090580569f47c90376e9cdfae15b493939241c57600727b57fdf56a8606d06c5

Analysis

max time kernel
105s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2025, 06:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Size

149KB
MD5

7f040e7be2a5085703fe895d0625c925
SHA1

0be799d98e6719bfe594fb502e012e173bc0bfea
SHA256

a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2
SHA512

746b5b8b1c62e8e500e5d91fabb8c7a9ddae5a47440eb04babfc8a7a39dca89f51c2d846b5bc1993217c1dc7f8f6f9b2aa29b42b6a59c3fa5357cf48f020cfd1
SSDEEP

3072:+6glyuxE4GsUPnliByocWep9/PCTgLbvI1:+6gDBGpvEByocWebPAgLDI1

Score

10^/10

defense_evasion discovery ransomware spyware stealer

Malware Config

Extracted

Path

C:\u3faqlCea.README.txt

Ransom Note

~~~ To Dear Rota Trasporti Team ~~~ >>>> Your data are stolen and encrypted We encrypted and stole your documents, emails, and databases. We have viewed your email data in MailStore and can find all your customer information and customer needs. And we found some companies in Italy that do the same business as yours, including but not limited to the following companies: 1. https://www.girteka.eu 2. https://www.teleroute.com 3. https://www.nieddu.it 4. https://www.robustellitrasporti.it 5. https://www.matricardispa.com 6. https://www.monguzzitrasporti.it 7. https://logisica.com 8. https://itlmgroup.com 9. https://www.sogedim.it 10. https://www.dgftrans.it If you do not contact us and accept the negotiation, we will sending download links of your data to both your customers and competitors for free. And will report the information of users you do not care about at https://www.garanteprivacy.it. >>>> What are the benefits of working with us? Network security is important, and you can consider this experience as a paid security test, we will help you point out your network security risks. Our ransom is much lower than other ransomware, it is even lower than the price you pay for a security company to do security testing. This amount of money is nothing compared to the fines of privacy protection laws and customer trust. >>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete your data. Life is too short to be sad. Be not sad, money, it is only paper. If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. Therefore to us our reputation is very important. We attack the companies worldwide and there is no dissatisfied victim after payment. >>>> You need to contact us with your personal DECRYPTION ID: 055CF6F4EC4B6BE3DBC819AE6F27CFFA >>>> To contact us: Way1: Use signal (suggestion) 1. Download Getsesion https://signal.org/download/ 2. Add friend username: aleen.29 Way2: Use session (suggestion) 1. Download Getsesion https://getsession.org/download 2. Add friend my id: 0549caf3190e21ab3fca15d5327aff676e9457fb96106964ecd394b69674abe301 Way3: Use email Email address [email protected] To ensure contact, it is best send message use three ways at the same time >>>> Warning! Do not DELETE or MODIFY any files, it can lead to recovery problems! >>>> Warning! If you do not pay the ransom we will attack your company repeatedly again!

Emails

[email protected]

URLs

https://www.girteka.eu

https://www.teleroute.com

https://www.nieddu.it

https://www.robustellitrasporti.it

https://www.matricardispa.com

https://www.monguzzitrasporti.it

https://logisica.com

https://itlmgroup.com

https://www.sogedim.it

https://www.dgftrans.it

https://www.garanteprivacy.it

https://signal.org/download/

https://getsession.org/download

Signatures

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE is not expected to spawn this process	1884	6136	OfficeC2RClient.exe	104

Renames multiple (7664) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000\Control Panel\International\Geo\Nation	E33D.tmp

Deletes itself 1 IoCs

pid	Process
552	E33D.tmp

Executes dropped EXE 1 IoCs

pid	Process
552	E33D.tmp

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\$Recycle.Bin\S-1-5-21-814918696-1585701690-3140955116-1000\desktop.ini	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-814918696-1585701690-3140955116-1000\desktop.ini	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe

Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
defense_evasion

File Deletion
T1070.004

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\system32\spool\PRINTERS\PP6gkkedim8j5gp7imapmjw5tcd.TMP	printfilterpipelinesvc.exe
File created	C:\Windows\system32\spool\PRINTERS\PPlnzijfz9y7_4paybt47e2s4w.TMP	printfilterpipelinesvc.exe
File created	C:\Windows\system32\spool\PRINTERS\PPu11vc6cg0tgbxtpe_y35qc9fc.TMP	printfilterpipelinesvc.exe
File created	C:\Windows\system32\spool\PRINTERS\00002.SPL	splwow64.exe

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\u3faqlCea.bmp"	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\u3faqlCea.bmp"	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs

pid	Process
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
552	E33D.tmp

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SUMIPNTG\PREVIEW.GIF	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-80_altform-unplated.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\164.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\deploy\messages_it.properties.u3faqlCea	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\joni.md.u3faqlCea	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\ja-JP\wmpnssci.dll.mui	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\hr-hr\ui-strings.js	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\de-DE\PSGet.Resource.psd1	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppUpdate.svg	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Inbox.winmd	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ppd.xrm-ms.u3faqlCea	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\javafx\public_suffix.md.u3faqlCea	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\go-mobile-2x.png.u3faqlCea	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\MyriadPro-BoldIt.otf	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-40_altform-unplated_contrast-white.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailSmallTile.scale-400.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\ClassicPhotoAlbum.potx.u3faqlCea	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN001.XML.u3faqlCea	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ppd.xrm-ms	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\u3faqlCea.README.txt	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-16.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ko-KR\View3d\u3faqlCea.README.txt	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\cs-cz\u3faqlCea.README.txt	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\he-il\ui-strings.js.u3faqlCea	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\it-it\ui-strings.js	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-white\LargeTile.scale-100.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-80_contrast-black.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\AppxManifest.xml	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\fi-fi\ui-strings.js.u3faqlCea	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\plugin.js	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreAppList.targetsize-256.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailSplashLogo.scale-400.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailMediumTile.scale-150.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Generic-Light.scale-125.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_targetsize-24.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-64_contrast-white.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\Close.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\u3faqlCea.README.txt	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\intf\dumpmeta.luac	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BOLDSTRI\BOLDSTRI.INF	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root.xrm-ms	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ppd.xrm-ms	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\133.0.6943.60\WidevineCdm\LICENSE.u3faqlCea	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\u3faqlCea.README.txt	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_listview_selected.svg.u3faqlCea	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Lumia.MagicEdit\ControlStyles.xbf	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Audio\Skype_Video_Msg_Stop.m4a	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-black\u3faqlCea.README.txt	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\u3faqlCea.README.txt	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-oob.xrm-ms	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\theme-2x.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\protect_poster.jpg.u3faqlCea	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\da-dk\ui-strings.js.u3faqlCea	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\people\u3faqlCea.README.txt	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\u3faqlCea.README.txt	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt.u3faqlCea	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\fr-fr\u3faqlCea.README.txt	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\s_radio_unselected_18.svg.u3faqlCea	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\css\main-selector.css.u3faqlCea	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-80.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-125_8wekyb3d8bbwe\images\splashscreen.scale-125.png	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	E33D.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Modifies Control Panel 2 IoCs

defense_evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000\Control Panel\Desktop	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000\Control Panel\Desktop\WallpaperStyle = "10"	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe

Modifies registry class 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.u3faqlCea\ = "u3faqlCea"	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\u3faqlCea\DefaultIcon	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\u3faqlCea	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\u3faqlCea\DefaultIcon\ = "C:\\ProgramData\\u3faqlCea.ico"	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.u3faqlCea	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe

Suspicious behavior: RenamesItself 26 IoCs

pid	Process
552	E33D.tmp
552	E33D.tmp
552	E33D.tmp
552	E33D.tmp
552	E33D.tmp
552	E33D.tmp
552	E33D.tmp
552	E33D.tmp
552	E33D.tmp
552	E33D.tmp
552	E33D.tmp
552	E33D.tmp
552	E33D.tmp
552	E33D.tmp
552	E33D.tmp
552	E33D.tmp
552	E33D.tmp
552	E33D.tmp
552	E33D.tmp
552	E33D.tmp
552	E33D.tmp
552	E33D.tmp
552	E33D.tmp
552	E33D.tmp
552	E33D.tmp
552	E33D.tmp

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeAssignPrimaryTokenPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeBackupPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeDebugPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: 36	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeImpersonatePrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeIncBasePriorityPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeIncreaseQuotaPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: 33	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeManageVolumePrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeProfSingleProcessPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeRestorePrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeSecurityPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeSystemProfilePrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeTakeOwnershipPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeShutdownPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeDebugPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeBackupPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeBackupPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeSecurityPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeSecurityPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeBackupPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeBackupPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeSecurityPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeSecurityPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeBackupPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeBackupPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeSecurityPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeSecurityPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeBackupPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeBackupPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeSecurityPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeSecurityPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeBackupPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeBackupPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeSecurityPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeSecurityPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeBackupPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeBackupPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeSecurityPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeSecurityPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeBackupPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeBackupPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeSecurityPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeSecurityPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeBackupPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeBackupPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeSecurityPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeSecurityPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeBackupPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeBackupPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeSecurityPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeSecurityPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeBackupPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeBackupPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeSecurityPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeSecurityPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeBackupPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeBackupPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeSecurityPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeSecurityPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeBackupPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeBackupPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeSecurityPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
Token: SeSecurityPrivilege	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1884	OfficeC2RClient.exe

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 5140 wrote to memory of 4276	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe	100
PID 5140 wrote to memory of 4276	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe	100
PID 3864 wrote to memory of 6136	3864	printfilterpipelinesvc.exe	104
PID 3864 wrote to memory of 6136	3864	printfilterpipelinesvc.exe	104
PID 5140 wrote to memory of 552	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe	105
PID 5140 wrote to memory of 552	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe	105
PID 5140 wrote to memory of 552	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe	105
PID 5140 wrote to memory of 552	5140	a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe	105
PID 6136 wrote to memory of 1884	6136	ONENOTE.EXE	106
PID 6136 wrote to memory of 1884	6136	ONENOTE.EXE	106
PID 552 wrote to memory of 3188	552	E33D.tmp	107
PID 552 wrote to memory of 3188	552	E33D.tmp	107
PID 552 wrote to memory of 3188	552	E33D.tmp	107

C:\Users\Admin\AppData\Local\Temp\a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe
"C:\Users\Admin\AppData\Local\Temp\a756abab3a42def4b44a7ca678fc445ae4ce627bb3e38e2b804de6e4e8fa45b2.exe"
1⤵
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5140
- C:\Windows\splwow64.exe
  C:\Windows\splwow64.exe 12288
  2⤵
  - Drops file in System32 directory
  PID:4276
- C:\ProgramData\E33D.tmp
  "C:\ProgramData\E33D.tmp"
  2⤵
  - Checks computer location settings
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: RenamesItself
  - Suspicious use of WriteProcessMemory
  PID:552
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\E33D.tmp >> NUL
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3188

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:636

C:\Windows\system32\printfilterpipelinesvc.exe
C:\Windows\system32\printfilterpipelinesvc.exe -Embedding
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3864
- C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
  /insertdoc "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\{C63C1A9C-6D8C-4B58-A5BE-1BD00FD37BDD}.xps" 133874426480790000
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:6136
- - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
    OfficeC2RClient.exe /error PID=6136 ProcessName="Microsoft OneNote" UIType=3 ErrorSource=0x8b10082a ErrorCode=0x80004005 ShowUI=1
    3⤵
    - Process spawned unexpected child process
    - Suspicious use of SetWindowsHookEx
    PID:1884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-814918696-1585701690-3140955116-1000\KKKKKKKKKKK

Filesize
129B

MD5
f34bec2d1ba83df54f4d9fc2bc7f46de

SHA1
8d3a1d4858a5168e246d2b0d46c3fcb3397f5ee9

SHA256
19b34bf263c6762027919bb43297e15b9e5e14eaf9d630066c6ad22552e90eeb

SHA512
c3f4021255c62cda1278740b16f9d0d427306a7540586335d77f9418c20df8833506b5aa56cc832e8385a01dda169c4904668deeda1c8dcd2ab74369f13e85b0

Download Submit
C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui

Filesize
56KB

MD5
62f9590c456d7b350fe86a10e6c1d584

SHA1
7d1bfa2a4c45e99f277dd7e31ec4938b6f27b5e1

SHA256
d995af8b64c3b6f73ef1ff02ebd95781b9294b1a2031da569830b0054be6b64a

SHA512
4deb758747734f38152eb6cce0333720201c36a95fa4bd9a92e1678dc7a26d237ce0da4dbbfce4389af6d9df5495f14376c9932e01a6a58bec60c07cae7236b4

Download Submit
C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui

Filesize
47KB

MD5
ed64306c2b61497c728f1f02e5836e5c

SHA1
73a856bf8ee2ea394027134ce682259d2403fe1e

SHA256
41f817f0617e4b73132f681d6aff5021796e77585602771c2a8aaa63bf1145bc

SHA512
10b0c180179bd7f8553e347be1d9e555a8bde7b37474a73ec73d3361a1c6ea927fd7fa94eeaaa21edb34aea949727df7ec998a33d8e648eca1113680f4f93a37

Download Submit
C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui

Filesize
47KB

MD5
58c457215ffbcefa112f563b4ff1a348

SHA1
2739646f5f2b7ce5c020da0c46914bcae4b05bae

SHA256
896eea42a03c45ac5e601f439812d549dad92c3b46c117e55ac146861cacf74e

SHA512
0cc743654621265af709772a8848902b78c9c38f9c87173f7ae4cbba143ff59855ed51e97d1979db8e1d22b42a1f096256d550c5af767e9bb93638d77b6a1c46

Download Submit
C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui

Filesize
43KB

MD5
6cc86aa85b5a4b4617a54afccbcdb794

SHA1
83544b6bd2bf682e42d11a3ead0df6f3e73a636b

SHA256
dfe65ffaecc28ab00b2e596f814881af6f9c9c09e4efc4921462afbf452ed5db

SHA512
00bbbf24c5403f912188d61c1d971e357c03c28aa09f748a1794fab33a5175c4a9ca7bf47790e9bf1de56e76fbf1e9a97e60fb897a5b20ca4ce94df6d8e937f8

Download Submit
C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui

Filesize
53KB

MD5
3f1790064a3a853ebdc302b4dbb13c46

SHA1
7a8394c26c4c24c917bed765d47bf5ed890a387f

SHA256
d9e099a90145fc72b9e058cd2a6bf7f9b4308f7b9e116ddc4978509277c418ed

SHA512
73295563e58cc0ed90871d60a5f08fb5011e0303b1f6bc6862ad779d87cc45362337acb6801a8ab7bcde9010ad0285038075f2bcc072fa52f7bd0e5fb6891348

Download Submit
C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui

Filesize
47KB

MD5
50a3a9f5686777c33f7d93f2df7831c6

SHA1
070857528bf96fe8d7b9bb47654fc0b98920bdd2

SHA256
e85d06c352f080e801605b78c28ee12b7ece2fcd164c4c7d11edec1544fa92e2

SHA512
5cacc6b4db85c3a225b0b3c06d4cc44cbe5a005aad22e2410e160b47f549574fd5bb82d7efd260d7ffc23a03777b286fbf27b3c6f974574adab6e7517eafc059

Download Submit
C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui

Filesize
57KB

MD5
24a72bbfb2ead38e0752c862f47d46bc

SHA1
5d16d89bbfb1ba5edcb3141e169bc2d7eed56842

SHA256
0707bdc51d35f37c48a17a4ae552cec73bf8790a620544e589d8b4ec625a85eb

SHA512
e485be152de1b1e3e18662c0d5c8e851b14a6960881f6b14efa5ddf523d028bc06b2c42ab7b96a6be86ea435f6ce2fa593803bec7d5cfe6ba0b97d24b6c5ca1c

Download Submit
C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui

Filesize
47KB

MD5
3cf21fa8d5ed0eaa9f5b7d563e74588c

SHA1
5ba714a23f545d9550f95fe71a9bbaadf556882a

SHA256
cc646feace0a640e76fe1e99c979d46582fd4ac54303a23ba6c8499856c05246

SHA512
6bfa4689d26f4df66c870b8c79c24d65e60fa3728fa7897da053b047a2bf4676fe057d7c9f5de4da7944d3cda9d2af53d08a5c66438a0f980f998ee9d23dc3c8

Download Submit
C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui

Filesize
54KB

MD5
de372baf1ee13efd74704e4e03336a49

SHA1
f2d4ed542b30b3a82ad3ddb5a2e911aeef4248ce

SHA256
b01828cb296a6e3221c351275cb60a658a66739f0264c8db2649d804d119dc88

SHA512
45e9039b62dc2908994cf5e5c896689c8b7047abbb7e41f83e593071d731e6d1b489146f24583c05980fe1e68770dd266214844a0ec7f8017267c6610e74a3d6

Download Submit
C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui

Filesize
47KB

MD5
ebd5d4823f9619a588fc60fc5baea698

SHA1
38f3ccaf4ddddeb353c86f721c42774b6587df93

SHA256
775b4272b36ab047baf96fb99c32ef98b95571f5162804b288706979b5863b05

SHA512
437091683f1f1987e742f201cec851050a66de6da451aebc45963cc5cca84e42cf24f9d19098af3e4b44303f9606d5621074d146559a20ec33a4edfbae64e0cd

Download Submit
C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui

Filesize
32KB

MD5
99ffd2e07451879b93ff8f385d3abaab

SHA1
fe2dac208966ebbb3eb261cd33d9c2553c3d7477

SHA256
5154c46d7eb164bbb7159a130a49a6823f09e89ba26c213b45e59681ce851ba3

SHA512
3d90898467a1ce9977763156243bfc2a7ac978db53bcf6c84e9358f6e3cd8ae6d42be67cf85d65eb70bd86f50d23e39d76ab55bac4695f83696e7688911315ee

Download Submit
C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui

Filesize
37KB

MD5
d7dfc3f8c1c2482abb3da261f6643d9a

SHA1
263c0e05f17912c7c983861a61fb9c5fe33d6c15

SHA256
e61682f8d15fc485291c0ecfed6820264984b889e2ea456f41fc8b6d1d48da06

SHA512
f9f3131d40a6ad4db312d4eebebdf1bca98787c87bac0215a8bbd287cdbeb260387c97488754f2a25ed642337247c956d160f0734a4249fd1786c822db2d757e

Download Submit
C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui

Filesize
20KB

MD5
d338f8ead1c8beb76fe6131624820934

SHA1
305f98f0fdeabc134f1184fa71ece8e660f29187

SHA256
6ab3ca96c5dca569471a746197cec7e371d19389663ea94f0a31295fd928c114

SHA512
dfc099da98489fbe75c122bf87d77e7757dfa0d301439e859f8ec5d6a4277997463ca2ebf7bf3118b0b65724806e234d047b2d590402cf3283bd6336846e55d6

Download Submit
C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui

Filesize
17KB

MD5
a89f558b15df877921a19450c8988895

SHA1
ef119c070595634bc5e344e31366824b3e101dc6

SHA256
782e2dda3c04f40fc9685fc10d823c5cb7acff1ac17a8a31b2c5394fe105b91f

SHA512
df5ccb3c9c376f948485e9bba6c6a865a1a06f2f07223d1dc7ee379a9c6470a1a63cda3d91c70ec6e9d4902533500f5d297e1589ea7a3a74ba1d6ce2b5e5fb11

Download Submit
C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui

Filesize
19KB

MD5
be642a453746028c6d8e2a97c1aa3393

SHA1
c4c9551396ba9ded8d37a33eca4600aad6eeb19a

SHA256
7c37125079080bcb98500bba7cfca463de30d4867695b21f16ed9b406162252c

SHA512
f3b1886204865fd3e80b7ed89cdb9584eac6a9596b681488f11cc656e231938f671e6fefc398ac8ed479595a812ff5c76553467f04ed354a761af4e899575644

Download Submit
C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui

Filesize
20KB

MD5
b1af26c7164d1969cf5ec83effa94dd1

SHA1
f81afc74fef316599284c87d4e233b22c48bb839

SHA256
f97ccc723c33467fbd4b0f8fedbb5759cb26586285b0c5164b7b294a2a04c6eb

SHA512
ebc98482e4a318774cd572a8d52fba99b3b72443cf851a52255502f1052f5912f9dba158f134b2a4bba618268dffa37e4b7f642beb237bfe66452e2c5442f86c

Download Submit
C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui

Filesize
19KB

MD5
4eb40bb5df341b43c364ed1cefc3e106

SHA1
55edf549ca2da213c9018a2c0a9a16b84057e0d2

SHA256
bf7d33b3bf342b0caf3c0ddbda64e341da32ed95082cc4e193419e54fdc93026

SHA512
a121825edb7c640daf71a4dba9b63e288512c27c7ef78f2771aa412326f8c7d5fbf901bb17edaaf0c8d19f0e0fbb0787583012f908d5114a837f5dc7bc1bbc28

Download Submit
C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui

Filesize
11KB

MD5
c875f2289f5d0577f31f298f40fcd6e8

SHA1
c528f5937ee1fbb96804f097958b3ac19f4bec0a

SHA256
245f8599dffe47af9a15e8b3e026e55be7c29d15d851bfb58dcd8e760c5e68d0

SHA512
03f2c3bbdd9b4804c034880f0d0a6e51c1bb03872d865bc9ab92a84ec0c7c4fb7760638db0ca00fc5fd09809966d2a705a036c12e93db08853b1e9162b5d9ea0

Download Submit
C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui

Filesize
102KB

MD5
fcee59e3f75f7cf8df108faea57cf2b0

SHA1
309b7780145683adcb51a2944f0666562e744621

SHA256
56eb21bbbbf36758571812666522adbd48534f989ea192eb4a0f4dac27dc3986

SHA512
c7df0690454bc2a62de165e85297235fc18811ed5396c42065d18cc4fe89fb3d311ab424ad4ca9473c9a9d8d0ba70036d8af63ad02199e1d2dd4f367f1761083

Download Submit
C:\Program Files\Common Files\System\en-US\wab32res.dll.mui

Filesize
92KB

MD5
00978668fb54146bd480360b61a127fa

SHA1
078eb97a61939d1bdd7d73ab0be9c0264983188a

SHA256
db5f677d6bb49075702efe357d4b4797811f024741635456eb4af3d3ba12025d

SHA512
3e9a9fa027ca5e2e07818486f5115c13257c8afd417986a76c60c1bf69effd9845d23f7e826378691bb8b8b000ab5b6f35888f8799e53f5d0388ca95905f75d0

Download Submit
C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui

Filesize
102KB

MD5
500f7bab550c55f1b5d80098be11f363

SHA1
f13ddeb1318dd72da606153eeb84f8ab6d914618

SHA256
a28b4180291fe0ae4e84699375e268febd21333b2696801b6b4366d1fca1597d

SHA512
04d4e5041751c2be0efe458730e36286f8ca84c2867fdcc2b4eaa304695ed8cd27e38b705d07176a3baeeb83f6e6f363ab4bebbca3b2ee6a743db95eb6b9ba98

Download Submit
C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui

Filesize
104KB

MD5
9cdef6dc8011e70e59ea51973bfc4010

SHA1
ecd446e07e4420da3ed4f27f478c3394e0aa6f33

SHA256
cad986ffd752df3ae2769080ee842d1b6f364c4d4e525b1eab78cd9c77914c58

SHA512
9cb21055c3c232212b47bb8ddcc4e69371d470f16382c45c0b1ca820901557c8f53228d7fbf3e1536985cea0e3599dfa5611f2b93834634d6895d30a38c65386

Download Submit
C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui

Filesize
97KB

MD5
bd68e59238777a73ed57c4e695ea58dc

SHA1
e8a8e468b453ba8c1f2ace58690a8d9e6430ed04

SHA256
e356d9963d4efaf8139a1433486c8434b750f1dedcba53d274b65cabd1a5b381

SHA512
91568da027fa563efdc3caeef7c74ce0120def3b84e7d11f7f4a4cb03783718631d6e5c3985bcc041676550e95d75ce07ff642c223f52ea9c9542091f2db4ee3

Download Submit
C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui

Filesize
69KB

MD5
08d61dad4526b112d499dd8d02be7b2e

SHA1
d6117362611b40b38a7f44f8253f3a7b3428ee4b

SHA256
60630cacf1d06bbdadf0a6ce00c20d8c9e7eb6b47f1fb72b38cef66962bb49c4

SHA512
80ca17d864f7aa62de7875c6e2572ceb4cdd3c937308158227f61497f0e210cee6243e66006b89e4760d28c3b2c450436efd8f2438e307eed96d8b838b1cac35

Download Submit
C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui

Filesize
12KB

MD5
9a5220bcd586f92ab250b9c693922a96

SHA1
01df1c933f094cb2521be506d1ae471c04f9e39f

SHA256
07c907f01a3dc987d6c06e37f0f847c8f7387d32612b05c3139759fe811d89d9

SHA512
e341045ef59e8b7837fe1d59d74b0882efa5916cadff35f8b78aa34cc70c9a6440dba9d5f51f7e1a926d1d4a0a006a241824fdb059bac298ac953420bd1830b7

Download Submit
C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui

Filesize
9KB

MD5
19f450e1106dad8beab72f52a9b95bd1

SHA1
df576af27c11a6ddc91bc2d156a896a711ded10b

SHA256
2564792c7588b8ca609718d4de82ff2ca2df20768a29692e17a1786c23f15a45

SHA512
27d6e48070ea8bf4f215105545b3dd10b9f5a4a30ad41bec9b068bcf1c974e46a178e498d0771613ec2d01627c2d4377da420e9a05f0393b45030e2a98c6080b

Download Submit
C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui

Filesize
10KB

MD5
f23e588176e64661fc11419a66d4c88d

SHA1
6285cc159583e23f158f6e112159898e4fb04bbf

SHA256
f4a60a7b75703307393f5073110cdb9d351027c5be28f5b03ef7f6fe8443d6f6

SHA512
2dbeef256b6832782180f9452f3ad7c0295f10050edb42d2107955b8c236188d65dd2caa69d581ce70fb3b5d71a773b22faeb418e5acb702f8d3117465fce4ca

Download Submit
C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui

Filesize
7KB

MD5
f5645efc704186621d78edf4b87f18bf

SHA1
1a5ef705b4c7bd20a58e48559a175b8aa508d31e

SHA256
93dcd9fa868d5d0148bde292bd5bdcf7f8118dc4140c2a309f903f602944ba6d

SHA512
57296fcad5b49a91ec8b51d4b7b4e033814c8cb413a062207b07ba435617762189b6e2f3de92e8a59a7a7cd2905e8d2f32e769062e7c7cf3d7b82ef560f69f61

Download Submit
C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui

Filesize
11KB

MD5
14f628acf7e1453b79a99b274f20478a

SHA1
12cd48205af402336d61984237e802584ebb6190

SHA256
1af5748bf38c4db09db57d11da21b18c86f0a18024a665a31bdac8331b54bf2d

SHA512
0a2de8ec908e69d7d4451aa72b067143bbbe831dd7c68e301e1b5ab1556556a1c92ac7192883a05204691bc53bc7259fdf1f047be11b4768ade1a1cb3429a234

Download Submit
C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui

Filesize
8KB

MD5
3f3a532c440ba6e000919c98ed60989d

SHA1
fc18d1e0bc370bebb13c5f6e951ebabd7f31e980

SHA256
70cb8af8a765292bc44b44449c8e5ff9d7d2ff59762dc5881e3418aa7777d245

SHA512
eb7b0fb4888938cebcc7d700076cbd2f966fbb49497e404fe4705cccfc6c4708cafe6cab83f012d2a7e7e2044939ee7bd6f58aeca49d60274f3cad5d62e0cc53

Download Submit
C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui

Filesize
12KB

MD5
91135af514c9c99a814aaf7ecca63bec

SHA1
0aa7b41d4f8f42d30415d36283a29443591ac5b0

SHA256
cf6a3ab0a2e7e556220d2e0573996647e8f26335d5c47c189b7056d31871d7d6

SHA512
017f0c9484cf739a14bd9b664abe494adc6652caa2505b029e1506b5ef954ec9d7869676594cb2cfcb0b5cd7031c1b61af9688ffe270bd1d0aa57c5f02493a6c

Download Submit
C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui

Filesize
9KB

MD5
dd9debedd61d1c6e016011ef67050c08

SHA1
a1c06f2463215c6e153ac2543ff45839da79602e

SHA256
a380e9ba1754fafddad268ed88bb8f8938742279a4058fa082616da5fa094744

SHA512
da95151c3019bbd03f318052fc528770e3a053dd198345595adc12e3faccc44949df602ae78f2ff78e2d8de88a88e88e01ee359ec186bca4b66f3d485088113c

Download Submit
C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui

Filesize
11KB

MD5
07b9721e3a4376a8b58c187ccb10ebd1

SHA1
c83420dd1474757701d733ea1561f03470304e2d

SHA256
9416075821d71cdb146b210937a91776194689ff1b79c4265cbaeda378fe2fc1

SHA512
a625d5ddea5402bc2a63657f10b14e0496c0c93a8250f3d4f1ef3ce3ce8f9ebba6e3463a49b7943bdc9a6a43b83d469c928de8d13cb2bc1669fcde245d6f36f8

Download Submit
C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui

Filesize
9KB

MD5
ede4aa06e1eda4f5aa72bf57b8a07182

SHA1
5dea6e6fa23c7989c8dd8c1fec8eb126812c1617

SHA256
2c56b9d1f31f318bd21797681edb523d3bb8b49d0f41e0cc5bd814e2716da153

SHA512
90d7b548c1e013fed175636ef1701312d76abf1c656d5b559b6f9cc95b4fee6a2621576d61f6809cd67dfd044a127d9fa76c952f7e7a485d619c87a039f96c3c

Download Submit
C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui

Filesize
6KB

MD5
c2eacf944479a2eeec0146ce8a8ab9fc

SHA1
9e01928885504d608b476016a0c574a3a8a53726

SHA256
23cab246c137373be4006776c4e6f322040a75e8782bb90652ff32de45d09545

SHA512
6f72da9d8bae2af1ddc5c4aaef79d94a376181ecbbb083f1f2745a64705e4fef4a771aec1049119ef8f62f93b68bcd03bee647a6a34c3c5deb0d9ba93cef6e1b

Download Submit
C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui

Filesize
6KB

MD5
dadc31b2a89e369c1370929f05829ef8

SHA1
149d899a933c5630ab5520d70cdffd7b86210711

SHA256
944ff9fb93dd5707c47dfcbf444053e549feb1bed54194b389999d9344089d8b

SHA512
a6f4a63fd7f2f08640c22ce47a2789320d2a6aff8828979e2c7fbc4ec7d7c8044783696f7507da1699b4aab0f9fc9317c862219404ec26595f64101993608c10

Download Submit
C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui

Filesize
94KB

MD5
f88945dc91d6c5d84e7aa3a198f9edc8

SHA1
ad0e1a9ffc469afdcf6ea97c67f21b41d56f6eb1

SHA256
20ff925badf58fbee220627cca6d7cd3c18d6b8e3f3712433fd97aa6ae69bc13

SHA512
9c2b5c9ed87acba0d1dd476a7ecc833625514ed75d5622975a2acea22bb9d2bf7ead8d6ce999e3cf1d2865128cc9666109cd5f7884e18729a26d0e06d49b7866

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui

Filesize
5KB

MD5
c84d6f652ef211c0c7a3a628a3f3e0bf

SHA1
3b3242902bbea02256e2368451f317566ccc2d45

SHA256
6a8343ec05985d31a73a87074e17945ca17733e62988b99f39008b72318e158c

SHA512
07b92e580a6550022622d1752eca02c04646dd37e5dd76b49fc4f261857bc127fe9c48a2e9814e8fd74394990a8833d25488e569c9b703c649882b25c5f3cf12

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui

Filesize
27KB

MD5
2420a8bd0c7e1581bfb13b2a724dee25

SHA1
b5a19732d4a11868f7a20e05c9f766804c703481

SHA256
72638ea99e617f5a016d1e97b277bcae74042688fbccef0159b3d5206b7d971d

SHA512
f4fafce7af7745b3651d9a923cd25184e71081f11c8c30e793af55007edbc3e5759facb8ba1f94ed5a635a09813350d400f97f6e1151a2396a7006f570849cca

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui

Filesize
3KB

MD5
8b0a0c61c472541edc52ec5195a2a2a5

SHA1
45c850b78fd812448925ef324a686e41331c1f98

SHA256
b85268cbcaae16799193515d7f0a1de2be5fbf12d045bcaeaf41fa241e6cefa1

SHA512
823051b0998aceacab6cde5b2d44777ec61a064cfe5153c26a7a9f0df4e78baf909351074da6132e4110f37494bdd4f5f68d94722f985ba5cc50e24d671aca5d

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui

Filesize
3KB

MD5
e21d03b096b7754038bc8630e9f9b5c3

SHA1
584bfad75c1888be79273e7ca737aef27dabf4a5

SHA256
e181b33d489478e6485e2f464c9a2ea637e15a3e7f999d61c4ed6ec8230483de

SHA512
4abab5f2a751c1bf86fb79742219e706b226467612b3f9f4262451e71791779dbdc5d3ced9708a918d30432617eadfe0fbb989fa328bbaad5725e4f27b5a89b9

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui

Filesize
5KB

MD5
b85e17a4c30c576d999179b3800eb9f9

SHA1
6b8b87dad039deed7a706c05f807564b84dffa3f

SHA256
e84531d099530ddd53001398e5becbc2f45ca5b96b99710d8cc8746a794fb589

SHA512
779ac861b97a3050c8b247fb7b2b5796f3542833c847f76ee5306d90054968a6dcba4ddf9f1e8ad1414b546014479ba1c89fc9b9e40f608ffd4462c40f72483a

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui

Filesize
24KB

MD5
4ee8cf1646fc75ed0f869bf3346dc390

SHA1
434363d48cd91f200f489400f33b624c7e420a03

SHA256
288aec7a9371ecf3323b2c9b4791802383caf8d6704386fb8e58a9527b08322f

SHA512
fdd6f2ba193b027d266003afe29e191f9efa58af8120d5541aa5bb65cd89b75be024595eb1f8c7781afbce75d56677c0a9817bf89908545d611096cc2d4ce635

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui

Filesize
3KB

MD5
9ba7c9d974a464c7bf0a2736e86b7f75

SHA1
6ee17c6e49f5fb84d4cf5d9693980ff1e5cd03ae

SHA256
81228130104f6598831147c5d3d99e044dcecde7ab5eb0745db1a7741a78be9b

SHA512
f422158420274fb310e0abc1a6f4c1e319ba5b974992a4391179608a176d312fa6a19d6afc766c66c55291d1b3872e192afdff6430599fe903bc055edf20b0a9

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui

Filesize
9KB

MD5
9a769cee972f8fb7579ee4ce45513ff0

SHA1
536c6914179e404f590c2fee07e8ec5ec17d8870

SHA256
04936c92ebaa2221b1cabe7ce094d59a07eaf9155a5485ee29c01534b5d5fe44

SHA512
86ab409ad85d19bd94776c128d5b0291679abcfceeacd1b7fc834060506e62ff091b0bfe77f23cdbc50a6b749c15a9da30898dbe1aef4353d3d3b81d2731a9b3

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui

Filesize
3KB

MD5
00bdfaeab39de69ce27b01c7e28a6987

SHA1
fc18f19438e675e34894d0b5bb7b1448ce26a5d4

SHA256
fb6566e28a7798a6f5809d652bb18947290da1fb72c4dcb7fc9d0aec8c2f8879

SHA512
cf301bec958389852458753870bfe8af7fe79f325d93dc4173cfaf2fa22c73c219f8090f0439c6cff615e4351882eb04610a1f623d83d431c701a9802e1f8c42

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui

Filesize
5KB

MD5
075092d757cea3160c8cc0198eb6beb9

SHA1
b663e224e40a01946c272f3deee5aa0cc318562a

SHA256
1e1807812163a91ea76b91827debbe228d7aa14f993a2c787a6f19e0b97047a8

SHA512
1a2ddc7a5ad5bceabc3603aad972f9932114afb6d53e4beb52027cb436c5ed265438e33b824862040bc4bb9c30efbc48354f287eaab0aa3290968b198e61aa59

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui

Filesize
27KB

MD5
e8dc96201f05f9fc06c969f1c0cf6c5d

SHA1
036b0770b13f2def7c6e6e61e2d6d0342e4f2388

SHA256
d3ce4c51c147ee2a31230f232b34a31fd4ac989fe57f318d40b2ff82c47b9bd9

SHA512
295eb0f1ac2c0c3dc706932fc759c04ea6a1ab2132ca93f40384f1e8000ef065accd38022301fbdf682265e290dbbe4d93377b936fc0e3938706090956706924

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui

Filesize
3KB

MD5
86345abc2f05337c2f8bfd65fbf6234a

SHA1
8e566ee731095bce49de573d04c864f4ebce981a

SHA256
a6e7757017c048c7f4e296702452796fc96637a5ad9e030941d284c4de1e1ee6

SHA512
a56d15725a327d757137709bf061ab7381382fc5989ebad1d0b0d49a3047d5169ee66cc36affb973c4f32729285c1fb0efbfff424f6e703d43a9f1e20ee361b8

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui

Filesize
3KB

MD5
2157b19d4b98bacebec4c8942ba11799

SHA1
dbf42a8b15767960d835b7ee4b1e34a32ad57fa5

SHA256
fb35fc02f059b5b379f30b4882f61e1482bd60af87bb3285d545a4f67fb09deb

SHA512
5966ad4862eaa70cad508e0d3343ffcf938a4839ff963fd18bcc3647eb51f132a9d4e12bc4f1192cf3eb5360abc52823ef2fd1cde0373e300195d06bf0c3171c

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui

Filesize
5KB

MD5
fbe21a33b883f043f528297091cdfa79

SHA1
f3cc10f2f675dadabbbc2808629310a7ded00915

SHA256
299491e4f9c8a2e50e27846a8308fd520809a8824a3094744ccfabf2e75646fc

SHA512
b2e3acd18e8c781667a581b8b18725dac51f2f21804a9b62cfc9833ed5bb0835158153db7459e0d1819cf8138040d992f9cd54515c6b780ee4bd4ef35f3c9c31

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui

Filesize
27KB

MD5
c74fea984be6b0e442a488980a72aada

SHA1
a20a4067e2c299e1fbc5b63e8fb8938776c31e1c

SHA256
f4a7520b8eae641fd0d6194ca2873ee2a75940d0052c6ed243db6f60f721f46c

SHA512
929e3820ec6673344894f84f6c80e44f39bf9c35a3579cee1c59b7e0746f3c9c709672189e1d5d2eec129b7a8751fbf1f2bdb03fb802a3e868de2a8861f72986

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui

Filesize
3KB

MD5
fa301d55ac94b7bc8df6e2fd0590ab0a

SHA1
d09486a0ae02d4ed34c8cbeae0a729caa86a1b16

SHA256
ebbedc2e9820fb2e5804843e95b28368bf3101ed0e18ab28bc11b8bf65c7e189

SHA512
c653e79e948e1ea9e26bc4c793a9fe50da6da9840b9d52fda08a755da5be27fb290d5e333b9c7b6c60a30d45fda281ccad6864b9cf9b0db6ac3b61716abbd643

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui

Filesize
3KB

MD5
55e22f34513b073d638d1817c73cd2bf

SHA1
ab7a2142dbe6d7ab34a625611485dfcf32ed2d5c

SHA256
7548fe1301ef75875ece987d69d164496ffb628aaa2cfa132baaf0175bccd556

SHA512
d3a7e1a551904ebb16c07e08f302669c7a6a0536f49705a36236e9d40e6f892c67c7ae04d31d78dd81a6ff7feba8610b42aa5d284088c237d149b1fe10e0d646

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui

Filesize
5KB

MD5
0f21aad29c5dcb7eefc944f0068c4ad0

SHA1
6abefa9e75c8793f1c76b54dca04bd6c074388fb

SHA256
9f203664b8f4ec2dd9d9715cecdeff2c3804c6350750fb1406cac6e71865f050

SHA512
a4c2b64d78039e9dd2136aeaf2051c7c68f25bc4c19a8726e87e88da8c0e0394a55bdb1d9125a5452b999c91f40b75932821b2fcb140d0aba318a7c556039baa

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui

Filesize
27KB

MD5
3814ee132e822b967e9f48a2ea0fa516

SHA1
346df077e57473bd2845896fbe30b8ae4d1762d7

SHA256
343bc410ac75429d2b1c9c1aa62e55c44dab327ea227534cc0826db972067703

SHA512
804042da91472a7881fb1ce3bb8b43458fbff8b123c184c0b97c106aae3d7a6f4ee95faced15096b3f45ef4a82965c8d9a8c741843a0afc39392f12f0c901651

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui

Filesize
3KB

MD5
c8139fb43e515a9c62043632d79f6e5b

SHA1
c401970361aeda1f68c5172460b4195e530ba9e6

SHA256
720cd4ae1893eca9644fee5decd7da88187ea583978163f1c07c5b59326ff28a

SHA512
9525e036068d8b56896cd3d175aa2e98e5841780e6dab5dfc4f59a4939b6dc30857eaef1a6197e6a6ef581945002f3b8483fdb50c834d4f4b1a32dc9639cc281

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui

Filesize
3KB

MD5
48210bc4bbb978d57865f3233fda8a73

SHA1
fef6b12afa9c7ed4e823eb247b4b9951e51420f9

SHA256
4b512bb3a905eeb8cc30b5d3781eb40f72259f08b42e8d4f33c1ee1b9e6e13af

SHA512
baca841ee83fd86107ce6bbb9fa92b09921cd3ba0c6beb6caa67b73f226ba98de3989ded7da882c789f7ba1c190c808201920fcb4643f070e88612e20da04f67

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui

Filesize
4KB

MD5
fc1bf8b7512f25f1fc3e70675315917e

SHA1
52663e3c5ec189ca229c788d1684c4f216ad09b6

SHA256
c1bd36763e32ab7ed1192b2fe5affc7ffde62c647d139bb6eb31d06bcd9d15db

SHA512
3afb6a82f25fe245889e6dbd1be49ad6ddde59e9bc7733e4a188764f7341573463ec5b9b1632064c32d9d37790a81473950ac1d41317e740c2c0efb928b8342c

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui

Filesize
16KB

MD5
f9e8739f29523d42ad5fe1645f34575a

SHA1
dccbd1a4793a320cff23ff1ee0d2545a859bb701

SHA256
f7ed2a4ec7d717c4fb3c686a81282c480a827766b3fd34a58f5cd595bfd529cb

SHA512
662bc5eeb1e4dfd6a84df62d168e157f75a68f7083a6be7b460316bcc508edbf2e15cb6006b6b6cb8b100bdf9c86584e886cda3a6c49878309181fb11f450aad

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui

Filesize
3KB

MD5
5dc1299cc5c17dc0c68fae8cffe1f338

SHA1
4385acbe8bfeaa3b540871a93d8dd730a76e1ebd

SHA256
3169035b326346179059c649261ab887cc674adb5bb26e5c952c40a4482fbc8f

SHA512
bd1e3f08c09efde5239b7e70cc0555c641c1ff66fcc7cfb2fe1279831935e9cfef933d07de2a90c5da2e1f3d9fb9d5ea032055f586da8623ce6703c1c5efcf8a

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui

Filesize
3KB

MD5
0cac2afcfc0cb658a6cbab3a1484b241

SHA1
08f8a92ce4a26284302ab6f195f789031c752b77

SHA256
f41ecc71f3e5bea81c1aed898455af50b10e7ec534d7d99fe5707d5f807aeabc

SHA512
1fac01cfb29bb83a8df0df61e5818d56bf9fe32f2d717f0be7f5547dbae5237b70dbd695b2f450ec601f9353da313faacce11d088f8acc2c2051222f3e4ba93f

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipRes.dll.mui

Filesize
26KB

MD5
a3d02f99c61f82364e642b4fac4c66e1

SHA1
0f6e468eb7ea845adb07808dd9f99ac178e84805

SHA256
be5c2bf62c551d9ea13cd032c7c27d1bf6029e440eaf5e6aa912ef51c21fde07

SHA512
dec4489c249b4c87fb1527efd041e70140983441d6690f61ebe0b7d205ca5adb7e7a7123ef2de6dfb843c88b5898bda8b633e142cedcdf2f66aa08b4cdeb0cfb

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipTsf.dll.mui

Filesize
3KB

MD5
93c64efdb3ee0a098305fc518ef96af9

SHA1
79c3118b53d8f2f4978529c8c8908ac0698eb30f

SHA256
065bb315e3e33aa38ba70510cd6c6c14a22edae08c3a3b90475c65d28b8ad7c1

SHA512
d98da22a3f23ad81fb2dd56af46fe24933428de2f713712da0c940b227714b393682da74729211d9be5eed5ddb7baa8891448b1d192f28ccee165e3475d4afe2

Download Submit
C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui

Filesize
6KB

MD5
970fd0456c1e4c107d38260862c4bd49

SHA1
d71e5a540c52a7a35cefdb68ceaa7003fd0fdd78

SHA256
23337e9ba994aef7ddabac57ee71c0eff0159555f45cd3a0109738ffcb8d6bc4

SHA512
ab8dcba4b78c190a5d2d9b44fe4343727990e881710ce88926c6d5e51d2b96fb7692579828486042f4bce253650dcb787d426613b04d07f3344362c3b28d18aa

Download Submit
C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui

Filesize
5KB

MD5
890f33691a688510919fd52fe3602ccf

SHA1
e08c9a8579758cc6f8c5dc0d48ecde78e4f153d1

SHA256
70f06731b1536f4027dced22728158e4db016527b7c511142484bd71e7e22cbf

SHA512
16261219d70a7c7fcdacb7c06e1e922c1881c84a14d6ca47d710a82299a3d2e56316e799b12058ff3561a7ffc44cfa60a5241367ab1e971e97dea457fbdfabb3

Download Submit
C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui

Filesize
6KB

MD5
5d4a6b131084c817cc3f5b1fe83a3765

SHA1
29f6c36609845cee1ddaed9430450839860e9d13

SHA256
21ec85878a6cf174915309404b7fd15ad9b5e8b143bec1df6ebb3721040709a7

SHA512
89ebdb554b23231139f41d94f6db8623fd5d398288c44141d7bd4af9a4ee9f3d5f73b8c09ec43d387ef998ae72ee8ae379723a84442dc7329dc1cf3e5816f757

Download Submit
C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui

Filesize
6KB

MD5
d44d248acbbcf9b7a94804a9334b7021

SHA1
1f6f9c77fc7975b33ac322d6760c473213cd0658

SHA256
009de69e42323b566f7b4e91cc24d528394ca0bfff7b1b4ce5a7610f2afe038a

SHA512
a41993df9ce5c115982b3a2cdbc2547eeefc0ba0ad81c6811e4b728a14996b44a9cd97d153b1f628cd36a98f569a36fa3f15551e535d05d0896e5ce41e7bf299

Download Submit
C:\Program Files\Internet Explorer\it-IT\iexplore.exe.mui

Filesize
6KB

MD5
cb11629ed908835cf61ccc553bf4a1fa

SHA1
6547533b0f55f817704c16aa8074f03dbd1a6e48

SHA256
28ee31fbae6fa786cb603019c739d5ed0a353fffac3b92602188655fead5c434

SHA512
58ea8a2b65b5b1bd7d5f013c51914078de704f1c812aecc9ed8c7010f3852f411f7680a3068ef27aaf611647001ba8832a9dbdefe05d8ace4cb787e76f07dc2f

Download Submit
C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui

Filesize
5KB

MD5
2a0c98f41269ad9fffe5f7620fd4c10b

SHA1
686b4ee606440024f20244cbbe67148312665fec

SHA256
51ce78a58ab944dfcb82805cc0b284d86da424fa34135d8e57fe16df4ace11c1

SHA512
46944c157b79b21c7b8cf61f4fc454649c5d13c3b0008a091b2c11d9a32c58bcdeef0e6ec5b3ac12f52cbbb2f81c352842c5075caf935721047db028cf40fd76

Download Submit
C:\Program Files\Internet Explorer\uk-UA\iexplore.exe.mui

Filesize
6KB

MD5
5395431bee2ff2ca7b15e410bdddfae1

SHA1
7fe556571e72271cb8b5653f77a473b4e0898a7f

SHA256
37d3f0e78d94ae0ab7670b0274e4f5161504f804e5d321b62b8030b2ca380bf8

SHA512
1538533c626d025722f01db4da303e50b13873ec64d1b5720cdbc7134c2e11e64ba3cdaab947465c1456cde34b19499dd194941d2d1aef9768b154328aebb5a3

Download Submit
C:\Program Files\Windows Defender\de-DE\EppManifest.dll.mui

Filesize
2KB

MD5
11762005f19367fdfe43a43494c2afbf

SHA1
62461c552ddc20a85bd92e5d0cbbad74663e3194

SHA256
fee15af9287a5fe16efa89a142695368b7de384bc4fec0c183874f57ea41967d

SHA512
813d5dc4c371af34558ef8cd6c2df57bca4dec74f3ba4f3a33f98a368b15711b3e50b22d14b56dfa7c0ba2c80b7eeb1ff84d92a2f0981c2a94a945ad2a3430ae

Download Submit
C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui

Filesize
60KB

MD5
f9e849b32ec827897ef15cd21e823218

SHA1
93c3bced8569dce0aabd4508b9894ea21e86f855

SHA256
e6495bed3b6e6f165d76f855eefd47849adff74b4426c293b4459b7f29a7e8ce

SHA512
cba132074075a1cff2ece0754e2b690aff331e686c1343e7aab742bf336935c2b5c6831028df6f0b215df3b3d5f707ab60117a5793ead9dc2531cdfa4a94a313

Download Submit
C:\Program Files\Windows Defender\es-ES\EppManifest.dll.mui

Filesize
3KB

MD5
83fb6e2cf1d37e7a24998ca44d632204

SHA1
ac17b38b5cf4b82405e387670cf4ed66622d4a15

SHA256
2c7cebe4b0ba69ff67d2d41e88249522c1a9679f11e35d94b978346c122a8318

SHA512
38f4a66fc241daf28dc1db4cee5af81c7c14b4b3875532256559fceec19e8ddd0cc1ea39e1b472898b92dc57fe22f582ba8e750f2cfcbdac469d32bba473f908

Download Submit
C:\Program Files\Windows Defender\es-ES\MpAsDesc.dll.mui

Filesize
58KB

MD5
e3d5b4fc0fcfdb73eae323fb8366b715

SHA1
8e59f172d0777f61b62b9353846aa0800f7d73b3

SHA256
7b681f175a177ec7416ee550cd61dee307a0b30085faf0e688c9496f969fd1b5

SHA512
f7d9df77ac09c3f367805bd4d0abdc713a02014145e9932461f2b695b27031212620f49f621828c2fa36823e43bccdf4a5d85aed5ce6cd1080ba3dbcb08507de

Download Submit
C:\Program Files\Windows Defender\fr-FR\EppManifest.dll.mui

Filesize
3KB

MD5
404993d7159f8d4e4264084c9626ec61

SHA1
77cab930d0a3f9bef1b6e61ce7d80b18e278aeb8

SHA256
245442f9f058ee8533a629f915581ad2690db299c5fbd90c08b5d248c894a16c

SHA512
2d83c752b1a45d8d4cf2f4bc0a79779e58f75c376ee9804458008ae648f7f123c5abb80fa099b914c32af729ccf7905f4dc5294465f5c4fdf7feac682075fe65

Download Submit
C:\Program Files\Windows Defender\fr-FR\MpAsDesc.dll.mui

Filesize
61KB

MD5
1a3fe1d9d8e41c65cedf696b70182ef0

SHA1
70c1e98d3de85713e61ffe3769b6c1e9c8beedd5

SHA256
11a001f2844ff88cac2966362b2999e89fac76ce518521c32e2635c93c3a13e6

SHA512
107c3bf834ec10b956e694c1656bf1ee5e0f2622e9a6b26e6cafad0f07e758b9ef942e0fe54fcdfcc80dbffd8f73fe55458a0d202f25b1543279f62e38d7f824

Download Submit
C:\Program Files\Windows Defender\it-IT\EppManifest.dll.mui

Filesize
2KB

MD5
5f7aaebc05299acd9841c1dde0913a50

SHA1
ac55bafc48b08bc0938c1cf9a3a375c36a135e2d

SHA256
ccb12650be03d03a0ddce78b2b66fa7725459faac6fa8eafb3cba1e76665fe6f

SHA512
2824cc88484d65da89a4d0cfdcec83cfb62dfc5486b28791c480938edef313bf318051c2db6e0f10cfa30e1c31350d920bb615d8d995b6d9ca2426b04b8bcfc0

Download Submit
C:\Program Files\Windows Defender\it-IT\MpAsDesc.dll.mui

Filesize
57KB

MD5
4a465eaa08e1370164800907d86974ae

SHA1
b88627964ddfb192bafdec1af6f7675e70e8cc79

SHA256
327b9224751a9e2c93206a850569b053673f19b03c9476279378b8d42486dd1b

SHA512
f1ddabdc1830629f40b93e4bcb05b1b6e66231eb246e9b50cdadb2b75d1bf928cb81e3528af6bca582df0e44a2049ec3cc290e22dea3653b602a9e811408b804

Download Submit
C:\Program Files\Windows Defender\ja-JP\EppManifest.dll.mui

Filesize
2KB

MD5
81dc92cc4cd593fcae6bbd6302e4452b

SHA1
ea02d653733388dc9e26f44f363e9e11d75b6448

SHA256
8e87f136fefc22ba7d09afef2c1197b218d9d0858510c40a88dd20f6de3a5860

SHA512
97fbf65384ba5064d6062dd608ea1379c4e2d153e5733a02daa1e074f9ccb446a5fec8c0eb238c214b705445000c7a2df422ea420225fb03b98346ea6a5db934

Download Submit
C:\Program Files\Windows Defender\ja-JP\MpAsDesc.dll.mui

Filesize
31KB

MD5
c8a37c5537c2765c14fecdd0593f49ec

SHA1
31f3a582b91b6afbf93cfd2c0b403e261f51fbb4

SHA256
49ecb055f4c350f6ecedfaf6dd234df468dcfe513ce249a50e6ad4c0771ed19e

SHA512
cd3be9bfb7e13bc57531fd59c8acf398c181da2e4708f0dcfcbabecc48654a6c9504de8c98e2364f676bc3a336dcb2aff766d5c8fb946e7f21c618e581bc2307

Download Submit
C:\Program Files\Windows Defender\uk-UA\EppManifest.dll.mui

Filesize
3KB

MD5
4e39ba73d05c11cdaac4e8fd90181e82

SHA1
94de205b9e6a81e31eeb015699ff897b06130c86

SHA256
bd4894682916a33c7b97a6d9b07f8d7e87e807bb4cd518f575444f3b0650e0dd

SHA512
1a59f8b87bb46c73b9451ff99f400d3fe8885ff022c2de0416c4981904f6169d823a7a226817fbc60a56a825d7d675e04013a07536d998510ced2ab684d0e38a

Download Submit
C:\Program Files\Windows Defender\uk-UA\MpAsDesc.dll.mui

Filesize
56KB

MD5
2bd0b68f2cca911f9b42df7f9e63f574

SHA1
423093818e10c131a38a381acc7ae580191fb80f

SHA256
c431f9f64338cc196a1ed234eb6337290ebe06bc57112cee69cb96f6c3cdf6ca

SHA512
1a78498782dcb9ea7405756b032dc623b66cec7592294e83ed80b3c99c3b6634b80e6dcd537cb313d8ad86d01327526be665bf16865b3a7938685f4200b6e131

Download Submit
C:\Program Files\Windows Media Player\de-DE\WMPMediaSharing.dll.mui

Filesize
3KB

MD5
68360ac1016f346e1f803b4646f3842b

SHA1
6d97815b91c9fe4d3cbb54b75febb841b2c68aa6

SHA256
8af02a88243cc1dbe66a79486d68fd330a99a2b72c701935a995d60e9a325e47

SHA512
0f6c7c8c5f1375048f126ca4c96c6b8d4436b83511e623ec8ec20d12b71dab4728215fe0cae501f2d41d0d224515d397ce1274172ca6d41f263d671d7343050a

Download Submit
C:\Program Files\Windows Media Player\de-DE\mpvis.dll.mui

Filesize
3KB

MD5
daf50b7b2e7b593a782c6a4f5963dbe9

SHA1
c9bcd6c6ba890c00de891f80787f4471c5aedf90

SHA256
aaaa2c7859ab444921e39f14a80952f9153dfe7f5595fcd97816d34a8d8aa63c

SHA512
b9a9bb8805eff1a33429a1ffe9b683c2d871b31a4ad1ed8f404c60378d099770cf1ae04ae468b55b33af1a7d2955da6fc896a570d65e8ec2f23014b44ba2681d

Download Submit
C:\Program Files\Windows Media Player\de-DE\setup_wm.exe.mui

Filesize
61KB

MD5
98b643e72561e9e1c5165e17f9abf8cd

SHA1
0939b4ecc8b396d1c9518ff41230624e53d516f7

SHA256
f6826d54d718e94ffc8b18575a3b48f6a76c1d2590228ec47c79754858d17d5b

SHA512
5a734f032e0a1ed0a549645500da3984d40a03a69fed6bc32ed66e3cd4897d86a7da6e2883f8da3bda1858ef222afa45d7c7106aeb4e519182483b817f153b5b

Download Submit
C:\Program Files\Windows Media Player\de-DE\wmlaunch.exe.mui

Filesize
2KB

MD5
421cd320c24603da9134953697e72f8a

SHA1
3fbdf750e89cbe4944af07b703e56f6c360b51c5

SHA256
d801e4defdacf37dd412777ac4e62c409cd7d4c295b4c9e3cd3f9546939037db

SHA512
488c85be714110ee6c8b3aa19420fc980a7f2a71dcccab87f565b0424fa93b3c7c7623fef1f9a486593cc834ec000e08cc853335c14ac73fbf89301af987b6c5

Download Submit
C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui

Filesize
3KB

MD5
f89f7a05af7f74b36c8df304c09dc95e

SHA1
27d3929fc965823fe4572b6a185ce1f706a6aba6

SHA256
621e02c1a4685aef32da0abfa25c4c889537cb204dda5ecd9ac6f123896600ae

SHA512
916743f4c18c371101bb342a54efd62cca31ade1c216932a192eae190e8e2b16f27db2b9df1eeea6abf0ed6fbc68f89e619bd9807b2070d0a5e8e0985e1f885c

Download Submit
C:\Program Files\Windows Media Player\de-DE\wmpnssci.dll.mui

Filesize
4KB

MD5
dad51e7ed80d7cc978a43c0220d08a17

SHA1
1dad5048b8d280e8ace5cb67a19dfdade06c6eed

SHA256
6b01b412063809ccb377b58a5433ed927f940824697098b267564344d67ecdc6

SHA512
24e73c2f77bed0244a7c0cd48646ec2de64ef44fffead844df4e3ccc6547f0e0bcb8a29e0f20efcf13665dc0e455e56c65e24378f0130c1fb5285cd6b0a2bcd3

Download Submit
C:\Program Files\Windows Media Player\de-DE\wmpnssui.dll.mui

Filesize
3KB

MD5
77faeb3287e2ff3697e2c96363e1be7d

SHA1
ba7e09f86226d92ec5a781c21ce769a936312382

SHA256
88c861efb88d6bede0df5a673a5421fd3a5a1c093e17407b2133f7d2566c92d0

SHA512
58d2e071351861a45d8df9ee94ef64d4bbb3348e616db42c5cd9c0f9ebe0e72230a9cff885e62764ca6a4a78216f44a647b830bd317c7427068c5ee631bb90de

Download Submit
C:\Program Files\Windows Media Player\en-US\WMPMediaSharing.dll.mui

Filesize
3KB

MD5
14d5cd1bfeb9285caca774d5a79489c5

SHA1
66d32324cfd357e6309c091114219e8b866938b7

SHA256
86b93e469ad2b60981ebd3ae56a28e30c9621de07dc6130f746a9eba4cccb153

SHA512
6891ee0b0f4094bf7b79a3685d98ef302f807c9c3edabfebc71b0f73c33beeb2e4ae07a59494d3a34d3e7cefa30a50589c9d1a1f12e4212d4831e2845da71aff

Download Submit
C:\Program Files\Windows Media Player\en-US\mpvis.dll.mui

Filesize
3KB

MD5
e3e6b292ab62c6acc975bb375bb3af5e

SHA1
2f0c42c28836a321f570b7fca55421016306beaa

SHA256
cb405ce6ccd58bc5a8ab7d9df34bdbe2cc1a9a8978619ab22e5f096832f0f776

SHA512
634c8beddecb77bf87ddbc1f9b252f4997f652797ff9873e2e7b2ebc71e65a78a18fa1e0fa93074d33f2ddd828695c1dd657951c93b1a5690e6a23521765048f

Download Submit
C:\Program Files\Windows Media Player\en-US\setup_wm.exe.mui

Filesize
53KB

MD5
80adc7a9702278aee0ce9d5b87845344

SHA1
53c7db8d5c937e3062964df1853d4a4e40ddfed8

SHA256
0d51adf36c8df49693cc1e085ded96dd48bc1889c6f20b098e8e0cf89799ac48

SHA512
2b343431fce7ab9be2a46e88b5480a2a06ca1e53769d506c9148cc719ab8d1e6fb329168116ac3817481f26cf57a22c77063ca457a2f0bbd35a12beebd047933

Download Submit
C:\Program Files\Windows Media Player\en-US\wmplayer.exe.mui

Filesize
3KB

MD5
e6495780706c27846628186c72c23dcd

SHA1
db18cd574a1c50bccd5e02f31a86efd44db2321e

SHA256
360d53057ec83e1d36a85fc5665fea6a3f80a4a0e22b909d0980f49c2a1cc581

SHA512
017bce6c26963a0825f7fd2af82139d85805ed78e281a3b7946c18d522deafd7b9b51edad836a48bebe795a7bb6191ce89a040b6dee5f6dbaada7962326f811b

Download Submit
C:\Program Files\Windows Media Player\en-US\wmpnssci.dll.mui

Filesize
4KB

MD5
86236dbdf8d53b62832a215f55a8f805

SHA1
b8376e800d38bbee7b77ea8448026de09c9d5b38

SHA256
d6c90fddeb457003a7973da74b40eaeffbd714a99c52807d925665bff943234f

SHA512
6d892a1c383f81a60234b7a322169141a3876035b3834087335aa5b06289e921c1c288d9670633c3399326bc7d1878fa1567f60e2344f5e4c2479c6d7d0d9efd

Download Submit
C:\Program Files\Windows Media Player\en-US\wmpnssui.dll.mui

Filesize
3KB

MD5
47ec973f938e3ac1f510fd720cdeb2dd

SHA1
4d4c8e9c40b4d25dbbb2914ab14ef53f4c733970

SHA256
f9246264f114f9d31b94deb497b541ae6cd33d53db25ab5b4bebd614ca9424cd

SHA512
9adf9d93c85949b736f707b7146ba573286764dcfd7aabdab79ed68b791d116b4e62cb8c1df76947dcb399776484d8f4ab047027f6fb28632b4f6a675fe47112

Download Submit
C:\Program Files\Windows Media Player\es-ES\WMPMediaSharing.dll.mui

Filesize
3KB

MD5
f8f9867298749b256f372663a040d586

SHA1
0fb87155eaf4d0ae8d5949601752a5087d5ef13c

SHA256
91ed45b83ea18fed45dad3ac26da9a64bf704ae2aeb972bba75aa8da56370cd7

SHA512
338a81449fd388615521ec5804ca8dd24c089a0de110ae6637a930d7fd54285eb52044a1f35dcc0d0b904e027f6dac2bfb667985597ae2e1e93165b2616f8de1

Download Submit
C:\Program Files\Windows Media Player\es-ES\mpvis.dll.mui

Filesize
3KB

MD5
f8fc525ce8dacd706556be654dcd3112

SHA1
5d16139e14abdb4e9fb8d2d6637b7c3dc7168e3e

SHA256
80c1860cecaa958d2393342c7b9cac7d5db856d5a4abf02e43918e1c06933b16

SHA512
11d959f83e1d789f4839aad53f467411866a64fe2e23d0e78b571cb290b96f4cb8b9c234b4b5cb196af9c345dc7fa734d77891871a73de9588d71d58ba725797

Download Submit
C:\Program Files\Windows Media Player\es-ES\setup_wm.exe.mui

Filesize
62KB

MD5
b9ff8fe82ca218062e887f65c8789c86

SHA1
3bf5a42695c88831c24dcb4afc5581022088fbf3

SHA256
55b3c6caa85a02e83778da1a34d9634b750d7ff112a460a3f9db0e0302da837b

SHA512
4835018ce9fe209206beb0bbd984b3b8bd2bcf566531fc13a7992b85ee7ce3556e1b75da124af67d5e3ec58cfd93fce3331ac4939587c09ac1278b173ea3fa45

Download Submit
C:\Program Files\Windows Media Player\es-ES\wmlaunch.exe.mui

Filesize
2KB

MD5
b5dd21b90f755f837f8fea62a090e344

SHA1
233cd379c2046b6ba25690c2319cbc21858455c1

SHA256
d933fb1d639ffc686a179bb0db4da2c19bdb54eaee70e0e569d0c1f6ed34977f

SHA512
98fc135f094e8c824432dc65ca157efa121b62fdfbeb9b81364a50fc2ff98d3deaa31d5d05ca9a385165cb89db0b1dd28cf8d0d81e66d572a6ea5385fa981a8b

Download Submit
C:\Program Files\Windows Media Player\es-ES\wmplayer.exe.mui

Filesize
3KB

MD5
43b32b30544d70beb49e1079a428008d

SHA1
f11fe1bf248229b6d2ca2dc3c160afaa8bc46527

SHA256
7b84bd06b7d89b12b15e584f31ddb0a5c9eab794377d8a5ffe09845fd35450ec

SHA512
b72000d5b78aac8b0915f5852e9019d90bfda47c525786d83712ec4c7a3847eb30930b785674473ff02734390ed46925d7c53e47145f3dae576b203044533800

Download Submit
C:\Program Files\Windows Media Player\es-ES\wmpnssci.dll.mui

Filesize
4KB

MD5
e91d70c791fbae08ffa015315030d9b4

SHA1
bc5bbf3ccf3a463e96f3a8407a42d55b52ff0a64

SHA256
839b92fbe091e386cf9ff77bf8779ce471399fee948ec9fcbc94a79e54f3d6b7

SHA512
cd309d714fb4b7e07bf64ca3a417c860635f441428c3b9060238947ff8108e9b7fb5891b50df43bda6d9104670f4f7d452c7d60443278d37c01014784ddfb5a2

Download Submit
C:\Program Files\Windows Media Player\es-ES\wmpnssui.dll.mui

Filesize
3KB

MD5
f261119b12a4c74ba602f7550b8ba34f

SHA1
02b7d84d50af75f14d54f62eb9b49d80f3dd0827

SHA256
695e94fd0689865870370e014d9b69006ecfe84bfc739db5da85acdcdfe20297

SHA512
82eefbe3667e5c86adef661bad481b9ef344290d79a6aecac423b83c95f7eeb4ccc52764b22d94e2dcda90f4671bfd661e14d2f6c28935e7cc84c3b05f2e1ad4

Download Submit
C:\Program Files\Windows Media Player\fr-FR\WMPMediaSharing.dll.mui

Filesize
3KB

MD5
3e5bc8e64be11386900c1aec3d39c1c3

SHA1
256ab14577671b260985003d3fce24af67c57825

SHA256
10efa66a2ddf6a9891f98da8b785f4476882b1b49c46bbac7b0273f8ccf7dcf1

SHA512
3414ebd473d2685505d019f37ce6d99037dd5dd1bd10373ec7effc20ecee89f7314bafe6a231ab1c2b3856d56594983ca8c45517ae888ba1846bcd3757fee9c2

Download Submit
C:\Program Files\Windows Media Player\fr-FR\mpvis.dll.mui

Filesize
3KB

MD5
5793a2eeb1235a7ba544533cd4656b06

SHA1
31d928de9d6dd1ef4844e41ca5c0ab535993fa80

SHA256
5df5210a6bc7b85f4669e5c648df574eaca0aec1d863c6b1c74e5475a0e805a7

SHA512
7d920baf0d5993aef890f3c5040c0cb633a28ea3bd728b3d88414b7966cc4a5acd52af456622e68ec07e2e4c77a4c35954030f00ec1f67bf90bb44c56d594717

Download Submit
C:\Program Files\Windows Media Player\fr-FR\setup_wm.exe.mui

Filesize
63KB

MD5
2632da6e0b358372c915629c381fbc1d

SHA1
05ab236ee127e5caad8a5db135a378e16a319395

SHA256
d4f21849967a14c155d2d74bc9d17e9249ff11322fdfb35c2870b0b92b0d1a4b

SHA512
b8602e3531393f99c73b9aac84e90202bc841fec6d75975c97777a136c18322706ac67abd383c3ecc8d02dcc215c949eed59edf61f386e2ac2e33e24863a84b7

Download Submit
C:\Program Files\Windows Media Player\fr-FR\wmlaunch.exe.mui

Filesize
2KB

MD5
e4851dbe2351709e5449984b39dab3d8

SHA1
3d313f524d0040926e83429c258a49e3c8b7b900

SHA256
f249f70ffc3b3a0c348831d4b2767c14631b19abbefa82f34fbedfe3a9e32f76

SHA512
176078a3c4420de8a97af762a2834d9a091eea8fb53dba1729d12cd45903bcc8d668110f6e1385a456771dfc90bcb6dc58ceb6e0ce5e33b1394b866dc9a0a43d

Download Submit
C:\Program Files\Windows Media Player\fr-FR\wmplayer.exe.mui

Filesize
3KB

MD5
472acb503fe1dee9ecf9b331da5cf814

SHA1
a7bcb4889a08fb5fe35a6ece44844ea57ed59658

SHA256
6e4dbbb4c46b767c4a98aab2c23c9638a10ed12fe3d3c68a20332f25430ac20d

SHA512
0fc6d72c148684b9d14dd295eb49436c34ac8a2e44894fba0920098018473d9961f68672ebb279f7ea2bd9d05587206ff59d0da1769ae9b1ffdb5a94979730c3

Download Submit
C:\Program Files\Windows Media Player\fr-FR\wmpnssci.dll.mui

Filesize
4KB

MD5
110d60a0216d78d486bb9181a8c4a383

SHA1
e69eb32b91ba6edffad42d620f5d1c738dd3c083

SHA256
a15efcc614f244db95ad1cf42a4915bf16c657513bfe761e3480105d0dc209c4

SHA512
19ca826f414eff0a53f5404f0f5a3e6c20d25d71c1453155035bb82c8c69a61340d4aa9c889522aa50d97eeef42515ae26ebba93dbaef342e277db78b2c583c7

Download Submit
C:\Program Files\Windows Media Player\fr-FR\wmpnssui.dll.mui

Filesize
3KB

MD5
5d5b39fe434326efdef17c7ebcd1e744

SHA1
67076d580cf974c47a3aaeba95601ceb923b32d9

SHA256
eb4254e83a8e4391dd204fcd4237830d0329244c5aa255e0958be5f0cd1e5f00

SHA512
c0e83b743112cbf4a028412261388cfe5240d33835fd95144eb677fccc39316ba18faf70412c865d07582b020d3e42bd39abca352a3a9c28e2e0e281e1fbafbe

Download Submit
C:\Program Files\Windows Media Player\it-IT\WMPMediaSharing.dll.mui

Filesize
3KB

MD5
8e5e0c4e3ea96b12a02caa7f16ba6820

SHA1
1849e21d4bd521cac23c1bd15443b7acd0ceb2c1

SHA256
303cc800dc1aea0136aa4528a21b5c8694f4bcb87798823f684d1760e76b4c46

SHA512
fa6e7f0fc8be539a2b4926539fc02b052a6fa81af7b6719d5ca81b79a6ba2d0671d8fdcfdfd2641107624553ddfa463c50fb742ceb47249d66c7fe25d9a7261e

Download Submit
C:\Program Files\Windows Media Player\it-IT\mpvis.dll.mui

Filesize
3KB

MD5
4d3672d2a3249554f6183293845f579b

SHA1
8aa4a69c6f2ef9993f6fea93f38cf0b03eb51196

SHA256
87e541a67f95e5ba0539ad619ba2c7f81fffc1d0dd122f2068c04ab46d6e672d

SHA512
623383b6829ef80771a0ad00ae9d2312a4b6b52cbb1b24b1ce98a7b86670cac59bbc9aecc726e648eb696b195d9d7a55a8eab8fe790f977e3018d12432931e90

Download Submit
C:\Program Files\Windows Media Player\it-IT\setup_wm.exe.mui

Filesize
61KB

MD5
6aa3e90222d0cbded4f7af0cab87df4b

SHA1
86e747a9abea416315dbd5484dccd28aa78c2145

SHA256
586f571221c0b2af04d9e743a18b68dca767b380825358888ef241c50d0c5d03

SHA512
152c372dbbfae17bb457cbb8180fc1f85bec70e47efeb7179cb0024955606b51b1bd43826d7a27c0664d41e406dfc2d2871b2438557bb70f8af233024c327605

Download Submit
C:\Program Files\Windows Media Player\it-IT\wmlaunch.exe.mui

Filesize
2KB

MD5
fe38dd78e365ff6ae77e19fda2ee76a2

SHA1
fac2e61fdae66ecf51af15310c78e3dbd8f876e3

SHA256
75286743c089afd1fa4a070ac2a13cdfabe4b61798f3624ab5e1f671a207f3b4

SHA512
7a8415634d5a6aaa95a7da756f05c7e5900e00d8379b7da15145b2adcc2939855a35a839fe7297848c3d517c54445b25202a35db339635822c5f4c462b5cd4ae

Download Submit
C:\Program Files\Windows Media Player\it-IT\wmplayer.exe.mui

Filesize
3KB

MD5
c08bf5efc367313f97e313b7a2b2176d

SHA1
1c3ccc652da7ea8d0e9698f924bc8c8b31ed86fb

SHA256
cfda57489dc686291e776858a25c8d919b0875e2e0fbb36d45058909ffd6f99e

SHA512
494d1956be95c5300ec000637bd316bd18d3c2a71977b8a76dff1c1287a7c98e66e53370cf514f852fe4a48a3d41ae861724dca3337bdd5acd111fe1f90b4789

Download Submit
C:\Program Files\Windows Media Player\it-IT\wmpnssci.dll.mui

Filesize
4KB

MD5
2bde0bd26251d0233e4ad9e23e1e07be

SHA1
03c39a2d470b86e91ffe0f4640b4d83b4b152218

SHA256
ed31893797661cb7136d2bc64ed722c28f8fb99bb8a93abc65a0e9fff55af352

SHA512
b3423b35d47959badceb6e0dbb2234af793dfef96d8312704af992ed915886f1dcc74df2552517495017af40a68a2672638224b3aefd46548d9f540408d0d862

Download Submit
C:\Program Files\Windows Media Player\it-IT\wmpnssui.dll.mui

Filesize
3KB

MD5
9c03e45c96b83413a5b6e24f082d44ff

SHA1
13adaf22fa22279ac71271b6b27501a1f0292f0a

SHA256
10817dd605b908eae33fa0442cdb6fa598c154ebb6207e79724dec3881e6ee7a

SHA512
810f82815a55434381e9bc270df1a60c1baa5162d305fc333561e606e635685bf7668e4727bbf7974226bd42adf11feadb02d4edcaa88ec4714f5091b85b7bbb

Download Submit
C:\Program Files\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui

Filesize
3KB

MD5
5cddd9372b4318a204715f416588076c

SHA1
1af482e8485f62b7aba6668c94770454be1caa63

SHA256
d6a2277f5638c10b821e1c64d90fb293d01c09fe6fd77c69ae0e9d5a6c891ba0

SHA512
75d1ac47b6046f697c93bbd06b31f5033ff5d10423d535fa34317a42fe01d8f017f5ec8f36afe6f50d48322c02756bf290c2307b4c2199a1f96bcf413d80fafa

Download Submit
C:\Program Files\Windows Media Player\ja-JP\mpvis.dll.mui

Filesize
3KB

MD5
78e31f238dfd3ed1df9b075b78d6c40f

SHA1
80c6d103abf6aa6203f7031cc28c58efe5acb29d

SHA256
dc893b9bd4a733cf4e59ff812c99876d4db4defdf36ae42030039c21bdaec0c6

SHA512
4b384497c91c73929b2821d24b09386279a52dfcd7d7abb91d44563c3a8dc4f9b1d9ff0adc23cd586e99f1e1b501780f20c616e08dfcc03e48615d488ccad18a

Download Submit
C:\Program Files\Windows Media Player\ja-JP\setup_wm.exe.mui

Filesize
40KB

MD5
e578d36830b3ec43740d3900255c7839

SHA1
168816fbaf8d6668c1c5efd7578458c4de4fe49c

SHA256
12ec3ba39cddb09c49787c5cb14837bbdadf61c0bba22beed6222c78eb82cd8a

SHA512
f74c85565a1bba222515779e6b9edd0a01a0cdebc37ff658a96862690c8aafbe32c19bb4b3fc097b4fc8115696d19d6c59e353e48b83896c713a4fb8fc9d226e

Download Submit
C:\Program Files\Windows Media Player\ja-JP\wmlaunch.exe.mui

Filesize
2KB

MD5
ebafc8941e79d2d4b7f176bd6717b682

SHA1
90eb9996ad26bf0c474edf874baa7fb1ae054760

SHA256
ad7a4274a7b7e90a2aef0423bba5370bd14f6c392a19f47c7ead8ffdbe051b2f

SHA512
e0c91a91785518e9b730baef944bab8677d374ca1079749582b15cdc0bf66c495b7e2b0265dba1e9270e84d82f7e3d8f7f45b3d0039d129e06a592fe2faaa498

Download Submit
C:\Program Files\Windows Media Player\ja-JP\wmplayer.exe.mui

Filesize
3KB

MD5
f6e8614f25b9a1f2a2b4811e3b8a7dd7

SHA1
cd4d2d566fa59811eccc01ea80d4486c15d451cc

SHA256
75a4840e9f6789bb9b9cc44efb58785fcd1c2a8fdd8d07e863604a9d7b3a6d62

SHA512
a261f76f702f6ad598bb98cd02ead44932877dcb6c6032938a2b77d60ea192dcb54864db60c274b50bba5ed375fe1efccf5c8dfbd1a4493adc03818547509af6

Download Submit
C:\Program Files\Windows Media Player\ja-JP\wmpnssci.dll.mui

Filesize
4KB

MD5
671e3de4ce929fac83d3b7f47169dd64

SHA1
63e3364030ab42ffff39231a8c8e8b07c2b81a4a

SHA256
80f25cb977c9eb928ae94429bd2dcef7b90e583c9d28ae5127a9f05bb92ca88a

SHA512
3ad89484120796125113abbcb71af1aeeb2d7acb3a5d91e2593ded0060afad42aea1bef6314f31e03d1662ef3398a984c8185885a39f3d17dcf16f0fb2413f10

Download Submit
C:\Program Files\Windows Media Player\ja-JP\wmpnssui.dll.mui

Filesize
3KB

MD5
de9a4d1036f0d9f6821a62af88357cee

SHA1
d0479a2376b73693d3b3425894dc1cdd47f23dfc

SHA256
e76c92fe1b1bf9969bcd5cae79ad3933e391cb62d971041d925d8db479c64127

SHA512
28eb22984d46fe1f0125bd48fbf01c384219d874fe5f61ae973aba9b6c182aa327e208c4f7c2679a2e4aa612959f527d2ee5e78abd0f910b3d661696b40560af

Download Submit
C:\Program Files\Windows Media Player\uk-UA\mpvis.dll.mui

Filesize
3KB

MD5
e13688c43522713868014dee52c6c76d

SHA1
76fec2d8f616da5a09a072ebc20f93b1f3d5bfa1

SHA256
b139c0c386bf548df4a1012e4c666f42d7d49e6299aa0c1e569ab07575b576f2

SHA512
23e40fddf0f70a4993af05f53e98f745a8da2e9c0555604be5bd7d1e266ebac09ee0e4d4a8df29c5e130a97fd21a57a9d40bb60ddb2e6e766d4716c46f197420

Download Submit
C:\Program Files\Windows Media Player\uk-UA\setup_wm.exe.mui

Filesize
56KB

MD5
a79de8fb5ac3789e3a5207772e6d09ba

SHA1
3ab55654b73dfcb3ff76245908965c9c899abe5d

SHA256
d5bcaf3535aab3e69a82a81936406632396bed5a8e3e40315637b36328468786

SHA512
1a6a4bda877a802250e803f6e7550a6556e83bb335381f12d49b3964af54dd489771223d0932bc32f43454d69beaae81ac365fa2277726d3139cba658e5e5eaa

Download Submit
C:\Program Files\Windows Media Player\uk-UA\wmlaunch.exe.mui

Filesize
2KB

MD5
a42f677177e8b3f70c9b956c8edfc8a1

SHA1
837937b860ce001b4d9503dff07c6896683bc9b1

SHA256
789289493c46f1bc952decb91699801182352ed95beabc591c19e1529c5ff524

SHA512
c4df02ce9fdafe1537906208332ae830e4fb92bd25bdb31e5ab951b892ad0648dfccc8a1cb5a23ed18eabfb12414ba2e732495bd76ec4016047a07fd96c2060c

Download Submit
C:\Program Files\Windows Media Player\uk-UA\wmplayer.exe.mui

Filesize
3KB

MD5
ad5bc08c5d49024e510c71e4589a28ff

SHA1
ef43f1d1a5a3c80d61b378fa5af111bb6414c68d

SHA256
3a45fa20401dd2e3b35ee7c57e8fc7e49171de189699d36a20fbc585adaa9b16

SHA512
2f1e9cb1ac5641e4567ab22c0e5f4ae3aa70757949f9cbf04769b45364de26550e0df11b61cd33d4e1160466aee234cab1f7e27af961c08603a1867d71b9afd3

Download Submit
C:\Program Files\Windows Media Player\uk-UA\wmpnssci.dll.mui

Filesize
4KB

MD5
ff2197f6c20bf413f1daaa8105e6dba6

SHA1
e5133a562d8be5bebc802f5fa510e2387b6adc93

SHA256
5a24219638fb5dcb1bc8c040d5c438c9f5c4a96128497c705b6c20f8d8a756aa

SHA512
ba4dfdacb8744344c9b85faac7fc8975ed8c3ef4ae84f9f51f48bfc777a768afb0bd59590c52ae5ec50afb4a55b482d264934db36442c0509eaf67e87cac7164

Download Submit
C:\Program Files\Windows Media Player\uk-UA\wmpnssui.dll.mui

Filesize
3KB

MD5
88f1592654297fd254296d8cc2244e73

SHA1
cd821870c406083213c6e0ea26e375ea1f3711e7

SHA256
2f81c3f9fd11bb0c6322fe9e19fb4a55a82ccb36af1ceed432275b27935841af

SHA512
9c4169f60da3caec4a8d79d74ec5a185d51a9e2e79e7ebddd6867fb5e7b1680e4aea532a4d8e4289873c3f7b4a1bd8dba23a9d3e82ba46b360d76b857de8133b

Download Submit
C:\Program Files\Windows NT\Accessories\en-US\wordpad.exe.mui

Filesize
49KB

MD5
2e8ffb846472719d8c4ed172e21f8a08

SHA1
4823649bdc70927d1bd4ff3261707940da37241d

SHA256
7f2a432c24533edce78c47029acb93482e5a95ca7e84fb40dc8c2f8e3463e0fa

SHA512
f84b878d57e39f5835387f24842ed5fdea08e9561839e72ec0d4b1b49ac3e430b93c7277bfc5fb5fee1f3869d69f43980171e10973d00575f23fe5c80bced669

Download Submit
C:\Program Files\Windows NT\TableTextService\en-US\TableTextService.dll.mui

Filesize
8KB

MD5
92ab15b522b90703266c4800da76785c

SHA1
1415c3aac7a26885dedb9e201210a12ac93c5bdc

SHA256
ba687b17413627c97baa88f22f1189fe283c870f2035b854406eda369006c712

SHA512
d8e436dec9b6b98c7c7b96b0c54db3c80a4f1ed3dbd84aaf6f71b494d60c9b1cc48b266ea9cdd5d1315f03ca7e0e53c91255488d861e2a156afbd98a6f0143b6

Download Submit
C:\Program Files\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui

Filesize
18KB

MD5
f1c17518a056b7d798c1cc69b3ab5593

SHA1
b5a36738b888f685eb23d051e2b1f26d0470119e

SHA256
1b665e22109b0fbec925e0063369d0e34809515aa030470ab9c6c495e98653d2

SHA512
066a7dde3b23da3747a3a029d343b1197138059bc2481434cd268045acd692aac74f632065ca8a991c347d952d2af6df78cd54bd96a1f3dd0f55fcedb1216ff9

Download Submit
C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui

Filesize
16KB

MD5
2a3ceff5becfac0a7b98304cf1148c42

SHA1
6975d982ae38986be4eef993bcc3744267204aa3

SHA256
949ac60abb1c4846cb4c92702278c991037b000e7f73b526c06d2f4523d6aee8

SHA512
160a9319ca3d6580e60553cef18a9a625fb7ba84da4a027974b3552ba6bcda2432b3f52fa09be68c9040e4332d4ba46b5e7bc27d75616fa10ba0befbfa704b73

Download Submit
C:\Program Files\Windows Photo Viewer\es-ES\PhotoViewer.dll.mui

Filesize
18KB

MD5
2899d9b67511d20071f45742d7a985d9

SHA1
db0f7f5578e1808a5a2a67b078aace77a7464594

SHA256
06c374cca317c67ec18f8484d4fa7a6f8c5cf37a204cf3792bcd051c2313c2cd

SHA512
288c42b08245d971331603ab0e37a269840d33fd77a9dce744af90fa69a11800e2d4279aea749e38a87442693df9dbb5e73b68722812c90fe00372eb304a9e80

Download Submit
C:\Program Files\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui

Filesize
19KB

MD5
cfeb5d5757ea3f4f33ee5ec5bba8ee23

SHA1
b7eda5291273d0df11c803f99e1659bb58a634a7

SHA256
1a5b8c320420b78b1955708778138768cb4084f8956371f8c7e63e64f34d016f

SHA512
2c9224018aba1b3451c8d6b70e8c8cfa5c4f1fc59e868f069eba346a953b80a5479a34f353e02af6287613c32c21a934ea4fd51fbdb84a550d7c97dbdb402656

Download Submit
C:\Program Files\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui

Filesize
18KB

MD5
1132272a3ffcfa05bbecaebb5459dc92

SHA1
499d7b2a22b9cf37ba17f8d3f29acc088c6bd692

SHA256
5af93aaf972e279720604b2b5976e970ea3448d4db279324e50a816f2bc54fca

SHA512
ba1976180278f77395cda65d97a64209821c6b4be6e9086d21e945a335bcf8c3c4c18afe2c7a9e9b9f591e78a58e72b06c66d430959b25cacbde75cb3a6404a0

Download Submit
C:\Program Files\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui

Filesize
11KB

MD5
979fd25658ee1b89dc96f4b39e04def4

SHA1
9c9f88861ea714493a91dd457084693bc38d0e1d

SHA256
21b408fa53135c122f042654146697921c1f87d7f32daf8291087a0f7f923cff

SHA512
87d7f908e4e8d2f1107d1d09aff8e1db430f4b3d5c79b3087b8b59c6dba2296eb40cba554685d73cfafd07bdf34b193c712c1345df9d742b44bb886afb8f9238

Download Submit
C:\Program Files\Windows Photo Viewer\uk-UA\PhotoViewer.dll.mui

Filesize
17KB

MD5
d4d0dae75d792b4386f0aaa226dd8193

SHA1
63de8825c02aff86d88af949b64df7199e9e6f01

SHA256
9f9b430ec20e37281bbf1468e8138d63747367a00dd0c56a2165c2545696be64

SHA512
cec5e2b8013d8f24bb421457bdd2e8880198036a7f9671e91017afd488e2ff69a462ac58c4680c13febae810e4ace5be97e34a4b695024acc9e9f85acc2cfb72

Download Submit
C:\ProgramData\E33D.tmp

Filesize
14KB

MD5
294e9f64cb1642dd89229fff0592856b

SHA1
97b148c27f3da29ba7b18d6aee8a0db9102f47c9

SHA256
917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2

SHA512
b87d531890bf1577b9b4af41dddb2cdbbfa164cf197bd5987df3a3075983645a3acba443e289b7bfd338422978a104f55298fbfe346872de0895bde44adc89cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD

Filesize
149KB

MD5
4233055d1e4da8e9256a8ac148994aa0

SHA1
82826ad74cc725166ca65dd68d865615231f4c60

SHA256
145fc760a5b43b8a28cc40bac3c32c5f88c1e5ecbf4b39df8a27c869925adba9

SHA512
6c519767f3b94f23c382768c10388f5cc39d2789cbf47d294dc4cc41338786007b8da339c08a5cdf5416da565c4f3f7f4173aaf519b86cd8fc85a5e2a811887b

Download Submit
C:\u3faqlCea.README.txt

Filesize
2KB

MD5
c3ba3b3f398ef544e0087ae1f2caa131

SHA1
8a7ac5b0e8d9fb25f322253c3a24dd61b8c528e3

SHA256
00357f47fa645822b7dbec82ac2c59257d58d06e0035cb3d65d7966e9ca1f32f

SHA512
aea230633826aa0c92ec0d4a24d8256e1e972317d3167273164f1a43c3ab7eeb4ea05fa750331a0da9ead0611112997ffc2fb6d5d100d94c6a82361a71b4c510

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-814918696-1585701690-3140955116-1000\DDDDDDDDDDD

Filesize
129B

MD5
abd71d214c9b6c11bb0bac9b5c5d9d4e

SHA1
a5674d4fde563aa8f50e9c5342ca3b67fcd786bd

SHA256
a5c59e4dbe96605ece8d4c540f613c196d070e2a9a3d081d05c7cb610c8ef2aa

SHA512
4c58de396cdc341fdad887b9702f40ae2c2ac334cf9fed26309111e3673e859aaf1e375424966ff16bbbf2231e8085f14aa545e8d0c4814d77ecf7961161a5e3

Download Submit
memory/5140-9301-0x0000000002D90000-0x0000000002DA0000-memory.dmp

Filesize
64KB

Download
memory/5140-9303-0x0000000002D90000-0x0000000002DA0000-memory.dmp

Filesize
64KB

Download
memory/5140-9300-0x0000000002D90000-0x0000000002DA0000-memory.dmp

Filesize
64KB

Download
memory/5140-1-0x0000000002D90000-0x0000000002DA0000-memory.dmp

Filesize
64KB

Download
memory/5140-2-0x0000000002D90000-0x0000000002DA0000-memory.dmp

Filesize
64KB

Download
memory/5140-0-0x0000000002D90000-0x0000000002DA0000-memory.dmp

Filesize
64KB

Download