090580569f47c90376e9cdfae15b493939241c57600727b57fdf56a8606d06c5

Analysis

max time kernel
25s
max time network
21s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2025, 05:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Size

149KB
MD5

7f040e7be2a5085703fe895d0625c925
SHA1

0be799d98e6719bfe594fb502e012e173bc0bfea
SHA256

a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2
SHA512

746b5b8b1c62e8e500e5d91fabb8c7a9ddae5a47440eb04babfc8a7a39dca89f51c2d846b5bc1993217c1dc7f8f6f9b2aa29b42b6a59c3fa5357cf48f020cfd1
SSDEEP

3072:+6glyuxE4GsUPnliByocWep9/PCTgLbvI1:+6gDBGpvEByocWebPAgLDI1

Score

10^/10

discovery ransomware spyware stealer

Malware Config

Extracted

Path

C:\Users\u3faqlCea.README.txt

Ransom Note

~~~ To Dear Rota Trasporti Team ~~~ >>>> Your data are stolen and encrypted We encrypted and stole your documents, emails, and databases. We have viewed your email data in MailStore and can find all your customer information and customer needs. And we found some companies in Italy that do the same business as yours, including but not limited to the following companies: 1. https://www.girteka.eu 2. https://www.teleroute.com 3. https://www.nieddu.it 4. https://www.robustellitrasporti.it 5. https://www.matricardispa.com 6. https://www.monguzzitrasporti.it 7. https://logisica.com 8. https://itlmgroup.com 9. https://www.sogedim.it 10. https://www.dgftrans.it If you do not contact us and accept the negotiation, we will sending download links of your data to both your customers and competitors for free. And will report the information of users you do not care about at https://www.garanteprivacy.it. >>>> What are the benefits of working with us? Network security is important, and you can consider this experience as a paid security test, we will help you point out your network security risks. Our ransom is much lower than other ransomware, it is even lower than the price you pay for a security company to do security testing. This amount of money is nothing compared to the fines of privacy protection laws and customer trust. >>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete your data. Life is too short to be sad. Be not sad, money, it is only paper. If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. Therefore to us our reputation is very important. We attack the companies worldwide and there is no dissatisfied victim after payment. >>>> You need to contact us with your personal DECRYPTION ID: 055CF6F4EC4B6BE3ABEE0872AE2638AE >>>> To contact us: Way1: Use signal (suggestion) 1. Download Getsesion https://signal.org/download/ 2. Add friend username: aleen.29 Way2: Use session (suggestion) 1. Download Getsesion https://getsession.org/download 2. Add friend my id: 0549caf3190e21ab3fca15d5327aff676e9457fb96106964ecd394b69674abe301 Way3: Use email Email address [email protected] To ensure contact, it is best send message use three ways at the same time >>>> Warning! Do not DELETE or MODIFY any files, it can lead to recovery problems! >>>> Warning! If you do not pay the ransom we will attack your company repeatedly again!

Emails

[email protected]

URLs

https://www.girteka.eu

https://www.teleroute.com

https://www.nieddu.it

https://www.robustellitrasporti.it

https://www.matricardispa.com

https://www.monguzzitrasporti.it

https://logisica.com

https://itlmgroup.com

https://www.sogedim.it

https://www.dgftrans.it

https://www.garanteprivacy.it

https://signal.org/download/

https://getsession.org/download

Signatures

Renames multiple (5790) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\$Recycle.Bin\S-1-5-21-3920955164-3782810283-1225622749-1000\desktop.ini	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-3920955164-3782810283-1225622749-1000\desktop.ini	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs

pid	Process
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\TabTip32.exe.mui	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxSignature.p7x	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-256.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-400_contrast-white.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSIPC\en-us\msipc.dll.mui	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-oob.xrm-ms.u3faqlCea	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\it-it\PlayStore_icon.svg.u3faqlCea	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\RHP_icons.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Dismiss.scale-64.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Generic-Light.scale-400.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Audio\Skype_Notification.m4a	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNewNoteSmallTile.scale-125.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\161.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\SplashScreen.scale-100.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote.ini.u3faqlCea	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\css\main-selector.css	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\uk-ua\u3faqlCea.README.txt	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-il\ui-strings.js	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNotebookSmallTile.scale-100.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf.u3faqlCea	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SPRING\SPRING.ELM	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\TabTip32.exe.mui	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-40.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\DeleteToastQuickAction.scale-80.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailSmallTile.scale-400.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_targetsize-20.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSmallTile.scale-125.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\vlc.mo	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\es-es\ui-strings.js	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\A12_Spinner_int_2x.gif.u3faqlCea	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-96_altform-unplated_contrast-white.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\GameBar_LargeTile.scale-200.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-36_altform-unplated.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Date.targetsize-24_contrast-white.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-16_altform-lightunplated.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png.u3faqlCea	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\ICELAND.TXT	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\SearchEmail.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\u3faqlCea.README.txt	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\it-it\ui-strings.js.u3faqlCea	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\it-it\ui-strings.js	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\LibrarySquare150x150Logo.scale-200_contrast-white.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarSmallTile.scale-100.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarMediumTile.scale-400.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\A12_Spinner_2x.gif	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-72.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeAppList.scale-100_contrast-black.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageSmallTile.scale-150_contrast-black.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\StoreLogo.scale-125.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\NETWORK\THMBNAIL.PNG.u3faqlCea	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-oob.xrm-ms	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\msadc\en-US\msdaprsr.dll.mui.u3faqlCea	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ar-ae\u3faqlCea.README.txt	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\u3faqlCea.README.txt	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-36_contrast-white.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionLargeTile.scale-400.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\fr-fr\ui-strings.js.u3faqlCea	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_nb_135x40.svg	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\ja-jp\ui-strings.js	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\plugins\rhp\editpdf-tool-view.js	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\core_icons__retina_hiContrast_bow.png.u3faqlCea	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-white\MedTile.scale-125.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe

Modifies registry class 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\u3faqlCea\DefaultIcon\ = "C:\\ProgramData\\u3faqlCea.ico"	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.u3faqlCea	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.u3faqlCea\ = "u3faqlCea"	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\u3faqlCea\DefaultIcon	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\u3faqlCea	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4980	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

description	pid	Process
Token: SeAssignPrimaryTokenPrivilege	5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeBackupPrivilege	5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeDebugPrivilege	5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: 36	5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeImpersonatePrivilege	5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeIncBasePriorityPrivilege	5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeIncreaseQuotaPrivilege	5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: 33	5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeManageVolumePrivilege	5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeProfSingleProcessPrivilege	5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeRestorePrivilege	5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeSecurityPrivilege	5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeSystemProfilePrivilege	5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeTakeOwnershipPrivilege	5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeShutdownPrivilege	5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeDebugPrivilege	5472	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe

C:\Users\Admin\AppData\Local\Temp\a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
"C:\Users\Admin\AppData\Local\Temp\a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe"
1⤵
- Drops desktop.ini file(s)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5472

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\u3faqlCea.README.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:4980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3920955164-3782810283-1225622749-1000\YYYYYYYYYYY

Filesize
129B

MD5
15a8be1f19823818d5a2fff4918d6a21

SHA1
984419a67ba8be21a020ac3c6297056892cf064f

SHA256
d18e058817ec9f1f92448d04b548f4917729d364c7905e55ad655fc258f4c206

SHA512
62ac04ed5102bfd1a0cb7b5def7963fe4403aacf2658599053dcec9d917e18d316b8b764b80b9570ba1e9636b0d467f1a63a5375f9fe8dc08eed614e5968337c

Download Submit
C:\Program Files\Windows Defender\de-DE\EppManifest.dll.mui

Filesize
2KB

MD5
ebb0e0dbbcaf69c40e754b739f6df5ea

SHA1
53ee74d426a7fdb926fb48d66689520792a7746f

SHA256
849f9774540c462f71dac04635f025ef7e10498ac190b6fa8fb35e56d142d6fd

SHA512
72cf56aa12f74bd24604eea109cb72d20feba207dc2ca82847d9877ddd241ca5fdeddc2e60a662d508c98cbe52df62ba62f366d3a13d0e92d37c530c8d749f38

Download Submit
C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui

Filesize
60KB

MD5
71ede4f3fd24d28faf8de8772119a44c

SHA1
2b079f4b19f9f8ae151754d2c9b7aafabb11ef2d

SHA256
2aab8a0c5c43fd2b70f602d7caf49f41d991a7e2dc4ec822bee4667473889ea4

SHA512
a29b5d41d60464e4ef3b73b5676f6b393e434199135083f4af41a87e61d1bb2ed657476fa46edbd2224d355d51f5de85c1b47b07f9ebe847d6656c6268f92f0e

Download Submit
C:\Program Files\Windows Defender\es-ES\EppManifest.dll.mui

Filesize
3KB

MD5
7bba4097bb2afbb15b798a6f169fb380

SHA1
e69d3b5a047314cea0340b551b42aac44a2a8c57

SHA256
743c68dd08d248560c16308dd9878647e09702664ade9f41de1feac195c59623

SHA512
25d8f6b6565a18b9148d4d7a3e1294a7c68cf366f46fcf57562c680ad0da7b16e22918f32b4d8dc53058ae5728ec5b7047cda514ee2c587ab3286638db59e89d

Download Submit
C:\Program Files\Windows Defender\es-ES\MpAsDesc.dll.mui

Filesize
58KB

MD5
d393316f179b1e488153956e6e716ecf

SHA1
89a44362edef1b3980888455dd7b6ae7a2048a51

SHA256
fb922619dcd6e08af8d1af19c4e9f02270c8021a665d29fc72618f56b02e2618

SHA512
d545d22e6227a8c9aa8a867728a4fee2aa7fb4a10f4d0a1d668f8e193e157396c001fdca898feaccecc7c5b3281185652a6aad545f47887e7c30f00185632eef

Download Submit
C:\Program Files\Windows Defender\fr-FR\EppManifest.dll.mui

Filesize
3KB

MD5
0f8f595d2cab27140091fca550a919c4

SHA1
d9194585a71ecd6f046087e917b07373d1ad7a9d

SHA256
4a1e6048c89988cd6fe4cd3591d00fa6265230044a8d6c8beee0eaca17d14f8a

SHA512
4f05a7f31bac762a271294e4b09435749a70a63be57723da27ef9718b96bb4b572a568418d0587f70fd616b6191386d5b87be89868ec85dcdc2f860114dc340c

Download Submit
C:\Program Files\Windows Defender\fr-FR\MpAsDesc.dll.mui

Filesize
61KB

MD5
986e15fda4194f5d778304945ae623e3

SHA1
4bf1bf24a04dae94e2702123c5e94645170b1148

SHA256
a69717ed00c291eb7acd5edd01565240ecb1f6c993b50f04e907bf4cf182cf10

SHA512
76e446b08e3c68bc75cfb377af536897a8019d894cae9ef74b1e861df4a328b3059c997a208446fed80b4b11910b8d8c83466630f435d1af5108dcfa0b6fd78a

Download Submit
C:\Program Files\Windows Defender\it-IT\EppManifest.dll.mui

Filesize
2KB

MD5
82a0c874a92be8173cd7839a01a286f7

SHA1
dc7006c339ff7698dcdf89d8f6ece7783fdbc4d3

SHA256
ffb059e6992dfea3c4eab814a1eaafcf20be603407f0e32fd08158edad6d9d36

SHA512
5b162c672b188a4d69466d8219c86e2f0d86a40d42c94c98144cf20d2ead226c97054787fe30a29d8c89ab6836199c1706a48efddac015c524b763941e6825ea

Download Submit
C:\Program Files\Windows Defender\it-IT\MpAsDesc.dll.mui

Filesize
57KB

MD5
e1bc5afb652170e0b272d43436825ae3

SHA1
d7818bf9b386a0ccc82266f6f97674251bb573f4

SHA256
662369578454f95d2ff6caa419def6fa68b81ee2594e187843d72467b2741e09

SHA512
e5b59e86918dd18b21a6fe7ba6d39ae972358cc453621951212b62a4bb10e66c0aedf2d38ba2f291b03c14103a3b074b6cc943d31bc49138467b555f0d73c534

Download Submit
C:\Program Files\Windows Defender\ja-JP\EppManifest.dll.mui

Filesize
2KB

MD5
9aa93eb011205ec32d18f7464daf15ed

SHA1
084c3f8f2d93a8190919548df011a06ce91675d1

SHA256
9643074dc287b956c7e8a0971f37362f4ac3d5c73ebde6957aa29f8857d2161f

SHA512
c5e0b041053608aadd2628de1a75d9074fac6c5799e83578c9a7c602773576f1129d456cf0e68c85398e7744b553218a74d6caaa540c7e685ff67d4c655bdd53

Download Submit
C:\Program Files\Windows Defender\ja-JP\MpAsDesc.dll.mui

Filesize
31KB

MD5
9822c79e138047bc20d6d225a47a090d

SHA1
a4e6b22ef4d8070121e75b482b2a8b4ea8e8e048

SHA256
3788b70178ad5c358a3767dcdcd603a6177e231f6252ca2ca245177ae4e5c31e

SHA512
9319b4942038fe96266a405093f3a65486ea72f0996ffa964b7984910d1ed96e2dc715d9e9f6ba13afa97a338c4d22ff0a3557de1c3c363f3c7d04651998a9a1

Download Submit
C:\Program Files\Windows Defender\uk-UA\EppManifest.dll.mui

Filesize
3KB

MD5
fdbd3c9590aff7fa094f217b63744f51

SHA1
328926b42df8d764ab23e9e1b81c24eb90debdd6

SHA256
d5f419e237b0d52aea9dcb84e9c76a0262ee1f9b8c9b21fced7955e4f46db5fb

SHA512
6c55ebdd915c84bacbe2d19ed92b6f086199861bc1eb0f9a560bc2738a20e3b8ab650ca1d7aff8f3fe8287d153d40d0d03b25f480efc1772b0a670bf928afe36

Download Submit
C:\Program Files\Windows Defender\uk-UA\MpAsDesc.dll.mui

Filesize
56KB

MD5
ca4dd234dc1a616074270d2ac2d12607

SHA1
fff0fc32e3e5c68813010b4d29a8d0e6882dd544

SHA256
b6e3d901c7131d84511e77288c54986dbfed1b25f7512ce8cd60f6686646d361

SHA512
a88aefb8f32b35e431129f61e5cc761cd30467dfe82f71809b9361a38b760ddf26e223f5db04ea2b8274aa1a27f94e22c83c984a356edf87a78f08088037a0ab

Download Submit
C:\Program Files\Windows Media Player\de-DE\WMPMediaSharing.dll.mui

Filesize
3KB

MD5
4e9578edc6421b561cf61abdc934b741

SHA1
1b9261f8af8bd248ba732e4f558efc31ee750986

SHA256
c6e5d80447f4571273b1657d33717e2de0ef553ead2bde40a3a17126a3f95c72

SHA512
a1f2f034004600fbef72e2751f9f341b44a5c4c2d5f50bddd8990f4afa5b910c7789e0c2f293825e0f4b067ec34acf5079e2719f4f3e59b252b07e1c0bd78cbe

Download Submit
C:\Program Files\Windows Media Player\de-DE\mpvis.dll.mui

Filesize
3KB

MD5
391c5c96eb37dee1915f17a135c4630e

SHA1
375d252758e9cb3778372f3eb3db838ecc5c0b0f

SHA256
55a2cb278d48aa8873bd589725f383b8ef5538d8d6dbf20f1acf986873657cf0

SHA512
510919fa6a3cfde7cb48e3e0048303b2636bce9b577020414113d0d33ff4d8417e6f62c9ad9e066c9c3fc6baa243e236986b3d6d4d5c00d4adf35554b9e64aae

Download Submit
C:\Program Files\Windows Media Player\de-DE\setup_wm.exe.mui

Filesize
61KB

MD5
ccc8817290b0c168348740cf7ad72429

SHA1
9cd68c068a244fde77f47cab43cf5457a7aee837

SHA256
a4fe01bea867650edfb9801414d116697b8a11abe3db89775ea3e2289cdce91f

SHA512
989deb87afc127797f9b89fbae76c38679f4b3e4e25181f2db12a5a1a89b98834d1ceb916d736f1854d0f5b1bc36b56fffa0b6b74bbadd89f70f156f5c856761

Download Submit
C:\Program Files\Windows Media Player\de-DE\wmlaunch.exe.mui

Filesize
2KB

MD5
e8e123ecd826a25f25e0805ee247f3ea

SHA1
dcd2039dc30899d332e0ef6ff3394ef3aeafa68a

SHA256
c05c7d9f974642642c9d31530920941f02d6a09ecc81e9c7480e8f4e2b630d5c

SHA512
064584232ed3fe9ed9972c5b6e1be2a2af13004dce79796b11ca4efffc41d388171be752415bed694d611c6b8444adace48130276554f1f1226fb5116b56e218

Download Submit
C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui

Filesize
3KB

MD5
b9fdcdd9ee3f53528281a9ea64f30376

SHA1
69cafdf180d14c0f3d4c773943ea2fa2a105989f

SHA256
ec12a42090488215602c49e68a4c1c39516f4d286469665e7e385a9f2855393a

SHA512
1eccb07509b98e6ed209306815274d4f4f31f988ac332e8d67292317db0d26dfbe5beab6ca7d07e4a3a204ad189cbbd421f185cc872dcca74becb8d18fd49b32

Download Submit
C:\Program Files\Windows Media Player\de-DE\wmpnssci.dll.mui

Filesize
4KB

MD5
c6af6cc30dade7f23a90e51e19b64ebc

SHA1
2fb44d3895d03076354ba33c1cc0ef1f7810913a

SHA256
1255d6ebb4cca929ebecb21b5cd7e325351045071568b847264703c809958446

SHA512
dd59c065441a6352322a76cf2e7fb7449aa1c83e10d9283418c87ca918700e9201880df932526382010bfc4a711e1e01bf7cf6d72db1ced7596e63ccb41641fc

Download Submit
C:\Program Files\Windows Media Player\de-DE\wmpnssui.dll.mui

Filesize
3KB

MD5
b2930da8c462e4b6dcce4f7c0407b889

SHA1
14f1a3fa84dba91c670e40e65ec35410de1f5034

SHA256
227c585fc5e05b51536ae8ff739836f9032909940723105a45f653e2e983e813

SHA512
868bafcf774c059449c8c13e8f65e5489bcbdd2b79b21d982c83eeee5356a2382c860565bd004b7aef05d4de85dc92c5ebed32f9c52934c0e909bdebfaad5491

Download Submit
C:\Program Files\Windows Media Player\en-US\WMPMediaSharing.dll.mui

Filesize
3KB

MD5
f61baf8897a4baa31edf515d1bad6b31

SHA1
5c79ffb2c9cf9da7fd45d28d52afc3729024f7c4

SHA256
a3ed5a09bd13340e24b85c0bbb11ec80483dc40f6e42e3f6ff7cbff11bb891d6

SHA512
4ec0121694f08158ab38caae18503ba68f6ba91971df9ca4a4c23dbf76c00d52210f778f7d99e8c9d626dd31d8e9cfb77638b4490a9ec8cacf23a39de2d5f3f5

Download Submit
C:\Program Files\Windows Media Player\en-US\mpvis.dll.mui

Filesize
3KB

MD5
97833df6896f6df750202784d3a0b03d

SHA1
eb8ac59940918668bc39b91a691ea609280ebdcd

SHA256
f9b7f05be8609318938e37f7948ccb4c3940e9741730541cee49f8d40fb1893c

SHA512
af0cf6165e2f2897ecc00c7acd6a518dc0161e1fa9531ab548508045357147cab8642bdb61e62f3574659c175fda3cb8a8a00876d313b5901493c9891e52274c

Download Submit
C:\Program Files\Windows Media Player\en-US\setup_wm.exe.mui

Filesize
53KB

MD5
3fccd8695382cf6a994118c7d742005d

SHA1
e1465f22c821527c123c4742b6619dc00969ce7d

SHA256
1c192803be41597b245a28365110ac27747466a2760d0ee3d66d603751df3cbb

SHA512
4cb1cd90298efa962442cf7202ad0b467315096bc6b1a88e24e761a457f85e8f6c7e3f457df7640d0fca6899c53b60ae89efc7860a95c1b49f8eb37e19ca883a

Download Submit
C:\Program Files\Windows Media Player\en-US\wmplayer.exe.mui

Filesize
3KB

MD5
23bdf940717d87f7551f3ecae836a1b8

SHA1
066feb34c4e5152916f5db7e18cd96c65989b7aa

SHA256
3a44cddef6848acccaad9d6be66efc2f544ad779ae71b824811af4f69da7071b

SHA512
dcbf377d30795dc9005acd05d77bc7f2bd3a605379e6cf4b2d89bd09302924506f5499e37d396a9cf88abf7c388b393cdbde93b8613b447a8ec098d38050797d

Download Submit
C:\Program Files\Windows Media Player\en-US\wmpnssci.dll.mui

Filesize
4KB

MD5
d16e459f61b9814cad021241d5877a57

SHA1
1e6d872190ad412ddfff0c3e014763d2a441d2b2

SHA256
3a57bcf27a3cf9ea9c0da1ed10a7fbc81353b2e52c131669496fdc94f2c758bc

SHA512
85e7d65aea46723de05aadb664da14eece47b7d2a58f1dbfc84027e3754c66c8ea4aa6c6020e692302000ca2b7e19c67db2c9a1fd3314da987b3c96d67cc984d

Download Submit
C:\Program Files\Windows Media Player\en-US\wmpnssui.dll.mui

Filesize
3KB

MD5
eafe57e49148a270d4829b627a024639

SHA1
30fb0e918cca36a58c0382cdda41eb6fb0144ed7

SHA256
ffc55a793bb44c05ef118cfce88b464b84d5bd2c51b6ed6f8e6a472f2d27a3be

SHA512
6c97f751cddc620167762c9892967917cb5a27745ad6362b98a415fdcd1df9b3c70b79308ed088e6c8da8acd3711a7d05eb8be04bf50abb70526202aa09ac5d7

Download Submit
C:\Program Files\Windows Media Player\es-ES\WMPMediaSharing.dll.mui

Filesize
3KB

MD5
271c0ddb5aa5ab0b8abe1e3b06fbfbee

SHA1
b297c384cd9f48f9f86c979a0f9665dfb57aa636

SHA256
430d918ec8be77832c29384107a839aeec8a03069ae676ab0aa812865284a6c6

SHA512
470502abb5e0ff590631b52151b0b4dda9e8bdbe89f9473ca35335ba32346109bdf35ab7a7366ccba5106bd1a5d6291aa412b995247c51ffd556c762071a4a6c

Download Submit
C:\Program Files\Windows Media Player\es-ES\mpvis.dll.mui

Filesize
3KB

MD5
0c2bd6fb3eaabc686dacf83dee5bf7f9

SHA1
87092b4a8b4414932b3211d5883cc17180811e0e

SHA256
ff84e43d6258e4bdaee8fdb2a0ac298bbbe54882b1b46561756ff6383f7f8f49

SHA512
327d583beb5e948bb0acea7533556f26e01edb2c47a0f090556e66e4196ebbdddad8f4d4b669e7ebe00b21b18a1cedd766f8b46d110bfb40ccaef1b0b18670e4

Download Submit
C:\Program Files\Windows Media Player\es-ES\setup_wm.exe.mui

Filesize
62KB

MD5
2c72b4c4a8592162dfe56368531e6a11

SHA1
5df1ac3d31d7ec0a38f6c5144801fe39421a8023

SHA256
89d4be20ec875f8754eeaf5d638b3ffa9ecadfd9c6a38ac24b59330e5e7ea7c4

SHA512
dcf8e0f6391ae820773a4f81814bf68e5e4c528bc637a533114addfa3c1e8d8eeba80a8f32b967f62b88b3a028ddab14cc2b5502fe335b40672f3524af6fd024

Download Submit
C:\Program Files\Windows Media Player\es-ES\wmlaunch.exe.mui

Filesize
2KB

MD5
ef43f8a34ebb95a707140d6f4457ec16

SHA1
a917cadef8db531db6d863f34302845acc46c8fb

SHA256
655572b43ab347bf3d2d7fb30d20573bcbd883313550356f036886288e01ed7d

SHA512
7132bc4eac60ad6f79410f0267fe213e591f971d59dc78d2a22fef07725a62cd1fbb6e09767555abd8401ace8b4d3c48248b9cf9da9c39364b4964de4b1bbcab

Download Submit
C:\Program Files\Windows Media Player\es-ES\wmplayer.exe.mui

Filesize
3KB

MD5
522909ea999fcc27a2d8129f64a76f5e

SHA1
c75d1b9e03f18f8dbd56054e37ddd3581657b75d

SHA256
2e1f037e90b74f85db1eaaaee3b5ff58a77a759b8a0ade4b572d447ecb21d885

SHA512
c2720bcad3ae95782b3e2c8ff84f3d9554512da71a2358eb7febd73e029b29bf20cad0b2100b3122a07b666a871aa3144f16a030f624aeffccd01c89638a3beb

Download Submit
C:\Program Files\Windows Media Player\es-ES\wmpnssci.dll.mui

Filesize
4KB

MD5
43ee1f75e9b10e80a990263d5cce1d28

SHA1
271ea6fb91ba9e7284e2ccc12b97947ab4db4b98

SHA256
372f9e682678d3c0d596b062f490a9328ba78dfd40c173f719c6d1cd5b6cbaca

SHA512
501542eb112b324ab3b323224812935f59715fd1d22fd4324226e6181646eb05581322bc7ea3ab7e8a979bc02a377315fcd77a020bd7909f6b9e03bdd616448a

Download Submit
C:\Program Files\Windows Media Player\es-ES\wmpnssui.dll.mui

Filesize
3KB

MD5
4c687413162ee9831707c8c406876df0

SHA1
b4020da800ab7d981f7e94ce3083a4c7986e0b0e

SHA256
0424ab3b53a341bb7ee79099a2c3b83f7651e4f93f57e06943a7d2760642fe27

SHA512
640bde04da5710140ee9dfa8cbbb3c8c4f90fd864246844f82ec94b4f0cecf61ecedf688642ed4f40baea333aae538e3c7c33b3c29972ee6457a3ece72d24b2d

Download Submit
C:\Program Files\Windows Media Player\fr-FR\WMPMediaSharing.dll.mui

Filesize
3KB

MD5
e2b990b3fe344d159cbfc8984ab90d5c

SHA1
cedcd4a31e0df06e27e041f150d7e7a589aee0ea

SHA256
f7d9edb0810a4189290be103ec61adf961325ded61faf80c5b703c5957a855f3

SHA512
f66b7dbce03b2b8a9e9bacdf4e9208d5bbfb5ea94ef1f025d62f5bde2089d9c849325c9b0d27706fc5ae9256fd8e48d5dc7e6fafdae25a59cfcbcc1e73535d66

Download Submit
C:\Program Files\Windows Media Player\fr-FR\mpvis.dll.mui

Filesize
3KB

MD5
ba38fb7a7c4f4bd01a2b2f2cff6be2b4

SHA1
b200b675cfd5f818bfb5acf694eb55eeca751acb

SHA256
ca0ac4f38f6af72445b4acc70ed4aaebdcc6d6d8fb1ed9b6a1c8e5bf7e1ee33f

SHA512
ebed2145e8ed42db1382919163650e92d7de3027b6d25e7a3338c064f1ef9123dfac16b9bdc1d0754341cc7fd43cc810e3166843e2b0ff2d8ebc9c360ba1fe29

Download Submit
C:\Program Files\Windows Media Player\fr-FR\setup_wm.exe.mui

Filesize
63KB

MD5
86ec5e4f715f8724fdf9b01d5a703276

SHA1
729d3f8f2d6e6223c8e66b8e04bb97649dcc8c07

SHA256
a082280c815c730130ef36328a3fd2ea7f8fcf4bca6fc5ab67bc653293869dbd

SHA512
65f575e38965b55f80e38ca3058b4ccf18e20e1f43c96075ffd0093354e0ac105a50098863dd6d7f8fa599cbee1d0f0aa1ea7eb2b831e5670eb918d94d9067ef

Download Submit
C:\Program Files\Windows Media Player\fr-FR\wmlaunch.exe.mui

Filesize
2KB

MD5
283543d893e00988d22e6450c02d2b0d

SHA1
3e6592e8f7690ad59a4afef42a0ab63424e3f4e0

SHA256
289d1dc147ec3dca76dd3f5f14a1d1364d693fe82a7e65375d650b2a54198c26

SHA512
fac27737ceef77d6f5b7e5675b067839f76e4fb7fe06147c19ac506b4ba8b62002dc0d4c8e20d31a199984b44d9e8cc9581b491ff135efa25e6bd3e2a15def89

Download Submit
C:\Program Files\Windows Media Player\fr-FR\wmplayer.exe.mui

Filesize
3KB

MD5
21f82a1cf7295a04f78e21f6edf94f4a

SHA1
a064dbed7ecc3e8e4e300b06e1cb787d2be04b03

SHA256
54df93a17d8674e62e9d705d4959f533afa2cd7ac05d32a74c29e38bf987facd

SHA512
bd81a2974660596990ffbdf4fc01d34dcf24c4f70362bf3769b73cbcac449f5f79adf0ccd96662987c84864dc826a4422fc0d92d1f128f1b0860486253159973

Download Submit
C:\Program Files\Windows Media Player\fr-FR\wmpnssci.dll.mui

Filesize
4KB

MD5
9d36d90393e61e0ef5f0e6f4f0a74f4e

SHA1
f8ddb61e2f13e31ee858be7b419e84509aec3366

SHA256
6ab47beedb0165b354a04148fd98fb3beff617508363f07e42a085502c8ae11c

SHA512
2f62fb6b8eced029656e95d5601c0f75c24e71d368fa4d493e9a7aaeb3748d54ccc938dd2980936b3974f17b03bbb36b2a138e4b4b8ee156cfd12e4579706ef8

Download Submit
C:\Program Files\Windows Media Player\fr-FR\wmpnssui.dll.mui

Filesize
3KB

MD5
83b07a3d4e4a82ed553c3dfe7b78c3bf

SHA1
33be1c0c5044431798f8ea9e77d1a5711a8b89fc

SHA256
6c1047081b3c4de3d587f0559c96af64e9e7d00fd66d09aeca2b51d27654ac9a

SHA512
4f3fe82ec90cc9218c4fe989b506a17a405d39c52a2ef721848124c161a7fa0a7453b5664ebb9f85c8c208c16c7d412a42141b53d61aa6ea21e07df6083a067c

Download Submit
C:\Program Files\Windows Media Player\it-IT\WMPMediaSharing.dll.mui

Filesize
3KB

MD5
954a7cf9923bbbd819bbd5f63c698f9e

SHA1
907437c7c0fb57f44a72c3839810a98ea14934f5

SHA256
1f9f5c292a9957433ae389c3800148932ac342200eea4cdc0d35be45e97cc178

SHA512
4ce9d48eedbc2bf45931b02fd837464be003c4679216f5eecc92d1aabd360b955214317f55033472b92300765731ca65de7495d451588dc0fefc912d56ba05c0

Download Submit
C:\Program Files\Windows Media Player\it-IT\mpvis.dll.mui

Filesize
3KB

MD5
51ac240bd047d928195d45bcfd3e0552

SHA1
44c66a4414e6d1f48f78246445cc91c5bb5db98b

SHA256
e1a13ae751bba4827785bdbf16e1ef36aff7a4e25247c46b89c3f9f4f05c65a8

SHA512
26fb5ca40f6135f00058265901f7118c0dc7bd75ca0e496886af83a793168a17d7e5b1b9ddbf18f6ec7f9c1ca55fcec9a2699389c316ff4b739be6524f419619

Download Submit
C:\Program Files\Windows Media Player\it-IT\setup_wm.exe.mui

Filesize
61KB

MD5
a20f733bc368522a65a1e4dc9720dbae

SHA1
42fbde42f07c9c537e5553bfd9d0eaf939962414

SHA256
ff7181a9dfeb75abcf6f791a93215a0344b6e64a11e4e8cae03e8456d9a7fad6

SHA512
3fb9b5ffa17c5cfbebb38f0a03e16ac9d752d05875bd39bf55896f1c711aff857b355169ea95783b7f9c3288deb466cf471f6e86c770b0b04b177b72fa8d07ee

Download Submit
C:\Program Files\Windows Media Player\it-IT\wmlaunch.exe.mui

Filesize
2KB

MD5
f5d99afb0f4733c4df256a7b1ced9692

SHA1
873ee19696fd53c886984707abcd65ebb3d0ebbf

SHA256
9c21aa9af1bc86841d23516deb10b598445d2bdc7620c31025dce19bd36dc4ea

SHA512
bd2e987050515f420140db3b387eda6251a585d9c9df916101567a40dc7081688a76d7504c85ac559d0c21fe1c65d0e155f084e226e3565fd92384ff60b95732

Download Submit
C:\Program Files\Windows Media Player\it-IT\wmplayer.exe.mui

Filesize
3KB

MD5
0dd7a6d4e5769c6fcfe0d5eb48b77115

SHA1
a03dc2c280a73a80c85ae61c269cc9a3eb7c126c

SHA256
07f4132c7dc6d6bf46af83a7fd1f3a3b9430222ce007b1ab58e8ba69e51f0cdb

SHA512
d4fcfd29970f3762d4cee499727baa141e6ebe4f5b408d15e435fad0193bf588d2612b0cb4db4af5764c19148bf70e2964d24e1cb47d2bca4fcf686e5e8561d1

Download Submit
C:\Program Files\Windows Media Player\it-IT\wmpnssci.dll.mui

Filesize
4KB

MD5
523fec42fca795c62768802a190ef497

SHA1
539da4202c96379cda179da0a98457123a2e28da

SHA256
716d0f611550582b62ebb12f08d776507c2fb39de8510df59e11dfdf85007d18

SHA512
a5e8b835287e798629889c1942d065224eb4a1c2533cbca776789dcb544cf6454cb475112744233823cc544cf7af0b9467acfa6d382c7dbd9e495c2cb0a8c057

Download Submit
C:\Program Files\Windows Media Player\it-IT\wmpnssui.dll.mui

Filesize
3KB

MD5
c99882229f20eed04a2cbe3b54b05fcb

SHA1
6e93174a44c8732e3188349bc4a1ae65221055ff

SHA256
8b3031aa52488381f44db1174a7d29f82ac2905b4ea00acf63afd31515bd828c

SHA512
4265e284f47a98b53f839e3b9ed964a0bc8608151f56d4296f168c826ac626a89b42b49e4522575bed0c1197dc54a16ca93c21e1dcb42ea4ab794355fb6381c1

Download Submit
C:\Program Files\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui

Filesize
3KB

MD5
2dea8db57c269a50872b718ac0bc7baf

SHA1
cf24f6a9416f58ef60533f0873d8837bf0162915

SHA256
ea47fec97009154a10a5fa85b5b6f3bc0d0b474c913491964d7da61ec59376c9

SHA512
b31c96c4288fc4092610e8336e2509e97f857b37ec2114bfc11234ca2280214dbb4cfbedb96942c84d304872638c84b7414cf989dbd0a02c27cdaada8daf10a2

Download Submit
C:\Program Files\Windows Media Player\ja-JP\mpvis.dll.mui

Filesize
3KB

MD5
be8f9dc8e5a5a200d3e52846202c3442

SHA1
d33c4e246e712b45d0194038c9177d4ed8afdd2b

SHA256
3224f0eb482221b7b131474c0bff7f372247b4bcd0983ad9b866fae931f092e4

SHA512
c1362ea6d6095b4fbb5b6039b424710b788874495d6609855d153e192ff43943a570e1fcc33714f2a8f6d663f691358045cfa7df59cdb539211013520559e5ba

Download Submit
C:\Program Files\Windows Media Player\ja-JP\setup_wm.exe.mui

Filesize
40KB

MD5
e2ab14752aacbc3e282f1966d0732de2

SHA1
44b4d7ef31c503230144daf3eb7d14952221fde3

SHA256
e9e1e7a3bce3ba00abe2922fd164025bc75eaeb5f7db0f51d15803f74bc20f37

SHA512
b51ce1b4f1184264c461cafe92be6b8453f923bc42e4a3de6b0e702e9ebedf1f1fa8e6271f7f97bbb398ea6b1f95aaf08bee78e3033a25cc8065fa2e42d75ec3

Download Submit
C:\Program Files\Windows Media Player\ja-JP\wmlaunch.exe.mui

Filesize
2KB

MD5
2ea3d428989c66273cd61cfd2a03b188

SHA1
ded2e9f2454b1af23cc195fd6a9aa55d78fa89de

SHA256
8de70e76696462947ee890f447cf3146a9945cd9bda0c184c6804e35bc4de4d4

SHA512
bea8067e9b160c73ad2555a1111298909bc6f17e42e7decb6544383e8df29f6efeed1adcfb7573801ce8a58f559d82cfb494bd4673f91ad63d4f6197f4203a39

Download Submit
C:\Program Files\Windows Media Player\ja-JP\wmplayer.exe.mui

Filesize
3KB

MD5
19af647e759be78d3a5e5280b07e82a7

SHA1
529bc442cf0f674757d543f9bbba7b5cddfd2738

SHA256
51a6f476be497f404343972ed307c7382aef5f7091290be97b9a1db7f0a24e22

SHA512
6ad2e793fc7456c41a642ad4e1bc12b57aa9ef5895146aa6a6c25cef919a4f1a228e434a2cfcd82358413cfbbdfe6bba2c5bb97316d073bbe157e51d55361021

Download Submit
C:\Program Files\Windows Media Player\ja-JP\wmpnssci.dll.mui

Filesize
4KB

MD5
859b165b8188ebd3eba19246f0237b49

SHA1
d95b154d64160ade161a754dad8cefb7ff139985

SHA256
6964917fa0f53c6a76de488aea5a49c969106d94c34cea34720dce2ba0c5bf0c

SHA512
afef491fa7beb5bd9836068a0b38168bfd63af71160e7ec5e069a3ee959f60bc4b8f455835f6c532f55f24ef1c2e3e7c029797168b0ffe95760c20149252b61d

Download Submit
C:\Program Files\Windows Media Player\ja-JP\wmpnssui.dll.mui

Filesize
3KB

MD5
05e348f5559ec2e00a03e5a8d9b5e9d1

SHA1
9f945f6505b7e85699dc3003e5b8f8633340dd58

SHA256
e86ad9f12d16dcace0ed2027caab03f360f068541b46313ff1de9bc2640456f4

SHA512
1053d1ad8b1a40a7707a551a5ffd8939fb346a2bfd331b38dd642cc82c76036acbeb99fa561153e4f565ccc8850afd6b6263af49dbbb445faec546aaf8510a0e

Download Submit
C:\Program Files\Windows Media Player\uk-UA\mpvis.dll.mui

Filesize
3KB

MD5
e5cd61ea620afdf95800a990f542a0b3

SHA1
46fca45d2c57846a60b636bec8af591c8e9bc585

SHA256
294f91041e5605ca190caeb109ca41104a0223988cdf48d5f604b3daefac04de

SHA512
a7d04e1eb74fca09592a0bdbe5837e4d194c87cea5690b2118a7f02e2fa9c1edf0cc1d3e5faef54bf6d16634f2217b5c893b906ec053d5985c283c40dac2ee17

Download Submit
C:\Program Files\Windows Media Player\uk-UA\setup_wm.exe.mui

Filesize
56KB

MD5
3dd7fae7554246f1e2ba30a1ff6f003e

SHA1
14947392204cb60db32da39476699553707b4bdf

SHA256
faddf85771b7db137e87932dea524746a0a1e169d41f7eb7b534e6526b2d440d

SHA512
157b14ee6b5a512e4cce5bdb1eaf664ee0ad7de7ad0eea6d5e0c2c52d91e48ed7819c3934506378ccb1c70c7a91f11712de844bf05c49919d66c4a39dc2eee18

Download Submit
C:\Program Files\Windows Media Player\uk-UA\wmlaunch.exe.mui

Filesize
2KB

MD5
419361ed0431ba2d1a75158090d4aa20

SHA1
b254f31b3630713554a2b338bd99cc787c1ac214

SHA256
3f29feec37e9015e7cd7a7a01dc213c2f64a075f9c06ed000fb4b18af0d3e41f

SHA512
e1ef2597b16b369af0322ba719968bdd00da8e1a69467d303b751434ff83df7750f5a6cb37f99058f471e88e410be03fc858219542027f09f76dd4f16f6e469e

Download Submit
C:\Program Files\Windows Media Player\uk-UA\wmplayer.exe.mui

Filesize
3KB

MD5
364cc22e84b63f90b4573bfbf0d367d0

SHA1
9ab3c18cd685a6d261dbba190ffdf137c35628c4

SHA256
5e1dc9b1d3fc9b42cb090b135e2e21407d4b7bca12bc79ea62030389fb186f91

SHA512
0ca4ca67f47b333b2b6622d8c72077a907e1de3cbfc1604c64445517a62cfdf5dbd88bc380c69eedbc3e8c73950732c41d872c27c451d29a8b834e6db3ad60e0

Download Submit
C:\Program Files\Windows Media Player\uk-UA\wmpnssci.dll.mui

Filesize
4KB

MD5
4cf4b1068fcc53767cb50b18a42faea3

SHA1
ead67738d6b535cf220976a9123e667eb7c1c8b3

SHA256
6044850bab51845fc8ad0b309299fe7850f85a3e6e8f2b646efa40f7b83e1996

SHA512
2608355c3af97e882a78f076ccab4964562e35925b59ca3a12bdb99f200572dce9df21fe8d0e15dd2b07b8e1f980eab50b3d32a38ef531d8ded22a634c7be445

Download Submit
C:\Program Files\Windows Media Player\uk-UA\wmpnssui.dll.mui

Filesize
3KB

MD5
1167d71449b946ad7e838488f2a54333

SHA1
2db9f01f9651e054090a0b13e25a9ae1f283377a

SHA256
6d66abb2a3d608561af221502262d51ea5e723bf6f10986a30f0522f550fcc0f

SHA512
5afe484db10ea96839b276959723751c37d186a69363eaadbe07902ab28474109cf3000d8b988ad7e55a8e8efe6448203e552544e0a262a80317b77adbd59ab5

Download Submit
C:\Program Files\Windows NT\Accessories\en-US\wordpad.exe.mui

Filesize
49KB

MD5
1814fa374156f7e9ce954d550e28a0ab

SHA1
9ba6af11b8bf31a3d1b6a6995cc850582088bde4

SHA256
f508fbe7cc449a319e23b9003ddde4e36049e2bfb27f58beb44041fec90ea9c8

SHA512
2a4e7ec0b0271f313ae415654590687de9e97c3b15f74c598344595fd9edf5dcb8c34d81b0c914c3d583897357c18b1696872d76b497a615baf4cdb3b685f20a

Download Submit
C:\Program Files\Windows NT\TableTextService\en-US\TableTextService.dll.mui

Filesize
8KB

MD5
04c87482ed786d0a7bb6973285b2fbc2

SHA1
77d48cb855dbc36bd0b64417458b1f7f0a5e310f

SHA256
ec89e1511417dec59fd76f6cfc4279fb2c2775c24c2cdef72a8f43c6b3652174

SHA512
10a360604afb63039b59e4089d505ade60234afa508677046b44f9db516c9d2915c00d940d195018834fc79e57561614625d92ae8f75ad814743d08180779ecf

Download Submit
C:\Program Files\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui

Filesize
18KB

MD5
6a3df3c48ede55b7db844ef47cbe31c3

SHA1
a3716d0f166c91e904b3a66df2b2eac07814b922

SHA256
4a15b684305be5e213611f23df91c04de64bacc3294fde71f89bfc475f22affe

SHA512
8938aacc5a7d763c8b8dd343e8073b41f1a6d86245cc7a7964262b3cc1bf8fcab7c19fbbfb1f9dcaee9efe6857c92a8fd46bb0d3700791bd4a07fd7383b4b202

Download Submit
C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui

Filesize
16KB

MD5
98ef6a06da9915980e6d44a9ca141d40

SHA1
b6f638c0ce473587b618f8752246321735161bb5

SHA256
aed4ae113eaeb7e0cfcb906a8c56cc88f4fa1715f317666e9060ab090ebb8f82

SHA512
82f88b78976a4cf2445fd3a49373fa47a1ea8a7a0c68a6f5a5e18c1a331094b1bdfbd7ca6e054135fe966df971598f6cd4142d011312f2a89d8168420e95300e

Download Submit
C:\Program Files\Windows Photo Viewer\es-ES\PhotoViewer.dll.mui

Filesize
18KB

MD5
8f5866705d15a51a6b5fbf71d0c4906c

SHA1
fdca5dd09eca01633d4bb93f116b11980fb9d99c

SHA256
a552fef54b8a29d148dcb8626f2ffded1183876ec1f92f84b87264f82286b90b

SHA512
b78e6598e2de888bc4aadf0ccd6efee86a12f0ec214b3332af27872eb2f2c270d67ce44fa60b39e6409ea4d0bcc0c7bac622e5e13f60d75420a3a3997edd81f8

Download Submit
C:\Program Files\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui

Filesize
19KB

MD5
8be7bbf57b5904c06244c6423afee4c0

SHA1
5988e4656be0007df04b8294d5cfea95e050e0de

SHA256
2fc4913174fafae15dcf08b36383f5d49f49731bae9c5b35a470ad1af2d8b5c9

SHA512
6ae7e31bcdfcfdfb54411af8108fd11c3fa8e3b4b2a787692b855ad3573f34604e9bae0dfcdfe142e4a50f0c82d54e9ce04d29d0dcb7505247e5b9435a1508e9

Download Submit
C:\Program Files\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui

Filesize
18KB

MD5
220d6cbf064ae5c277ab8a851356a775

SHA1
11ba3e0d39ba1780555bd5107f3053b8dc821781

SHA256
26a17dddd6f8c7b67963154340a05fec0a6e00cb8ae14b544fbb9e2a5f8f4a94

SHA512
199bb7d76ebc3ce6f40ebc44fe88aa87a5a9e91b71c9fe48f8f2945d15c9bcb62b351edb02ecfc45f62f8a532a5f5ca17c000d268b7ddd64c466b90f9218485d

Download Submit
C:\Program Files\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui

Filesize
11KB

MD5
f78df0686803bd9f5dd532dd22576d43

SHA1
d2d2623aed472d15beb9db1b27747b2a6837cb31

SHA256
6a6ae7f81fbd854baf16f7faa97a1968b54ce372c55d4b0c82bfd74d9f3bc2b8

SHA512
bf05046fdf9c0b832c2675e2fcec42ef5205650e4a97f82bf68a128dc6589fcae11329e44438692ec5531ef39697f46f311b0d5a11e8f44a027c4dbf5b91b438

Download Submit
C:\Program Files\Windows Photo Viewer\uk-UA\PhotoViewer.dll.mui

Filesize
17KB

MD5
2579a65dc72d7f5679d63219fcf896e1

SHA1
6bff853bf87ec43c8aa7f09c1d7c88ba41b2e91b

SHA256
f6196429ba47f4b2c2b75dfbeac43f527b4b216232eb704c9654d2b42e21e2b7

SHA512
70e811739f0fa8134ac8463c355e63644148c17e350b1cbd0e1c79a490fdf7e10acbce70576d0696980f1064b566f0abd2c8e1862583f985e280050ccfd3bc7a

Download Submit
C:\Users\u3faqlCea.README.txt

Filesize
2KB

MD5
32337f1c40e178e439082c86dd90dee7

SHA1
247ebdfaf0bc8c932263a11832eccbb7df72c608

SHA256
8af938a1bd9e5506b3f6497a2c2a0c0dfbb4968aa2b6878ec5e3d08a547a1bef

SHA512
ca35fd2e4189b3e0de35a47416787538aedcaccd3f6d2b31bff46d67f4072a3000945c444ac7fc143eccb649ef8038aef3190049d14714a0ef2051f9494c23cb

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3920955164-3782810283-1225622749-1000\DDDDDDDDDDD

Filesize
129B

MD5
11bc497f840395e35d317f4e538c9281

SHA1
c908b8dfdfde428b398e99f72022f008e8a46e69

SHA256
7dc442f96e089ebed0129a495aa9487dfc1363b283c38538614c88c9569cf7d6

SHA512
87ad72bba1d3f4ce87c9f5268bd7fd9b17051803552572349409f12807afb6e397db882502d05115c10bac7beaeb0cb8b95b35fa78e955fca7ba667c8bb91a00

Download Submit
memory/5472-1-0x0000000003220000-0x0000000003230000-memory.dmp

Filesize
64KB

Download
memory/5472-10562-0x0000000003220000-0x0000000003230000-memory.dmp

Filesize
64KB

Download
memory/5472-9348-0x0000000003220000-0x0000000003230000-memory.dmp

Filesize
64KB

Download
memory/5472-8448-0x0000000003220000-0x0000000003230000-memory.dmp

Filesize
64KB

Download
memory/5472-2-0x0000000003220000-0x0000000003230000-memory.dmp

Filesize
64KB

Download
memory/5472-0-0x0000000003220000-0x0000000003230000-memory.dmp

Filesize
64KB

Download