| SHA256 | 9b53b26aa1dc1ab7aba9ad5190f99edf9e2221561a437503c46ad9538c9bdf5a |
| SHA512 | decb9d0cf987376f843421fb76086e7e28f14d0c0e79d834a5b2588f27c1f5edae591c11fd91f4e14c6b06569984de6a4184d37049d4a81e49583ba769e92c96 |
C:\Program Files (x86)\Windows Media Player\de-DE\wmpnssui.dll.mui
| MD5 | f02ad1354ea83bef178271794d23dd89 |
| SHA1 | c9e541a62224ba47e82221c1815c7be3983b062f |
| SHA256 | 399ee3c7a2ad17e914df588af70dece302ae033b593a0c3fd3a4a483151094ce |
| SHA512 | 71d0ff4bc189860f04b57d3218cf58a17794c2824515b4f3eb7e3d9d73bf30168edc0be4f127085e307359869c2e39dc408f42bac9c39b4f5afaaa4d0c8d42e4 |
C:\Program Files (x86)\Windows Media Player\de-DE\wmpnssci.dll.mui
| MD5 | 1d588aab2d06ddd5ff46484875d26f71 |
| SHA1 | 27e36132eeabec1b69e2ab48b9d60536d3e24302 |
| SHA256 | ce07bf5598f7d95ebe00f9317072587435c9b0b0806751457585d2a4ffccb0bf |
| SHA512 | d56a6fb9fd5a5c63976ecf193acfd449f195e833f489ac8f14537af386833bda32d8896627a321737146c8ae6c35b1b30c357cc19b885810ff38340d7be3a36e |
C:\Program Files (x86)\Windows Media Player\de-DE\wmplayer.exe.mui
| MD5 | 2aec981a1c8407d6188d7713c364fcf3 |
| SHA1 | e11d25921c965382854ce3738af2eea13857f141 |
| SHA256 | 004a87130441b4984b9d119f289f59e8b6cba8a24edce09bf06e84c412f00f9e |
| SHA512 | 5023eb1d4d24b2aaa5595298e6447c7040beb449fa2d81894db743087899d73dda562014872e28911c5da636296d6950a9a8245fa469b78047cb591bf78be32b |
C:\Program Files (x86)\Windows Media Player\de-DE\wmlaunch.exe.mui
| MD5 | 887624c5c206b73b74b57ff1b03b36b1 |
| SHA1 | 9eaec3bb6176108abdbe5a46b074ca59c6b2f04b |
| SHA256 | 9b5a4442fb807daed3a5b3ffb71830e83aa0a17f62d0aadba291417e758f3698 |
| SHA512 | 3e1d853b372ef52359b994a7c1aa84054977235ab31ac699c5e6170683aa4735f603ae46973b91c9b031167317271ee9bb37b9c22963212109f5af06247de881 |
C:\Program Files (x86)\Windows Media Player\de-DE\setup_wm.exe.mui
| MD5 | 08bfec6ccbb6ba79dd9a7d01ec7a488a |
| SHA1 | 6dfe3f13083fabd5d169d7b03a4e102c8b493932 |
| SHA256 | 784c5a1033fabf07a3f515c4fe1410926ba0df93bd46f1c806a52d7ceaa5a9d8 |
| SHA512 | 8caaeb38a50b85e83af35aec025b30ab079e49a84a1db7c419ff22c00f1e1bd1210f846401328df75b6a45b9372ffdfa0bad39d3251c22e46b3a50e66b3fc7e5 |
C:\Program Files (x86)\Windows Media Player\de-DE\mpvis.dll.mui
| MD5 | fbaf2a5d8c845b9ee212555e6551b997 |
| SHA1 | e5419340a0b541a3ba2ad9302269b71e079d8353 |
| SHA256 | 9c422a0996934d83421efc1fdd44a0aeeb5e603c02ff784ff34b3bbd700ead14 |
| SHA512 | c6b28a62471f6a69079a5ba3eea311b500fdfffdc26bdcdd6a16f34b97d69e21d5d2ac0c5be2956ca63205abb36ae7624593343de5b32cacfc0f9cb919d28b37 |
C:\Program Files (x86)\Windows Defender\uk-UA\EppManifest.dll.mui
| MD5 | 9be4b4c5d96c94916ce551200e8ec33c |
| SHA1 | 7abbd82a3ce221b34594a3de9b460494ef8a9c5c |
| SHA256 | aaa5833778bc14ddad8337bb8c8719c17d44d63e40b4218082414c3b1040dd14 |
| SHA512 | c639777c5d0179b0f4f94a5ef43cd319cc2301cb8ae8c095e4808a4cc2b4ac2d2470ee41359263dd75d2e3af49d8e66575099784978f356ab1391c5a1518b14f |
C:\Program Files (x86)\Windows Defender\ja-JP\MpAsDesc.dll.mui
| MD5 | e5f5e8e3458b5094a6c92f9df5d10091 |
| SHA1 | 65734865d0fccbe5152fe2ff75a6b5fb297c90e0 |
| SHA256 | 31c163c52f7d1cfcf62e5ef33e095ea19afd5f0aec10edd40bef071055c336f0 |
| SHA512 | 2fe6194b0150ed30d4c4bdbc83f20cd55711e885329ef916ca036ad7c0380103089c9cd1126ba79c0c0f75c63f95f3bce6f39889036adcf3b86b53474ef97153 |
C:\Program Files (x86)\Windows Defender\ja-JP\EppManifest.dll.mui
| MD5 | 9288609b44a4f4b280dfbd288ecfd4ea |
| SHA1 | 1b585768b33a93a23b33029eb98d90164f90e96c |
| SHA256 | a1821df91c67ab983e170533e09a125d2a37744a015cc9d6a923b923b5c9a224 |
| SHA512 | aeb805f0c9ec585433d52ac9fbb1609e4c2eeb73a0b2b41eeb076f156914118fc0a59c586079c2390426152ce9c87b930b70948f0c5c71ce1f2d4112061d1f76 |
C:\Program Files (x86)\Windows Defender\it-IT\EppManifest.dll.mui
| MD5 | 230c584425186ba86f686f6b5ee24a30 |
| SHA1 | dec2144cc6f231991e6c4cfd47b480e0c39a8fd8 |
| SHA256 | bc798f611d9206a9c2cf57d783abed5b8b98d78152e5e0288d9e855210119346 |
| SHA512 | 4d64456c24dda5afcc7f64071c1614d10cfb5d56cc9952baf93b0ea69a095587f9f62d6d0564a80d93299d16585d6509bc6b035eb9253c58c946a0ca726cc92a |
C:\Program Files (x86)\Windows Defender\fr-FR\MpAsDesc.dll.mui
| MD5 | bbbf35368032fea66d05806c87c7e95e |
| SHA1 | a272653c82009eebc1682c2c27c6bc009c10253c |
| SHA256 | 40914dad1fb421d60cfe6a71494087da2e43c0c53d4fbf9899f83d7abb237674 |
| SHA512 | 95ef61622ce8ccc6175acee8650ed85a621bada65ef8d29f93e8dc88c20ce74ca32f0ea262b96f65badb003834d97ac92ee16130f3c8c133e9b75d5196a1bd05 |
C:\Program Files (x86)\Windows Defender\fr-FR\EppManifest.dll.mui
| MD5 | 3a938b041fc4232f09d7c5e7e5600975 |
| SHA1 | 118fc228e23a6935d502aaf2bdbd351a5d36dfc9 |
| SHA256 | 7044fa6cec3e167f68dbdd302e4cda5056c4c36da23a6cc560dee2478953713d |
| SHA512 | 015995a32dfa1158bd5f1bbfc5fac398129a228c7daffc89d44a512332a98170be3bd824714cb588c3f036b5b1d3d7ebdd2602522845307b1bc432d91cb36559 |
C:\Program Files (x86)\Windows Defender\es-ES\MpAsDesc.dll.mui
| MD5 | 7a0d591b742c3dcfc9c31ad07722c38d |
| SHA1 | 753581f894cec851a68b41b73c4b7c589c102e03 |
| SHA256 | b87c04768c235fcaf3e89555322571a307a6135d51090ffbbde5d5c9f2aaa699 |
| SHA512 | da6eb51ccc88e7048caea42b02c31b1c1b4fe8ece0ae9daaf09d0dab5dbd0a4a2f499026921abce75df46bcb83a3a4ec111f351dc75b7f80d29d586ba280ae62 |
C:\Program Files (x86)\Windows Defender\es-ES\EppManifest.dll.mui
| MD5 | df4a579f0800286ed93dffcbfc22e458 |
| SHA1 | 46bbd39fc1b594d4d9cbbefb8b45a106a02cfaa9 |
| SHA256 | 0399867aed5c990c84e90dca242b7b4f5a0270a6e235a5cf39fb728b50e94c80 |
| SHA512 | bbf125b27b27025d3b698218117e744430133c1da7d947f007bb1b89835683ba3056708e4c30098028dab3e657bf059d4609b73fa41616e23408171867ab3640 |
C:\Program Files (x86)\Windows Defender\de-DE\MpAsDesc.dll.mui
| MD5 | 975d7fea5dc918281cb8c8cc637bc689 |
| SHA1 | e3615642581136955d2e6c0d1a796721302d2d52 |
| SHA256 | c0bf9eb611f2a32f7235310c4272809fec95d142a8cfec7c9356b1b454f2bfc9 |
| SHA512 | 323c44150252d02e42c2b954b4ab2544c10f1db16dcf1a6259e2ad2523efd4300155e991fcd78aaae5ca5f4d8f92c079ed3d99325c15a854d0f9ef6c6862782a |
C:\Program Files (x86)\Windows Defender\de-DE\EppManifest.dll.mui
| MD5 | 4228868d282d5ce978d8b0e6fc1df259 |
| SHA1 | 90ef71a9338f7554606fc2ffde04196118f8bb9f |
| SHA256 | 023e7d9f871a2bb91cf472e8e1c9277bf0fad0fd9395ad3303ed63de98285a98 |
| SHA512 | fff524448c056cd62939b93df88892a734642dc2a13ad78fb9a2263f16942b1a21b68d3996a0fb1103093c1424ec32794d40a0202eacb2c23e3d6889596da740 |
C:\Program Files (x86)\Common Files\System\ja-JP\wab32res.dll.mui
| MD5 | 149d313654774ee2bf12a7347675fed7 |
| SHA1 | 574d8cd4c5a09b249991dd64d7bf00fce42af94b |
| SHA256 | 986d22a482643244992056a45fc5ac14cbb65c89dd9d4e83171c909fca9daecd |
| SHA512 | 50c1a20052a50655d208fb7dd1d4860c81e772741f13d2d2670dfbf92e6aec610e29815e1d0de70da740048d00e70154ebe111b3f62a6b7862fb1385f57353c0 |
C:\Program Files (x86)\Common Files\System\it-IT\wab32res.dll.mui
| MD5 | 44854b1aa60d80814e77887bee67d1ef |
| SHA1 | 39df8452fcbffa1e2dbe5d2cd75a3cfc41e3a285 |
| SHA256 | 023c883cdbe7ec657315e4e167eeccf3fae677660a1967d41a6fba4e80721520 |
| SHA512 | e739b03a004b76679839d422e11a9ec22e6cbde741d066ee9151348a9ea29e99b4963f0ac971c78920ac03e9b94a03eb22f8d34daa2621c8ee7d14b7afcb7215 |
C:\Program Files (x86)\Common Files\System\fr-FR\wab32res.dll.mui
| MD5 | 02ed4749246dbfc7243e75fc27b143ce |
| SHA1 | f5253feea725e3a18083d2a66426d5ba60a7905e |
| SHA256 | 3c7bc3334180f6a5230156565776332d9d36bdec2eb59c5035fa1be5e238ecf3 |
| SHA512 | 1717817b6f120ceecbcd2728c277bae099eea790ce6dd2a71ae611e8d7f0d9d2803091d68cc4eee294b8855bc0e9363c4be39b48b296949f8144503a0543fba2 |
C:\Program Files (x86)\Common Files\System\es-ES\wab32res.dll.mui
| MD5 | d6227c80dac015538e7ae519594a55a0 |
| SHA1 | 8d9b29cc1a4c3d579d3ca2ef228c3c83a9cc212b |
| SHA256 | d428176e313be241af48df95d6dc45dd007bd850ee2aec965d72cb6b1b94bdf4 |
| SHA512 | 1840a5fa1384352483b5c1f15e465f78f51410498cfd7f5a7dec455ced64091c69c2f07c689c4e688bdaadf727b47a35d32ca45f627bfcc5543ff564f2721788 |
C:\Program Files (x86)\Common Files\System\en-US\wab32res.dll.mui
| MD5 | 64bd67414afdca53a6efffac897964ec |
| SHA1 | 5f2a0209523124f8bb289519b34e33c11c2e0f8a |
| SHA256 | 52b1c6464d91e021da8fa46651297e624ba79b67c756ff432e02900bfe7af92d |
| SHA512 | 47935d871226861fcb6678696e06e07f352944f8039015f1e9378662d01033121993fdbedeb118797ad270aa880fdb00c631db0c16f203cbbd65f6cc958f8cf0 |
C:\Program Files (x86)\Common Files\System\de-DE\wab32res.dll.mui
| MD5 | 46eb87188502577be1fac5f6475c7332 |
| SHA1 | 5ca6d831bbdc78838496342ca036629ce6a524c2 |
| SHA256 | aeaba0f882aafd9966494cc6d91c216f52db5105f12eb91ec9daea176223e23e |
| SHA512 | dd2505bc2983741b9633d6aa6af01f19971615a3f1251323e88ba4e7aef577b5820e365c053eaca3e7084ede9a6f445de50970e49a85ae2116fcbb756b4f1c47 |
C:\Program Files (x86)\Common Files\System\uk-UA\wab32res.dll.mui
| MD5 | 623989051a8660ba2abf837c6181d651 |
| SHA1 | 2d6d1acdef9269b5b80ffc2b634be708da028ae3 |
| SHA256 | 9a4af1b11e3b83c3b90f7475c93e741a782168fc1a73f2e9129367f8ce461bf6 |
| SHA512 | a7d8729b6e3610d01127bd360cf6ab786d424326cbaff99b81b9a51705f18a6a65d2061bca3b53d24e688ff10276e3ed6b01281f89bb058845ee214ca8cbd072 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui
| MD5 | fc51e6364cafa0d0356c4dd5d0f3112a |
| SHA1 | 36f3c8d9c28b4ea9b527cfea81c43dfef503bff7 |
| SHA256 | 74509fb024059b1446caee9d7c88acfc636c8fd1f5f6d1724307a32d29d6f09e |
| SHA512 | 29717a6308fe9fef8d78ae13f6b170a39c37c71f3710b609e659451b903c07c7569c765a5ff5e5547e2e4a724b0bdfc0b35673ea20b022283edae680ce387395 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui
| MD5 | 6185969cc4e4085a24e1ea2c13704417 |
| SHA1 | 731cf2a83a64ddfb4114cc2b4e2d72f626add7b5 |
| SHA256 | cbede416c90f9ea597de511e391055e5cdf55b63e6579f223748df99613c2534 |
| SHA512 | 3c2c5b2774e93493679ae85b82b864e7b389d537c4c7f123ba116a1b09f9fe9927eb486451f2c7f64136a1111c681b05d1bec164a72cefe1b554b354ddae94c2 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui
| MD5 | 73597f137f9d290f3d638d2b9a04accc |
| SHA1 | 73a34b49d5215bc200411d0417ae1b28ee6a8201 |
| SHA256 | 1d50f1f1c7bc8b07e1911b76f78dbd7023091b51e0912b623e16f70c5728af63 |
| SHA512 | b14df6e9e6e6f02cc5936d00c8b60b743b6a74403b94ad7e5d8ef357879ddba2355cb44840185d1f4ed3f9ffc2bf10a7b975d75acd008cc12554ac2bc732e754 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui
| MD5 | 0540d4407ba37514a63941144fc8d8ee |
| SHA1 | 71deaf7e947dc9ca47e5f4cb30728500827822f6 |
| SHA256 | 1a7c2d70e440d31d9160e3a81ac157fe5c0bb9a51e2c049d7e0609736db8a059 |
| SHA512 | 553cfbec470252154eea3773ff64818f578e8943ba1d6d39becde2aac65db8ac2e57c40fc3b6b9abb63249a87bed03555da878717033d930c92abc4c33afe854 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui
| MD5 | 0a36704f84258eeadbe526d2780833c7 |
| SHA1 | 63c27c377c3d9e390ad8f8a38f78d05be2a67666 |
| SHA256 | 016db238f5f45028876fd887739dae73c4192358ff462fa17b2b1cac5c0319b1 |
| SHA512 | dff80bf4b0b58295c11533ebb3ce1728a5ebdce20411f8fd278ed411e10657af7ce2eac015831554772ad0e11b11052e4c5c72b86ccad8d9fef4414376954124 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui
| MD5 | 215daf5bec19835c53b61a47b70e63e4 |
| SHA1 | 67dbb0d79faee47586b1a62e96f09de620107ae6 |
| SHA256 | 6cff110aabbc98d9ade46e6c9efae142b0ac763ecfb638e8b56b7a29891f5738 |
| SHA512 | c228ff0d639489beb4912a7cc7f65b3e4bd8bec78217114d9f7d2b2d5fa4f802097cc50e260bc1d505dfa03718bc6ca2f61163fcbd129cade48600f87c9aaa2d |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui
| MD5 | 94732819796dcaa2141289939277c278 |
| SHA1 | a16b5cd42ef28f1ac087bf558f6b70c05133eae7 |
| SHA256 | 3bfc994a80a9a60e61da72f4286c47c6e6e7392ff7172aea69d509993ae02388 |
| SHA512 | c92fa7129b264d85cac13ccbe7687ce99e3c215b2a098395ed9f2ac18ae7e33f11bae4054b180b888e2b0a3febaced0b3ac204dc7f3884db1f347eb1c800366a |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui
| MD5 | 1e4dc0c22d963d6c9197b2488be2d691 |
| SHA1 | f39b95f33cfb11df576969e5a3cf6aa52d8a9e7f |
| SHA256 | 2345961d6047bb8d9334645fdfe206b74f5f6886273dd2af0df4d52e0f180596 |
| SHA512 | d51dfedbc1554394f92038ad405f76089467263b12ef977d95705d86d480eebda360307a108bbc70a973663a2537a98a886b2396a48cd76540e1b00461b4169f |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui
| MD5 | 999018b9429729e2eb0d3153bfb8b632 |
| SHA1 | 9c07d7c5cdcf05bb395fd8a26f13987a94d89248 |
| SHA256 | 318c0d068c28b4e3c10c7830c4ff97156aa58047335f8ddd08c3718a5c7e1c57 |
| SHA512 | d9ca82546b4d6789b6bc4f4377ec0159dfcfad146fcf770f4083ed525ee0bb5f09cf0f61cb3be853746da3fcfa2300240d6d08fc53e109cad1097ac7b76cb58c |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui
| MD5 | e21ea250549b4584aaeb60bd26a37a36 |
| SHA1 | 1710f2726b1cf08141db96df1c8b2711d32531f0 |
| SHA256 | 810b01aa55a8f8f056b1de879c8aa979dd5f0d0aa67ce56bd38326bc9d5331e1 |
| SHA512 | 24d783a4d8d91816afe0c51b1ea16cbfb453f5387cf1e960379dcbd99abee50680118a5a46c59e8f82f898198fc6f61871de4a649a59cf8a6fe919b5271b45bc |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui
| MD5 | a0af05d49582d3105acabaf3b5bc5388 |
| SHA1 | ec24b85285dac6312d779475278f5a393350fdee |
| SHA256 | 1f18318123244bff3a4a2e9c9e2d757def87114ba6e08901b139cfd91dc032fb |
| SHA512 | d32d362915be90eccd3bd7468781db63ba83d627bc26c42f10a8e59493833aed708b167ff1bdad8aa4933ce9de904ab948d2521db295b9d4686402bf8e3c7afd |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui
| MD5 | 695051506e6aa80e357a99791a758f66 |
| SHA1 | 39fb728cda7538fc084279fe2191f1011b01f7b0 |
| SHA256 | ece36fde84884d45ec381358cd8b73a67ee4b3981fddfd138df761f5b257de39 |
| SHA512 | 23cf25c98a159e6a32aba684cd0958a2cd020d579b5e379517c63cbef86603ced166f69d12cf961f3f2d5d1f2cc84032873f9a3cb4518254277de40c1bf52270 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui
| MD5 | 9995436e6637d25bf362810662ba9934 |
| SHA1 | 3e0491a92130d74c7638706aa15035340fb83131 |
| SHA256 | 0d514ad7d70246074a7bb62d3fb70471e3672ec503ed891a1f5d624b2b2f555b |
| SHA512 | 1c29b0dbd2839eb4e2ccec6a67c20a89e458aab03c7edb2f474c802e1069c6479860afa377f3310380f2be3d96332074d8fd8555cff5b2c9ae99d19e2a3e5b26 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui
| MD5 | 2a151b98ad4355cbb061ec9f26918a35 |
| SHA1 | 2edf03343a67f8d1a7d2e33068c0dcb515085ea7 |
| SHA256 | 65a7f0bd02a5d33278d28bbaa7cea65070863ae2f96494ae2cd34593502282ea |
| SHA512 | 612355a2e2cce05bfb192c1244655f8b94b1b522c3371f47c5e72159a17241072e97191dc07436a1be2ecfd8bde0de096c6e8c19498780b357a3485cb2c65723 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui
| MD5 | 63d397a493d4a3a8a178b3ba71717af8 |
| SHA1 | 50150bd8816e4137a092f43d5ee21e531d758bad |
| SHA256 | 4270ccf15acc6f9920136ca75ba63e58140be13f267588f3c6d6eaff385dc4e6 |
| SHA512 | 9426f2dfeeb2b24ff3e5e85b9bf7349d2f41cc0bef370c340feecc9a52dfb80982e422cf869b76b21c98bf6804be6709e7e32594308f3fa0508896202cfe9e7b |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui
| MD5 | a0c89ce12a6a1412f8461a15586ada10 |
| SHA1 | d514e0cfd772840e7575dfadf30567fda5111446 |
| SHA256 | 547683109245df577e54e98b4d9add184710726329f3835ca9d5478263a737b3 |
| SHA512 | 19b64b669c3ca48b331961254ed5f62e413c91e6a2bf7a6c39ae3b2c27429073dea18228fa8ee1caf663e68b0d6e538cac140b79a0923b866c2b8fa8faf0e1e8 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui
| MD5 | 6b93c2af91ea2574555a17420c786c63 |
| SHA1 | d4f3d80b8f0e7e8304365b173a9f19d4ed9bd679 |
| SHA256 | a88b9d6d464bb8b28d52ed44e8def9a8a380f9d597194784ba6d4afab1f5a6ca |
| SHA512 | 42f917021cc0f9f64d5f0945e2abe3f5df856d518628e6bc5e02ee6326fd6b5c880b409388eb2618f9aec632daf477ad2bbc37d7a1bff768fd50663be0cbd7b3 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui
| MD5 | 891ec968761f8e686e921e857c303bf4 |
| SHA1 | 5cfccc3fecea76135405d8ecaaf868a268095440 |
| SHA256 | f9c5a6612309132d113a82660bc82595f90fe8ca386d07517391d7d013ad9dbb |
| SHA512 | f3ad3be98b0736dd0411cd75af0c7eeeeb043da22103e3c9ffaa1ad9f34a3d365d455de8d730eaa4c94902b66a5764f18b848a541ea58f75c2b01e4dd817980f |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui
| MD5 | a19378e46588ad43bd26d751f3d22968 |
| SHA1 | 077a50b9f73250b6875535e1fba2357e2ba28d8b |
| SHA256 | 5184274e130f4c7679608ab533fcea1d1ff22d7d331c3358885e57e524b35a84 |
| SHA512 | b6270dbf5ac76d3c07568a6e2b607744c16300dd2b33286253199bb7349329f63e73688647ff3bf5eb19d6e6bec7650a2b5622a9479ab4321129ec7e51cfc8f1 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui
| MD5 | 3f7d527770eabda213ce072ba10b5f35 |
| SHA1 | 50445c55edbe44df60f9143b43ad549fc960f14a |
| SHA256 | edbc8e74f4da9f42bbcf1eb3d78b5bd2894ea6ead2d592f5c799ee6fc4566742 |
| SHA512 | e53d6d147ab15b1e6cef85b27af25844870f0d393f84f9fc122ed7692c5bb2d07e845ae177911c7b746bfc1ae593771775f9b87a6b959627ec7783fda0aeccf3 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui
| MD5 | 9f0edc27166d05a9cb9d511710dc875b |
| SHA1 | 8f3dbf2c8615193086cae09ed81fc7ef5e46c393 |
| SHA256 | e96aa19c43594723eb1580fc8e6ebcc82c1d2ca6f87aa8c316ccb16d16edc493 |
| SHA512 | a11df0c6cc6dda32549d78cd5ac1074ff8a7d01e0adfb138ba8d9288fd4353ff13d91c054edcefe94ee2428160cba11e4fccd74f25b7bdd5733afc87a422aa80 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui
| MD5 | 1f227abbadb3c1611b9f5e4a7c010b06 |
| SHA1 | 6f53532ede2ef5fc0c42768d5553fa5200003f7a |
| SHA256 | 3aeff327e9946438f92c55b59171110faf7086f6e17285f3fa79df318cd60be4 |
| SHA512 | 3afd81dae8c88ef30af160e725accb97f41d21475c9087f32aca59f82d50f3194370c13363b774a4c45245a950a517488ceb76e6f64e89c4e78a9ffacd5e06cc |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui
| MD5 | 642733b64443f824287c6c19eb172ca2 |
| SHA1 | 38190530dc2b16fd0dbc96e96d3712f5b6d135a7 |
| SHA256 | bb449771cb96b2e46ef4e4635610ad1f9f3d9ff116ab99168eb40b0c070a0e48 |
| SHA512 | 839bf5b992df4b561d7aed1a478b29413564d1310e0269287d47ae3a9dd87bc18aa2461e6c06891d53365b6cda6388d61575486f6884cbee1e33a4fa296fc918 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui
| MD5 | 8ce9f84e653914a6e34363410e83794f |
| SHA1 | ef2beef3a5c6524dfb2ea6df937eb710506707a5 |
| SHA256 | 09d2c68247c819d9364ac82c423c6c561c06e06a16d9a6d1f2638419c69b72ea |
| SHA512 | 6c63be437d11a92ae7c4c3c37d330ca9bbfc109fce142dde3f30add10033ddad924b04854aa61ce1686a49ed3540d7639cca3b7ae2d2174a5ee02778212bc8c0 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui
| MD5 | db1d62fdeb3ed049ec4943d97220a8a7 |
| SHA1 | 5fc659012d8ad00d9817cad066f79e2788185aa2 |
| SHA256 | 9b7607d1ecf385c5bea0f43ff8765891217242357f335219c451f0e5a6225dc9 |
| SHA512 | 3a55c3877ed4d55c39ace273a714beb3371d019331a8f336dfa480108a563a84c83dbc952ec625e35c13db6b52059c0efd39bc06be1c316c4ee235eb2189d1fb |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\uk-UA\TipRes.dll.mui
| MD5 | bd86b7e8914babd751fa0753bc32d4b9 |
| SHA1 | ac439deb570f5ad1bacf76b1aa26fc603f792ddc |
| SHA256 | e3b000ff05ea7fe5248186e8032abe2c72b8b60cebcb9be2883ab1ffdcdd0a12 |
| SHA512 | 86d672970810a8c25405bf11bf79579d06ff97ca2398d78012de352cd435f5180631660f084b7de5b9dd66bacd89b6d3388ccfcdf14a7d4dadd49a30d79af824 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\uk-UA\TipTsf.dll.mui
| MD5 | c8a57171ed9d998197af3f9ad56d1e05 |
| SHA1 | 18cb5ad21d65394ac1e0ce6f84270f25b8f338a8 |
| SHA256 | 29190e52bc560adceabc5b9436787ae9953fcd96c8ebd9817aeb61b50675ca60 |
| SHA512 | 8ea3c9c4a4e387c0dad1ca627ce15c13ed39196aea539fd678c82d380ffcc2a7d6049d6dc4f44b3151d497a31199b644a36a5460e4a73044548823c18f757d46 |
C:\Program Files (x86)\Common Files\System\ado\de-DE\msader15.dll.mui
| MD5 | e790f7397098ac7d2c7053fb39ed8a24 |
| SHA1 | d86b60c2bd6ede309b7f13957d864ddf58060121 |
| SHA256 | c6bd66072ab405c4bc93377c65564bf23c2248f0f7032b26f68f6b0c866e117a |
| SHA512 | 43f344df3a02f04c1fabd1a9e718f151137e64861eb46112879292b02c92b9c53991a26c4514d10fe50b88f9220ab46c9f3479c175d3c18c6b7205d372180b36 |
C:\Program Files (x86)\Common Files\System\ado\en-US\msader15.dll.mui
| MD5 | 9b73be694a74a115e2fe6e72dfffbdad |
| SHA1 | 29b63f948c95374462cafb06b4864846fc28db73 |
| SHA256 | f87e434160f9c23eeed2e388ec9cbba1a67bd576d75575f2a8151d61d94cc267 |
| SHA512 | df79ef912822d153714ce007b00ed17a984c98a5b6c303ad6db94ad706fb6a13cd354988cd6061fbf290951308688641a75419b591414ad6655bb681e2f25382 |
C:\Program Files (x86)\Common Files\System\ado\es-ES\msader15.dll.mui
| MD5 | 60a9e75b22b045faa77183391baf10db |
| SHA1 | 5ecd0f53d9da9b76352add2c92e7e35fc8f7fada |
| SHA256 | ded9e4cf71268244aabc9d7175b488ba454df90691006bc7ea5c4793e4f5eae7 |
| SHA512 | 81402968e5dbe931495564603ba5c5d8d873ff344998fbdd6250689f7c3d3ec0aa04087cdbdb02f3ce42f8aa2ce62c6d17b63c3de77ad4153b3b5ca232a42451 |
C:\Program Files (x86)\Common Files\System\ado\fr-FR\msader15.dll.mui
| MD5 | bbc547d0f7fb1c1449296e916ecd2930 |
| SHA1 | d3757f0fde0733f9c344dff8ca13f26040497c35 |
| SHA256 | edff2974f2c587d8ece17060cfa6517a76b73b74f78a6c816690fbd67e526fe9 |
| SHA512 | 36c8b1577205f30160934b9c1984fd1de03950a4512d3f5144ba7873a2f1f82c2ceb8b3bdecb6a632d28e39e28970a1667255b8ba8b6f53c8ec0db985657ee8f |
C:\Program Files (x86)\Common Files\System\ado\it-IT\msader15.dll.mui
| MD5 | 547ca875957fdc4f4d39657e7734417a |
| SHA1 | 7cf90da42fc8c58fc5cc51b679ea4053d0ed4602 |
| SHA256 | e0f95b767b331286d5e312cfc0ee3e6ae1860ef59d29e747f80e2e36934900d5 |
| SHA512 | 9d061fe489683ea1a67a1d361d51c35181c58c56eada08a8f9e649a7a67183f692c503b628b1a5f78a92782b39600e8c00e986aa0e78f5f3320ef2b761f6d943 |
C:\Program Files (x86)\Common Files\System\ado\ja-JP\msader15.dll.mui
| MD5 | 5d6685774c7c940899f1296f32a44350 |
| SHA1 | a57bf70ed1453f6c8e53bec6232c51a918880d2a |
| SHA256 | 44b9b2ad880b852b120c149b6d2c9b01477833e38ffa1f39b200d85ef01b5e8c |
| SHA512 | f08dc0f148a6a43c41d591d48d33682236f061375fc70105c933d11d55e287a4a646a0bdbb1ba5092553a9a60695009f2206c561f7031523f7680b97173a6bd0 |
C:\Program Files (x86)\Common Files\System\msadc\de-DE\msadcer.dll.mui
| MD5 | 2bfccbe7b47cd371f79ad32a43354fa3 |
| SHA1 | 22dc35f39e55c5d3c268a570a3dca4fce3de6784 |
| SHA256 | c575d80e16c966d71668b525c41515204736fb1b10419de46083171e9785de77 |
| SHA512 | d7973430373008600e45ddb0b364013cc91c50e729117258f72b1718f33260311ffae82f9e201fd7053a8c77099f0dc607f36b268a72ee1930a9c02fecbcc866 |
C:\Program Files (x86)\Common Files\System\msadc\de-DE\msdaprsr.dll.mui
| MD5 | 1eb806c210b7b9b72e4482e28391fd1d |
| SHA1 | 5767a91313e5015ddc36c2c9ba4acaa2d9bed81b |
| SHA256 | 92c26a2416f37e09bab3dfc07cf208da600f5bd1d4ecd626c4445408fd1c2f8a |
| SHA512 | 854a70e31232117c7f091d305f9137c4f2c1fd1e1b5b67a612b351f099ba965646ea6d9346a69b913c41f218d7546f3a04fdf928feb38fa5aebc2dd1ef978cde |
C:\Program Files (x86)\Common Files\System\msadc\en-US\msadcer.dll.mui
| MD5 | f49b97c10ff4058081617fe6abe5e4ee |
| SHA1 | 3e9567e4e373f9de3ff4e13968ddc492c93b10a7 |
| SHA256 | 20a78cbbbd0a0d2e8c7a8e22b65e9ef08ae72801740366f4de874305aacdd07d |
| SHA512 | 4eb938290fc763fabbf540adc8ddc072fb1dbc6496df833f9b746b39dde5c0e1ba13c9c02b901c67a1e9a6642cc555493000b1826602c291e7200a4d9b8e7398 |
C:\Program Files (x86)\Common Files\System\msadc\en-US\msdaprsr.dll.mui
| MD5 | 6c25fd5344c5ad19fddc988e5aeefee7 |
| SHA1 | 54dd0c583eb518e939b805d02a01605112536123 |
| SHA256 | eeddf49e40923474bcac71e47a072ab610a641eac270e75d1b7e420b454eca2d |
| SHA512 | bac59089af85e88460a749c0ff3c09b8b87acc5f13d44ed709809507a745d1ceb9392626e2f85f3815e1f6993deae5bdc17f3cf932e6d3538bbe136d7fc4dc90 |
C:\Program Files (x86)\Common Files\System\msadc\es-ES\msadcer.dll.mui
| MD5 | a17dbb861b8146228be317e140d8463c |
| SHA1 | a3974d850f5b0b77bc123031475f8fb517dda40b |
| SHA256 | cca27dd28d9bc76d90e9aa50d0338d28b7bc34f53fad1ffd373f81d33baf9c6e |
| SHA512 | 70a94ef1a0db500537d6ec4427ff049a0e9ce8bd862df18709c1a9237a9c8e75ce2612355a4d5e929ee24c5040afc03a47427b7c80f543792ed2ce1d794bf2e7 |
C:\Program Files (x86)\Common Files\System\msadc\es-ES\msdaprsr.dll.mui
| MD5 | 80327f59dd58b5458c708d688907ab17 |
| SHA1 | 1a0719e291e65a1e18fb2ec1c804c808cb878b9d |
| SHA256 | cb6c8292d53c2acd7dc6389615a73ccce48399e67d0fa5fe5e3717fef155ea35 |
| SHA512 | 30752c307b537897f4f1e310a21545e265cbf2e8e7543706832baad4085108cb48c9d238805512917314f841aeba9eea45e1a10fb8b7810657dcac79c31fff86 |
C:\Program Files (x86)\Common Files\System\msadc\fr-FR\msadcer.dll.mui
| MD5 | 1f95c0c1e328d043467bc03bbc978f21 |
| SHA1 | e6d931a5411d5b0f5cd0fdb9ef61ad0bb8a5cba4 |
| SHA256 | c17eb2ea1be497d3f319747414c222dbe65ff3a3e4e4bb56a12e6f3e3ac707db |
| SHA512 | 3a98763d4ba222e59a641598054f8f644a4895212d5d2be39a895ae3cbd60a0e15bf347bbe55928d8e7846171c4e89d14ee5a584216d16dc018414e6d98c425e |
C:\Program Files (x86)\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui
| MD5 | 22749bb9012a37c05f0d4a740ec8a0cc |
| SHA1 | aab0ee09298e61972a2d39b9eb3558d06f124511 |
| SHA256 | 5e5aedb8f478e4f586ec55826e41f9b6b018af86e3fbc01d64c367d6911f90f0 |
| SHA512 | 2de056fe6af754b3889225d7756f3ae2ca8fe5cb4689e0cf832d02c428048abf30f35009eb035efa702d1d18079ac0cb3bc4cf47f46c5e15629e2712ca9d44c7 |
C:\Program Files (x86)\Common Files\System\msadc\it-IT\msadcer.dll.mui
| MD5 | 6f828a59222cefe56c38bbd304d5acf2 |
| SHA1 | 2b553f7f323cc65a6b912c3d54136d3f5f26e9d6 |
| SHA256 | 2363aed69105a5258f99bb16621c28564838c1b5f3bef39df65ab63e74b0953a |
| SHA512 | 15473ca3810c548c6e0ddcfeec78115ae85bc871370161d9247a2d684fa68827fbee129dec8cc33c2f0758e1c7ede2f755e859d61b8b66965cb0aa10932b300e |
C:\Program Files (x86)\Common Files\System\msadc\it-IT\msdaprsr.dll.mui
| MD5 | 091ddfdb651f487b0b0ae6e67955ff53 |
| SHA1 | b32e6d5f77bccc2cb66edf1d2d348a39488789de |
| SHA256 | 7b01d9407cdffabb10e4e0a802ff04da7d7e7ffc82e08aec6dae8da3da6889cf |
| SHA512 | a9d921376aa066be5aa4a0d226b6e5aaf53896fa67d14a06b06e6c233702192cbe77e5841fce9460e148bf6479cfc76ed02d21bdf67f3d763d76a2038f2a1d6f |
C:\Program Files (x86)\Common Files\System\msadc\ja-JP\msadcer.dll.mui
| MD5 | 4e8485511ae6fd0472c0941e86d2599d |
| SHA1 | 68cfda0c660e3b5952df3c0748a6c826fcf3176e |
| SHA256 | a5667666ffb1dd09451f03b0db2258c1a650deffd47fafd7e27c7de4abbc57c6 |
| SHA512 | aac80d9ae546573fa51a704d6f8f35f539354642c0a2e6771998c06e105e3ba8790e15c79f95a860afba5a1e23e59a381f55dea9ed59ff012b9b54bc99cd565b |
C:\Program Files (x86)\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui
| MD5 | 5adb97904cf617d4e619685140053844 |
| SHA1 | 873ce4c8aff4de000fb2f404aed7d835545701e2 |
| SHA256 | ece4223966fb0ccec12e538ff6c80cba13c4d70c95818626041e3be0a8bc5eb0 |
| SHA512 | f48f058ffbf76e08ab52b83df164c3e8d69af7feb0759d922482a6883b8d6723332396c5cf0a1088dfccbcbd6593d3f132565238e2fa96d4f62305ceee56e5d4 |
C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui
| MD5 | e27356cd571d00610b28d6c3bf3b5934 |
| SHA1 | f84ac047919d4f1dd9f0f22cabd34f4122ae213c |
| SHA256 | 57f2cb226b02c39a8196eca74089d884a9f61c24b275fe0d5ae0288e62b9ac2d |
| SHA512 | 773aab29a25eaf5cd7a6f197fd744c76fd78cc08790a3c2d736f509d26c0785b6c7247839ee16e07e7034f7c290750d6a38c71ac9bf8ec7e391207ac90db4e60 |
C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui
| MD5 | bbf48f093b2281d09bdafd27e2eb4f07 |
| SHA1 | d52c1f04c81a066e207be292206295e46a87ed9b |
| SHA256 | bd12f78691094405ef842642baff4b245b6a68947baec10ca7cff532a3c9f795 |
| SHA512 | 9e207b4e7f111106d7fd85119bdccc6af75258a4b14e4266ef98ce116faacef0576f0920025e24a560767a12c0d3cceb8eff0940a0a46f03b0749f9901e0a494 |
C:\Program Files (x86)\Common Files\System\Ole DB\en-US\sqloledb.rll.mui
| MD5 | ff6df2cc7b1d1d4a20e560aae93551ed |
| SHA1 | ebebd55a0f1b91d1561b0ecedd4742559aab3708 |
| SHA256 | d807aab6142ec2e067b02cc4d212f9955aac5164231655bb838afb7712d39a60 |
| SHA512 | 4d742134ce1f175cde42248649644993f8f19ef702bd11797a67a370d0cfe5dd4e8f1ef59cf64f94a67f4f831b93465fe825ef744c66cc7a429a8c38d4c09311 |
C:\Program Files (x86)\Common Files\System\Ole DB\en-US\oledb32r.dll.mui
| MD5 | 2549355307e539765a32c7c6827e210f |
| SHA1 | 3162dd563ec4196dc4e9b5cde7b6fcb2a11a27ae |
| SHA256 | 5c9114c44fc06bf37a0a92929d18b27812712d99a4ac32eb9b3f1794ad50f312 |
| SHA512 | 97a3b51ba5ad112e0d5c6e3561eb70950a34dfd20361e86d252215ee03dffbb7686d576e8407aae28ba2f8e646d2c77cca489404be0a8202008339a6c9aa5302 |
C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui
| MD5 | 9a214e0c75280b673b0ec4f489129058 |
| SHA1 | 459aa015e7375ad0263f9b3a8fc1aac438ef492f |
| SHA256 | da1a789f16168849b756c20159b4802dc2e54fd920b9e39368356c5f1624d683 |
| SHA512 | 5574167dbb8f124c9279dc7a15cb7768c71cd2d5eddb10461512f5c5a2fdae815187832f34774ae7772a6f76897c666ea4f033666b5e3e1115818c203b69e684 |
C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui
| MD5 | 7e3a65aeed4ef98c12c193494baecbe6 |
| SHA1 | 47c00057511bebb7786768ecb65989c8acc471e9 |
| SHA256 | d5add9c2bfc5c38b84e34e9ac126d60f3227230a360c0a9e6b3983bbacd832c8 |
| SHA512 | f097f8245bf2772f090d6f0b1057537be54202b6e9cd7c849dc5006bda9b639badcacc374ee4a94f5121478386b81cc4563c33aa9db8cbb07313cf838eb13750 |
C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui
| MD5 | bdfe11ab8e3745740091e4faa9c428f0 |
| SHA1 | 779bc9dc8b9dcdbfdaa127ff9068a7409a2fd92a |
| SHA256 | 487b01214851b296e4790751528ba393721f101ffdcece863f089ed1984ce66a |
| SHA512 | fbffb0bade8b443719ec4de5d5c8afde9ac8a0759f2b689cb440d6686db159b079d84e33eabb98021bc8185223bf2600b33c4c0c7b6e2226a9fb2bb520907d4c |
C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui
| MD5 | f7dce39d11ba27dcc9e9f52ecef0aa95 |
| SHA1 | b969e3e2c582ad575fe78edab79d57152a3b3c41 |
| SHA256 | e487548fb499491325ac953d274e06e63cd85f7045c891e37cd8a320855f6a7b |
| SHA512 | 778b906ca776f0517d368aa55eb272ce0d3fa742bf2b1a584d9af0de7afd969cb6e7822b987cb4b0432648d8e75f352726743e7de2b222a61e4a14e223d31211 |
C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui
| MD5 | 6a52928359f89c1b8e1e5a2ddd7f26a6 |
| SHA1 | db00178c3a74408280b5bf676ed49cab2ace25de |
| SHA256 | 15270a28fa5f1a7f74954f90b5472f48445c37a848bf7c6c60eaeb3e388e7fc4 |
| SHA512 | 76e08b1de281d2d95ff58be1ee0049da7a519eb1dd1d68e01905f24baa874ba29e76862d2e45d19c8ec483ad87fe635a6c4f46df8a41bc31000bc2088b53ccc3 |
C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui
| MD5 | 0cda1eb4df888c4b31d0f9e1716f1128 |
| SHA1 | d6fb55fdf8a1f4207b886049f52afa7c3da20d03 |
| SHA256 | 02045b4ad2a0db5ef04a074fb50f776eb30271e848e5d000f513524bd18ef2e4 |
| SHA512 | 063c03411bb256e97758e6bb3e56a6931a84caea78b4bb8be2a79f87ead2556ef55986c41768c0d9b7e6b3f8eba0f78b4ba97b63e8e36ee227b3152f9fa9344a |
C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui
| MD5 | 205916b7e1710637d2943ca096da062d |
| SHA1 | 6da9b413c8401a42fe4c0f8d0882469eb4c828d5 |
| SHA256 | cd3fd3a3d0f2efab3efe612fc5c1fd8e9263aff1befcb97f9cfd3bfb8cefde81 |
| SHA512 | de1c685c661700be762bb7ea2dd169a121814a657bb4c1c68ebd611a23766b7c497215abfee3a24ef90772c7e2d26f552a5328ed6fb46d09905adff6cbce0d9b |
C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui
| MD5 | 433d6c2a77056bbfc4bf8d88b04eee3b |
| SHA1 | 83597ceff49b94f49b8f50d85edc85788c59c80f |
| SHA256 | 26840988684dda82d8da3b9ea26c870f6a579eaa0c618c1f65482d06cb0f63ea |
| SHA512 | dac9a96d94703e1df894368e91dc94fc9ca71cd233f79c600884e63acb0646c0a7639c65464b7a746bea4851de8ada7f552a33b9ef5926a2bd7dc4813430a1cc |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
| MD5 | cf7d2d2a0d101bbb4cd88075d121b3af |
| SHA1 | adc21da1907b8ed489044995250866b56c95f0a7 |
| SHA256 | 53df3d9e3aeb03fd53ec311c6af1ffde0eef0b975f17816cb6486f91f821bdce |
| SHA512 | adc3c5d3ab70d3eb2f96e5b6668e61b91c07af2ecef1f1c579046108505f52ca6b017113d499f341bc93edc30a71afba0e275772384ef6cbe52aee3561bc5bd7 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
| MD5 | 53699233827fd554b86c48fc737e6afc |
| SHA1 | a3177c3ba8b81fd5f7ff451a515d3b5300296b81 |
| SHA256 | f2bffb5acdf32f6b7ca74764bbcf2e243bf4bca187a9d639100fd0d580a8505c |
| SHA512 | d41243450e8665a84e996d5f6060ca6e6e5e32a7f845ddc4d8c5c7bd2558b63a7b226301662b379ffa787812c25b78bdf7907618d7f95cbcbbf0edde7dec0112 |
Analysis: behavioral11
Detonation Overview
Submitted
2024-11-14 13:19
Reported
2024-11-14 13:21
Platform
win7-20240903-en
Max time kernel
117s
Max time network
123s
Command Line
Signatures
Deletes shadow copies
Renames multiple (9074) files with added filename extension
Reads user/profile data of web browsers
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SATIN\SATIN.ELM.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\ado\msadox28.tlb | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382939.JPG | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\codec\libuleaddvaudio_plugin.dll | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ICE\THMBNAIL.PNG.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SPRING\SPRING.ELM | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21448_.GIF.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\OIS.EXE | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis.css | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\audio_output\libamem_plugin.dll | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Kiritimati.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File created | C:\Program Files (x86)\Windows Mail\es-ES\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107316.WMF.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE03464_.WMF.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CANYON\CANYON.INF | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\BackupRestore.ram | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\management.dll | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\BTINTERNET.NET.XML | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\GIFT98.POC | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\mr\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\search_background.png | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14654_.GIF.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.log.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\demux\libogg_plugin.dll | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR30B.GIF.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolIcons\COMPUTER.ICO | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Aqtau | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Windows Media Player\WMPMediaSharing.dll | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsHomePageScript.js.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14866_.GIF.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui_3.106.0.v20140812-1751.jar | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\TAB_OFF.GIF | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\j2pcsc.dll.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\Xlate_Init.xsn.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGCINFO.XML | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\installation_telemetry.json.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0292278.WMF | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_pitch_plugin.dll.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_ja.jar.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107042.WMF.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\NUMERIC.JPG | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01219_.GIF.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR36F.GIF | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\js\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\TexturedBlue.css | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SpringGreen\BUTTON.GIF | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvDX9.x3d.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe
"C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssadmin.exe
vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssadmin.exe
vssadmin.exe delete shadows /all /quiet
Network
Files
C:\ProgramData\biobio ransmoware.txt
| MD5 | 35e12534b477dbbc950008d0b9e48b2f |
| SHA1 | 8c8915df37f9345ccdf65df19401955a666adabd |
| SHA256 | e296f4114f97cd3dfbbe03ea3ffbeb2d53578a417c9e9d02c6f6ac850b96c85c |
| SHA512 | 4842b68f65b5399cff2235d00e84976bd95a56fb739d3dadee451a1fc8469fb2941ba3f899c59a2dcaff4766585bdab19e9344d44adbb85c5c7302dc865b6fab |
Analysis: behavioral14
Detonation Overview
Submitted
2024-11-14 13:19
Reported
2024-11-14 13:21
Platform
win10v2004-20241007-en
Max time kernel
56s
Max time network
155s
Command Line
Signatures
Detect Neshta payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Neshta
Neshta family
Renames multiple (10830) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\F5657AC3DC58DC8C.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| N/A | N/A | C:\Windows\svchost.com | N/A |
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\F5657AC3DC58DC8C.exe | N/A |
Reads user/profile data of web browsers
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\System\vccorlib110.dll.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupLargeTile.scale-400.png | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\xmsrv.dll.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\root\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Windows Media Player\wmpnscfg.exe | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\System\msadc\msdaremr.dll.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\EssentialResume.dotx | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\Presentation Designs\Maple.gif | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\es-ES\ieinstal.exe.mui | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-60.png | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_empty_state.svg.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Collections.Specialized.dll | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-phn.xrm-ms | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-20.png | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-400_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-black\SmallTile.scale-200.png | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ca-es\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.MSPaint_2019.729.2301.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Generic-Light.scale-200.png | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightRegular.ttf.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\FOLDER.ICO | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\sv-se\ui-strings.js.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\MixedRealityPortal.exe | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\LoanAmortization.xltx | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_wasapi_plugin.dll | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-60_altform-lightunplated.png | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\QUAD\QUAD.ELM.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-pl.xrm-ms.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\System\mfc140enu.dll | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\codec\libdmo_plugin.dll.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TimerLargeTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-il\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-96_altform-unplated.png | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarMediumTile.scale-125.png | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\WorldClockLargeTile.contrast-black_scale-200.png | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\wintlim.dll | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-100.png.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Nose.png | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.scale-125.png | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ro-ro\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-40_altform-unplated_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\tr-tr\ui-strings.js.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\VGX\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\7734_36x36x32.png | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCONTROL.DLL | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_highcontrast.png.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Windows Media Player\de-DE\wmpnssui.dll.mui.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-32_altform-unplated.png | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.Registry.AccessControl.dll.EMAIL=[[email protected]]ID=[F5657AC3DC58DC8C].biobio | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClientSideProviders.resources.dll | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.reportviewer.winforms.dll | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\F5657AC3DC58DC8C.exe | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\F5657AC3DC58DC8C.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\svchost.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\F5657AC3DC58DC8C.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: RenamesItself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\F5657AC3DC58DC8C.exe
"C:\Users\Admin\AppData\Local\Temp\F5657AC3DC58DC8C.exe"
C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe
"C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
C:\Windows\SysWOW64\cmd.exe
C:\Windows\System32\cmd.exe /c vssadmin.exe delete shadows /all /quiet
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
C:\Windows\SysWOW64\cmd.exe
C:\Windows\System32\cmd.exe /c vssadmin.exe delete shadows /all /quiet
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\3582-490\F5657AC3DC58DC8C.exe
| MD5 | 4280ea83cdb85a8b0b347caff5b942f8 |
| SHA1 | 057a37245944517cd8646780e26f2c5feb268145 |
| SHA256 | f8398f4297b8ccfefe5565e65fff65d6d969b35cd2ac4e693b1959896beca3dd |
| SHA512 | b34b870ab411bc09449fd41f58e6b4666ef5927fe93a635b1269972a556e0b84c4a0205ea2512927960f4cd95804d31404d39a9bd1768eef6130b68b01847f8a |
C:\Windows\svchost.com
| MD5 | 36fd5e09c417c767a952b4609d73a54b |
| SHA1 | 299399c5a2403080a5bf67fb46faec210025b36d |
| SHA256 | 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2 |
| SHA512 | 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92 |
C:\Windows\directx.sys
| MD5 | e636a121fd722eb592a523bbe66f6cb0 |
| SHA1 | 2fa150c33de1c4ae310f48cd120f8be5dfbfc596 |
| SHA256 | b976f9b5432964c150e6132078453c221610b72eadeeda5b1b449dac60d34830 |
| SHA512 | e72835defe700af546d7aa088248d90519f06f04acd1adc32db2ac5f641161499a48b3f636a6f5c2b764cd3e45dfbb303be67cc9d88b591ce793a69352f9419c |
C:\ProgramData\biobio ransmoware.txt
| MD5 | 3e08144c681309544d6795b31a9a968c |
| SHA1 | 926d41074691d13ca0d0c9df3061a7b2b0fc5761 |
| SHA256 | e68ce3e30f06d6648ac37d753f90e6aa1e150934d63171bbc6fa6ae14d944fe7 |
| SHA512 | f42e1ce8226a2e7457098f5991cea712806eb5a543eb126981e44be0311904ed483de7c9938fef8a46716e2f207551eaf62cecef9a99e2e84e0a6c0355969353 |
C:\Users\Admin\AppData\Local\Temp\3472CB~1.EXE
| MD5 | 10b721c665a6bb03d214443d00f0c170 |
| SHA1 | 4f6504be8f09e49adc1cb56caa505c30b304e016 |
| SHA256 | b79b672fa52d036dc71bbcee277d9409f144df74746f2bf86a587fc6a45fdbe7 |
| SHA512 | b12d1d2737c0bf354307cdb0d583ec4e0074201fdbf9016b67321de5d2562315e30cbef6c2d5581a8dbd0f7323a3885606beb7c44a136ab20d4f6165851bbbea |
C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
| MD5 | c2fbe629198994acecf91c01acfb8320 |
| SHA1 | 0b5691e67266d6832cbd203b355b7740258b4760 |
| SHA256 | 2ac35d8bbf5a2c16d5ce8d46df3ab63e79a809cd4a6e79cfb8df5095811ca8e7 |
| SHA512 | a2ae25160a6750524967253b2ac43c319e5f6614b47ff5f5b90f17cb28d15b4b6a4e91aebfe162293f81f39b31e8e89d63b5bf259fde18b83b6f500561bfcbd3 |
C:\Program Files (x86)\Internet Explorer\es-ES\iexplore.exe.mui
| MD5 | fbff3ec1b9c5d4c766736406d3b674e9 |
| SHA1 | 6577578586d1560de9a3d0771677db4d15b0977e |
| SHA256 | 856acde15927b1c222b6bb44ec109175fa7ca1497fca4f51963eb72fbf0de28f |
| SHA512 | 903ebb86b02cef0d04eaa143aeaa24d040f9c62ac47b28e48f3992f4eaef3bda5c3e04c57706277be0c4e28ab9b6aa744be179c47297aa50c6367269908aa95c |
C:\Program Files (x86)\Internet Explorer\it-IT\iexplore.exe.mui
| MD5 | 037771444fd29d554f653b1745cf6d33 |
| SHA1 | a398d539c67095d3c58536fee48565400d282341 |
| SHA256 | 23babe6c3df53e7693fb39edd885036f8ac42fae1c4dd5fce896f4b1bae1c659 |
| SHA512 | 891b8dd909b3695c9c63b559faaa4a7cb57fe54bffdc8de5bef44357000716fbd603614be78d5c604cfd689203e76d7cdff021466a94e1681a69b1befe83b937 |
C:\Program Files (x86)\Internet Explorer\ja-JP\iexplore.exe.mui
| MD5 | 7a2fdee4b5a17b112a0a2d1030224045 |
| SHA1 | 8acc48500e7f16693ddf8d5d0a690dbe94683f1e |
| SHA256 | c1d343291f274ca661b5771a84969efcbe78116a6185e2e0ae5d5e63d9f3cfc0 |
| SHA512 | c347ed22411af645992cee027143fe7dd4500a24c283afdc28bf5171112ad03c087b2e2bd74cf48b1a8cef7f32d0dde1b908d6bd2ddf11735b877fb683583c47 |
C:\Program Files (x86)\Windows Media Player\de-DE\setup_wm.exe.mui
| MD5 | f362fce69c1b24c5be622de9246adbbc |
| SHA1 | 483567537689efdb78bb34d782f1ba0e024f9b65 |
| SHA256 | a8692f67f20b1644b0af2299bec033216666cb4ddfefbe8ba8a08b55c95ffa35 |
| SHA512 | 0451401fdb300cc2681193b1ecde00e52978a0f69572ac6d1f3647a5dedcbb5cafbb8e41c5a4acb60730ee86a2ee2556ebe06b8c23ad0287e595a01834e06b06 |
C:\Program Files (x86)\Windows Defender\uk-UA\MpAsDesc.dll.mui
| MD5 | 9585945f027129ba80fc2d14c1f6e6a3 |
| SHA1 | 7527cc594be397b2f9beeb360a66afa23b04d7a5 |
| SHA256 | 1d9aaf311d54fbaa7d3ecbe457494762d850b96d1d996b02c9038528ea2fdaf3 |
| SHA512 | d2fe8b4388834d5da3684a9003da0c088e6963a3163efa7d5f071cbf47536e59839683f77920b29f8ee4509a716336cca9eb55b37e4397694fc673de8d8dbf63 |
C:\Program Files (x86)\Windows Media Player\de-DE\mpvis.dll.mui
| MD5 | ead8c01f158b9246f44ee4cd1045c346 |
| SHA1 | da199e2de0b2110c6e87459d04225ac71c1df5f7 |
| SHA256 | 94f66c7e88d29a5fd3f637dc85eb03095630994696245b69bb0894acf90eabdc |
| SHA512 | 703540fa3433254f6c9a3b91e21bb7d10507fb51c6cb3f8c4f6e73704ba0523e7179e50dcee88f4020c9b013f590eb6228cb2cbc147a67ed123d52daa3adb9fc |
C:\Program Files (x86)\Windows Media Player\ja-JP\wmpnssui.dll.mui
| MD5 | 4acf863abbff975ac2cf41c7eb06cffb |
| SHA1 | 248e638ffdc3967357bd970b0bbee48e6439dc7f |
| SHA256 | 9d3671743842e1934a7a4dcd2760b6d1a4f0994eb15ea28b0bf24a984b91a2d1 |
| SHA512 | 9749a1adb522ee209e9eaf5fd47e4fc7d098e69c29af32bca9f75c7110b6383a75a5788f3c044c4bfbd92057b4925cf0f9fbd6988adbc2c982dc3ea6eec0f9c1 |
C:\Program Files (x86)\Windows Media Player\ja-JP\wmpnssci.dll.mui
| MD5 | d1d19be84fba210d6462eb021aa87504 |
| SHA1 | 447b874828a08ec90f25d3a5a1b6ba9279c29115 |
| SHA256 | 452a5beb6266203c29716bc5aa1a0fd8a4d48380420dcf622da9dd530b8395bd |
| SHA512 | 963932ffc4ddd120b69df746b4e56bf4301e9a647ac9ccaaa6d1502de0b7f6fbf4842f3ce8d9571cebdc8d43c44934e1871dae6a94758bea63abc50ff7744a87 |
C:\Program Files (x86)\Windows Media Player\uk-UA\wmpnssui.dll.mui
| MD5 | 2d6a2c98f48e1c0bc6cfc4b512775c8a |
| SHA1 | 62c3ce80daabc88dc2cdaebc054b5c6612c250e1 |
| SHA256 | 78d041f86930aa7093ff8bbed93578c106bf5e45766cc1c2fbf21fa05f190516 |
| SHA512 | abf33fb939e566e8bd9be640d19567731f0bc48e2818fde62453dc3f02617f32d5d2a541270c50e23d9778ff755e62649ac7a2608f7bd02e0943b6984b61a179 |
C:\Program Files (x86)\Windows Photo Viewer\uk-UA\PhotoViewer.dll.mui
| MD5 | 822eac62c6635d094a68745cafe41469 |
| SHA1 | 994f2b4efb6ab1abd72b54290f122a400d671980 |
| SHA256 | 590d41f84c521ceee2d1cfd3d46ab4781c31006db9e8c1cb1dd360103aa7812f |
| SHA512 | 2bd1533f918eaaa20868a1e1b28b9c0708be0ec46d5a104f35d371fbefee8b8b71d199f44f75af4082dc879dc636bdfd515ce8008db1587dc3ca4fa2dc4fa56d |
C:\Program Files (x86)\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui
| MD5 | 7cab47ae99967bc1cee0c24c8fdac778 |
| SHA1 | 6b9f7d5fcf4bced91e3b1cbeb7209f2a402e3647 |
| SHA256 | b7801f80308bcae37d5ff10944c57acb73050f677264f0170922317da32782a0 |
| SHA512 | 60bc77503dc202f7202ddf51d3fbc98079281b37fa1cc0449939418b0082a446eca63a21ac89769e72673e394eabbe62f005c4149f483304fec8405d646efd98 |
C:\Program Files (x86)\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui
| MD5 | da3337bd7c8595528591ad73f56ab195 |
| SHA1 | 00dab8b93e50a3fee1c5241dd985a2b382e4e8e9 |
| SHA256 | f8983808254f91a22cb9739abc88f82f9f2bfd0852b5eb68757da5aea5534868 |
| SHA512 | 54b821b79d25d891f2f5bfabda2e09c9b7794188b2d7dba5d0118916e043943eec9d2ed2aadafda178e582eee44672f981c69fec177d04229d2ffd1ae017f496 |
C:\Program Files (x86)\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui
| MD5 | fa5762949fd5ac5a2d38bcce4deeaec4 |
| SHA1 | 629be01eb2d3ba36d051bf3b2c44a99d79ddf726 |
| SHA256 | 5447cd858e699a89075e77a15e7fb7783399b25af34b02609c213ee1e45d6f96 |
| SHA512 | ddeee48cbd95c1cd5f2e7a29a3d24a3143fa658d5b3f9d05c5a4c189e75c430e41c1e4a1b1e54063bfc515b0b86ce48271e9cd9fb9fa3a851794d75982910f29 |
C:\Program Files (x86)\Windows Photo Viewer\es-ES\PhotoViewer.dll.mui
| MD5 | f8de8cf2a1852e18f6ccbafe33389b4d |
| SHA1 | c35e0fdb8ef6f580e253f36224ef270aa1fee177 |
| SHA256 | a3974c3e0d23d40097fce60c93852af3bca65c502dc26a0fe18f6a5563c8e07d |
| SHA512 | f90e1420144110d41fa979e26176e3e6c31c9b3d24eae1c929566809b5ff008c7583ce647527bf94528e20b4faea10d6c222850d29b4db58f857018be7e514c7 |
C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoViewer.dll.mui
| MD5 | 98588e7240e751ad21a2d9ac0d57cd86 |
| SHA1 | efb8e1a575aad1835ab21a5d6bde68172f7951e2 |
| SHA256 | 342dbc9746d7c3bbc36fb5d4db0336488cb1978f6e3a7b74308b06b0416f126a |
| SHA512 | 68a6772d26b39683e46e48960eee9bb256b8dcdefe730ee30b9957fdc938c3c991e218edd29b7963dc1316ae7c6188fa3930c2385510cc4eaba4e00eb13939b0 |
C:\Program Files (x86)\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui
| MD5 | 7fb0b2b46a2b467c87283b1bf5316b59 |
| SHA1 | 13294371490ad6d8ec27a5e6384f6d940700cea1 |
| SHA256 | a384d8e6b6b16a73079a1297885e4d91898ae4f0abe4597b5be12596ddbaaefe |
| SHA512 | 883d2cbc0c69e3574c8c807510e3d003fe44f9d4279d1c68d5c9cf8cf8d80af18b91ff1544bd32e2bc6c128534b8155290fd245c4152c388c2426984449bf60b |
C:\Program Files (x86)\Windows Media Player\uk-UA\wmpnssci.dll.mui
| MD5 | f073ffc726b689acc9c71f12a8a64872 |
| SHA1 | f0add69eda60e709f99bfd2be355402751633f7a |
| SHA256 | 3266366a929cda64c3bacbe7e346ea01278d1d5978a0dfaf6eae4dc2eeb03463 |
| SHA512 | 310d050ba676fdae07b9e0ca7485b7c34a6d5bddfe5d6e40e6587fd5b691fdff4b904a97faa5f7c7e23f0d28666c0003c376fd4cb5c8b011639c90b28148d068 |
C:\Program Files (x86)\Windows Media Player\uk-UA\wmplayer.exe.mui
| MD5 | 6b9254122207a82bfb5e643febca6744 |
| SHA1 | 811a0dee6f9c544016e794f6ac50102f1faf99b8 |
| SHA256 | 9c7fc97e73d9fd2deba628faafef154833451457f7752c81f809d9bf3622d86d |
| SHA512 | 2fdfcd99fd118c02654dba6bcc6acb64d50e01c4092e4575dbed6fbb7743b80a0512446ba3101eac422bdf9a9b8c5e3a354af50f3c6018a967830ebdc5d2e879 |
C:\Program Files (x86)\Windows Media Player\uk-UA\wmlaunch.exe.mui
| MD5 | f00d2ff0e48d023d56ef527a250bfe54 |
| SHA1 | b60203c22d81601d88d9d44e54e75cd531367b30 |
| SHA256 | 045b0a96052799a45ee68df02103b1a78d520a4d62a18563a766d7e52663b620 |
| SHA512 | 8e83179b5ff42da6268ec5aae627c62e46d15dabc88ff724756f7594902dd77a1c6a78f796bf824d7cba87e727fecf41acdce7f2ff020e29b1ed340db678979c |
C:\Program Files (x86)\Windows Media Player\uk-UA\setup_wm.exe.mui
| MD5 | 89b42574dad15ede8c41e0b8e24a4306 |
| SHA1 | f38dbf634db342f85440ef7e5e184ebb194c1f6d |
| SHA256 | a9ad686a4c7e44d3ed1da30085c16f3aa60fe1babdd751be9aafd1d12f3349d5 |
| SHA512 | a7ca88b322e20bf99d34d406ffb364f2c1746e0cfb77f471aa5877ef97e8545851fa915a74ead1c4e48c2fe701ad9087c1fbd81e62f45916a75c29359c78ef92 |
C:\Program Files (x86)\Windows Media Player\uk-UA\mpvis.dll.mui
| MD5 | 6cebcefc436a0413be02a996136a111c |
| SHA1 | 5d4f0304b4188d1f4b5cd6a7bd1942aa6b25697e |
| SHA256 | e9e707b780bc2d159ea2e8620bebd185387424748cc69e2af6c606726350eb74 |
| SHA512 | 974920988b3e3a7d1fdaeb5c6625f0fa92a887f95afaa20328d418c3277f27a45b6eeb6a51959e341f0826ee14dd934aa2b116757205813e271c62381d09b5d9 |
C:\Program Files (x86)\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui
| MD5 | d0c67cfadbcee4a68961c6c152e077fc |
| SHA1 | ebddbeea26541172ff3b0e4f3f469311cd807035 |
| SHA256 | ddf3a10b91aa103f20044b405db92062d07fa0b41294a353aa65c398f5fdf00d |
| SHA512 | 998f45d56c720000308c6c7a1ccc5ae30687e413b573a1648b258924dcefd1b4a919cfa577c55fa411c940122b3a55cc610fb295851884fecd81d29c550317c7 |
C:\Program Files (x86)\Windows Media Player\ja-JP\wmplayer.exe.mui
| MD5 | ff5bf608d3230da04cb7b95c5edd23b0 |
| SHA1 | e03b74b987ae6d7d56d0d6f6f6f611881dd9c309 |
| SHA256 | 1e6de684614d914a8bb0d8de04c9e604f2875d936f4b85606642545253aa17a3 |
| SHA512 | 162e3396a9c6b1f964a7eb073e5bcb7a20fd826baf564c428534c148e5d9598e6829a8535862db2d04d16c4abd4e9b1a18e1c60a6dcb630b7d5a9f708054cf68 |
C:\Program Files (x86)\Windows Media Player\ja-JP\wmlaunch.exe.mui
| MD5 | e599a2c30b0edb0ff187c7a5f29a350f |
| SHA1 | efa99269b4847b9e2af4c624ec2f8957ef0b3a25 |
| SHA256 | bc0614ccfd2570b312588dd017e2d90aec046c0a3acbac6e1e21443833c19621 |
| SHA512 | e5dccce4803eb8b51f181b16e91ab0c3c213efea6f99f753cd08eebfd5990a0173c731856f3797e71b44086cc80f0f403effbaa04e8d754b0749c64503becbe4 |
C:\Program Files (x86)\Windows Media Player\ja-JP\setup_wm.exe.mui
| MD5 | 285f5857e3f34d05468954c490b1c5b0 |
| SHA1 | d388a67ffee846f937ac6382fa0771575d07ee2b |
| SHA256 | f0db503cf591576418934157e836577e3095b8f152ebdc88ff8223e3c04512aa |
| SHA512 | 57322533129b776a1736bd23973aed6a349ce5b2fa95232a24a7e88b91efbb3befbfc5b1a032045f848ca007daf540641347a3f7d1d71925b56cc64e46ff1051 |
C:\Program Files (x86)\Windows Media Player\ja-JP\mpvis.dll.mui
| MD5 | ea12d1698ff9a6bca0208622f7b68c5f |
| SHA1 | 99ebd592c09482c3a374cb559b67dbdf138fbeb1 |
| SHA256 | c5cfd389b35df9417c12a5ce98ceed871d29215ab4872b2c272445847982836b |
| SHA512 | 50de894bb9e7acdf33593f7c8dcc6c0bc483732c5bd451e424161faabd9607cb47838379b6e3075b1d0134661b387e76ece0b352003047137a91acd25138fb52 |
C:\Program Files (x86)\Windows Media Player\it-IT\wmpnssui.dll.mui
| MD5 | ca5436929fd2123ba5b72ebcdeac4cdd |
| SHA1 | 4b36d885edab8cd2fa332abcef720bd52f76330b |
| SHA256 | 10612de2eee2640ecf9b3db2258cbc66f13f9f72f08ee6f99301d0dec7633d43 |
| SHA512 | 892af8e5602c045c23999c1235045e37d2af5cdfe51e8b1643a9f416085681f340c7968a7336406ea4ce523a9f012b7116f54d838403e07433d305b34cd07f14 |
C:\Program Files (x86)\Windows Media Player\it-IT\wmpnssci.dll.mui
| MD5 | 7d7e1e1195a32ad84a0e6fcbda093fc2 |
| SHA1 | ea4d1fe3db7b00d2e62d74af20b15fbdbddc5be0 |
| SHA256 | e092f5c9f1d92aa8dbc9d9b8f986797291be0c02dfed69d58b5ec42ed828fbe3 |
| SHA512 | a6c3254dcabfef8036682a19f3ec3800cb859a1ca12aa8c4c3c8befeac0bcdd35328eef192ea90f92eadc1c8de2274a4f1c21b10cce0e007d4c2425d082ae07a |
C:\Program Files (x86)\Windows Media Player\it-IT\WMPMediaSharing.dll.mui
| MD5 | ed8fb4627d14fe73515e08021711b98a |
| SHA1 | 6f4c535a02a0df05dd12842a92309548f7117fe7 |
| SHA256 | dd8a95d6c0a4e8077be96cda0e3cf61cf0942360f3587a97e24adffeb747149a |
| SHA512 | cb8bee5386aafe1a9a93f84dd22a926db42603fa36e7dcc9421c83e7eaff7e2fdf7d80bbf0ffe6657d9f162f9aec0ccbfbf36788ad2f2d5274c973b12323a7a9 |
C:\Program Files (x86)\Windows Media Player\it-IT\wmplayer.exe.mui
| MD5 | 2606c0db8214fae4903f8b166d9664b9 |
| SHA1 | 169e2adfb646c8e1a20a7c64e84254ee0a353c2e |
| SHA256 | 71c86e073f530eac1dca3bb0bbe81fcf37468cd80937926ae25f757d902ffdd4 |
| SHA512 | 84d46de136f3ffe2734ebf9f2bbc1b30433b189e628b807f571399494a1d22feb083506a4794696c8fb5b33863c875e805e8972b880bea888bb52ce3409227e7 |
C:\Program Files (x86)\Windows Media Player\it-IT\wmlaunch.exe.mui
| MD5 | 4f22fa88f65f59a5365562b63c1f48c4 |
| SHA1 | d3131a7eb7dc20c66a45221669c6110862ed0d9f |
| SHA256 | 2b40e1b9279f75ef57d9e72e6e4e6e10cb1394883ebdaba058cefcd90c97d3bd |
| SHA512 | bade655eef843360a7b4a9e5809cbfc9dee04ee9f7ae6052f8e10e81d9451577789921efb2df86581de866e49e302d55ecdb11b0d78bbe1891422b42afb4ba0e |
C:\Program Files (x86)\Windows Media Player\it-IT\setup_wm.exe.mui
| MD5 | 29b5eedd45cbae1263b65e23724f559f |
| SHA1 | a551d03c5593f1b31784bb85a91e3c1f9672e0eb |
| SHA256 | 53e107c05ce56443d5bcccaf31a147d9ba1f886b569d11e67457ccec51367bfe |
| SHA512 | eeeb9bb553e88d36fdb57d82068105ffebcdabd5d81dbe47b86711c7d3262dff407ab836531df7ec17366ba4eae4fdd14c13220be0b998c06a948f43db7aa0b9 |
C:\Program Files (x86)\Windows Media Player\it-IT\mpvis.dll.mui
| MD5 | 28e2e46ae21243a84bd4419ade0ae46a |
| SHA1 | 544129059210d67fd7430d839c48e9c2474c66f5 |
| SHA256 | 980b924cbe5e9cd9e934626c342344be58f0a4abf05a7f215d40a366722219b3 |
| SHA512 | 35ec45a04d7ff41de55628b1951084b58e91db71603eeed8241d1b24ba12bba391007972fe192de589f4430cb30bcf15fc8b8197300201c60a0283076ad05331 |
C:\Program Files (x86)\Windows Media Player\fr-FR\wmpnssui.dll.mui
| MD5 | 24307d69b9a19362b5b5fda2a060d43b |
| SHA1 | 2e79448d878a53fca86613f494be68bef9f6c12d |
| SHA256 | f7b102818aa0f788a23d3fef84f00fa38e4d77924f5a52eb94ac4e95c32aab49 |
| SHA512 | 53ef5a68cd4fcb545fec52b61fbf8ed3b3763d95f9fe774a7fd26295616ed7fc45887a255cbb02d975b5663b12ec317dbdfa8797b42d12da81a788344dbc3097 |
C:\Program Files (x86)\Windows Media Player\fr-FR\wmpnssci.dll.mui
| MD5 | 3dac012ff2682a1df44c18ed4fadc6bd |
| SHA1 | a278bc75d3386014a3decb46e11cab293f3b9cfa |
| SHA256 | 6adc875d57275a9801bcf39ff6f8be2b32c3a5cdd27809bbdb176b74c1fcf6ec |
| SHA512 | f7bed548149aa8109f99d4c15c709a284436e177f9746abaca9e3b9510c32f784ed54c105351f9b88e67c5edaf39aee450702c923cf365bcd3427a5a4c59c2f4 |
C:\Program Files (x86)\Windows Media Player\fr-FR\WMPMediaSharing.dll.mui
| MD5 | c53ecddac811cc443568ebbff0352633 |
| SHA1 | d5bd0b508778189bc4a7308e53c93e12e828c600 |
| SHA256 | 1b0044c3e406649356cb3126bc7e9f73c7ab3378133eef1b81d71c9df8e3a97b |
| SHA512 | c75de4abe4c189557dc6148bf6bca973b014395082cc21160cc290b3c3d4d8f89fd00599a68ec1451f2d0119ed8c80c2af5df6955162f4932d76b7a42cd64d49 |
C:\Program Files (x86)\Windows Media Player\fr-FR\wmplayer.exe.mui
| MD5 | d589d24e5bc1e9d298d471a4542ed016 |
| SHA1 | 4319026c40606b9d284ef91bc8f617ca5e2e10be |
| SHA256 | 7968d0962778742cf622dfdbb23ca02abd29d42305308004b1d00f7e2b4c2903 |
| SHA512 | c4ff9322e77ea77555987ac25aae95955543303c80ae5bbb53558f00a43d71e376134e8aacbf0ca0b4082687888ab10b0f4009a50a7af03e120b8206b6024702 |
C:\Program Files (x86)\Windows Media Player\fr-FR\wmlaunch.exe.mui
| MD5 | 42c8f0e7ba8c46e46268d63caa590212 |
| SHA1 | caa9889d860474dc5b8bd4ab7d31d6942f4f88ff |
| SHA256 | 2391e51ed04f73e4be2779f13c90aac2dcf57777adaf2935070b585383b6e584 |
| SHA512 | 002c49456ac70edf4beaa589dd9696432aefe15fa2e0a82d9b48bbdea92fabd0c82bc350e32936e5545fa3523c47769a61e95eebadd250787ead9e9325f635b5 |
C:\Program Files (x86)\Windows Media Player\fr-FR\setup_wm.exe.mui
| MD5 | d988b75450f496623374fb7047d03056 |
| SHA1 | d1c6cdd79f87596a5c4ff9f7fd5d422815e75e22 |
| SHA256 | 0be8600d22d9ae1142f7a456c93074db65d24b36c32c0c9261c6cb75b80b5146 |
| SHA512 | 2bdc139b6fe89c31681584193fbc3ffc6a2d8ed94bfdf8462f2d2e2ff3081e7f292df78814ee7cef447340346863f0b417f415fd4c8f6df0600e8b18948fd8e5 |
C:\Program Files (x86)\Windows Media Player\fr-FR\mpvis.dll.mui
| MD5 | d621d4ccedbe7350d7db7aaab78ff870 |
| SHA1 | 9fe424c0aeed86e1bd7b85d55fd87bb260447091 |
| SHA256 | 69620fe6c21a376f1699bc0dc69be3f51aa0b74825934742cc5669845e113d8a |
| SHA512 | a843cf963f1a7adfdba6f0cd35719117f1af3422caa88349a27b659866bc5179aa636f1b879a45a65b270e4287106f2fb0dec2b402f5d37fadb359d06b6ce196 |
C:\Program Files (x86)\Windows Media Player\es-ES\wmpnssui.dll.mui
| MD5 | 5f6302a479ab70c92d695f66ee57e9f5 |
| SHA1 | 97e2401ba5f22747643998cebc2d9a2cee6f5ddd |
| SHA256 | 5546b76404af87a3837293a7d56512360bbcc10e72c13b08889c69c5e303c1cb |
| SHA512 | a08023ee13296bdcc8b00f8b0c43243c4ccebcab46a4a91eb778f150e8fbe6b95885bd9063ebcb3c3faa27ef6f0cd4f3ee391f676a24e62d4f9de42a355f6f52 |
C:\Program Files (x86)\Windows Media Player\es-ES\wmpnssci.dll.mui
| MD5 | 431c6ea67ab9be5850bd1eb3fef9a451 |
| SHA1 | 60683321a10484ba09aab3b81a62ff7827133af5 |
| SHA256 | 44fb2188b6bba039494e672873ae38517f0d0b9002ea8fdfbfa8f62940e7698c |
| SHA512 | 32521f990ad7d112709d9b7fea6356957577d99b9a2dd5404514de2520aa808f22455bc72bded59ac99327d740aa79367f785b7772fc7c752168b9921109b870 |
C:\Program Files (x86)\Windows Media Player\es-ES\WMPMediaSharing.dll.mui
| MD5 | 883c2ffeb75d24ca6a9c79cba3929e44 |
| SHA1 | 465f332a125eff5cb7b85fbb39f5751e9ddbad79 |
| SHA256 | b063fd7438b937b976a94f10858fec29ee73fb26c74ee6bc188b3bcce9f5ceca |
| SHA512 | 0a81d565e88434e307be5ed2fcf7db05f4115d90853d9d957a0d3b6b01a77619fd99429b4cedd3eb2290f097fec35c4497d689e6d6b05bdd4aee6fe95b07e376 |
C:\Program Files (x86)\Windows Media Player\es-ES\wmplayer.exe.mui
| MD5 | 99fe4a23b22f8784e1118ed8f5fd676d |
| SHA1 | 00616590cb790e8494a6634806fff7767e0d545e |
| SHA256 | e6c6355c97cb973e7346cc1e22bbe41e1c510e4fa16053ffacf5b08bdd43fe6a |
| SHA512 | e5510f38ccc4b3cdf3eacd51a3693fa5f71eb7d0e5c269dac9e640993ef65e77f94a9e8013d7f022a905020bdc1a9ad25371dccdfb4507713fbf475344f7415c |
C:\Program Files (x86)\Windows Media Player\es-ES\wmlaunch.exe.mui
| MD5 | d7f53f2cc1cc3b08fc2784899569eec8 |
| SHA1 | f2c62f59d8fc119ab4cd9244adf78e8fdc28eeda |
| SHA256 | a45fe05e1b58756a5f775d584c227ad59d50f77ece1c45e69a1860984903c97d |
| SHA512 | db24f383bc88801340f22fd976446baf4f86982be8c132192f29adabfa712409a3e4411729f84d2361c23fc2e844e577cb4dd98f5c00d5bf30b544eb83079375 |
C:\Program Files (x86)\Windows Media Player\es-ES\setup_wm.exe.mui
| MD5 | 1f8daa55cb8858783d89d33a4c1c271c |
| SHA1 | bb402f09ec1f692f2b224d20e1ff5274b808acb8 |
| SHA256 | 624381625400739f4f626eda4801525f3bbe497f7d59badc138dc71a04b6ce6f |
| SHA512 | d8050d18498ccc150774cf20a2878152ca1f1493bfb5c0c61aac70aba94c19f03887c041f7f0b398e8eb33b11816103c398f7129a12b727c9e227d631001f041 |
C:\Program Files (x86)\Windows Media Player\es-ES\mpvis.dll.mui
| MD5 | 98f3e47583731466e1b5260028ed4c98 |
| SHA1 | c8d37d3fbc9ec0f264c90103756409ae1189c785 |
| SHA256 | 18beb8ac2356031d958eb0e94e575226d4c3ca97112b3b4e656ac666d2dd442e |
| SHA512 | c9e829bdb07e915f78e07e111a427788239571389e700100358b52cfbf9e43d4016e13541028fe807ab2c3f0847214c5928655858d81eaabbbb95cdbe28901cf |
C:\Program Files (x86)\Windows Media Player\en-US\wmpnssui.dll.mui
| MD5 | 8bf8a36b95121e9b3cc036b2af3bad64 |
| SHA1 | 8f92e88fd7007bfee9f2ff105d81306740a0a6de |
| SHA256 | 7bad704d05376f3ce3e32ba31a08c0295d54d95c70fb7630869bf5f2b55098df |
| SHA512 | fd006f4782a8d75b1849fd116ffab16ce2401f07ae8d46d2f7d2dd94002beaba3fe127ca1cd1fc5ef3a3f0f6d40d4ae0e32c4aa38a58a6c41c7cb9a3bba0afde |
C:\Program Files (x86)\Windows Media Player\en-US\wmpnssci.dll.mui
| MD5 | 9f2d18d8d8497a9e2f0921e0f8fdad63 |
| SHA1 | d2ffe640da65a81bce02becbed08b2b96202436e |
| SHA256 | c78d8597a6d74a0fa1027c005f28e00af173ef77898c341a1886710a122cb6b2 |
| SHA512 | 1c0019978543c9dde41f464b046878599a41cf569e06dda50595abb157edc00b49b29e6a884c5241610e601f33c7d1770c440f29f84e76829da01ba424a85796 |
C:\Program Files (x86)\Windows Media Player\en-US\WMPMediaSharing.dll.mui
| MD5 | fe9b55721c6095766cfba681d2efc75b |
| SHA1 | cebf987817f2468083f06aea83f83cf9a7601c6a |
| SHA256 | 4480a6f728b938c84a733ef19471e52cc0a4ca4b8513d27078053efda654289e |
| SHA512 | fe1c7bedf1b52318616b1f114a943769aa4b5dba3e2a5ef28b795ba1fa36c7616baabca7b94adecb9518315bea1e144471cb2c0690d090bd75f47a471a20a717 |
C:\Program Files (x86)\Windows Media Player\en-US\wmplayer.exe.mui
| MD5 | 73f1841a8776396c30413117ab45d948 |
| SHA1 | 79b3260f826f0f80abe3146d183bbdbf3e7c6766 |
| SHA256 | 9989f7cfb7d7f7b2babde0be6e20ca52af58080aa6e7af1ae743dfc660f57b20 |
| SHA512 | e096e05bf73728d630a81ca051606d30bbf252029a5c3b111532a1cbcd4109d9a27bd99e5b2750099f8c9c680ae4999f96e2080f0408e0af2dadfb5b820c1008 |
C:\Program Files (x86)\Windows Media Player\en-US\setup_wm.exe.mui
| MD5 | b714f2f55953fb932a6fb02596e77215 |
| SHA1 | 152b7d2e0bbc8df884749c432b23c9c9a116708a |
| SHA256 | 9546ef50ff37eb1000ce1093059ce6a6417f331a8dc8475f712cbe06614d3902 |
| SHA512 | aa3e9bc688153856e19860cb785c9f0f97ede992bf37a13a9fc30703b54e5b6fc2a690c64fa56b86ed2fada50b4805e13bfc5d8b9094dd94b883ad5cc0802abe |
C:\Program Files (x86)\Windows Media Player\en-US\mpvis.dll.mui
| MD5 | 82ac513ff6478bd175267c6d2e1be141 |
| SHA1 | b1d9530e255b9cf95ffa5adc47f9805782066814 |
| SHA256 | cfe95be8b7402aba098ea836f163b0120ebf6bc1da2e6803a3b91e51da9c6612 |
| SHA512 | 99fced42a4576345a528a3c82e643eb5ef5883a23890f34033461ac1de09fce166b6df8f660581c97b785930aefc774e3a4019689679afa2a9c04b242e13d3e7 |
C:\Program Files (x86)\Windows Media Player\de-DE\wmpnssui.dll.mui
| MD5 | 13abc484d8ca22bce93f6ae100465aca |
| SHA1 | 5debb699c9e4572062fe2ce91b7ee18ba2641bc8 |
| SHA256 | 98a087e0f88c13554097637695ae2cc3682a8bc26335a441eece15b5d561b4dc |
| SHA512 | c00b0bdb9e48d359367ed8905964ac770cab12d862d8a531feee00ab3dc31c2b5d274f93f739175fd7be0a8c12b65367cc521155b384bf205b502323013b66b8 |
C:\Program Files (x86)\Windows Media Player\de-DE\wmpnssci.dll.mui
| MD5 | 1f8c88046ae2174d13bd6ece408fa79a |
| SHA1 | f8aaa7f724e7b344c247c1a3ab119a9554fbad90 |
| SHA256 | 888e6a18cfacd2edecb08e3485fb1e10d47ed6f51c45d8475c8047058a132c87 |
| SHA512 | 58711bb0fb61fa9b5920146427c072f000a48737890eeb3f1d1b99f30867009ad497c4805cdf10c4c1c6b4e2731d5c7e31bc956ab4b2c4a2e41b028281a5c08f |
C:\Program Files (x86)\Windows Media Player\de-DE\WMPMediaSharing.dll.mui
| MD5 | 219d4408f3275470880a38bb6f1d5247 |
| SHA1 | 3a0ec158ffd630842b21da474594cf272e072a61 |
| SHA256 | 5c97b415c9eba96f91c8617ad5f04e51984fb7145b18534cbb30ebc2b1dd5a8c |
| SHA512 | 505c2b1690d969c0011e8978cc88f86198480e26b885c06603c542c9863c408bf8aed90c3050cf7dc425f1535bce21d71488ac413b88a95946b5c1938ab440ea |
C:\Program Files (x86)\Windows Media Player\de-DE\wmplayer.exe.mui
| MD5 | 349e86c187033364000d6afc5d139690 |
| SHA1 | 7c668937f4906afc687a5eb6cc382036fbad50c7 |
| SHA256 | 32e82f74a2deab3b3144af76c2596befdcf16716074f163aebd6d120c3506077 |
| SHA512 | 332ad3f8ebc96c5f1b39a913f9df990d6f1b92b13d17872a2be440cc9a68a39450b8b8937010157c656faeaa3531be308fcdcae46fc64dff3dadb0b066b8a30b |
C:\Program Files (x86)\Windows Media Player\de-DE\wmlaunch.exe.mui
| MD5 | ca7b2282760a1db29636f00a4522e72c |
| SHA1 | a1129fa97338e3e653fe81cd48a4594eedc941e4 |
| SHA256 | 1d006ec130d4c29705202c600e57a981c7b385fabbead94620696572c812d08e |
| SHA512 | 909ad765be6dce3e5e3f6a8c4e75f612e9558716ecfe6735a12a1015fb975ed276fa618a1515c8d86e7f809f1c93cd04041f223dc960bdbcb7b89b46a8d420cf |
C:\Program Files (x86)\Windows Defender\uk-UA\EppManifest.dll.mui
| MD5 | e0142970b0d891edc2cc23fa109dbdb0 |
| SHA1 | 2c56b12be30c2ebf300834e086b180320b24817b |
| SHA256 | 6d4029843c0e2ed39a55d33f76aebc496af1155c6b0262ef679889a3863cf28c |
| SHA512 | bd6fe212acb3144b55b44181e78b01fbfc4aa5fa6b3354caf66fcb22f6822156eaa9ce4fbdf134da0ebd32f71d7269026c2789b9656b0af45a7017d2ace0efbb |
C:\Program Files (x86)\Windows Defender\ja-JP\MpAsDesc.dll.mui
| MD5 | 0a7266a911fc4dbb5158ddf4a9d88050 |
| SHA1 | 4236a0156b8e42de8d7f41c7da633d40afd1bd74 |
| SHA256 | 2bf5f02aea1d76e7a931652181e64f7f3360b56c7790c111b5818aa09b4fc00f |
| SHA512 | bbe052a39290ff96a5a16d6498b4a0b4115ae66979d3e1f6745cdbb1b41c1544430ce8b9b4a5995b9de8274822197ee821b75a4cf8a477832d776234dd3650be |
C:\Program Files (x86)\Windows Defender\ja-JP\EppManifest.dll.mui
| MD5 | 99dfb8be0d5777f5b2ac1862b01904fa |
| SHA1 | 8176047359a0f3489b6fcb982ed41f1ed32ffd25 |
| SHA256 | d392210d62b36a5938f80330cf80e2112d150c60606a7cc6ffaa35062847e089 |
| SHA512 | 532f844339d7e4d02688f9daa623b7df9d78d34db99189919a402d75a7c1a15fc8d9aede497dfc5dd936ee16bcc6ed51ca2062f8098aa7dea84b67ef1c71db9a |
C:\Program Files (x86)\Windows Defender\it-IT\MpAsDesc.dll.mui
| MD5 | d9503d3248bf43230c617afa20c43788 |
| SHA1 | 72ca4e5ad7e836cb5d1a432f52530c87ed6d94e8 |
| SHA256 | 1c8967624bb201ef8cae17aa1d11943c240e3a0b471f054a2d93df00fb7dba7e |
| SHA512 | 8f1f444b0677e742ebcd32f111c08a0fd615d725009a28aff0477e38655a6cbee1a15d08851e7cf86ddce1c413a32d0e938f7e348053ad23b7ed12a72b83ada4 |
C:\Program Files (x86)\Windows Defender\it-IT\EppManifest.dll.mui
| MD5 | 4c4a966d32226078720eae0db424cbc8 |
| SHA1 | d7ca0d88e1ef76bb50bd74b27d7dcb8df0d6b119 |
| SHA256 | 2735081965f34ebb494d0ff130f16b839affbc0486f9d19d6afa255433245442 |
| SHA512 | d37ce1d68087100a5157a7d6eff4cceb4481fe7539626eb7f0521f7780400164072f8c229027a863fde4f5775facbf5f16d727c3f6d5ab24cfcdf61eeaa64876 |
C:\Program Files (x86)\Windows Defender\fr-FR\MpAsDesc.dll.mui
| MD5 | e72a0e8de90e91c132dbe5b34f1bea5c |
| SHA1 | af093ceeb2607fa2b588ea65eadccaabdfb4f140 |
| SHA256 | 5142bc907a05c661adc4de2b183a454b470c74844b3bdc0bd128428decf06f4f |
| SHA512 | 14b54e4a7e2b590d978ffd65e372df37483f1855737736e017ae4270454a3500a9a5ae9824fa63156caef939f77abdac8286267cbcb217fa3d98bf8fe3956e57 |
C:\Program Files (x86)\Windows Defender\fr-FR\EppManifest.dll.mui
| MD5 | 47ea2f653ea2bae2c54a8729d7bb4463 |
| SHA1 | 5edbe5144f9f8124ee531e632a77c685edb17ee6 |
| SHA256 | 695c4d3f46934f06e3862f7b7ba210ca81fd4970f859840a47b167b7d22a62e6 |
| SHA512 | c02ded31a755be9a440fb75f3b8858235b6a54ab05cd57d6f38c07df06bfee79b29e1b07e99eced21dbe7034094cc6d1308c11c7079f82b82a134c46ad2f1f58 |
C:\Program Files (x86)\Windows Defender\es-ES\MpAsDesc.dll.mui
| MD5 | 2204ba76558d81106befb9b094fd47c0 |
| SHA1 | e71f3ffcbcc767a4c8efbd02b014e71a300824f2 |
| SHA256 | 6f82e53518a5e876a3cc7317dd1e7bb84a684d47e56be24ee495a2613aa6de28 |
| SHA512 | 680ebd5470dc3ddd6863ef347291a964196d83b75d6d2d5668cb33e9ef3c9dc10011b322ff2b5f98c5a764dac41927686c6de9e7782dbb468294c1eaf90748f7 |
C:\Program Files (x86)\Windows Defender\es-ES\EppManifest.dll.mui
| MD5 | 8490e1a7e44bca5256be55c806da0da2 |
| SHA1 | 8702815882a0b8c2a3739932130e18c54a6d29a9 |
| SHA256 | 50ea2665e0ad4b4e081cdf39d4f71c07c2311f5724e598a6fb8660c2766c293e |
| SHA512 | ded934c015d1e67c72331cdf800dd24d8e56846c9c6fcf6e46402c38150c90fc01f78a9595689ad2dce2753eec1c9ed5663ab1bd6d8b60bf8155edc6a9519c62 |
C:\Program Files (x86)\Windows Defender\de-DE\MpAsDesc.dll.mui
| MD5 | db08a9c7b655333a579c2c8443110285 |
| SHA1 | 6bb601548925b49562a794ed8f672eed0292810f |
| SHA256 | dad2d27cfd05fe7cd8ba8bdf8cd192ea8f1a76d35637d71b861647b25ce308a8 |
| SHA512 | 6218af9b8eb7a48dd2cf8bda0d07ca8014d85a914bbf37c85bd7abf5bfd81206a53cb6d4c4f70d421c9c721709903e845f6fe48be5420fc509886202df01fc4f |
C:\Program Files (x86)\Windows Defender\de-DE\EppManifest.dll.mui
| MD5 | c06d1af49112704fde3dbbfa2c0401e3 |
| SHA1 | 40d82de1fc65ba19f1679be3aaa88985baec0105 |
| SHA256 | 33fef64e3f4f8fdcb35f3e4bc511e7bc52b614650dd5e5a5142abd05c06883dd |
| SHA512 | 00f65a4a915bf8b6ee65f58f72dd8971f2e06b82c4973b4d3b2c90d23d5155e63625a19a6295a2d45490805d586e22f6a01f16cf4550162c420c6ac524304799 |
C:\Program Files (x86)\Internet Explorer\uk-UA\iexplore.exe.mui
| MD5 | e60b213a31b29e66b8ad8874064231a0 |
| SHA1 | 0d3620499f58e69b66aa68d17e5f97fa0b612dab |
| SHA256 | 13b846735203b9f5664a2c26593d3946ecf3f4b80550ef13e0e65b12d192efcf |
| SHA512 | f1044632029b72468a6dc89023586ae1f88f558af722d1ce7803fc4497af3d2e8bec839ff2a076b04450445bbb24791bea5a607a70b54413d6e2c9775da12c7c |
C:\Program Files (x86)\Internet Explorer\fr-FR\iexplore.exe.mui
| MD5 | 6e0d9d283433b21cc45e404dca39e32d |
| SHA1 | 19c950bdb0c08374c8facd3e21d0578ffcf69957 |
| SHA256 | 2144dd22890050ee7a60be84720d139af8b2d9d8e24c5f50e90ab0066345ea1f |
| SHA512 | e9faa381b18a4b50aec112b92a568a1c8b47aec56bc517bcc1547a08d7617674f8ecbe29115e1231b2c498cc05161ae79bcccc7781c713051be3da4523f34d80 |
C:\Program Files (x86)\Internet Explorer\de-DE\iexplore.exe.mui
| MD5 | 1d97fc5027e6444f7f363e47c97f336c |
| SHA1 | d544e839ffd28e6eb63734a65686655d6f1f6aad |
| SHA256 | c31aabed5ee8ea944a4fc2644ba66c8f048d389a63632f2091d8586647006cf5 |
| SHA512 | a84faa6c575ec0f0bc32d95c646f815b79fe244bfc54be94574949cb75de36730a312b723311421dc3d6772daea91ef70eecb4d2073b0eff9688cc72d0957cff |
C:\Users\Admin\AppData\Local\MICROS~1\OneDrive\ONEDRI~1.EXE
| MD5 | 1319acbba64ecbcd5e3f16fc3acd693c |
| SHA1 | f5d64f97194846bd0564d20ee290d35dd3df40b0 |
| SHA256 | 8c6f9493c2045bb7c08630cf3709a63e221001f04289b311efb259de3eb76bce |
| SHA512 | abbbb0abfff1698e2d3c4d27d84421b90abba1238b45884b82ace20d11ddfdd92bf206519fc01714235fb840258bb1c647c544b9a19d36f155bf3224916805b8 |
C:\Users\Admin\AppData\Local\MICROS~1\OneDrive\181510~1.001\FILESY~1.EXE
| MD5 | f3228c24035b3f54f78bb4fd11c36aeb |
| SHA1 | 2fe73d1f64575bc4abf1d47a9dddfe7e2d9c9cbb |
| SHA256 | d2767c9c52835f19f6695c604081bf03cdd772a3731cd2e320d9db5e477d8af7 |
| SHA512 | b526c63338d9167060bc40ffa1d13a8c2e871f46680cd4a0efc2333d9f15bf21ae75af45f8932de857678c5bf785011a28862ce7879f4bffdb9753c8bc2c19b5 |
C:\Users\Admin\AppData\Local\MICROS~1\OneDrive\181510~1.001\FILECO~1.EXE
| MD5 | 346d2ff654d6257364a7c32b1ec53c09 |
| SHA1 | 224301c0f56a870f20383c45801ec16d01dc48d1 |
| SHA256 | a811042693bc2b31be7e3f454b12312f67bc97f2b15335a97e8d8f2ba0a6b255 |
| SHA512 | 223545e3fc9f3cd66c5cbcb50dd7103743788f03a9db398da6dd2744ccaeee291f385ce4f2758d4504fc0f6b968fabbfe16ba03b5f546b743c51dacad7a049c3 |
C:\Users\Admin\AppData\Local\MICROS~1\OneDrive\OneDrive.exe
| MD5 | 3a3a71a5df2d162555fcda9bc0993d74 |
| SHA1 | 95c7400f85325eba9b0a92abd80ea64b76917a1a |
| SHA256 | 0a023355d1cc0a2348475d63aaf6aa0521d11e12a5c70102d7b3ebde092849e8 |
| SHA512 | 9ad76ccce76ccfe8292bca8def5bc7255e7ea0ba6d92130c4350da49a3d7faef2d46b08aaef1955f3f4ea0a2e22451562b5e08783a79f794724584e409cf7837 |
memory/1300-2578-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3332-2836-0x0000000000400000-0x000000000041B000-memory.dmp
C:\DOCUME~1\ALLUSE~1\Adobe\Setup\{AC76B~1\setup.exe
| MD5 | 05bdfd8a3128ab14d96818f43ebe9c0e |
| SHA1 | 495cbbd020391e05d11c52aa23bdae7b89532eb7 |
| SHA256 | 7b945c7e6b8bfbb489f003ecd1d0dcd4803042003de4646d4206114361a0fbbb |
| SHA512 | 8d9b9fc407986bd53fe3b56c96b7371cc782b4bac705253bfb0a2b0b1e6883fdb022f1ac87b8bfd7005291991b6a3dfbaceab54f5d494e0af70f0435a0b8b0da |
C:\DOCUME~1\ALLUSE~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\MICROS~1\CLICKT~1\{9AC08~1\INTEGR~1.EXE
| MD5 | 63dc05e27a0b43bf25f151751b481b8c |
| SHA1 | b20321483dac62bce0aa0cef1d193d247747e189 |
| SHA256 | 7d607fb69c69a72a5bf4305599279f46318312ce1082b6a34ac9100b8c7762ce |
| SHA512 | 374d705704d456cc5f9f79b7f465f6ec7c775dc43001c840e9d6efbbdef20926ed1fa97f8a9b1e73161e17f72520b96c05fa58ac86b3945208b405f9166e7ba3 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe
| MD5 | 44ead684bb87562ad730f8b257c1b975 |
| SHA1 | ed8db7d905f7919ce3c8be8dc3c0893f77f030b6 |
| SHA256 | e820b4780baf63d35d86ae12a2a492131eb6c738c485eef19b8d470887723919 |
| SHA512 | b81d68a94802faeffbc4476a4da3c7a3ef93600de35aac421ff973b2108b34e6f24c169d03735fd28949c0b407133d7cb7a7d2be50435365ae29abf5fb6217be |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe
| MD5 | b1941e75f409572576662aead3f96a65 |
| SHA1 | 9834ecdc6432136709969f12de6673bd71ab2840 |
| SHA256 | f7fee20c23b231d3b4ed84ae7d99d03d5b6ece12c2188f26ed844aba88754f2b |
| SHA512 | eef712a9adc38e4a6935461daa759fc59045a866aa3d88d59f4e94a895c70bbd38dc637d8b223bc6e54827cc59561ea856fb8c69a471cfbf6c210b6dec722a98 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
| MD5 | 467fd36c87f3df356d73ae1ccfa9d488 |
| SHA1 | aa19e66aeb4f6ef216a2164a92bf8454dedde013 |
| SHA256 | 1f201389afbabf8ac390769f28c0ba729a7fed6d6dba56918401eb2107d86f06 |
| SHA512 | c92da488cfa4280aaa7e2a07ab1854f3d4bb3f82bc85a2e23e88b0975ed78455c7fca7ffa3ce6ca42e74640ee24ab8ee4dda7cc539136173b9d95c2477e7bb14 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
| MD5 | 2c35de647c9a3e1c3de45c6af87656c6 |
| SHA1 | f44626ad37bf94592c7d0c50ac3ef25462bea5cb |
| SHA256 | aa8be2aabd766e40691cb37cdaa96db414bac44595124230a93d49673cc86477 |
| SHA512 | e39bca97d12d4de89b80ee2a62ac82168ffc9b16dd1cd7e7db2e968ba77be4e1d6fa53e2d4156c58fc96a5630ae536bd3d0050adaceb89b542667930ef6d2d7f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe
| MD5 | c8d891a0350368995ace8f448d63d79c |
| SHA1 | ca0429b992d6a51c9eaf1c045af438fac0ab698c |
| SHA256 | a1f61f7a780db952c01face07faf6c3d141f1e9e3535b1bf4c793f3c9b138a4a |
| SHA512 | dff55b1a64f987d235da2f6b0ad10cf04b1c918e9aad19800a39256091a258f51d9cf2500bf67bed97e48eaa43a1138984e93e5c7e7650889b0f44cb306566d5 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe
| MD5 | 2663af1d779f6a83cdd34ad79a372e3c |
| SHA1 | dab530515325ce4e4c35f623b3edf73d9e6f6df9 |
| SHA256 | 7a82a27e2d00aefcc0600ac3ec79f8b898be6e5024d2993b68ae8a2559d6e7b5 |
| SHA512 | 34633be2de94376a3e5cd17793aa381d4146fc53f9f6164db3a070de5bf3052f6de4a516645b565d1c61e520a0060b6b74f72b632d1b568577c03d9d643c6f25 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe
| MD5 | d283d2e92ad56e874423a1714fc23fb0 |
| SHA1 | c11839a4d1858834e679a35c24ad66f691116f20 |
| SHA256 | 10be40e66e14bfd4a838341eae84b6763330379315d30f767993dde980c4028b |
| SHA512 | 22f8919995f248b444699a8015c847977bbc8a59a5e5d1a483664b24dcb480d911a9cf45b88a6b842fd43f0f3269045cf5c55d7680422111366ddbbe0fe79986 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe
| MD5 | d6ca1db8c1ae4f4b8c2c8806e1f2fecf |
| SHA1 | 78ab7ba9736cc1ecf030c8568838d07dd46dd69e |
| SHA256 | d0632f7258aa87473d87665fda77563c70d8766a8bc8e0d162665d42e29bba5f |
| SHA512 | 878117aff48bb38120781ed97cb1ba75f02f9f5ff20847afd746d4816b57016bc38ffb296d1dfaffd141003936a3280380590f3af7a2be924cb7bcd8dedd2dcf |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
| MD5 | 476b0a8838dcaae4dcef364ca9dfbb4d |
| SHA1 | 6c687aa822cffc030567d234cd742ca56c2a21d0 |
| SHA256 | 14818e24df626facb02163810f986b17accabe93b733cf8e35d8467434f28be8 |
| SHA512 | a43c95712778dff50dc9ccc44edea9465e4988e84415d24863d5dafc50fb79263945d4f5fdba266fb059d75bbbbb0a318835c83f022906753bd78648887f01ed |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
| MD5 | 7cdeb39bcd9a552c38e378d9ff9e5a9f |
| SHA1 | 992134ccd1968eaf48f04c7bfce624528f7356a2 |
| SHA256 | f20eada15d7804f2c55b92416afedb449a3b0b2414054688d3180d40a8bb144a |
| SHA512 | f7671311b1d1eadee732a41f0738fde5b71e425504cfee061ff0fdbdee1e74df78476cab37846c6cae592630fe9eb8285f38c5dd7bc84f265152b4ff9395c369 |
C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
| MD5 | 8bf87508f350513d211d4dca2571a16a |
| SHA1 | e8774a47e28c15b531c95d4582c3bb0aa9689110 |
| SHA256 | 07c12391587f35883e6c461fbd35a9edc80bc9359ebe0622f2c417d6afe2bc59 |
| SHA512 | c3410b2e8a3cc3a476ee27f7379dca13c13b660dd8019086a5f4617b20fcfa95fabb0a28b6e0beac7960aae775241de9a442cd7e5db40bb37f75f2b1524d0c7a |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe
| MD5 | 46d8a4727a8e4f5ebd137447b4c4141f |
| SHA1 | ffd851d7cdb84d302980732d90eb4de41edac0d4 |
| SHA256 | 920f7b86ad78cb4f65d8d8918141a7c6c137da768aa81a43b1f9290f28a700b8 |
| SHA512 | 9d20bc0ca3b182d237cfd2c1f82481e77f211c40b9b28e468efd5b3cdcc8c7f1648d00613dfb44044ffea522c12afedbeedbea83049f0fd50075eec1b11fe3c4 |
C:\Program Files (x86)\Common Files\System\it-IT\wab32res.dll.mui
| MD5 | 3dfc81c33656872d9f325bb4d2848054 |
| SHA1 | 8419cd773bc30c3e7e0e3d065eadecfb163778ce |
| SHA256 | 13f955d51a9f1068e8d15357e32fa55b0845e319f817fedb60a67ca282a612f6 |
| SHA512 | cbcf95899d65fb65bba047c7c0e587270cc855cccc27df2d49d491795a40d89cc02402cf97efd1c79d453e6edf385620c2def6270660db0e7f54d4813d6945de |
C:\Program Files (x86)\Common Files\System\ja-JP\wab32res.dll.mui
| MD5 | 1c099d4db3eb71514c8842e60941bd16 |
| SHA1 | db5b981867c7235b19f3fbd743b606c212ce2ce1 |
| SHA256 | 53c9db30bd607fd12520e21dc6f809409c301115863c31615a85c96ecaae1d34 |
| SHA512 | 44a32e76989976a51a29017f3acae0dc92e743e2eb71ca6d861447856d88c85668a17ddc235cfddbb7d56c508508ff581dd4b058b2899fe023256aaff310539e |
C:\Program Files (x86)\Common Files\System\fr-FR\wab32res.dll.mui
| MD5 | 0196f829e7bae7e8d5144e51a6ffa999 |
| SHA1 | 39991db97b4308fc038b640ea5834ef829e49153 |
| SHA256 | 63a26aa6d1935b422fd1acf627515aaf278425cb9ee5b74273361dfe49804774 |
| SHA512 | 590935693b85824b985729d9be40e12e75cf6ae7b58e3caa617431b9d746b276c07e868f71e43278c82d59ea0a8b58ebe38dd7a28c56bee0046faa1a206ab67e |
C:\Program Files (x86)\Common Files\System\es-ES\wab32res.dll.mui
| MD5 | ad519eb6ca347b8d1da72fef267573ed |
| SHA1 | 271034dce9a1b41a1a4e32715c09030aa755fa7d |
| SHA256 | ba2fe7a472944be05b5321eed3090c99f32905b7ae25304f3e2daf90c144802f |
| SHA512 | d43adb78bef078af97c94bd412705a6512eecae07d6fced8750ad2068e8b1b68a3d4fdcf8d97c72afc03d521907128b26eb547573804c073609d289eb807ce53 |
C:\Program Files (x86)\Common Files\System\en-US\wab32res.dll.mui
| MD5 | 1fadfcb61e0dc539d5bee206ddedae99 |
| SHA1 | d104c075cd5135b5c4bfca3ac84e594e7ec94197 |
| SHA256 | 66f6e21d70d84caafbff2625044aa0fac2ae74e26176ee6a694a1ceb364626b3 |
| SHA512 | 082ca89331793739ab5e98f019dab900e6e1571e453fe244043e0895dc3f5d941d07b01a3fa0ce080cc57e8fa2077f2cb90cf61b97fb9a9c1070d0e0a61b26d7 |
C:\Program Files (x86)\Common Files\System\de-DE\wab32res.dll.mui
| MD5 | 50669fbbbfbe3c41bf5458606fc88367 |
| SHA1 | 52c9ba8270ff372410d948dbbf95089ff2daf5ec |
| SHA256 | a0387de92d953d0aedfbca501515d322aa3335f1f0103ede7e880aa327bcc484 |
| SHA512 | d9bc8091d6c67e5e224eb9260d4736a40ed36736fb104f2049d75a597092b51e0a24511aeeb6ae6cd4ac2feb0c5bc162b1c63ca5b3aa19ba21ddf986a909f433 |
C:\Program Files (x86)\Common Files\System\uk-UA\wab32res.dll.mui
| MD5 | 4eadfc2fa79ff8ee46907706b832d745 |
| SHA1 | 80929746231eea4984e26298efdd73b4cc37b37d |
| SHA256 | c3d2be3fb21bd6bbe204178ddd9ec6fe722f4fadd0c3fd85486f9df8343c4ebd |
| SHA512 | 5a4c02defb10ca4c5e5ced1f6796724bcc79148342eb71f7326035d006f783534b6a88fe1e966ae4688e53d95f43cbe8a4e7dd067381148a15a86b9d1c84399d |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\Browser\WCCHRO~1\WCCHRO~1.EXE
| MD5 | 9dfcdd1ab508b26917bb2461488d8605 |
| SHA1 | 4ba6342bcf4942ade05fb12db83da89dc8c56a21 |
| SHA256 | ecd5e94da88c653e4c34b6ab325e0aca8824247b290336f75c410caa16381bc5 |
| SHA512 | 1afc1b95f160333f1ff2fa14b3f22a28ae33850699c6b5498915a8b6bec1cfc40f33cb69583240aa9206bc2ea7ab14e05e071275b836502a92aa8c529fc1b137 |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\32BITM~1.EXE
| MD5 | 92dc0a5b61c98ac6ca3c9e09711e0a5d |
| SHA1 | f809f50cfdfbc469561bced921d0bad343a0d7b4 |
| SHA256 | 3e9da97a7106122245e77f13f3f3cc96c055d732ab841eb848d03ac25401c1bc |
| SHA512 | d9eefb19f82e0786d9be0dbe5e339d25473fb3a09682f40c6d190d4c320cca5556abb72b5d97c6b0da4f8faefdc6d39ac9d0415fdf94ebcc90ecdf2e513c6a31 |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\64BITM~1.EXE
| MD5 | 12c29dd57aa69f45ddd2e47620e0a8d9 |
| SHA1 | ba297aa3fe237ca916257bc46370b360a2db2223 |
| SHA256 | 22a585c183e27b3c732028ff193733c2f9d03700a0e95e65c556b0592c43d880 |
| SHA512 | 255176cd1a88dfa2af3838769cc20dc7ad9d969344801f07b9ebb372c12cee3f47f2dba3559f391deab10650875cad245d9724acfa23a42b336bfa96559a5488 |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroCEF\RdrCEF.exe
| MD5 | 322302633e36360a24252f6291cdfc91 |
| SHA1 | 238ed62353776c646957efefc0174c545c2afa3d |
| SHA256 | 31da9632f5d25806b77b617d48da52a14afc574bbe1653120f97705284ea566c |
| SHA512 | 5a1f7c44ce7f5036bffc18ebac39e2bf70e6f35fa252617d665b26448f4c4473adfa115467b7e2d9b7068823e448f74410cdcdfef1ac1c09021e051921787373 |
memory/1300-4863-0x0000000000400000-0x000000000041B000-memory.dmp
C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\AdobeARM.exe
| MD5 | d47ed8961782d9e27f359447fa86c266 |
| SHA1 | d37d3f962c8d302b18ec468b4abe94f792f72a3b |
| SHA256 | b1ec065f71cc40f400e006586d370997102860504fd643b235e8ed9f5607262a |
| SHA512 | 3e33f2cdf35024868b183449019de9278035e7966b342ba320a6c601b5629792cbb98a19850d4ca80b906c85d10e8503b0193794d1f1efa849fa33d26cff0669 |
C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\ADOBEA~1.EXE
| MD5 | bcd0f32f28d3c2ba8f53d1052d05252d |
| SHA1 | c29b4591df930dabc1a4bd0fa2c0ad91500eafb2 |
| SHA256 | bb07d817b8b1b6b4c25e62b6120e51dec10118557d7b6b696ad084a5ba5bfdeb |
| SHA512 | 79f407735853f82f46870c52058ceee4d91857a89db14868ee1169abd5c0fd2e3fa1ed230ab90b5f479a9581b88998643d69b0df498defea29e73b0d487f3b10 |
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\PWAHEL~1.EXE
| MD5 | 5c78384d8eb1f6cb8cb23d515cfe7c98 |
| SHA1 | b732ab6c3fbf2ded8a4d6c8962554d119f59082e |
| SHA256 | 9abd7f0aa942ee6b263cdc4b32a4110ddb95e43ad411190f0ea48c0064884564 |
| SHA512 | 99324af5f8fb70a9d01f97d845a4c6999053d6567ba5b80830a843a1634b02eaf3c0c04ced924cf1b1be9b4d1dbbcb95538385f7f85ad84d3eaaa6dcdebcc8a6 |
C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MIA062~1.EXE
| MD5 | 4754ef85cf5992c484e75c0859cd0c12 |
| SHA1 | 199b550e52f74d5a9932b1210979bc79a9b8f6fd |
| SHA256 | da6de758d909ff5b7fb150a4a6a6b9774951aa2bd7c93966ea8951647386c330 |
| SHA512 | 22c557807b81aac91c65643abb73f212d13f7c4504b6bb14e82bd9cf91319f2daadafa67425d91fa95f1d39c3700684f928e7d68468cb192c4c0be71b9f9b5ab |
C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MI9C33~1.EXE
| MD5 | 1e09e65111ab34cb84f7855d3cddc680 |
| SHA1 | f9f852104b46d99cc7f57a6f40d5db2090be04c0 |
| SHA256 | 8f5c7c8e0258a5caa37637b2fa36f3bd87569a97b5c1ecf40dab50e7255fcf9c |
| SHA512 | 003176cb9dd7668b1b40e4d60d86d57c1a9ec4d873382aab781b31c8c89f0e388f3d406963f159412e2828d0be9f6daea146a252d8ee47281dda01123c9e7ace |
C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MICROS~4.EXE
| MD5 | da18586b25e72ff40c0f24da690a2edc |
| SHA1 | 27a388f3cdcfa7357f971b5c4411ea5aa1b9e5f5 |
| SHA256 | 67f6e8f14bcf0e6d570c1f4ac5a1bb80a4e1470b5bad5a7ee85689c476597d8e |
| SHA512 | 3512820a9d37b61f77a79b2d4d3f6aec9ef53dbf81071bee16f5dcc8173393a1cd1bffe9f7f39467b72f9c9271a78e42078e68598934188d9df0b887f2edc5ab |
C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MICROS~3.EXE
| MD5 | e6aecae25bdec91e9bf8c8b729a45918 |
| SHA1 | 3097cddcb7d2a7512b8df9f5637d9bb52f6175ed |
| SHA256 | a60e32baf0c481d6b9db3b84c205716fe2e588cb5089c3d0e4e942e453bf086d |
| SHA512 | c9a6add86a2907f21c5049613fd8300800e4a949a943feea9ab36a271596343328bf0856e3d8dc4784b1c8357e01c3702761b8d9a3170ebd279dc4e1f1cacb01 |
C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MICROS~2.EXE
| MD5 | 5d656c152b22ddd4f875306ca928243a |
| SHA1 | 177ff847aa898afa1b786077ae87b5ae0c7687c7 |
| SHA256 | 4d87b0eb331443b473c90650d31b893d00373ff88dcbcb3747f494407799af69 |
| SHA512 | d5e50ee909ea06e69fc0d9999c6d142f9154e6f63462312b4e950cf6e26a7d395dbb50c8e2a8c4f4e1cfb7b2c6ae8ad19e3b7c204c20e7557daa1a0deb454160 |
C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MICROS~1.EXE
| MD5 | c7f7803a2032d0d942340cfebba0a42c |
| SHA1 | 578062d0707e753ab58875fb3a52c23e6fe2adf6 |
| SHA256 | 0f201a8142c5a8adc36d2a177dd8d430eef2b05cff0e4faefb52440e823b54bb |
| SHA512 | 48e3e1eb3a33c1b8c20411209d8ed261c00798393f5fdd691d3fa0abed2849d8eb241bedcbeefddfebbec292c7abd254023e25df77c85b46000fe63a7324172b |
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\MSEDGE~1.EXE
| MD5 | a5d9eaa7d52bffc494a5f58203c6c1b5 |
| SHA1 | 97928ba7b61b46a1a77a38445679d040ffca7cc8 |
| SHA256 | 34b8662d38e7d3d6394fa6c965d943d2c82ea06ba9d7a0af4f8e0571fb5a9c48 |
| SHA512 | b6fdc8389bb4d736d608600469be6a4b0452aa3ea082f9a0791022a14c02b8fb7dcd62df133b0518e91283094eaba2be9318316f72d2c4aae6286d3e8686e787 |
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\msedge.exe
| MD5 | 5119e350591269f44f732b470024bb7c |
| SHA1 | 4ccd48e4c6ba6e162d1520760ee3063e93e2c014 |
| SHA256 | 2b3aa9642b291932ba7f9f3d85221402a9d27078f56ef0e9c6bca633616e3873 |
| SHA512 | 599b4ec673169d42a348d1117737b4ad4d7539574153df5a5c7689130c9ac5ff5cd00f3c8ec39adf32ff2b56be074081efcabb6456272c649703c3ea6cdaded4 |
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\NOTIFI~1.EXE
| MD5 | 27543bab17420af611ccc3029db9465a |
| SHA1 | f0f96fd53f9695737a3fa6145bc5a6ce58227966 |
| SHA256 | 75530dc732f35cc796d19edd11ae6d6f6ef6499ddcf2e57307582b1c5299554c |
| SHA512 | a62c2dd60e1df309ec1bb48ea85184914962ba83766f29d878569549ca20fca68f304f4494702d9e5f09adedc2166e48ee0bc1f4a5d9e245c5490daf15036bea |
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~2.EXE
| MD5 | 11486d1d22eaacf01580e3e650f1da3f |
| SHA1 | a47a721efec08ade8456a6918c3de413a2f8c7a2 |
| SHA256 | 5e1b1daa9968ca19a58714617b7e691b6b6f34bfacaf0dcf4792c48888b1a5d3 |
| SHA512 | 5bd54e1c1308e04a769e089ab37bd9236ab97343b486b85a018f2c8ad060503c97e8bc51f911a63f9b96dd734eb7d21e0a5c447951246d972b05fafeef4633da |
memory/3332-5099-0x0000000000400000-0x000000000041B000-memory.dmp
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~3.EXE
| MD5 | eb008f1890fed6dc7d13a25ff9c35724 |
| SHA1 | 751d3b944f160b1f77c1c8852af25b65ae9d649c |
| SHA256 | a9b7b9155af49d651b092bb1665447059f7a1d0061f88fa320d4f956b9723090 |
| SHA512 | 9cfe3480f24bf8970ad5773cb9df51d132ee90ada35cbf8ec1222e09a60ae46b2ff4b96862fea19085b1c32f93c47c69f604589fa3f4af17e5d67bef893b6bf1 |
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\INSTAL~1\setup.exe
| MD5 | 6ce350ad38c8f7cbe5dd8fda30d11fa1 |
| SHA1 | 4f232b8cccd031c25378b4770f85e8038e8655d8 |
| SHA256 | 06a3bb0bdd2da870bc8dc2c6b760855cea7821273ce59fc0be158149e52915ba |
| SHA512 | 4c18a112fec391f443a4ae217ac6d1850e0cfdad4b2d2cbe3f61cb01c0a1400ea6bd5c3ffe0a9978ead50e7f6cfab96ae5090bb9a611f988f1a86ccaa5d4cd4f |
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\IDENTI~1.EXE
| MD5 | 301d7f5daa3b48c83df5f6b35de99982 |
| SHA1 | 17e68d91f3ec1eabde1451351cc690a1978d2cd4 |
| SHA256 | abe398284d90be5e5e78f98654b88664e2e14478f7eb3f55c5fd1c1bcf1bebee |
| SHA512 | 4a72a24dec461d116fe8324c651913273ccaa50cb036ccdacb3ae300e417cf4a64aa458869b8d2f3b4c298c59977437d11b241d08b391a481c3226954bba22e4 |
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\ELEVAT~1.EXE
| MD5 | 41b1e87b538616c6020369134cbce857 |
| SHA1 | a255c7fef7ba2fc1a7c45d992270d5af023c5f67 |
| SHA256 | 08465cc139ee50a7497f8c842f74730d3a8f1a73c0b7caca95e9e6d37d3beed3 |
| SHA512 | 3a354d3577b45f6736203d5a35a2d1d543da2d1e268cefeffe6bdb723ff63c720ceb2838701144f5fec611470d77649846e0fb4770d6439f321f6b819f03e4db |
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\COOKIE~1.EXE
| MD5 | 5e08d87c074f0f8e3a8e8c76c5bf92ee |
| SHA1 | f52a554a5029fb4749842b2213d4196c95d48561 |
| SHA256 | 5d548c2cc25d542f2061ed9c8e38bd5ca72bddb37dd17654346cae8a19645714 |
| SHA512 | dd98d6fa7d943604914b2e3b27e1f21a95f1fe1feb942dd6956e864da658f4fbd9d1d0cf775e79ceaae6a025aafd4e633763389c37034134bd5245969bec383e |
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\BHO\IE_TO_~1.EXE
| MD5 | 7c73e01bd682dc67ef2fbb679be99866 |
| SHA1 | ad3834bd9f95f8bf64eb5be0a610427940407117 |
| SHA256 | da333c92fdfd2e8092f5b56686b94f713f8fa27ef8f333e7222259ad1eb08f5d |
| SHA512 | b2f3398e486cde482cb6bea18f4e5312fa2db7382ca25cea17bcba5ab1ff0e891d59328bc567641a9da05caca4d7c61dc102289d46e7135f947ce6155e295711 |
C:\PROGRA~2\Google\Update\DISABL~1.EXE
| MD5 | 7429ce42ac211cd3aa986faad186cedd |
| SHA1 | b61a57f0f99cfd702be0fbafcb77e9f911223fac |
| SHA256 | d608c05409ac4bd05d8e0702fcf66dfae5f4f38cbae13406842fa5504f4d616f |
| SHA512 | ee4456877d6d881d9904013aabecb9f2daf6fc0ec7a7c9251e77396b66a7f5a577fe8544e64e2bb7464db429db56a3fe47c183a81d40cc869d01be573ab5e4c1 |
C:\PROGRA~2\Google\Update\1336~1.371\GOF5E2~1.EXE
| MD5 | d9a290f7aec8aff3591c189b3cf8610a |
| SHA1 | 7558d29fb32018897c25e0ac1c86084116f1956c |
| SHA256 | 41bed95cb1101181a97460e2395efebb0594849e6f48b80a2b7c376ddf5ce0ea |
| SHA512 | b55ab687a75c11ba99c64be42ad8471576aa2df10ce1bb61e902e98827e3a38cd922e365751bd485cac089c2bd8bccf939a578da7238506b77fe02a3eb7994c6 |
C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~2.EXE
| MD5 | d9186b6dd347f1cf59349b6fc87f0a98 |
| SHA1 | 6700d12be4bd504c4c2a67e17eea8568416edf93 |
| SHA256 | a892284c97c8888a589ea84f88852238b8cd97cc1f4af85b93b5c5264f5c40d4 |
| SHA512 | a29cc26028a68b0145cb20ec353a4406ec86962ff8c3630c96e0627639cf76e0ea1723b7b44592ea4f126c4a48d85d92f930294ae97f72ecc95e3a752a475087 |
C:\PROGRA~2\Google\Update\1336~1.371\GOBD5D~1.EXE
| MD5 | 87bb2253f977fc3576a01e5cbb61f423 |
| SHA1 | 5129844b3d8af03e8570a3afcdc5816964ed8ba4 |
| SHA256 | 3fc32edf3f9ab889c2cdf225a446da1e12a7168a7a56165efe5e9744d172d604 |
| SHA512 | 7cfd38ceb52b986054a68a781e01c3f99e92227f884a4401eb9fbc72f4c140fd32a552b4a102bedf9576e6a0da216bc10ce29241f1418acb39aeb2503cb8d703 |
C:\PROGRA~2\Google\Update\1336~1.371\GO664E~1.EXE
| MD5 | cdc455fa95578320bd27e0d89a7c9108 |
| SHA1 | 60cde78a74e4943f349f1999be3b6fc3c19ab268 |
| SHA256 | d7f214dc55857c3576675279261a0ee1881f7ddee4755bb0b9e7566fc0f425a9 |
| SHA512 | 35f3741538bd59f6c744bcad6f348f4eb6ea1ee542f9780daa29de5dbb2d772b01fe4774fb1c2c7199a349488be309ceedd562ceb5f1bdcdd563036b301dcd9f |
C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~4.EXE
| MD5 | 674eddc440664b8b854bc397e67ee338 |
| SHA1 | af9d74243ee3ea5f88638172f592ed89bbbd7e0d |
| SHA256 | 20bbf92426732ff7269b4f2f89d404d5fee0fa6a20944004d2eeb3cc2d1fa457 |
| SHA512 | 5aced0e2235f113e323d6b28be74da5e4da4dc881629461df4644a52bccd717dc6d2632c40ed8190b3ad060b8b62c347757a0bbe82680d892114c1f0529146b7 |
C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MID1AD~1.EXE
| MD5 | 4f197c71bb5b8880da17b80a5b59dd04 |
| SHA1 | c3d4b54f218768e268c9114aa9cdaf36a48803cd |
| SHA256 | a1a0bf09839e6175e5508271774c6d94f4eb2130c914ea7666c1ecaf1a6fde47 |
| SHA512 | e6104ade74dc18e05be756e2a287b9940cdc98150ddd7c562b61282d57070e1d7272316469f1e1b294d3dfbcf191c2692de0d45a2fae59e73c4c039d80f3e002 |
C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~3.EXE
| MD5 | e4351f1658eab89bbd70beb15598cf1c |
| SHA1 | e18fbfaee18211fd9e58461145306f9bc4f459ea |
| SHA256 | 4c783822b873188a9ced8bd4888e1736e3d4f51f6b3b7a62675b0dc85277e0eb |
| SHA512 | 57dbc6418011bcac298e122990b14ed1461c53b5f41cb4986d1d3bbbb516c764a7c205fc4da3722399fdb9122f28e4ec98f39d2af80d4b6a64d7bd7944d1c218 |
C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaws.exe
| MD5 | 452c3ce70edba3c6e358fad9fb47eb4c |
| SHA1 | d24ea3b642f385a666159ef4c39714bec2b08636 |
| SHA256 | da73b6e071788372702104b9c72b6697e84e7c75e248e964996700b77c6b6f1c |
| SHA512 | fe8a0b9b1386d6931dc7b646d0dd99c3d1b44bd40698b33077e7eeba877b53e5cb39ff2aa0f6919ccab62953a674577bc1b2516d9cadc0c051009b2083a08085 |
C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaw.exe
| MD5 | 892cf4fc5398e07bf652c50ef2aa3b88 |
| SHA1 | c399e55756b23938057a0ecae597bd9dbe481866 |
| SHA256 | e2262c798729169f697e6c30e5211cde604fd8b14769311ff4ea81abba8c2781 |
| SHA512 | f16a9e4b1150098c5936ec6107c36d47246dafd5a43e9f4ad9a31ecab69cc789c768691fa23a1440fae7f6e93e8e62566b5c86f7ed6bb4cfe26368149ea8c167 |
C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\java.exe
| MD5 | 9a8d683f9f884ddd9160a5912ca06995 |
| SHA1 | 98dc8682a0c44727ee039298665f5d95b057c854 |
| SHA256 | 5e2e22ead49ce9cc11141dbeebbe5b93a530c966695d8efc2083f00e6be53423 |
| SHA512 | 6aecf8c5cb5796d6879f8643e20c653f58bad70820896b0019c39623604d5b3c8a4420562ab051c6685edce60aa068d9c2dbb4413a7b16c6d01a9ac10dc22c12 |
C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE
| MD5 | cbd96ba6abe7564cb5980502eec0b5f6 |
| SHA1 | 74e1fe1429cec3e91f55364e5cb8385a64bb0006 |
| SHA256 | 405b8bd647fa703e233b8b609a18999abe465a8458168f1daf23197bd2ea36aa |
| SHA512 | a551001853f6b93dfbc6cf6a681820af31330a19d5411076ff3dbce90937b3d92173085a15f29ebf56f2ef12a4e86860ac6723ebc89c98ea31ea7a6c7e3d7cdc |
memory/1300-6624-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3332-6793-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui
| MD5 | dc5af267b827027144fa9adb565b95aa |
| SHA1 | 3ed818bd4bd2cf735df2bb6593e1c1eac331dbcd |
| SHA256 | 2142df46fe17e9ac416145f66714cf6d96b9024b83651b5e785433eae51b82f4 |
| SHA512 | a37e7fa817a610cd1ea09661827f7bbe51a49c01909b6be503a5e5e23b1c9c90a698ffa023c0a93bdc81f85fbc0aa435ab2b2186f2f6013f61dcccfc661622af |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui
| MD5 | 46303c6b809ef040209b05c40b566caa |
| SHA1 | 5bc097c708b30a6a682013f215635a6b1f064583 |
| SHA256 | 807a6016014f845713f9df93a7b7a6b7424226ec8eb63e1796875dd634d1712b |
| SHA512 | 3d24cc4482c581c97628d8845e93d7a54f15037ae04b04febbc5887ce63d19a90099ca7f0777455aa8204b8c8d51980f9ac407473c72cf8c1fe63fc7fd3e0b52 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\uk-UA\TipTsf.dll.mui
| MD5 | 481c35c5fd5f62a873174a797b370801 |
| SHA1 | 889611eb262cfdd0f8232ec86076e064fc8cf8f7 |
| SHA256 | 686bbf173cc8c7536a6b7dd08eea594aef6e1e0d0fd91e3dcec608e983ae332e |
| SHA512 | 803bfafa7c38068c7c130b8ff91e6963718c382fb422470a15168cf1046f5ea735d3e84b2a56bcf1655fe2f126fa3e454fc78cfba01aa0052ac7f6a3593f27e0 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\uk-UA\TipRes.dll.mui
| MD5 | 3b6b721ea0781c1ced89793491211e87 |
| SHA1 | 4b3e33e6fb1c58d1b7d210cb6e58dfe22d81be4d |
| SHA256 | 6115fd5e1bcc15b4ce4cb1a889f533beeb2c2b1c36674c117516b45d5042ca58 |
| SHA512 | 9059d6b592f21ff96e54bf57dfa956e2fc6bc31ebcc68bc7927634ebe052b47d88f93be92eeb74821648c74e106a6767490fb6c8838da42989c4c769618ed718 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui
| MD5 | cacdd6ff150ff59d934be941a92e32df |
| SHA1 | 79c2eece617917e334645dd04f0b065a10942484 |
| SHA256 | 9f563f0e59d62b56bb03c62e65c865a00a7164cb22d35fa5ed1aaa2b42697ef5 |
| SHA512 | e887113c0617b30584c79a7c5516348a37c9735e308cbce59232a79bcfab95b2b57413ecc01495d4c9b710c43d82d7e46bb5a24b5d39d374a569a63f35a6c8fd |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui
| MD5 | 3f54248ac3c0508bd7ac1eccf95b3207 |
| SHA1 | 77cf40f66ec3d6e8671e5d2e4e8226834071300c |
| SHA256 | 961cc8d09b14da9a7be20f8222d861777e215df0b82307244956f98add9c4c34 |
| SHA512 | fe76594866668d90b63a2015e7f42eba29a6ae6621082fdf9daffa8003812042387dd6a97605e139d791f58d83e1c667a92ae342674426240b71b79cbd7ab07f |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui
| MD5 | 8c9a0971ab6966965846bcd966b4b247 |
| SHA1 | 92c4f0513fc5fcff4735e6d22f44751a0f0e9ba2 |
| SHA256 | 05055d71106c4a0e2e85a837f53df3aaac69d50d39c8ed8ad5968c1fa8780b19 |
| SHA512 | 3365d9e554200aefc304e7697c4d47099d090c4b2ec5e2830c4610b616e91ed3d3e111be6a3c239add6589239cd067b02b923859463f434150a48c5e160e36e9 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui
| MD5 | d95056aab7312da20ad67edd8bf1379b |
| SHA1 | 077746e3816d0828d37defbea1c614d791caa7d3 |
| SHA256 | ba93e4dc2df0328bce59bc4ffa402b718e3f816203c0d44f318843a9601f61b3 |
| SHA512 | d1eef9e08a36b47bd242f23acb44a2346b53663b97ac31cefe8d2f854d76537a9c40d0e84215f17ebbd3b9a086e7e607abf661e4cb35783f2e7beb9d3a3b6961 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui
| MD5 | 2f0545d301aa6ce8decb49a247c01c62 |
| SHA1 | 32b1b1597a42927263fb8f265e656103b264efc4 |
| SHA256 | 9f1d10b3b2da516abd4302ef752694d7a90d2f91d4ddf3319bac8bf1bd8f4a70 |
| SHA512 | e086306f67d52149634751b2b78ae0f1a3bd6da6105078d57aea6475ae54e754e392f6785bb3e50f2db67eebf5334433af741e6379a69e1e5b0882442d2b5634 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui
| MD5 | d6d1904a0985292cfa92ee36241a3344 |
| SHA1 | ddec6eb31a50bed92fa058c728594cb56facaafc |
| SHA256 | ebb412d5c0f7445f96b5b37e32a0a3ec381199c8fde24989616bc2d93c39ebd2 |
| SHA512 | 342c346d56a0acbebfdaaa879a98d5aa529fab4d4110437b1b1fc387ba9bc9a8a83b0c8804b9a9b7dbe89d120bf5c78b7659935ef9c00ead4706d1ed73905092 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui
| MD5 | e05a646fa4c8370eba5a92d993bb0c71 |
| SHA1 | 9c9dc0e632936aa76dd543788ad0685a33cc0029 |
| SHA256 | 8ca6d6175a98aba59696cd52548fba36039becb757e8ff58f3aafa2d911fc66a |
| SHA512 | 09fe5f1f81724f673e5b2b181b16773a70a7bbd6d82c3714845774d386d5a21637e999c4a2edcaf60b25d6c98a958a9a63f8f27b99a72a2c43563c63a8842f86 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui
| MD5 | f7a1f7bcea06e25c4da2c521a61ceb6e |
| SHA1 | baaccc154462ef708b5dc4173d3f43d6128b3b77 |
| SHA256 | d1bd405ebe047daeddfc4b8220ab9b785f09431972ad3a0b908113f7f99b8ee6 |
| SHA512 | 6c45fc30567a369d88dab687010c42815d470dc07007f5a69056e3b1a97a2b5df09c8a5974f25961ba4a375a8175cc5f9f7ac029f718876b08c5685cd92161aa |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui
| MD5 | f451ad6a1fe9cec63d81a08577453b13 |
| SHA1 | 3aa33eefa0699e0cbb8f3c944b1e95b47b9d2dfa |
| SHA256 | 496dd1f57aa101d3f3a0e45c00d7e07f1c3fd666227d93a68a80849d6a6fa67c |
| SHA512 | 69cc82b9e7ab134eaeba6bfe617c60b6ba776cde804c6fb9edf3e84352f746acbb674ce7a6e1ca9b6b2d5ecb7a0ed61b0166422f7285d6051fa18a688258d52a |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui
| MD5 | 6de2228ce2d24bcf5d27771ba81b4e86 |
| SHA1 | f68c1522002150af8b3806b799e13b81d817d48a |
| SHA256 | 659493ab96628eea275d5093bbc608ed580375401973796d2522a2bbeeb8a77e |
| SHA512 | bc94df62d2a4e103445f2c238f3c9e5f5b0cb7750ec31c9187dac22c386cf1b22471f5d0f16d5b591b845ffd2dc6debcf54407475bd740f820e8afd628e15a2a |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui
| MD5 | 1c9073a3b6d303c065385db6426da7e7 |
| SHA1 | cbd8ac40722a42674d321708cd824ab0893e6c47 |
| SHA256 | 1828572cfecb836de3b21a2ebfe3ea3337c3444cf1976cb92fc0c858b461fdbb |
| SHA512 | 4b51cc6b3be8182ae0536ee2719e53998dea9992ad1d3ef21ab54b3879b7c26e1abf28db103b0083a55ef72434062658a73a6c7e69fc34de884e5d49b3db470f |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui
| MD5 | cbca5fae88cbf8a2ba704766b646b182 |
| SHA1 | f3509ea01553f6af0557044efbce84cc3dca52fa |
| SHA256 | cd623f79393a14bc67451527605d275b494e4b902dd02812e2a14a71dde6018f |
| SHA512 | 2526606a01016bdd8e4b54917e465fe369416b09e4be16a2b4d294bb3aa9b89f560abbf17e7f585fb2b012c9c54d439e339f026af36d930bf3e8c6b55a2ff68a |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui
| MD5 | 3950ac5e9eda4c4997ee93d3a0f5d48d |
| SHA1 | 56cdb103bf33c5433167823d018e24f2af5eed39 |
| SHA256 | d681c25dafd4d3a07785b242e5c81a1fc601b86b632a48b7ed43568c61524daf |
| SHA512 | 3c2003c3a076938d8534158bdaac869ba40d316795dd4792aeb701cee3e7311034bfa8ef06857431989eeeed6eaa85f4f8b4831d4a7c63a2ba149835a4cba405 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui
| MD5 | b6d6eb69fdeacd8da99dc7f1ab866a6b |
| SHA1 | 15ac3c7d2d2435e44a7551ae80f317d59a997dda |
| SHA256 | 9adf9a233d8c7b7a41913aaf46cb1f9f9cecc562e8317282dbe0a73582ed6b54 |
| SHA512 | cd2384e8d6aaa9327ed666fbdc618fcb1cc718f8cc2630676a449cb7a5f1cb1e99b596dd09ebb8193e7bb28eebeb8c3f241ccf86601a25a5b0fe6c0f8467fc75 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui
| MD5 | 5e4fc92eb71a5fad97b873e2bac6ad32 |
| SHA1 | a4a43dc0d3b0b7291cdcfbe1480423e889c8ddc6 |
| SHA256 | 07d2c24fca76d5c772f3e6bd4d48242778dfc7cc8bf3db161563667a966b308d |
| SHA512 | c9c6a6b298d4f3087670dc4adc01b4d8b6833309dd4744766cfce6faada97dcbf7da2d33e35015767c8b4a5ca76ce2b54c27035bf3d2e981934dc6a1e400f4a1 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui
| MD5 | 1d10e8eea81828502ce6bd3d4c97534a |
| SHA1 | e977711167b15dd6693de258853503e074e3ea46 |
| SHA256 | 1f4f50ba360399d8ffc3fd85e519376978405032a4bdda68a1c92b9829819e44 |
| SHA512 | c89103f43d19be4a7903de3dd09fbe2fe2fbd366615effae5c416524789802ee71fc1c9e0c278ee18708355be77bf981414d6c988b64bca93f86961bd41b8859 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui
| MD5 | 31beeff0b08247242ff4dd4abb5e1696 |
| SHA1 | 60e91c8b32862beb9899c89788b7e03521d93ca5 |
| SHA256 | 828c93512f767384eb3a0af3cd7005848836ea71187e804ad6e9a055b776f762 |
| SHA512 | fa51d745661ec0c48dc0770cf274251b92115f7ff7e7e87308f250626c568b55213a1d6a7f304ecc93465f0bcb4de07351df6e9da40841fafe9de13e2f2a8a80 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui
| MD5 | 5989146c5020b791eda637de1ce3642e |
| SHA1 | ca430b312a3902e56e1dbd7e293000d8ea16d9a3 |
| SHA256 | 4d5727017e0d83307a58ae1c6eb6f2b41d936db5b3591a0cd04313297b4a183d |
| SHA512 | 0705348b82688b59eeb70b6116c643549ff9ff68c9208071093bb22278833c52ff24ab3dfd26d59dc2bd848b5bcd176c25f6ec34655ff02c025cdaefcab7ea91 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui
| MD5 | c4e3b9eed4f85889d38efcab5ad72dd4 |
| SHA1 | 8c490b5d58a35d3b1c77d203fdd57d6f320d5aff |
| SHA256 | e74f68930f2ab7beb0be082d766d3f92dc0253d91cab87088afcc151b757b326 |
| SHA512 | 01d441e8ccd73543caf985cf58006411af1745bbe20f2e5839b785f783bd9c4753db42402e1eb1752c85ba56826ee0b6cbb57f67dae555966ba23904af0c2f95 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui
| MD5 | f67dd59685fd7bc3fb06ec281226ef0e |
| SHA1 | 6e6675ef7985f2a21e50d530ae781f3640b44303 |
| SHA256 | 5c75b9e3055bf62a8d529242d57e3a9a32c6266f3ce11d2fa0a41838bb7b8021 |
| SHA512 | c1e6110947a309d01ae1b6eae61d41af5043f163ded6e1b59559673ba437e361e11f8244bc0d24166283f512302c2c491d99153a40f4118da5dd1361a4a32926 |
C:\Program Files (x86)\Common Files\System\msadc\es-ES\msdaprsr.dll.mui
| MD5 | bc15b1806b2504026babc2f6566362b6 |
| SHA1 | 631496c7b54b53fc02a8ad15090b3612906be37b |
| SHA256 | f4868ff5234f3747b41402c1686937b0c3d103d7e5ea52bcb34ab482143bbd1e |
| SHA512 | 564d0e9403f9918518c125fdfcae7316eba3ea71cef0de02837bc323363dec86487b2b1ce8c7f31b0c94b98658c259c4c57e739ea66bbb266823752b8dc92d9c |
C:\Program Files (x86)\Common Files\System\msadc\it-IT\msadcer.dll.mui
| MD5 | 236eb62a5b10e7513b8d19cc3a26adb7 |
| SHA1 | 7677f4f7b4ed3a77a168c34276d8a6bfc815412f |
| SHA256 | 61e36b3c2a831f01c685cb2e2c38805c4e0a9e842d98647fce278264e8ac69cf |
| SHA512 | e41fc7c94349ad74e166dbf2d33ff56c2315e5b22fb01705a15e4633b9411cb6775977a77a060333dd5cc86da022cbc2a243a329799125093cab33e542d45528 |
C:\Program Files (x86)\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui
| MD5 | 85151318b992004614df12e1922e75ce |
| SHA1 | 4d5767e47a23e7c3e00acdac35263828917f5bfb |
| SHA256 | c28f483e5d577ea059e5ca5df09ff1cdc34189a1e50b82429dcfe930c3a700d2 |
| SHA512 | e9f846515df019f7ffa80e04f910693c6e84792fb30c36e2800711cd7270b93ed2df356218d1963f5e2bb88d9469bc1e5f5f5045c18d60354d37a499ce37994d |
C:\Program Files (x86)\Common Files\System\msadc\es-ES\msadcer.dll.mui
| MD5 | bbf54d5b65ac2539ebc633746b18d83f |
| SHA1 | e993b982b824f1f4607f6cdd7911bb8f1dd88fa5 |
| SHA256 | 7aa0967bfc3c9670425def6fd12578e4db5bea95aadabf9950800fdadd4ea9fe |
| SHA512 | 1458da2b681a8e50a7bac11885d72af268bbfc8e570129ba26c32afb6c6af9511392737d1fcd101bfd99b8e8f4d59032a25bbf6902e43a74af5864a5f27dd989 |
C:\Program Files (x86)\Common Files\System\msadc\en-US\msdaprsr.dll.mui
| MD5 | af5a1018c05f8b86f42f04807a23f1af |
| SHA1 | 695c2ed9755bafe4b93ce4c6ea9830bd9f117c9c |
| SHA256 | 1d4db43aa54b2964ff1b361b1147455b1e56ad890b07fd4f52fa63f1b0f8d6cb |
| SHA512 | bd4cd72fd6b967238693e2400285830bf9cc1f7dbe6dcec5eb26002a42eb6fd0270fe63b4f5675f4369f7a26337f4ad9cfb5fe3064bf9064cae21001a00fe8a5 |
C:\Program Files (x86)\Common Files\System\msadc\en-US\msadcer.dll.mui
| MD5 | 39df0e1507d649d99f594673e57153b9 |
| SHA1 | c3efaeba8c74bbae7bc9ed604e5a837b2ea05a98 |
| SHA256 | 70b0ea3d13cd190cc230bd6022480969e7bb7782a062b57e0e1231de3b3052a3 |
| SHA512 | c8a3edbaac3e1b02a9157239f0e24ed489a7241cf2665ba3a7974de0d69a8d377c709525e7449fe6f36cfa99f4298df577c999c2933d7ff8cfa05132cdf02514 |
C:\Program Files (x86)\Common Files\System\msadc\de-DE\msdaprsr.dll.mui
| MD5 | a4eb845d5cc3e02dc7398143d3c30f8d |
| SHA1 | 7f0e2ea1e8d7d4941a7a14f3e8a8e3c0e7aa0280 |
| SHA256 | 334c8144d2231d07825271de41653c80466f833670c45fc7f4692f458c56adc8 |
| SHA512 | fd8443a11baae97989ae8be81e4579c1a726470cf3196d07956ad72b9c9586e8a59d2d5530c0e5ea92d12e67177b3f6e964cd7721d96f326d7cf06ee44d9c548 |
C:\Program Files (x86)\Common Files\System\msadc\de-DE\msadcer.dll.mui
| MD5 | 663427bd9f8203b8d319fb764ec1f112 |
| SHA1 | ea5f93bd56e021136720b9807e6fc287b361d58d |
| SHA256 | 2fccf45a8ea9594abe3e4932a20c77805a1e504901ab7a3e89b684c7c5517970 |
| SHA512 | f31b8a07e53c2f4d093a2ac74ed74da80ff92bd26da0c82fc6aab41fa432622bfe869ef0ece39a27f9204f4fe02d278030d3f5c13be923605d83e989b69b88e7 |
C:\Program Files (x86)\Common Files\System\ado\ja-JP\msader15.dll.mui
| MD5 | af6e42d1317aba9278f198dd798a04fc |
| SHA1 | 4500af685dfe6db8bdb4529f7d25271959022f70 |
| SHA256 | 1fc79f1f3a8d01377319fb146c3e64c7c41d0bb61b10919a128238b7ccd31fa5 |
| SHA512 | 40e2cc81c2c35a16dd62b7fd4d28c798f1df2472f7c717c7822b82dcf39c11489f1a58d7795a17cf92e3d21784be8523677a54b81a65d10af7b19ed2d7de0c21 |
C:\Program Files (x86)\Common Files\System\ado\it-IT\msader15.dll.mui
| MD5 | 10075c2b8d5d6c394ded92e989852ad0 |
| SHA1 | 10e2b37315f6e4d42320fa47362c4d42c40ba087 |
| SHA256 | 08f826046a47d4dff0613d04581d738827e196e84fdfcc393f70d166342f0e05 |
| SHA512 | 3a5983afb4660a67520df8508e94d815a39b07b5b05771c6e4d588c0d9466434d0e6737660944a768e7ce242eee20ee31d781a32c7b1b7dc3f8ccc6ed6fc3ce7 |
C:\Program Files (x86)\Common Files\System\ado\fr-FR\msader15.dll.mui
| MD5 | 2a4f76b71b4fd4138046c548045e6e99 |
| SHA1 | 1bb062c01c0fd5870b25c205077721656b512ac6 |
| SHA256 | fcfefee4e8f7cac1f677697ef6d29318b16690beb9a13d5da2309244ee45fad8 |
| SHA512 | 228872eeb0c2ffc083b637912080e044f1ce5848526ca08dd3b7132ce7ac09d01e6ce5de2b7dc6a3a058354a1beddc72c9413e7028778ac28d2699e8e44cfd87 |
C:\Program Files (x86)\Common Files\System\ado\es-ES\msader15.dll.mui
| MD5 | 1da60472945401e4e87f228d42e681bd |
| SHA1 | bcce8af4e452d85765894151f479ffe331a96a25 |
| SHA256 | b309ce381efb297d72297d2c0064aa3d17e6c166a6ea1b1381e3982667a6de74 |
| SHA512 | 44512e287d890cd4936b703596fd889b4396b82d56a912d8d421f435135ab71cfdd8fad14ed67212d7e6d9bc2fdc0a0f3d6d35e2a838f313075afe97723f28e9 |
C:\Program Files (x86)\Common Files\System\ado\en-US\msader15.dll.mui
| MD5 | 6dcd47fb1fe9b992673de241f5f333d6 |
| SHA1 | d06a208d2820e5d3d0372255aef0d729bf250e63 |
| SHA256 | 3d253d825d29eb867f607c52c10ccac24854d245a71f485d2f6a2669aae07f87 |
| SHA512 | d23bc74907d4181706ce3c6270b28d4e42eb55c02276d52a1f3bfd4782157bdbba9a64ca842493b6d6d88e847c9bc968289f58e9a6a26e090fa822bcb4c37349 |
C:\Program Files (x86)\Common Files\System\ado\de-DE\msader15.dll.mui
| MD5 | 9619199c8ab7c56074647537e3a623cc |
| SHA1 | c8dc545449ed31c9980de57009a8fb3dce2238ee |
| SHA256 | 7a6aa939762838e97ef90e4aecc918b17edb4c2cb1b10000fb4c8125a1097417 |
| SHA512 | 3300dc49c34ce27d34af218ccaa6b2d22bb87a311770632294bd35622459f8f1fb8675018d22f93d841d4530a6ec8224ff3c87e72ab48e9902414aae718e6a97 |
C:\Program Files (x86)\Common Files\System\msadc\fr-FR\msadcer.dll.mui
| MD5 | da37363a99fa9d41f27a1d78f43e15b1 |
| SHA1 | a5380f2c22822e520f4c9698d33a6a29b4550a28 |
| SHA256 | cb8ff7dd0e9596adcfc4a2d9fe1a026d0e64dec52ac74b4b7b8ad6c3d234a247 |
| SHA512 | 0a964bc66a2a049e88f6ffcc5d497870ca4eb6e9abf8ff8bcf4d06dea8e4f1e40be87400261311582d2a1af38d5902b99f91d4ce3142197aef96e0bb402e31e3 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui
| MD5 | 0f8924fe7c8f4cabe3ef90c33a414d80 |
| SHA1 | 2a885a34760e44ec829c6246376ab611be8537a8 |
| SHA256 | f9b5f4d694d27ac306fa296ccda5720de275610286039b1ed7faf96984c188a5 |
| SHA512 | d238c0f4568194a23a5a6c6441282cb9f042c40594587e420960af121be1974fd48de13cac7fd4f5a4156d31032988164f26f6bb2fe5080fce5e2d6394787c83 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui
| MD5 | 29380f2ac22363e95ac5793bae60f973 |
| SHA1 | 7b05a0b431099a5feac2d87f5d45b0564414e76f |
| SHA256 | f618cd2ae15534f0535c693ea172eb824716f18eb4b05fc39637a43544201931 |
| SHA512 | 726e42e8c7fb8562550c4ed9ed3c340615cc6711e2162f552ae86bd8d0abe1c526acf047ae8856665d875f65484cb9da7928837ee771ae167e515fa0142ab53f |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui
| MD5 | 544004f8f2f347b9c781409ca91f370a |
| SHA1 | ba48a6ef29c65e21789fa5e1b1999a8c417bc5f8 |
| SHA256 | 77598e55304cca092718feb06cd63263f319a6baaebfa3c941f42c18fc25499b |
| SHA512 | 9c796dfd83d9b66d931c33f2899f8952391ebe7c50dc38de3a8ee84173bf3088e992c880d8b214b4b22b89ede5d47db8067f6938bec7072d07350b6a5becd8b8 |
C:\Program Files (x86)\Common Files\System\msadc\ja-JP\msadcer.dll.mui
| MD5 | 3749791c625b0aeb1c9fa8c591549300 |
| SHA1 | 84506a518389463faa05363c999e30e75a6ddb99 |
| SHA256 | ce752cc4076deb8e4996592397cfd95d6e35351673506b01fcb9183c7d6f3eee |
| SHA512 | 21be3683ba7ed1fe277c41081c052deb45bfdee6d29ee3ae938966aa065c60a6eb44146577b856beeff49a17813fcdc6f9e0c7d5172d19d5540d827b5b487c06 |
C:\Program Files (x86)\Common Files\System\msadc\it-IT\msdaprsr.dll.mui
| MD5 | b29d7f9a2d8f53fc888662ec0a5d1c06 |
| SHA1 | 902ff48ca4c2cc85dccf71c979db43079ef0fa69 |
| SHA256 | f43decc88e126701d64c8fef92533fb0436da88d0e58bc66c43eb8ef85f646ad |
| SHA512 | df8a55013d9311d7ab2bf8598d5758ae5a649bd212b24bb39c80032240101cb9d03a0dd25c16132d629c34dfc3b4241ef204a30a26f9747add9df099af724338 |
C:\Program Files (x86)\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui
| MD5 | 09407437577821076a9785a9d6eaf440 |
| SHA1 | dc41d5bcd02bdb33246fdf239d4c3f302dcdc6a2 |
| SHA256 | ca8bd54094e4f10505af1429afcfa5e1b6356b8d2981631bfb2c7f552f7534ea |
| SHA512 | 9f076ee2f0d5ef8ce37dadc335f0dc41a2cd1315dde2775b17dff279bebb77260267582b834664d86cf0068080f3cf2c20d7ece9e0735802c0f391c81174cae8 |
C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui
| MD5 | bb8a8d004cca20cc4e54eff5fa1cc365 |
| SHA1 | 2e718628ed599507767d8527e98792db630c6790 |
| SHA256 | a6b8a8d6da5f2faa1107e27028f6b3685403babf3930d6b3fbfe1116ade3b52f |
| SHA512 | 06f7e1f90bbfd63f0e8d6ccdf80a07f5d079cc811c045afe6800436d4caa181bb48e227b1a0ec75e5a70c9f72082e3793684a9a5ee018086928d30e442b5c2f0 |
C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui
| MD5 | 35db4f0475d67b6a3718b0a154ab8732 |
| SHA1 | e34ee523c014c856315ed9adaf2fd2bf71c955e8 |
| SHA256 | cf284fb51cc5044a4799683951765c607b546a53458f150a8be09cc1624f0900 |
| SHA512 | 945cdc32ce1d690e982189c3375e06c9d68df2982c97ee43d14688afd8ec0b4d0d0e5046f1e0c275e426b6789c2fbb6b9089a7dbf1d8f6ab6b5b8b2b7c90c96b |
C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui
| MD5 | 7c32c6b9525025aa090fc35ef2be2a33 |
| SHA1 | fa7f9a6d2949a614cdae02e206494bdb5e1d6154 |
| SHA256 | 7931aeeae3c7d5af98039fdcdc786b08a26f74fab4b487531a6c4c273055a774 |
| SHA512 | 65c4d211c7ed744d9e6995fc61491604a193d705e7cddff9389c5c0c8cbfc906386065ecd36c1ae05802cc38638b251b2043298629428f6e8d95623afd000ea4 |
C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui
| MD5 | 803216a816f0ffb9c78e45a844e0a007 |
| SHA1 | 69b8b688caa1607706e7ebfa440e114f3c05f670 |
| SHA256 | 297282f33b1646f2628bf710b44a797ab2c659bd575c33edd7de1986ba0f7253 |
| SHA512 | 7ad272c20f36b695f399e558bc52b4ffb539190096e9172dcb6a11700541b3d3c91f7707259696af739ad4cf139e62d328fb3675e409ffe4d0346238da586ee6 |
C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui
| MD5 | da704824f90ede7c83e2e7f7b9414a00 |
| SHA1 | 5a0b0e2926e0817041629cfd88b0009a97d6fd76 |
| SHA256 | 2853376c138e45d8fef2e892e778b2461a6308fcd222b2e51a768bda8a4c9d31 |
| SHA512 | ef444eae52297f33b0531fb2dc94468bfc107c4015579520ff83bfe10a4eda8005b6f6d8987be7c87d12e26e73c2b2d72d75bbf796dadffa0a1b9528a1ab1194 |
C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui
| MD5 | b4f471b64ca9bd56e6136f0f5c686317 |
| SHA1 | 8ecd94e429b50301b82f625677340deb07b2c7e8 |
| SHA256 | 90bb6a110ad7b0433049ae0cd674b2f6a5fbf4f22808173fa21da4af323c074d |
| SHA512 | 34f42838abeffbff71bc22bff1939c45bdc32a99923d4a6bad2e2212e5b198259746275b40b68d6f1ed6f492cde1bc0e1db3a1b597bfe05b26a8bdfd609335a3 |
C:\Program Files (x86)\Common Files\System\Ole DB\en-US\sqloledb.rll.mui
| MD5 | fe4b648e02f27cfc2a57b39f6f9d9cb9 |
| SHA1 | 72dd2d0d7839311fe61a94e4da01114cae138aef |
| SHA256 | 36bfdcb3b74e904fa3a48b89e65d87bc296ae3c456f2e37ceeb11e8383f38c0a |
| SHA512 | 69179dcf60531efdf6acf9ce81a545653f57a3a6627d54b114f360b29e5fe4ee4e4c133aa0d96be43e0f38ba546ceac5c530f3a15507366166c5e0f81623ff29 |
C:\Program Files (x86)\Common Files\System\Ole DB\en-US\oledb32r.dll.mui
| MD5 | 541b01b16f76c69725d3bed0bcec7e2a |
| SHA1 | 79c04c37b1cbf14dfdf28a2830604589c4a252da |
| SHA256 | c72faf16732acd2536d59d3530b3ff77bad68f5bfd7379084be7369e4fb82dde |
| SHA512 | 512139f1991c2877deacdfc898d9ba5fddea3a153a17d81fa1cf6b8e449d23277f0041a535328df39cd66cfe0ab285554bef4ef2279a874ec18171a773b83255 |
C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui
| MD5 | dcb1196d0702797dd2f9c31c5035b574 |
| SHA1 | 2deee5ceed0a96ca64162852677a20056e3b9692 |
| SHA256 | 339d28660c2bd516f818544ed2fdb55bdb9e3dbd62ddb36a50cbdb7eb55bb096 |
| SHA512 | d65f91cda6cb50fcf91d2ba308f8f90941aedcb70df38ab4a0c6f7e3c05c7bc85be7bf152e6b95c1afd10a6e437fd293f47205c39a222a3c8ee15e9ba99cfdb1 |
C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui
| MD5 | 942211a360d1d5a65fc7e1e9cb0ea0d9 |
| SHA1 | 79dc157b6b20652278f69ed1f106b12c2aa10e2a |
| SHA256 | 03ff6f6e3018a988ef0c87ea6297b5429b1bf5dcfcec57cd28ae186de24b270b |
| SHA512 | 2bf057293b363c067f65807d068b23143df3d8fc90b513df6187432eb6224d2d4c7918a51bb03289bac0ddd043903788cb6e58675ba68dbf3b63ae66f33535b8 |
C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui
| MD5 | 17f48efef2bf9f841cf8ca4306df5404 |
| SHA1 | b86c92255bddbcd788a446c86f5182bc15d097ab |
| SHA256 | 56f66f5a6048bed2df7a04ca27a4f34eaf49dfc3c218cfb3532273f53daf0323 |
| SHA512 | 674d1b1b6e9c0217b63c57883143a931e91639249ef987b1102d7e8daa7485a52d9c1f9e12162a79aa813275d7698a2ceee3cb61e24ba7bcc7b2f949b2afbd44 |
C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui
| MD5 | 453e72c8b0dd94e6f3e7a1b1607fe8aa |
| SHA1 | a1a026d6d3bec0c56fc1bc267a789e206684058c |
| SHA256 | f76a067524946602fb2a8c10fbc9f46852c725c3ff98eee93773b322393bea5a |
| SHA512 | 0de352fb80ebcaa5428476b04e7872bcaf4df287c0e6cb305ba4723f8f4abc21adb80cf1a33095740249ace78c331a469ca79d3e953c43b6251130fe8bb671c5 |
C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe
| MD5 | 43846baa3f3203a91f5390859ea0ec6f |
| SHA1 | ff9a2cddfd31f1a647fda7fe9b7de024dcb1982b |
| SHA256 | a6d22147c3adb5297cbd6ad428ff3418ee90b57a2114e35c0cccbe1108824135 |
| SHA512 | d08d570a9018a38df22c2415143998e9647eeddc360ea7d6e4d536411d59446e01961daf827f8bf502d3c05da5910a915d150c60e8f48e599168e5d3340b0769 |
memory/1300-7471-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe
| MD5 | 97de2135350d335f7e212be2b2b59e18 |
| SHA1 | fcc6306580c6002f483dbe325c22ef5a38d2216e |
| SHA256 | 97468a9ee9157c05f1d2490f8b7096ade591400ab04a561b3e880813a78b1460 |
| SHA512 | 34e1a0cc25bf44e5ec7772d737832e8654a03ce35cb8e27c93914f8bdd1899f6d7e4a035f2b0a4219a0935085d67759340bc170ca551968e92cf8812bcbfe167 |
C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe
| MD5 | 541f067e87a702be470cffa28eec6847 |
| SHA1 | 6100dbbfd7b07d0f39d4879c581606b716bd0ae8 |
| SHA256 | 139a1fe27f2292697d05773541d9271103b07e2031c8a915c5b26e98d196ba14 |
| SHA512 | 50b457b9b326b84cad647ed9ab2c7668561b27eccfc3d769e6583520d400e77bb3e9168243930e0529d80ec48d04205488e1d941dd841e4da30131944cfe1eae |
memory/3332-9663-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
| MD5 | 2d86716a6dc39a2ba398ff5662b9de68 |
| SHA1 | 1f53735a13dff7d2e94883f5fe74cae3bf247137 |
| SHA256 | 24e32c2f7420a928c54103b8f9ef2e4a075ddeb9fe7482ce4272fadd23d9feac |
| SHA512 | cce7efbd6de88cd49c4b41af472f0128e811aab98fee8a1fac446351a052f1bf2db8f6391cd3d9e9397f1574ebc6c461927a1133860fb0118f62ada0994da703 |
memory/3332-13000-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
| MD5 | 67cf77c1307e4f93d0391154a7253c39 |
| SHA1 | 845455ba88ba4a061af32f7eee2bbddeb56cd4fa |
| SHA256 | 8fad1cd7cbe56c9bea36e7c7b36c2901c492bb8e8ef1a3f9f00147fb48b05fa3 |
| SHA512 | d57fdfaa5ad3cb400207bea5d1f1f5635709821da7a1d9fb5f5ea600803a57a3fdf4c820cc36d61545476aa6b45164a5b95ce4c780f7dd99c518bd8b5815a547 |
memory/2656-15538-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3332-15539-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3332-15541-0x0000000000400000-0x000000000041B000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-14 13:19
Reported
2024-11-14 13:21
Platform
win7-20240903-en
Max time kernel
122s
Max time network
126s
Command Line
Signatures
Deletes shadow copies
Renames multiple (9105) files with added filename extension
Reads user/profile data of web browsers
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Windows Media Player\WMPMediaSharing.dll | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Windows Media Player\it-IT\wmlaunch.exe.mui | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL002.XML | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14578_.GIF.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_zh_CN.jar | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-crt-stdio-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent.png | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet_3.0.0.v201112011016.jar.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Americana.css | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00175_.GIF.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgzm.exe.mui | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\vlc.mo.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\currency.js | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MUOPTIN.DLL | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Jamaica | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hardware Tracker.fdt | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\splashscreen.dll.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01236U.BMP.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PROOF\MSSP7FR.LEX.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\settings.css | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02214_.GIF.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\Students.accdt | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\MSB1XTOR.DLL.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341738.JPG.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGCINFO.XML | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\MLA.XSL | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\highDpiImageSwap.js | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BS00224_.WMF | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Windows Media Player\Media Renderer\DMR_48.png | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0216570.WMF.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341448.JPG | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA00538_.WMF | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13 | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Windows Journal\it-IT\Journal.exe.mui | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\mscss7cm_fr.dub | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Mail\fr-FR\WinMail.exe.mui | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0252629.WMF.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\ApothecaryMergeLetter.dotx | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpsychedelic_plugin.dll | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\GRAPH.ICO.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL090.XML | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Couture.thmx | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\OUTLWVW.DLL.IDX_DLL.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\VOLTAGE.WAV | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\security\java.policy.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nn.txt | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\OLKIRM.XML.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR35F.GIF | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\Windows Media Player\ja-JP\wmpnetwk.exe.mui | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\codec\libaribsub_plugin.dll.EMAIL=[[email protected]]ID=[0A6172B017F62EAA].biobio | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\misc\libaudioscrobbler_plugin.dll | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR48F.GIF | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe
"C:\Users\Admin\AppData\Local\Temp\0A6172B017F62EAA.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssadmin.exe
vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssadmin.exe
vssadmin.exe delete shadows /all /quiet
Network
Files
C:\ProgramData\biobio ransmoware.txt
| MD5 | a7cf708d497dd6e922f91d33d14f7600 |
| SHA1 | 5e4f3f5817004eeaf4bc14a0168d86ed7fcdf6d4 |
| SHA256 | 20a5f1f3bb4614433712df1ffc67273465e766191502b8e932321f1f24fea65d |
| SHA512 | d27a32dfcc0835879ed45e221e9857c1165de03a859980f0e29ecd6d5877d832577f7d6b584aa96e24caf7ab7652387d713ef2293412bd10b6b65567ed0bcd42 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-14 13:19
Reported
2024-11-14 13:21
Platform
win7-20240903-en
Max time kernel
122s
Max time network
127s
Command Line
Signatures
Deletes shadow copies
Renames multiple (9123) files with added filename extension
Reads user/profile data of web browsers
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18249_.WMF | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14871_.GIF.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_ja.jar | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Settings.zip | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\codec\libaribsub_plugin.dll | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107708.WMF.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\WINWORD.DEV_COL.HXT | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14755_.GIF.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\gadget.xml | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\search_background.png | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_ja.jar.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSSOAP30.DLL | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BS00439_.WMF | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\THMBNAIL.PNG.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT-4.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Eirunepe | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\utilityfunctions.js | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGMN107.XML.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_ja.jar.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Austin.thmx.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\FD02075_.WMF.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0215210.WMF.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE03513_.WMF.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\CERT98SP.POC.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\FD02141_.WMF.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH01058_.WMF.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10268_.GIF | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\REMOTE.CFG.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\mset7fr.kic | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0292248.WMF.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\RE00006_.WMF | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LEVEL\LEVEL.ELM | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18213_.WMF | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hu.txt | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0157995.WMF.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\Tulip.jpg | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\FreeCell\ja-JP\FreeCell.exe.mui | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0105974.WMF.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\MSSOAPR3.DLL | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\QuickStyles\Distinctive.dotx.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\meta\reader\filename.luac.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO02028_.WMF | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEREP.DLL.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PARNT_09.MID.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143746.GIF | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15272_.GIF | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AN01545_.WMF.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107750.WMF.EMAIL=[[email protected]]ID=[2891E1D4BAC70EBA].biobio | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe
"C:\Users\Admin\AppData\Local\Temp\2891E1D4BAC70EBA.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssadmin.exe
vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssadmin.exe
vssadmin.exe delete shadows /all /quiet
Network
Files
C:\ProgramData\biobio ransmoware.txt
| MD5 | 91fa1053207971e936e6bbad0c7e8c27 |
| SHA1 | 61a6300d327ae6eb276c6143f65a58c8f269a67e |
| SHA256 | f26d98cae64be561f1260f5cd1c2974a6dce9ffca484461b985ae1107198848d |
| SHA512 | b2794993d695cb6950eaa65eecd44dfd4f8ee297dfbd0ef26532fa9f60639c466bacd18e557798e3e28535f4812f1e928bd4862d6bc39a3f014465836d88b832 |
Analysis: behavioral7
Detonation Overview
Submitted
2024-11-14 13:19
Reported
2024-11-14 13:21
Platform
win7-20240903-en
Max time kernel
120s
Max time network
127s
Command Line
Signatures
Deletes shadow copies
Renames multiple (9108) files with added filename extension
Reads user/profile data of web browsers
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Couture.xml | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\flyout.html | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\SCNPST32.DLL.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\t2k.dll.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0297759.WMF.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgaussianblur_plugin.dll.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143758.GIF | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Algiers.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\css\settings.css | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-applemenu.jar | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\attention.gif | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\notificationserver.dll.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE01661_.WMF | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE03451_.WMF | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\PICTPH.POC.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libheadphone_channel_mixer_plugin.dll | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PROFILE\PROFILE.INF | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME13.CSS | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_ja.jar.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\de-DE\Sidebar.exe.mui | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\icon.png | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18193_.WMF.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Fancy\SPACER.GIF | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Windows Mail\de-DE\msoeres.dll.mui | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD01772_.WMF.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0177806.JPG.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02740U.BMP.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\GROOVE_COL.HXC | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\gadget.xml | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\Grid.eftx.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\JOURNAL\JOURNAL.ELM | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsMacroTemplate.html.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\images\bing.ico | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\GIFT.XML | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\ChkrRes.dll.mui.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsHomePageStyle.css | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\button.gif.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\drag.png | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\NotifierCloseButton.jpg.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File created | C:\Program Files\Common Files\System\msadc\ja-JP\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\EScript.api | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\1033\MCABOUT.HTM | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_ja.jar | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0152560.WMF.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\MSPUB_COL.HXT.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14533_.GIF | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe
"C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssadmin.exe
vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssadmin.exe
vssadmin.exe delete shadows /all /quiet
Network
Files
C:\ProgramData\biobio ransmoware.txt
| MD5 | 9dd4c0412b91c85abdcd4925e5a10577 |
| SHA1 | f34a9a8a866d410d03bb26a13652c0754658d40c |
| SHA256 | b05da8fb81352f7f573a1f010068cf0346ff8bc370fe14ecef1da1805bbc3138 |
| SHA512 | deb3f6bd3a982cd5396de1239c2b7d63a6640608c9a9749495ad9c19bfe863106a153550d3535a7ca938cf6c756511df026ca9cc9a4b8d52424b222e69adaadc |
Analysis: behavioral12
Detonation Overview
Submitted
2024-11-14 13:19
Reported
2024-11-14 13:21
Platform
win10v2004-20241007-en
Max time kernel
122s
Max time network
151s
Command Line
Signatures
Deletes shadow copies
Renames multiple (11259) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
Reads user/profile data of web browsers
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\he-il\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\pt-br\PlayStore_icon.svg.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ScreenSketchSquare71x71Logo.scale-125_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-72_altform-unplated.png | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\msipc.dll | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\BeLike.ps1.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\root\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.log.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.YourPhone_2019.430.2026.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\legal\jdk\dom.md | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL022.XML | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\ar-ae\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-100_8wekyb3d8bbwe\images\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\nb-no\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Buffers.dll | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\server\jvm.dll | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-100.png | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-80_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\es\Microsoft.PackageManagement.MetaProvider.PowerShell.resources.dll.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-125_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\uk-ua\ui-strings.js.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.scale-100.png | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Yahoo-Light.scale-200.png | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\System\msadc\en-US\msaddsr.dll.mui | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Resources\RetailDemo\strings\en-us\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Media Player\fr-FR\mpvis.dll.mui | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\offsym.ttf | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Scientific.targetsize-24_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NameResolution.dll.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxWideTile.scale-100.png | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sk-SK\View3d\3DViewerProductDescription-universal.xml | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_download_18.svg | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.ComponentModel.EventBasedAsync.dll | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\avutil-56_ms.dll | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteSmallTile.scale-150.png | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-180.png | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-72_altform-unplated.png | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\assets\assets\images\assets_picker-account-addPerson-48.png | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\iw_get.svg.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ICE\PREVIEW.GIF | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\History.txt.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\WideTile.scale-200_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\ucrtbase.dll | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.scale-200.png | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\zip.dll.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\tr-tr\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mr.txt | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\resources.pri | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-32.png | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-black\WideTile.scale-125_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\zh-tw\ui-strings.js.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-ul-oob.xrm-ms.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_Safety_NoObjects.jpg | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\en-gb\ui-strings.js.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ppd.xrm-ms.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File created | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\close_dark.svg.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\nl-nl\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-oob.xrm-ms.EMAIL=[[email protected]]ID=[CC3B1F89FAA517E4].biobio | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosLogoExtensions.targetsize-24.png | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1560 wrote to memory of 3992 | N/A | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | C:\Windows\System32\cmd.exe |
| PID 1560 wrote to memory of 3992 | N/A | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | C:\Windows\System32\cmd.exe |
| PID 3992 wrote to memory of 5008 | N/A | C:\Windows\System32\cmd.exe | C:\Windows\system32\vssadmin.exe |
| PID 3992 wrote to memory of 5008 | N/A | C:\Windows\System32\cmd.exe | C:\Windows\system32\vssadmin.exe |
| PID 1560 wrote to memory of 3504 | N/A | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | C:\Windows\System32\cmd.exe |
| PID 1560 wrote to memory of 3504 | N/A | C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe | C:\Windows\System32\cmd.exe |
| PID 3504 wrote to memory of 3992 | N/A | C:\Windows\System32\cmd.exe | C:\Windows\system32\vssadmin.exe |
| PID 3504 wrote to memory of 3992 | N/A | C:\Windows\System32\cmd.exe | C:\Windows\system32\vssadmin.exe |
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe
"C:\Users\Admin\AppData\Local\Temp\CC3B1F89FAA517E4.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssadmin.exe
vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssadmin.exe
vssadmin.exe delete shadows /all /quiet
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
C:\ProgramData\biobio ransmoware.txt
| MD5 | 35e12534b477dbbc950008d0b9e48b2f |
| SHA1 | 8c8915df37f9345ccdf65df19401955a666adabd |
| SHA256 | e296f4114f97cd3dfbbe03ea3ffbeb2d53578a417c9e9d02c6f6ac850b96c85c |
| SHA512 | 4842b68f65b5399cff2235d00e84976bd95a56fb739d3dadee451a1fc8469fb2941ba3f899c59a2dcaff4766585bdab19e9344d44adbb85c5c7302dc865b6fab |
C:\Program Files (x86)\Internet Explorer\de-DE\iexplore.exe.mui
| MD5 | cd00a4bb635628661241ba51c4098ca5 |
| SHA1 | 4141d88b79850fac30705553af8770eb8ba8d634 |
| SHA256 | d04331caf9dafc3fe835cb3cee5f34a6135dea77ab23cd2e5a77d564dafc6c84 |
| SHA512 | ccd946489267e4e71598e055fd1502c20f03f759aaf9a7ce7e4c89c2b0b72dd1debb81927ce370932fa1d41a733d8af9ea3ee0176dd4363f6df59c89c9e4f917 |
C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
| MD5 | ee0e44effa15f1592a49a6ab068d4b56 |
| SHA1 | 43da26922d9420fde3608f1096d6be345800f67b |
| SHA256 | bdd0191bf4613d8b7edcfabf7cc18e0213db5496fa003517d37c8c506e254cf1 |
| SHA512 | c36cd0e017d2648c1bc50cfe5b5219ce04959bae5e2387f95a8e33c2ce4c38582c8129b4a41ccc9fd3b030a78c01d68f7bb1c3b9ddc69e9d18c5710b446fa62c |
C:\Program Files (x86)\Internet Explorer\es-ES\iexplore.exe.mui
| MD5 | dc414391cfe3eedf1e04c9afd55edcb4 |
| SHA1 | 1c0350d89fc0bc7a433c9568e7d652045a32afae |
| SHA256 | 69024e51122b85fe4877ee69c287880c24918d2a313efe5e38461e02ec476c66 |
| SHA512 | 04e8dbdf9ba05a446277c980b7cc77aa6a7387ab9169964fdcdd2950d73ca045ea2145e3a95e7e84c959b261a15901fb192dc85dd67cd09d1b259d6d12114f0e |
C:\Program Files (x86)\Internet Explorer\fr-FR\iexplore.exe.mui
| MD5 | 7a7f503b2a8b185d2d2f25dd422ada09 |
| SHA1 | bf22290218542c7a44557241afe5fd9372bfd4f5 |
| SHA256 | 09cef35ec3c9a8467c68af7b39516318528a1cb3dbb44ba9df52aecaa3da95d8 |
| SHA512 | 29511d01eebd10a47bb74ae2e0f7ed110ea5b993fd5fafc2a6933cd7fc792bd7a842933899012f55b4c0be6e4132ef2a3fa99aa57809e146a376c2f30dc0eab1 |
C:\Program Files (x86)\Internet Explorer\it-IT\iexplore.exe.mui
| MD5 | 25eb36b2b04948c1a274d27332896e29 |
| SHA1 | 74274e70fb4efaf4a1d53cd7c4ab0127fa964c5d |
| SHA256 | f9415d7fc568a2b4f0a6dc2a4d3a02676f754f515bf2ee9913926eb2725bb162 |
| SHA512 | 2fcb5dd24961c62bf2ed6662daa84e4e6ff13b7992f9031e71d4827287269019b8f36177573fb6a2bb75dcc5bb14eead53f1107e6c83ad6c4e7cdad33ff38029 |
C:\Program Files (x86)\Internet Explorer\ja-JP\iexplore.exe.mui
| MD5 | 341753a668bd6cb768d29536c4992e4d |
| SHA1 | 6dfb97c5caefa4201063b05efa16d41764f2429e |
| SHA256 | 7f037a2324f10f7226678de17b98b156106af4a584e97e28884462ede9c81274 |
| SHA512 | d9368315b07dd0d1e6b314260b31072856c4bac8d5b6ea3dcbfa5fd6e5c7c05113e7cd819ddb5b124be84ead0026c2eb421938a41b82f8e169d7e050fc3cbaee |
C:\Program Files (x86)\Internet Explorer\uk-UA\iexplore.exe.mui
| MD5 | 6ca8126760c27362fd66328ed9aee4ef |
| SHA1 | d7a561dddeefce6c1b6647715ae6ed576a37c430 |
| SHA256 | 413e8cc0ed2ac9f53997201375a1297e34aed6bcf778035d2f54e24dae38e963 |
| SHA512 | ce5fc1ae4d0b54058d6b38c49a5a38c41418eb6035b9ecc25356ac86b0b23daaefca1c20a529e3da11bb75c888dbe723ec7205c3700c733bfd5ec58785c538da |
C:\Program Files (x86)\Windows Defender\es-ES\MpAsDesc.dll.mui
| MD5 | d19db38a51b8a764580a21aae9667179 |
| SHA1 | 89b9b2debac5037d222feb854030b7ae205f1e3c |
| SHA256 | c0686e4e75ea40cfc86d585876649b8bc86a90ac023ce5342b0c5d3fe5704db6 |
| SHA512 | b47feaeb78ba6a9cb9251f4668817f0359f65d01bae1b8e444b8aa0adae3c6c8ebd9e6fcb92630c644bbee50b56c88dfcd35121812ad56784fa2dfe41b124ea0 |
C:\Program Files (x86)\Windows Defender\es-ES\EppManifest.dll.mui
| MD5 | 0225904dcafb6bf9e725c5d2569aaed2 |
| SHA1 | c8c4c12ac46c207600c9d95264f7ed833cd1f878 |
| SHA256 | 42e0a909cf765235e8db1755ca080b925dd9850b22f2a4a062297bba9c1f63e4 |
| SHA512 | af9b8fd35fc00628058cedc280e972dc10381648e82a5f715d6a52ad709ea17cdf955e4f9efc5335c3314f865e70c9d4dded14d293249c555883de6058ed85d6 |
C:\Program Files (x86)\Windows Defender\de-DE\MpAsDesc.dll.mui
| MD5 | 580f0735768c934b1cb7bb4c27afb844 |
| SHA1 | 55b793f49996b4c6addc9c7ca1b298390a70d480 |
| SHA256 | d45a9f356e363fb42a25e51af3aebc4a0a50fb6362cf2f4534847d14f5ad8c38 |
| SHA512 | 5c9f4b187a004ab9358a829bb7c01645cea348e02f892c204564436a491d828d991244aabbb919b29224d898a71d0311028156c81c631583118c2d1b0b3893b9 |
C:\Program Files (x86)\Windows Defender\de-DE\EppManifest.dll.mui
| MD5 | 08f9e414f860af8a7312d15b2c8a49f0 |
| SHA1 | 332182bef946c223ef93ae25df921e8c60e059a3 |
| SHA256 | 3f9363bf00c3fbc7058fbc43fa053110e4a3e662f6d65943556feda074cded98 |
| SHA512 | 2c0e3cf07b1ec309d290c60c47b7a05d9b5f769c1a9296657c383e0b7d63ef7d69ad7c5eb634baf42769196b49cf7c756b6b0579a1d586be6cf138a418549a6c |
C:\Program Files (x86)\Windows Defender\fr-FR\EppManifest.dll.mui
| MD5 | cc267f607ecdb52aff2f124093cba796 |
| SHA1 | 5dba9cb26fac8a1ca76e1f0e93cc0500082a6ea1 |
| SHA256 | 78716f3d5a461af56c722d6bc06b75f48c9596a6958e7484c1cd9ea8663e3e45 |
| SHA512 | 3da37b85c466ef1f083215374a7b5b9f9fa1d378854ff21f516aaaaf6641aa0caa56f58208ea1037f166bac0e7da00c1f5c6a54ba85dc97d4f572a4ec3a96263 |
C:\Program Files (x86)\Windows Defender\fr-FR\MpAsDesc.dll.mui
| MD5 | c92a956596c5838e9f40e5640082bb5c |
| SHA1 | bff0a3c71fd482cc89bc449cb53bbb1fb2bced01 |
| SHA256 | a8cd047e42d21bccc9f8da51b29af2520aaa61ebf71fdfc4a978424e6180a138 |
| SHA512 | e4824bb86d1f00feaf3d6e2be56e6a8557e8ea173ed6303a866493076f5beef58aea7f3c1af9d4e76a3237333824f4da8a4ee2d4e2546c484205330b093b46f5 |
C:\Program Files (x86)\Windows Defender\it-IT\EppManifest.dll.mui
| MD5 | 16960a97c2a1683878947fec392b768d |
| SHA1 | f62974ef1e553a284498b542db7bd11c7ce94334 |
| SHA256 | e28790c105da9675545914271e3f8728eddf8546c8a7bee93601284d5abc9c19 |
| SHA512 | 4ac046f0d9667e36a300806435c27aba605f95488e69ffab4367395060cdaefe192d643074949ec9b34d2e6c8f06053b835199ccdc637a4f5b6836a619684bdc |
C:\Program Files (x86)\Windows Defender\it-IT\MpAsDesc.dll.mui
| MD5 | 5b61d1a637b7393e62373ae634352201 |
| SHA1 | e59ded37a33e5aa3a36167311eda05bd0a5ff9c3 |
| SHA256 | e261a82ab5242b10af36ec5bd64ef983a1c022905b7df40afe731277c4ee8fd1 |
| SHA512 | 4f1024f1f5a565bfa210784228e1c7b7bb10b38f2d02e53b94df2931bab49717eccab3524c22881074e1485c5502bc06136f6c1107e7173684e63dabb4ef4fd3 |
C:\Program Files (x86)\Windows Defender\ja-JP\EppManifest.dll.mui
| MD5 | 183953a8591a4aa7ad95b23560ed4bdf |
| SHA1 | a893cb7714719e0f53cdee0e940388a0331b2fa0 |
| SHA256 | 8dd73ff451ee797717f1f98f8645f6648d517dfd9bf16d34edf989466696782f |
| SHA512 | b680a42a530568e65a67d78ea673c420010821f65d62e17a408c8081e3170a7d89c832a7eb8bd648bb7f3c261c76aff945405c7387d7bfbc4ba0384de8ff1abc |
C:\Program Files (x86)\Windows Defender\ja-JP\MpAsDesc.dll.mui
| MD5 | 750e8bc153a60e3fe591f17a3823dadf |
| SHA1 | 13e9c2c747cacdfcebe2ae8d630e57c936ec6a54 |
| SHA256 | 7ba9698458d9028e277f8038f7039426b0766317c840b194fa378566856baed9 |
| SHA512 | d4be637277845d9b0a2f133d5f134274e49dbeb17a0b607cde745b29634c6c60cfd49110f72e81f5ceacbda11edca3dec23aca98039bda344f94949a6b64e7fd |
C:\Program Files (x86)\Windows Defender\uk-UA\EppManifest.dll.mui
| MD5 | db808b6cf6d3cbb4f3dd55f7d9ec8456 |
| SHA1 | cae19f40fe3141a6c4d31473c871f31075a4db36 |
| SHA256 | d1d1d3b47cbf1606f358278c2c96201f6b254da86195089abf3fe96742e86361 |
| SHA512 | 25c5e03e890e98e5c92c94f1382a61aaa335ff93a1018ec527ee21e265f61d9a0b621ccf9d9f7b9a50b3a3afbc313483f99352fb41874c70771e5c464decaa3b |
C:\Program Files (x86)\Windows Defender\uk-UA\MpAsDesc.dll.mui
| MD5 | f1c09f1a28e352d64f69afc40b9595af |
| SHA1 | a7cfbf0f639619fcc58add8c5615356cd836817e |
| SHA256 | b9d38c6bcd2761b42ce566da6b435545729cee3208bd6db804b59003cd7412ba |
| SHA512 | a9290fafe9006ce075320bbdcd1c60194800620516af101b651e88c217003056f054e7d8e1907eb684c1d2a23ca8f529fd948b732858dabbdea3c5b0ff5a4686 |
C:\Program Files (x86)\Windows Media Player\de-DE\wmpnssui.dll.mui
| MD5 | 266f9ee4070dcee4739a779ac148fd95 |
| SHA1 | 1a0bfc7eb97f12faad9cdd5dc8a68e31b489dc2b |
| SHA256 | 09d8c99cacfce9ff1b457aa2e56a171508451ff6be82befaf2e744ae3bddab60 |
| SHA512 | 592cdcc6c4a28ee62af585336dd24669d5ebb06392de8c75c6004523274aad43cec5dcdb605b5917fd51a82d3c0f05537127e74675cafd669def1e1d042876a8 |
C:\Program Files (x86)\Windows Media Player\de-DE\wmpnssci.dll.mui
| MD5 | bf0bc74a63234d2095d81f5b23cd5b25 |
| SHA1 | 41f938e2ba417c004c279b78c57eb71a58da445b |
| SHA256 | e343fb28d4a4d51c9d63b3855879e92463b32ff74b73001eec2df49b4668c302 |
| SHA512 | ea85f866ed62baa191c0e6108ea2836fbd3da91252ef556071e68e6f51387144d9c0f0075bac2e139a30fd089b98b896234b2a138f18ff39033f218cf40b7bd4 |
C:\Program Files (x86)\Windows Media Player\de-DE\WMPMediaSharing.dll.mui
| MD5 | b452d804f89f6511d9b11ed8c1d27398 |
| SHA1 | 13364a07e7e2a5fb6acedb97a7171cbd9c0b87c2 |
| SHA256 | 0a464e62f8516fe5f01fd19ed5ecb663e5d4d8913b4569ffffb1c8767a49d450 |
| SHA512 | dc4e3220f3b7fe004858533d361b9163e2207bd16913e493f84ff5c7df14a2eea411b3d84871806d94be0ff40ed7b7e428427b56389a1416cf56dd05f660948c |
C:\Program Files (x86)\Windows Media Player\de-DE\wmplayer.exe.mui
| MD5 | 81c594d5475d0bb59da8fca84c916007 |
| SHA1 | 115fc6dd31d55c8d10e236144b2c5634ca79cf2e |
| SHA256 | 1f42868c6f5620a1338510103595b67f8fe1476ce4d46ac74b0eb6937ac03f32 |
| SHA512 | 46d2ea3fed4fb72aa205f94f20667bce5d30a9994acac8b877ea4eaeef24885fd137c05404f5e146b65292035db0a8a07e032f3a3d62285fa0095cc3f42a4e20 |
C:\Program Files (x86)\Windows Media Player\de-DE\wmlaunch.exe.mui
| MD5 | 0101cb03a31790e5138e8d4422b16e89 |
| SHA1 | 16f380b507068e2ac9364d4e2fce2b5e1ad28ece |
| SHA256 | 248365c11673d32dd767f0784841397690c57e6334515f0fc6cc6f6902512d77 |
| SHA512 | b32e0e1ea215c5a72e0219da41d60301c4ceb6f3d8b29e3bc178bab6ea6724a8b25b544bcff8361de710528b40cd3b699ce2dbc8a98bd14fc905674d1894d5bd |
C:\Program Files (x86)\Windows Media Player\de-DE\setup_wm.exe.mui
| MD5 | e122e42af60a6b24b80a75be136dad7a |
| SHA1 | eacf502148e284e1ab162ac9a9535aa1d66b458e |
| SHA256 | b232cd80739607a5b93eb7c146102e4afe2c048ed71c7a954790bb5658fb342d |
| SHA512 | b11de758e424dd151ad14724c28a1fc14eb041ed5ceafee36b9ca462c18c7683db0c735d4795478ee992c05b185936fddab93772293fbb94cbd280b1fe2e3261 |
C:\Program Files (x86)\Windows Media Player\de-DE\mpvis.dll.mui
| MD5 | f68b3520821feed91b30247ca3f3bdc0 |
| SHA1 | fe4ed0fdb260bebc679a64636fb5d05e22acfdd6 |
| SHA256 | c2293314cecd6968af885fe973ba411dde4b724ea4914678a711690c7cf562e5 |
| SHA512 | d616a1d5b14bf1e703a2b86570f3fc08e3faa4de363febcba0df715a50fb907b55c350a46434f6c65cfd50e8dd68dd83c08f37e10d119607c9a791dd6ef7b24c |
C:\Program Files (x86)\Windows Media Player\en-US\mpvis.dll.mui
| MD5 | f8c00a1b650ae3fdf4cb4dea0222b856 |
| SHA1 | 0436d2d52fa712b2fed40a31e751d51762a79819 |
| SHA256 | 7ee28e0246bdb0146c50a164c7b4fb7bdb49e61c08c1912cdd949ccd37e9bd09 |
| SHA512 | 2e8fb0bf90ddcf36d3772393fe9b8c66e124e3852afd480480b615b82866a02e329f93570a7c1a9f4dcea9c38ec77a04af1d4ab7d6833e4b1bedf4d154281110 |
C:\Program Files (x86)\Windows Media Player\en-US\setup_wm.exe.mui
| MD5 | ade5e922b6e1feeb8fb2fac31a5eafa4 |
| SHA1 | 70f072dfe49822a72a043659490186cc319a3a3a |
| SHA256 | 4125074221bba65c0a39990dbd7109e0b39af674f148f0615b0d4da5253a04a3 |
| SHA512 | 206d79d82669493d906db8d70fbb374a70c1f8a2b498c20a7f57ea9852f487ac6f1e1f9b4faaa797c3385b3b662ff528dd590f844ea616d2429830455d09e94a |
C:\Program Files (x86)\Windows Media Player\en-US\wmpnssui.dll.mui
| MD5 | 865ca799136ee3de487925c55866b7de |
| SHA1 | a95b3e00975295742f1d4083748038cd746f432e |
| SHA256 | c0eae566c272e4734a0000a33c1c7834721ee92dad1dfd93c13400837d462c70 |
| SHA512 | 5e77b6512e47b77237cffb12ed50e6e7fab610aa63ee02a52c8be52f706826b3d4ffc72f10927e70ff5666218b0842fe7fed8ad5d7956150c6afbc518fe18555 |
C:\Program Files (x86)\Windows Media Player\fr-FR\mpvis.dll.mui
| MD5 | f933a3a76ead7d2eb6d497c6d97e3822 |
| SHA1 | ec17f878409ebcb748d474a702e8575c686d8f80 |
| SHA256 | 47e71be8aac1e28b747d433bfd2fc9a9ccab59f43e515dc6ee1d2537258a9561 |
| SHA512 | 7f5470181e72de30bb0f1dd9c5ee2e79ec3c12352bc54618876e978bbc5819624e91912ad552daf876f3134cd3bf03084edbd00021c8d9b4e8245e27ca4f37cd |
C:\Program Files (x86)\Windows Media Player\es-ES\wmpnssui.dll.mui
| MD5 | 676bc58a79761583cd8a73843b818b1f |
| SHA1 | f01718a168bbffea8244aa96e36bd0eb9ed5a7c7 |
| SHA256 | 2bd44d2cfa4cc62623bdbd87b57b4f162142411d7cde2fd69826e43cb1ebd1e5 |
| SHA512 | 9df7632565cd275b9f26626a0e26ff03e97efa40f6fac824097dbb9ff3ccc06de553806824aa2b44202f18e18c2180a2f2634b3b08fa902aa8674024074934d8 |
C:\Program Files (x86)\Windows Media Player\fr-FR\wmpnssui.dll.mui
| MD5 | 323305e742b1a3accb8980bc0ddee26f |
| SHA1 | 6e909969261489745db0b5c0d23df1c3f2d22bf8 |
| SHA256 | 5fa193dfb3b4f68a0dbd95478474a6edfb75b0706dc77aea0710f117eade213e |
| SHA512 | 8663cb1f15ace6376c6086c451aa0ea048b818100e90c2912923ddf567be58e9ef5fba486775a322813c6b5d76f92014bd3d3972df6a299764a294e2582a0db2 |
C:\Program Files (x86)\Windows Media Player\fr-FR\wmpnssci.dll.mui
| MD5 | 42642007d1b3aaec6d1e4c3c09ef7129 |
| SHA1 | 51854f1b38c4e0ef4e3b3d5bc12bea764a3224b0 |
| SHA256 | 96dea471b93863db7ef049f13571ffb3eaf1ea3e577580ce5d129f7a4761fa36 |
| SHA512 | 5f7184860dcdc51fc6997b34ca85636cc3f598618711755d3171a34d61ca601d0fc9eba67765f46aa578155f8534a20fc32671c5fbb62fb6bcd3580a720ee9a2 |
C:\Program Files (x86)\Windows Media Player\fr-FR\WMPMediaSharing.dll.mui
| MD5 | 6ab409707d506782976fa387d3444e4d |
| SHA1 | c37d48caf8cabf79dda5a9541eb43019ab4b62e0 |
| SHA256 | fab6ad0b1e071b688122874ef58914d65398540941f80fccd08e12220cc9253c |
| SHA512 | 022c192aa40732a4eee188556e6a8d26ef875596d11d20a2b8aae6fcf1b000cb1a77b7ad7c445fdfb8a116df710294e8708965340c0f54a36d5da41ccc01076f |
C:\Program Files (x86)\Windows Media Player\fr-FR\wmplayer.exe.mui
| MD5 | 874e5bc571313194820c21a2fc64fe26 |
| SHA1 | 6c4e0d6bbb2e88e392025df9f111faf3f6b38b5c |
| SHA256 | c83ba0de19f0351d4828a7650c9e5d878f2211db4f146b307b0f65a09e4a7142 |
| SHA512 | 7ea4a79a0a33705ffb334cf6a1f0a3550ae563e694fec3f45e59aff0ecc0fe418d8700311c9d3e4da0c497a373c7f0f2c8f1a4a3daec4105b14e19e46c63b2eb |
C:\Program Files (x86)\Windows Media Player\fr-FR\wmlaunch.exe.mui
| MD5 | aab62cc74e63c5575540e6141f88577c |
| SHA1 | 730c95bbbebf107a7a8e8dc5d751e9049842cb4b |
| SHA256 | ab1a89f873ef5ecc55d9b6ed00f945606dfba4f60feb6ca8924df3a6d5b333c3 |
| SHA512 | e0cfb47840715fc35414470f060bc6d38a37b5b5aa2b647eafb97e7a66d4183b1ff8751e7edc9fa124e37c31fa0f633c2889ceaf8085f449145523cc3edf1903 |
C:\Program Files (x86)\Windows Media Player\it-IT\WMPMediaSharing.dll.mui
| MD5 | 32cdd2d33a79538592c69bb87df112eb |
| SHA1 | 26db5ea890698633561c4a8f8ce24a1f37ccd064 |
| SHA256 | 8443263831a33f7815a0017d9e5db23736528d485d576e4f060f1cdd8901fd09 |
| SHA512 | d44764ba9a2bdee6810214e8efd744b63dacfe615fad437791dfeb7750da1dfc1b6098ebdeac14fb6d6cc4109971caa38099289ead560cb404af060066e396e9 |
C:\Program Files (x86)\Windows Media Player\ja-JP\mpvis.dll.mui
| MD5 | 9f5a7de274f6a27458e3cd75375bc30b |
| SHA1 | 94af04e7200fb705c4109ba386b4e2af9aae4f1e |
| SHA256 | 4fd769d748d2267c3588cf54a7ce9e41db3e982ffeb26eeef47f3c9b53c4172a |
| SHA512 | cdea97a47d991b27e7a803a8f84f1c013d1f44cc2f5acd08b272a0f916dfaea0899b83ec23c86dae393afa767966bf52b2be5d7ba9f8502c338d41279411bb9c |
C:\Program Files (x86)\Windows Media Player\ja-JP\wmpnssui.dll.mui
| MD5 | 491bcba32abe3120587f1f1a9065d04a |
| SHA1 | ab90f7758917ab13b3b8aa60dc09451f0ddb5db5 |
| SHA256 | 6fad22b69bf2b4de4bb7fb0f3f6eed58c505d71d7b60d5d57354b0d286356e20 |
| SHA512 | fcd96ff8abae766da0d21f749bfa9234184459699a24564139672fa99bead39061c06df8e40921cd07a0792a833226d626662d0fda8d20428d7df0e15e478991 |
C:\Program Files (x86)\Windows Media Player\ja-JP\wmpnssci.dll.mui
| MD5 | 188f122dc20cf651eb4a951a20f62651 |
| SHA1 | 09882b45c861e8d9b39b77f279150403444bab39 |
| SHA256 | 6e223df1fd8bd9cfa8f49343daf7a261a697aa24c41172e6d90498388e261df8 |
| SHA512 | d694d9972c33727b797520ce25ce0ab6287cbe0c82a0421e03018471fc4eb68cf23c3346ae98e9c7e7d6a152172ddf385ff2c01851014c6667b619bd5e6528ef |
C:\Program Files (x86)\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui
| MD5 | 52a84c3d46c4f6b19c8bfc95ee797e25 |
| SHA1 | 6b84e53449fcc7d71fb48bda8d2a50fb82e3ac50 |
| SHA256 | a328b45838066d1d89ef7614c6ca1aff62b00482eef4cea221865a71c1ebc500 |
| SHA512 | fbd406533e5863485892b2bb91e20a9dbd2358f09c2a76216b7e887fa4ec0e56714dfe18b793999383499e14fb3272a61ccfad0c5a8a9369fc4ec7da2096e588 |
C:\Program Files (x86)\Windows Media Player\ja-JP\wmplayer.exe.mui
| MD5 | fbdf635f8824e7279b48f201cebf05b7 |
| SHA1 | fd8695c80c6637dfb8cd802a9efa43bcc1a7f9ab |
| SHA256 | 7e98c35d0aa78393ce9e083c6d3a53a603bedfad41e90b5e4f868dc3f0c33cf2 |
| SHA512 | a0f96f3c0689cb43745e5f710a722f0a3183940f2d8a75e7454c55808e7f57504f6ecc8c3993af76c45235dfe1d9575fa6ccd3ad49492de31d69e8df681c255a |
C:\Program Files (x86)\Windows Media Player\ja-JP\wmlaunch.exe.mui
| MD5 | f99d21284eeb846cdb6e0a06da87cb35 |
| SHA1 | c00ab7116699ebb2ba5baaafb89782cfe940ec9e |
| SHA256 | 89bd63de058cb2f580f59f5f646e53e23a313f08281b7827cc1ab7b7b883ebd4 |
| SHA512 | e53be70f0d6aa79b367c96455e7dd869ef4061ee3059ea35b1a7c6e56db9a8284186fcf9ada0d23d0b4b9b7a0475d91fa36327621bdff2a4a01b906fe5eb4a86 |
C:\Program Files (x86)\Windows Media Player\ja-JP\setup_wm.exe.mui
| MD5 | b7d61f1b6ba587a3d9147c586ff95174 |
| SHA1 | e77a5bf29a5f2564cb4280e1cf975a1e73feefcd |
| SHA256 | 23b1556d81de627b139a7ac2780859e10fcdc2c7cdeffbb23c15407a9ce4c676 |
| SHA512 | 021c04f565cb9f07bcf452b5d83477c9e3d402fb9b2de1b474673e68f74fa3c0eb6494d179e7f7c7fccf2ab65eb53ef109515886bad05d776ce582283ef8acb1 |
C:\Program Files (x86)\Windows Media Player\it-IT\wmpnssui.dll.mui
| MD5 | fec028080a4030c5402aa42502bced7b |
| SHA1 | f145a6baef91f8801d3180878a614f359126b7e3 |
| SHA256 | efbfd91d9524a47acd40a2e081853f6e988669865f961bf9a882c3de73caf079 |
| SHA512 | 7b317faad60115e18d0f43da830c9525f68dc9d41b3341ccc4fc3b3c9800c4d1ec608e1f7b8213aef02c6b68f1eb6614ee0da2897830829fb7f8f5884b6e8eec |
C:\Program Files (x86)\Windows Media Player\it-IT\wmplayer.exe.mui
| MD5 | b19875277ade43c5bc38df7e94faa9e3 |
| SHA1 | 77c648fe98c9a8877999924ff87d75ddeb8e80d6 |
| SHA256 | 63064acee21ec7c0a2efecf0f74e954d4314cf44a068197c1026e06dac33fa6d |
| SHA512 | ddc222cc6a9b275afd9ff5c1a3cc7264e77c2be48709c8372c5332cb17dd1747bd96e4da3a296a10fae7a998d358e3bd7b6b024b4ad0820d0802fa118e886ac5 |
C:\Program Files (x86)\Windows Media Player\it-IT\wmlaunch.exe.mui
| MD5 | 3c37dae32df4e13aa35da21dcee6eacc |
| SHA1 | 096d9a569585e376ebb3886436be401aa9837754 |
| SHA256 | 70e5388a95bcbb431e2ce8aef5da913a0519a958e01f7dafe2584fae88e06eb0 |
| SHA512 | 6e9cd8015ac09dc480aff0f37a6fa83a17f9f1a7b875f85a4e1e80779cc965ec89e8cac3f296699e3895abf5836c22f3a4254e3e8b1175bfc9d100b657410aff |
C:\Program Files (x86)\Windows Media Player\it-IT\setup_wm.exe.mui
| MD5 | e5e3eb396c2a173ab4c85882c0daacd2 |
| SHA1 | 127f1b45ca032a2f1225c1b17c1d8d8648ecba02 |
| SHA256 | 616413b2be8244fadf7cad63076c3b2236ab3ae9bc87f4a4ea8679ce7f0728ba |
| SHA512 | 59b9911e1355646b6bd3a62c3fb76fa0ca5f57fc86d27bfb1e43b54938136950fce2ca1ace9bb0d294ead4fd3e06f3d1c97adcc6fc896ace1523384c52688a2f |
C:\Program Files (x86)\Windows Media Player\it-IT\mpvis.dll.mui
| MD5 | 4edf48edff5df34ccc01654ab61132ca |
| SHA1 | 2e447d77668c1949e83f850c9ae59f41a5d5c53d |
| SHA256 | 1e465063ea2a8048b64db643b809aafe2f0391f6fa78c048481d12ec100eb5e8 |
| SHA512 | ca66c3fd59fe96198ab8ed7051c13a57cd3266f4b4e35db7f6fbcb713b610b7e03989897d5830a42fdcc960260e18591fdb35b77fed98a4035d9b105ec0f4377 |
C:\Program Files (x86)\Windows Media Player\it-IT\wmpnssci.dll.mui
| MD5 | 7cdbe641496dc35cd1787a84ebb100aa |
| SHA1 | c4cd2eddee55183cc7cf01c4bc66c6cda8b20e6b |
| SHA256 | a5e8d24b5e5736840238f68c0f491ac427035b1d711e8a3916f8cfbe0ffcde03 |
| SHA512 | c31fb28daffc5aeadb1aa2d7b42d4964f36a9e84859b8624125239f5594c444060ad3db6cabba5c4d357821af8f07113b2c972778aa4d3d618fb8a572ae77efe |
C:\Program Files (x86)\Windows Media Player\fr-FR\setup_wm.exe.mui
| MD5 | 6d96cc32f0725439b462101169cbb350 |
| SHA1 | e2a0890c51b41439ce6a24b93fcb74ad2fabd4b2 |
| SHA256 | 2c9968d1f1df91b20f70c557b82c078013d8b2df3490b7d027534cd3c37f8d59 |
| SHA512 | 27475b0a5e2f4f5799af1f287a36b8aad196cbb9e3b7812d01f406ec699f01f017a4e24fa0e476de483848aea21b3365cd08f10d5a5ac4020faa2706e4e6297d |
C:\Program Files (x86)\Windows Media Player\uk-UA\wmlaunch.exe.mui
| MD5 | fb0c096c18c454ca58b52e66766526a5 |
| SHA1 | f35d59b24e744defec377d41aea785e8b0b95f24 |
| SHA256 | a2a4c50b84adb942822f15533295894cd1e41bb8f31eb9b4f982405ee9c0dd73 |
| SHA512 | ed3253bef3686cf2a6512d214f05e49ad1b59b65cf4c391380faf3c4542acfd1805980538ca742d36a041be27b57435d8139564e80c843d70313bd1f4fc1a1ab |
C:\Program Files (x86)\Windows Media Player\uk-UA\wmpnssui.dll.mui
| MD5 | 2cdcd629c604a3af6676fa151c062d9a |
| SHA1 | a7cdf671f3d96a5b256dc90bb83754f3d6c98321 |
| SHA256 | 3447bb45e03a2106b9f75b853696d0436b3e2746874956973c7aeb2aa76c94e0 |
| SHA512 | e0f62d628349facca5cfc7f67d5eeef1e5c655c8842c73630cf19b0fcbf76ed47dc6c989b8f3c9efed4e79da80485a0dcd6c4b8ade14bbf54d633987e8a89369 |
C:\Program Files (x86)\Windows Media Player\uk-UA\wmpnssci.dll.mui
| MD5 | afa1791e5db453a656e094bf7165df75 |
| SHA1 | 190d9cd6aaf6f2a4ca17907011e21fb6ce4e516c |
| SHA256 | 9239d65d4e216ddfc1b8c3e8f292702a0dd9e9daf49e1ebed082579ac5821d80 |
| SHA512 | fadf8a5eb80c82a2861f5e8fea75baf7dfddd3de3e3112f81b184a6ecd9fda2c467ffbd77a7902afa668aa8c2df335e9bb5311058258f0932b20c54da879cf90 |
C:\Program Files (x86)\Windows Media Player\uk-UA\wmplayer.exe.mui
| MD5 | 2b40b3c34f45d1ac23a182582126d2d1 |
| SHA1 | ebe0aa4a69501acb680ddafc480b858f2366a361 |
| SHA256 | c93d1750a8d8699526ce92257a7ad6d86e35c58912d0622c5d09bfd69a87a1e1 |
| SHA512 | 17d150b1d9177632334366bc3f3b1b5fe47300885e325a1d9242439130f43881e52aa286f23cacd89b083870d74f5a6d69beaca6c094d9b6b39d925211f65a88 |
C:\Program Files (x86)\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui
| MD5 | b9e0ae288bc0f3a07cf044f0cd14bd59 |
| SHA1 | f07159bdfe8cc8019ee6088b509625de1bee53f0 |
| SHA256 | ad7c20ff33f6e3001576dfe971393a328ddd18e3f0c409e9cbfb62f0643ae87d |
| SHA512 | 8a6b58eeca0c763e8b6568bca22306a9049a7014e05a9bc9051ba05972e466af3b79016386b3aedbe460b13d530b1aad9bab51e2f7822012beb09b0ff077275e |
C:\Program Files (x86)\Windows Media Player\uk-UA\setup_wm.exe.mui
| MD5 | 13df2eb0f391ca0ce1c543b7d886657b |
| SHA1 | 389f885d9c4b1b83cd1e42f64cd0e29255987464 |
| SHA256 | 31155014b6c036efe7901e4d5ed040dd086211b33e8e6b6dba47896d7024f1be |
| SHA512 | 3841f1bc01826c7ef7c589911a802f6467cf66cc16cf2174465a6db199721d7d32349073406178b18388a500e0da43de325774464f3ba36d5eb6c7d57ed122b0 |
C:\Program Files (x86)\Windows Media Player\uk-UA\mpvis.dll.mui
| MD5 | d8fef23bcca2ada10055ad2f417909c1 |
| SHA1 | 7f6a2cab88fc29b1d5a0b03ba30ea11c07ba40b8 |
| SHA256 | 16fb55ed5ea692b4d2147c1e32b48828e7a2e5fe5d2177c1f48aab6d7605563e |
| SHA512 | 08f5ec81c893cc5179453c05315f52892dadc3e907116eee0bc2e82a1cf8d0b8728f95db06660fe33ad7ada68e19ef77481834535180b6c8e0416df54b9e5fca |
C:\Program Files (x86)\Windows Media Player\es-ES\wmpnssci.dll.mui
| MD5 | 8754cecc1e384146588e0047473ba979 |
| SHA1 | 58147a11c90b3897591b84a4112851be114040f0 |
| SHA256 | cb4ffcc07b4b955185252ad89c8d9dd22380b783617abfe01d3e27e2eea61682 |
| SHA512 | 8a829504164a62b2a0d848a18c729c389eec216ab5aed29814a91b774d2ff28e7375744f7211a21b08437f21169e012c13d8fdd54ebae416932fd4dc6d9385ee |
C:\Program Files (x86)\Windows Media Player\es-ES\WMPMediaSharing.dll.mui
| MD5 | 624efeaedff3ae0b8bec755c9022d6d8 |
| SHA1 | b9a1bee7ca6e97acbb34a788f5313641048f0f4c |
| SHA256 | 9ef7e4f7df70619caa54382b938e43572fbd115d077d27f917f9e5e2b4c798ff |
| SHA512 | 1a2caa72f87997f4332bf6ff4f63f051e50bba54482a54085473b4cdf4baae9289310f10da4dce1767593b73d4d38d7a118d4c20eb757f9834c290e0d556cb5f |
C:\Program Files (x86)\Windows Media Player\es-ES\wmplayer.exe.mui
| MD5 | c4de7f027c7f510f1936bd4ec53d398b |
| SHA1 | bf6251557f54ef769aff58e4b9a76e34764c1adb |
| SHA256 | db48f96a00e061525f1e0198181d1336f56731c9e9e36e65bc3702cee6143aa3 |
| SHA512 | 62716270b9d1ed4ecdf4132d99157f2b177b0246cd0ce22f1589106b60c4e5d4d3acfc022baa4be73ebe70573a0009e03b6a9c43a13e2e2ebcdcbe180cd7e3a1 |
C:\Program Files (x86)\Windows Media Player\es-ES\wmlaunch.exe.mui
| MD5 | e94b5ee2c53d6b6561ac04abf8ea760f |
| SHA1 | 4e1be82f18bd932a53466ab9e91b9b2765fb95b4 |
| SHA256 | 25fa02e2961ab7defe05408b8832a8a34b305f1f29357e25ac7d836534efed36 |
| SHA512 | a65b9b47fbb8434ac7d69ef43b0368ac5b437dbbf800d4ec5879ba8153eeeb457bf5e04ef67aeaeb11f87f7f937dd8101a3168b73494ea30a835a5e209e90597 |
C:\Program Files (x86)\Windows Media Player\es-ES\setup_wm.exe.mui
| MD5 | 48a6b0c551c52417382062a6b432b9b2 |
| SHA1 | 065d1bf45f2a3b9dfcdce18eb1233a21d1e9a205 |
| SHA256 | 7dcc2c42d659061fe6d71fdd684e7a3e4b31f3a80f02bddb6feffbe654a6f2f9 |
| SHA512 | 765f9eb0cc4de2ceccf53491d17b3707e1691ae15166eecabac69eed0b34dad8432b7f043e8d0699e12c9803d2bb717abc84f577f0b7bb4693a008bbea840487 |
C:\Program Files (x86)\Windows Media Player\es-ES\mpvis.dll.mui
| MD5 | 91ba0b90205a341ce2657fc0f99d59c5 |
| SHA1 | f90c2698af33a61fe03f53f4884c0520b026ad75 |
| SHA256 | 2f89484751b5f081981c67f9640e1bacbac8f651a13f549b0f3e0997faacb420 |
| SHA512 | 41689834b456b133256998aa2d3d63a9e0110f918c8bc4fe1d41312aa471ad791e6f34c7750f8663b1edcc758da8271341eacbb844abbaf5acfdc2511c7bd0cc |
C:\Program Files (x86)\Windows Media Player\en-US\wmpnssci.dll.mui
| MD5 | 2b883cf22d8ac9f294021e71d2132964 |
| SHA1 | 10141b46c8df19f5132589e9d2e862f8c29cf56c |
| SHA256 | 0c62c532f12d372856a2c3ccd5fbd4c3c691fe135cdbca218d248c3eeccfc05f |
| SHA512 | cdff85089e01e19eb9976b6e1aae5998b865696b104e555f7caacd705f33362cabab8a7c9f1d8556e130d46cabdfe617218fd0c6eb93b6c1b43f1393ca432929 |
C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoViewer.dll.mui
| MD5 | ccb89960ea299e239533ec5cfa799a6d |
| SHA1 | a46008a0ca9282e8b8447c8cd70d68eb4c153171 |
| SHA256 | 806185605fc31efca766b5f1049d83a23e57db5675bdaf6026c7ca3cd8be1077 |
| SHA512 | ecf497a30261223311b3ef50e454e659438e505bb5172c9dc20b3df3f775a4d6fce2b4a9b01b19f114f156699e40748b62f2922fddcc7ec8bd86dbc5b3c4e939 |
C:\Program Files (x86)\Windows Media Player\en-US\WMPMediaSharing.dll.mui
| MD5 | 972978d68017621a2e08b234c01d343c |
| SHA1 | fb3dfd3fcd0e26122643add712132fdf6cd12f31 |
| SHA256 | 956561468446200757c35149c511e85bac28d43caf780d8e451886c9fadef045 |
| SHA512 | 0ffe7269f399f4377fb4fe3ffc6d0038f9a1a465feaaaa7b74bdca129711a8b9d11e8158ed2f2cb19586266b5bce15edea87ae651891b40bbaadfe53d570cef2 |
C:\Program Files (x86)\Windows Media Player\en-US\wmplayer.exe.mui
| MD5 | c30416b98b01005e7f7d489ef3e2cf95 |
| SHA1 | 761a3e18a46c8142ad5d939d653248f08a7e3330 |
| SHA256 | 28e8542143a6de6a9162309669f608e41d87be76b9cff3d09ec1973f13635dce |
| SHA512 | 4523996b4ad95970f9f90ead18533422fb07c7196822c5dfea9e129f7aa2825bd4dda08109e1f960c580c32c9f8a3301334f0ebd2ed99007f06d064eda5aff22 |
C:\Program Files (x86)\Windows Photo Viewer\es-ES\PhotoViewer.dll.mui
| MD5 | 085ab4d21468f8c42db10a4c677b706c |
| SHA1 | 77ffb58bd5fb0874fea9bdd273479468368208ef |
| SHA256 | a971b6d2793fdcfeedfd6f5ca18bedd3d44977f826129fedc31d7aa88fd00607 |
| SHA512 | f37fb4d21d33059cec8d220d600fc9cbc85127cc23a463b4041beb098493158688bc8c640b0b5fd5f5b251b7ab00c1ba6567b43ed0253da42bf18828ce755884 |
C:\Program Files (x86)\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui
| MD5 | eaa078b7858eb9b48d61c480cd1e9fa7 |
| SHA1 | cf6362733c5994b712c72357be1878c476312bf0 |
| SHA256 | 64317f6ef65d065d34af71920b18e06fade252ec91a743c82e1f949bf968eae2 |
| SHA512 | 80c0946d3f1ead29973ebb4cefed3d6c31738d2a548d93544ec64204932aedbf4a8dedef031b192aa0b363ff488d49a9cbe8acd3ae80f4818f17db3c05e7df88 |
C:\Program Files (x86)\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui
| MD5 | 1dcb65070fab379de19f44faa24185ce |
| SHA1 | 0f0c604b2f2e07927bbbd3d0ddb66d3c94e12547 |
| SHA256 | 403bde23cab7c1365131bd1074703ecfe0b18e4fb74eb3186ed8a4e99505d47e |
| SHA512 | 36e02acf1adab85b83e156eeca4f73f8e342585792f11db84e66eb878f08f25de45045d17856adde1446f3805c5be2520e6f1f7c66d84ba848c07cb9c1657695 |
C:\Program Files (x86)\Windows Photo Viewer\uk-UA\PhotoViewer.dll.mui
| MD5 | 712fe6850984e225c3b801aac8176e48 |
| SHA1 | 5234450ee406e36a09fa24ef8226390e7daf18ca |
| SHA256 | f896f3bdb9fc78d78b26f827d4c04537df9c81484ed5c207a47284466aadfabb |
| SHA512 | c0f56f68eb23bd61a2aa4405e20b8f28cb1959f5b4f8e45345c4a14120e56c5aef3f90f58f2888d3f8d08848d834a51dec513b993e8a7586247f9d6dc0ef1838 |
C:\Program Files (x86)\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui
| MD5 | 310ac0d4c1a688e8de3375eae0417659 |
| SHA1 | d263a055b46c064d743745e922070a18c6a37a15 |
| SHA256 | 43ffc791f006191f1dde0caebb43c9f6095f4b2d1737977144f9bf13b47f5db5 |
| SHA512 | e86f5192175c2071538598aac6dc481f806fae4e90d4b6db18d4e7c9e97109c33da8e504b917b36bcce48b49316e5123e9b4debb52004a4142cad05e208d0b52 |
C:\Program Files (x86)\Common Files\System\de-DE\wab32res.dll.mui
| MD5 | 8a78d909603e59769dcbce648dc398fe |
| SHA1 | 79e402aa7252d28e14290fb5ea4cece9d87547d7 |
| SHA256 | 50950956c2484ac2374af4614b8dfa328000ede910cd0e284bd461c553a0b180 |
| SHA512 | bb7c201932321982b590d40035c19c9d02d0b63615f6c0106e1c01bd6ec25fd18424f3265a738f27924b32faa7ab95cdd1c2a8fd00eff52c199ea037f8d49e1b |
C:\Program Files (x86)\Common Files\System\en-US\wab32res.dll.mui
| MD5 | cdbf606965f54ba57cad003e88fd0fea |
| SHA1 | 63ec4e73317838002d164e28ce053f914cd615bc |
| SHA256 | 237f5223ad97e734cb625595bd089a7e3afa834bbc32902c67beb16bd6eff3da |
| SHA512 | 33da97f2db7cd3e9530e3f7d56c626a6cd1d737603ecd00620d3f297fe7b6a4713c19f59de379ace54e256ce9b6defc862d280701ce73ef2240371db7f88a1e1 |
C:\Program Files (x86)\Common Files\System\ja-JP\wab32res.dll.mui
| MD5 | a58da1edb0101eec3ca50f71089ae3fc |
| SHA1 | 44013472885ecc2f0fb910a09baccbc363d3a28e |
| SHA256 | 14b27b31383217b17e18f9efe44692c32c20bf9980e1523117ef3f349978b905 |
| SHA512 | c22532f879cde05ccea843da8b1cbe390258da45d86c60220bca6d55dff8c307dfec472e9278448fdf3f296f80c30ae9bb11ca611238ea110b4433eaab65bd64 |
C:\Program Files (x86)\Common Files\System\it-IT\wab32res.dll.mui
| MD5 | 3575feed814bffbf89e930404e8d4e4f |
| SHA1 | a9185a21b1e0657eb37343d5aafc761015f8e437 |
| SHA256 | 823d9075b0481700b10c413175bccc7466ee8d149398d1b5e990faf43481bbc4 |
| SHA512 | a08c3efb09ce945460ce6dad64aca98f8b4c1aaa33830b416dffad6d7392b99a4bb3df55ef6dda82ed72d929fb21e76832d4cf76ae84ac640613155a8e840e24 |
C:\Program Files (x86)\Common Files\System\fr-FR\wab32res.dll.mui
| MD5 | c450246b2461a36e905e35e2f5ff0e44 |
| SHA1 | ff650825700e34a4959e5ae5949fcaa8ab23dc62 |
| SHA256 | 9de40fc0df4c9e77ca41b7caf1b3bae08c44d687c2ce72fef9b238bb3aba5863 |
| SHA512 | 4b3aadddc6499cbef50da0f0a2fc1df314878fb033cad4ee24f24f9725cee7e178d5917352f8615e502219dfd58728af29829f92963f2ea32bd2acdb5c757c81 |
C:\Program Files (x86)\Common Files\System\es-ES\wab32res.dll.mui
| MD5 | dfacb0e5708bf1c81760b7718fa39320 |
| SHA1 | 281c553e49ff35816eaa07e9a44da32c1b645c63 |
| SHA256 | 6800c292bb9f8d260d221de7e31c629b4f7c4209f0f2ca84b551a521d12f92ae |
| SHA512 | 0a124252981a625596b012a990b1335d23170fff64cc4000dcd238984d6dab1c57a057d5ff87911d86902bb11a78cfd64a2e4c7ba76cd7f64d17f7e38c975a4c |
C:\Program Files (x86)\Common Files\System\uk-UA\wab32res.dll.mui
| MD5 | f982968151d374c909c214403f89f300 |
| SHA1 | 6c2fe2b6f6585bff3c6ca067fabba2be67f06e92 |
| SHA256 | 8637fe09cc1db07997b4c9b2dde3ccede2315c5ff402db0bfcdecb4bbe42ec09 |
| SHA512 | a19f4d7b87c76e9df0abb2d6e73c1fabf4c18177479942c1c75c3ec69e227c1ddb2096cfc32edf7b391358fd97cc15eb0574b67fee49e29a2640d722bb6a8a91 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui
| MD5 | 024adacc7d0007af005e256fbe4603d1 |
| SHA1 | b9437e7f2784a1cfe3695de2454589d2ea2ac04e |
| SHA256 | bfba9c2093646e7fc3726af0db4e5b9440c89aefa96eaf371c8db1d7779edb12 |
| SHA512 | a9c2bba86713e5150158bf75c583b5c4d4e8069df5d88f26152d27c6c4e962c9351f58cf53189d5d577ae3c80ee5f734531fa4e6694674fb77dc61a7d2aa2886 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui
| MD5 | e7fb59ba103cbf39827444038fecfdb4 |
| SHA1 | f64fb098e642d076fc5aada423eb61813a294419 |
| SHA256 | 29217b3478477826538cde75a88fc9be94f73e834071715228f0277a8c857536 |
| SHA512 | 5e6a4170b980765ac5df1a972b265db19f2113b10eaed018827e3316d2c6c27cd55c68990aa3cb1e4c37af986a5e24c889a72d6664e05c6a8719e766e8f36b46 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui
| MD5 | 45b165fd67b554ad1e1cb5fc9ebe4cca |
| SHA1 | b69a93c8edd6b88eb0e54c1e31903678277fc7ab |
| SHA256 | d547373424c3d3149bea31ac5aa716526948cd24752d3379a9926ac54ee683a0 |
| SHA512 | d36a17aebe38daf3b519bdab6645073c1017f7ff5d14b747c13182b80d5c6c7132af8ceeadc22015497a22f2ea5cf7fdf970a46cc01706ca4df7031014f8fbf9 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui
| MD5 | ec951328466d081bad62219cba4de34a |
| SHA1 | 47cfd31e981b74672eff77466397062049a16169 |
| SHA256 | d98e0570c247e865bcabff637bcec5cf66f13d9e526f3281847a8c065072a6a0 |
| SHA512 | 8cf5d963d59f9b1fc0402eb7f5c38fc7ddaf7e29c1acafc46218d385423be0747433252216a504d26edcbf20d5f80d9b76003647651f5bb62358675dc3b2a839 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui
| MD5 | eef8ed96c6bee2f85394c824bed6cbc8 |
| SHA1 | e8a24d62aa7c34163edd6c80d0b7bc43cddc8b52 |
| SHA256 | 4491f7eb3a9d114420f270a8230aa5ed5c21cb7014b3bfc9160d843972ee14ba |
| SHA512 | c6330e5a3eb1fdb415011c3e11a5ff6e15f8e526cf7cdb3d9553f75db1a2b44a04b98335ee0f4fd5d589d9adb440b35843e0081e38a94aa4c982ccf52d27726e |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui
| MD5 | 2b1219df1f7a08fce029452307070b81 |
| SHA1 | 94b4571f49df9f6fcceddf467019fce772e779e4 |
| SHA256 | 13983c296dfbadf0cbf6ff51de878a836cb6445c27e7016b94152532b2f6dd65 |
| SHA512 | 49a35e27077e41ae565bde890b77c96abfa23b9eff5e43f8a27dc4335c986cfa07473c12b8253ec841e15a547703995e2c34ba07d627fc4220a29f1f933d1170 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui
| MD5 | c110db3e4eb1e072edf5f895606eb278 |
| SHA1 | c4f55f85668f0b92476c7a563d9da26fc8d82bb3 |
| SHA256 | def3d5bd7bb27bff9dd9805c0e222aacb773112096d45099ba0b7df0275eb831 |
| SHA512 | 1c1fe2b9ff727cd94ad2bb439f166421283c82b03d333277a52ee726b99abd9e39c347eb011da08e856d0db99669129fcf65f7d61bf2706add2509d16e7d952b |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui
| MD5 | ab15814ec1369b31552f11b1a595bd39 |
| SHA1 | cac21401b5e5edb8ea029c97149c889e9faea8d6 |
| SHA256 | 16e159f84f52ab00e7e911022b37149793f612a17435606e0bdd42a50d33a2a3 |
| SHA512 | 498688524b5ddcd129d3b2f586b40ba7e8abb67260d422e22012709b9e50a0600ec8e62e5cb20274927597cf4cde82c66fa9754a0dff44e6f62a4e30e4a53e3c |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui
| MD5 | d846da058b70eb57536ea2c2b146cf20 |
| SHA1 | 6a339f08b83b3a9a20ce854e7d844a2bad566d91 |
| SHA256 | 7db91bf80c213ef84f1156187c3baeac5a9a48cf77ee375486a724807f4a9434 |
| SHA512 | 9b80f6224642e475eca61d0966de98dc59237c4b0107a127efb6474733aad422dd8caa58fdaa2708685ca5985e57ed54f2d2644495276ca7fdf631d1931d67bf |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui
| MD5 | 8237de8a4441dda60f1fe88d52203389 |
| SHA1 | 9c387a1e320d238771558729e1a2cc07a4a23219 |
| SHA256 | b0a664e1c7dd5bb3f47cd075b88cfaa5ca0cc131f59cd492adaccfcfb49816f6 |
| SHA512 | 272c1a55c08c0985f81e3c8da0b84d41808dca7ac88a3e0f6d55684925865f45ab392cf831ca0fb64083fd28391eb0fe569c41d00cc380775a89acc51a1c2dc9 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui
| MD5 | 5aac12c682e1bc4116396cb8c7adf96c |
| SHA1 | ac82b6d400d45636d7fa0643a6b89f72999a8e3e |
| SHA256 | 3b4b618f44d5c4865cf53939aa72bba7657e7dce5a8c4d5d259c9c31320bc4e4 |
| SHA512 | 641772e251d9624a3edd2b278b9c3ba83d4dbfac29569806363f716f9a3a0186212802149140af23c2dee1b6eecdd771e60deaea191b252cffd4d78b0d91a10f |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui
| MD5 | 576db7e5abda0a40e8fbe26d01f47018 |
| SHA1 | 2feba4fc9c4bf459568dd0933b602fd629391685 |
| SHA256 | a8cecd9e028f8526569406d508a5044bf7cfebf753e2776a8ff45ba533d82b45 |
| SHA512 | 240d1de308c57531aa0281009df8568effe47ec254e5eccb79000bff53448fc3c942ba6c9bb08b537baabd16ac53d6dbcba4daf2fb34b2e7f4bac78b1c40bb16 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui
| MD5 | 1ad806fe14d8fcca312b29214e87afaa |
| SHA1 | 8018618cb38b37c324ee72dbb18d3da508740681 |
| SHA256 | e5f8a24e5c8f1a5c4b7fb9be2c8a14f64709483e1e86677726aa8f5dc78bef89 |
| SHA512 | bda7260e168529b23ddb5e3fb7e926d6e5443261ad7aa2e483d2e4e57c0ae01c289c4437b0f315e7956ff0b50ec424ea178278185de50828c2f013a64d9edcec |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui
| MD5 | 607852a39f9ac65c8f9fda1c3df0b819 |
| SHA1 | 7cf3cca0cd7fc40725a5d6a869774646cf843e1e |
| SHA256 | dd5f2790a64b2ff0fae02c54c0408aeec21e462f6349bbcbe8c744bff1b00f20 |
| SHA512 | 7dc73a6cfe87de7365ab42598444e6fe94c476262fc97215492ddc738140c432a55ad57064cf7864ca28f9df803a8a4238b3c870026d61c8d08fa2c818b00df6 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui
| MD5 | 3071297b38547f1aa8923f2d4dff03a7 |
| SHA1 | a6eed6f0ea3ee529b01e9a186fdee49a15ad45db |
| SHA256 | a855d8040737f20833b75b183b066398039329a61e9fa7c77d9763a43458ac2e |
| SHA512 | 419f46171021c9ca9d0450154fae0e58b09ce5cb44a0084aacd20e77ba387bd7e1f86b3c2deae6015ce5a9f9ab6c89e59826b5f917b429587cee6f001d7ab0cd |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui
| MD5 | 473e53c7744966274a1940d27cc97c38 |
| SHA1 | 2189db090a42a2bcb541d8a9e1ee89519966c6a7 |
| SHA256 | 6c26e0fc9ef3072192fde0bfe0f8a459c6dea4a746175fbbe4d76bb845c3a9c6 |
| SHA512 | 07bcc76653447aeef9141dee3ca8680a32c3c1a00041356c7411524069e73b64ef6e3dee14b7903e503962a998a1ad7d94924317a9a4253d4b9b93acfc05963d |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui
| MD5 | 00f0378ab2cc5b3dc94f146c170d1f91 |
| SHA1 | 19d71792e9b6778586beee711cfd7ab16739ca6c |
| SHA256 | dd59a1c56d7d0d468a053b12e63e2ec349be5231d984445faa608ca865d95d1a |
| SHA512 | 36c5ea2fc61c30a5a00be9f00b3941e634f07ee959cc6f6cd68811e224e0556248537958da7c1507c7861ecdfa1840298a773f2510b8cbbbd2b06a4d3e260157 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui
| MD5 | 94a56498e1670ce79aa88119a0742d13 |
| SHA1 | b56742e51566b6c760aa86fda398027a3980bb7b |
| SHA256 | 044a32310f64c0c30d1c2a9388b1ca2d9862715f1f3f0fef9eacaedaf5c86d66 |
| SHA512 | a9cf08c7ebab4313d285a17ae89f7e8ad656438ac47a2559103ca6bb8c95f8d87600b57b85617318bf34d84a4f124564f1ef7be081a179a0073b44912f1ca7eb |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui
| MD5 | aa0c3c4d43e07cc9133c87b94412412d |
| SHA1 | 182ba730da5b2921286740603b2370eae1e29e38 |
| SHA256 | 98c667de125f40bd9a98879d11d276fe54fb10c1506d9154c709d5e7f048d6eb |
| SHA512 | dba80af92bca08c5b741f9801cfe0f3174fd53f572f462eb5e9e4538736e870252945e9401897ee144caa182a3886b20615eb8582f5a1cbdaf81c538b24d7deb |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui
| MD5 | e7b3474edfe0c96ccf3cd35ce565b058 |
| SHA1 | 64522a06cb7f0bb5e83e4882e82ad1fb77aeb7dc |
| SHA256 | dbb5230fcaad9432b7148006709a382361490ccc7e3431536fea4915225f20a2 |
| SHA512 | ca1726f56a635fadee066c2708db3a2ee4f6c943569af68d169047a3e40deb19eb6c35104e9c2992d57b81e6d9fc1105eac41b72a0afa8685fb394a464c5043d |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui
| MD5 | 8a93ddd390ccf4244e7600d78a9373c3 |
| SHA1 | 6d444a2e3a4accc52bd9fdc722294b5d9b9c8011 |
| SHA256 | c1d470490a03e839c7cbec12ec47a1f893b5412da3012b09e2534f47a375edb5 |
| SHA512 | d54fb0638767f9a4de6f35a7c00c4c4ae9321eb1370973d0b4a709024202911502d06567740697a14d65c9de9bbc7d157fdb370d25f529e33094b5677f314f66 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui
| MD5 | f7a4257e4fecf12812b0d16852eaa3ae |
| SHA1 | b5534b9ad430abcd5c6fc2d81577ec2d1cfe2ad6 |
| SHA256 | aba7639b2861fc0d2553657aaf31021217fc2b45d6f1bda089c46072a13f8f7a |
| SHA512 | 938f9dc8b068c15c50c2409cc2dcfc67079a6639106e0be27412cd45bb556ee8e47fd1ec2169f515da13c37932ffe993987b0b39e80a5b7b94d322caf2c26455 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui
| MD5 | 1043b21c1f401e6ec582d1ba3727436f |
| SHA1 | 5c53c843aee4a9f1cff74e4c8da7e3f59a230abe |
| SHA256 | e0133968b256c9b44e466b78e3d88844ea90c1e7af0ce5a413c570517bdb40cd |
| SHA512 | 14ad1bc8901720f538713e82a86849f70058d801e1e7867002732fd1d653f440fc5f2e04f06d17083062a3ca8c999f7bc1f7f9968cfca941d9d24eb8a9faa4eb |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui
| MD5 | c7d2a17c044c63e949352d00f37b59db |
| SHA1 | c0e769e83b05c1ac01c587a98e60776936ff326c |
| SHA256 | 2ff3b5bd8675158337796dd0b546d4df76fc45ac910f55e79407c3d86de37179 |
| SHA512 | fdfef4a637039ad1dadba19bcccd6b6b7083e8fd4fdd10791c89b1523d19b9e8c5d09f2bf99b96afca89108a86f47f27518a20b3b5aa03b6a04debc5188097d1 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui
| MD5 | 981b758ca716a6a20c182c905de05c9b |
| SHA1 | d9647a621da90ffc26ef0f9fa82e1112e42d2e8e |
| SHA256 | 7942d5f54492b602b23adf30dd71a7a287c33bb105eaf491a501adc79e1028bf |
| SHA512 | 861242413f9539aff5da910a7a939629760b06498ecc68833e06e7fd0cda0adf582454a0f1509e9fbd10cb12dcf54c132cb0f951dc673f4b5fd311ea3fceca65 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\uk-UA\TipRes.dll.mui
| MD5 | f0ebec801152a501d90446ef720e73e0 |
| SHA1 | 6f179df53a7b0a29e0d7a036fdb064491e2af4a6 |
| SHA256 | 103277cb5cf7f3399163881b361a3614e4bd387a92dad031bff9c03339cf57f9 |
| SHA512 | 40a994c3ffe5e94bc645f8d8dcaab8283b5d84908fc5dc4974c621a55bb14e968ffb54c178bb3db1f54cc212ab5f9d7ac782f63022c0b1788400d61fdb8c4feb |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\uk-UA\TipTsf.dll.mui
| MD5 | 762fdacc9f94021309f8be4d746b1ca7 |
| SHA1 | 786e42e5306eff44ccc42a7ca71ea91769ee89c8 |
| SHA256 | 37a7aba05d26595c97e9950c5a592d1605175ec798ce0d06f3bf17bf2ad9228c |
| SHA512 | 529ce3e4704c4deb2e4f9f6b5fc11294d22b69579e73992a7558da5fc7e8c3cb4abe42596531fca6109d22bf511b9fef2972aa7a57177a5dd8bd38794384a821 |
C:\Program Files (x86)\Common Files\System\ado\es-ES\msader15.dll.mui
| MD5 | a98f400c6da3cde4b74d08831059c4c5 |
| SHA1 | 83586db1157974ca1fa541f9cd99d0a8fadfec1e |
| SHA256 | 2586e26cb607d83e4abe2f7b3ea9362930de418c80d614222c2144e76aa1b1bf |
| SHA512 | 9b58a97adff0e45c738e209b9f72b9ac23ea0c11ec6c172ef0c6a4bb4c691f81f65517f688f07654a81a418bf54e762b74ce88a2d6efd459a6777b86d4ebd5d9 |
C:\Program Files (x86)\Common Files\System\ado\en-US\msader15.dll.mui
| MD5 | 1e1595d31644826b11b707bb46f0256a |
| SHA1 | 8e7f327316d02653a61df103ef866d8e5baaa0aa |
| SHA256 | 8503190bb061f066861d76ceafc32b62f6fe53b3e7c08e9a4779702b29dcdcb9 |
| SHA512 | 0293f726615492c57438cbfb8208310e93dd006269bc96c27ef10d792d449647ace0308359f28b58c9a0c2ce3c6b38eaafdfbad094527ce94822b93e8dca6d20 |
C:\Program Files (x86)\Common Files\System\ado\de-DE\msader15.dll.mui
| MD5 | 2f72989a036d973c3f05e8be4e726b7d |
| SHA1 | 4607e7132ba2eac55df8ff57eb04966f8e4c9282 |
| SHA256 | 7ba262a05836f1fc351300031e8e63254846cc0751df57bedcc8eb70b968075a |
| SHA512 | 2229a9741405c1b36543b2b3db1ceaf971bb26de1393b9a10619ef2fdc984946d8e25b587f475676cda78df95335ae3a059383cd75a046cbe90004d7a53ecde5 |
C:\Program Files (x86)\Common Files\System\ado\fr-FR\msader15.dll.mui
| MD5 | 4167de751cb3a95fc180640ba23bdef0 |
| SHA1 | 8804bf3a2592fd8a68ca8a16ed4c644183c3ecf5 |
| SHA256 | 8e29c90fc8d07054ad6670a0d3b08f4ae033864aac3e92a7d563d92554dd5ddc |
| SHA512 | 6fa5a3a68eca0cf66994f284e016e29441f0a4ae7e9a86dbea5d82c1c26077912250d7060c625cf387602551d4c00525b89ca8c5d6231ac0fc6979ff279e5af0 |
C:\Program Files (x86)\Common Files\System\ado\ja-JP\msader15.dll.mui
| MD5 | 60e7d1d6a3a134ffd76a44eb092897e4 |
| SHA1 | 8d824a452c0d53e76a32a904aba5d22aed199e7f |
| SHA256 | 83e34658566202b5e592c5a86b4818a2583582cbabee24b0c014f2736544ffa5 |
| SHA512 | 33a4c5dce64e5d22aa57ad5ded641d6baf6e5e81167d0df0b218cf3d914105924b9fcade6a3825bafa85adb5159f1b7f7314ff2076faffbb00ddd5f4efb5e3d2 |
C:\Program Files (x86)\Common Files\System\ado\it-IT\msader15.dll.mui
| MD5 | febe87c58f0a43dd077aaccc833198c7 |
| SHA1 | d023547fe668ede292a940ec07e1c52ad34f6aec |
| SHA256 | 9ecf0686d9a8851cd7fd33ed23dd3451f56e64ef5623f4b19cdd486ec7a7ae69 |
| SHA512 | ae7c8671204b62f16d4afc19f4d2b2b07fb298c5d5f93907cb11db1f6dbb7df00962e7e26f37f4f90a634a8890faea8038aacd27fb7a81fef9a36bbaa1a29679 |
C:\Program Files (x86)\Common Files\System\msadc\de-DE\msadcer.dll.mui
| MD5 | 0d8853e1f4fd027c3757cd48c8bf93d3 |
| SHA1 | ceed972fe7c711e329113993bf85f6b4de9615fb |
| SHA256 | 56c570612fe4cae1b5798c5eaa541719f399082301f70d35b9525283747fd8ed |
| SHA512 | db0b577ee67742274200e0d0538c7c51f1ef9bc66dc306afd017dda53f5b3c3baa268fe50a9889dfd867db5d7e259055faca241c3bce3e44de61ca6337d64916 |
C:\Program Files (x86)\Common Files\System\msadc\de-DE\msdaprsr.dll.mui
| MD5 | fb311bad4c582a10ece00b012709833a |
| SHA1 | 72358e3916e72f9281e06ecfad1081a04d280200 |
| SHA256 | 34e6aa198b7fb7f502e22c26ec15f1b0b2f5b9b1d03b859d776ceafbf261da28 |
| SHA512 | 2a31eb5417401ccd86662239f0d3a19a86a95aa03fb6a3f0fc9cc5b3651fda18befe21d54329d3ad4f548c3aa3c77cc3979fd7359490dca537d3de05329a8a57 |
C:\Program Files (x86)\Common Files\System\msadc\en-US\msadcer.dll.mui
| MD5 | d9f4273d99932dd616e1a3db7c17a295 |
| SHA1 | e9ccec8e1241a849278aadd7600820191b4cd9d1 |
| SHA256 | ff279f695d9097f923deb0b2bbd4720b7a99928a8ed8ac83e782634cb3f89663 |
| SHA512 | a3bc49108f8dd7900e71b2e904a67d3a67a610e6d1fc38a39144da081889ed8792e777e301aceee84fa8d9f99370949b42bed5e8ba1ca8ba090f123f9ad2b61f |
C:\Program Files (x86)\Common Files\System\msadc\en-US\msdaprsr.dll.mui
| MD5 | 3a154d6cae2c877ff5b61863309a70d5 |
| SHA1 | 755f29be63b05274cbcf76f5219ce6a49a5f60ff |
| SHA256 | be6eda80083c8ee988dd91532b41a126dbaccb6267c68a6fdc988bc022a0a167 |
| SHA512 | 8b7b8efe002f2f8dfc018902442fbfb37397fd8cada9f688aac0f17be4c371880a790d19f4e2147121366c2a8c76e1a9d7df577d45e3d98a853a646424fc6d15 |
C:\Program Files (x86)\Common Files\System\msadc\es-ES\msadcer.dll.mui
| MD5 | 9b88963707df7028bab16c651edb1081 |
| SHA1 | 2b0e1aa9bc678287ae1bffdb4c32ed449fcde1a2 |
| SHA256 | 9cf9e9ea367dba6cf65e71f6a7b93f9d9aaa884fc6b7cac47dc1372d3f0a8aed |
| SHA512 | 8c082407565245562e8448a8ec6a4f707d59f43a37198cc87302af5fd46723cb78fa8dc84e244bc1460db7d14341567956d37f1bff0049b4448fc5eebf8c9082 |
C:\Program Files (x86)\Common Files\System\msadc\fr-FR\msadcer.dll.mui
| MD5 | f3eb0917aa8cecf10df5d9c4bd208273 |
| SHA1 | 9c180da07de5d875568df9b68880b5a0f3e1b799 |
| SHA256 | 77ab0e03448f16ab74cd3b55d762b33659006874808d8e8676119f8e8a4a60cc |
| SHA512 | 14557f5afe2c1162b99282f8c6cb3c8ac47f30acd509f4b0a159a0680de0a88ec3e0043e8a945ea7efa8e723bd7b264d0715181407c7ab95cf4e6365d8e13198 |
C:\Program Files (x86)\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui
| MD5 | 7e7f29710a9377be76f74dd37f3c3640 |
| SHA1 | 6fe530ae5a987621cc1176cbec0ecdfe1a3b0b59 |
| SHA256 | 6f40e1ab0b34fcb7b3e036b68915790e7a83335a4462f507cc1454a1857499e7 |
| SHA512 | ee94e3d9a19383553d379b70df3bce970080be21f40171f2641ce3ee7f70a7c7a3c3f5bb6a99d395b008ee737506dc9bcc5c44a946ecff0ef29428e9b91ff5b5 |
C:\Program Files (x86)\Common Files\System\msadc\es-ES\msdaprsr.dll.mui
| MD5 | cffb4e2bea477ccee2d6011de2544246 |
| SHA1 | a30f1227ad4d40d8ffc2b4a30b35cc20a786320d |
| SHA256 | 5862ffb606afffe47db998aad53f0e947ec404fef164b5d34e3f84477e1fae49 |
| SHA512 | 163491bb83e905eeb3ab4fb487bf7c86ea835ec7ececdc18bbdafd874e1a91e99d930efe5057e12641b3ad03f969ac0bc71b9be69ef43879cc5184edf6345f7d |
C:\Program Files (x86)\Common Files\System\msadc\it-IT\msadcer.dll.mui
| MD5 | 2409dfe2c6dc87cc826576b695750838 |
| SHA1 | e7594f38baa4b3950659a08f05b6930a142d8d86 |
| SHA256 | 650dc3e4092bf107f5f51097cdba5a0efe310509635cc59f54cf054e41d43f15 |
| SHA512 | 615a239242d534aa001b48d0abe2e94b3e644018ac4146a99d953802c9fb6b2873f749cfd3c14aecd2ae83f571dd0cf58e9f3d1d12845be42590b3d1ea5e1192 |
C:\Program Files (x86)\Common Files\System\msadc\it-IT\msdaprsr.dll.mui
| MD5 | a8cd47019f3a5f34cdd90cc86c191206 |
| SHA1 | 778bdd8ca0d6c968f148eaad0e6f707e421943fd |
| SHA256 | e4e6b2cd919dc15863c2693d7578550ccdeabc8c3b6e32194026820a070820f3 |
| SHA512 | 1128bfbbf888eb7ca3b52d700842c64f740ea52d534972dbcbcc8a81b3b30df6a5d041ef5a5f0afd5cf588d21cce56462c24a8512375b7ee56d99db2202c4d9b |
C:\Program Files (x86)\Common Files\System\msadc\ja-JP\msadcer.dll.mui
| MD5 | 104a3de6ba4c43c4beb3b2e36dc68377 |
| SHA1 | a7e91f68c24dc583b4dab780d45efca9c1bfa7dd |
| SHA256 | ba8cfb2314bdf89bc6d453b50c49584d81fa80c7725907ed4e6ac7cb34f6bf02 |
| SHA512 | d2bf849912c75d45d8bb84e273e7d8847912120b1b4210d2a84b4bd243bf7995b04b7864f71bf89f62137caa60656dfd5d518c073cc8620c8db1ab28db14da62 |
C:\Program Files (x86)\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui
| MD5 | 1f68381832bfec67f976e8db70a8ad2e |
| SHA1 | f277ec1fcd5f77ed18e635ef42e13753a8a46b0e |
| SHA256 | 78f48f5ed6661e2586b8f85fd9c4ac31b28cd4bcc903271ae3b088c884275f39 |
| SHA512 | 34625c06317012a86e551792b112c6eb18ba7cbc9429d0dceaed3d94d091b619163d87cf5025f32d279fb0f3bed233706ce1de1257c2956b31be260c327c1b07 |
C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui
| MD5 | 4f363f3135df0e73934d896ade7c9855 |
| SHA1 | 35e114b33a4e31da041241507b36dda0cd36c240 |
| SHA256 | bd56f816cc3b8ee3492d6392634e08543eb3a61d10058e64178a0557acabd71d |
| SHA512 | 4f8d6bf20c073600c95c21f2b49b22cec1a61b377eec565415150650d4a2567490d277d73e1e581e6f04faf0e036fe193a645f05a0224c78e811b85edd78ca0d |
C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui
| MD5 | 25983e56fcf27dd4a66e7cfc7dd61736 |
| SHA1 | 7ac85c62d52b41683cf4c7bef0caa0778cf94402 |
| SHA256 | a201ef7604460235b3f1f3c19519b1ce2580ce4873de11696d0c066315bd1759 |
| SHA512 | c4d93d7c6f76cbbdfe4afb93f813b5fc687b8419aee8247cd27f86c6ed07acbb348d34e40681f716e0f26cdf6d3916246d29d536c43f3b890876d348347fd726 |
C:\Program Files (x86)\Common Files\System\Ole DB\en-US\sqloledb.rll.mui
| MD5 | 44f41adfc16b2ff22932e3f8d13ccbd5 |
| SHA1 | 1c58b8ed1e9df3d8b62ce0fff0a9a1408ab64239 |
| SHA256 | a497a583f92a30e1d3124753e3eba3c624f20544f7800038b9da7379ec642558 |
| SHA512 | ad47a49660ba4b4f7576e72b707c99f8cc50fc46f8380f1c5e268313f640cc5ba0f40e504c6082980267e5d03cd47296653e097a24b97886e4944f55dc497c8e |
C:\Program Files (x86)\Common Files\System\Ole DB\en-US\oledb32r.dll.mui
| MD5 | 3d574cc1389a4efcc7f972d019403b20 |
| SHA1 | c8ce0282aebff7d9d4f26f6e37ac6ff290cb7bed |
| SHA256 | e12f50d87817781134e98f154eadc8e22547d247922a8aa0fce78c84691296a7 |
| SHA512 | 56c68238efce8d2c29adacbf14fec9007fa3553e04cf6bd2f8f67764cf4d1fd46a83d299ba168caba6f06e31cf7cc204c6e467838c1d6615fa08d48e694f5128 |
C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui
| MD5 | df7eccb3ac312bb0b0526a35cb88935f |
| SHA1 | 4b890ad0dee6d54b0d605aa2945db2e39ebc5daa |
| SHA256 | 6b8a85fb5354f9ce43e76a1b0ade34dffc92e2570e507730e55915d5ef0fd837 |
| SHA512 | 5c6ee7f7e1fc1d76d9f6e1718112e14defeaf8aabd8e7c5df81bcc849ff230486ff453b2c8c372bd43a4c2be8309964dcd8f10374c505af365fb49dd9ea18131 |
C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui
| MD5 | c358eabfa70279d6978bb0c19df677aa |
| SHA1 | d5ac2c5fe32a5bb3342fc6ecfff72ac1e7001403 |
| SHA256 | fc6b48aee3d4736493409eb7dc7c7e9d0d6331f025aa8f50505d3e52daafe604 |
| SHA512 | dc5f06085c1f6ea0fc1c5fbdc975203732e17b4e5143a8c6d87a7cf45f6176c541fc84dd1fe18142ca7c09c46b333018cbbcf20d837bc7e6ca4a5260804f2e5f |
C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui
| MD5 | a96c588f6b46a9fa99474ab7e75afe29 |
| SHA1 | 3f54c730505bd89b9dfabea3786687ff1914d5b9 |
| SHA256 | b5d4f0cc375740d768420cf5b73a5eaab8b45dce7462f66ec6aaea4329a7c8ba |
| SHA512 | 5e9530ef10f0ef1bb9bb2469de33c52b388145eb7db805c0846441002dd7f4dde812b8423fe4957c82a6547bf648876adbdc5f1802470dbedad29c57bb1269c4 |
C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui
| MD5 | 2814f105ae1200bf64cd0ab9e7a2d32b |
| SHA1 | 9c9a0e8ab78c2d0b26e67962e9bab3616334377e |
| SHA256 | 4cc3677e5a2d1dc47ee354a4df9cdd07ad995af5d4bf26e8c1239872961dae00 |
| SHA512 | 220a6850a0bdef8715561d5e0a86be4e95fb211cbfd47a588aca817d4bac9a58e778968daa766776400ce6756267d7b27852c2703c3bb6858e4c8626d48d6cd5 |
C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui
| MD5 | 03313d09d612aa1e304bc793667bf892 |
| SHA1 | d5ed8fd637f352f2d1596e5d7a59ac5dbe175464 |
| SHA256 | 0d870fc6a39e1652c568638dcb9038e41c7786485a31f8fda9dc167b472d1414 |
| SHA512 | 0505a2027b182d3878009126b656141ee3beacc4019332abb40ae2fea99d73af70b81f935c615ef96a42608c3cc4898b5d9e348949353769e880d58d84177d78 |
C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui
| MD5 | 26edc01a66b7a20a81671affc5cd006e |
| SHA1 | f968234714c11ae4adcec0a13932edf9dc99af15 |
| SHA256 | 4b7e4fcc9e53095b6006601e543d6ae95264d065d042ca2aa29fda2caecc546d |
| SHA512 | 3f9bf5dafe57af7b87d56da7c68ca7e0847866b3c34661b210697f8db9ea4bdae70c9a85e13bbb24b984c3945ca42e233ba4663f90a3d645d9fd2619d410d280 |
C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui
| MD5 | 67128eff068d5308a1a872b847612b5f |
| SHA1 | 98abf2d3a2390b3c8a70c3e28214083d12a7e070 |
| SHA256 | 3504bdae3088c59bf10c3cfd10e03282d476c8bba1e7e70545e38477c11b60d1 |
| SHA512 | 6c50c9ba36568107afa1c4146a0dac2a48449e92405a72c0d4e664f60874fb3466a21f271d4ca8f3ce5f27b7cf563fe1fad58e53d8bc2b15c2b1e45f7b10651a |
C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui
| MD5 | df0179c8d01471f65133deefba9bdf15 |
| SHA1 | 2ae558f2060eafccc00a7c07b65ee2f25c2d8d6d |
| SHA256 | b6d46b0b9d1d6a81edfec80cde4c9eed3f129ce31903d54b0af6d1bb21331afa |
| SHA512 | f2f484c2da1c18bfca96d3b1a408b85b92f99545f97032955bc23187c9e0d600c90c03ba4c6809c1570fb58bbc256e17e096e5f3646ff7139bdf8632845b6cea |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
| MD5 | 41fa23f33a477f4987a88f1ceb33d503 |
| SHA1 | 4b5bd41bfac7d4091c0117cb2c2ec71b66b18a3b |
| SHA256 | 781532bcb9b35505207a5572ec2fa2ba9e9f6c5c03d6bdfe16a6830339c03161 |
| SHA512 | 7a437231289103139895455d95af77fafc647ac12eb23ae862739422950031e3b01cba114b3a47e9a736e0ff3ae6407fde22f1cfb710d33654d7a28b9d63ded4 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
| MD5 | a27a03b336edfc22a5f483225c694017 |
| SHA1 | 5b88908bf371be89ddc8e99ee30fac70b28ae3c1 |
| SHA256 | d1b58e30662f37dae10f4e042e7789926aaa1d8a050181d16da18a6fd8bee113 |
| SHA512 | e0b8d253264cad2cf4a19ad6ac7721ad3526bccb0cb128c4adbdcfd42015636b93bf4ea572c4d5d65f18711f54621d94b321bef36f6199374c4f30866b2a1ba5 |
Analysis: behavioral6
Detonation Overview
Submitted
2024-11-14 13:19
Reported
2024-11-14 13:21
Platform
win10v2004-20241007-en
Max time kernel
118s
Max time network
154s
Command Line
Signatures
Deletes shadow copies
Renames multiple (11282) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
Reads user/profile data of web browsers
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Input.Manipulations.resources.dll | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\legal\jdk\mesa3d.md | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Interfaces.dll | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\s_listview_18.svg.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\nl-nl\ui-strings.js.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\en-us\AppStore_icon.svg.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul.xrm-ms | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSSOAP30.DLL | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ro-ro\ui-strings.js.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\pl-pl\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\mobile.css | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-40_altform-unplated_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\de-de\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\fr-fr\ui-strings.js.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\offlineUtilities.js | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-30_altform-lightunplated.png | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\css\main.css | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-pl.xrm-ms.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RADIAL\RADIAL.ELM | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Media Player\setup_wm.exe | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vreg\onenotemui.msi.16.en-us.vreg.dat | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Process.dll | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-black_scale-125.png | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\177.png | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\ImmersiveVideoPlayback\Content\Shaders\LoadedModelShaders\Platform.hlsl | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\en_GB.dic.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-64_altform-unplated_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-36_altform-unplated.png | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-150.png | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-24.png | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\coreclr.dll.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-16_altform-unplated_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\vccorlib140.dll | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Store.Purchase\Controls\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-72_altform-unplated.png | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-16.png | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\System\msadc\de-DE\msaddsr.dll.mui | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\nl_get.svg.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\ktab.exe.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\MSB1CORE.DLL.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_flat_10_000000_40x100.png.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_2020.1906.55.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\seqchk10imm.dll | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Checkers.api.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fr-ma\ui-strings.js.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-process-l1-1-0.dll.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\195.png | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-white\SmallTile.scale-125.png | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\Windows Media Player\setup_wm.exe | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-40_altform-unplated_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File created | C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\meBoot.min.js | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Java\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.EMAIL=[[email protected]]ID=[3472CB2D1AB89AAB].biobio | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-24.png | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3420 wrote to memory of 2924 | N/A | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | C:\Windows\System32\cmd.exe |
| PID 3420 wrote to memory of 2924 | N/A | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | C:\Windows\System32\cmd.exe |
| PID 2924 wrote to memory of 448 | N/A | C:\Windows\System32\cmd.exe | C:\Windows\system32\vssadmin.exe |
| PID 2924 wrote to memory of 448 | N/A | C:\Windows\System32\cmd.exe | C:\Windows\system32\vssadmin.exe |
| PID 3420 wrote to memory of 2432 | N/A | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | C:\Windows\System32\cmd.exe |
| PID 3420 wrote to memory of 2432 | N/A | C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe | C:\Windows\System32\cmd.exe |
| PID 2432 wrote to memory of 1104 | N/A | C:\Windows\System32\cmd.exe | C:\Windows\system32\vssadmin.exe |
| PID 2432 wrote to memory of 1104 | N/A | C:\Windows\System32\cmd.exe | C:\Windows\system32\vssadmin.exe |
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe
"C:\Users\Admin\AppData\Local\Temp\3472CB2D1AB89AAB.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssadmin.exe
vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssadmin.exe
vssadmin.exe delete shadows /all /quiet
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
Files
C:\ProgramData\biobio ransmoware.txt
| MD5 | 4cca299786028771f81f76d2c8cf2eb6 |
| SHA1 | e475afddad2af29b02cd70281c834bcdaf12e4df |
| SHA256 | 324014b0ad34a853196650fa9a9f1fba91f597f7d7038f144561d68524edc53d |
| SHA512 | 95e156f0e55af7aa6887857f0c54e466ff5f26e802043e717f7e7a0bbc83840d7d745a7b9871e2ef445c85b0d1e482f5d75b2d2ed44aff6bb9da2537b0df584a |
C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
| MD5 | d018f5d26aacd18352ab5b2a1c3919fd |
| SHA1 | ede77c16adbe0ccb5933ca190bee24a844eb95a6 |
| SHA256 | 7730d57e3698b0cc2bf1d15717bb11806e6a39900a299af8622fb3397e76e6fe |
| SHA512 | 9e8fb0b3f0638943f40acfff719c77dac6b447b824b77e893b611392c1bfecf4cc0146a1c3c032f863873a088973be1f32fee6a769ee034ab142ac69fe66ba54 |
C:\Program Files (x86)\Internet Explorer\de-DE\iexplore.exe.mui
| MD5 | 37d66b403afa1919c4e56d18a745c55e |
| SHA1 | f3047460ebdb659042f0fc27abb5db669af98661 |
| SHA256 | 7614ab9dabb0227941c2c99ddade921b1aa545bfc8eaa682ab23b25a509c4f0c |
| SHA512 | 176ee8cd412ae8791f77fb987428cf2a231d9d00c576a11ee971df168082f9f159a81d0e71c5ad6085b5ca80025cb52cffbf32fc569415044b2d21da2611fd97 |
C:\Program Files (x86)\Internet Explorer\fr-FR\iexplore.exe.mui
| MD5 | e870687ee8a7918daa47f742c7ca1311 |
| SHA1 | b7f1b694c5b2eff62ed6ed301129e70a227fe0cc |
| SHA256 | c1771e3ba05b0d897ae728ffe5b971fcbc92d7e12bae07f92acadd0ac81d01b0 |
| SHA512 | 436b3fe954911557e79d2529e7649fcfaa0853d8c3c80bc748096c3993e820eb2f02cc7ef5acfe86906f8fb1606609910f385f6626b297cecc0a6eaf99563ef5 |
C:\Program Files (x86)\Internet Explorer\es-ES\iexplore.exe.mui
| MD5 | c6e4fcbae9981709b0fdd0b48082b9e1 |
| SHA1 | 430d46458cec68b5e72cdd80f55c2de15d0254b1 |
| SHA256 | b50d966b79ce5859ccee830d55150bb58ac8e60917764ae422f08524c384dc20 |
| SHA512 | eb4274364f7df0fffc9d6bdc4841c319b1e8a8aaadc2c5b9a0ad368c8e42f545adde6d6e8cc6fffffc80ee7dae7d84a8148d179d2aea186482bf8bbde2af440c |
C:\Program Files (x86)\Internet Explorer\it-IT\iexplore.exe.mui
| MD5 | fa818659a165ac776ebb1fe57a589884 |
| SHA1 | 853ec2983d9f792d4dc341151d98f572512b5269 |
| SHA256 | 9f66b4eb3c115834fa821c6c099409fad6a039d2dbaaa855a28d5d5097bf34ff |
| SHA512 | 03cb03770d6ae1801c0a4d845223a60b0efae32191054d470d5e4bd397b2534a1553020bcf2727a75488e2f1b639dfbaf36d2794be64d1b985f619e3ee20f1d5 |
C:\Program Files (x86)\Internet Explorer\ja-JP\iexplore.exe.mui
| MD5 | 7aa5b0b97b0c69866c9f53e96f5de2b8 |
| SHA1 | 9b593f5876d0657d0120f623fc2e9e4321db8398 |
| SHA256 | 77a3a1e978cc59f8f03993eee00f322102daadfdf35beb3f56961b7705629119 |
| SHA512 | ca5a1042f58e078528ef4564c39f93e5df5ab0607af8993e229f8883480a367aa7252aa976bf6d111c8a6f4f65123eaa01c9679b6d5e68102c5815759877c86c |
C:\Program Files (x86)\Internet Explorer\uk-UA\iexplore.exe.mui
| MD5 | 6623e899bc104accaee131d60dc45680 |
| SHA1 | b296d4238d585cf217dfab438c30a4cfddafc0bf |
| SHA256 | 079e7cfb9820bc54f055fa3c843c55e5901989a81bc4e106563c464d4ad09a62 |
| SHA512 | 9ef4d4e52c133ba65c5760f4f6042b1a9461a2cca894c1d8e81796ff841bc8193d03df89a26520091366d2b64398dc5ae6d498c4cb029d4e7cb9bc0f1b25779c |
C:\Program Files (x86)\Windows Defender\de-DE\EppManifest.dll.mui
| MD5 | 69a5dc69c93f01e4952900018da56113 |
| SHA1 | f981d5364939320f9cc22f32f873375cac257efe |
| SHA256 | 958ba33d43d1270b2adfd53083e2f57dacde387e39b2ad2bb37267ce82f679d1 |
| SHA512 | 27a5491831df07d4e23b8ba61332c3ef7737f85957c6a38e15c15566107845c7d347a90ca34e38dbf171e52210f5d2f652f2a40638534469b6cc91d97b3fe3b9 |
C:\Program Files (x86)\Windows Defender\de-DE\MpAsDesc.dll.mui
| MD5 | 71e95fab5e4e2e995c741613327cc415 |
| SHA1 | 6c67d5b9455921d589706aa318ad989c0530c0bd |
| SHA256 | edfd3b0a057d2f0ed78cf7d2165664fdeba6f2bbbb439e093f7ee9358abbf94f |
| SHA512 | 1f44e251150a103d44323f4cd6e9fb4d31d1fc2efbff3acfbdc111d9311591c81b702f76ebfbdd31e3776665f92f39904b193aba9159a76b039ec57fb99280d1 |
C:\Program Files (x86)\Windows Defender\es-ES\EppManifest.dll.mui
| MD5 | 7db4e9b095b4e8c61e23061ab127122a |
| SHA1 | d5c7396b4cdfa69725ae1516a1c99af3533aa814 |
| SHA256 | f8ab9d94ec0f421878de3708782a0d673068a628d2d7a962c412ebe9dd4bb02c |
| SHA512 | 9bb33c9ca2753e42707e293959efa9a63289372d3010bcd8425f1ed993a8445398c4304c4c29e0cc05d4804af3861386c53d45095affa932dccdef2efffbd210 |
C:\Program Files (x86)\Windows Defender\es-ES\MpAsDesc.dll.mui
| MD5 | 3a72af353a7e620ef0ab67c52c1d9b93 |
| SHA1 | e77e015913bb6ed03f2a9a26bdda8c6c3b02e9fc |
| SHA256 | 4e481b5c58958c0a51c245215e18a28eae45f2a19693e09b4e87b10b7f0f06b5 |
| SHA512 | ba663e2adf226357a14183e9f8998981464e9b522b496fa2ccae18d5c0dd7bc234737286523f61fe148d37814739580037a34c8cbfc75c945f12f0fde720ecc9 |
C:\Program Files (x86)\Windows Defender\fr-FR\EppManifest.dll.mui
| MD5 | 9b5110bcee53314ef4aea790710d69a6 |
| SHA1 | 20ea13ff913049419d76d390286f79e5e74ae6eb |
| SHA256 | c9f82b0c52270741905c843be41a2fd8d75823906676f232dd9facc515347a35 |
| SHA512 | 9e5dc7587399405d355df999b456bdad940b6e55131f26c782ac5a4829614a6a119d51b16cca985deefaae0283dbec0d62af41519c9a7dfc3b0402573f503939 |
C:\Program Files (x86)\Windows Defender\fr-FR\MpAsDesc.dll.mui
| MD5 | 837f079578debfd5294b9f1f5aedc366 |
| SHA1 | 47851fb7087f8af67bd32dbc6c0aedd83588153c |
| SHA256 | da79e0d312a4c1c943b08d855e878ea2e8dd37bce3ebf5d60b2fe54ce00a7725 |
| SHA512 | 5e636337547f9147cfb5bec9c4759d34ce54d26066c840ea4d8e2fea9a6bc8412fbea52db94bdf48d9b0b323b07db1905a8cf267d1bd33bf3e18a9ca74e12e87 |
C:\Program Files (x86)\Windows Defender\it-IT\MpAsDesc.dll.mui
| MD5 | 3bcaa6c2b99c8f590ad3ff0c4fa3679c |
| SHA1 | 7e4b847b77afb3d5f9f3ccfefd40fdad3cb0ed80 |
| SHA256 | 08486a0d0cdd85dbaeeac8506124a15c16994e0b669d75d6c02053dc05f3e5ed |
| SHA512 | 75b2f1aa05185d5546b78963d9fe42f62a1ec1b9052273739a981cde7f2a57c856fc908d8f71472f18dd959a8744b50e12e61250429822e5024cdb1a14e34894 |
C:\Program Files (x86)\Windows Defender\it-IT\EppManifest.dll.mui
| MD5 | 9a6eec12a83bfdbb63de05a8bd6354d6 |
| SHA1 | c65a1bc70b9893c7ec0af58a9c9476a6c64322f1 |
| SHA256 | 1dc22ae72926c485d1e1586c03080e420e170384e64a80602c96e0ecdfff99b8 |
| SHA512 | 3c4291350f32e595c7eccd5c13fc5b45e6a8fd7e1c97ad757a8ba14193aab6eb86110330953b038136f3cb02d039486b97d74b3f8ffef33993b9a28caf038425 |
C:\Program Files (x86)\Windows Media Player\de-DE\wmlaunch.exe.mui
| MD5 | 1f0e3281ee15d1b037e72107711cd115 |
| SHA1 | 80d19a7bb0e3e9c4c1ce748d3b952c8944d2f93c |
| SHA256 | 82eb6125af5a15bb8ea25827085cbf030a591ef34fba58789245e8206a7cf43a |
| SHA512 | 0b10f1427bb20d95fa6895b87bfd91877fc3a6c8c355a541057c1e48dbb5fd6e848134f3d9a346811c556a538ad4ba2cf133f78a98a12662b2b4d3e5b95cf612 |
C:\Program Files (x86)\Windows Media Player\de-DE\wmpnssui.dll.mui
| MD5 | ca9f76577400da886db115f9dc851cff |
| SHA1 | d5fdfde2e60da342839f0d2580e904d9f65fb7de |
| SHA256 | f7e51a2a9f639ee3c0536bd2cc7d63ac5c89f7a1f3ab6c4e2ced8cbafc4591ea |
| SHA512 | ecde2739527f082714bd7309fdefd034bf3aff2163e8c9c1a2b77a66ec4b64ae3d1464e8ae642b1f9ba4ea1452d23118c7162dc74800a1d29373ed163246429f |
C:\Program Files (x86)\Windows Media Player\de-DE\wmpnssci.dll.mui
| MD5 | 87b3be8ae5e9aa8843bbef50a16c814e |
| SHA1 | d11fa5a5c9b98cc5cd011f0cf24172ec3487bac7 |
| SHA256 | bcbf167debf64df1b3c4a8f5b1075601143426ed038217b734208300f2d7cce2 |
| SHA512 | 2ad7cd2ec3b453434d6b3b134deac2247a5665698d863b583f78a32990b539067ecc31e21b4d4640357eb927d5ab6ff33260b2030df8fde8f5508e660d483419 |
C:\Program Files (x86)\Windows Media Player\de-DE\WMPMediaSharing.dll.mui
| MD5 | daf035fdaef9ccdf2b1e29934cf4c39d |
| SHA1 | 0c4df0a45356be50c6cc208fa1c0f88e2c9c5263 |
| SHA256 | acd790a888708788d2dd91f3ce1fcb5b59386c96270b91a09464a2716d5874b5 |
| SHA512 | dc4ef4efcfeea7ff8a187de61cc2e0371fbfab10a85c518fc39fe19ca271154e2fe5c364b37c6a36c0430b95994938f82fdb77a6b6670905f46c1113c0d610e2 |
C:\Program Files (x86)\Windows Media Player\de-DE\wmplayer.exe.mui
| MD5 | 35bbceb368af7c3e30dacf99d7d26af6 |
| SHA1 | 6befe763ed6ea784e32055f90ebf79b71000f5ca |
| SHA256 | 487796ee5bad7fc377fe5afbb64b7f533cb96fb82c2fbed5cd99ea84b1a55a92 |
| SHA512 | 12deb739a9a1742a2421d38af7edfe3473d1f6c4eb79b49d2f2d695ea0bcd858a8d7b17bff36c5f72d82db531e3233f427b0bb2c99b8f648ce703099158ae64e |
C:\Program Files (x86)\Windows Media Player\de-DE\setup_wm.exe.mui
| MD5 | 3336b6d608ebee7c5444176096af6b08 |
| SHA1 | efc55769db6b4431d11445db9ec74c385890f89f |
| SHA256 | 1ba9f92707c00de071c00fa1ad13fb5363f4235b1aa2f522b47ab00e19872b02 |
| SHA512 | e0c59547d5d27b98f721ba643dd10a44581d9c5891cf935cd4b98faef42cad7ba3962739da869df837801a4540daa3350ec73aa823b743f91a7c807fd490b6b6 |
C:\Program Files (x86)\Windows Media Player\de-DE\mpvis.dll.mui
| MD5 | 0df251d59a642c0fe0b89221d4bf5c02 |
| SHA1 | 659cf5e42373aef03a0839414f404027c30385b1 |
| SHA256 | f36f27cedd68d4376466f6b381a64639170bd65bf7c233bd0d60e7661cebe838 |
| SHA512 | c7bae101172a4f78672c1fe1c7f5854e8ad4ba6a905101c8b80b923e2c3a451c79bb0bb3ea17657a3b1bb0d41bff8753aea97e6e98db5e73245de542cfb48ead |
C:\Program Files (x86)\Windows Defender\uk-UA\MpAsDesc.dll.mui
| MD5 | fc8b5f7912ce0234d2d4765121dff855 |
| SHA1 | 94802777674536edbbc604930df2e3bd63daf1a9 |
| SHA256 | 2de78e64754ad4bc6971470a00cdb0c133fdb4177bb858d835c7e11803cf5a6f |
| SHA512 | 7f686878cf5a6945a9656d951c84b463f283cfbc91a35507300a769c160ea30c3108606801ee6eac2a75477c56e503ee0fcea420d7e273568a1b8f424c239c19 |
C:\Program Files (x86)\Windows Defender\uk-UA\EppManifest.dll.mui
| MD5 | 7185f541801297ff7f5e3e26d7d375c3 |
| SHA1 | b95ce1ad294933a78691e4303cde03fe9695f29f |
| SHA256 | 0420a5916521bfd9e83fb03599a6f7a6f1d5ed39440a380a0625f7b8eef04385 |
| SHA512 | 364fca76166d7c30545c488972094bc4eb66a6dd6fd7d9cde8a31709dde6103dcd1842ac54a9bd3a8488b02b38d17657fe123d596d7a33972d16638918d9c065 |
C:\Program Files (x86)\Windows Defender\ja-JP\MpAsDesc.dll.mui
| MD5 | 85755234097667802d05ecaa5618c66a |
| SHA1 | 0e722bde3fd4f3958ae51a54bf530038282511fa |
| SHA256 | 09416606b191c322d6f091d0511948e5cb4f36730baade740a4f984a08b7c587 |
| SHA512 | 234b80eb6d2e255a19d4d8b64de52e2e246f56fd77c4bd934a5821bc073c0b031b5085c9623677e652118ec9f8ad70d85f23875ea6c2d2c421bd8fdcf64609ae |
C:\Program Files (x86)\Windows Defender\ja-JP\EppManifest.dll.mui
| MD5 | 631dbb4c270924f8c5b9410a48e6d39f |
| SHA1 | e4a52e8f065951cb01f55f8315378042c70de68e |
| SHA256 | baa96ebb4d9d410c370e33fdb643600e696cf04edfc5a4cbbe8ceb8c8270dbbe |
| SHA512 | 44ff15b9eaa967773746effd5cba85a500f12ea7367244aa08bd8e9ff87b6457c7b1cf41ccb81ff1a538d4163e4f80208fd7e0f11d7a3b75c6597c62562e2775 |
C:\Program Files (x86)\Windows Media Player\en-US\mpvis.dll.mui
| MD5 | c7cc1b55fdf4ee661f017490a595bb08 |
| SHA1 | dfc3caa790e9821ae17d1937332e0080616e9033 |
| SHA256 | baa5e016e1e44a51b0c69045a23e95654e1ef7737c586ea42d6ccbd7196cbef6 |
| SHA512 | 68219b6d1f7f5f50bcc20000261059728f0a43a04ac593241fc14a8b17778c5fc0f8c52f20cbcedec25efc0a801ca6a86f32c04f86755f570b53c75ebcc2b031 |
C:\Program Files (x86)\Windows Media Player\en-US\setup_wm.exe.mui
| MD5 | a5a1236217707d13acfc6d7a1f31ce30 |
| SHA1 | 37a909f8133bd88701164e435438f9d0760c1608 |
| SHA256 | d6f89917b177e1d8031e98ccdfc7927df6ca3629d4eec7c41bc419ba5fd4e8d3 |
| SHA512 | 15c315f53d3d114b5e3e4b5fe8908cb4b68a670c88b7368d5fd5d8d4e6793dc7875dffaad4032f5f0d3d8e41e57434b8649d07cf15246b6c76fca3654e8b1d13 |
C:\Program Files (x86)\Windows Media Player\en-US\wmpnssui.dll.mui
| MD5 | b56eec73f5d0af7e7425762cf5ea94ca |
| SHA1 | 5910e0a0fcfc6f1fd0e34689a809220ce25a8560 |
| SHA256 | aecf7f5e083f3bff6224c2780173de3aa0f52e843e115af672b5ed10f00eabb4 |
| SHA512 | 7136a60ad92be499e798b8d44564010633319cf162cfb951f7f7551f795db90bc7cf66348eef9ad4a093839ac096c33616cebf205ffa8461f0e1f75c181db392 |
C:\Program Files (x86)\Windows Media Player\en-US\wmpnssci.dll.mui
| MD5 | 03aee5affefb219cc2b0ef11a62aeaf5 |
| SHA1 | 8a84f9378d5904e681e65236718465358757e61d |
| SHA256 | aea349293d3f2c8c66a77c30d7518e09a1ebeae48dd00b5b8a0ea4eb100fb122 |
| SHA512 | b4cbd4b11e1112b888d2bc99d1a0ac50d76e6f702523fb4965032a54a7555154403385d2cdc83e41063787420c80282128c120a1aa0c5998cdb6f774d391c7c9 |
C:\Program Files (x86)\Windows Media Player\en-US\WMPMediaSharing.dll.mui
| MD5 | 7ae94d40797c5a467fd4d9b0dcb2578e |
| SHA1 | f6e74c27ffcc06c3606f23d439aad5544a077c59 |
| SHA256 | 5b68b9caededde6fea53ef3134702431b630f9a90df88718712ddef3efce9904 |
| SHA512 | d58ece36a06366cdadc8e2151cadcdd55d6079495e57a9c2dd8541b6d001af81d4a0d594cdff6dc11ce12c1714707bd6ea3b5176fbe436140b5c13af210f13a0 |
C:\Program Files (x86)\Windows Media Player\en-US\wmplayer.exe.mui
| MD5 | 7a0a8be95190e46351cdf4d8c2d27c83 |
| SHA1 | a3c855e012caa468052a87ca2c86f55c10f3d88d |
| SHA256 | b8968db056b42261c8d90db3c13b6c40b6ae2cc34ca5c6d9a198b5ff04e13ef1 |
| SHA512 | 8044ef84a3783eb20324e50885a024bb907509cafd8b33ccdb2dbf99ef5c6c483cb0cd1b5fc97095063d418f331b1c60705cd8f80bf39de4d1f811cf054c6448 |
C:\Program Files (x86)\Windows Media Player\es-ES\WMPMediaSharing.dll.mui
| MD5 | 7656c55ea27dd171e0578ebaac047577 |
| SHA1 | 120e5a256155686ebdfd508b043c14d0c8249b5d |
| SHA256 | 470be67b68706d595fceda7fc1ad4161587f122b3b22bf609fa3d6f43b02b514 |
| SHA512 | 6387e7066dc12267a805a737d522c9c098ede235990080612f8be3398eafc468e5d89c61f32765acfb65b39d938f423aff757aad3b9dee39e141c5fe3e942891 |
C:\Program Files (x86)\Windows Media Player\it-IT\wmlaunch.exe.mui
| MD5 | fc62a2f598e82ec22ca729b81e4c2a59 |
| SHA1 | c1f7ca772f5ead68ab77130dd88d6b953f2a98a6 |
| SHA256 | f16938382a822bb5257bb9b87f2d7228d158ee9dfa3bb0bcf3d54552468bd249 |
| SHA512 | a538d18fce924e3fad1de5342af23fd184727bb120708752878ec9709eb9cff794d264c9f1660c0700ddcfb878e4f2ee4c7769682cc3e7d6153ed18bd760f85c |
C:\Program Files (x86)\Windows Media Player\it-IT\setup_wm.exe.mui
| MD5 | 724b0635cfe095c667ca6133b28799f6 |
| SHA1 | 7e7abe05ffaa3ff838794e01d311ba03216d9ff5 |
| SHA256 | acbea09540bc9a6ebfdb1116993f0e48e520b1ea0c5866e554ad50f9db02287e |
| SHA512 | 952cce7310ecbe6f8a5c9f25aabf223d416aa55827ce6c6146ad99a2585eea2d20bd7afd329c5d89d77b1b24c837256c52b0d50679a46c18f97e0fb83a6557ed |
C:\Program Files (x86)\Windows Media Player\it-IT\mpvis.dll.mui
| MD5 | f1a327a0076fcf0c5f419570c71f3dd3 |
| SHA1 | 15827e0291f9a70c8a569c3571569e3669029ffb |
| SHA256 | 4cd1dbbe1560f3c30095287ddb12c82782ed7de5dfe2970219c1b6f1df52c366 |
| SHA512 | d4001adcc9cbaae5f96540a6553489f9ff542722ab5e11b2418deec2a78e10183bf01d13cc0d3860542656d19e4163aa3c8250b4742c97b85dc00d78565e35ac |
C:\Program Files (x86)\Windows Media Player\fr-FR\wmpnssui.dll.mui
| MD5 | 17d4b080a56a39f9c19d525459170b23 |
| SHA1 | 0e2f1b9f48b82730e213db960b3b31d000e2bcc1 |
| SHA256 | 9c3d4a75d88bac0dc1cb62e0aa88db0cdae43404bb806ca1559d8c0263b66bb9 |
| SHA512 | 53d5bc7df4db3fa552effe5e9c70ee707fb0edc89651672c916edb9fe6ead7d2a5d223bfd19ac901565f0f914b23b9bf67ff8864673f72c83e44c590596978c8 |
C:\Program Files (x86)\Windows Media Player\fr-FR\wmpnssci.dll.mui
| MD5 | 51538e752c5ff04a725c78479738cee8 |
| SHA1 | bb9ddbe6898a7f2c7bebfce4e27d2113adfd75e1 |
| SHA256 | cf12393e563516b6acdb29cecc026301b5b1101212396266871351ca82e8ede1 |
| SHA512 | f189bf28e3546a3be0da36ba42136325850713c1082b2761fcc113f6e7430b99b3a5fbf198865ce39c3e2352b7b7c9e6319f02f9a70a6a02572124de0ab80fa0 |
C:\Program Files (x86)\Windows Media Player\fr-FR\WMPMediaSharing.dll.mui
| MD5 | 23a820bb0c2df408a2527390050fe315 |
| SHA1 | 4d42879604248cd0cf2856200926c35a233eda61 |
| SHA256 | 1b4fdcf5045cdd92ec6cae635d9154ea40697a4f770dc65ad883d1b862b3822e |
| SHA512 | 66198300cb460825e3853926b7ab695c93f234b72cf174a2c7fc98ff0cbb1e62bf3bd4b60bd1712037c2865c74ac9c924f9125b9693a503c879149b6e73f2924 |
C:\Program Files (x86)\Windows Media Player\it-IT\wmpnssui.dll.mui
| MD5 | e0e2662378ee617cd3b0e22177545144 |
| SHA1 | c3466bdcce65567f23d7ee6c772313e70e986d80 |
| SHA256 | 55d8f2d164512c2cbeab4ff2a87417a45311e668a370c7d045e6665d73ed33b6 |
| SHA512 | 71cada8c3a49dcc52223053a72ec2d91d7dd4f68741f7a639f5273021cf3fec191b6d6b76676ceae1354f9d9e63cc55dd226687ec6f50ae80deca00b55b48215 |
C:\Program Files (x86)\Windows Media Player\it-IT\wmpnssci.dll.mui
| MD5 | 048d68070445d77cc4829ed462f2be8a |
| SHA1 | 792e28503f51b9a6699781ed17112f3ae6e5ae26 |
| SHA256 | 8f5da0e051c2c442690a22380a23d7a2bac9b4e71053e213810664bf4c9b808b |
| SHA512 | 646a82ac624f8c2647e5597df90d38af4530db8814107a7190c25dfb218b1b0757e9510b6a84eec284e65bd8ff3af46f83731c9957ef150409c26288a1778ff7 |
C:\Program Files (x86)\Windows Media Player\it-IT\WMPMediaSharing.dll.mui
| MD5 | b4530dabeac0d605b65d7b565f6ad071 |
| SHA1 | 33130f317ff5dcaf0ea0ba8bec6a3c72149c6b51 |
| SHA256 | 89d3ea08e2ce1779ac22e63ebf07a311eb6f231ed3c50ae1b71e8987eb51c6c0 |
| SHA512 | 45b86bb4e62f11539d16be2598af272f0c62508f113ef8a8c907606783fc877c8a8b4cc41bb9fd6fcbc2f8fd5d6c68c0e386393b7cf60bace40526d5e6e43693 |
C:\Program Files (x86)\Windows Media Player\it-IT\wmplayer.exe.mui
| MD5 | c3b9f3e9ae70f5adf3c5753f2871ecf9 |
| SHA1 | f057c46c842a149ab4b82b81e8816b37cdaa9460 |
| SHA256 | 4f9bd3ab68ffdaf4e3365c172ebf72ca60f760a6a3d235ae504622d052b350e1 |
| SHA512 | da4ec11d9e5c25e18868bc4a950e2c55f21b1390933d37533178fe6d54de62fa0ed2dad3b8530ae4b03335bec15d0f9d25d34ee8d690c0a9683da1557b1b426a |
C:\Program Files (x86)\Windows Media Player\ja-JP\wmpnssui.dll.mui
| MD5 | 17703b74b6b9dcc36c02be1fef3ae428 |
| SHA1 | 4890fba8b55e024ae591328af64e4d3e9e9f6103 |
| SHA256 | facfb300f53d8122c384cbde2ea79afa5beb286def783d4077be9cffcea23000 |
| SHA512 | 9fc7c3ef5e0c9c01d0aeef670f96435b895756f00fe45b709b501d532c5ef7f8eb0d25cad2b04af4dff5dc8fcf5184384618baa628fa44c6ced5b82de69e430a |
C:\Program Files (x86)\Windows Media Player\ja-JP\wmpnssci.dll.mui
| MD5 | fb3387a1ec8fe0065a727cc6862c855d |
| SHA1 | 784f88736dc41afff4f5d36df2ecf2bdf5057401 |
| SHA256 | 046d638c7ec04907658a570419955d0c48951addc56922bff420d227b5ea1357 |
| SHA512 | a34ee71739cdc085a2df4a1b438be51c6a6bff8a8a231f7c18fb4f2e2e22366c4501c2ecd32b8d2fc19d598c7c1e8ea1236296fd8509d657de6418b401d2d92b |
C:\Program Files (x86)\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui
| MD5 | a1825205e3e1b54ba35bf184fbdfdd68 |
| SHA1 | f06eff87887194cf2a10b508b39dde124f9f0478 |
| SHA256 | 8d92039d16269233f375ed4e907032128b1f362dfdddad5ddad63465d4ec665c |
| SHA512 | 07ff85a72e1bbfed2e71a7960329d99c27236b0846c911d6810f541e2d14638d66e4827c32f6134c4e055660406b91e493b93e0f9bf64b183b8a25fcbdf6c647 |
C:\Program Files (x86)\Windows Media Player\ja-JP\wmplayer.exe.mui
| MD5 | b1014cefc6d4aa6fbb2e1295cd97969e |
| SHA1 | ca101b62d676c43a1463d8125a38e744c6bbeb1b |
| SHA256 | ae3be1cc327d14f144b6c8e83513351e9c0aa37fdd762509de2206c9ccb3bcfb |
| SHA512 | db0e42a374172a53d65fe953f9a90ce667cebcb972256ebf30c6f361e971b5ead3e2e8f55a34bb84cf8e69b6c96c8583555b9b478098b9a1ee67ab8999f647ff |
C:\Program Files (x86)\Windows Media Player\ja-JP\wmlaunch.exe.mui
| MD5 | 98913ee07ca976b5ac14afabcb5e3a85 |
| SHA1 | 40b80488711a8e95d378a0ae2f0086e0ddb3fc93 |
| SHA256 | 16a0520c18ae82af8e1658c6d7d88ecad7f7c5a9d2fdcdf43d89d43f6ce22826 |
| SHA512 | 131c42d6c694f5e5db6b6ee98104e292f19efe7d803e07e2658f36a6b075c2625fc1491732163823d88325b118dc1ac97c7ed0490eaa87db4f7ba42607b0520c |
C:\Program Files (x86)\Windows Media Player\ja-JP\setup_wm.exe.mui
| MD5 | 192cc668a2dce910ec08a34cf5dae058 |
| SHA1 | 1c95fc758714e4e2d9b8cafbb6353f48914215fe |
| SHA256 | 14dc4dd38dee06a6e877d8e5958341dfd7088a0dbfa9850d5012b8916c959c4c |
| SHA512 | 12ca570afe0293dd9cbb0486877dba553d37641a402e861e78c559de699cc8fb8c7005bf66434d2e69cf4218dc7f41875395c5667ecb015d0f54ac74b0117d75 |
C:\Program Files (x86)\Windows Media Player\ja-JP\mpvis.dll.mui
| MD5 | 8fc633af14509a97076aadcf7f225de2 |
| SHA1 | 8a4c624ec89977a6a8a845c15b2f87f51d06b169 |
| SHA256 | b0e5f80f8bd16b26e4844fd3f562ec35086190cdbf453102345a5be2e0f4e160 |
| SHA512 | f746178c33a030342d43e0433aa5e492305e660fec589b1ae636f8e85ba746c5d227ae23061dcd728b91f9a23f53adc62f25fa4b97d68c865ddd12cc692f5fa8 |
C:\Program Files (x86)\Windows Media Player\fr-FR\wmplayer.exe.mui
| MD5 | 36aa9f0febd3c0909ec2bb91c5a47cb0 |
| SHA1 | 1385183f0b7ab27a4ad751d4c4375f9645aa6709 |
| SHA256 | 0273913e995d2b3608da20fbc678296f0fc8c839b17eb2782500825a97f4db36 |
| SHA512 | ac13a3a02381eed340bf50bee153b99b11e64c64cb20c3607a781ce9bc42e84e89be60b683f2c5fc6bc899d806d82bcfb4bf493a1f15d14ceb10439dbd7e3ca0 |
C:\Program Files (x86)\Windows Media Player\fr-FR\wmlaunch.exe.mui
| MD5 | 71398f285b0c51f72b18e45cd2ed5785 |
| SHA1 | a3ecc26b123c19d90ea964d4279afd0484fb1de6 |
| SHA256 | a611daa58949c9b2dd5d663ad5836055acc27b06121f39d5b69246e8a1f62923 |
| SHA512 | c532b27a1d49409cac6bad2c20527d041efb1cf44c3730976a2cacbc3f2b49f6a5a2d6071630b2f3d990f421470314dc900088c23dbe6d3f3b435b5321774b6f |
C:\Program Files (x86)\Windows Media Player\fr-FR\setup_wm.exe.mui
| MD5 | ac290b60e3a348807216ceef824e133b |
| SHA1 | 72aa5a10d2b1ce47625fbbbdfc6f37ff56d3833b |
| SHA256 | 3990c9ec24343b4db3322495b0a2b4ce0639ce894ca0330531e25f82ad921ccb |
| SHA512 | 0b77f530117ccdf90e0d298f093ba1d819db21441adfd1df6e27466721f1d6214a453290796ab68b1cc23c40ff567061bf168557286cf7a0bfbcb6c639cf5863 |
C:\Program Files (x86)\Windows Media Player\fr-FR\mpvis.dll.mui
| MD5 | 78a3f08c0daaac836fa651d40b97116c |
| SHA1 | 3e3bebcfd24f7497ef698b17739e2ac126f30df1 |
| SHA256 | 9a2f2f4834e679c0b654e469a0ddd83e68ffc975be7499e70db995a78b56cde8 |
| SHA512 | a99c316e315d78697c4d9b18c81d04a1027fce23f7731b1d9c835e69886e19107b16aed5b5ec73c45bf7a41ffbdc0d630e335b237246f45d2cb2fb7c30771ee3 |
C:\Program Files (x86)\Windows Media Player\es-ES\wmpnssui.dll.mui
| MD5 | 61a05e94c534c260ffa4f7c07e486555 |
| SHA1 | dc72ce18eb2563e8e84104a706c503f4a530e1ba |
| SHA256 | 954b5ac14399c142d92135c39b2978d8932b46fc2cd0b9b4cf74ad2e4b497b14 |
| SHA512 | cd51c3af94fa4901756e920035c7a0ad5736f782bdf054ea11759faf6fe133e7be3d09dfc44b072ba319f75074f3b7a9d53bdfd1d539e75d5a29cec30967df22 |
C:\Program Files (x86)\Windows Media Player\es-ES\wmpnssci.dll.mui
| MD5 | a57f45b119937cb875485286623b3a49 |
| SHA1 | d68410600cabaac5a7f65aed90082ad12d5e1a4f |
| SHA256 | a39cdd59200c8292646be3f9c4aa7081d2d2f67ba4ef1156ba942317731c80f5 |
| SHA512 | 0a2f2ba5bde906a6cbcee9b0819d33977075e6a7a8355b121f4c79448c05e5cbbcf5b3153344446b41a6b9786e6575fe558c5554a55282dca75042fbbbdff144 |
C:\Program Files (x86)\Windows Media Player\es-ES\wmplayer.exe.mui
| MD5 | c54cd9c306bec1cc8eb4b7040081269e |
| SHA1 | cc4845876ba82341ed9f85e5172411cd467f9cd1 |
| SHA256 | 7da2ad9c8da17d357f718ed882adbd4165ff658ade01f5a4752c508b1e26cb6f |
| SHA512 | 231a0cf80dfb86943857a161986cd3f72a543d840de085ea961c80a8c52fa8acee353a3fca1a63e15b83f32a54309c0ff0247a1113932a3ee41cd4588e945c61 |
C:\Program Files (x86)\Windows Media Player\es-ES\wmlaunch.exe.mui
| MD5 | 5d7c438109c7f8f33d23a61eb1ee3e58 |
| SHA1 | 9eddc2516b387dcc268f852391fb3e97626ee6c4 |
| SHA256 | bc1eaf19df74c03632e7cc25679d848545650f7091e9fb49f735dadcdeeb6198 |
| SHA512 | 561d2f482f96476d2dde53d02b104c0652688856fef644f0cdd441b0f69d7c3a9f09ba4002384460e473e14646258d618cffb2aca4acfe3f3ae001e242ff14cc |
C:\Program Files (x86)\Windows Media Player\es-ES\setup_wm.exe.mui
| MD5 | 44a7ddae6d4140e0a97b455dde5f4bc9 |
| SHA1 | bf31b7fba10c2ef67f9e2686d55307f1434c5896 |
| SHA256 | 6b52afe615587def86be944ddb0834e08aa5f9096a2ab8e94c2c8fb337630dd3 |
| SHA512 | 2feb93569f2651980b6d128869122f42727e0d37a7a8fa78f8a833ffc6380bbfd72413a6ab4177ac27c3c59d4d94833325959017e044ae9261c126a19cea2087 |
C:\Program Files (x86)\Windows Media Player\es-ES\mpvis.dll.mui
| MD5 | 85de2d05803f56654def5bb3bdb4c065 |
| SHA1 | deead260a16c6622780a2c9a07e9500322a04f85 |
| SHA256 | a4051d72f977fdffbd3c3d22dedacbf3b9bd5e077f5f049fdf33a1d96177a77a |
| SHA512 | a8c56a34e8b9b8c9e63679fd6ed3b8e14722133a65d8e790ba17a34d9ecd2ef48423dd442ec82bd7ad0cf8acc3cc6f10fb4586eb0c895b2af17a7e776c9ab8e5 |
C:\Program Files (x86)\Windows Media Player\uk-UA\wmplayer.exe.mui
| MD5 | d1bd8a8c48186be0e9d54868c792cd1d |
| SHA1 | c0cddcef7f649a3bdb992b84c050ab4dff8a4746 |
| SHA256 | b2f7cf6e867bc378a0f61c0a7f7a6f0ae2dfe677d73b89a5d3eb7eb428141112 |
| SHA512 | b8125ccbb04832e285954de915e602a43648213c561bde64c6773526b007395203657af7733b4c82a0fc27dbe243237956d954871be46da3ba65a72d2b0b983d |
C:\Program Files (x86)\Windows Media Player\uk-UA\wmpnssui.dll.mui
| MD5 | d387163396945738a0c08f0f232edd42 |
| SHA1 | ceea5db8a1ec8150500d94f6bb854acc4da7f7e4 |
| SHA256 | af41a6f81d01f9580a8b974196ffbe45e527066188be2b08a37110d382b64365 |
| SHA512 | 9d657c8caa62f9da0c0da98bd1e84b6efb11762f7ed190a89711c254143a183c6a6ff58b62961c6f69b818e6b99173c91d839e7fb7581e1050ca5c3e68bb289b |
C:\Program Files (x86)\Windows Media Player\uk-UA\wmpnssci.dll.mui
| MD5 | 4ef3d8db74dc242f0f46e57bf2c28b97 |
| SHA1 | c156f313a7794ca671d72d63e976158b26709ee6 |
| SHA256 | 3976621a21de62f557c47aa6285031a3a9a96e2e6412e124cab1255b6adba9b2 |
| SHA512 | 7544167d44fd2b3212c1bff84b00376d11907911f6d7f7c7d99335698052f7b5babecd40787188b1bda16f9a28d6d4be342e24277e14a026172c1a31f832d545 |
C:\Program Files (x86)\Windows Media Player\uk-UA\wmlaunch.exe.mui
| MD5 | 70d3fb68b1cc8009984639a7628673a2 |
| SHA1 | 10c5d1ee1fa502c644c52fbe88787c12f9236748 |
| SHA256 | c417f3425631896f4a6e39fb29c082d53a7554e332460c5960d675014ad23a45 |
| SHA512 | 810f059bc39fac5e06cc799096c658a6c177f6bff5fea4ede509e451fcf3f0c109bbbd74e2bf1db0274824251be1f4ef724da10df99cadddc651bd43a127b574 |
C:\Program Files (x86)\Windows Media Player\uk-UA\setup_wm.exe.mui
| MD5 | b5dae06da7bca6a15774549b57e956e7 |
| SHA1 | 65a30b5357b3e201e1d11393c5d8da0d1f02c0ae |
| SHA256 | dc0052fd4fa2805a69028049049812e629ae40d14b946e7cb0b64ec0f5576459 |
| SHA512 | 408606a304523fea20feee98b6739bcb3e28a6a829642b153632201672de6a6baf4e65893582618bbef2780f591bd1dcab57c076477964c44cdbe566e70798c0 |
C:\Program Files (x86)\Windows Media Player\uk-UA\mpvis.dll.mui
| MD5 | 4eae1189af1d45ec7f2ea04cd60cc21f |
| SHA1 | 8dea3ef199d0f8f8cddde442361bac2edc8989fb |
| SHA256 | d40ca1c508dac45c84577bd38d3ce678d9dd935122eb7e282add3dcb470fd97e |
| SHA512 | fc580cfbd144263d2ac7c81297e129be0d45f6fe5f4e29b3b1aad1d148e3925ad147be2203c52f2385e875601f6e453daeaeca89e49968bde2fa4991070cc8c7 |
C:\Program Files (x86)\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui
| MD5 | d6a8090da7a370f0804fb76fe15c303c |
| SHA1 | 9beebdfdf71db9297a5116b6995791024c285434 |
| SHA256 | 8e7a66574fd6766e7462d377d9b0294071916ddde986869c0d71387d233fbee8 |
| SHA512 | 9f5652ded9bc51b306a12702a5c0f3c6ba18f276e9c2547f43b5d51fa0e2a8ead6c3971fafab644493b2801e830b6cbba8ddd605bc356e0ead69f52a724cec2c |
C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoViewer.dll.mui
| MD5 | 19b2f50e81ede3f108d012e8c75b9ab4 |
| SHA1 | bc4c776656fa89c3eccccdbbda5c67fc8c9d6858 |
| SHA256 | fb308cfbc8cd920142e9c2e23b334f283b92e695136183b71a72758d3dc401a0 |
| SHA512 | 89334dcc40d2bc82a8622bb5c911380ad9bcd379639e26b75045548d76876e0cc225c6148c27c85f0c97f5f5fd5209da2bfde4081c96ac7b057e1132ed62664b |
C:\Program Files (x86)\Windows Photo Viewer\es-ES\PhotoViewer.dll.mui
| MD5 | 420c87223ca229b1684e11d63024db52 |
| SHA1 | 64b0bb494f42b598502501acbf158e85e90baf24 |
| SHA256 | f989bbccf73a2d2739e42bdda7aa94928f5bbf9483eb057cac512550bc829856 |
| SHA512 | 2d36fd7bbc4e47eb3fa025cf004c531befbca69f999a4f83a0a2162692ec7748837573333ddc64aa2ff65724a0bc019ab19ce100d09ab8b33cdc1fa2c70e2ed8 |
C:\Program Files (x86)\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui
| MD5 | 04a08df1a45b8bfea2ced9f8920520c9 |
| SHA1 | 7c54ac290c10af5f8c5a934364e1facadd499c9b |
| SHA256 | a71c2f7b89278be3383cc52bce904c69a049d08809390bbcad32c817cdd490f6 |
| SHA512 | 68475afb43bc309736c6498cdfcdb10f35221713c53af8c46eba8c98b645895d41d2c4ef0d70ef1c487327d483ba813452dc01819ecdb5701c00f160ec6dfb77 |
C:\Program Files (x86)\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui
| MD5 | a7cace72c2f15c60298006a089183b70 |
| SHA1 | c4fee6915b15c68d3f0f15db5f62b1d0b91297ec |
| SHA256 | 97747daa7995f1b5b6531b58ae7055b7047838908932d0d5eeb32d22f17d89ca |
| SHA512 | c6725ca079a1714455d25910d0ddb6fabe5313e453b94251fa3d4acdaed8674a97b41d42fda5ea5e8841885aeaf2d1afd6b1cfcceafdabb4108dc168e3f5fdee |
C:\Program Files (x86)\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui
| MD5 | 41dded6962c4d4c9290b40fc767416f0 |
| SHA1 | 879e35f0a72c459a49c41e865e741562293742b3 |
| SHA256 | c282cfd625f67cea3a051aca68a8d7522784639c7c8560302eab61e434ccd9bf |
| SHA512 | 993150c20fe6f647a770285a1127323f5243f7f08848ce3702f549dd60cbbf903b4d7ccf84330e9fdfefe085b6c9560b5cd91983101547f15b33203ac7b88c6a |
C:\Program Files (x86)\Windows Photo Viewer\uk-UA\PhotoViewer.dll.mui
| MD5 | 3644b1d7a45b12edd8c5bcc24bdafc02 |
| SHA1 | abe77b151d434d0ff878ec872b841bff83699c48 |
| SHA256 | cdcbe425692442ea785ef45875405db09cf6f7730acafb320015fe058efdbebb |
| SHA512 | 35e78899220873a8e634b9c284462e7884e641c1603e6634824eec9b2d62a470acf610d21bc119d5dc11e4ac9ac37d484139a202518fd2beed41bc7a2481ee16 |
C:\Program Files (x86)\Common Files\System\es-ES\wab32res.dll.mui
| MD5 | c487c7a39e4ae3cc6ea31d16b5411449 |
| SHA1 | 633f0afbd918ff0dc717b1b05d1b67b28fe56d2c |
| SHA256 | 35961e1a71181c529b5f5eed4f43f018952ed8de5a89237cc4ff8e6539f8af47 |
| SHA512 | 1ce51413e7534af16a09b98e67b5e7cc076272f93cacf2921fa9778b4ee8dd69a0699330d14a84765578ae0a6cc07b25861d2a47f72d30fd1af160f81628ff6c |
C:\Program Files (x86)\Common Files\System\en-US\wab32res.dll.mui
| MD5 | 2fb448a3a5a9bb3fb1c6829767373504 |
| SHA1 | 04312248763d4ecddff10f2e4c2c664642b707a0 |
| SHA256 | 7a6e2d57d5c72b39a227192538d80e8a9ae78c4f59c040637f26b2da642e7f22 |
| SHA512 | 91b0b5d62d52c56d76a6fff3372ed84f05bf8fa2ea6d900131a276e0a4c60ee2641e4708322b17c953ba92c1be28da5d5fbe130453c7b2b4ae24a95cea5cda1b |
C:\Program Files (x86)\Common Files\System\de-DE\wab32res.dll.mui
| MD5 | 69ad3a26e3fed7c1ba67a397657eebb5 |
| SHA1 | 258e0a78ec978eeaadfaac3bb9963f540fa15c0a |
| SHA256 | 0dc9e69ebc0888d37bf89d945ffcf4c123001e523020956c8c4f196a99078feb |
| SHA512 | 9a58c0de994d36743341a329791a72867c47f6edc3c346225efdc1d45a0a4450ffc84c6707adcc2905f76d1118462da5c01fbffd5292644a799b1e79fba52ede |
C:\Program Files (x86)\Common Files\System\ja-JP\wab32res.dll.mui
| MD5 | 85e7a0fdc36baa2c30db522020b83959 |
| SHA1 | ac6c3f09887ba5d511dd1e560a042b60ad567aff |
| SHA256 | e8bf0c61cc10792f8d7c1821ee1f5b636f6e8eff187387d6781af0386ab8e669 |
| SHA512 | 45306c2f23e0ef0497bbb6e447efad67c759e3bd6a5de91c30e821b2b23724d65c8160a54ae15af52b228d51e9e4bb8a6df268a811ffb76b5cac35ed1156ead0 |
C:\Program Files (x86)\Common Files\System\it-IT\wab32res.dll.mui
| MD5 | 423650bddb1e34f0993838a70c25534d |
| SHA1 | 39497de5fac0399a81615107bccab5bb9b8bd30d |
| SHA256 | 4875cc0830641fed698f305db983f3ed4e603697476c5a2baa6d427b49e6d4ef |
| SHA512 | 317bf352533d4934aa7adb68706ae5198a03ada6502e44d303086c448778cda4f14efa8a33b0d7b67dfa9b5aab4e11595edf0e2d67d4cea594c325ba6f593ad0 |
C:\Program Files (x86)\Common Files\System\fr-FR\wab32res.dll.mui
| MD5 | a278ba18d52cee47ca36b2da2e96447e |
| SHA1 | 3f20ae776b02af3cf33ba7b9a3cf3bbc4f353f10 |
| SHA256 | 298e62961185f2dc4ae75e7d5c8fd7a3c5f5943e310221deb6682908fc9daaf9 |
| SHA512 | a1a3ca1c512a7ac957c69a2693440016bc7479d70b63f641a28a69d03d98c3a9188c82a18493afc259b30e1233145eb752a9f9bea62a6e32e0066a17d513fbd8 |
C:\Program Files (x86)\Common Files\System\uk-UA\wab32res.dll.mui
| MD5 | e5a5abbf65ac5a5182f77d21fab76f6f |
| SHA1 | edf25c95e37f89082254e70a7f6e6a9bf1ab738d |
| SHA256 | d60c0ea048ff82c929131273ef9659ad839e4e90864d12f703cec87c61506fff |
| SHA512 | 6baad8ae326526cec1cd9cc43affc78220a5b10288f0abc397afbe8f407de96b58a47c8d20188d9430edc607915f2c45278b9c51225f98f08f00f49790edbc3b |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui
| MD5 | b9d200f027afa7c48684a0eb169b15ed |
| SHA1 | be5e360175a53fc5635a84de8b26d11eceafaa36 |
| SHA256 | b39f1610e9d4f703a264704b791061b469618063d73ed21e971e8d55700fa02b |
| SHA512 | 26bc01a160f907e91fc820f867299f579434cc1992f741058ca209e3f374aa74e33212fd2476158327f78d1bbb7cf4ba8a26e8eb15d875a927689a05bfebc1b5 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui
| MD5 | 09650512767b6e45c7337d07bc7bad51 |
| SHA1 | 9f14b227d1288feec96ea31ed4c3c95ad37ba4c7 |
| SHA256 | a3d5ad448ff717fbe77615d61cee2a3ef167ffa1425dc1a8ebcf9ebf80bf7ada |
| SHA512 | ac85451405465768d06101b93f65046342f93c95b5223b173544e3c2a3c43305f8c24e4b059f85acc1596c8d0876fadf5bda01562745efa57fb6916e9450d998 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui
| MD5 | c7464bf7b7ab9abf7cfb8dbeb565dd84 |
| SHA1 | 362eb79f84e6f89246b97a9d1dbf6cb1190ecc01 |
| SHA256 | 566fc870709d5ea29b393d8976b97b448c44ac6d551b232a1bf791fe0380b50e |
| SHA512 | cb76075d527939d545e1df6bee37b5cc20eb3a3eb7fa0a1b4be1f8425ae539b81689669be47f0d271cd31d88ec6f3fadfcb11b6b7785304e216c66c577e6ec10 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui
| MD5 | 6891f0a0bc264e7331b0f4648e0876b8 |
| SHA1 | 84c9f108d979b0b50d6b0900666423877cd1952e |
| SHA256 | fd0256a5a349fe519876a1b19f846cc35a8210d5a45d405f819765f7253892fb |
| SHA512 | 93d2843336030ce12faa5e460c17c49d70f0914190530a483443a25cacdc80614903c443037e2fee3b287a3a205bdeb79ced60887506645595a9a8aee1d4d292 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui
| MD5 | 7532938392ac004b82f90ad6e3d4502c |
| SHA1 | 0df74385ec06c88efbd4bd143a75e7a48aba3e8d |
| SHA256 | d557d30e1c0a23dcb21c83a40d17f1b3894a692f178d191b61b3ac2e57c0c52d |
| SHA512 | 2970d1bfeb3c5384fd4ee1c398f6e08a9a0feaf13ea3cb93d220a5a7d2a4784d21d5f632b3172ff613c95f894b7babd9c28a3f4022b8c8a9d4bc4eec93380167 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui
| MD5 | 54f090713dd57954c59b150f5b14a170 |
| SHA1 | 1cf2eaac30315d98018fd4097f8a7f28ecca5b20 |
| SHA256 | 1a73f1b9a77024ed5a2a5e1990d7d139e377460ee91b088a0e72876ad4403dd1 |
| SHA512 | 91e5e5b1ad94d7a351f8a11358f4c6c67de515db2ea2eeaf4a79f44f943f149848016fce75f75dd2c7a0341fbe8cc7afd1921828409819b6f411ae4be2341208 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui
| MD5 | 52b59a420512604f9e4b0a07e6cca1c8 |
| SHA1 | 0f4f602bb48f70c9095590942314511cadf0b412 |
| SHA256 | 94c513c177fc6ed20159306e74cada14d4c50a1f70192a91d527f9cea23ade69 |
| SHA512 | e761fde05e5d4ef30b77ec5f5d5085db704963142cf49c8f88bac199ee4c49e15e69374eb2913e11e7fe1b613fa2f0875a1ed898bf18237c32421977c3e9c815 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui
| MD5 | d7a8da35f8e66ac2ebac8e31a5ff3705 |
| SHA1 | 42de854dce52c1c6348013e37fb1dd1096da1266 |
| SHA256 | 27070ec6a2a6f39b71e47a4bdc7f8507530315376227ef35d114014d20a4869e |
| SHA512 | 649f3e65c3924de3b533d3fb07ec887184d999c0fe87ba61bdb576f905dd187d0a540a93fea54c07e180b75f9ebbae2cd57835c57a44db1607ea3511e775913b |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui
| MD5 | 4783fe1eb1cc1db502ee14bed07db10e |
| SHA1 | 7aace3c382757cea3b8b3720c930bffee3f938ee |
| SHA256 | ab352ff76157351407a9b06f95e6b9101e5c899ab61b7b6dee888226bbe7dfc6 |
| SHA512 | 421d949aace099605a518d652a0029acecc8125f46560e31f75fd781a9603af8f8c2f7d52a062f7df0fd8c1362eae0a1da2703438f26c5fb70e15f0a266986a9 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui
| MD5 | 57fe45ac74c2bada374ffb0bc961d802 |
| SHA1 | 0a8ba1417b45121cf716f24cc88c038cf0ba0941 |
| SHA256 | 2349479f2a9f4d535a2a825fc896e452f298af6aaa0cca13788babdbc04c7e10 |
| SHA512 | d3ffae65a2acd6bbee823410b574db3156e55982fd2336f637396ff481c33e7d7662594cd306f1a5baf119a6cc40bc150b859a6149b555cd1a0e245953250293 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui
| MD5 | 45175f6978cafdc930475ca99624e522 |
| SHA1 | fb68fe349eaa4d71ed7f41b89e8d5e6690bdb353 |
| SHA256 | 2246b772ec5098579d7c3f1a244af383e05f5ef7ab82aeacdd43cf44a9d4c47b |
| SHA512 | 5f64c85acdd034bf4663d93644d88fcdcdbe485fd53d82cca5f6a2dc27c738665638c1f628a1535e0d5bf97695475e918a3c81a76e6bd8bc065f370e34a08805 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui
| MD5 | 74eb653c10eb3ef19c24cd717e0e3132 |
| SHA1 | a72f45139277264013160243b797b339de7127bc |
| SHA256 | 8ad4cb9de088326ce0badb4e2eea4c0da534ac9c7813984fffab57072a739fe8 |
| SHA512 | b6fb7fcef91f6b7a7d57dd5740f0055d616f2f4bdf85ab3db5f1eb2d5ca68e994ce72fd186427c8e1bf67342d57df04759d85f841a013170f900eac5d0900eb4 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui
| MD5 | c3e628971faf35fbaf5e50937ed16818 |
| SHA1 | c05a11a29dfbae2f91fc8b5a6c30531cd477e23a |
| SHA256 | 33a78a7bcd3531ff72c396699595b469b37f7b9e7e90262379e1a73deefb26e4 |
| SHA512 | 5f2f02f8e109c644c65287e8be1b5b827232fc87b3fd481c895a3e68f2f54b51a8578af3179cba1fe203427f2c0f8745eed2a5b3b6743067a149b3c548895643 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui
| MD5 | 349e245283b648f0a1214ff17d4e2e68 |
| SHA1 | e17d3eba9be26a24a0a28bdff653254e07cb3802 |
| SHA256 | 4702062a86c4aa36f03d918dfc8457654c7b925c17722b97d582a30576201f71 |
| SHA512 | 92ae0ffc3149c19d93194684e7a00a7a3d05795ee84763b8e1f5eb1b5ac5d5af13b8beeec7ca4855fdf918004cc2adc51ec6cd9446e48a8c53bdd26ce5c08db1 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui
| MD5 | d02195790724739bd6a2315f16fd2eed |
| SHA1 | bebb5dade4a6072a9d05543513b0657be69c718d |
| SHA256 | 38316070a6a1f0a6008e7ab2e9912b4c8e1d41b8b9afb7425827ffa5fad3aa56 |
| SHA512 | e8245be7df8d1f798f6ff93068490aba5e9a95e99f767529115a5c7d96301195ea7d1362348d135b83354a2c3b34c3fff09944c3d423d5f63f62f933c0e7802a |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui
| MD5 | b5e91646e67813494016f6088238867f |
| SHA1 | dc530fcf06f300ed62d63747047873b0cb77bc06 |
| SHA256 | c752e040e9c13670e4d44320c787f890b31dd0eff444ff3e4ee4fd507da03518 |
| SHA512 | 581ef8fd98d7f26e13ee240d74f5a13c0bfa23d39affa8dafbf532ace5607d9a1f880a607f681df929750a92ccc067e9710b17ccb1eb1fae4ece4c1535104bda |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui
| MD5 | 3e402f76ae436e0f2c506933a5849ba2 |
| SHA1 | 0c4577fc717e6a734a476a64296a91b8b495627a |
| SHA256 | 2018465fd0751542c42151983665eb747516709592d572244e3641a0c4d23465 |
| SHA512 | 46930b8cae48cc45057e1d1177ce053710f722a2c2b3d99a9597b780c04a877d049daa614bb2e6c21df9426334b4b35cae39f9048cbfdb2794bdf8d01a82e683 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui
| MD5 | aaa4874ece7aa98d8f45b763881f5dc9 |
| SHA1 | 072542f7865b0689f364094aac5e0d22ab37a446 |
| SHA256 | 7f332866abfcf693caa269eb8726f39f0e5ef4ceeeb1caa16924d4f6c44e218a |
| SHA512 | 754731fcc00ded0d12a23a994d9d4ebe71d7f54e63d77dc5da700385889efbf2607d116ba1f29af4a5e4a2239395a06e4cccdfbc88ebf669acbfdd1c81b3aecb |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui
| MD5 | 670084e60e4e7f8e53746fa3084cc570 |
| SHA1 | 1c35e7db847277f0cdd2808f4a88e39ad9ad4602 |
| SHA256 | 972c1b780cfd46813e20fdc72cc5d2f9c5043b88d28722d7c6f65942d4aa4e3b |
| SHA512 | 787e79ca4c417a336a6feeac3a47b34ac2dcdacddb014df4cbc6c77cd8df67afb63c08bffa1d8a52d45e0a48dfe5663d53dae733a4bde915a0d33b912f21420a |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui
| MD5 | d24377a3fc5dcfc6a4cf0b04d2e108d4 |
| SHA1 | 23b60989fb6113ead576f0ced1a5edadb2fc9761 |
| SHA256 | bc464763c0d73405826ecf47928b1131a9787120223a6ce99e534a8879ce3c26 |
| SHA512 | bfeb8c4c25c65af10d3a036cee2f8e5763aaa7801340467c2f110c0c6e32a2045de7c92c203f33095f511dab823a7c8336e844bd2bf32cf9172e7ad846c3e460 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui
| MD5 | df0069267f6860c90bf2c75cdcf23ba9 |
| SHA1 | 3456bd692cf952b4a361d2af0f7fdabc576b7dd4 |
| SHA256 | 3affc455b6da99171b3e0810ed19250d87e203b04abc12dea8bb9febb52024b6 |
| SHA512 | dd755add1b7608b67faf7df842d3c945e81a131e27dec72b76844c36b0206e174aecd01ba0aa7c804b863cfd0eb4a2a4704907cd83e9a02e2a22e3add5c3fe95 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui
| MD5 | 8345c3ca0299de5730f7cd9cb0fd4f0a |
| SHA1 | 8cce8c3fd1c0c7b4cefbd7f2d92e6a487a3356b5 |
| SHA256 | 1f32670c58f7f923b7d8dabaa9e79d6a13d81a84cc9df845e76b89afc57a96e8 |
| SHA512 | 79db7fd402a239fe62c1e92c67f675c5e512e02cefda8fdfaa698c1bf88292fd5e743bbf6a6074fb7e1e740b452e7cbeb19bd725a91107884fd2868be951e4b0 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui
| MD5 | b1fd1919377cb4b95dffcb3005b62476 |
| SHA1 | a6bdbfc47aa1c0adc4b9c15da46b3f631d7df77d |
| SHA256 | cfab345cd8396c21ee909f8e3c4a7531e0fc795e5245eaffd7f58c72af688c86 |
| SHA512 | e5ae8d6ef809d7bc998be815cc5be5c6328c3e30824179ab9d7d4efd4286ccb36eaa12a5197dd7019b562cbedbbb2aceb5fa57fc7c45f7bd9f21713d6d33fbae |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui
| MD5 | a1ddb7b5a82c32e935f455cf3032e728 |
| SHA1 | 8bbc08d8903c684a9493476cbaa4fe08412593f0 |
| SHA256 | c675ca14bcce6736aad765f3b530a998fd91e5883456083333502935f3a91ce8 |
| SHA512 | 91f0d54df95abb4fe193b724b9662c5a07c96a45ec5db2a463addcb9fa49e1cbc2ebc3c9a9066482ff735a118331c725b2345228a35d1d008c6fc75e660897e9 |
C:\Program Files (x86)\Common Files\System\ado\fr-FR\msader15.dll.mui
| MD5 | cb8422751772575a3e7b17e0454f07e3 |
| SHA1 | 648a410f208020ef08637ef7e56936e4e6ca0d71 |
| SHA256 | 970827bcd0340f2f27c1f808b63f4cbcd2b2c90c8fd5d89164b428f63da2f7e7 |
| SHA512 | f8fdfa99e1b54d503a4d4d064d2f0e6d37c7dade354a241338f4cb3d6e7e68d3bdde3b83082d4ae74330c10c50972e1f4dfc19bee9954f2476c2ff15ae90144c |
C:\Program Files (x86)\Common Files\System\msadc\de-DE\msadcer.dll.mui
| MD5 | 1a4bf9a8596c5c71f6d989d3887f7c3e |
| SHA1 | e06768757ea0097d6390dfa06732ca79ee2f130f |
| SHA256 | aba93dc950a670241293ad5b9002fae8cb9597ed458de331b8c35a5d29218606 |
| SHA512 | f4039278192970447cc2c9061b181dfc017702ea635daa2cec17ea690b8458f78fc0bd77897d66153be3da4a340fd1c65080f07d5a1eb324afafd9bfc15970cd |
C:\Program Files (x86)\Common Files\System\ado\ja-JP\msader15.dll.mui
| MD5 | c01eb45e66fc7e35229ba719da118fc4 |
| SHA1 | e68b266105d9c120cec5a8aebdb542465a4ff82b |
| SHA256 | 673ae726acfef6bcd4f97b3c6dcd558fec516f0b4b9004d2cf1b93b75d9d2ef6 |
| SHA512 | f0e7a17a220f821abadb0e20ac4cee33e3b169600c2928ae8389de5718715abaac260718eff684ad9e1ef8bfcef2e36a0b08a8806e031a5ea4573ced2d71d903 |
C:\Program Files (x86)\Common Files\System\ado\it-IT\msader15.dll.mui
| MD5 | 96199957cf5d1af46a9527d44b138b2e |
| SHA1 | cd6f0f1bcc721597716fe09959d3d4b3072a16ee |
| SHA256 | ca774206846959402f8464a9aad0f8b399dab45ff7df816dfead9061fed32ef4 |
| SHA512 | 54a253846ef2f3007ad399def96e5704a6d9d5fbbc0cb169949297c8aac60a011389fece68cb3ea048b2dca187453d8e3d501d65f25cdaab861b76dd2951b020 |
C:\Program Files (x86)\Common Files\System\ado\es-ES\msader15.dll.mui
| MD5 | 4f00a16813dcafef92e866dcb4558007 |
| SHA1 | a73b275db879bb670a5a852ef0685184e7e68d30 |
| SHA256 | 696d7e7abf724ddeacc3095dc30e687d66bfe4946bb9c787cc2f7999d8b61afc |
| SHA512 | 62e2dafcfd02edc76bebd4444f5941c6bfd39981f244ac11ddc73d79decccd782551a49afa55f6f05d81ff22e55233858196ca2615e8709c091b9ad21485c6b8 |
C:\Program Files (x86)\Common Files\System\ado\en-US\msader15.dll.mui
| MD5 | 0d3924feda1c9521140476cd809c426e |
| SHA1 | a0f5e9257f481f7591304540475f60e9b6d7aeb2 |
| SHA256 | 4a4799af1045f5c2c2bf0376ebc42853bbf32b41b421010deee57e0dd2c53840 |
| SHA512 | fc0baaf704249e59860118d715957e8c1d9e22145e2e253f9cfb7585a17f969884f614be82576f4fb0e057c25353ceaa878401dd0e7699ffa4953e38cdbcb920 |
C:\Program Files (x86)\Common Files\System\ado\de-DE\msader15.dll.mui
| MD5 | 9c9b2a70072512ebab9a06464e23c0eb |
| SHA1 | d8fa138c8202b3410f4f9d81e342fc898aaf6cce |
| SHA256 | dc62338d990b3f47523aec71e3433d53236b8abe2d5ba8485c61c5a8debc9b14 |
| SHA512 | 8aedec9f80146bdc894ff3bf64fe6764a05644b8086671744dc1da6715111700789254a4393c0ab8a301e0fd61a668c9c65daaa2bed29d657cbb863b4a7038ae |
C:\Program Files (x86)\Common Files\System\msadc\en-US\msadcer.dll.mui
| MD5 | 71504ed8b81e40f9edbadb04297e75ad |
| SHA1 | 90929acc6ed628fc3b54e3cc604ad861d6e49d96 |
| SHA256 | 093e77b5a2a38285eba1790354c6ce17d2ed6bca15e52c23f2899483f2c38c34 |
| SHA512 | db313055b3202cd00fee8eca945388959477dceb401a232594b5c8ec7bc84b6c81bfbd100bc98297dafe1c11201556ffdaaecb0e57ec4597aa142df888f7562f |
C:\Program Files (x86)\Common Files\System\msadc\en-US\msdaprsr.dll.mui
| MD5 | d1d64a2b15ab8e012b826681699db8df |
| SHA1 | 8df1cced46889a68ca1e537d2e84aa8b161e6a94 |
| SHA256 | 2f088d0e5627bf50807a7e2fffeb0bd08482567cdb4064713a2341a97499827d |
| SHA512 | 704a65327f68e8a6a493111ed7606c6992fc5e8fa3ea3bc683f4a0f30c02ed153c3a86d476d0958824effb9ddd745b17d24f3ca62a04af33ba74f8661d6fa04e |
C:\Program Files (x86)\Common Files\System\msadc\de-DE\msdaprsr.dll.mui
| MD5 | 3e9b2c45680bc326a724bdc92f66ed16 |
| SHA1 | 090108b885c63629d6f432c5ed863c3345f54fa0 |
| SHA256 | b31a596d0aa5474f9b877f28b549aeb88a2339c2e9d977eab28b079c9f398617 |
| SHA512 | aad2078b4e888536d11de9e1700cb6182c225aee251e3002b26218a27c019c013b9c44658b93e446e2c92290d19d4aa1a3d67fdac9103e5cc6af59271f2d47a1 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\uk-UA\TipTsf.dll.mui
| MD5 | 552ff6591179b9c15acd290c41d25986 |
| SHA1 | c03f4de61c87d16b12307840cdc113eef2188cf7 |
| SHA256 | 6a02dce02d3d3c92d7e88b37f6a8b45d7da7552b85863e94665f7fde9cd01a67 |
| SHA512 | a051602405b0f89035407fdf9b4eafbce36c3d57e487222d8948a638408401bbc8f6aa22c44f7bb785d290587d77f9a21c2081f9f807c959c2a2a47c1b39b881 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\uk-UA\TipRes.dll.mui
| MD5 | a22df24ed113a085f20b5cc854a32737 |
| SHA1 | 59835ec622378235ed035853490d6e24a3afcbf7 |
| SHA256 | 9f73278cf6de9f297264f72a9d803c3336b79d90cfb5838cb2b6cd4471a73f37 |
| SHA512 | 641c99dee082c4f2b8b53d53e2181d973527182c07c6e0b498d85f9655056087a7f78b8c58fd2d2b227c48e9d1b581bafa582d4acdd646719b924ba8fb6e4f60 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui
| MD5 | 3fdb9aaa2824665437dd880ae6deb9fc |
| SHA1 | 676596869ba915e48258f02a240df3f391be1ba6 |
| SHA256 | 7a8ab16f2775a35e761cee354d3b120eb4e2092eb0e614524799f3304504c027 |
| SHA512 | 2acf8af879393882ea877cca23063102032ca868e3f9da7a0b5cfa62ec5bf7efcefde09d502e96035af40695498936e187533caa3f9584e8c2b1d50cf81f7c46 |
C:\Program Files (x86)\Common Files\System\msadc\es-ES\msadcer.dll.mui
| MD5 | e969156b4562f4d938556dd0458e98ac |
| SHA1 | 98a56a7618ce01fcb4326c7eed8331341951ac71 |
| SHA256 | 630c442a553983529535c3f5ee87e06a7491fde26d187eb423f05d05c035c1aa |
| SHA512 | c68a0e412a1992df4975186e04ed7b5fd8f79e9ca119dce526796c9f85a93107c70e665a2230125fa10a58eb5c97202d69fb6e55dfd7a4330031238df73ec65b |
C:\Program Files (x86)\Common Files\System\msadc\es-ES\msdaprsr.dll.mui
| MD5 | cbd75bdcd7dab0f0863a22b276b5c412 |
| SHA1 | 6e4f2cb833a0e5b6c7037ae8fd3f68c2716ac652 |
| SHA256 | 6ff7cba60e6d2f593f79cc59bbf93e476555e6ff0bbb7ef039d4728944bb061c |
| SHA512 | c1a911d4d810263ba28d27f07912738658e9c913d8dbb68e33ef477050015a3990e845b280ad2bc98cb414a20a79a118b46e0fac4d06922b2596552824814a8b |
C:\Program Files (x86)\Common Files\System\msadc\fr-FR\msadcer.dll.mui
| MD5 | 7ec7d8c7327c2e907f39175f45a80f62 |
| SHA1 | 160a3f7a3741aaa24e126431ceed5c11cb6bb514 |
| SHA256 | acfb13674599c8e184983d959eafce18a5d23eb6df942f2da01a6a51a2ddabf8 |
| SHA512 | f179a897394863b9a062309ac9e0b767f5739146513afdd69a804c5d1e50e2f84ec7fa858fe144b72a14af751689909cdc6a8550820763ac931361ae47b1e68f |
C:\Program Files (x86)\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui
| MD5 | ef60a586fde6653dfb7f113a09bf8989 |
| SHA1 | 492e63ef804023e085e3cc0410704c15bc2a9aba |
| SHA256 | 70001bd844c74be110d3ef7860e837b6572e0b01f7ebf5a945c5a20896e13044 |
| SHA512 | 0b687b20ffeadb94e087eb9f59c44fc1e05c73fad2c0ce6e08af33feb174fa33520515d50287c918453d5b005984577c9691ea4bff76386821f96ab117d1c52a |
C:\Program Files (x86)\Common Files\System\msadc\it-IT\msdaprsr.dll.mui
| MD5 | f9d4e8ba4898b33a9d9f7d899546d972 |
| SHA1 | 1c59ab734bb9415105c21f552142b7b9cba76228 |
| SHA256 | ff67ae6a0617621c3988458ca8a4f03890ebc4af46df490937687662de1d81ff |
| SHA512 | daa2993e4fd9d227345c1d0d7a0bb2908a82c130ab2e9fb61ce47af30a2e12bc7c77e00afb8e9745d8b2184622fab13b40a920567c8cc07a1a193253accf03ed |
C:\Program Files (x86)\Common Files\System\msadc\it-IT\msadcer.dll.mui
| MD5 | 89f00b6ebfa574831a03bb240a496790 |
| SHA1 | 6ad9ad01b6aabaff95812bc3e9bbdf832cd7dc15 |
| SHA256 | 17cdd2e9063c0b0cd694d1c4d8bd638ad03a86b8bf2a445854d1e32499cec53f |
| SHA512 | 1083150fbe0d13bb48c3fb95518d6730e402bc43a40209ddf48b19b67a558bed23746d2d7d14e6628950ea648d03972dfb69cbca0c7595ffc53c99cabd1b80eb |
C:\Program Files (x86)\Common Files\System\msadc\ja-JP\msadcer.dll.mui
| MD5 | 89d3ea189297bb3c8f3c1aa2bacb9d03 |
| SHA1 | 8fa49e312c9f4a2f21cdddc79b9bcdf3142ee069 |
| SHA256 | 0a5e50559277e36a9b6065c5ebdfc542ff591fce9a812951544ba932b27c1406 |
| SHA512 | 8c2113169701bc4f3845192a0056cac67f1c9ec659e99a1134ad531a011cf2ce3366c18880a446b1354684ba169fbb76196fb12f31754889c631d476cca02f1f |
C:\Program Files (x86)\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui
| MD5 | ff3148455ae0fbd47436b0d77c7ecfd7 |
| SHA1 | efaed6aa8fcef377433fcd45f0720b6201137fc2 |
| SHA256 | 2fa25ec38ec09952ce7f8d8d0431cb4c5403e7a767e49c12a93695fcd1d57961 |
| SHA512 | db4189ea75b5aee393d1c9d80dd57f3693dbf2928c58fa7f6ddf93e290bc2d0c973f742007c1a62729a3d3eac901cd56aa6bf2a97b38b5f93375962c3e33d5bf |
C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui
| MD5 | 1eeb7f3e496b4c67d5663c6ebd1b57f8 |
| SHA1 | 567aab8d4397b41bce3d51746b9e298a090d20ef |
| SHA256 | 3f90feca49ad90ed2ff7a3f765f6c8a520558f8b970a02284bb5f96de1afbf98 |
| SHA512 | 08a2016a5acf4025f654ca07a7234ad1f6ddedbda65e9da1ca8013728bd7f9fbd55228bd702bf584bacd865e9abfb97586c8c6ae407ece8d66d27d9d3d6667c0 |
C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui
| MD5 | 837fab670fd5c421bedfcf74164f356f |
| SHA1 | d5bd136b91e3b9a037379619570d1ce8a33e371f |
| SHA256 | ff08f920f760ac15c4a49df95e7ddb281401756458846fe389550d5803791313 |
| SHA512 | 70146cde602668ff6a3a9e8aa07c202b314164fb706c5e0e3e949d985a7fb7963a3ad23862fc075522b1ffbce6275d0dbfe65925ee3f005d3d1f00b14d7d507b |
C:\Program Files (x86)\Common Files\System\Ole DB\en-US\oledb32r.dll.mui
| MD5 | 84a5310ed07fae46e6a810544786ecc4 |
| SHA1 | d03a055f8de96fb5e6a1899991ff6fd2cb1ea483 |
| SHA256 | 99d92319c899be8acd78601344ad45b663fece5bd2e32499597d6ffeb491f988 |
| SHA512 | 73bc69f6b3432bc513683d6a0ab5348a139ddcfa8944630b4b04504f75f3b711a9d05485252ba5c29d7190700a8114cf8fca99fbee56d3dff35effd31a0e6704 |
C:\Program Files (x86)\Common Files\System\Ole DB\en-US\sqloledb.rll.mui
| MD5 | 974d21c63862e2ecfcd75fc5b2e48b27 |
| SHA1 | 250a254a58207899a6832ee541d1fec5ba704e2f |
| SHA256 | ef71d1bbd0f31cb84e86bd5e4fcea536af2d612c779599df7f999fc558e0c909 |
| SHA512 | 913f146df7f2f0a26c97674163cd063cee92178968db9b24a4dd3e918ea45697871c468477114043a8617e9f353608295ef7f797d020c2e5b3de0c8c26c962dd |
C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui
| MD5 | fd65a6b5a7f4495a37494f131d152186 |
| SHA1 | d6f9bc004832af2b9b23a4886e37360100202c38 |
| SHA256 | 5518cae9b872a9007adf507ffecb4baa06ff315c1b28004134e731bd16ff82fc |
| SHA512 | 3689dced80150034fac8bda133920f6dfa258208671741b0268fd505728f4885282f9267bcc9a2cf0416b1923e4246c4e91049394ed3f45b3b0e8482b73ae93c |
C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui
| MD5 | 5f00b1bf497de974fdc5c47920e1482d |
| SHA1 | 0861ab85c25beeab4067543af6894bbc5c9217c3 |
| SHA256 | 2b372307170620b761c3f92846d77e2cf5ba0fc1db5134127aa6baa3cca7713a |
| SHA512 | a2e9da5551c2b28736ca23600b3cd5dad77edfcae12acad88bbc70bbf5a623e30ebfa252beffbb540f372450315727eb26bd26b7b706d497cebcc7f779846adb |
C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui
| MD5 | 81b93801f00c95e473851f99b224962c |
| SHA1 | 0ebc01c9f06497bc101fcab4f2227ed23bbbe9eb |
| SHA256 | 5d283925575a878aca4a733f92e02ba659040a3bea330df8f1a42e1dd473f4c8 |
| SHA512 | b14ca2163cecf6d6b97a6671081ea3760a2567efccadad79881e9380a9b0b2106b55e89d1c62211b4738328328535172cc9dfc4218580d851fb1a1de66b4fcf2 |
C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui
| MD5 | bf83b8bad36fdd6a76d7e5bb71993f66 |
| SHA1 | 87e776572253fd0a371fe5c7dc86b24e87d8c087 |
| SHA256 | c7ce817c3e48ae19c48d5fc7b0c876b582d2532b17da41110af8aca0561cc1ec |
| SHA512 | 2ab5a4c0497e7436097e1e9c2308f632dd7780343bd5b78c2c761486910ea58a4b7d4be05fb7ba5da1ce3ec79ae113a90a3b4350d2c8a20d48474d49e2b7f6dd |
C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui
| MD5 | b7eaabe0f1679b6a0df71cf0653f1d88 |
| SHA1 | 1ccae8432b29476ece85a5df1eb94a6b0ea8e3ce |
| SHA256 | 90208b46218ed0949f5f30fa4885fb35c47361c3ac3f5564caf67e06b38db1f1 |
| SHA512 | 935cc1946cec1f07a7840a519064c6b69390c5b4eb7127dad743d17dcae836f61befff836095a2b19fd73aeda20607ca7a83ddcb8c2031cda939f94987f12ba9 |
C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui
| MD5 | bbe3ccb5def33cbad7de4ba451238151 |
| SHA1 | e13be62efb73fc1df3ef7ea23448d0317e53add3 |
| SHA256 | 599606b9bc1ac924b10ec2e50220b5a62c7c01e7c8ae0a051749b3a7341c9a92 |
| SHA512 | 05a31c9fd75bcb49b268ecdb82a1a0b5530c06e6e33a6fe35a8e010a51a9d3172b3f88f1d976ffb8f9e2d8b67f353a170b5c2cdd4ef714766afdb6e3f31e0ded |
C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui
| MD5 | 3202cfcb0929918175f14007ea85c3e3 |
| SHA1 | 178117c6764eccbfd3a40d816204ca8cb3e5c92d |
| SHA256 | dde3a676bf2d4325e2098d0377be480be2474024fc159087bb14de5daa14d82c |
| SHA512 | 6b5b3c76a2e93adaaa98e394a98b0f731b282b2d43886341510d3757c914c654015502ec505256211e64fa26c8f2a9c22c92414acf13cebaa7a29362732fc216 |
C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui
| MD5 | 54ac7a23c8d82cb8ce652c5c1123c7a0 |
| SHA1 | e1c275dceca82a664f78c49011d98123075d1244 |
| SHA256 | a3a5f6487d536053a8c039522d853f975595a377c48cf2501edade0c00a109e7 |
| SHA512 | 31ccaf30765b6ec24e16569284f8ffa62ec75e0fb8467e568e01603278275b646d5e66edf08d68a27044892d331377d72b2b419e4ed37c919a36a31e17ec57c1 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
| MD5 | 689dac399ef2055291aff9913d37ea23 |
| SHA1 | 43956c4bf6b1b65de05354193767ae64a25cbd71 |
| SHA256 | 7234f45b0cbdca7f4d4c1e1b9a85fb52428c19aedb9d6f5fa0817d66c388231f |
| SHA512 | 6d8a2b1d4d404e9a65be038115446bab456b0c938b9ca58cae40473266995259bcbd2ef88dc4c9c59c60a82b08de24846ed2d010b78a2ed57c9cd1e1aeabb420 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
| MD5 | a27a03b336edfc22a5f483225c694017 |
| SHA1 | 5b88908bf371be89ddc8e99ee30fac70b28ae3c1 |
| SHA256 | d1b58e30662f37dae10f4e042e7789926aaa1d8a050181d16da18a6fd8bee113 |
| SHA512 | e0b8d253264cad2cf4a19ad6ac7721ad3526bccb0cb128c4adbdcfd42015636b93bf4ea572c4d5d65f18711f54621d94b321bef36f6199374c4f30866b2a1ba5 |
Analysis: behavioral8
Detonation Overview
Submitted
2024-11-14 13:19
Reported
2024-11-14 13:21
Platform
win10v2004-20241007-en
Max time kernel
116s
Max time network
138s
Command Line
Signatures
Deletes shadow copies
Renames multiple (11279) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
Reads user/profile data of web browsers
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeLargeTile.scale-125_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\index.win32.bundle.map | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailBadge.scale-100.png | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Xaml.dll.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT-Rockwell.xml.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\it-it\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ul-oob.xrm-ms.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ul-oob.xrm-ms.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxBlockMap.xml | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN020.XML.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_stats_plugin.dll.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-variant2.gif.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\notetagsUI\styles.css | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\legal\javafx\glib.md | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ORGCINTL.DLL.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main-cef.css.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\pt-br\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ky\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\LargeTile.scale-100_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\wpfgfx_cor3.dll | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\mobile.html | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Xaml.resources.dll.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\it-it\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Microsoft Shared\ink\skchui.dll.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\MedTile.scale-100_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\Doughboy.scale-250.png | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\SystemX86\concrt140.dll.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ppd.xrm-ms.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\lib\ext\sunpkcs11.jar.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessVDI2019_eula.txt | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ru-ru\ui-strings.js.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\pt-br\ui-strings.js.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\EntCommon.dll | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.exe.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedSmallTile.scale-200.png | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\rhp_world_icon_hover_2x.png.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Windows Media Player\it-IT\wmlaunch.exe.mui.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNewNoteLargeTile.scale-200.png | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-36_altform-unplated.png | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\ReachFramework.resources.dll | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\LayersControl\ThumbAerial.png | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\Microsoft.PackageManagement.MetaProvider.PowerShell.resources.dll.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\access\libcdda_plugin.dll | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\notificationsUI\notificationCenter.css | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\en-US\about_Pester.help.txt.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\dot.cur.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.fr-fr.xml | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ppd.xrm-ms.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-140.png.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\MedTile.scale-125_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\da-dk\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\es-es\ui-strings.js.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.TypeConverter.dll.EMAIL=[[email protected]]ID=[613788884CE0093F].biobio | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ro-ro\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSQRY32.EXE | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\TXP_TicketedEvent.png | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| File opened for modification | C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\en-US\PSGet.Resource.psd1 | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4556 wrote to memory of 1576 | N/A | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | C:\Windows\System32\cmd.exe |
| PID 4556 wrote to memory of 1576 | N/A | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | C:\Windows\System32\cmd.exe |
| PID 1576 wrote to memory of 3692 | N/A | C:\Windows\System32\cmd.exe | C:\Windows\system32\vssadmin.exe |
| PID 1576 wrote to memory of 3692 | N/A | C:\Windows\System32\cmd.exe | C:\Windows\system32\vssadmin.exe |
| PID 4556 wrote to memory of 3824 | N/A | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | C:\Windows\System32\cmd.exe |
| PID 4556 wrote to memory of 3824 | N/A | C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe | C:\Windows\System32\cmd.exe |
| PID 3824 wrote to memory of 3408 | N/A | C:\Windows\System32\cmd.exe | C:\Windows\system32\vssadmin.exe |
| PID 3824 wrote to memory of 3408 | N/A | C:\Windows\System32\cmd.exe | C:\Windows\system32\vssadmin.exe |
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe
"C:\Users\Admin\AppData\Local\Temp\613788884CE0093F.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssadmin.exe
vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssadmin.exe
vssadmin.exe delete shadows /all /quiet
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.233.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | res.public.onecdn.static.microsoft | udp |
| US | 152.199.21.175:443 | res.public.onecdn.static.microsoft | tcp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
Files
C:\ProgramData\biobio ransmoware.txt
| MD5 | 9dd4c0412b91c85abdcd4925e5a10577 |
| SHA1 | f34a9a8a866d410d03bb26a13652c0754658d40c |
| SHA256 | b05da8fb81352f7f573a1f010068cf0346ff8bc370fe14ecef1da1805bbc3138 |
| SHA512 | deb3f6bd3a982cd5396de1239c2b7d63a6640608c9a9749495ad9c19bfe863106a153550d3535a7ca938cf6c756511df026ca9cc9a4b8d52424b222e69adaadc |
C:\Program Files (x86)\Internet Explorer\de-DE\iexplore.exe.mui
| MD5 | 9aa8b0a16d6647b3e5218facf90d92be |
| SHA1 | 5374535f6aead6640b60143cb77aae99cb39116b |
| SHA256 | 87d467edc009be8181b90fe1085d9f234c430cc4a499d35c87c97e7e490fc555 |
| SHA512 | bb1b4f1297848b6e05565c2fcd437bf66f0fd9aacdaac45a230c068e3a862581fca8733ccdcf60853c184e3205fecf427b1f573d544fc1b9cbe87d0562a316e9 |
C:\Program Files (x86)\Internet Explorer\es-ES\iexplore.exe.mui
| MD5 | 4d650433b3a105fddc3f39e6cdfebf02 |
| SHA1 | 16e57b7cfc9d0b2ff331b2df5a37889818f048b5 |
| SHA256 | b19a3246d1ffa26ed44162a4bd0af1915f13c1ebe977d18ede89704dd8d82743 |
| SHA512 | 76157da906ecc081181ed9b38f257bbda3c3f4438e651fcf6a4d8ff258385e28d8c4481f129feeb04698e639561612d8744f4102804b9cb3fe153dc59952d2d0 |
C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
| MD5 | 6ea303191673fa199883367efc7696c1 |
| SHA1 | eed53d2ed74332109e773244df340f98d718909d |
| SHA256 | c8fb351349f2152096d296a8b4771feff395bda782b1818bc9f46e71f40b36d4 |
| SHA512 | 7a3122ccc8b8e08592028943fe83b7faa94e2a6823228a64071a0ece352098a21c1e47239911eb108781dedd0f4431591be4d8df2ff87507c36807d746e06b38 |
C:\Program Files (x86)\Internet Explorer\fr-FR\iexplore.exe.mui
| MD5 | 0894496a9ba1d27ad89b9c38fde34e2b |
| SHA1 | a967612676ab017d7c0bc2b6f11a320f92838113 |
| SHA256 | 098dc68276e10a63c2c377d520c06a29f25a4ef52c2e8b04a1ade073ebdd9a99 |
| SHA512 | 8e23ccbd80185a3f838de624eac823d95c3c7ad345e1b2c80b01d9ec3aec1787ad1ea29bd779d58ad096b835459b746a0744ddbd06025bce885fd5b56c1897cf |
C:\Program Files (x86)\Internet Explorer\it-IT\iexplore.exe.mui
| MD5 | 8fea07b749a4505bf723fd2102a0dbad |
| SHA1 | cf0ed37ffcd755f7b1980303634ca1f54eed19a7 |
| SHA256 | 4de1741c9f0b0ed1839306bd0fdf5d161b5412e41d937ab51943237b0aa79813 |
| SHA512 | 9bfdbe3c34f578d47a0ab2b5e949033b472f4270b8208b4b84dfec4e262070d3f12de9e79f5686328401f5474d3435d4137b7a3073bd24076e220337559463bc |
C:\Program Files (x86)\Internet Explorer\ja-JP\iexplore.exe.mui
| MD5 | 3ee2568ed0e81cd8c6b5171634f8f0ec |
| SHA1 | 14276f1ba91972b36a3a505bda74ff50c0091b80 |
| SHA256 | 0aae025aec8a7ee4b878b8733cdb50754369f0f15eeb280f8ff0f1752bca1124 |
| SHA512 | f831294a38eec7b1293e8585383221d20eb0191648e983decff5b8243cafafdb282188c52599dbb6facdceb9b615a4238c9d9b7f4f1c2c1b8cbf4018aa602f0d |
C:\Program Files (x86)\Internet Explorer\uk-UA\iexplore.exe.mui
| MD5 | ffe1860c72802a258b84b4c93ac6b21a |
| SHA1 | ebf7569516364a4fe223074bec6c3838fd817186 |
| SHA256 | e73cf364214f8bb971b9cd626ed49bb8178541460caeb4f15bd9c47f5c74af0c |
| SHA512 | 83abfe59e5a4ecf7cfd4b8fd347677cbecef438cf670322cef1626b84b0e6bd05ac2ae62d8878919c6619b2ce29500eaab4d482d1abeb101294415df33369fc2 |
C:\Program Files (x86)\Windows Defender\de-DE\MpAsDesc.dll.mui
| MD5 | ba00deda6d4404ce0b565e62656e2688 |
| SHA1 | 028d1b21148e86ea05c0fe47f6a2c75010ff2452 |
| SHA256 | 82dafe0a6dd4e5fb08defcf3815213af8a8549dbb99a90449e4c7c067f86a077 |
| SHA512 | f799b6439f8ce4936d4004c98be227695de1a7e1386e3f3dab2a40aa143d3ac37790c12bea968f4fee1fd51f0a6df7e27ccdd98049ebe72be307459ffcaf37a9 |
C:\Program Files (x86)\Windows Defender\de-DE\EppManifest.dll.mui
| MD5 | 54b9cf2d8a4c17e55ebbfc8b9e0e0310 |
| SHA1 | 410b72f486cf172333d600542c842736fd187e4c |
| SHA256 | 2323a0cbf23cdd861fe0ff2cf49a9c4b4e0a4feb80f2815762df25ab4323968e |
| SHA512 | c6a5c9ec50ae40620ff227a330b3fb75d3ab42a51155dbb7a3ccfa073aedc583eeed100920cd52ee4596eed999363c4ef905a6758df638a6d2cb0d0c286032b4 |
C:\Program Files (x86)\Windows Defender\fr-FR\MpAsDesc.dll.mui
| MD5 | f7b506690be14035101a22e7e06c222d |
| SHA1 | 59847b625f573b81fae7090a1bd40567fc9638a3 |
| SHA256 | bdcaeedc2011efab4ff61f1b044bffb7e48a2a44a979c94b84c9a6863b10b7a2 |
| SHA512 | 4c060c165f3872c3546b5e2f64fb557578c60da8e840df8e78ed5960200252a4f4f577e7ada0b21bf3c28e3e2cfd968fffe08d45618747c281da229675887ae9 |
C:\Program Files (x86)\Windows Media Player\en-US\setup_wm.exe.mui
| MD5 | 00a65d86043c723ab2d72134b4284356 |
| SHA1 | 6f8e1ebce439a44a115c5eae7a4f8c65d120c902 |
| SHA256 | f4f74da13be7928ea79feeb7fde5618e5266009785495b8570ac6d75ff1b530e |
| SHA512 | f7a6583be5ebdf2eb24003fde75c5ecfac7e9cf9bfef63e83c2281b3845adb747b2758e886ee6e5e6208fa7a67551597a1fad6ebf49fdeba1e9861ce113cd235 |
C:\Program Files (x86)\Windows Media Player\en-US\wmplayer.exe.mui
| MD5 | bae4b08782857e12aea3878cdff1c71f |
| SHA1 | 912dec0f1e75f6decfe6f99c214707ca4a35ca3b |
| SHA256 | 9c63111fe53568a2efba9b6fbc9b75387458c5079eb6aaf1d220f2a1229b0414 |
| SHA512 | 097543db9ae7aaf907b510665b8a58c4ebdc60cea3b8608533a529d20aeb765e8027c0cd063dafb1542d49723698bb2e9437c0b3c349b9b810d341842cd87ad7 |
C:\Program Files (x86)\Windows Media Player\en-US\mpvis.dll.mui
| MD5 | 74f9f6d7a491d6bb53471b167ed60d17 |
| SHA1 | de5624658b9b60eb4dc20c52f5666b62a876c762 |
| SHA256 | 2467a0143ea6749ef87a94e2c4172400c9595bb8b197fe98c228c629771bd1c2 |
| SHA512 | e5a12697815a5c8016c1f0dc794e60e13e723890342fc024888a10debba295f15c50a23379e0125f5b2b928a29314eb6abf50457f092de0bb4da6d9f4df0f2b2 |
C:\Program Files (x86)\Windows Media Player\de-DE\wmpnssui.dll.mui
| MD5 | 87660c745c003f112e15bd1d8c8a01c7 |
| SHA1 | 06a389d060c6ebca6159ddac72dcd9f3f9daff5f |
| SHA256 | fdbfefce81e7be7083af67370bf13301029c06a4c0bfc6a8c55c9f8604e36b8b |
| SHA512 | a63c33cfdbe8ff854c0b2de02bde67ba79ae98df24c9a73c18546b417d44d7c7e9b801872c17c5d78fdec4d50ac440b40545a945c84740c4933480ec1eb7682b |
C:\Program Files (x86)\Windows Media Player\de-DE\WMPMediaSharing.dll.mui
| MD5 | cf7636d5095d1588904516c8e520904a |
| SHA1 | dd8087e8253baccadb3dd81c8858c60b45385793 |
| SHA256 | 4b798adf284dbfb9d954c9ce2318b9c0af6d0d5ee854f485bbbffab7ec7fb466 |
| SHA512 | f8db1850dd29d60b681cd1026027e0cbf93f69aaf2c4fe3ce61196fe0fa9893ab75a0bb109a3bc6db573b7be31b005c32093ac8805f6c484ef3015bbe497e3e1 |
C:\Program Files (x86)\Windows Media Player\de-DE\wmplayer.exe.mui
| MD5 | 97e01436e7f079284b0ffc7a7124d7f1 |
| SHA1 | 2466982857dcde68467a9b93fae15b89bde118ec |
| SHA256 | d41d6798a6645de2331de162e37fab5e857c3f0e07b6a341558c64d967c02f24 |
| SHA512 | cdcb8171c3f78da3a533c9ad6a597ed34a6044fceb8d3ba86c5d3b7a2e1fcccfd27cf42422f5908c382c44397d24aea6da1e6412242125309108fbbf099ed4b0 |
C:\Program Files (x86)\Windows Media Player\de-DE\wmlaunch.exe.mui
| MD5 | 6c81661c65e92c3989ee00f387ba9617 |
| SHA1 | 73548b84b78675d61427c32976eeac0565770237 |
| SHA256 | 02f3ef41a500daa4d1844b8bc94f21c3546f1c2f3346031b2bcf082b6c3981a6 |
| SHA512 | dab049c7408e878d738d982e8a930288897d92d3bf319dd97af451e0cfa35b8e83bcd53a945f4d8e9be2e35b787d265425d463430b1fda14565f776c662baaf6 |
C:\Program Files (x86)\Windows Media Player\de-DE\setup_wm.exe.mui
| MD5 | 4dc93bc1ac22592983b4331b14bfbf27 |
| SHA1 | b25aa476fe580ef0f40c9425c2479bdad2cdbac3 |
| SHA256 | 7e4ba89be431a17f2902f91fed24361e970d976cc6057899c765d2b5ebf98313 |
| SHA512 | 12d4f1cf56ad82ab486d13c428764a46b579e480bf9f1bd942f9fcecf3fe926dc43dd6bd81ed43ac2857c2ffa3500f2d6c9484ab23e365866ad3efd4e81c41e1 |
C:\Program Files (x86)\Windows Media Player\de-DE\mpvis.dll.mui
| MD5 | cbc0616c5140992e76b5d33db17e0235 |
| SHA1 | fa030f0c1455b6e0f08c0474a630eb0a8813e7b9 |
| SHA256 | 97bfedaf5f1c30f870b22b84ce7c7dd713d0d8cff1550f43532c9f256ceeec79 |
| SHA512 | 5e8c37ea988ac001770db02f90fe3eeae43a4d642b1458dd73178a1c2282275c73f7df08f535076d4d1d6346ecc98a56cf9aed92864d45df8e22125ce80a719c |
C:\Program Files (x86)\Windows Defender\uk-UA\MpAsDesc.dll.mui
| MD5 | 38f7e4dee970188892be7ebe01f5dcb9 |
| SHA1 | a50cb5abc57c8054a03cb8e893ff9d4fb81df02e |
| SHA256 | b13338c2411c7f0be21ad90bcb7bd6312471dc6284fa014d12bf9ab30135d5f2 |
| SHA512 | 3e1f8a2ef5d08b6ef89c60e00311430e6a5429baaa6cea0db660767d2cf9a69eefd37ecf7e697721df0d085f93731d8c6e5899a30c60c55e702ddb7bfd24c2eb |
C:\Program Files (x86)\Windows Media Player\es-ES\mpvis.dll.mui
| MD5 | a7f0079901c042b2ca28b2dbb34ad737 |
| SHA1 | 5559bff4a40a3cbfdc5b5572ebdfc496d6e3cecd |
| SHA256 | 893cac7b4d187c0ee31761c3312de63965ee3260a0422f65b03bc9687c811272 |
| SHA512 | 9ab417512bf4c5afaad4155b5d1123ab54bb57b2f65d81842ea40dbdc7abb41d5baf4afef21943ebd5a76c22ccc25078a0478d7424a540c310c518de9540f3a5 |
C:\Program Files (x86)\Windows Media Player\es-ES\setup_wm.exe.mui
| MD5 | 8cc280d209d3f32f75a672e6e89f4aa9 |
| SHA1 | ee003f9627c398d07f968162bb1cf8d58cdc2e6f |
| SHA256 | b7da17356af4e15f3f024c2cf1099470a9a76d1d8df33bc4ba4d03a3b35482d3 |
| SHA512 | 33163a677178961c3ad6b74fac6532d3a16659edbffae182966ad163ae1660de1a906c04346312a2c68cd624664154bc69f0ebceb53114139d8f0e6b2ec1b404 |
C:\Program Files (x86)\Windows Media Player\en-US\wmpnssui.dll.mui
| MD5 | b38df0a55c97aaf9173df5cb7ea73c2b |
| SHA1 | 25b6c861dc21d690c182e2575d510440c627d637 |
| SHA256 | d00896bba6fc33a9d803fc3873e7d654e03c7fe177e4fc21272b3e1c6401b8cf |
| SHA512 | 5a9240eece47903a9462d4d3a228279ac4038bcabbf115c561bf0eede862eab45e1c3668bd5041b5d05c1589a4b54fa1f4ce7217cb4f23391ce919daa81e8b48 |
C:\Program Files (x86)\Windows Media Player\en-US\wmpnssci.dll.mui
| MD5 | a898e975f327df2ee08d3d84ddd39f42 |
| SHA1 | f5037dc233b48174ee16e9ecd5f639df8de82eca |
| SHA256 | e560b957c69359423bd2e34f80416afae679ef02d0c8b33d1384c7b41f65a048 |
| SHA512 | dd3ad0dd6cb2a68c7db31e01efcd7dae114530ac7e09398166e4c18f167cc5a98f9ca0f49871bace0c2f7773b9c7cfd401c0d1963737838f6035c7ef21045b6b |
C:\Program Files (x86)\Windows Media Player\en-US\WMPMediaSharing.dll.mui
| MD5 | a7b7c964f565d9188164ccccc7832c3b |
| SHA1 | a0db3553982df3c4ef3369a0b04db83103638282 |
| SHA256 | 41bf3afc8aa1f6ebc61247b533f590b84796883c853fa1be78ddaa3ab9213449 |
| SHA512 | c4d9a97f0b712b50adc62e1e4fa5765830d69bab86a6e3def2583ab99cfdca1038d43f8046e99ce8df2f69d389651b21e171364173c4b7e8bcf66151de31a69b |
C:\Program Files (x86)\Windows Defender\uk-UA\EppManifest.dll.mui
| MD5 | 3877ac5da2873fd14da557594013a253 |
| SHA1 | 0a7634faaa949377c05caf5a614f5243b59d4190 |
| SHA256 | 2517da68c5cc5213f22bf1d3f4ac805026b628d6c71b01b359008af8c289d258 |
| SHA512 | a28ad0a1190945ced847e03bdbcfcaecdc173bc609817ee205225424404b6525c32364e09af149e820fc4c40e8a0f7f794056590fa0fe5303cc2eccd6e5e948d |
C:\Program Files (x86)\Windows Defender\ja-JP\MpAsDesc.dll.mui
| MD5 | 0dd7b8951bff9a70b3e5b8e60a69b413 |
| SHA1 | 0f0b76c941eb49852d56bda9fda8f53611fc3bd4 |
| SHA256 | 4c2c3aabeb65b3e1bfc284088b597d8e177ee59e52d44d030d795ca43362b6da |
| SHA512 | 1218d499c5a1b78af656d1707a44055e79a695a7a357440232b0ddd0070043348258fdc8f3fd27eacdf2cc2f7bd18e85112e30059e6654d2231a33af7b111bea |
C:\Program Files (x86)\Windows Defender\ja-JP\EppManifest.dll.mui
| MD5 | c80cf698b391c8cd71f87f0b1ff6eb96 |
| SHA1 | bd508e8a4bcdd7e6c259beaabbfa12571b83e306 |
| SHA256 | cd9c497c7c06700ab009e59bfc2526ab0197c2b496446e5d0b3e584b757c267f |
| SHA512 | f6b21cf1669405029fb073146ec09af2b2062baa07925c2383aa2147839769de1b2c6675f79ed6e09bc2261ca0c9c6df25702f71954b75f544b2f9dca6d235c9 |
C:\Program Files (x86)\Windows Defender\it-IT\MpAsDesc.dll.mui
| MD5 | 3c901036f8df82c7f19ea08256e48a57 |
| SHA1 | b6f66395611d5751044f3e4b069d3dae2cc4a676 |
| SHA256 | ca0dee9f16a3f29c3b633ee78c895c854077d10b26444a38ce2dd37458091a02 |
| SHA512 | 1dd30553cc222bfb26378419302217207ae495165441bbc88a3ffb015a08ea1038da9478e06d42a66c10db38626f2f2ccdcc913d365f4ed4257a9e609a53bd22 |
C:\Program Files (x86)\Windows Defender\it-IT\EppManifest.dll.mui
| MD5 | ab2a354850fb6de088e268a81e7475a8 |
| SHA1 | 2f43189eb9d3bc95f12958b66faac46be8baaf68 |
| SHA256 | fc72e28105e8c6207dafadc361ca9024bfb4daf9514d4e5994bb5445fa9e935e |
| SHA512 | 772f4b6b4b3452484033b540c513e60a945525e97e6b4a0be166a6dee56f85a50880a2ac56148bd87f5be0f872859098b83212c98075a1035053661cc8ac7d08 |
C:\Program Files (x86)\Windows Media Player\de-DE\wmpnssci.dll.mui
| MD5 | f8558c67b3a6a7e4ff61e5394e4dd9f7 |
| SHA1 | 71f6f3494624aee1b2aef98444412d23d177a9bd |
| SHA256 | 00c3f93ca38afba26d38187717a7b63a7993ae19cfaa5783bbbdb2a7bcfd79eb |
| SHA512 | 2fa5a2c0c2ce8d1cda0499c7bf2335d6f97505046e3a64b4acb0efb918ab8451e587620be8278cb9c645f3e8e87077b7853f5fe57e39ae8fb96e2748fc1c2c6a |
C:\Program Files (x86)\Windows Defender\fr-FR\EppManifest.dll.mui
| MD5 | 31b56d9f517ec7ccc122cf7e1debe59e |
| SHA1 | 5d6217bbe7463363a2851d1ada5945899d82b60a |
| SHA256 | 0ff172faa2512838846dd42d834552ad82a75ed3cb70ea954a36c5d923eaf3b1 |
| SHA512 | a970e54b45d51acf2780ca52f83327b186f42fa4530b53fa2a6c907b0b32c5f61c8db7a76564634c33a481e237771f49d564c5233a4517b92109e230dd950cf8 |
C:\Program Files (x86)\Windows Media Player\es-ES\wmpnssui.dll.mui
| MD5 | f91712ff635f406308817f8c7da7f7ca |
| SHA1 | 6105423137757493197a1ce65c40c17e71eaa9d7 |
| SHA256 | 22f6c7b2ab1837de2b4ce14fff1a0d44969069920c70d6332f5d20a9a9ba4b2e |
| SHA512 | eb3dd93c9285e868b16b241adaadda2e2d62aa671512c24d9b1233cf8371ea2745fe04c2785170b5f928a129bec8611e83ac315c39a653cfeef15834b21d388a |
C:\Program Files (x86)\Windows Media Player\es-ES\wmpnssci.dll.mui
| MD5 | f96fe6859e1341b8bdb1beec20ac39a2 |
| SHA1 | feb7810ef3023b5eab5d0ea42c2f1894b681f330 |
| SHA256 | 83ddb9abb70948026dcfab5c830544f742cbbd9a6841b7a4bc7724912647f86b |
| SHA512 | 635c6cff63c13ed227de75deb94e068f8d0d4551046baa6204ca92c9a4927280566ee6382adb0ce7a204efefcaf8232444aa70d0720b8b143cdaf907d26de40c |
C:\Program Files (x86)\Windows Media Player\es-ES\WMPMediaSharing.dll.mui
| MD5 | ca90ead13890a63a7f77d60632e56dee |
| SHA1 | 645d8ba80cc90832dc31a2df7ca5d5c421dfb58c |
| SHA256 | caa735f1479c4cdd070f35fb4b623a967faca20f63504a41b0907eb16bf98100 |
| SHA512 | 22b4207ee4d84a5983c1a91af6e6abe57bd29197667f6c37b510021574cd61ae3a117c1f6051fe852461e7fcc792b8f0e571f71993b2e170e0784a744f982200 |
C:\Program Files (x86)\Windows Media Player\es-ES\wmplayer.exe.mui
| MD5 | f225b363d4bbbe288b833c3e487b9d3c |
| SHA1 | 2241265cd353bffa67d4ffdf5cd87e63caec0947 |
| SHA256 | 24ae282640821ef184a3fe9d3fa15ceaa3e60f9fc2c704765c1c10de63fad0d5 |
| SHA512 | 05d64e5c4bebb745e2a567b5d4c7ece2c4a39e1fe6ac2a27c44d851def24f642416741d3042ceb0320f577d0cee4b5df991073ec58808776f69f75769cac0839 |
C:\Program Files (x86)\Windows Media Player\es-ES\wmlaunch.exe.mui
| MD5 | 1407ac4dd984e5dab33800d6fb1fd718 |
| SHA1 | 8dd26a6dee25b0954b1278ea148c113d64c7c3a3 |
| SHA256 | 5834d1027892e3ef1ab5de7e79d886de9e0e2f1a422d9ab136e62906cf6a1037 |
| SHA512 | 0ab421e7b4b912a1521e71ab05b728908365b0d32a17ce9b6503d214d07e10c9f3cc1894dfe8a2e2164d83b92c4120c7a88a8856efbb59291cfa1683dba22f67 |
C:\Program Files (x86)\Windows Defender\es-ES\MpAsDesc.dll.mui
| MD5 | 1e648c81851ffdb4007371f366d0787c |
| SHA1 | 3cf8a835574a4350d2d9c82305a15611a5b61345 |
| SHA256 | cddd9e0bd88e44c66086bc7e95061170a39507f5ce2d220106d0766955025e84 |
| SHA512 | 39ff12ba546a77ab4e49046fc12691dca59395943df2e0ff9b8ffa7ecdae3d508c0c75c4b33184e3a28bfaaaba87035c80fedcd2c7f3e9e5afc7d7f196d3e686 |
C:\Program Files (x86)\Windows Defender\es-ES\EppManifest.dll.mui
| MD5 | 3aa9137845f79412a59cc5999391c678 |
| SHA1 | cb50399f218014da84976ac709b0435ff60b9141 |
| SHA256 | 214835c916381d4b4ed35466f612fc5673f88a1331db19d77b2f15e64aa84980 |
| SHA512 | 1c7548ce93106e304be21090ab3e6b91a0dbd4d4eaf18f9764f0e4a0a2298768e63a1fd4fd9f169c67d38dd0fce7ab60723e0b9c6074838dc1237017bae08eba |
C:\Program Files (x86)\Windows Media Player\fr-FR\wmpnssui.dll.mui
| MD5 | d8570e6de7367a361bd588ffc572608c |
| SHA1 | c2b29c3a3de34180f8a873c9c0fb60b999dffc23 |
| SHA256 | 057b486f6b39e3039343d830e1401d6888efe765326f37b01e217a81003b0d92 |
| SHA512 | c392b64d5a139b82e5e75be2c3181021a42007537557f613e2633f910b3bcf7513836ff03e390cb061897c4cdbed119147ed2fa5c1f3d70d14f0c53b922c0f29 |
C:\Program Files (x86)\Windows Media Player\fr-FR\wmpnssci.dll.mui
| MD5 | f58e70659c4b1d433534b104dc7e6a01 |
| SHA1 | 7ba7198265bede303a527def0a80c7366d18a8ab |
| SHA256 | 6cc0385c48588ba778e6c509ddac725e97189d3e7bd904901b8db6cb1927f83e |
| SHA512 | 25e79ed29eb0346b34c17275ac784aeb3b29019a2f3417bc51f231eef15f171a11ebfe9312e24018af51b63304bd8017f5c0f088ed477210886663777ec323e2 |
C:\Program Files (x86)\Windows Media Player\it-IT\wmpnssui.dll.mui
| MD5 | 60729d55584733985722c3c5f937d25e |
| SHA1 | 10a38bc824cf02f55d65e540a96a35c04fb04223 |
| SHA256 | a122110335f9d231f7512f71bc9db6ac52d4afea56403037d2f1cdfe18180ab8 |
| SHA512 | e1c003e483b322cabfcf828b78adfbd73b6db76e7c1227dba4eb224fe531db35e6ab5459ee8c8ba42215d8da53504738e714cd270cfadd1b6e40053cc013458b |
C:\Program Files (x86)\Windows Media Player\ja-JP\wmpnssui.dll.mui
| MD5 | d27906154199b50c07297b1360b043ca |
| SHA1 | 3b6db08997bd4500c01a53a0627d5da607defe3a |
| SHA256 | 7338ac86fe8771a87086a1361f2181fb5f6d2b74fd95c143ff441439d7dc0e23 |
| SHA512 | 215d8c237ec256a5be723dfa7a80a0ab9b87eeeaaa37f60f9a030dd105941e07717fd1f4aa098323ffb7c93e98b4c30644528915e81f198e06d7df177286cb56 |
C:\Program Files (x86)\Windows Media Player\ja-JP\wmpnssci.dll.mui
| MD5 | 67fb46f30b5d987c736d80d2ad2b648e |
| SHA1 | 6bf20de127405c59e40c939cdb61119b8f4537d0 |
| SHA256 | a3753a0e8d013720a774d7fa40bb92358c06379ec646a541ea1ede0a632cabfa |
| SHA512 | 1f0326557dd2d90b01e07ce91d445b4fb694d9aeecfc93b5e46f5084412f3874c22b5cb238205dbad175ebcad5c623b321bd972e68d3c70d665c7f44d9c8d666 |
C:\Program Files (x86)\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui
| MD5 | 54c18f2d5a4fc53a4e798526c45ac73a |
| SHA1 | 93da647dd4996bee6fb9ce05a168e64b64b3ca00 |
| SHA256 | d5982a68424cb1be43d71d294da9ee704dfa2b534785f08b51beb638877c6d71 |
| SHA512 | c9d09a0dfe8d21f12184162d93a8ab13075f11759e1c69ac7e336e487f1b4c8f72fdfbdc4af9c82f7204f1cb97562feae1da40ac0847f6aded34a67d5b2fbf3a |
C:\Program Files (x86)\Windows Media Player\ja-JP\wmplayer.exe.mui
| MD5 | bd724228c47fcea80f3cbb55c3cab2bb |
| SHA1 | a141b520e7418fae303db70d83b903c030e72cec |
| SHA256 | e6e28eacd78d532f78745396450ab429cc74252ee561157ef1d3a3afaea05288 |
| SHA512 | 6521cc46cc028306a3a7c6f3b39ac93dbaa0ccda1dafddd7babeaf9ef38caeed0798d5764a0ed08e49b9f4d18dc242c60c25fe25fde63d87ef449d46e678a67c |
C:\Program Files (x86)\Windows Media Player\ja-JP\wmlaunch.exe.mui
| MD5 | 2a29f24f35e45d3aa4ddcaf265f740c7 |
| SHA1 | 6c8e3e8869df77d829774b625e2b2b7a578ed19d |
| SHA256 | 61a09ea342ea614babaa4365a610dc1e295420e2875e58f4629d4b81fe2e2f64 |
| SHA512 | d006df6bee60ccd99ac963e1b244294e40e26938ac2c71d86268c89be2d8e96ac3c6f77654e073ab8dae0d8e956cfba9bfc903bc7b65b3d3883dd69cf4b36268 |
C:\Program Files (x86)\Windows Media Player\ja-JP\setup_wm.exe.mui
| MD5 | b234da83b6a53fbd6cdc76b2c89a5d59 |
| SHA1 | 9d456afddd285b827d1ba31164b16cdfc9fd41c8 |
| SHA256 | 93f49faef92192c0cf5dd18446aef6ca77edc0319a583524ff8f504de2344c1b |
| SHA512 | 1c0f98a712b2cd0f9e3c941aa42ebec06f7039832ee433cd68ce85844022707e7bb46f8e5df21d0236ad7593bc10400eace72629cb4c6c1f502b4619bc0d22e0 |
C:\Program Files (x86)\Windows Media Player\ja-JP\mpvis.dll.mui
| MD5 | 2063f2d7d6ffd9a9771f37a82f332163 |
| SHA1 | a87ebc477edeeae9b3207ba8d3932858421586b1 |
| SHA256 | 3f79ab58368e5864b20d846cdf56c0536950e6665176207a0843c721e41647f7 |
| SHA512 | aebb310bd659c60da6bffe89225204f00fd1aac869df4a06fee53efc65a0a1142833ee5f57cf1804886a04d993cfc1de0525d878fa7b35e9d8867ea071634893 |
C:\Program Files (x86)\Windows Media Player\it-IT\wmpnssci.dll.mui
| MD5 | fc064eeaf9903f2102237b07497b0902 |
| SHA1 | a739338532500f952a38f928664a9476cd37e3cf |
| SHA256 | 1868aed19fc0566cca1f119be466ba3602c1da006a8e168ee4306f2342a72009 |
| SHA512 | 13198e1c72f7a6caff4667794d0a98162d0485415effe0d0f9013d677c59973143e3f8844b32564fd21ce80bd66421e531dde8b3f1d6197ec81fb0b090d32449 |
C:\Program Files (x86)\Windows Media Player\it-IT\WMPMediaSharing.dll.mui
| MD5 | e20c528748678a76a19c7a7dcfa90346 |
| SHA1 | a03128fbb5a109bde3f48937c943223d4ac983e1 |
| SHA256 | 7020244f91d69d07aa9a53ca4a94076d27698f0f7cb7279e1b1cb5ca35e1039c |
| SHA512 | 6b8be95c021eadf4ea887732cfebda0f2bccdb365986a56ad2327f3a29f6623bdf6cfd7b0de15a531d4320390ee205f099a2b46bb9b47357692715b8caf2c6f8 |
C:\Program Files (x86)\Windows Media Player\it-IT\wmplayer.exe.mui
| MD5 | 37e43bde3c2cd528e6250a74f582085f |
| SHA1 | 437dd2815e4d841955a5c0583bd3c79e976c8916 |
| SHA256 | cd83c93ff24a15eb6913a868cfa24c0c698474fdd0a024ebe65a966534954526 |
| SHA512 | 97e4dd2a6eab45a0b2fb139bbd8cd3c6c3dd99f2a3b67ec376939408e438b8a6ad257470ee732640072767aadf4bc0ba68f8a3085749bb0e02d33b30453de3fa |
C:\Program Files (x86)\Windows Media Player\it-IT\wmlaunch.exe.mui
| MD5 | 596bfdef25c1bc133a3e74ec40681ad8 |
| SHA1 | c4603eee7892cbbeceaa65a971a44b0789fac1ac |
| SHA256 | 1035561e51c9f2d7f166c8e3e0e232d190a702fb07f1b0a86f39310042ff0176 |
| SHA512 | 79322021849584d6c2e42ded6af3055ea32b56ae141115e3ad57db8723a12a1b70ce6741b0f11171137b4b0f0bb441ca65210708f1d77c585f92b14597880a4f |
C:\Program Files (x86)\Windows Media Player\it-IT\setup_wm.exe.mui
| MD5 | 816c49a00534f2dfbe2fb867f14c3db0 |
| SHA1 | 489251e017edb64cff8f6cfa6d35bdba07d6f7c6 |
| SHA256 | 2e1c9af24c096b404668e7ef8a63d791ea0081a721dccce6ff1a480518bd5bb6 |
| SHA512 | 6e592a0ce1322b086356529796e1882d949c0e06d370b42713b68ef4ae924cbf1cd975613692797cc99371d740834971d3960072aa1df80b1cbf848ca0c46d89 |
C:\Program Files (x86)\Windows Media Player\it-IT\mpvis.dll.mui
| MD5 | 2b5c24c558605886be0318ff808ed548 |
| SHA1 | 98e961e47c48d2e2ebe5efd35192e2997c15b1d7 |
| SHA256 | 3168c065c57cdd11dbb2d812eb5356028fb7000490f2964136fcfce6c67c3278 |
| SHA512 | d341822657e1b23100f9a2ca3bd4449dbfbc80e8e7bccd8a04c5475dc0c4164fae1fa8b0d0d9e667bf935a472f4b71582bb5a203638f234a2bce83a0a04bc95e |
C:\Program Files (x86)\Windows Media Player\fr-FR\WMPMediaSharing.dll.mui
| MD5 | e35e6d526578368af64fb30970f98bcd |
| SHA1 | 3e35ab40b742783e448b1a2385a98c09750f3d33 |
| SHA256 | b5d9145f282b51e0ef93a89c979bd8f7a8d15fa159d8b3dea5f6a36108d2809d |
| SHA512 | ca0ee35951dc0b6eb8570fe2e6c8b97d4da849823ea0093e6cc3b1080cba22d236724fa9d7a1cf10b8bf01a8b5ecd9f360f1c9b0a177916f84fd1f0a04e3e128 |
C:\Program Files (x86)\Windows Media Player\fr-FR\wmplayer.exe.mui
| MD5 | 53c23988e9a7083be0c92c56d57902e7 |
| SHA1 | 8f4c1cc16ec45a749fe77fa7278b4a1a9d4e8ec4 |
| SHA256 | b8c74c31d2c72156f0dd58bc15c72475854d359b468530763d97082f6125b2fa |
| SHA512 | aa001a397640a337e54da3ba2d4f6117e29706bc58db7a4c27fceaabea6e2e6b59e508b570197548f04154c9da2c8fe44f9666fe737b7939745d1a917602a682 |
C:\Program Files (x86)\Windows Media Player\fr-FR\wmlaunch.exe.mui
| MD5 | 3c2313182bff2ce70043cbe0c991a26f |
| SHA1 | 46f4f50dc90850dc036a3600afe5ae80d2b71e96 |
| SHA256 | 2086bda12660a49f027d29e09f971e1dd236f54cbb06b3e852d86f91ad92a9e4 |
| SHA512 | 9f7448728b467376401fa9195213bb20745b8087f747d6a241f7842b5f5f5c4df6b523fdc482d1aff9c900902d99e639d58737305f5645a6f4667a238adab4b3 |
C:\Program Files (x86)\Windows Media Player\fr-FR\setup_wm.exe.mui
| MD5 | d94c4b0c0ad39bc61bc5d68ff179f948 |
| SHA1 | 2d7daef844d305548064a495fc0675b893eaee9e |
| SHA256 | 04764e37ef06bfc124f50868e532c2b63a7914df88dbfc556f371d30018c9cb4 |
| SHA512 | cf57cad755c5163603a6e64da30f695ec18710b68683b54327e900d95a659529e5424d3bc89e7dfecad63e55ef7bdd255ae25fceddd502e7752478c5eea782dd |
C:\Program Files (x86)\Windows Media Player\fr-FR\mpvis.dll.mui
| MD5 | 48d7f32731391e0a77442ed2ccccdf44 |
| SHA1 | f36a2d2fa98ae85e083a4698907347b9f6bbcc6f |
| SHA256 | ac2866000a859393b9b9e18c1a18583bc80c46ea2e72f7bd22674e926573e78d |
| SHA512 | 04f510c4dfd8f8bbac8b9408d681e9a23bdd739ccde8ac6ab6ab612bf9e74eadfe778a1ed7f66571679cbb76afd2ada174244bb7691e7cebf9917104cb21a9d5 |
C:\Program Files (x86)\Windows Media Player\uk-UA\wmpnssui.dll.mui
| MD5 | 696a0a129f8c4b1bedaed5ffb203b668 |
| SHA1 | c5e5752aeda495ab4fab601d53d1069933228224 |
| SHA256 | 5303cf013ee95c345724d2393f2fbf7c20ea273021dd6276c98b2392affbc4d9 |
| SHA512 | 4332f846e3558e2e87a2e021427b08f743f9a7dac2bd05f717bcc6c89ff4ceef2d4fd1f8de47ea2f2d3e8bbcfb6264935278b15b82abf1909336c1e0d156ea8e |
C:\Program Files (x86)\Windows Media Player\uk-UA\wmpnssci.dll.mui
| MD5 | 236e285ba4494a0856e86348f3dc67e8 |
| SHA1 | ae65382a6ea32e7242a2a3b62f89629aaea1b786 |
| SHA256 | 1b03e7eb925610d3b4ea7092781bf65d804a3c51c632fc2ef1c389c22d3cd19b |
| SHA512 | 2fce8e74ca367a9918c09cd285be1a35d622343155a958baeceaa39fe952929e6778896928545ba4caf42a7871fad1dd85bbbf5353aa2a17930fd950420d7102 |
C:\Program Files (x86)\Windows Media Player\uk-UA\wmplayer.exe.mui
| MD5 | 65541ab6901dc92642006cb970ac28e2 |
| SHA1 | 0d995e74ec0ea8288b202dc7c4779a87c4e550ad |
| SHA256 | 051f8e6936c21309d4a43701547cf4744f4db4d318303bf8cb3e8d3dbe49e259 |
| SHA512 | 61dfe54debae38ba4d9b3c28792a37d0498998878e3786b454568f39786ef7ad8ed75cd32b91b942a2d5a80809e8f549ea118db69476ea3542380b696ea1c26b |
C:\Program Files (x86)\Windows Media Player\uk-UA\wmlaunch.exe.mui
| MD5 | 727fde31542c1580df51ed5c9319ec4d |
| SHA1 | d6b231b284a5ce62d465a9afd5aabd42abd9ba0d |
| SHA256 | 96eea61eadbd0bbac68a5915be1bd627bdc8968b0356c88d4d6538e901ea3738 |
| SHA512 | 365350dda617adf3b9454c2b6c532e56cf87b8ac6f37057221121dd885b9c68a7a9a634a06446c3627a59412ba6d4505147660c04d4db3605d7e4ad6928c17cd |
C:\Program Files (x86)\Windows Media Player\uk-UA\setup_wm.exe.mui
| MD5 | 14cd2edb21cb3709c588e40e716a6653 |
| SHA1 | ce25a4a3f4ec4573039f0b6ee39b7d58c5d8115a |
| SHA256 | 974ce6c24259f28d442dc3880dd289fe733624985b7c707bb30952104d357187 |
| SHA512 | 1b43aa35f48d3c8ea71a46e973fc123590dc077dc0c737dd59bc4c2a9982b1892642d97c5803aae4d6346254dbea8bb84689edb8e3db9dcc072151dd1e074397 |
C:\Program Files (x86)\Windows Media Player\uk-UA\mpvis.dll.mui
| MD5 | 4f0aaf73fc5301219b727418e7526455 |
| SHA1 | 47ab3a05e7291f4769bf690226b0ea54bb6f9c21 |
| SHA256 | 8c8e514d21742eca1a23430e418b59a41ae1ec021d600eaa08e76b9dcf2c878a |
| SHA512 | 621f220f6d0b89908264e2b50793af28f9d1b393602cf49bea82fe378c14a2e9738e2bbbc46202ae9171a7b7e796999df14c0dc53574a938d5103c4549f32011 |
C:\Program Files (x86)\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui
| MD5 | f2f05c1c0d84bb1cc1e7b40ff27b6d46 |
| SHA1 | e31b535e187cb58efc984f211e2a7c8421208682 |
| SHA256 | e86658a783617fa9bfb3172ed51772178f4b29a9b8d9a714a3bbc286b4d4048b |
| SHA512 | f2f5a3e4037cd2c5b6ab2ff5f80d10e311326dba592b07b0487aed26810f53ecc687dfc1d377bd9f25389d3f72921303227661c12a776ef48660b34b0d1c3731 |
C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoViewer.dll.mui
| MD5 | e7dcbea5ae844769d7efde891b490250 |
| SHA1 | 84e88b33df566918e7512026269249cfdc78a8f7 |
| SHA256 | f3696ae88131ef2616548a0a7f002260adf4598baaf4008049e89f2f8a11126a |
| SHA512 | 9f1cb40f1dc2b6c715d6f57dcb2c6dbc9506cbc69e34e513221fd3e5adc832daaf2bbddce13d31182b69f49cd35438b797bf83c405ccd1608f6dd48232cb45e1 |
C:\Program Files (x86)\Windows Photo Viewer\es-ES\PhotoViewer.dll.mui
| MD5 | c8a6a161c993cd46d8bde1fd62370cbe |
| SHA1 | ceb59f11c94e42b8f97e61d09956e49f01f60430 |
| SHA256 | a08c90126a0cc6d01b6c76bd21423b6a2dd88f22b9f7c3f964b6ac35f14ec2eb |
| SHA512 | a775bce1167463e82451cfc8177442fd5cb4145de68c5f7cdd9e6fa139c8c6f787400c5b21afa1b2eb9fb14f90a8732f9fc1931559334bbb7053e6a9ad93ce9a |
C:\Program Files (x86)\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui
| MD5 | 8b6ff4a6d6f227969c1bc7e6b8bab5b6 |
| SHA1 | 957499042fd4d7874ef309319ec8f8fa85df7a99 |
| SHA256 | b4542adecc2eda459f4c1353dfdc54867e699bbc3392db2a60b2d7f887491ea8 |
| SHA512 | aab0e633feff0c45574fe2d8c61b7cffc5ed2c873b9a89360911af1a73de251bad4c14298b37e84b606574af72f9b3f12ba2cae81db578432599e0e2d68b17ac |
C:\Program Files (x86)\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui
| MD5 | e3c7d92920f5c7f37b444f0719abcf23 |
| SHA1 | b850b9c76d9a68739f559bee2d0e48eb0a88e0af |
| SHA256 | ac450fb0415e2b7c68a00e8c37687fbb05b330d5fa9a8781651a1d8c4f13852e |
| SHA512 | 9453f748749b9da36e535e8ffee95f742f8da540bbd59dfa0ccb6a2c92707548cc97f811321b6acbe09b1af0133c2e85bbf910e76f9312220dcb759de93e5377 |
C:\Program Files (x86)\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui
| MD5 | 0cc7f505fe8d3cf3029d934c411e6619 |
| SHA1 | 61704d9106dc9ded59def38f4e5d87e98fd0089d |
| SHA256 | 721de4a4f718db39f8ea56a9e79408f23f891ae1401a8ced78782fa3cc31c92b |
| SHA512 | 91ecb0c1688474509f48b041be7ceff7c0343d60c793f7f073203a93a3b6d81ed201b02af287240cea395c9b68e8e124edf1c55727bf6fbcb11cf5d0319013ad |
C:\Program Files (x86)\Windows Photo Viewer\uk-UA\PhotoViewer.dll.mui
| MD5 | cb5432bb6fa74be5afe592acf48a19f6 |
| SHA1 | 97d1c80764ba4dbcb4fbe7f21a8993b6efbfde7c |
| SHA256 | bcbc3006a0a804cb237e755ce7d000c323f8d71945c0722833aa2fa884069fcd |
| SHA512 | d1ca1baa8e21ee5b02109870fd4fb9cac3ae6d91d29adc7a5174b08e20fbec3c59f83f8219d4b3a4b350530e802b365e92a4638f3f05ef8e445f3a0806c72148 |
C:\Program Files (x86)\Common Files\System\de-DE\wab32res.dll.mui
| MD5 | b268d70f2d236d442e405e86b2a08af9 |
| SHA1 | 5e3c585ccb08551375fc7ea37ba91209378c356a |
| SHA256 | bd80376b985f0596abd264526c5eb8cf4f25fcd92250f8344afe8c5e70fd0b9f |
| SHA512 | 6bb10fded974e46c56e0fd1aa058363f0fc3fa0fd6a8ab4a43f0519c671bdb35cad938de842f0edf88630a4f22631918f1e1b661ed4ce504aa55e6f6b867f643 |
C:\Program Files (x86)\Common Files\System\en-US\wab32res.dll.mui
| MD5 | d28b72cc5f098b0cbb697f112b1cef08 |
| SHA1 | 572e6df98fa509e0677550a25894ea10c82ecc10 |
| SHA256 | 7e8979f461950346f76e7ce04671938d286039aecf46ed75337ae2155e98fd3b |
| SHA512 | 54936613ecbebcfc5dead3d702efc597ee45a1022a1af8d669626f5236e4098a61410798a51b77368704f635fc81704c242c4046aa1fa265f86eb4e13fa55aa6 |
C:\Program Files (x86)\Common Files\System\es-ES\wab32res.dll.mui
| MD5 | 0c3483901383b302475abee51ca6fc75 |
| SHA1 | 1a794cded77c36ab0014fdaed83a48903d219750 |
| SHA256 | d150395ca2f0b90d12554d52fdb59334a6ff72a76c39838d4424a2add36cb390 |
| SHA512 | bcbd6d2fe52d6986e3680158489b467a0f197a70d20bbadd322361f6fafa9d9c68f8c8f2eea13a64bfe37f31c1bf9d2e550a25bc808cc41f6f239d352739a3af |
C:\Program Files (x86)\Common Files\System\fr-FR\wab32res.dll.mui
| MD5 | 75bfb8f980a90f1d8ec0707033961743 |
| SHA1 | 2cfa8920ac28e47550e7b727d29978ced6474211 |
| SHA256 | 9822779c439ce9cdb769e69066407502d3b12ddc9cb6ba9ad78b15d7c9239c06 |
| SHA512 | ccd3b6a7b67b32302a1d034f6764e0c8bbdf6bd446e62daabd7c0e662829f46e868ea8c0075c19b5d783f3c84236a4322c704b5f9960b7fde581a388bb7bcc90 |
C:\Program Files (x86)\Common Files\System\it-IT\wab32res.dll.mui
| MD5 | 97d03296a6501368a7e3fc5b0184b3b7 |
| SHA1 | bc9f38ab8a2f05ca6700925de3408daaeb1ca693 |
| SHA256 | d442b099ad9827a8f3c67aaa06b513b94246f6f7eab64461f902f222dcd92b3e |
| SHA512 | 7907256f4b49fa89bde4fa56e587fefce0ab53d6e49b88b8ae171416dc4b875cfa3b9c5ccd8767d37778ccb6245f675f35f2c665037a1865df5b4abd2f8bf0d7 |
C:\Program Files (x86)\Common Files\System\ja-JP\wab32res.dll.mui
| MD5 | 756cdc055d88c59db07513cd2c999e97 |
| SHA1 | 3d07392df6f6bd8d063f1e325a4474795af5a35d |
| SHA256 | 5b9e92a59d496bd64b317e38391c9896fb1f1e617cdbc56ea6046229f8f16ac8 |
| SHA512 | f32afeccaaf6e57974eeb8a28c308c9c9265e1b868eff02a71d5e95b01f59e68b04d14df10a399fc337ca0c3bda0bb2fea64c16585179894a0a6f0ba695f9cca |
C:\Program Files (x86)\Common Files\System\uk-UA\wab32res.dll.mui
| MD5 | 4307562ca9582f6e25cb0f09ff22f3e0 |
| SHA1 | f0d1212dac715a166c0e657ea6ee0cec13ecf82d |
| SHA256 | 0bd249c75a6c832f6cba3147d16c9169bed11b1a23ef96429be48cc51f2ccda7 |
| SHA512 | 4d625dbe3ba036412f20e1a8790afd4c6bb20715ca641411e66a069daf1748b975eacab812ed5e65351aaea4e85774cee77d4c5ff6e0463e80aeea8b1441b468 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui
| MD5 | b896867c4bdc44cce6e5654390c71e45 |
| SHA1 | 1e62869d1c68e2625d7906c25ad6ad33a9cafa58 |
| SHA256 | dba3537ff7cabd3d6d8c5627d3f3bbc389dbc3c40efd5d408e3e25e20493a934 |
| SHA512 | 477b79ff1364ee71629b8b9fed300c483f6d66ca92a4299d39ac9db2a37a3f6f858d2461ba960d3d651774397764d94a81f31a637699071483d717a7d9e83a3c |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui
| MD5 | e957ceee9e007fc6fdd3c6bb5bcda0dc |
| SHA1 | 4f83a8f8a9e80a7747f7f0a3780289a418558f9a |
| SHA256 | 4cdf776ed1baac8bd266958494616a965530ccd9ee5876e5e37e8d65267f9a0a |
| SHA512 | 9ece90728ccedd7e6e7c035327227254d433a072c8a122c0cc268fb078e21217dac20caa746ce67d63046b837f6c7a4a5f81603ac61902b4907764c65cb64b9b |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui
| MD5 | a9098ac7923b592d7c800028a4ec2133 |
| SHA1 | d33d54ba494427e692d3397be5c7ad91327bb780 |
| SHA256 | 2dbb57e32050f2b0856e45d3a877c0f0c6395af83bbac78bafdb8eb85b556364 |
| SHA512 | eeb4717a699abace3ea16f419c6cbf02d0e260f8bc145e0e05b71d6775c0d5696844adf9e1aa834f508a2b13b6434be919365bce655991737b514473d39754ad |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui
| MD5 | 1113e1df7b5d7d82b88956e1e4cd7502 |
| SHA1 | b2e2095b9317e42e26437a091c97bf014b5b75c5 |
| SHA256 | 7df36437cb65905bd37e578de2bc8a56947b62923463252d61c81a81558946e0 |
| SHA512 | be0ddabc5bbbd31a22b5852940bc8cc959373c5f5361e21a102740bc4a0909f5ff01dbaa12a0db760a5546d99161b9cb056c0f2b98d8c276bd6b3d9428d33a4e |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui
| MD5 | e71b7c47c5142cc9504070c66483a666 |
| SHA1 | 5ad3ba4bf877d55df7e55962b921bafb1c08b01f |
| SHA256 | f9179daf95efa32dad59e4a46483865c38e28599bb4df48b40ada93347e2797e |
| SHA512 | cf07d69da75b103f852b2332b36d9244b27ca54651bd8421ecd755474c20b8ae0960b9a08d79e46426ac2ce00a1a3147a0022cc3f80233a5effc1cd4e55f6db7 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui
| MD5 | 52bbfa4b43683c2d19f57a2ecf34ee3d |
| SHA1 | f9a91495f9420c15c5294891a8397a283f1fb44f |
| SHA256 | 02c3292f25001e520b649097f87f282dba8b5c32bee2639a97f9afe89ee7f4df |
| SHA512 | 96e560e101c046977472df097446ada04a2b53035efb90379e036bf7956d3065c0ea7c346b59ff1677dbdb37ee1f51c5188112402c5d78bc896f0663f89dc44a |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui
| MD5 | 64a1dce13877d67947a9a9fa37558a63 |
| SHA1 | 434f4b5fdfdd2d2b952478d286e32bed72ac8b7a |
| SHA256 | 5e31aa9da0862f29387f14e458e844b86e21ae92261fab3706ac4cffb06b5f73 |
| SHA512 | 95cdfd2de3f94616e4fde397964f768c9ecdaf07c819747effe570bda2c60344b34f2863ac9a6b868555000a8304d896a2b556734eedd6295d5968c75867329a |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui
| MD5 | 541aa400745ff0fe87443fb09986c881 |
| SHA1 | be9ebd16a87d5853c3700f989d4150bd444ba567 |
| SHA256 | 678b5f07782447d972f7b257f262bb70efa4a3b1149984637f26e2d5bcc8e1a4 |
| SHA512 | 9f1171051776e429f8f2cdee8b848fa31107310e58cc51d276d27e178c82ae5dd01e1f81fd7e92c49def82cfb381ac72a674e2152dde71e4b82eea7f7b9ee122 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui
| MD5 | 62e627f88008b91fc86ff59981b771df |
| SHA1 | d13f4170ebb8211b13419c00c823550a2d7a5dee |
| SHA256 | 7927efc49bb16567395715356feaa18d1b56c958b52fe149dd51b0803abd41c4 |
| SHA512 | 2b5081bffe5fe9d2ac86fe4670946c99afecf87263d932aba75874e3943de22f918e0948fd2399fc673e64f0d383fff6c6301d5f841a5fe6022e1d1721459c5c |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui
| MD5 | d36a2fbac3ac6039687170b1ba72c077 |
| SHA1 | d855b9c0d0a9490f2657d1cdfe0abaea18c42867 |
| SHA256 | 578003ca4b5aff7194f03981d591b5c8b113d100ba956b184ad778aca588b588 |
| SHA512 | 34283c81a83423bbb1eb3001f0da4be2f07c8ea57290fedd0c03bafb1a64aceb0294cb4b11eaf3a0b017f2f57878d3f31c10844e0566c9224c47ba729073757a |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui
| MD5 | d596dd9fe071fb8bcda58ee082c0a52d |
| SHA1 | c512782497284c665dcb57784fc8c84ac4b73540 |
| SHA256 | 9a586fddc06cfe200144c62afb3418b8f5f3d8769bd7807ff0b313c272b051b4 |
| SHA512 | 494967ea5ecef1e98bb1ae1bc483459fc357384ab7f7fc094b0153901909bfd416724e009eab791fd541f7402ac78568225e4a9090d7c5677769359a2fcc3152 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui
| MD5 | f2e7f1bf1f5b342d4cc159a4e339be9e |
| SHA1 | cdc65144b369f5a0636dfff32a560fa478f704f5 |
| SHA256 | 82cc823906edd6ea4540e8f820a10f28bee033d7e3bd751799d1f0f4eae235a7 |
| SHA512 | ddcc49ef5eb334b710e0566275ed70475b42f4ce82033518efe839027e4891f92e8602cfb63cd685013f2f46742b5bcaec8844397be37d5d2793a9c4b6690437 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui
| MD5 | 4a33d5c8e5f5ebe017aa55d5f44d230b |
| SHA1 | 60dd29969145b197837147f3ee128c1eea263e28 |
| SHA256 | 04cfd13265a998528a77fc40f6ef837c74e9d2eb86c234a0e9f482fc6ab2623f |
| SHA512 | bf38fadb4a469aeec1b8f4fe8afeef039ededb5beb3296effea2627699626f38c7c89459a1f40dae6ad47a710941f266eed9dde9cea494c5ace7878867ee74ff |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui
| MD5 | d280a228ad6eeea9f32c8fbd6c4dccef |
| SHA1 | 01ffce78f98aaed13ec0fe879967e4114cc9b281 |
| SHA256 | c4f5648b39e5f1aba00e7e640efc68935de54952b3807d3f06b129ad286efc2d |
| SHA512 | 118bcadd7c5e65182bd11e6ad726408a86dd4074e7d136638ebb63f5cf3e11c2b115d2c33f58566c66f564441303701ea28e19a99ca2eeac814edc9fc375c3c4 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui
| MD5 | 1845186f296b5dd240ba2fe1c38a4933 |
| SHA1 | 3ec2cdc00910edb0da502566070bc955eaf00813 |
| SHA256 | 05c45c6a86d309e67b3dbd8486e06cd1fe2025ff9882230c564043e20105a005 |
| SHA512 | 81e406835610cdfb08ceea1998e42c399f1e2a8962afa5bd45b04d6c2ffe40f0a29791d6faab32e1963c7ed57d3194362df6349cb772d0019d206362d732dba9 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui
| MD5 | ca387dc9bcce8e3d572a75de398d7094 |
| SHA1 | 3371faa363858931f96a127149a779767e3cac15 |
| SHA256 | 1d57288430654bedcff9b5e1bee55da027fc85f0f281fad6db8433b1d0561a52 |
| SHA512 | 850d7615c1f44a910e4327605b02b035066498ba75f5439067fd81b1bb6f0308e75bb8b6b3aceced9f7a47abf17fbeea2dd65ba9ea4de7a188c010f9d24a5fd7 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui
| MD5 | 3a3658eddf24a438fb007c862227f1fa |
| SHA1 | ff38d15ad2629a152c66d20363397c90737ceb70 |
| SHA256 | 626f524a79ebb0d3b2acd5e901c3f365b8bc87ea52bed93af2b1567b5053ca93 |
| SHA512 | eef665f1b01f9b188d660691a5b689768fd44f579cf0b7c0407f479d694f6f680da70517687c9109232143dbcf83127103dc7fdc1e4c8da0b35dc59e8e6b0f53 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui
| MD5 | d739f8ba73f5380627543be48848f858 |
| SHA1 | fe3523393c00a5eb123910e9b2ca9d7789b1ccf1 |
| SHA256 | 787cbf5e63f9a0bae3d0a4d353f4bd7e078d689bf036bf65183a762e4af96e5c |
| SHA512 | 9579a124a77facc59767fa6e992289a3cf85ab9ba50957968507d21d7f48be926f342414fe52653b1d481f35964206521a16f85a45d3416fc96260601cbc9941 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui
| MD5 | b0bcecbd84f9e206a38c71a6bb1d0afa |
| SHA1 | 4ac23b9eb94076cfffcd8d0a2af949d56447f682 |
| SHA256 | 0d878212309dc3b98ce5dbafaacb19f0cf4bf76ce6c9f61fc103b9d165701e1e |
| SHA512 | d72c9df39ed3c8775443099c81116354d0fbee06256fea4f8296753e970d0e64e32d7e78a58aaca74152b54c3cb9a39de3a911818279905f9e187720ceba0c1e |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui
| MD5 | 6a8eac6556d1099e66dbb29b4132b8d6 |
| SHA1 | 39ed784258aa5439c853a0aa3d20d99706efa066 |
| SHA256 | 25091ca195f6d74923947020aca59b031956db33800a34029e90536b499004c2 |
| SHA512 | aa4fc338cb79eb684eb17ba0e977146dde0e192b57eb0cfb4c0ec8db5bc5ef50e08f61bbd78ff7c14c869b38f6f2c230b4d52fbe2a00f0f5c22b6c98eb6f5062 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui
| MD5 | f6438a93a8befce8f2e7d41130d65541 |
| SHA1 | 8ac1988f73f5141dcaf148240937de70c73556ab |
| SHA256 | 6f811964604bd1613720e992d3eee451108d28001fb2c71ac1793dcdaf36a93e |
| SHA512 | f9380f15e8461b6454142c49aea7cc078aeac8da63e1c6022fd5fd4589fd6f8bdfd4ff87b64a3bdfecd4eded882ae19c0cbb89da87c5204f439cafa6629336e7 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui
| MD5 | 2267c3013f3247e9441ced87dacc69c5 |
| SHA1 | f578ffccca249b1db93af95a29aa92c5e3ddbd3e |
| SHA256 | 99eae74d0be6d8793897406af6cde0c0fe56a39eab5e117709dc16d7064a1e1f |
| SHA512 | db37facc7fddf03a67f10e8f7083b96a6f188065e426b6e29477275fc0f82721f91f80859a5363dd6ebc0e581fe1a1c4b45e0fd630c0ee0d594ff1b2b927abec |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui
| MD5 | 31c8534182e95f09e3e05e802d4a8f4d |
| SHA1 | 4daadff408fa1d0b68f0070f0501f130ec81b7c4 |
| SHA256 | c93b75344b075e3db69ba30756c1a51394e22fed35bde104412cef93e1e4c898 |
| SHA512 | 10b62701beec0ad4c9b99f4d5ad82e9cda417a4e51d523e7d013cfb096d8af62a7abaac0d61d3c276633e253a02e2a6d899de6577dbe820e5c5ebf8de4da22bd |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui
| MD5 | 60365d9984b83d7a0f2cab171966a4e3 |
| SHA1 | f8329db5a2974b920af93fd9fbd59448021db4b0 |
| SHA256 | f7fd7c8bbdc3272765ef9229d6392efd54d48bd923f5795924ce6de1ceeb7fb0 |
| SHA512 | 9b6ac446650ad6fb5642b7f972edaf3ea421986acae7659bfdec91adfa56ececf5062ce2779958c947c2ff3fb11ea4326ce74fc0a7ab137a972fd41540131ab1 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui
| MD5 | e1e409c68be56bf18dc7041b4ccb0541 |
| SHA1 | 0119919f2492b7bd2cb5f7c17c3b3937762754ea |
| SHA256 | e6a37d3434b227917294c11569aa4ec67eada5f2a79130668b8b3f6bdf5652c0 |
| SHA512 | 426c7e8ae78bab0ce2a4c9be24cbb1ce4fb785add73942c20b68857325d2925c15e2010002576cbb57eb9ffa28a45fde12952a59ee0570e9df3d1920828bdd61 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\uk-UA\TipRes.dll.mui
| MD5 | 753c2734247fdcbb8d0b85da322811bd |
| SHA1 | 515bd28f1b57d30280f28cd9d519cbe7b4ff240a |
| SHA256 | 5092084899f6e0461ea64a1f919dbbdbe5541d85bfb6c01973502d9cf1c23eaf |
| SHA512 | 2954d495194e94617a42d90bf1c48b672b980398287dc37f53a6fca2136b10dcb6907ba0db24b42bb126433c991ccb0afb987f7523d8c3749b81a5bad2b0f884 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\uk-UA\TipTsf.dll.mui
| MD5 | 211405cede79326d4b38f49e31e488f6 |
| SHA1 | ae3816aa3761a854c8651c382600144ffd8d84e6 |
| SHA256 | 805b74b7f9966791f16518084dfa0b5ebbed656f5c5f7038986ec1b17d00d8ce |
| SHA512 | f8768c8c964b1c0ff8b167b6536d92642c8eac6f43ad738ac688fd694f7bdc42bcf5833619873339d836c15590e3d7107a3854b84187364ace45acb3bee0db76 |
C:\Program Files (x86)\Common Files\System\ado\en-US\msader15.dll.mui
| MD5 | 49f26119dd0d06770fdaff496278ecc0 |
| SHA1 | eebf04d37a3db3a4251b8057f4669f5a28e6106d |
| SHA256 | 2e3f61027c761471ed2059a5839b331f6e35bbbee94b022b0ea7c7f7491361f0 |
| SHA512 | c86b5712928aa0a530b4f349e16868175afff1ce15da19460932ff9ef05f8202d91a73e33770d7ef56b41e82c884146e3581031c05992494c8a9374fd742185a |
C:\Program Files (x86)\Common Files\System\ado\de-DE\msader15.dll.mui
| MD5 | bd467c649784d98ecad19994318a714b |
| SHA1 | 8d2e5c42c54af3cc7c28c4794d97060148152728 |
| SHA256 | a8e967f5530faf87f5e39a7d0dd8edf1faeb7ab3ff776e970574218c84399be5 |
| SHA512 | 47eec2e4a6bf57cacc6a9a02521ed698ad7ddd020ceb5502dabe8582987f9e1693aa671f5f8842ccbdfb6d9050e29f60bf70f0db4e958ba1d8654a736bb684db |
C:\Program Files (x86)\Common Files\System\ado\es-ES\msader15.dll.mui
| MD5 | c5bfb97c9a3f6083117e8a4444d06bc5 |
| SHA1 | 3f92a94a441adc7355280a946fa2a590f8e8b234 |
| SHA256 | c84bb0ba9e8a512fca9ce3b1df337686b4e1feac0b8fe12f49c69808d857c871 |
| SHA512 | 4acb598c7b36a1256fa60876576f171760dd77f038e51884012183fc5f30f8f3e14e80aedff6965bf0c6a2c2f1d62ae60e1ffcd22b34a6110c8bfbcf02506fc1 |
C:\Program Files (x86)\Common Files\System\ado\ja-JP\msader15.dll.mui
| MD5 | 494862969a8afdae455842b631e20c78 |
| SHA1 | ebc9bdcb927656dc9cdc70c76e2177d912ef15e0 |
| SHA256 | 878bd97b791688c05c9d10402551247344366811c2d37be3ea4d683480509f5e |
| SHA512 | 3cbdfe83f7a57bc69bb76c75c49d073949aa66abdca25fb45f45e3c39b1c48a5ece8b6d31a4c96fad4ed6440acd81c44d9477b0f9b9ae26d3fdbf46cf392c4b2 |
C:\Program Files (x86)\Common Files\System\ado\it-IT\msader15.dll.mui
| MD5 | 846a1c7a4affbc474c257017117e620f |
| SHA1 | 43aa8ac19ef346013e3bd0a7b903bc7e3c4b2b88 |
| SHA256 | 9b443a4caeb09f066eb5beff469470152e27940f467b2dec0e320e5441d7cfa5 |
| SHA512 | 3bfdfa353be27d3808df1f0ef50502d7846a6757132936323c96d7dce356c178429df06313d0d57b086932c7f5c828bdba7207b9b1a22fac54b24a8bae5983e2 |
C:\Program Files (x86)\Common Files\System\ado\fr-FR\msader15.dll.mui
| MD5 | 90aba74ea53f0e2768a4289149a35d2c |
| SHA1 | d64a5932b60e229f6cb5496bc3f79da384fedc85 |
| SHA256 | 3749371e29e534631b4f18c463dc825d38d7be1bfffa647d0b9666c4a0e3a1f4 |
| SHA512 | 40ac94578e18cd4b4b5a0cdc5a28d171539ffb424c11c84bb2e42efc3978808cfba3e1e8ce41698f5f9d5fbd173e3b63b24c20df88becbd2bd62a15713d7c335 |
C:\Program Files (x86)\Common Files\System\msadc\de-DE\msadcer.dll.mui
| MD5 | e8757e79ec501b502bb9565869ed45d0 |
| SHA1 | e50321a3bb86123cc78cd20d84fb7d4b4bbb541f |
| SHA256 | dfd936851aecf6c03b5a86189ff4a206122f4a0fa9a63502a125528e9434b14d |
| SHA512 | c3c4297601d8531d1ebdda3e5500f07314210fddf07626c5c253c14ba6bb54c2d26c4d916ccfe9e892a16bb2ce6efcf8f2b6be27d77746b7abb04bc31ecba27b |
C:\Program Files (x86)\Common Files\System\msadc\de-DE\msdaprsr.dll.mui
| MD5 | 3f540aef870b60e2c0f5b58644c12c3c |
| SHA1 | 555130a7f287463935395fc1a71ef3c4f52e4de0 |
| SHA256 | 0bab2add772d32e24820db65f646348f6077ba2f5c4e60dab49fb607ee1221bc |
| SHA512 | 90550a3b0963bdbfde72b1291046704549a4b925952391bc815097710f173f37a5f09fba311e787e6002f0b78c8f7b9f575978402cbaded9441c3de71486fa60 |
C:\Program Files (x86)\Common Files\System\msadc\en-US\msadcer.dll.mui
| MD5 | d9af564a9d59b6dcec75e776badf6ec8 |
| SHA1 | 81cae7d396e309b2982e03506fe87ddf91e722ae |
| SHA256 | 4d499a4dd6d3d2f3d7f62163e513eb609d5646e335f0e4877ab241c27f712fb7 |
| SHA512 | ad8db1e5efab581daa25d7c972db33dacce921c77d01bc2e8417bedc22add87641af931004a350a0e7d13ad3cf07eb51616a2acf99b5d98186646cc27c51e4f0 |
C:\Program Files (x86)\Common Files\System\msadc\es-ES\msadcer.dll.mui
| MD5 | fff135b79bab471eacfe9a828ab01a28 |
| SHA1 | 459ef55a1e21e4fd5326c3fb0b335954adb32c4d |
| SHA256 | 62bfe2cf5c185c34a1a0573f8284a44a6714485400907f06cd3772e12698223a |
| SHA512 | 6a3abe51bdc432ecba0f17da27c1c993b42bd9111de13d6439543dba935a432ebefc24a2775f23f247bf8f4e52502ad9e52586fc36c50f96b9b18509ef42e77a |
C:\Program Files (x86)\Common Files\System\msadc\en-US\msdaprsr.dll.mui
| MD5 | 1610b6f98a502f6f87f35e9f172bbe22 |
| SHA1 | 0e5994c2abd184ce4369e3549b1427798d138283 |
| SHA256 | 89eb989123523c550d3d0885c320e8f52a36a2ce7d9beb0ab8fbcdceea6729b5 |
| SHA512 | b43dfc79e78a4f5cbe7dd325e8bdbb2ff74d83719efc9d6598f82391ebe1f5bfd991b5f167a54aecbfd5eae57a3a60f0866b2db1256a1ba950745ddbff8c9674 |
C:\Program Files (x86)\Common Files\System\msadc\es-ES\msdaprsr.dll.mui
| MD5 | 040599f3a351d7511f07798f08e1ffc6 |
| SHA1 | 0aa54c914f242774d88032d6c68f5ea986633444 |
| SHA256 | b33f06f2ce31de2352057cfa83d5657b71ef6edea9d277bbe3b96e215510c752 |
| SHA512 | b76ada16bfb1ba50ae80e8cc6b04c48a9b9a3d13150634f180e0566f8ae5e9a117aaf7a5db4d794341640b2ef1e64887df2cb9403df31f7c6bf44abd1d711af8 |
C:\Program Files (x86)\Common Files\System\msadc\fr-FR\msadcer.dll.mui
| MD5 | 76615d94a356142c503f3b0aac2a35af |
| SHA1 | bc40cc1e361f6cc77b76e29108d9c02e67d3b23d |
| SHA256 | c7440df10f6c878a63ae8a957b1cec4927a7ade7f8ad9a81ffd6454dc16a8571 |
| SHA512 | 3c24a936b30b5059239453d7c9abff7cf4cea1123d465750a8f8cee4d01fd64423f9fcc5d745a015c52cdf36d38eab84bbfe31b9a127c7c2596be37912a6f8ba |
C:\Program Files (x86)\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui
| MD5 | 71e5c635287fbe689d51a8c3ad3a3a98 |
| SHA1 | a9952d535f707c03155b1a4b6100d69af69efbd6 |
| SHA256 | 427f805d0567fd6005424c5c81531ed685de6a97ae3804398beec4c5c26579d5 |
| SHA512 | f56204ad0066e51597508099bffb6a44c820a9f3d112a439af7a17d780df719c44d546ea4f46f78b065a30d7758536135adfb50f9979b170ed4c01432851b05b |
C:\Program Files (x86)\Common Files\System\msadc\it-IT\msadcer.dll.mui
| MD5 | 876478fbe975fcfdeeae8514b363c054 |
| SHA1 | e7450e26d2ddb3258b15c40c568249168a464828 |
| SHA256 | 21d5aa23b525d7291f08031f2024a4b4ddf48b64cd3637fa12bec8e2fe84d6a6 |
| SHA512 | 8fdfc486f1fd3473dfa9616f6126ebc36b68cee3de33c5d7eddaa351e1305bb12e1eaf0d698f931d5958711ece9b8b596b11c301219e194627149fd4a8e8b95b |
C:\Program Files (x86)\Common Files\System\msadc\it-IT\msdaprsr.dll.mui
| MD5 | 59b4dac6637bd968e88615cd9e0a38d8 |
| SHA1 | 94853779569c7a6fcfbd39ade4e03b013deae536 |
| SHA256 | da0925bac267c714928653cebcbb2243226ff9c3fc469cb38f9aba3929ed9673 |
| SHA512 | f02e8814607128ecd66e1fc34ded83c28e24a9a85921a50fbc833ae888911b148987a3326ebd91870f5436950d147b4fccda883d439e1ee486a29b43f7ac80b5 |
C:\Program Files (x86)\Common Files\System\msadc\ja-JP\msadcer.dll.mui
| MD5 | ec5c2b06647d7a2c05632f84a3f780ef |
| SHA1 | aa63d1c4950c3f8943e165c77c969f8961bc0fa7 |
| SHA256 | 9eb8a64af3a5092900b1688b48a1bb8a0209515c99eb1cebc1af3ab145d3a946 |
| SHA512 | 5ee2f6e1c3a1142e1ca2e73088e9cea6bd3620aac811e0efbb52c3634fdc4864092a013181d348a3de3c543b5608ff62d41b6470b83822cdabf8a372a8df590e |
C:\Program Files (x86)\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui
| MD5 | 45929c96f184b119ac1cf4c90c6861da |
| SHA1 | 4fa0c979e7eeeb9d05dfabe3efa4a7b09910cddf |
| SHA256 | 8228ab9d21f647343866120078d9a205fe02827ad116dcf7410c4d1137df2995 |
| SHA512 | 0a95a0cf703c6bcd60ae428a5cee9f0a0e588a755f95eed312208bf72c73193619ae727336e8bbe9f4c06741ce2aa12a111442a92d38e122f6196335b5df7856 |
C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui
| MD5 | de501e0a97d986f753716a3906f9f01b |
| SHA1 | dbf237870b67e80c42001f3ea693bc39d6d8da1a |
| SHA256 | d597812787dc821b5138c565f2caf180136120e66136ec87e845009b9efa51ab |
| SHA512 | 0a645398499549807f1978f25d1e10c8efa170244ed3635ffbd6b949961782c6398c62813ae3a8d8146bfcaa292ef6a1fd44dabd7f5d9dde21bf8097fa72eb02 |
C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui
| MD5 | 510afe9f344bfeab880ba964d22cc8ce |
| SHA1 | 9df84763e15bfecc9cccb3148876b366224b0f4c |
| SHA256 | 6d4d17a66b1135cdabefc1e14770f9caf619a279a11c46e733af3af60eff2eea |
| SHA512 | 87e4450c5cef5b473d003ed0dcd0c1b816b4c8bb9c093cac33ac5395e5eecbd965c8bbc2eff20946ff4f4a8ef06a4b9fd2b4c2b9c35200dd69288a02c893c55d |
C:\Program Files (x86)\Common Files\System\Ole DB\en-US\sqloledb.rll.mui
| MD5 | 3d0d4d046165578be6d4d50338266151 |
| SHA1 | 3ecea768f12510327bd17e73491cc48a51bf16d4 |
| SHA256 | dab25b93b4ab6571285311535e67a4dfddd685b4bc4396513aed2a8599f83391 |
| SHA512 | 6bc1e1e596272ea7181fab469c15eaa319b26c0f00777b6089157fde4544d9f8139b1f223a5c8a4be3e40adf549e9044a4c63f7e6eb6b4c2c61d87e3618c0657 |
C:\Program Files (x86)\Common Files\System\Ole DB\en-US\oledb32r.dll.mui
| MD5 | 64b629ab22865211cd4975de6f9d39aa |
| SHA1 | a1eb1e9195e4d8afcea6d053213e16abf6b58bab |
| SHA256 | 62eb956fd63becabcbc46a4ee2b2383dab7cc71056f474a807b1121103e174c7 |
| SHA512 | d12bc54b27fd980183eebb6a47c57c5a3e5c4f51be1fbc13b9c0dfb7eebcfbb4a7ebc7a868d03c31f597041f0c01a84701d884f1f2b23fef9f9c1a3a548df93d |
C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui
| MD5 | 4c3648333702446e663bb95e029d1f60 |
| SHA1 | c67b93df21f99ec1a83335a9fc2d54f842831506 |
| SHA256 | ed8c01ab63b4136b21793556d0d8a2cfc2e66f0439aa1ebfcc193ced545c7d1b |
| SHA512 | a1c59188125c93b4e54ce0e6dd6cb64e7b3d671d68c7a394ac8f623b21d6312fdcc10ca6df1177c51a1ca6a571b3c5fcb877225121451e1f35c9d4e4a0f9e568 |
C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui
| MD5 | 85a9119ad38cd46425ee281206e22363 |
| SHA1 | c211276e23c3648bc66d88d5805242077ef26f12 |
| SHA256 | 946b8f593b84a12880e0fd0d9f47a1677c9c50b2ebecc8c2de2d170c0f3b4c84 |
| SHA512 | a2fda73351cbda2769c757be517cbc81aa091fc8107c0181bf2f5c97f14bffec2a44f21b676732d7064c853bf3c660d0f7681e12231e71cba605443b28fb0ebe |
C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui
| MD5 | 4d98d7c90e5c26d5aad01becc25f1cff |
| SHA1 | 1a542dc4a47082541e356aa41b5c9045ec7ab2cc |
| SHA256 | 8da5d1f0929637b9802f36620efb28ef680781cb9fad4bf83a74740fdfa5283b |
| SHA512 | cca2a42484bdaf4c2d11177380cf8d9305b96c4170774034f231cd48af2c92e363a768f3bad4f3d905bbf36cfdd53f69b30946d6e9b966861b23499eb66461e3 |
C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui
| MD5 | 0c6d9f703040956b3da56387935dedfb |
| SHA1 | 753be22347b10eaa11d98a41c2b49c060a47fc74 |
| SHA256 | b74f96f7c12213e059772251d5ce45792f2e3564f1b068220b9fcad578cd6c39 |
| SHA512 | 890cdcad09380d3f1758bacbf778b78c52713fdb6f5ed11c6e2701efbbd782442f88a78332282148379a053eb34f8fc81195a1660cec3e9f26478c8126c5a901 |
C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui
| MD5 | 571a52bc91767476868c2507181c3ada |
| SHA1 | 65cfb04af09da9cfb39b93a5f8409993424cec57 |
| SHA256 | c0d33bac2fd02a9244764b81ebfdb764b8f71346084b3681f0d5082e0b6c18a0 |
| SHA512 | a6730c63e4c7a13614a543335ba76d7c1560ec15e0bcf843b57d1fe20ec16809589c852c7840a505558030015411b8e68a63117e0f0ece4051bc141d17153002 |
C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui
| MD5 | 1136b54d28622f38988d48280eb29ea6 |
| SHA1 | 3c4706d052b06c5de6ccf4315d2942fe262d3e67 |
| SHA256 | f32e1a57f1a43339e188196f92b4ad50b2ea4f020e9ebda8aa2256015c1a3041 |
| SHA512 | 1b006b5ec28f6df6b468e4e3a4625b1b84c9a9f4ed87254028df098ce81eb3942a0a963ac98f44055627fb34192edb735691f01c2e9d7f33efac0aa9bd6b8824 |
C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui
| MD5 | d7580dbfec79fb00a05699704e7e7504 |
| SHA1 | 33c43255f5f61c5322ec403330ce977b0ac334e7 |
| SHA256 | 51d7e20e3001a70813312d5694cbe8fcfc531e8601ba8cb7d60fb63832872db3 |
| SHA512 | 87e77a530414267b8027fe200c4f04e5d93db934c823dcf234de6a834a7a2ea9aa13e2af407a6a422cf78892e6303088965462f314a2eb41072793463e2de859 |
C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui
| MD5 | f60b3cd38cbc6d669d41057b0e96ae06 |
| SHA1 | beefc55b425f1536e60665a6226478aaac37267d |
| SHA256 | be88089af7a6ee448e32c562d89135303a5bce6af807f012005b1d768669ec8a |
| SHA512 | 5a79ca838798c9df93edc203fd59508575ca1aef65f3c005a795d0a54324d305d2902a7e05a1d1f3e72f07432da2d194e696367df27787d9cc7dca05c52dcc70 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
| MD5 | a73830aa40a1c7ca00fe68ee4cbc4bdb |
| SHA1 | f946b1c49d7f149aa0bfadebcc2d71b5706c275f |
| SHA256 | 47c4c606547ed578741b498eeba643d1f33b76b76629c6b59f4e0e422e440960 |
| SHA512 | 72056ae81b6ee9e2d0719fb2ad1200f876d2c265ec9aa91f05aa62b9bc5ea5b1f2bcfc25e12ce2f8e338633df32b580791b69530e73b73ac3f344691a3f7384c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
| MD5 | 800c619d129acf489f2281442000c361 |
| SHA1 | 08a47fca4c09d04547c58e0781bf59531d70cfd3 |
| SHA256 | 8933465438adc5c5193eb7fbadd6c6e7565d2d460fa517d0bc8f21cee49f4a65 |
| SHA512 | cf467ba93136084d23b3ad4df5330c028ecdb3e93500196f57c134a7bb3719fe2d4fe0e0f378e8fe10937e9c02cca4b4192b6e54d6a18721ced257478ec12092 |
Analysis: behavioral9
Detonation Overview
Submitted
2024-11-14 13:19
Reported
2024-11-14 13:21
Platform
win7-20241010-en
Max time kernel
117s
Max time network
119s
Command Line
Signatures
Deletes shadow copies
Renames multiple (9104) files with added filename extension
Reads user/profile data of web browsers
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Windows Journal\de-DE\Journal.exe.mui | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BS01639_.WMF.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\micaut.dll.mui | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382931.JPG | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL090.XML.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_zh_4.4.0.v20140623020002.jar.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_right.gif | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsColorChart.html.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uz-cyrl.txt | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\msadc\msadcfr.dll | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR7F.GIF.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\glass.png | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\mobile.css.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD01181_.WMF | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE00608_.WMF | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\ORIG98.POC | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\access\libsftp_plugin.dll.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_On.png | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\System\msadc\en-US\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_ja.jar | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.MX.XML.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Eurosti.TTF | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\settings.html | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Indian\Cocos.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_received.gif | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\QUAD\THMBNAIL.PNG | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\DataViewIconImagesMask.bmp | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\vlc.mo.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Maldives | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\UKRAINE.TXT | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH00524_.WMF | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE00052_.WMF | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\EXCEL_COL.HXC | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_same_reviewers.gif | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\GKWord.dll | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0195772.WMF.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\TN00217_.WMF | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\TR00006_.WMF | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\shvlzm.exe.mui | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21400_.GIF | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\biobio ransmoware.txt | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\js\cpu.js | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1254.TXT | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Biscay\TAB_OFF.GIF.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Windows Media Player\Network Sharing\MediaReceiverRegistrar.xml | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0200611.WMF.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ICE\ICE.INF | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\Synchronization.dll | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Accra.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Midway.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar.EMAIL=[[email protected]]ID=[7189AED8B8AE6568].biobio | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| File opened for modification | C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.bmp | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe
"C:\Users\Admin\AppData\Local\Temp\7189AED8B8AE6568.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssadmin.exe
vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssadmin.exe
vssadmin.exe delete shadows /all /quiet
Network
Files
C:\ProgramData\biobio ransmoware.txt
| MD5 | c8a67f8b8ce607ff54e7ea29fc000450 |
| SHA1 | 4fc728744bb78a8c29f05c67e067d3af755c9cd9 |
| SHA256 | 9a0cc9b664d21fc01f93ce946d8426cbfe4a38623e2b6fe06c967291fc9840ee |
| SHA512 | 43148dce167a73b32b26a031e97ca75b8f7be8bd0391217d855ed7ae1feee09a9a7a4f356f30d054a9c157cf29d25b24fff321c96f01cedca86cc348f3f556e9 |