Malware Analysis Report

2025-05-05 20:48

Sample ID 250421-hgescaxkv3
Target 2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe
SHA256 2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7
Tags
lockbit braincipher defense_evasion discovery ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7

Threat Level: Known bad

The file 2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe was found to be: Known bad.

Malicious Activity Summary

lockbit braincipher defense_evasion discovery ransomware spyware stealer

Rule to detect Lockbit 3.0 ransomware Windows payload

Lockbit family

Braincipher family

Brain Cipher

Renames multiple (7493) files with added filename extension

Renames multiple (7680) files with added filename extension

Checks computer location settings

Deletes itself

Reads user/profile data of web browsers

Executes dropped EXE

Drops desktop.ini file(s)

Indicator Removal: File Deletion

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Program Files directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: RenamesItself

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-21 06:42

Signatures

Lockbit family

lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-21 06:42

Reported

2025-04-21 06:44

Platform

win10v2004-20250410-en

Max time kernel

103s

Max time network

140s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe"

Signatures

Brain Cipher

ransomware braincipher

Braincipher family

braincipher

Renames multiple (7680) files with added filename extension

ransomware

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\ProgramData\50C.tmp N/A

Deletes itself

Description Indicator Process Target
N/A N/A C:\ProgramData\50C.tmp N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\ProgramData\50C.tmp N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\$Recycle.Bin\S-1-5-21-2645532622-3298555945-705856666-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-2645532622-3298555945-705856666-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A

Indicator Removal: File Deletion

defense_evasion

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\ZWgvlAMeS.README.txt C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-20_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-white\ZWgvlAMeS.README.txt C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msado27.tlb.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\it-it\ui-strings.js.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\OptimizePDF_R_RHP.aapp.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\ZWgvlAMeS.README.txt C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymk.ttf C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Controls\EndOfLife\Assets\farewell.jpg C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\jamendo.luac.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-oob.xrm-ms.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\faf_icons.png.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-48_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-32_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\README.txt.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ui-strings.js.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\he-il\ZWgvlAMeS.README.txt C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\reviewers.gif.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Audio\Skype_Notification.m4a C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageBadgeLogo.scale-150_contrast-white.png C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSUIGHUR.TTF C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\en-il\ui-strings.js.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-32_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Media Renderer\avtransport.xml.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\hu\ZWgvlAMeS.README.txt C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\133.0.6943.60\Extensions\external_extensions.json C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\selection-actions.png.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\AppxMetadata\ZWgvlAMeS.README.txt C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\resources\strings\LocalizedStrings_pl.json C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\icons_retina.png C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\jsaddins\onenote-winrt-16.00.js C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\hyph_en_CA.dic C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\uk-ua\ZWgvlAMeS.README.txt C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\share.svg C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL002.XML C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\StopwatchLargeTile.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MedTile.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\MicrosoftAccount.scale-140.png C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngom.md.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\ZWgvlAMeS.README.txt C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\tr-tr\ZWgvlAMeS.README.txt C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\fill-sign-2x.png.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\sk_get.svg C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderLogoExtensions.targetsize-24.png C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\MSIPC\bg\msipc.dll.mui C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\import_google_contacts\googleImportError.png C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-white\LargeTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Windows Defender\fr-FR\MsMpRes.dll.mui.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\adobe_sign_tag.png C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\ZWgvlAMeS.README.txt C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\es-es\ui-strings.js C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-20_altform-colorize.png C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\50C.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe

"C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe"

C:\ProgramData\50C.tmp

"C:\ProgramData\50C.tmp"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\50C.tmp >> NUL

Network

Country Destination Domain Proto
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 c.pki.goog udp
DE 172.217.16.67:80 c.pki.goog tcp

Files

memory/5252-1-0x00000000033E0000-0x00000000033F0000-memory.dmp

memory/5252-0-0x00000000033E0000-0x00000000033F0000-memory.dmp

memory/5252-2-0x00000000033E0000-0x00000000033F0000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2645532622-3298555945-705856666-1000\desktop.ini

MD5 5d0f434d2a574bbc71485e7660a401b9
SHA1 b7fe7fc32a3bebb2847596d9b9952e3cdbc76572
SHA256 41d4dc199db3bd0e94ea656608623a3937be39df3681d51c3e96e7666f2d5b0c
SHA512 156c45029f04eec447efb521ff0d32d03d0c51bd9acdb89224bca75afa8fc94cd717384a4d180cd13e6486865ead472e6cec858d4cefda8bb5fd156df39458e8

F:\$RECYCLE.BIN\S-1-5-21-2645532622-3298555945-705856666-1000\DDDDDDDDDDD

MD5 45d0028abdef62616c717307e9725639
SHA1 d70edcfc6ff8f0a57a0c914cbe3e9f645fd07bd1
SHA256 69da0a5a13c283614159736086c332a5d095946386d4895635f66a95aee6cb35
SHA512 43bc4b4d4cc1bdc78afb750fe027585e7d12f34a2c821f0b2986b4c0c40e65dc1aa1fc87f44c9815f5a70c70d16306614a04a3c6114c3843c18295657e2c5960

C:\ZWgvlAMeS.README.txt

MD5 760028ef20333198655598be2508d8a9
SHA1 26241a0fbf79e1fd3cfa3e45f393a50794124d68
SHA256 968dc4d550e01fc12a1c53b5c320361fa62716e296436c78757c546d616df7ed
SHA512 43af192dac05b3b64f992dd0261c72bf8f25e0d4a7b4097afcbeac1e0906c5103ee0301d7ab4a9721dbcb04105abdcd844eca91f0ab935bedb24d88a6a8589e4

memory/5252-8152-0x00000000033E0000-0x00000000033F0000-memory.dmp

memory/5252-8150-0x00000000033E0000-0x00000000033F0000-memory.dmp

memory/5252-8149-0x00000000033E0000-0x00000000033F0000-memory.dmp

C:\Program Files\Windows Photo Viewer\uk-UA\PhotoViewer.dll.mui

MD5 57a8192e4d9f81b8cb147953f4e351c5
SHA1 341a05e42758d2d85af65ceb2f704baece354ad5
SHA256 c1b977517a4b2216177aedfda89dd633648840f86443bff36b27650731429421
SHA512 76677bda944c2eea7489a3cbff6321dfe66b5da8b41e0b5baf995959ac737f6368323acc011fc77e1d7a2dcb2789234d5238f58038e1ed98374ff87fe1154320

C:\Program Files\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui

MD5 2fc3fd465adc7b032b997b454cb87869
SHA1 26fb3ee1b38a9ca216dfe6c9c9aa1cd33f7cb6cc
SHA256 ec69dee40a600f3ddc23947ee9106cb64390f5ad9bc6f7b729b3bfb2e0d71cf9
SHA512 28966e5612e16567705dedd0295a0681050d9537e140dcbaccd6a8a52625f6cd9ba7af3783aedafc12fb5ea3a699c87a6eee235d30d38cbc5de8b446c1860b60

C:\Program Files\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui

MD5 16ff7a9c468a546cc3f599f145ae0231
SHA1 85f4b21c0483090b4f9dd0073c736fee72809b96
SHA256 4a39d85249fb76c02ab214d4d867a1ce58688ac7d4b5fd683db2ddd40ef48bd6
SHA512 cfd8ae7058bcb0f6c6ecb0de56e97f677786be94cd362d743099e8bb7131450b248a27a1ac52cabcfedb0a623fa16b6c88230ede83af02f153c5915a0d2539ba

C:\Program Files\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui

MD5 f3d634c25fef96f91510572644bc1731
SHA1 21107d69b4ea87a611b283a28fcdecf4f0bf23cb
SHA256 3ef06b28ed2df7f8107b6f95c08b17c2d08a74f6c20bc57bab7fa04059931bed
SHA512 b6b1c79c63d05209cfb27a7ad102a10dbb5b829ef98ff356816537bacb813c52ae56af881aee2ee9c634284029a1460d4e8936d751bd006fe5332f67533b1491

C:\Program Files\Windows Photo Viewer\es-ES\PhotoViewer.dll.mui

MD5 e6cd6c03a2914065cd2332939245e7eb
SHA1 48d0607949bf57b4dde52e2643ce5a27824eaa21
SHA256 64c71e5b34617b04ef13ebad356777b8019caec36b8566503d3586f88ae31a28
SHA512 4396a44f3edb5c3dc33a23e93c3788ca04da604489937ca566bef0df3fba1251e1205834a30d142c8a40a6e4daf262be4e67941ed536199f40a04ceb4e91f97c

C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui

MD5 8b92c391559d8247a9b3476a936e75f7
SHA1 cc73812f039872a7decb010cf6cb125283c843c8
SHA256 713be1e06fa0c409df6aae168e0e92fcfb57acf0333cd35c3e4d8e9e38558e8c
SHA512 49ab40ec9dc8a3560e4ef8c541f17a4f9ea6e81723de249c1fa80ff7d0e11887f66501db7a85fdadb5bcd3dedf98b6103857267543b0f0d3b8e100e21debd73f

C:\Program Files\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui

MD5 a9d7891e76b6c09b8504ef3946b96757
SHA1 ce2a30805318afb17c1386071f52dbe24b5441f4
SHA256 aeaad0d1f4976c64f9d8ebb77335da934a4f68bce3950a88e8cc3a1edc544b71
SHA512 bedeece952fdfeb9bfe9b0630e81531e8eb18350147e7a5d2d8a39acac14519ddaae5dd72c1d605bbd9c6586415a21e7de727e759861bf97e0aa079cbaa8ebbb

C:\Program Files\Windows NT\TableTextService\en-US\TableTextService.dll.mui

MD5 31c2368928209c414622cdad41419ba0
SHA1 68322add9fce291f9e6290c580cda795c4d2aede
SHA256 64a928843374ebf8c9f2824dccf8fb5c8229d99df7f3d424f030b1cb79d79227
SHA512 4be3c299f65d996633093a9290289d2808dd06812a5f184d88ac534902dd643919bec30f46c80ca88e79daedf8647bc953f2d47e4480a1e33602e1152fd11d1c

C:\Program Files\Windows NT\Accessories\en-US\wordpad.exe.mui

MD5 2d2af3b6d2dd8b3e2b122d168ef4954b
SHA1 cd8b8714615bdb488bfd0626b94070bc23f57fae
SHA256 e91cef94ebf61c3bc4caf3359ed9653ad10526d6bb11c362e0ea80416bcc465c
SHA512 ab0158834df7eff7e0536c9eb575a084b1517a8b18c9273fbcd966f6f96cbbceee2c80cd730afa4c43cb55d1be6479b8cf9f977490bbad7e88d2afec558d6af5

C:\Program Files\Windows Media Player\uk-UA\mpvis.dll.mui

MD5 252fa4fe7ad09c0e5e6ad8ef14e11d8d
SHA1 426e927c6914b54e41bcecc2ffac3987dd7a1689
SHA256 8faa84c5e3443e8b1d8132a63232664d7007c12780283506c373f9cd95aec78f
SHA512 3a9b0e958badff6369a33617e92c923d8c04b063211507e84d669ad220fccfa21cd51d4872858aa8a7ac735e2b177e69d15fa00a16523ef3a4199b64e88b6976

C:\Program Files\Windows Media Player\uk-UA\setup_wm.exe.mui

MD5 61b56f91b697273f708cd506b3dc6b25
SHA1 08acbeb77ee01ac2bbb031dc43c8173ee9b8c1d0
SHA256 1a3eca49a8e6d297c04285941bf9d5009e16eada7b098969cbba76ccf33f29b8
SHA512 62a3e6f51b110ceabe9f38aae6147c6e92b93deecda3b54e1c7375ef1baa5232d320974b17dd63960198f70437b4c059fb3419d269d5125a5111237e6f142577

C:\Program Files\Windows Media Player\uk-UA\wmlaunch.exe.mui

MD5 3a7ee06a87443a5896a4c5cb2252ccad
SHA1 a2a996fe9dd46c8c235e7a3efd5023e1c97c5625
SHA256 4e8f6934548acd269a2ec75b354ab7e8501af5d8674eb3a27780312d8d9c808d
SHA512 82b949372c9630d2995dc5b04fb3fb23631a3ff47ae8a5fc3a27abfc5fe5be630b920ccf5059ee1af17a3f2a413be193b3c98e1d4124a33db864d7bdf50c07f3

C:\Program Files\Windows Media Player\uk-UA\wmplayer.exe.mui

MD5 fa5e2a947b49d54dd1f018dee9f1abb5
SHA1 3ff3e1cd2bfef2ac744472c76359539bbff0944f
SHA256 d13ced6cbe86bd405226b56b36ab0e4739254bb9da67b491f5d3fc9d49833ca0
SHA512 748054e80a6195ecd3ed67ab49526af3ada25b9e3cb1b8eef3cfc9a3d50bd4c13dfa6bd89f7bcc45f601375c637c26703f9783483387b389e320fa9dcd21140b

C:\Program Files\Windows Media Player\uk-UA\wmpnssui.dll.mui

MD5 61458b5c4a5c8363ff9a26d5dab24d44
SHA1 8b451db5fcbf56ce3e7361ca05ded71bb9604700
SHA256 5634311b53e4ec65bc2a5b772e7176b66fa9618ec89623919f5b42464c9e72f4
SHA512 538e1037cee190df8c5a81d17c6557a95af4dded389df6dbc62a6c756f5deb9ddbe33bc3a6a57606adfb18ec0e1904cc42253474828e2fad37c3d0270930578e

C:\Program Files\Windows Media Player\uk-UA\wmpnssci.dll.mui

MD5 8fbf89f0bd236165f95a7fe99dd1223e
SHA1 0c53c2350058d68f7f46e3e9d3a188bbdc1b8333
SHA256 af06c1f1c742cf924b1c8f0a4df7f7e1c9654c0d209d0deb59a2ba93bc92f3ee
SHA512 2b990de28231ac125c35af6dc2a28d45132ff23daf4fe210fc36cd1d93b6649331b96cfb55a278e9b1d0e7848bdd35851c995234c89d7d430164f0e94440ccf8

C:\Program Files\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui

MD5 94d67e956b9a7aa675218e106f0b1ed3
SHA1 a068c80e7afd0dfc512694884b195c39668c292f
SHA256 e913151f4f62058087fa38427711e76c22530b847f633fc5370ab18b5c52998a
SHA512 038ded35d0c5c7bfef132e0f8fddc5b5ed618360d77bd058add3bbbe0a730a1d9157a04c7a9f3248607b7499d18975ab9de9be85063c7d292af9cd4fcf8d9ccb

C:\Program Files\Windows Media Player\ja-JP\wmplayer.exe.mui

MD5 e7998ae6a753dd8c04ad5c4f17267aca
SHA1 2342998b980fd0fef721b242c6b1c4b453cc10be
SHA256 0904a66e07912d3e05677910644f2f60aad78ea77d2015ad576d2a475bc07816
SHA512 96ee351e34445bdeddc06cabea32090640e0b4ba0bce2a12e0df3e3a247a75fe82c05b915b04248bec5d1514b556f75025a509d6ef0450c3f69784f96075bca8

C:\Program Files\Windows Media Player\ja-JP\wmlaunch.exe.mui

MD5 f1ff745c5ddd5906473569c8d460419f
SHA1 2117636a1cd4b3c4aee2154ef7bfcd2a341e0d30
SHA256 37f9d28f914fa433d372cb6be40f617feb44b43e9770fbfba05ecf6de4d44319
SHA512 fd74ce81e4a15007acfd459de3a300aa1cf2690dc49189850e5fe65062a7baf2ec2917fa3bf942c5113de83df01328808827fc155aea8765b4e9eedd0c7c671b

C:\Program Files\Windows Media Player\ja-JP\setup_wm.exe.mui

MD5 3601544f163c22f313fc5b0ffdc1ec62
SHA1 0fa12dad2d5bb251532b1579c6ed4b32ae35c8ce
SHA256 bc8b48a18f701ac6dfe275c2f3a59e9762783ee0f22f0dba8fe1c03e1a7abeee
SHA512 b3edef6b91ea1d5ba994d0906ec7651c05fe9c75de6aa279204ab9fc40620af0b55dc8dfaaf7ae50e9fb7c970c883b2dfe06e4cb0a80693b3953f53e0195735e

C:\Program Files\Windows Media Player\ja-JP\mpvis.dll.mui

MD5 72cf09b92101011d767b6d5e92e3c270
SHA1 d3d108b5f316614b150b7efb9fd5bbacd54d4660
SHA256 3c6a6f7700a8ecf429bd99341b39bcab83486517444df613582151c22a3f9453
SHA512 c064cbb6e548c6992bd012e603c492c729cee24363b97901716c5908ef77eb6db76434ddda19950caf33cea1e58f9c9caabb7d257bca59dc542f8ac0f39a1faf

C:\Program Files\Windows Media Player\ja-JP\wmpnssui.dll.mui

MD5 cc6e1344da96778aa3797bc0e964c37a
SHA1 51af9e015985facad518297170c5b6035c72dbb4
SHA256 f4ac8ff4c9322c8f783fc6a2466b3449a73de44817ef1a7d42d18430afd4bedb
SHA512 ac59c20a9583bf5ae37005eaeaffef31dfe649119e1d70b6e6ae6178edc717c8f96630bd9d31540d0fe0a73cfcad76fe08fdaad0b8f447dd697f44a374c1b5d9

C:\Program Files\Windows Media Player\ja-JP\wmpnssci.dll.mui

MD5 f8e19f84470ccbaa815775b9b756bfb3
SHA1 71e274172a8cae75e268be86d5a2ab4104d62718
SHA256 87e849a2360e9edab1d5d25a2f5383f02263690d80bda944096eb0a13dccf6b8
SHA512 90310b9710a9f8ae22c92410fc28ea15f47f833577020079ff00d018bd7d30189cea37e40caa3ba6feb08d159e8b9937881bc9a678193da2928623c2d3fcc130

C:\Program Files\Windows Media Player\it-IT\mpvis.dll.mui

MD5 e7d218b07a35e64685ecdb83a5bebf9f
SHA1 23d80a18f0bf7e449774514b27ed327fa65811be
SHA256 58a17b01ba460565f57e4ff42b8dd8087c47fafe71f1078cb2552fd5ada23622
SHA512 573e6a46c26c12cf404e16de54e34e8183ff2adf3f9a17314ba125457192a687f3d716fc86e91344c93d21b261d233bd2fab7fe8277bd11c0524236b1895cd5f

C:\Program Files\Windows Media Player\it-IT\setup_wm.exe.mui

MD5 d57a6ac503c523f2e7ec3e7698042921
SHA1 a4f0134b5419ac8d6bca5391ae254330926d3302
SHA256 130edfafbb4ce1bb7da43e8d5b859f86eee1c1a092e9ced2d2bb1fef8852b82b
SHA512 c3f8932fbab1b50e80e5702be7eb9be1e18e00588440f9782ce72b332101634b0a79373338ee298b45685cae9cfeb0f9f28c965306f4f89e04789bb95af17644

C:\Program Files\Windows Media Player\it-IT\wmlaunch.exe.mui

MD5 6ca73c93ebd8f168e1aa9136fc4d683a
SHA1 1ff51cd78a4b2ac4fc87c7ddae4999e1bfec47c8
SHA256 962d70a1e3f636b796151c595b1c8eaae006f9f3d2454fe71f4b5609a3ac7f56
SHA512 5f42e59f04f6fb8451a70122c6320991f3919077e81256eb4a9062ba3ccae7e1dd48f2bc752e4c51a10b85663b34def8f47dfc079a3f9f39df25e9d62599d041

C:\Program Files\Windows Media Player\it-IT\wmplayer.exe.mui

MD5 036189c176b7e415eebc52b03ed982d3
SHA1 bb63c46f814c9d89e2e23e5bc1d84cf4e045a3e2
SHA256 204be84d70d4f7ee47a2d07711acdbbe0894f03823256ceb593085a22d37c2bd
SHA512 5aa4707422ef09e8340c74f22ef6eac2817a32d04c5443f11d1a6f949f90f7b1f157c6dd6f6b5ccdd627e61830c2e7ed906d6347fb952729bc0fb814f5cb7a84

C:\Program Files\Windows Media Player\it-IT\WMPMediaSharing.dll.mui

MD5 e906f06c99566b0dd5c9092edd44f4d7
SHA1 ac758e88990cb00e274ff86c07df24076e7de980
SHA256 da5babbd423446c2134bd5b4a95a3b33a8d234ad2baed24097479cea9a8b3c40
SHA512 35e5c166c8ac6a81047c3c30f3131c20de62c301ffec9dede3ec16b0fd81a2b10bfdb62feae0fb5a483011373a32ced0c1852eda379afbf77f898f37383873f0

C:\Program Files\Windows Media Player\it-IT\wmpnssci.dll.mui

MD5 b7b57dd34163dacf2208932c78e8b40b
SHA1 646cc333dd669b8aa9295439136bbebd9b3ce367
SHA256 2b4384fd59eb5a8fdeb7cbc33b3f41a06dc915281d25c0687b96546146a86b59
SHA512 cf2dd192d27cb91bd010a21e81b2df29a09813a4f73bc42e9d6efe360e27ed898ae075837bf60c3c13511e022369846b13bc290cb5ead7b80d68d1211cdd9f66

C:\Program Files\Windows Media Player\it-IT\wmpnssui.dll.mui

MD5 fcdb89615ec68b98ea340a09d871beb9
SHA1 0211e4073adbd2cfbabda7bdbe5f86ffce637ca5
SHA256 37d71f238c58a3d7faa9fdc9b962dcd4ab73381ed3e388d8c86b6b475485b369
SHA512 a4828ec7bcbdda8665fede184c5ddcc9c2ccbdfebd1dd58d0e79b17dc09ec2bfacedc35c1129eda34c8825b4b5e5b126e9401cc99ee6f549c855620dd70b0269

C:\Program Files\Windows Media Player\fr-FR\WMPMediaSharing.dll.mui

MD5 3719145e6ad7e72b78f2167014cdb0ff
SHA1 2dda944c3c8cb3711698d5cd7fd7ceeabd48105a
SHA256 fe085b67d728b957ad748d0bec55f28cfde0ddcb18d715a6154aaae5bc3e21b6
SHA512 c96c1b02df19ed7db987019aae8a4f45215f0b2fa12ea5cafd57060c1c5d8e66d5945f8a0a6e60764c43090e1570cdf9948dbdf777a79b99740be9350ae57ce1

C:\Program Files\Windows Media Player\fr-FR\wmplayer.exe.mui

MD5 9c1aeb7e6958e16efae1fe1299643594
SHA1 898c8532a47a61bb15d8549518c814506e4eb054
SHA256 3c04149eb1a65db9ddb957f4b4426e5124f4cd2ca371967fe0f3a0022956f937
SHA512 741bd379130bf85009cde84889367f076ddf269265225183e9a2e2f974c6bb73355e67717c9ad1ad04335aa32ed5c36098ebf96dfcbfdef245576ba8586472e7

C:\Program Files\Windows Media Player\fr-FR\wmlaunch.exe.mui

MD5 074dd6a4cf604992d15cd57de2375376
SHA1 1f44c2e391ed80676d579b74832c8ab6324ba83c
SHA256 b7264cfc20ceebfa9f0d0787129c3758789ba3775912878505eeabae1a37d2bc
SHA512 57641e5c533ee5a457c97a4b08f8f767feaa9f73797c49f518ef4228d87a02c149da2703bf99a6fa0714ce52b14b632ba267840e638f6c9e496d0812467f0e48

C:\Program Files\Windows Media Player\fr-FR\setup_wm.exe.mui

MD5 6333e72b58cfe0d00eb32f49c21bcb57
SHA1 2d5d1baf079458e430da252d976aad147ded9342
SHA256 d38c0cb829d46bf87551c25e2f50e4fb7ee80a442d25dd0ddc85ba644aab862f
SHA512 44c57b52f3156c5524e41dee400799cf36e1da369f2a77b4b9f602e39ac9901d4e66843147c73ac65bb1bd3960c57b0875582898f439e0f7f3b0b7c4b3b3d4b7

C:\Program Files\Windows Media Player\fr-FR\mpvis.dll.mui

MD5 96352fc8626fbfc97d4b18c4fc234720
SHA1 4f5bd1b5123264180e52a1a27f5ca54be0c489ac
SHA256 46de9013287bc8018cbaeb94f27991dabff3c12fb3c83284cb1f61e6982842da
SHA512 6a0c6106f610c60d7f11e9d75130ba71b2269c9cdb27486f264eab43782e1266d0197b0668d98ca4b8517d296545145f16541a14a83389bb2b6a8b534a586a62

C:\Program Files\Windows Media Player\fr-FR\wmpnssui.dll.mui

MD5 313a9230897730bede6b7cf9138f50a2
SHA1 23420f91b8e5d0f8b1660dac41ea531286e3f07b
SHA256 3522bbda78a158ff74ee2c09b1f3986ebd286eff5081f73a589b4267f4ef41d4
SHA512 1f43325dd65d998cd950f038cffd097590ed701552f8685dc89d7cd40ebbea1c0aedf4ce2ddd017cc54f8e7da3fb7c5fe46c50bb40f4e07a6c0a0dd7962c89c8

C:\Program Files\Windows Media Player\fr-FR\wmpnssci.dll.mui

MD5 f39e8924bbc817c97980d0541fabcea1
SHA1 922ea2f220d8ee4f63a795bd2abdc9db0db0cdbb
SHA256 bea7f8a4c2e7dbe9e931b2981e1e06d7d20d1b3b92e50a39da64ba7074b370fc
SHA512 ebcbf84ae0c30767b9c819d044332c288df0bab83ed13ae83725372de8a040e96d3c0ec18c5fda4999bba2f91b3d6ec08993ad7ac70fe09c150460e36ff3ed4e

C:\Program Files\Windows Media Player\es-ES\mpvis.dll.mui

MD5 eaed5774d2b50f9b7d0bb59ede4500e2
SHA1 d7b9e483879f5c1d6e8fd4bc76aff8dcf0bb512a
SHA256 04fcbdc22895e85ce2d7e5f5bb49605123d2d95c7a6c3fccaf9c1822b05448e4
SHA512 4fb72dbfef3a255bc09aad2112637c525943c337422ce101e7a6c28acf07cfb589757bfe66513296406a4c5760e82f70a174fcce1697bf509f5c18e499349d50

C:\Program Files\Windows Media Player\es-ES\setup_wm.exe.mui

MD5 4a2683023a58a9b9944a9b3d97b10bf2
SHA1 9f5a4c6a8b7f2e1113a976b17000218b08a87a4f
SHA256 d5dcc187e6f11bb2e790a4a4de1a500ff8e4549ef69704c1f63ed3c6cf904f58
SHA512 c7331519abd687e905a962eb97fe118f30c8827f88438dd1d04aa33ef27fe3abaca06c4fb960ae66f79bf75b93951f15a4a166bbcd0ece78cb1d8807172a058d

C:\Program Files\Windows Media Player\es-ES\wmlaunch.exe.mui

MD5 809076e9dd898385981cb9b27ff4d9ac
SHA1 9e10d4f0fbcabbfd196c5d5e3720f300c0b0b42d
SHA256 a33f8b57a2210bb59fc411edc2657275962fc054cce6daa3e456cf7578af4040
SHA512 eeb2b54a8a5e78884af18de62ceefd9f308071f30bf0790ca1fbaf620abdd13f35e1c8eccbcab9a921f3346b5f3ccb402da0ac9b9e3bd1faf7618923fca1f5f7

C:\Program Files\Windows Media Player\es-ES\wmplayer.exe.mui

MD5 b31764ce60f8356fc70468362a1ddfd4
SHA1 ec9a949dbf8e34e953c8099351d0cc1606f94ba1
SHA256 b2141d79e830677d9353ef8174afab5826a5fd4e27dce2a2c46b38febc2af573
SHA512 c26f0b86b29f191683c2c7e1aef97537cef8d4927f7ecf47f185700de5ee6b0d2dc72c62a04fba129cc42d4c70a1bbfc8102d0a558082f65b112ef557440370f

C:\Program Files\Windows Media Player\es-ES\WMPMediaSharing.dll.mui

MD5 821d8212dd5694bb958bc8c8b92ca922
SHA1 70d67176ef9fd066c774b10d1140133da95b0cbc
SHA256 d7e31bd9d34013364f7e5969ac0e1b06dd148167a98721715ad99defe4703a49
SHA512 77f5b9ba5d71aaaeba5d2491aff936d1fea61945091bb4a34c42b58815da40601aec7441da88d1d2bdf38e5056792ecc98083a540eea64bb8cd9de6a8d24180b

C:\Program Files\Windows Media Player\es-ES\wmpnssci.dll.mui

MD5 f52b8ce6cfc9e16cd5ad0d38e419c627
SHA1 57254bfb61449227058f1f974b5b8db7492a7d8c
SHA256 24c490d5c2ee6a4333b5acf6e8feaf87135a46427f151bc4e25e00033c92d979
SHA512 e22d05ec0d07a6a3a0afff0895b18203a413354824d7ffc558473aa2721c90c816c70ee80f662e86a6a5ce30b89fd6bdc6cf02ac3d9ee4f8678a273e99e17af2

C:\Program Files\Windows Media Player\es-ES\wmpnssui.dll.mui

MD5 37b25dad11d3c7e46944f63e5b58f8d2
SHA1 ae77dd531f21fd06f7de9cebd0ed4dff758a483b
SHA256 3167f790f8b38cf4a16c6583ed36d1f287d94d8139f3b24c0d2bab3676fc9bd3
SHA512 96438cd144a1ec54c86cc4911fab3ac78b6edb5550a5712e7b4ae15e41088d30a68a07206e886eb17440c7cbe489a34f221e579a009d96b4346ddb4a8d1b9119

C:\Program Files\Windows Media Player\en-US\setup_wm.exe.mui

MD5 75be4296b9f739a145ace6c7f5ddc50c
SHA1 6da79cd4838d5215d8e6aeb430e1b53e886bbd2f
SHA256 e4ed3dfc70c3c53e62cc5306e7afaaaa5176421849baee2b6efba4f772f03580
SHA512 0e1d187c22081fd2b9e914060f0144f4395e24716fcb3156c5fb19c690660d63c7d7af0477f99689004e09cc625c5f9fe840d8264a863b4964bc0b8fee2ccceb

C:\Program Files\Windows Media Player\en-US\mpvis.dll.mui

MD5 cda6c212df6429c9d390ce9ad424bd0d
SHA1 007aff4468139c11d63f3e3862d57ec0cdfff42a
SHA256 6e42cc84abcc2470635dbe1949de24134c5df37d8fa72b2284c7d4cacb1a6648
SHA512 36d2c85b48d22e407a6104924759cb8c3928a7a99a77a407f593fe28beffc5289a0fbec16a4965eacee3268269d751f3f2f442110eb0940cc09ded72ed122d7a

C:\Program Files\Windows Media Player\en-US\WMPMediaSharing.dll.mui

MD5 d8fb1236f5ba6c5870e684268f32080e
SHA1 812f589930fcdb308a152b8c611bfc22636b638d
SHA256 913aa8b8d9610150c27601b962dd33f8cfe6a00dc96691dcf5cca61b46c2cc52
SHA512 42c2d3ae78321f625a0afd92773f2b5bc5eba585c91cfcd8067e632d8dc2f6c90b6e641c8b37f5b0f19fa7e757eebc20187e57ecfa120a66a81fa2fe9cff2d1a

C:\Program Files\Windows Media Player\en-US\wmplayer.exe.mui

MD5 fe7fb502db98f50adde9ac997bde2126
SHA1 14de6579df074f437ecb1ba0a2ae45020cb5841a
SHA256 00fc9825c29b7361ed76641eb2732c40c9e24a019ba5ff5aa46ec73b42907a9a
SHA512 4169c96c5e4cd64872a605e18236ddd671ff6c22cbabc56c97b9d7136543863eed03e1b8661e16b7884ae65ed10aac38a97df91b46d80e235c49bc368675fc1d

C:\Program Files\Windows Media Player\en-US\wmpnssci.dll.mui

MD5 a6804952a3123cbf2a0b21f8ae4b7823
SHA1 1a2a9dd881e068ff9aa15d74d6c3b85457d23bf5
SHA256 d8461d9ecb95816526ff1ba0ff24b561bbad165f420e99bdeb2cc6fd579aaf53
SHA512 6a10739a146403c0504aa21ced4d92ddd35b9a8c2c856b2c868389915c2319ae8b74c89093e167cc3e1a3f422d9baefb7d89615e8248000dced6d123191b8e1d

C:\Program Files\Windows Media Player\en-US\wmpnssui.dll.mui

MD5 d46079bac4858d348bc0562a05e7f29d
SHA1 7c185e2b8269c839f2b9dd35dd5ea2dfde02a4cf
SHA256 a15de4533fe02f6818e827466953bcdde258c2f7914e9240f74b10fddc5f72b8
SHA512 6a34750d88f900cf9d85ae1585752227b73c9a6e06ae6fb360b6a9b61f835b2368e27f99c2b8f087fb6b146be9d7e98e08ddb67c6192c9cbcf15a8b666796741

C:\Program Files\Windows Media Player\de-DE\WMPMediaSharing.dll.mui

MD5 9c1d8024fa184874f11840194aad4659
SHA1 9954f7825a2946487cf2bda9c63427a4e97f0947
SHA256 e013ed21a260a2f1ed3eefe924eb230196efbe16e6354a3a84117c9c8aa8b8d3
SHA512 0daf7e72bce6cd644b9752a8c3fd0c4da34a272ca1a601161995664ab98112be40263bb670a769507cd680cefab09f340acd21feba7b1e2e8975d8da96e2a38e

C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui

MD5 74270a75c8aa4819ef155d7faaeadb66
SHA1 66eb768a4b657c12c4f58868dea11706c80803f5
SHA256 ac486e3f64a3c796c05d9f5f8b5b32552ca8872ee081a86c3c0104d6b8973cc9
SHA512 554cc9bf9e959698cebcd2cd72e25c399de0e666133cdd6db03ba09c700a1a49ef2120dd6e22bb297d583eb93134f04c313120c39e58600630b754ad64319857

C:\Program Files\Windows Media Player\de-DE\wmlaunch.exe.mui

MD5 b5efa8650bd3536462d6c4263dbce9d2
SHA1 8594084897283c388851d2d22574467c5a482d01
SHA256 f843bc8fdb18e30269d0a121d82393de525793824ccfc1c16009504998141060
SHA512 085da76b3e78c73ec1a669713fb6a1dcbb1eded065e3fdaadf2606b6c1ae18c82744caf2899f84a8c6827a38967b35af1515a5726862c6458513de80815ddff7

C:\Program Files\Windows Media Player\de-DE\setup_wm.exe.mui

MD5 61fbf34715ae4f26b6344216b15155cc
SHA1 6306e13b05af03da1a62c109d8c12a1fa0efe1be
SHA256 f17e06703a2d671cfcfeb0e9abcc98cb014d0290f035b57a7bba5767d6e28dd0
SHA512 3ceacf647a7a88ecf060d0a9b79211f4d70c08f06e95ca3d1bae41112d545e833249420ac9c81fc86c7fae58e065b4c8e3e660488131e6420f19193c2846470a

C:\Program Files\Windows Media Player\de-DE\mpvis.dll.mui

MD5 5836756c14fcd5c173da89386a41f875
SHA1 1964b6e495adfcea6f6b0289a6fb21656afa3782
SHA256 90a2fdc0a13c5ee4118522820b8b39b3a7bd7ee372df462f8259e2d8562ce6e8
SHA512 b71439ff4ca0ee82d9e1c1bacdd827ba60fcd0d6b11b88fbaa186ee81b9eefcda6d7045820e9439a648024d9209b94bd1d1d7f1fac31d3a62cd51c79b7314dbd

C:\Program Files\Windows Media Player\de-DE\wmpnssui.dll.mui

MD5 6998605d4c2bfa1aab79c180d247bd8e
SHA1 0d0c4f2b1091cf3237ecb2023de6f792abee9762
SHA256 8ea9c8597554bae086f367733143f8acb56033a1299c8e28dda949ef6dac7323
SHA512 fd6d253eccfadb96f9bba0292486296abd2fe5ca558ba2bd365e2b91227879da5df3198988f87475396f6a591e3690cee9a4f829a6525550666ea8d13dc487d5

C:\Program Files\Windows Media Player\de-DE\wmpnssci.dll.mui

MD5 e04c4020a90d00e165a1ca7f20cb49e9
SHA1 89686bc05ca994fceb308fc3ec064f3eecbf577b
SHA256 20d651431be4e4c8e9321b9a1bc5be7eac53de119e546d0bacd59a090da0bfd6
SHA512 edf17a7be425faa8ed5a6f3245154371a158e79381deb09c55aabc555145eb82552963f2a531a0b1d4b288222096d1843a8a61a9d0643d2c292b035dba37678d

C:\Program Files\Windows Defender\uk-UA\EppManifest.dll.mui

MD5 9392014bfa4edaddb222570debbd3e3c
SHA1 c34e6cd7ca927824412522129a1010552899f693
SHA256 a7bf9bb1d489d2467e163d41481edf0c9448fa32e830dc6efc1f7955f081ce04
SHA512 b12f677c83ad5864bd95c13eab9e6eec8208b64d950d7021d871100be4ff746ae73ef42eb3abab70af50b30ab8858757252bb4611ca2220ef5ffb4b51bd6de91

C:\Program Files\Windows Defender\uk-UA\MpAsDesc.dll.mui

MD5 4fd5cde975972634da9ca9e2ee0e9f7a
SHA1 082aec9f09569e81c39d090fa0d6a35780fa4a24
SHA256 eea201d3693f507967932791427085075a91ce7339358c3407217c5c362b75fe
SHA512 d112ebcb55ecbb8f1361d8dd70ce1da2199fca7db110b4a945950c85c26a34b1ef3a5d1cb65b9539ab797d0df10c9b0507c5cbd262c36cd4602cf6949a905307

C:\Program Files\Windows Defender\ja-JP\EppManifest.dll.mui

MD5 cd065c4eac1231b7dc0d748ab1608c13
SHA1 0b4404fb2a06362f1e6adc33811a43016daa651e
SHA256 e60c7c498c22beadc50fb4597f103938d453574501684ba8d95c3a7715b80daa
SHA512 2cbd0ac7a297c6443cae295a50328e4cdfd8ce6375dc764eba94c57fa803148952e87a3e5bc5736b232bb607b4de81e22051fe1bed6662908560f7a3abc1d785

C:\Program Files\Windows Defender\ja-JP\MpAsDesc.dll.mui

MD5 83ad1663a14ade8123113eec49641a55
SHA1 5917ebf08efe4c4d7be087340df0f22d8694f423
SHA256 12840ef19c86e3205b35bf6d10e6522173116985694ec26baeff06784a4b982a
SHA512 c59a542ac813293dd93f67a3539a3c9f8b94a92f146d62982908840d1b29555756edb9900110b4f9001741e822c795a9f4541f5b967656dd5fb1ee2b73899556

C:\Program Files\Windows Defender\it-IT\MpAsDesc.dll.mui

MD5 b23c51c423346f20a79c06871daef20c
SHA1 9398c7a46c204f8c3d2d490f460cc2ba7b3380ec
SHA256 d46f36d76c6f3803427bf807ea6bfb65c0bf5d68566fed5c05fa33d2f3a2ef69
SHA512 94f032ce2378b823b64fb4944591f066b26e5d87a76922242c31ca87cc39fed8214f72dc7b4ad5196f815d52f6063bd7966c3d37e2dc0a8f0d9f7e1e7b8bbe65

C:\Program Files\Windows Defender\it-IT\EppManifest.dll.mui

MD5 ebb9f45874d08821f9836971f283e515
SHA1 9ac54da4937c71adfaf27842f95e909485699ef4
SHA256 41b0e82ef6390b6640ccafc30445588db6143d9087db6a82236c915c3cbc48fe
SHA512 122f48b7aaa223f808550a70f80c8fecb54793e9f478bb57878bbcde12e12f6cf7fada6955d9580f8fef3d0cc6068944dac2ccef77b5efaa317fa7ce41bd2076

C:\Program Files\Windows Defender\fr-FR\MpAsDesc.dll.mui

MD5 0a79d4c8fd450ea71a2fb26064431509
SHA1 d332272cfe1f861e185b65fdee641318b4a21474
SHA256 8fe62044c9393bee6ef86e13616a2c9d476aae2b0368ad99a06243bf91089edc
SHA512 e9d352cbd6a20da3e8485534746df00a020065453f1aee30ed86a9f1e981c4718e20db603645264c3dee7a209bc4c3d7695e064336340ba435f825cb712ba4a0

C:\Program Files\Windows Defender\fr-FR\EppManifest.dll.mui

MD5 7d63ede2456bf15882734304ab3f3e09
SHA1 86a9481917bf65c65f66cc642e4c6af64e1bc070
SHA256 a4e4cf1d987b129219e0abfc3a2495e93b0db44d38028a220d708ef02b35c81f
SHA512 a75f9772ee6eccaacd8895c170a0dc3577975e1a6b1fc10997b3b6c9c0974413bdd43bda143eb20140b22298628dd7ff9c3a7a3b4163bd9a3112a98e379bb9ec

C:\Program Files\Windows Defender\es-ES\MpAsDesc.dll.mui

MD5 6e51e74462d8c019bf0a65aeba1d0dce
SHA1 9651e41cf51845d7d52d6cb51d735f4d4bd5947d
SHA256 ff7eaf9b68828ac4b91149deb321041d10f619441c4994f737315ee4e2c9f966
SHA512 287160aba9b3c10e39695095108d7d2fa79ece6e358cd0653700e2c326824d056cf8d5639401e266c51b766f681f6fe2c624a7ada091a32506e88135723bcf81

C:\Program Files\Windows Defender\es-ES\EppManifest.dll.mui

MD5 007ddbd6dc777705d7f81b2457538e1b
SHA1 cb5fd43b71f007e72827031b6342248f72101ee1
SHA256 d35816909051bbfb9f12287e5034175f69749b99e2d766fd4143796e7cf480b7
SHA512 2272ba772cdffe7ebed4a57dd25a82d31e48412e0d34df88152194a96764c91c1b1954308c2c84d9d9e130ee502cf0163af03283a101f4b327a240dc3c91d867

C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui

MD5 88440836e3dc8c80a69368b3266b5ca1
SHA1 f9fd9517c104225398c97b5b62cf821025566317
SHA256 2886c1112558dbe872171a9f67f589e424eee70ec6dd2fecc2d7d8a43f6fc760
SHA512 09623f4d6017f9b2c58fe9a0b0570b6281f1854aed97ac2c53b165b0b08c8768dcd05266c563ea751353aec2803ad2f9175be1a64562671fc7a437acaceb9657

C:\Program Files\Windows Defender\de-DE\EppManifest.dll.mui

MD5 616c57f42358ad49f2bfb32044f2e360
SHA1 a65fae8ad4995f91892b13ca8741ea84ffa37a56
SHA256 10fac671b08ea58665158db37ca6e0ce32ea422d4a3b6009028c2a971cd6e754
SHA512 5ca2b6423ad2349adf326605fa5f8e03a430072a322d8b503d9818bf108381134a995b5d6cb45b335455003f6eefb525c88f6d2464206a6f9e34769f5f147ea4

C:\Program Files\Internet Explorer\uk-UA\iexplore.exe.mui

MD5 8f19738a9f4e9bd1a69922fc8430699b
SHA1 9d003025365990c5fc50595f4b4a248b7589d888
SHA256 f45b2248019d15add6ff3cebcbe875cc2b40f4c2f5fcdf8807869fdba4560680
SHA512 d7f5dfc2f29ab5a15cd4de9a6c8d31492d46474328aab25c05ea793517805a300e4ec5a0656c0c2755a353e3c7ce6f8cc87aee9ee83f9925d9445fd53c4bc932

C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui

MD5 665b2e1faf38f920663c0908c708f0ff
SHA1 3f5d09d0da4bf59998a504bbd86e34d607fc1e42
SHA256 1ce3f4603dbf810daf9866acfedaf726fbd9d12c98f1db73c0babf642dcb93a8
SHA512 80c66f0c3f67294539aba82030b385463101eae27f9dc86a788f859ac98b6fe411be18bbc312aba5fc125caaec4e0d99cc645becad3d1ad14152b49de91d6b1b

C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui

MD5 e2464d991d097e6731fc8e64de357fa1
SHA1 b938e4920b0a10d778ae0dd490fd889ba0d66040
SHA256 a98f4ff29bb2677458ccc5f17b82d563b9c18f5accd8d11d591fa64dd791493b
SHA512 5b327db79b022871e52bea0ebc2bcbcea07fc1518fd1ac8377ba511abb6ad0f513983c0ddd17664a922eefb5f06d5b4c126fc87d6fe7643e6d1d4fbeed1327a3

C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui

MD5 720e1a3c3ab2e2a1ca1d807e46573e54
SHA1 9dbf65ccace40826cd64223878f845acea2d8960
SHA256 265f4544c386bfdf188cf3fe16a9c9be2652668f2193484781b5be3e5069fc27
SHA512 4a62c3af7d20fce2cc7f9a517c1c1f37d963834b93f3f3dd141ddc6cfb81397a26560c6e592b7299623a14f78298d87744f9bb8348626c3762ad4c24b2afc843

C:\Program Files\Internet Explorer\it-IT\iexplore.exe.mui

MD5 025c3d43fd686ed1ac34442e7a952970
SHA1 9d6aeed58e2fe7ee58249dc5f83da659c8c3c462
SHA256 cbbced9eff02d412bf898501078fd30efbe533f21d43c6eed08d5c87df1e492b
SHA512 83db89690473d4d427400468c9cb6fe6fc31283a6993abbfce27bcd8c0cb42047c10c9906d53adb2ada6e98b361fdb6360ac8694667c87d8b47f4ec2a5695105

C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui

MD5 5927a5aa7227e020f7cecf4b2492dfc5
SHA1 fb35b79a7f2fdb76889157467d49256b1a5b84c2
SHA256 12d60d605d75059d7124401a03e438c0ff8bf33ee58651b1d2d98b60f009647d
SHA512 27e90dc5cb09c8c408af1d347d7b2811ef0febb1daf90f9ff95a14a0356dea8ca43363a2d984fc58617658c7783f338aa24a7c5322d42c346f707dc272c4fa02

C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui

MD5 c0254d62099b60cfe6a20301bd3f2979
SHA1 e40e7e08954d3c0281aee62fac85980328c8db72
SHA256 42a7a254384a67296b0c318ebad218d915729241e0b9a22643be56c657432b31
SHA512 ad921402fbaa6d006cf2d4248a66d65c923a5c9d82de0549ce8ee49a978bc0b48d559ad69051f8e3578f36ca71bd7acd7a224e6e6f671869ee1f78e2ab051e4e

C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui

MD5 bc10128f1b9e68d0e9fc275ff4f46648
SHA1 2ca80a5a998d1eac9ff0b8bde33ab5c209fb8e5a
SHA256 90866adbd21e42d6d42f182a5386a5ff366e880aea35feda56ffa22b5650a0a0
SHA512 04a48683fb6c1f840d04873a2cf8336982541e996156e00e3ab6d1478fddc48e75be7f18982a3b8677306025dedf7bf3905633f5a3656f2f6673918cf6cf9884

C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui

MD5 4e9b98712ec0cecf652e64b4221eae5e
SHA1 a337d2d963f4dc47ab29deb42970b93c16dfab31
SHA256 50998c98b5f0148acb30e23d2c181ebc98f1faf8cd68ddd5345f1377faddab0e
SHA512 e4320d3e77153a844fbab7f989853e7325e8914085a9e67d4610fded04df08d3a48688fe592cca8d81e8485cb297fdab7e20c43f641e8114dea888dbdcdafe2f

C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui

MD5 946863157d3429e99cfee170533d8680
SHA1 fd7aaace6b47e297d3afd1720e3d213fb7f52821
SHA256 05b51ba57d0b02ef1ae58f1dd61f2c32678acc8d012795ecaee04499e139255e
SHA512 23575f0bc2bd6c79801e3c05a4b1210ef33e232317cacdf209d58e74d7bd5c114ea019e914d64000a1b5da56514285929473611d8f84b9f25e66f3c932366ee3

C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui

MD5 ba1ec31c13167cdf124cc718eaec4b01
SHA1 d71581ea6bc7744751acc6a096fd7ebd4249e20b
SHA256 16f0e4ef05ec74288c8deebdbebfe31d8519a59aa78257dd2bbbc24fc2673a5e
SHA512 116dd20e058f2ec58140c571f80563fc5b62f9e2a10bf106aeea80811ccf42d0f07251e8d8bc685276d457d4d5bdacddd3e44dec91a14f3e7d470c00a14c132b

C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui

MD5 ea64650041f28f6d18680ebc62650ca1
SHA1 a3b66e7038010d14c6ef2d45f61cf705fb784923
SHA256 c022418f9ba6c2ccbcc984e55ca22d310225c49522e1524c2c0b42e611b8a9b2
SHA512 a30150ebe733381ef3fc5929211e545caeb972a6fb7d38154ecef94c689f26bdd6f8b290bdaf267bf3541b32f8ab08a2738b076f7726eceb3517ceba23e65e34

C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui

MD5 8365b45ad8dd1b65ec4a2140cd5c669e
SHA1 c0c00a99f9e52c779c32e4ca6ae43fda7b297f1f
SHA256 e264a377933757d2f0448786e3bf21e29753ee1a415b45323152390f0020cf7d
SHA512 d9db9715e3be5bbde7791f297e7a407a1e82b0a16a451a96635d86ce7296c05d04e56f8701f10f98bb0ed6ec7a94286e7f09edfc9559f608b080e4c072d1d63d

C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui

MD5 d12adab914577cc0cbf9b0eadc37a186
SHA1 53a5c6c0d98d5791e58ecb0f6dc4535a26d7f8c5
SHA256 8f3767be0f34d3778d619f644326e31b37d4e85207c7ae9ce9cb39b4a8a09001
SHA512 57a472cfc41206e87e8fd59f49ea712fec8c34ffa01bd7e8b31f006b07ddc2a080639d660b0133cdc3f86bca50f420869fb7dc74f6d04b95219374052f7d5c46

C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui

MD5 cd11be4825373d776c476c008eee37bc
SHA1 a4bf52db9807debdb100ba091dee38cc925a8662
SHA256 a662654bd37a168aaafc75f8963dbe26cf05f15bac6d9885b1b86197624be6a9
SHA512 c9fe3668f6b98f3970aec30bbeda4c741343b8ad44f3c8ba7a6ce3a5d83f2a2c8b04085b2c9f0353d4476ee56d2c0f89e66d28fc1853d7c237894736f706b07a

C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui

MD5 998367b2ce3cc4257dd69f755302922a
SHA1 69648485752c822345d0b10b0aea9ecf54315583
SHA256 e84b1957c1dc74313318599d8cf1606cf45224fce7aa80eff03a430899f50e74
SHA512 a472e47475c4df08372625586c0f413551579e3bb923806bc1dcef8f01f8e398235d90eb6e2365cff99fe33ffc40373b07a8d4a1331f5a0198cb5bf2a361069c

C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui

MD5 83062e0d20e1fa5670eb96476fb50881
SHA1 7b169d5f248b4b2465b8565b8533f03fc1a90979
SHA256 a301df5ec746991ee29d94a9157d5e02210cd05e43a681d9b34092a05bf7a04e
SHA512 472a1d9cfa7af53f4a87b91568d60017ee57d860b8c04f40ea566a025b551d956d154a8c051541d7417e88fb5db17588e4f7b94ab2a73083c726e00bfd3b3e72

C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui

MD5 36aed948d95c368ca0e619a87442a7a2
SHA1 82241a6a252eb81edf8f937d8003ba3d632a64de
SHA256 60ae5baf890b7781840ba9f75e1005ebf3951ec46c5929d5571d736e3e58a139
SHA512 e44d5a01fd6a3d13afbf46d1325a960c5016b049b1932ca49f46c05d90ca69e1e45750518fdf043ca27697d2f979b2badcdfa3ff3a165c7f065ec0b86fe1eeed

C:\Program Files\Common Files\System\en-US\wab32res.dll.mui

MD5 cf3a705786aa247172569e24fbd16058
SHA1 48f135a5d17635e63b5f40a95a4e9921c0f8e44a
SHA256 fb6483ee2a0d5f7ba3b271448576f8e5fe11cb86d751c1b302e8b452057aa575
SHA512 c06a834d8559805d1cec3943c366590bcee70cacb5b6fa2d843eeca933c3e95a6fe2f0e2e3b6ed951311c40b07e46c0f629ef40571ff6294c213fb6d0985f41f

C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui

MD5 9b65bcb586ea5e3648683d2584bb8de1
SHA1 23d2e0866f125afec701af0ff5cc73c416759254
SHA256 ee71197b5bc77f4acaf5e4a0263a89f8c386352edddf3926b046e4e2c524afe8
SHA512 54e9ba4d761a96f8b60734508abf47b291908ccba0788a7824353434164850f5d7888fe0079d46f33a4d888f75354ddec345b871c496106cdf2d5451a4b31032

C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui

MD5 a9e912692fe24e0c4fadde48d61600b2
SHA1 730d4c2e66eca870aadc651c033233e0b7938c5c
SHA256 ef29ceca01ca83c3bd141728dc8270ac978d77595c8b41e7ec5434d07eb60c23
SHA512 ff305ffe04afca8ef79584530e3f06938b6a0d886aca950b923d3f72f492ab000451463a92c0daf84effe6e48612163034e4840c764584301efc248f76838aa5

C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui

MD5 3ee94ec7a540c6afa8b4cdc7e9ce3803
SHA1 43ab16b94fc263a63af3bc620ca20ff8b7a16b96
SHA256 3050a2fb0f718f6334e7023006fee412cd3642a58240ac9edeaf88bf4fdcffdd
SHA512 6bf00aa620569352abaa309de7de5a50d43413210f741f9b605d516f72b5c002ea2ed1f7f0ce46d753415e56f572dc9a63d0ef3445447bbc6e7b2630e6f717f3

C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui

MD5 206db9a411325a528f4510aebdc93b45
SHA1 88980e87ca3dae83c03f59706ac61c949b4fb246
SHA256 d22f53de426a0e499eab3712c3769b709a1bfaa53dee7f10dd21e182517fa4eb
SHA512 36212266e8cf0a20e585aefb6e463a8c77ecce3859aa3ffb7c44f2581fc94ec08f70901c3a415a3e1f332a5f6b4f8850869b2c312b77010ada258c955f3e6c05

C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui

MD5 493da17cc3aae052f006fd45a9406df5
SHA1 f8009cfe359d6daf215d7237bfa5276013c427d6
SHA256 e3cbb47507803e6a4d57548587cf9e91d46cdc00fdb429d3fb9bd0ec653aac2b
SHA512 9d632ecccd8b2f358cac6294aac99ee12dc5ed9261b7ba5693a6ba9756f63be505f31b4ba363d7d3e9fa7c669f2893267721a7dd4d45270fe464891efc089008

C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui

MD5 547953f09addf02ff77acc363b16c45f
SHA1 16e6b26322a392d0bc4c4716f39563cb9451bfbc
SHA256 3a79e527bb71cabdaa23b1ac3f9186da0f33d86c28b12becab50d6cad1d010a3
SHA512 993aa0bff7cdbbb2b3fb59a231e0c06f628c337fd88d419c65b2c60ab6daef35df63ee9dfe8f84bf835c4a1b696f471f9aebb155e5b202f47796452e80b9796c

C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui

MD5 dee00e88702ec2bbb1d71aa4a2d4d9c3
SHA1 4a152339cecbc79dfe4ef0a70ec80feba849880f
SHA256 e1ae6d1879507b5aaa6d037c5f9b0d1e0e42dd8f5bcd318bd09d9eb98f73156d
SHA512 e9ff851e28d93892645abdfa35aa32f5eb9c2cfe1b8cc4ef4ff82ec40973024aed2d4e93033ceedda7b81add97ccc0e6ccef61d4f048ec34c1db55b342914c0b

C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui

MD5 bd8b8c27fb53afb009b37e121b49e6d2
SHA1 66324a3bceb71dd3a70b39c0d9e05c210ba7b914
SHA256 751da0b97eefa7dfa8f9a979779c3dbd6ae79464d09131fdd28666392f51a727
SHA512 c085c5670aa9af7ca3f5c52c91e6eb22b6d4afb40238f31ae5dfa9a4c3895c2433dec0f525cb68cfd5b27bf3c4efd7da71e44f55d1892db2e687eb439f33c1b4

C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui

MD5 0dc2430b64e47e156b8a1c60bf9cb775
SHA1 bbe39679cb693e90999e7643e64df827325b658c
SHA256 e5f2b09b033caf37358f0c596ff6afd5c296ff361067129d1b5d6252dd492dae
SHA512 3e823004eda5444c82e88df05bd903a557607485423ec5804590c46996134cb691ba503456f5f356fe4a411bc27c33b887fe651f589bbecd5f3c2b25a9126ae0

C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui

MD5 34e2523366662f99e536ef9ddcce3405
SHA1 5cc7060061ec0a2067d947738be8f8c147aca9ab
SHA256 ab273c6861996f8af9fb2511abe2bb5ec76abda56bf803266cb05c7597ecab2e
SHA512 1e72e04b7817a156d233ed1823709514c3ebbab01e336ffa5458da31a882eb09d81ed8bd7353fa1edbdba0ddf47270af2b48dab01937028ee2dd9fb983a9ad5b

C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui

MD5 4c10cfc4dc984d2ee997258ac5e1eff3
SHA1 1eb36b8a4e085612934278afb990c9970e7fa5ae
SHA256 0ea7626ca0abf38e4f553e7ab22b9054ef830a195fe9d427c244b804ae8bad39
SHA512 a7b5c4734cdf7f494f4afe40030c0d278b20bbeae0f4307ae920d021f70a0997dfa43eba498feac1b3b6cdb1999607eb08cdc2aa442a1f0ac9a1bf31e89a4bfb

C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui

MD5 7b4fc0b940c7083a615e2f832120a382
SHA1 82bd1076f5bc25f380c3a0d2f4fe1fdaef23bc44
SHA256 a36f12bed0399d6a13a4b656cf7910e9193b37fe446c047920cb03ad77fe0dd8
SHA512 d747f74e1d1bceb274bdf0c05853ca32ab0e8e1b8567bd7c342205a868385befdc71a0163bf94319d56ab2b2fd3a36d898d9dc68e5358ecdb4a35fc3acf56402

C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui

MD5 a1d0e04fc8c713f07e3708f30df48c82
SHA1 82c6d515e2425eeaf31b0048c71726799d1575a4
SHA256 0b30ba0dad1ff3e5971b9cc22a200fba480901697cb327c2b40410703931e3fc
SHA512 394e5e1132d3994ad37cdbb9bd65f013607ae4a44a3b19e2c3981cfc98a846537b547bdd0b507d147708be65aedf783a9b583b1e207b3669c8b4de37407c9daf

C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui

MD5 762873461f9b5e278d1900de49905121
SHA1 bfe911998bd8b0fdc8c69d9c53575a3f78c31a1f
SHA256 e2514936c9a0bfb354a8dcb04bcd042bf702a736899fc24e9a6f0a27fb423a0c
SHA512 ab86b30d8fbd2db07c05da619690751fe1002e8f8ccca88dd381bffc0d2eae0567abc55c7f04e77538ed6b96ccece17b73dde7da74eb88bed55c35b4e21b02be

C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui

MD5 e96b958d77532219306e7f534f5b109e
SHA1 b03a8543e5ddc0865fbb8af4379ff33fbe1f64b3
SHA256 42ed298ca333e0e81bb888da83dae21e77d8783093f1eea0fc82714bb395d462
SHA512 d06be9b5981ddfcd4ac64772efb6b4664b95c3cc581c06b87f2e038a50188d6a37c90d59f3651c47f428495f811564fbd3f49e226b81aafb1d2fda8a30761ae7

C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui

MD5 0685032f22cf430206690d34c1a80501
SHA1 119884f6b7c78e81c2fd4804d906f413c0c3c791
SHA256 0574e5cc6832895d1b7249f8ac071adea26b287a6d2abaf3c2d55f851f3a7373
SHA512 1c182311526643ab98c2f47ac2129b527cebd7759e045cabb0daa15453b4db209bb37d22e9c5eb0fa8dde70e8cfd5ddace7fa1c71013c30362eaae807f1a1a46

C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui

MD5 9851c03f7e1d808f37a01c415d5887fe
SHA1 2515098d75e62d09e16bcb66f43f6cc7433c3f97
SHA256 a5d8df997a69af4f7bd005a69ce653d91ac3a084dbdbf9a6d4a8d414de80f7af
SHA512 1be8333a1caf27e5501af62d262c5d75052021518f7dd194d577c54ee0851798de9e9ac4f87c13ee01fadbe9ac4102085cf145bdd0b841343fbc462081975293

C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui

MD5 3567bf96b6fb9e3d8c2a38ed732efbb2
SHA1 7c9da567037d1b357bd6d126e9c35419f39a227f
SHA256 5a28fd1c57af544f522145557b4c3ad59491db7dd46b4a7e787d1a244b47f584
SHA512 40475fc1e1155927d32b91595e7cc31b2b4c57d99974ff786df54de8450ca44f1119e1ff7431712c4884b25e3182a695899073c9fa50f1893c2685a38ca089a4

C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui

MD5 2d6c67a8cdf69708b4ffd57eee7f8d78
SHA1 3470df7c200dd92c856dce89d88aa60aa13f714e
SHA256 66876d13c79f9a54484ff5c5a1cdc5328ddabc66e713c09255dd3ef471df4605
SHA512 b2c097990fb6624ea277f17009ac248eb9fbafa36762c6d6bec4df4361f87cc715e31d817438fcc73b7bfb4bd726d278030ef996dca0fbdff02cde5d13d1cf7d

C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui

MD5 9557ecb237821e12541fb51570ae57ba
SHA1 ad59c662af6d04afd43c739bee5316b16428e3ed
SHA256 ef6fb1739a25e0faf12c0111a2ab198f357315a6892b7c90c1e3ee09e76210be
SHA512 254d601676c9af4e8bafa2c0369ed6a7a70f010c623dda6f3516d5064218696f4ee91a99c47ff75797c41724632fea739d2778d98f4ede7f6936dbff7a527fab

C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui

MD5 1ec3074a491c0cd33ec47100d4921f31
SHA1 da32b308ac04618a8dc197973921d587c1375c18
SHA256 9ed68d4077ad1163fe8e5d4e3097b98d3e7b28a964b4c75f8bb9317b51e89ae2
SHA512 9e79665e215d946b848d96ff3b87dfff673a6a6526685eff5c8bf814de871f306322e5bada88ff39bb4ed59d95e169fdb64001e1811095df3fd110dcd120ef1c

C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui

MD5 366aa2e10d3d46c58e7cb26e7e3f26d2
SHA1 cf2470270696beb6d36e05d1b432877ff24d9d3e
SHA256 bf3497cb6ee94314d9d71b81e79c7ebb541b4de8638962fc1102496442ffcf25
SHA512 45e167afeb046be7b1e3888658f886cce98dfc44c354986a9db671b4dfdcff8d9db220cbe74b3a22384b99261614fd3e0f18e4e8c8f070ea40295460c0371b7b

C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui

MD5 6fd8bd250fad4788b7c9981f445549fe
SHA1 d88835d462625430a275f9b733ba4e8acd032ad6
SHA256 ddd26f6a737ef6bcfe15bd581ad1c9ffbd94d759b99c6e7e322099215a067be3
SHA512 3edf903c4141372de75d5023fa05e4372ab4f2c8faee1c1e02222a75ff00df020f4dfbf4e903a53f99b3c7aef79989b01f55616535f6584e09bd240ba020fdf2

C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui

MD5 26dfad8ea38a0b6ef98258d2c869ed9f
SHA1 79b2cec1799caeca3ac96014934b94ab14e23f16
SHA256 bdf0558996fb41752bdba3a632aa75d05524f71b4d7eb8ea0a7a733bd87f3385
SHA512 a7b443e61674482a148807f070677f1e11f1b3a23674c270954337b2868b446716cae11a316278041867dc278dc721715160fcef4d2844855715d79bdb811ecc

C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipTsf.dll.mui

MD5 6ab96fb91e98eebdb2497fa674724f24
SHA1 7a15083331a31448279bbe50f10c589f5746e6ad
SHA256 7edfd8734f3716735ddbfec0ecc4751daaa3eac5052a57b2dd3ac29346c93842
SHA512 4490b91029afe1435c888180606ea2dad91285969ac5e860ed467581ab6ba225e37e91ac9ae56eaa1b5fccc451dee4aa47f2474deca98c619291d72e80718a53

C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui

MD5 c0ce8668243fbfe3c20ba0a9aa7966fc
SHA1 aef8b68a3f42b7ee6503b484a9ad462f7a0c4992
SHA256 60a7caab3be4e95e9a8252f467b9a1ea4880b1c925312bbb61a13bc7dfebd9b9
SHA512 15f0c42a1e98100e1127c8d5ee83da39d751e9216836fc995b0c1c0a9a3d4914ccd3ee90bae4b0ddcdd79e3a0ea71e2afcc76f8a87620946e2fcd149aad63226

C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipRes.dll.mui

MD5 704bd04cd138ecfc625bcd46e813a71c
SHA1 7c93d6c8d41800442b29ceb3c6499751517f4220
SHA256 8a98a0bc8fe2ce7d7ab139e357deb383ff3f58a0ba5f4ce11258bf7e9d6f07a7
SHA512 05e85984256bc932ca79588c957c14055a3664a6bded47759ba4854abb4ceec213b2c78b6d70f4d487cd14090644f6c733b5e97cc5260254b221dbf0f9458834

C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui

MD5 40701fc4c90fb61ae656b61c53f0f56e
SHA1 25a19d50947bac53432d6fdcf327aac01733e9c4
SHA256 4e68c08e5f781038494d95369602e6905d5dd84ef6d937e84508144908018f0d
SHA512 2f2a5a75796aa2e05841b276f8cb51d1ebe13feaa02944f40223e69608009084023f914eed99a59723147fd7ff4017010e6b6100fb8fe2ad07bf34058bea120d

C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui

MD5 bde9c26df9ee0d9ada8021e6cbe51519
SHA1 46c15b8a137525d57f4ac1c0e91450d234aaf0ac
SHA256 858ef037f6050fe55e0f6364924b574ce0e291c745fb4c852acb176cc597108f
SHA512 8f3c022f537e6e9246e0dbf909e813c0303e8b18f3c401f108f2163d77b63eca0ac6d5676a181abeae9f3c4db7b93459cd380467a5d19f4d16ac13901225c253

C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui

MD5 fb9bfc248519393f06d5147702fead91
SHA1 b179cfd361926f8c0a9068137dff7f013b159898
SHA256 f8bdff43b20d748536f517df4fbb6d2b6491ce5fcbb5d17657c153e22ba8e55d
SHA512 d3acc31d473866dacc1b2ad456754976cbc506eb11c2eacc633e39838919a87c209679009ced4e5615fa3d7d813889238996f7441947a68820a21db93c5d71ca

C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui

MD5 163b05affb62e2a3b8afe53a9fe3e5f8
SHA1 3e4487ac1a3bc0efbc34c0a95155d74d949f2546
SHA256 69a7c75678b6ea3d9a08e7a4a38a445524b24ba07b450cf403402978d3c27d6b
SHA512 2b3219ed336ef52d48e4e5f6456ddb9714190747e64a85407d582e8b39d74681bf4d9ff3a1d457238c28b4b812acbced5a4140120be96968f60a8ba2cd2a6612

C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui

MD5 dd2b02220ee7554063ba30187eebbe13
SHA1 86ef9ba28439c32932af3dd873f245c7b25e5537
SHA256 4c8ff884cb63892adfad656effec3eceea97cdef5000491d850c78f843368292
SHA512 6bf9a8ea4ee2a02703b58ac342abd61c53f38a9ba280f92647388766d92c0210c25307463b834b265068108d72bdb42db00f7ae28c4bb1b5eb5dd303c4faa6ab

C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui

MD5 f4f787e069bb10ba8d370a68ad31712b
SHA1 493e1549440e6d550d529631186f00b4feb9f67e
SHA256 7f6149c3fcd4154f2a207d78f968d711bed399eaa49d7cfa2c6a582694191fa5
SHA512 0859348be816e314973e2a87659496511f21de0b1ef2288a848baf18a8465c89c5c957c4fecba0c5fc16c9b6dce15dc3343802b791e0e31d16f6d43010f177f5

C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui

MD5 b4ac5571df2a52bdffbc1eeec68b43b5
SHA1 7065ce2c11ebd063215dbc0404188146eb6ae237
SHA256 a72ff5920e39237b67ade59850c6e9a20d58a342f4427be2a2d918592772d834
SHA512 c8e21125481ecbc410893ef0618ac84b7d4f786cf9a0e2048695524c7801d9958438d7f6a0ac892a216acaac8c7fbdee76c4825dc1e25e646bb77c52dfcc3ab6

C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui

MD5 ec86aaf738fdaa72e21c6e449d838630
SHA1 0d7380d6feb7a4b65ee93c29103ed0c259bd76fd
SHA256 cef018f3f117506f8d25ad0696943fcda5e269f8328f680f05d30db5e4956580
SHA512 ca20fd5692be5e0f53aa13d657071a1fcee61b06634edb8df5bc71a9f1234c06fa4d54cb8d34bc745e17e2d269d6c5c54e5395877eeced86cc3c76fc2197a432

C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui

MD5 4e6199265559b4de2a98af53780b01b6
SHA1 9a8f2f4300a5c21238558bd37031b6b9f6a391f1
SHA256 fe3e43625cc4da9ba87487a14146f25da1cdadd7e6529e0ccf07e965d46de57a
SHA512 ef62b06472a69ba46bc5197f32d1101c58f4eb47d945942bf0f90499559f49761984c73cf48a0059165455356568a839fea0ac85ae39b25a3b9be4594b570bda

C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui

MD5 3fb7d743bf9ecfbe90d30f9a5014c551
SHA1 09be2b7649bbc4472abe09d01d76fad2eb5431a0
SHA256 71d32828426b0f9c041b576a6d20913824de1a097a2b51829fea515dd3fe72b0
SHA512 62c3ff615704bbcde0e293e393c88f84fd8354897f374f22b8d2bfb5f806ba476d4f223c53026cbcf241a31444f1f408b2babad8c8600e3ee1abfd5a59f7d37a

C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui

MD5 5119b3001911d459f741fac131ce89c8
SHA1 d94e906281227ef2cd7525796196bfb7dacfab85
SHA256 48003e1abda875ec1a7960de6ea6ff6604537effc94f2c7e7542410244a9a3ae
SHA512 23407dc0262ad823c50454a3569b650d52aa781d0ac8d481e81c882eb53833c8b48a9499054397612b7816efe64ae26b4c9ba7b9c0e83a2fdd063dd41c3bcf3b

C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui

MD5 ca445f236384ac7e59b621ae7557bbb6
SHA1 d1d60767fb527b220fc987456bb24781dd15cc7b
SHA256 1edeaaa93bee665c0cc46b69aa5a465253035a548ff400a8662ecac3325a4d58
SHA512 78245a57a686b8bcb10fc1db4864cb2b2954a3d343acc0701ecc7507d3d7b7b8922b4789e99a5a84c57fc27c8bc37f0067d9acad4a252591ada4ea3a583b1b39

C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui

MD5 a40b31a39259974a2f2ddf2e303d214d
SHA1 a23da1aed93e8b1824f6e4132a8a985f038c8b7b
SHA256 df24c926137ec1c927d3f59264249e5fd3b296d8348b6b165dd493f32d41afcc
SHA512 1c184dfc229b3bcd47fc33e4020e39f2e419c59a1552ff78e639a4c7b007cbe7a58bebe60edf4caf3d9b0273a1a10ab37dad01d5d83418a62fb5874b69149fa8

C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui

MD5 6936c6d52afeeac512534cedb15bb2a9
SHA1 01f5cf87c7bcdaa6019df9c34e2e4c31ce2a8649
SHA256 27743f0d59fc4b7a6023e5367e856669e8cda6355422cd701bef639659624071
SHA512 ff014ded483d228cc26e826374408f198b04d161dc952ce5a0e98ef15e26728776ced271b4d673cfef8a622c98971b8f35cdf40e80d25c1ef5b5004bc928ec12

C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui

MD5 b20cc977f56d787f23c9c9710e2fcaf1
SHA1 a8044a74647fa9c9159d1f55540a946ed643d1d5
SHA256 1c59baa55eb52814aaf9e29e2b8ae3bfa4caca415fcead55ccc8bfe4667e2c61
SHA512 4c7b87a1dd21a9b8c767f322182e09acdf0e3f39deaca271a7ee0924cc635c047b1e382d22a552378a389180ed3e05fa02190503c5e095a7cc70da7e316ca947

C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui

MD5 e1e53804924cf514529f088562b0b51a
SHA1 3992bd54677385379f583af3d1fb1d9cfb3852ce
SHA256 46d74bb3faaf9c28d5e6393d0422ac34fdd5f57bcfb4fba1780387289e1c6391
SHA512 d1cd577f7ec4b522bc894b063c14c64f45bbf474c5649073ef5c50040b55296ffeea52be296724d2d45347672cbb2d4b6a1203f8df38796337d50f85dd230f7c

C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui

MD5 0dfe5b44deb4aaa7be4cc51b790cbb49
SHA1 cb1add92c911bd0eb3146b9419829d755711b34b
SHA256 c69b9bbc84ece87294a3bb9c568d9f44fa3ead722045dd04361e78c59f1b7790
SHA512 52701f8058196b771afa20bf60741238e0c9ea68c26a8a8e2d11f36d3bdec9a2710ea364306f09cb59a851526b552ffbfbf4deb9140c68337d36a5068c2602bf

C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui

MD5 6fd297498d5581a4360ce34501f03d17
SHA1 b83360896048144286329d96420b61d314479114
SHA256 f04a7b6146754ace235a394b02e7c44c6e1e4136727edcd0a58108a0ca136194
SHA512 22ac5df8920be07de9a5cf55c42318b1be7c6d6e466fee208885ad3aa407b2b83da106f9b08fe9326806bfd07c9a6be9a454da006e83a5f4ad430c3a5cbdbeba

C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui

MD5 38a30bc48aa18a7935ef9ca03df68932
SHA1 c660bb36549b0872f4bfaf9d093dd85f22b1e67b
SHA256 4836b0dfa9d2d3bcf951330dbf327bf2db2017f38a3420e0fe4ae7b43c7839b5
SHA512 61978f3a760ac6871a52f390c9736b284115ad488c4b330d765049ac0ad09f5dcf8a502939a539fe1634d966c05c9c997033b66c31a55360044e00cadfc1d675

C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui

MD5 f6874c798beba57d7047f3696c279ead
SHA1 f57d67876a785792a933050df342c38d396e42f4
SHA256 bb01748436650cacb79a3c60192135292c4d1486811879bfff6c3e78e0e02b2a
SHA512 06393a1188d703bcbe1cf0757ad7f08c451d6511391fa23929aad4432c84851323c61c8af52894d3d4335548ddc128e1264db62e6443625b86f5d6f29c493d82

C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui

MD5 a55e385e9d0bc31e58c9494463bcfc66
SHA1 360b41e0824ccb8ca5d2d1925986f32094e628cc
SHA256 282d91fde1700696d66ee85118cbbcfc82cfd05ef626936fdcf99dec8cf125b8
SHA512 3d02eaa4dbbaa1f1821180387fac31d36fd331376d06d414595657ca5a256b9aad72ffca038cb68b8f2324577690ced5c3fe9cde5bd45d4a7dd378bf5dc7ca1e

C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui

MD5 0bed46a6f051090be33608ed9a28e23d
SHA1 0ac216b4c3eae7089ccbaf1e7f5c8983e8ccddb0
SHA256 628018796e4f41be4118aef59a8ec3fcaa54ed314689253390d42d44a8e32ba3
SHA512 d34fadc47a9f6f6483e4914ce81abea4baa33c1bb8735a84b57c81388142c2ee42fce4cd89b368807da8a8b0f3054cc11e2fe8ab69e8a966c2b65345be6e11e3

C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui

MD5 9d0368205c173e352ac54253b21c0fac
SHA1 92d54028ef1e1422c5a828f85f79ff6f6a8b51af
SHA256 6611b26ee4526d30a03eb64a171a85bbd94bf8db03b20381a033deeb8c1f8db3
SHA512 01d33ac7037dc36c9af3939b931cc59b3ae42209d518444423531d94aa37dc1336f328d4d7500068e10bb0ea2fdd4538431816f870125c3bb7f740ca09a053ee

C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui

MD5 e39b936bab98abb1c18653791fb96811
SHA1 61c50c5cda22438965df835543fa75927a9c33b1
SHA256 9f44e88f1c525180a0fb7ebe3b99ef230b37d6736b3674e97bedd8c73ae907cc
SHA512 d1fa555e08836275db3a1af5105ddac2aeeca77540201d5ea386c8ea123b4dce8196caa682d334e55ed1e901bb2ed3af231fa4a179e084c3077e31c2737609b4

C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui

MD5 0bf9f17836f5a75d62970329060fbc8f
SHA1 4d90c679a7ec42ce5146d3a57596aed9673afd2f
SHA256 8d07ae927705c933ca766e6c9532906e1655270a0098c7bc7ca1bfd0dad16a52
SHA512 2778e70950458ef1c6ccdf0d43c7a3a95a1090fdf81809ef437a56885d3fe975493b0a16becc57f868423ff8d43ffd517751820bfa0a7846f36d2aa94e0a0c2f

C:\ProgramData\50C.tmp

MD5 294e9f64cb1642dd89229fff0592856b
SHA1 97b148c27f3da29ba7b18d6aee8a0db9102f47c9
SHA256 917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2
SHA512 b87d531890bf1577b9b4af41dddb2cdbbfa164cf197bd5987df3a3075983645a3acba443e289b7bfd338422978a104f55298fbfe346872de0895bde44adc89cf

memory/4572-19935-0x000000007FE40000-0x000000007FE41000-memory.dmp

memory/4572-19939-0x000000007FDC0000-0x000000007FDC1000-memory.dmp

memory/4572-19938-0x000000007FE20000-0x000000007FE21000-memory.dmp

memory/4572-19937-0x0000000002590000-0x00000000025A0000-memory.dmp

memory/4572-19936-0x0000000002590000-0x00000000025A0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE

MD5 db0c5346338977314479b80956619f9a
SHA1 005a605af10537a66553748192474715225ab8a9
SHA256 6d0be28f38ed682156581dd759da9ae2dbbab5036366244c9437f284f63891f1
SHA512 19ad997d3d9809f79e61dca4f8a83c33b7e732b07d76bbeefcef4292c6993345944bbf4239e39c6daa8ad477d2675ace59d00f9174986db6a0e39716208f9ac0

memory/4572-19968-0x000000007FDE0000-0x000000007FDE1000-memory.dmp

memory/4572-19969-0x000000007FE00000-0x000000007FE01000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2025-04-21 06:42

Reported

2025-04-21 06:44

Platform

win11-20250410-en

Max time kernel

101s

Max time network

104s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe"

Signatures

Brain Cipher

ransomware braincipher

Braincipher family

braincipher

Renames multiple (7493) files with added filename extension

ransomware

Deletes itself

Description Indicator Process Target
N/A N/A C:\ProgramData\FCCF.tmp N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\ProgramData\FCCF.tmp N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\$Recycle.Bin\S-1-5-21-1492919288-2219487354-2015056034-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-1492919288-2219487354-2015056034-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A

Indicator Removal: File Deletion

defense_evasion

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\koreus.luac.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RMNSQUE\RMNSQUE.INF C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ppd.xrm-ms.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ZWgvlAMeS.README.txt C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\print_poster.png.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\plugins\rhp\exportpdfupsell-app-tool-view.js C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-black\EmptyCalendarSearch.scale-150.png C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\MSTAG.TLB.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\ext\sunec.jar.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\System\ado\en-US\msader15.dll.mui.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\ZWgvlAMeS.README.txt C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\ResizeDisable.eps.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_1.0.22.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\MapsStoreLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.2103.1172.0_x64__8wekyb3d8bbwe\Assets\contrast-black\FeedbackHubAppList.targetsize-16.png C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_10.2.41172.0_x64__8wekyb3d8bbwe\Assets\TipsAppList.targetsize-30_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ZWgvlAMeS.README.txt C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\plugins\rhp\ZWgvlAMeS.README.txt C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\utilities\lib-commonjs\string.js C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_10.2102.13.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Todos_0.33.33351.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_zh_tw_135x40.svg C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\fr-ma\ZWgvlAMeS.README.txt C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_1.0.38.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\VoiceRecorderStoreLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SLATE\SLATE.INF.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreMedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailMediumTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_21.21030.25003.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosAppList.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Windows NT\TableTextService\TableTextServiceTigrinya.txt.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\zh-cn\ui-strings.js C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File created C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\utilities\lib-amd\dom\ZWgvlAMeS.README.txt C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxMediumTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUECALM\BLUECALM.INF C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Fonts\private\JUICE___.TTF C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\sk-sk\ui-strings.js.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account-select\css\main.css.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\zh-cn\ui-strings.js C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.21012.10511.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-20_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\excel.exe.manifest.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1036\ZWgvlAMeS.README.txt C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\it-IT\PSGet.Resource.psd1.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\utilities\lib-commonjs\test\injectWrapperMethod.js C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2019.21012.10511.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.2103.1172.0_x64__8wekyb3d8bbwe\Assets\contrast-white\FeedbackHubAppList.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.32731.0_x64__8wekyb3d8bbwe\Assets\AppList.scale-125.png C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\vi.txt.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\he-il\ZWgvlAMeS.README.txt C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.3102.0_x64__8wekyb3d8bbwe\Win10\AdCloseButton.png C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\ENUtxt.pdf.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\plugin.js.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\Images\StoreLogo.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LEVEL\LEVEL.ELM.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\lib\ct.sym.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\nb-no\ui-strings.js C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_listview-hover.svg.ZWgvlAMeS C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.3102.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.targetsize-16.png C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\FCCF.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe

"C:\Users\Admin\AppData\Local\Temp\2d04d802438ae93b095acfbb87cf5760bfaf1bbd300a609d6941a6861bcc68a7.exe"

C:\ProgramData\FCCF.tmp

"C:\ProgramData\FCCF.tmp"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\FCCF.tmp >> NUL

Network

Files

memory/5136-1-0x0000000002E00000-0x0000000002E10000-memory.dmp

memory/5136-0-0x0000000002E00000-0x0000000002E10000-memory.dmp

memory/5136-2-0x0000000002E00000-0x0000000002E10000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1492919288-2219487354-2015056034-1000\desktop.ini

MD5 36d0b91d90c99658e2596d1f966cfdd6
SHA1 004a0b050c98bc064a3e140db69f43a343d91bd7
SHA256 7c7c926d5f01397b10f0bfc50e8bb98ddcee31f581841a7db60358786225694c
SHA512 1d8bbe0481cb599d9e6ac83b782225841f2e13700fe0b79914505246f4a22e037257372f1abdef57df3e09d8342b90efe0a1256935490b81a59ebfec460fa6a5

F:\$RECYCLE.BIN\S-1-5-21-1492919288-2219487354-2015056034-1000\DDDDDDDDDDD

MD5 c4e6976b21443cc650b2ffc01d74c091
SHA1 8d4b4f61ebe2058e61c3b3d68f287b36f28740c6
SHA256 40642226f66fa05caf1ff73fed2fee4520eb55d5d880a9ec8352baca6b57084f
SHA512 66e4bd92ab72310f2519c6c739318f424ce5e80d337193858dfc5b2393b02ed808535d5a557eb75a0539dbd39dfca15771f2b7eb0f9d2dac98253822a17f060a

C:\ZWgvlAMeS.README.txt

MD5 760028ef20333198655598be2508d8a9
SHA1 26241a0fbf79e1fd3cfa3e45f393a50794124d68
SHA256 968dc4d550e01fc12a1c53b5c320361fa62716e296436c78757c546d616df7ed
SHA512 43af192dac05b3b64f992dd0261c72bf8f25e0d4a7b4097afcbeac1e0906c5103ee0301d7ab4a9721dbcb04105abdcd844eca91f0ab935bedb24d88a6a8589e4

memory/5136-7211-0x0000000002E00000-0x0000000002E10000-memory.dmp

memory/5136-8171-0x0000000002E00000-0x0000000002E10000-memory.dmp

memory/5136-9157-0x0000000002E00000-0x0000000002E10000-memory.dmp

C:\Program Files\Windows Photo Viewer\uk-UA\PhotoViewer.dll.mui

MD5 67118f2d22b6881f72e75b2b28ae08df
SHA1 d83e1fb76de4dda5844dfa7370e6baf214ec17d5
SHA256 133b852a991fd2290caf1919ec2e76e21e2cd89863e3b58c361c38a7a46b508f
SHA512 a546063923c518a43fa96d51a9c1929c9515f5698f5f1dfa22f84068c1f520b0b34edf515fbe36ce8d21df6d4d92c871fb0a78c0cda86aebb555c4fb1986ff3c

C:\Program Files\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui

MD5 665d2bb77f43be37e2a1c5c354c90e42
SHA1 a30ffba7fc3b79d1cee620b3d7b758f2159a03d2
SHA256 add6addb86e442009e5faa2347137c4d1034eedaa711e6d0f40d68fcaadfccd8
SHA512 54bbe98e5bc8dde8bcb3aa26ee59aa540939342cbb99baa24baaca6b3dc65d9fc957daf9a11b7dd1517e572a832df8634a656c65121ef967441db7330a202a05

C:\Program Files\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui

MD5 ab6cb3792ef6f3d85149eb70f592d825
SHA1 c7d38977463e1f9852dbe06f5243445de7f07bfd
SHA256 f99a0efbe263fdc3fa4582c21c2057dbc72a0e8cb7485d8f70afcaa57bf48f21
SHA512 42c8a881a2e342df59caf0ef734e1747f6f07722263ef99b94ff7e12320c04b059c0f7212aabb974227e5fc125d6400b63f5b0cf7554bfa0c9865e277da843c9

C:\Program Files\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui

MD5 04400dffbeac328693e848bfa69d0e32
SHA1 22b3830b437192afbd4258503c223d9d71e9fe13
SHA256 700a811b5d86976f835b26b6f22c29c0e579c26960c0473b51e2a3071c18973e
SHA512 f8119e021391a293739fa99573fcb89492c9a850a2fb1b9cc94242ddfeba00c62de282e9f625ebae38d9e74e738e4e733365bd79ef565c47b06cc4fa1044f7a4

C:\Program Files\Windows Photo Viewer\es-ES\PhotoViewer.dll.mui

MD5 bb39e57d8c0e7328a35a8b709541fc50
SHA1 ab15da70783c7175b06c59c4a03e414263726611
SHA256 4ed83bab27f3ef5796e68405d218de28c46d43c41471bfee89585c2debe42107
SHA512 45007190979d7a106e95c7b84854467c8784fed0091be481db6e4a0e41c6eb2ca2a2b9d9216370518fb5ece065009628bf1cf61d3cc2d7edf4d664c94c721001

C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui

MD5 6317f6321b9bbef08c9439e9bde8b4bc
SHA1 214aecabb82e7f75ce801f29a18907db9e24626d
SHA256 205fe1632527fcd83d4d6e3152e8d08cb865cab19b6c3c3c3aa15860347873ae
SHA512 4dfccbe349ef9d2615273335215ff6ac517d2f4c17e55badafdfc83320cd9ac513515a3a79ea763e5b9df1ca26e6efbe948428e4e1a5ab8bbed19b5907d37d2b

C:\Program Files\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui

MD5 fbb07c4c7f395bcf2fcdd7164894e695
SHA1 62d2e04192ec400cf77b1324ee2331c0e8db4b5e
SHA256 628087f89f66b42ffde58375f27c0ba96c90dfb41723ce3bc308af04bc5f9251
SHA512 64c23f8802f29dfdd34c7daee61e820fe05e5ac3db481caae504e637e91582f31b2feee8ebc006ca431d4e396b618080e92322c66d01f29bc9552b71efd2ebfe

C:\Program Files\Windows NT\TableTextService\en-US\TableTextService.dll.mui

MD5 a7d3445a26ad61fc23aa870e3dcc7b30
SHA1 7e03c640aeb74a880f4ad5d431ff12a48f6c96d7
SHA256 5149316650ebeaf2c530dc315138a003d38365d1b1c18c5e497e2365c58b16f1
SHA512 50227a5e117cd219ad6dd80899476ea5c92709f902d4add746a4a6e280fd67f6eb98ac31e0dcf1098bfc87cd3608a235774da7fcf3f85d6df4bd5e86f054a317

C:\Program Files\Windows NT\Accessories\it-IT\wordpad.exe.mui

MD5 413de0ffc99dc0c87b97517707c7da72
SHA1 e359790a2cb07180f57d0fe902f6ca8633e5acd9
SHA256 0e2b97bd03d672a70689789e86990597de569251db8ab48c6ce199d7809f9292
SHA512 4168b0120fabd215df2820a3d79158e88a09b984723958da8e5e19c052177730cf5966e66dc5e41488bf52d046052995ff3867d0e50082ef70edc511c8ad05d8

C:\Program Files\Windows NT\Accessories\fr-FR\wordpad.exe.mui

MD5 4277a6f750ec20e68a75d4aac74adedd
SHA1 e1b408bfec64a0a42722302df78a5ab9dc853807
SHA256 cdc787492b41dd3fd4cc5a1e332dee4258c8c729c2e3e71c753fa356d53de0fb
SHA512 3661f1d6ac663ea2519855b9c5e4cf778ccc1bd25996186becc75b772d567067120bd4bc560dac37f399b6af08b8414e61956e37fb0bc1e76d6e13a1f69a585d

C:\Program Files\Windows NT\Accessories\ja-JP\wordpad.exe.mui

MD5 a6756c9e8df77ef760c6ee69023e4771
SHA1 8861a19e087e324b0d40513e2daf281829ec5ab4
SHA256 f55102c193d5c764b507cdff3d32949f77b746e0a8be4f0cab4fd3ce0ee0609a
SHA512 72be5c022884630a315ff1ec7882947f0d039b290a57ed30564f7158492ee70d41834b19f28af4e1c7a1a22dd9cdf8bca418a95b2c2af9eb75cf6e1ab5b2193e

C:\Program Files\Windows NT\Accessories\uk-UA\wordpad.exe.mui

MD5 a545b774fc016f77656f2dbec3eca3b5
SHA1 0601c37bba3ca0a59bca3a69e9371e1a678c4549
SHA256 6bb926416e9f9f82ddfdcec1802284758cdff22473c2ea0d4f6d125bc0939958
SHA512 d8647a330abad6e69ab6d3da2c5f3a0379cf8bb97fade6f2a1a2675bf0f6c0dfd09cf342119c939f7ab5cb4f2222d3b4646a925cd0cd19077442f7218ca89115

C:\Program Files\Windows NT\Accessories\de-DE\wordpad.exe.mui

MD5 497d8520cef1525f0c4e65cbf7369018
SHA1 e09ee69da1f554ae241abec655e95cf4ac8b4ecf
SHA256 afb45591dc217017f5d9a7edf214a9854b9fb509f1ade6a44859c6ccce0197c6
SHA512 9b594e4ce9e46588e128e41827cad35c5566ea77eefcfafad722b78c0a603e073f90a218cc4963406874217172b3336b4832c2d69e8deddd553593c47cfde683

C:\Program Files\Windows NT\Accessories\en-US\wordpad.exe.mui

MD5 2908dd848ca87e7c509337205be23e30
SHA1 ec5d86e8cbb979e9d4c31b909c4b3ebd47729ef0
SHA256 45e233d3418988e9de11903a0b5527a1d44c64f2c5a56bdfef6d4ecb3bf8bd67
SHA512 b18c9d1d055dc60619013d1242eaaaa8f980ac7611703df1a33ef8afd4b58530985b145c0f1ee511f71ec509ec75ecee925d37e0b2b0021cca92e4c7493fab4f

C:\Program Files\Windows NT\Accessories\es-ES\wordpad.exe.mui

MD5 e8397186f1e9f4f8aaac91fcbf877ee3
SHA1 451b2eadba2736173228f8eb92ae6ac8ac8a2e06
SHA256 3be96ba3efc4251ffd2368f78543be211cf2ac889e12c767f028eb10e80d16f5
SHA512 e53e402262678fbabe2ac30e2097f3f93fe6663c8b8084bdde654050df45dd436c33985c796b46d523611f257029648adead6017b23cb69c8527445e3263e2eb

C:\Program Files\Windows Media Player\uk-UA\mpvis.dll.mui

MD5 1aee15a4b3ee452b197686760c43fbc1
SHA1 5aad19c770c66fb629b2c23713a7afdf6af9ede6
SHA256 b1504a28f72dfa032af4fdf4ab89984e05d7525acba381f03904efc68b5f491c
SHA512 29f7cb9e60acac1a4f847b8e9d853bb0412c4114a21b1647040ec3024811c5f6feb0832c9c23a47235bb9f23d160b0a62ec47714613a64aab0a9458cd2b5bd0d

C:\Program Files\Windows Media Player\uk-UA\setup_wm.exe.mui

MD5 294e3d26285d6af021c8e81f1c4a642f
SHA1 766a41f0031345b4e491263c783179e13a8997ff
SHA256 4b7fccd93737f613e14cc700711d62dc786b4908b32416578a5453395c844c46
SHA512 0ae49681bc43d803702c92f08871bbe0ccaf3a5ed6077f5c31f05ec27fe2935030bb716dcdaa33628023a6748eee9e7f86f570333edbe70e1b2e4b6ded361509

C:\Program Files\Windows Media Player\uk-UA\wmlaunch.exe.mui

MD5 49eceb2b431bde1832dfed642c080be0
SHA1 1f36e21b82989a989e50e2a1dab962a0322d23d1
SHA256 5957d4102211867bc0a13612c1bcb0f45194cd13963a400172dc29e058e5f5c8
SHA512 31973afeb3eeb05e1c3a116f52c50e1599a877f2626f48e8615860dc3ab2db7984a9e082c857dfd4931a17d3ece833289b8298514165c142dd82940048d2dbc6

C:\Program Files\Windows Media Player\uk-UA\wmplayer.exe.mui

MD5 c119781c3920e40444fa2bb90caed1ee
SHA1 a09e227933180c1143641fb1da91a5e9b4004317
SHA256 ce296a80987d0ca687bfbefb5bb3d5edb789a0cc60c54f3134dee3f1a4801083
SHA512 8a14668abfdc0f0664944af7222856a55c50455cb249f4df06461f45db54ac053f2eade08594bd3009e8d2cb7ab609260fe9a49dc166f8581369d51a55545096

C:\Program Files\Windows Media Player\uk-UA\wmpnssci.dll.mui

MD5 af253d104fe1db7780a793d14cc07014
SHA1 e462fda4b1c4b5b7041d802f8ac255dcb99684d2
SHA256 c3116a0a7dac1d3526d1e4b119fe4ba9c21f83bb29e3e6c507e7c77235ae8d75
SHA512 1a0272f628f2505db76fec426c2084298565f6e212102577b77f9fc07b856f77098649111f8d461c76140728cd48d564c2128fe31cdee8c4e4759cd7bbf5d31d

C:\Program Files\Windows Media Player\uk-UA\wmpnssui.dll.mui

MD5 401108af19841aed87a70b6537dcd5f0
SHA1 2199be68b6f5576d582d85e27b5ae628af7115c9
SHA256 594033f056dca08859246e992d3b866c1d593a6fa22c63cd2d43383ea676147a
SHA512 ca99e507bc7620a5b55b6e94cb7ce8094fa92f8b4c94c5f3cc2e29ab50f7948e3a5765064b9e8a59e7e7c04d315c43b469095c657c7f332b41f546eb501822a5

C:\Program Files\Windows Media Player\ja-JP\mpvis.dll.mui

MD5 08de662da201f55279c108a368c612e7
SHA1 3b6c11e438034df755aed16e6ef7cc4ee1961bd8
SHA256 e373ca9ff26f0bcdd594e6f8f56f822cc17c0903d675094682bf48f05c69f140
SHA512 2552422664dc5047af9c156a90542c81d249a04c71e780eda7d4255a370cd5efc360581faa78f9bd2830342eb95187f8578f29ee52a53b2eac5ceffecef63db3

C:\Program Files\Windows Media Player\ja-JP\setup_wm.exe.mui

MD5 24437989f6d68580a4a33e1c1c095d5b
SHA1 33deb74c0490970d8ef5329b340fc01ad10c4f3f
SHA256 ad9a5f2dad748916c282e5d736b33dca783dec038d7f347482968bf1bc5150a2
SHA512 0e99bd23fdf6a7d09f826f93c40f30a4a3c77d5b9819a878c1959f2de7fafbd274383b11514e6de56a8a128b1a4e7aec2cddd15605af0317160b3aeda305c05f

C:\Program Files\Windows Media Player\ja-JP\wmlaunch.exe.mui

MD5 98c5057c974b01b3daf7cc787d8de061
SHA1 6d31ed9486bd7ea2bc10171cc675d80364144261
SHA256 905e83d4c6ac53fc26913ad6451b26c90542158a94bb32508dcd00f39ee3ce2c
SHA512 828946bfa982116a7abde85c37e4e4cbef4a69a78fed7dda371989ef607e3ab27b7e2389396b1027b1ae6d03e1231f84b4e70a05e440615cb019112f00043ae2

C:\Program Files\Windows Media Player\ja-JP\wmplayer.exe.mui

MD5 4041165151547e62ae48235970cadfbe
SHA1 79e32846021442fcbd5eeb7f2e64410551c5845a
SHA256 a9766108f1dc47b88a132f47e1b353e1c3b164c4c1c870a778ee68f0424c318c
SHA512 6034841e4f57e4aa5d913623be314d3086ac37d3333dc33ba6a0502458f5f849891ce18237ae3dcb4c44fedd1c59f7be2f36c18757057eb039a89b568a22eccb

C:\Program Files\Windows Media Player\ja-JP\wmpnssci.dll.mui

MD5 354c32afde297c0375eac5e41e244ca5
SHA1 12dc9a75944c8c110c98ebc5bff9d9af3fe958c2
SHA256 3ada9ac27ae05bb3064a73a8f509a17b9e9ecf3906d1147f9025067d8ab1fbdf
SHA512 5507a8273e185785f3835b11ba859f070ea69ca31db90add1088d1ba4b602931f4d29fba85e45e8f48682a74a1a25669dedc4058af4665a1c4862ea4243ed90d

C:\Program Files\Windows Media Player\it-IT\WMPMediaSharing.dll.mui

MD5 92119fd22613b837b72a6eda979a6f7e
SHA1 2ddf89277baa14f808716e5ead4a9ef0dcc022e9
SHA256 a828ca938382140ab81b626273a1f68be6d6c4866675f6b9c41fe4dae0712b9c
SHA512 bc9631c11e2ddc08ec15d07204420f554171683a3812b868a16c7342839b37bdd72e2eedcd00bbad2f4f87cb9aa6c08136e2632a8505323340342ba7bd2f8096

C:\Program Files\Windows Media Player\it-IT\mpvis.dll.mui

MD5 506a616d2c7b64c79ac3158b1af4a354
SHA1 ee6d6ba94a2de9d33a642171ca9ac201e0d864c3
SHA256 5783de471539f223a11fd438f799f90b34cb94a7ee625581109baef1a0ede414
SHA512 ddd2851d099b3ae2082b90d09a11f58c62a9c0a1ca75504a82b3005aed289d0449a148c48b976e8d54fed99b3ae3a204948f3c39846d97ceda634513111cdd10

C:\Program Files\Windows Media Player\ja-JP\wmpnssui.dll.mui

MD5 41318e9f458bd7e05efa0e31d64b2926
SHA1 f36e408f3aa821548e0a219fa238015f79f85e8b
SHA256 cffd9fb37861f7e266fb355886f3e55e8cdb828d49c0101d270c42b1a764ea2c
SHA512 b7522072c79a6f062df3a1cb0feee6d078102ae98380fc3d53d42bd31b67e91b607fb91df0d1a61c0747a6e2cbcf42f40a96d59be070d1eb091883ad595caff0

C:\Program Files\Windows Media Player\fr-FR\WMPMediaSharing.dll.mui

MD5 07a820721abbdeb795571abe8279e175
SHA1 ebb4de76105e16d47c3a8a69fc3ce3481a507130
SHA256 ee3d65f85d45ed1f472d88aee05961475965d28ccea9749c80cfc979addd44d1
SHA512 161e4a423e2232e3eede4fd2ac6738291410e633ad7e26c83a9082eed10f14d18b9531cc1a0eaab2f473c47ed5d80279036db0683a436d3ccdfbc49cadd801dc

C:\Program Files\Windows Media Player\es-ES\WMPMediaSharing.dll.mui

MD5 d57efb2e9145d2043b9b4287788a0f3f
SHA1 4829ef951b7723432e537167ba8fb1f3c541f0fd
SHA256 45d282e4277f145e6958aec354079e88472b7f8f9fcd34ca201f0e9be20e9e8d
SHA512 3c1141925f27e4512eebbebbee44ddf0d2676cb7122b5ce3cdb2bc79672a3f1db8aebc13e3dc7d299b72dc5f0e709f718e52e16d9911d7e4c546fd8290f82e3a

C:\Program Files\Windows Media Player\en-US\mpvis.dll.mui

MD5 3e41f916bf17b97025a1409b1d84d659
SHA1 ca477ce35909dfdbab7fedca99d6631db8e5cf03
SHA256 851abb1e00a1c8a2fdefd3f57fe91cbeaef292651994c7a0148560bc58611204
SHA512 25ea301ce3a2bb35702320284e6f10a30415762fac8335ac54020989b64b074c70d173c72f3cb9f788c2660ba6e374e272548ec0858841096236708ecd6f0b87

C:\Program Files\Windows Media Player\es-ES\wmpnssui.dll.mui

MD5 83cf8e60be525042b0cf7994dcb89e37
SHA1 d8588a8c7bb06f122f93235f7af8b86b94970f56
SHA256 688cd9a5cee2827e167f1272fd74a80a283b03e214d91538341aeebb91f47bca
SHA512 7217b0dfb363008a17720ff51244a359dba2d3b9e43507ad23089ddf86270859f3e75d9dc7baed87e2833d699fe6d454693f60203ba08a0c0b85ab8e8c21b680

C:\Program Files\Windows Media Player\es-ES\wmpnssci.dll.mui

MD5 6d7d64d1f0ae036182a0f9b3cb32690c
SHA1 e4440396d6558a27c12f20ec881853a0ec4260e3
SHA256 906728ecb2ba445129d8604aeefbc50555aa8509243aaa33e36dd4d762e48069
SHA512 81bce96ae983e10b432b8edd256b75ef1184260de98b9716cfd211e9671dfeaa45a131ff7e7694816c12e61460bc2a4c8af82de149d234cd1c8432243563d4cf

C:\Program Files\Windows Media Player\es-ES\wmplayer.exe.mui

MD5 057b6054fe7e455641c7edd2ecfac65a
SHA1 2fbbbb01801c089c327397ccecaa80edc75678aa
SHA256 955bf79ba9df122023117c0f74ffc3949c895a5d880030bf526bc7bb477cbc2c
SHA512 012c3a4c82e0db833d1e5c194cb90acc4869dbf76ffab4d11c9fa35242af5e1c063f2e1ce8340f5c5a6745486fb3c491b070f679c0abb1c73141ab51879e8c6a

C:\Program Files\Windows Media Player\es-ES\wmlaunch.exe.mui

MD5 f4ff0af11fa74f84c503c3dce64cdf9e
SHA1 5c22ed13b8bf128ddd46fada425eff011c55723b
SHA256 18d8c2adcefcf36afe46021977aaa72d9c755e39187954f42ac85c9db0d471e8
SHA512 3a8b7e9eddb4db363bbb2956163f6ce599696d62e9db8d6ccaed0959f1e194c92e1332c8d8ddfe4e93e9ae09c7e735696b44046ec1246c04ef2a831c45d62e4a

C:\Program Files\Windows Media Player\es-ES\setup_wm.exe.mui

MD5 1465e8193242afd53b5fcfc315b5ccfe
SHA1 b898f4e6fc8c7e4d764e0663f3596141b3849149
SHA256 48e8d6bab84867944efb0df40b9729990ad9251bea10f866c4060d252cb2a988
SHA512 d3f7497950a50d09b78ccd768993d1ccb4249adb1a170fe3f860c7e3d6b2d00b73101d8b9aae847bed6c7e6e9651a3b54add467eb40c174538953c5229e52b4a

C:\Program Files\Windows Media Player\es-ES\mpvis.dll.mui

MD5 f2822959e751c3af6be1bbf1e4b091f5
SHA1 95cc83a48d945b2d3d0a0d4e0fe9f741ff0a4bc5
SHA256 152bc91e2557520f19934f3edeacf38b37198b7562f0a848473ba0b134c9cc48
SHA512 fec9fe96300507887fb0deefc77ad0fc9af91ca71a3c8e85afe9ed59f1a2c220462dbfe1d18a8c7dba8fb3fd8c6ba6c4234876d375f60c189e782057bb47bb33

C:\Program Files\Windows Media Player\en-US\setup_wm.exe.mui

MD5 c2737925af2fe29a6c880868408ef477
SHA1 492e6649e3c570cbbea454b8ebf90cdf1f909e7d
SHA256 8adc57dc6c7901a8e46670c5031713d444d0d96ae2da5982fb74aa100a8990d6
SHA512 f5b5cb768d750bce4a3cf120a4949eb5beb1e6d91c0ae65054405131ab4927fa5c74b87a9c4c2c204f86b644f78d344d813c470b1546059af1d8b0b6b63693fc

C:\Program Files\Windows Media Player\fr-FR\wmpnssui.dll.mui

MD5 9138e9fb95251ee43f84dd5107357948
SHA1 6f6336abdb31bae91f7132e0c6403d9d675def95
SHA256 050a48036a56c546e729e4f8a60f6c48abd7b0b45563a73a648b93457667a7be
SHA512 7be5c81f06fdc4837911dfce02ac320cf2641560e5704dd5b8bf0b8ec5123677891ea13d15972b8e12c160d7df58d0a3342488429ef356ca7e718ebc4b5827d1

C:\Program Files\Windows Media Player\fr-FR\wmpnssci.dll.mui

MD5 90e2f28d9c9e1a0ac406fac585623ed0
SHA1 9a1b717dccfadff9736ebef29c90d45b81ae993c
SHA256 3be4cb6e781ff0da5bde41d08ddf2b10c8f53f9732c3c5bef9da4e17dd587880
SHA512 87e70d61f19c43b70983361b196bdc461dad6a0c904cfba98bb209e03c9c45bc5ddba525593efa0c3b6385ef3f06b3328c47afc813af80cc3d7a8ac5869e6984

C:\Program Files\Windows Media Player\fr-FR\wmplayer.exe.mui

MD5 9b20ec5c5f4b7d62e0fcdceef7de47fa
SHA1 8ce1c6d5897132acf253c9f6104cdf35e4a0b798
SHA256 049972ab506f163be5704b062b8538db93aa68a6b93c7fdafb3c208df444f298
SHA512 038651f428a87ee2619c7e8101215f7ba0fdffcfafa03d6bbe579133e9bd010a9fa0f75a7f0e0a64d4dfbb1b95e563747a78d936610f0a6c3c5ee4fc371e5791

C:\Program Files\Windows Media Player\fr-FR\wmlaunch.exe.mui

MD5 eaa1e9cd526111f437d8e1a9434fe525
SHA1 a93e3582484911d077f5a8c52ad41b428b659028
SHA256 018ec4c273042a396a7d9c637b92d22bef9d3cf701bed2dced9afcaf87917d55
SHA512 a9cded7c59b8f63dcfff2842a17b9bf54edcf212505d7d50deaa487dce4e5e87a3a69e6037a32cd6b217247e293407ad92ab2b9779f11b5438495eba4ccfadbe

C:\Program Files\Windows Media Player\fr-FR\setup_wm.exe.mui

MD5 f6f9b67fd71d08a6747fcc8ac5381559
SHA1 48a37128d8aae6bd66f4e38d6a30003cdd298e97
SHA256 da09fab21b194c811e442d9c000e38007db697753ee4e4c8618ea4c742ba0078
SHA512 bb13213ebdca4bf66789aafb4ce9ca6170635deef9263ee8096b0d712ea2b315d7b50edfaa3ac11115f34ffcfcd3e5289b2d8762664ba1274d7b8638d1fbd175

C:\Program Files\Windows Media Player\fr-FR\mpvis.dll.mui

MD5 d5c3b1d725d7e0544f1f87620aeddfae
SHA1 f0037e83949ae0176712c02ebe43101b0ed432b6
SHA256 92d22f2d65cd8887c00b8b6603ad4ad9eef7d678a6951cfdbf18850fa0c1d1b4
SHA512 ac037a6bce323edc22ebdcf23553e72ece239d2876fc8d51c2276b51f1f4987a47918cb7cfbf699a0b7bf9076f82d61e3e6745c867ec5bcb447fe71bf8043df7

C:\Program Files\Windows Media Player\it-IT\wmpnssui.dll.mui

MD5 23d4b8e70728c658405115d5723d41ba
SHA1 599a1eb79f541f7b749cca15dacf7503ae096b49
SHA256 9c94c7dece139dd8f6ffc8b66476e6295b79e620c668d01abde2534773f77e0b
SHA512 78c3534a76775deeff4908bb23fb5a3116620d38ec18b18cfa0047324e4466386f179717dee509917a5b188dc6e3acac73ad77aeff9c5c77a2462bc747b98bb0

C:\Program Files\Windows Media Player\it-IT\wmpnssci.dll.mui

MD5 3d05817035e6326d6455eb2c1e42fc1c
SHA1 f5f94360100fe36b5334a24fe4cb699fb45b854c
SHA256 72629959115dede216682a3629ecc203dd8c2c06f460c550ab7a6b4856ea7810
SHA512 ce8003c04c03661afb610614fa6d32bd55ba0f68c22fb11b54b2f4d47c01ca826e1e9357f0a91b7cb7da1a7d6c70e8c88b2fc01fa14dcbeb6a99667bdf06c1d5

C:\Program Files\Windows Media Player\it-IT\wmplayer.exe.mui

MD5 ce1b5d4711c00ef64544a17bb61b8dd9
SHA1 2ab2b135b0c5eb57f09eda66b132672640e6d8ad
SHA256 fa7ce2fa3c49a2343170a73fceedf38cae5da26a92f9b67d6e04c9b62cae2a6e
SHA512 e2f97a82146f595f965ebdb069952af69e69604823e46d737ecf5fcf272dc8162bc00ed45f476dabf8bbc71297b47c8fe336cacf8c3bfdea9f64a7124323d7b3

C:\Program Files\Windows Media Player\it-IT\wmlaunch.exe.mui

MD5 d366ee86de7561cd1b13b423d2478155
SHA1 c8ea8654451c9848d09fa003d2eee5239a17a171
SHA256 9672e4a949becd8759dcd465c41032cfdc573f092f46c7381df9be881de42e66
SHA512 ee83debd99f38038ddbe88efa895124238ae065a26f8b6883783861fac7d491fb879ac090de150a3a19c9a58e5456f281082cbd588eafffafa932c811df3e280

C:\Program Files\Windows Media Player\it-IT\setup_wm.exe.mui

MD5 517889fd6e2c38dd19422589f39f30af
SHA1 9ef3b68b055803c820be2965a2d31e5e96f58ae3
SHA256 3347145c33474a93dc2fbd5feb8ed43c504377fb35bff8a81eadbe1a8c623c44
SHA512 eba5da2405d851d1694cad7fe1c205493d15c27109e978b536e922cd3d0dfcb23b3efe80e205c4f85db075e834a21e4cb67d329aaf6fdf6c55671fc23e757758

C:\Program Files\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui

MD5 9403d877f04906406f171d9329e0977d
SHA1 7f23f4bc62b0b711a567beb13e708126076f835e
SHA256 5a4cc9fce6088c5ad4897a4bbdef2628e185bd22bcd11652bb1ea10e3de313a1
SHA512 f7af0682002b0202728e6510dc927f23f675c35349be5bd7b898434bed52eb18fb3b6e2e8ca68a20434997abb77788c6012270eee85099c6325bff0ab436219b

C:\Program Files\Windows Media Player\en-US\WMPMediaSharing.dll.mui

MD5 af11b876c481ab37169d00a77d622044
SHA1 6a482552998311a60f1e406e4c515618a6f7fafe
SHA256 c606f0a6c19d1d1c11dee0c9a09c17cddeb1f682ee535a074f9d93710905f462
SHA512 cde9e2290ef2a368af0d3f46cd572f94999cccf639fde60bbb5e34affa7c46d25beed64578cd8cc5c868dbf7daa387cd8b3b2bb062abcba4f5cb95650a50681b

C:\Program Files\Windows Media Player\en-US\wmplayer.exe.mui

MD5 f35600fbdbfd051072b3c1f2dd1d06cd
SHA1 5d8ed348ae81dbdd533a089a5dc939b28bceef9e
SHA256 9f7b8afaa021667c2f6707c590062d8d2067225396b52bf5487eed195cad64a8
SHA512 0288cd23a69d588206bb8fad35d7166cd1bdeb33ad56c019f881ed3e8f8810d6af2a6d1a6d689eee3286224159a14e3d7c762d562a1dd63e98c0da22616d6a6f

C:\Program Files\Windows Media Player\de-DE\WMPMediaSharing.dll.mui

MD5 29ee87c27ae482129bd020ed27d5621e
SHA1 97ca0c7f2dd88bae471074f9e26a5df31f4dbf55
SHA256 0cbef8d48e938e8dd1a5fad9d92dee8fea9f66c9213d1108732b6ee727f90253
SHA512 308ebaf8b7a6aa54310db93388c4955316b91e4d7bf2d06685f96a54e0d4fe32440705d2bbea8d0b834e0c8779009011fbecf48dbda143a4608162ba4aa00efd

C:\Program Files\Windows Media Player\de-DE\wmpnssci.dll.mui

MD5 c0b95d7d7fb3c4df461442805b0c6a61
SHA1 c44baface44a4c7d780393e30841b5f6864fbc51
SHA256 8b514215668a528cdea248bcbb379e3d5a0156c41d396d4334a0d4acaa629caf
SHA512 b9e1e0251f1c0f5229190e7f05fcbe01205c04b6fd0780a84080c4d8b361cec81317037107e3df961380ad7795ae71f5c441901613583b54fab5adf38265d164

C:\Program Files\Windows Media Player\de-DE\wmpnssui.dll.mui

MD5 108eb1174f3cd34513f904ee139f9811
SHA1 731a19961cfe081502cbed1584718b9f3bc42c00
SHA256 f27399b82d95a2f0f902e0dcc1162efc9c4f1db1a20eb9104a163d8698f23b92
SHA512 4d5331692b109f3171e8561d35928d17c7bec509d5bbba062176eedac872ad3034a81abeb9b6f315d316f3d144567eea577305530ac926fe0a798f2982d8150c

C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui

MD5 1a9d448ddf5ab366f6017c343bf8346c
SHA1 af8329571f9244a88236cfcb12156daa3d204dfb
SHA256 126176fd098ddc2db38be170256e6cee7f4afc1e7f4c03532669068c86e955da
SHA512 3871f90e02eb35d0aebed1f65bf8075b70d38527163669158c8dfbdf95b42dbfd8cae7a3622ec2acbf62147ab811cf82e84652a72dfedca6c5498ad571c6397e

C:\Program Files\Windows Media Player\de-DE\wmlaunch.exe.mui

MD5 678b4a2dbaf0017c4210e51f85ab52e6
SHA1 f02d9735c038e300d4d04d3d2d566634e7576a49
SHA256 bd2ac79c4bca0bcf349da55c9de75ba0748510696c6fc961306460f384ad672d
SHA512 38ca0e3e9d91815044868df6073d66b7ecd18db18e42dc52cf4f7c6c148c2458ec3735cc3d5b0e115b672160fa0b87c414cd0dd020da097f3015a5505a8ad1c3

C:\Program Files\Windows Media Player\de-DE\setup_wm.exe.mui

MD5 3e42086ba315739b885aae3c8b6681da
SHA1 813670ee251a225614b631876c1581028d421ca7
SHA256 5fd7dbaae22d29c49079da8b37d8f0398daa1024faf3bfcf8f9bf7005f39fd57
SHA512 2830696101c17fd54f8ab8e71e06998f0a6f927cb2a4ac4b75d05bbf05812be3e8f248e50ca3863fe289d9e2454a4b7ba7e34c5abd29cad05cca0afb09ac078b

C:\Program Files\Windows Media Player\de-DE\mpvis.dll.mui

MD5 bda6abdba4a51bee28bd15047a95f8d7
SHA1 19b1b6916574e518929c3436b0620b1461b48131
SHA256 50a2089b2b1c70258945b3a8ccc04535df8bdd1bd812cd0cd6ebadeeed950730
SHA512 10b249388fdde2c472c52c9b5d7fdd64b25d0d0384dda224d8d7a18aab5070f9274c21efc6b2cf44d4aaf58c2d7b24928ae4baa89853ba17d5bc5764b6682cfe

C:\Program Files\Windows Media Player\en-US\wmpnssui.dll.mui

MD5 f930542dff1509ea966b45e3a2be48ff
SHA1 c1f773d406433c4bf01c0f43b14adfe3d98184f0
SHA256 8171c1180b05c53fd5619f18850ab5ff30e97985981b03e4bf6a02e6c090a883
SHA512 3914d585e085177d91a034546b75871ae0c5116ca06b3cd476eed97a36df97396478945316319b3a6425b7c7618c92079c009baf6a49ba5b808af9315cf9f4da

C:\Program Files\Windows Media Player\en-US\wmpnssci.dll.mui

MD5 4f07ccc2c9840b8f3873aaff5cedfe6c
SHA1 94539f7b77ea7e6930ca6e9f9f85dca24d85386a
SHA256 62ffb822d2c42c9dcc0fdfbe3a6fc113eb966ae19c5552276723d53b8dc6c1fb
SHA512 a63caab5be51fd5d14e43f09f2b709d538b5cd90a32721159f22937629843043a68d86d758459e2b3a312be207b9dd12b098f1f03e0e7e12eff58820dc079df7

C:\Program Files\Windows Defender\uk-UA\MpAsDesc.dll.mui

MD5 986a6f0180402feca182a8829c3cb4f9
SHA1 ccf6101f21f62d09c946f063d0ce87063f33e9cf
SHA256 d251888241d87ab1ea01f05bdaf0da70db2e345b26ff6e81c744c53e1ad8672e
SHA512 d4c5ddc87443221d8a1c50839eb6880e8b2fe5868760c7c33d4cdf71a3aba453927619941cf9474e01c7e86d0e1331bb3e89afc0dae6e1793d9d559652ab4560

C:\Program Files\Windows Defender\uk-UA\EppManifest.dll.mui

MD5 c410d949fc35b62b71c160ef4b702e82
SHA1 46ae1b5f07f5765f43b1f21450641c4c102845a4
SHA256 f01b865be862dd7df99e4ab676fdcbb410df76394fd97f39b61918db41c0e326
SHA512 394e0eee1bcc861a4e7d3254d5a5cac0fee68484b76ab35b2f10c63023656a461baa235fba5c4ff84ced4078947f058ac2192473aa42f4ddbede0599358a94dc

C:\Program Files\Windows Defender\ja-JP\EppManifest.dll.mui

MD5 8213e7f8a2ff5107c35550e0930b87ee
SHA1 a284fdb015771e1f8ad977c440694c9692aa361b
SHA256 afc387459f9583faf52eb5c6da3e409cc1520a898f5422a5e867d313a1602275
SHA512 f432a26b25be16f22b52d66bfc8a5143b077f90a99cf161da965e420195db11d30f97ac9f976b42cf86b074ddd96e565417d93245a1ab62fa1bf3360b847c36f

C:\Program Files\Windows Defender\ja-JP\MpAsDesc.dll.mui

MD5 4cf9b12fdaace4151ddf7507b0dd7f68
SHA1 a18184c4edf8b8c26dc4de4cbce3198d9d965ae1
SHA256 f83359eeba1464eabcab5aa5afe2c084e5ca0ff038ee5f646f097a398329b110
SHA512 0bee2a307805c51f4d056c56f0f7bc49d7c118f2bc8a09ae2c40c76465b478b54132de1cc2e251341993a5897470dc6a47b2bd43a29ed4f078a8de74c7f63293

C:\Program Files\Windows Defender\it-IT\MpAsDesc.dll.mui

MD5 e9a7775c53aff3c0184e3e5852f6f1f0
SHA1 54c2a33fdde282372eaad59f67404555895a22fb
SHA256 bcb77b6d12dba94442b0606fde3d3239e0ff7e55114703e7df2bb4c107cb80ad
SHA512 20c686f60c1325466f5d0f812c50f76e9a5573d3bff68b0bee7ca38f49e0804170b0a68ebe3ca57d42be6df0951c915c6870947bff0183d23321a26d543a27a4

C:\Program Files\Windows Defender\it-IT\EppManifest.dll.mui

MD5 abe9bb4f2d1a0eb5a1422e18e035c862
SHA1 66767cafb49e01eb303fe90fb50eca5f36ef27d5
SHA256 ade73dd8b73c9c3a68fb1b80abe3e08517d0d80a444d58d3aa744649e535e469
SHA512 1b24924635bf1a884fc83e7226b9436ed4bb9547b7027b5942be3247f16aee22bd6b42ef6d153ad74bf7cd33985e92162354daf39e2a4bf01d7bb7c9a677b65e

C:\Program Files\Windows Defender\fr-FR\MpAsDesc.dll.mui

MD5 a64ae33fc6e989ef95f03f4153b669f4
SHA1 6e3feaf4fcd8b84b5fc6db68bad89391a6a2475b
SHA256 11783089e7126bf0f7fbce9cd0192901e4f414c24f7c187b5687524ac5d29d74
SHA512 7fbdaa30884243af7e55cfccb23ef9e9fbf906a32af96252a3fd8bfaf984689e82c0e34f58e2bf8c9314a4b8a4dcf2c2b8d7ce4ee067ac84b3f3337c624c96d2

C:\Program Files\Windows Defender\fr-FR\EppManifest.dll.mui

MD5 e5c7fc6a8ecc11109776e7ab5c85bc13
SHA1 661ce6a8b7d43c521b4cabb1a35575da6b8eef6f
SHA256 737057a55c07db21889c523cbdf93d79f7b1171b1eeca2089e75602c7234d88a
SHA512 7a6d97e450ecde1db11e59d0f9fab12fdb1ff3790b37884f547b110e3d7e1c3fa1e3ede85630941bd0ac2e7560867ab41b2af6de65297985a25831abc7f39c4e

C:\Program Files\Windows Defender\es-ES\EppManifest.dll.mui

MD5 2121419f0767a273083249edb1ff4d68
SHA1 0f900b8455a3b3baaf4d65271db264a659adbbed
SHA256 c592ccca6ef2c3cef8e9094c0170320239fe6170cb861f5b6a16087f1ce9e140
SHA512 81f5493be831bc4683ac7531d7b206ba3ab4afa80701a652eaa572ae51d9467f73d955dd69a5807c51b880a73fdb28fa1c91c6466ef5653bfe0ca29a27abe8f2

C:\Program Files\Windows Defender\es-ES\MpAsDesc.dll.mui

MD5 be1230498888793714fa157f42e73d47
SHA1 7a66174124cf9c24726b99a8678aede9b03f600d
SHA256 e8561c4709f3a81171ff307b02592a1f48c4d5588a8ea683369781ec26514acb
SHA512 9172604b670e0257deb4c53f84e05f4a8840211d26e78f187a307c6d1ebc5b9b909ffd7dfdf9c85bdc2043e71ea721a63832bcb338eef6db68d3de3f3178da27

C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui

MD5 5d7411ee81ec142802974e2d5f2edfb3
SHA1 a1e5716cae3273034abbaee56f9db35ceac75038
SHA256 b47db54242f5978564ad6aef6c2193a49e7a5c22b33f9192edb3635d3d5c7894
SHA512 4864e746abb40abbd86054de39dc72970beb4fdaefba0fdea5fe75c92457aad65d481f05cf3b06292cb9b756fbab3fd7d970fc40342250ee40ed01788778f516

C:\Program Files\Windows Defender\de-DE\EppManifest.dll.mui

MD5 d9e74eb37797485a344779bd996e93d2
SHA1 9269167bd5e9efc2dea513cfd45be06be502e106
SHA256 4d911e880725f34476002d6e526ae005a85d54a1f77cf925a5970d446a887dcf
SHA512 4fa8e71cb2b18c2d6cdd917bb1a9e75dfb588193f338df2b7bfc24377e66d4a75df07f91ff8073840437c87c38bcb7eb8b96cb09369254766297de37127d22f0

C:\Program Files\Internet Explorer\uk-UA\iexplore.exe.mui

MD5 91158fe4c96e233aba4ad912578bec43
SHA1 3daefcd009de100987e61b4f1b59e669a597c48b
SHA256 80da890315d4ca2a0a02e6f2346a785d1671e0e9c57ca7249f6ae5bdb51f15e8
SHA512 21aaad8f16f5dbc19d52093ca6edb24eec288df88133e1f42a7a2c70ae0bc6a7b2f1965dc280bec63e253c888586bbb4cb04f795e48e5cd7de656bdd0770e441

C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui

MD5 9daf3b45f9de50e0964dd689e9cd954e
SHA1 e7798057cd84db4c64b395daf7f85694980265c8
SHA256 40f8407c8f4c1ef14743ec87a595e80a7ed715dba955b531efa3f52fcabcb6da
SHA512 3c1b34189ec6d05a966927bf1bec792d7461e426c0bf86ba0db0b8f0cc71784e6fa75d7769e23c42d466bdcebb634c654f7d2c10da9500982b525650c9fa1899

C:\Program Files\Internet Explorer\it-IT\iexplore.exe.mui

MD5 9d5e8261026bd9be4559e040c25cf66f
SHA1 5c9f5511b3d5ea1d046aed292f7adf6f7d544e20
SHA256 adb3bb5bb83fbab3615075a5aec5baec4aa52d67cf5b852e776c765f7c01d897
SHA512 c558efdd0d90ca81731572f378c378f3ce9777f954f9b17eed7ab5f4284fe195dc7c170caa17ef9a06ac06f5f50acafe76053cddf392de7e5bdc730f5ab41842

C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui

MD5 92e1bed76b7f5d941f6d498891921fbc
SHA1 582ddf09c6d8b41939058892a011adbc77e8764c
SHA256 475e3ca1da6606b3a6cdca124e90616e17f07fdbaea354ae302ab4ca49ed45d0
SHA512 b551f37c73bb53a5009cd6fa408141f285170853137ccd84ba50e6bdc0610a12f3604f90a23f5a05d82aadbce56129bd68b7e2b656b18f96c1be6bdb144f79c9

C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui

MD5 820ef000ddb5abd6b022593eadde7604
SHA1 0df1d696f2bb424cacaa84d69c72024a9600849e
SHA256 701968a66b1def6db46f0bcaa2890a6f86e600ca45ea83c5b0b63c249ef6d36f
SHA512 5e5458923581f2ed9163d7025d62d70af8e5404c20cc1a6d53425e4715e83042644c999cacbded3feee371e48090888d2795684cd9b4e28b2ee4136890ceeed4

C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui

MD5 b0b1699aa9803d4cd6706f7dd4776423
SHA1 aa07daa662718aa2840d183a996e0b7cb65da02e
SHA256 e1a92fbe930e3bc8ce29336c1802c885171ec11f0c23e77da74d624b58a2a325
SHA512 f5d7d97c754644e2f26606c56cde2bbe667a69a0fed43045514d24b05fa25c33765226db8aea2ac8839cdf024cd7a6adaddcf9f4a6724b5acc68b4c2e1a191ae

C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui

MD5 eb292792109cbad7dd42f1d8f405abb6
SHA1 dbad799223d8ad956e8647b0352d3874a1e4dd87
SHA256 361eca9f4337f8c98869801cad425f707f6c8c613bd798fae44a6fb95167234a
SHA512 e1e43576c04de89349550aad3e84e125d5c73dcaded8649085b09ad01c10feed3384eef5ad5b1542f5cec2b6de2194e057f054af0d0f114302a239fe0376d0ed

C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui

MD5 200c13234b0575c344113bc6337a958a
SHA1 4280d48fe112b04c752bd99866101f1a652b2c72
SHA256 8c6bf5f283f407a8d9cdf2897e73605ac7150c6d9a370cbadae66732b0042477
SHA512 e4695b18514ba1f9338ad9f934c39cc267ff178cfec7c9ae3653b4a5bbbb1128b3a1f66ac8012af9938d3ff2cf9dec50a6f8b79ff4ded939ecd9a692ab102859

C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui

MD5 607f715f99cdf823e4c435405deda12c
SHA1 951562b25b93134bca55e63f56093b684facb641
SHA256 6b1f24564dce24d21933c9cdf35bf3ff77197c9b5361b70ee497b585053c07ee
SHA512 55567dd16ecb6d35d30bab70fbbf051d555b82bde2776030bf3d36878a089e7e9853d4478ef50b9f4f80a1a4dfff1cf74cd0caeebdc5408ab601e20211e05d6e

C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui

MD5 99c8a869ffe051f4041eea6c6b389718
SHA1 1c6f898ad6c52c00b3ae70d9121b6c3b33dfc0dd
SHA256 cfcd34b91bcbff96dcec643d84d80cd5942da157e1118e90893f139382d3b325
SHA512 cc3c4bb1ebedd51e0f7013380fd22791eea4880e89bcf27a10d5b8dce69778b3dd8183a00729d2f8d3ca9c18f7c36708143d9b5119b3716dcb538d49ba43857e

C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui

MD5 d0faf4e54ae0fd452c5f26018369a45d
SHA1 28c67fdc84527e36afafc17eec84cfe5541b1d83
SHA256 fa354e28ec8b0d5b0da681d3e86ee92802fdfa4fcac36e76b0d301a205390c10
SHA512 a1dc70584372e895ee8ff21adf58d6669664b7bd3527f5b70a180fb3f5351790ee8cca6f5efba346dc8e21c6eea9b815a1fc3533c7e45226a6fd674684b83bcb

C:\Program Files\Common Files\System\en-US\wab32res.dll.mui

MD5 32b6adb56c9ccdfe6c29f4aa3f0d7edc
SHA1 1b682f1056cf87a4635159ec0c0983c9391c2518
SHA256 6868da4ee53f78756bc54cbdda1f9eb9728164e54383f77fe5764839f3ddd571
SHA512 26d9b8f61e22e98051bf4c6fa65bd6d0015cbb907decbc0832336e47853e87675e109fcddcecb33fab3f8bbe13237f1251890ac37f8b5c6806948e5b18e6ff6c

C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui

MD5 cf38f045ebe04ae053ae31ebecabc0ef
SHA1 4d1ef2d634c263bf93f77dc82c35b3707b1d8a37
SHA256 97c23b39d78535f18d1aa22c3f66fc7ac26311ee62ff83a7878fd3a4eb759ae2
SHA512 3e47038dcd23742ae384240642ece150b44bacbf000c167d8a2fb5db49e402bf36aaaa44e269eba37982300df5d0161b1e652f08d1da3c2220ee0de2019320b1

C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui

MD5 4eaffb1213dd8c67ab69ad2e16d45d72
SHA1 3e1fcc40f2ba576a64992573dbba1e8a560f9c34
SHA256 74cf84c6deb5ccfcdf4505be223d197a81d54d5dfafe071dacb1b7284085cef6
SHA512 8f19297a12b356215ab33acc6c3bcbcf29d519601af1d5ac214e7ba2f3c514f6bd6253b1c4c6c42bfd8e289054a5f78b130d2e30a4bcf1e88fc9dce6436ebdd3

C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui

MD5 e66fb28b185b797d4c10a67385b72cae
SHA1 63def84dd53e6d025a20495bec2b0f42b9b4ca70
SHA256 7ef3e489b7c8569cc34e36ba911a7ee355adafafe50585e0d2b76305ba2d8e60
SHA512 d5f28684501bdf195fd36b9f64f6e3a25f99c1a98486d240d95470ede09a50e5558b000aba0b3006df788cca14f6ae64a4dc783d14de030716f8e09496470a93

C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui

MD5 b1e0e3d8ba7a9e40d7fc19c856f9ee27
SHA1 6e1171b55ff5b58638009c24f609bf7057281a5c
SHA256 aae74d756a3ad026a80785e88d2834433399f4defeb0462cc2c5076f202df9cd
SHA512 2b1223ac35d8c73f0d254952e77101f94f969e221406d4314053da188a55493cfff998304948a3c8c8fb34f5122d587ded6c63fcf4283869bbd0c4d63b349671

C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui

MD5 3f7fb0f0345c35c4abee021827d49ce6
SHA1 2cd339e7d3aa08378a72f76297f2d3383c3041e6
SHA256 461807f401633a757e66286fd5ac8dffa97335159af29ed8b2821ec32d2f57b4
SHA512 7ae07ebf0297c5a2dbca0045ff238684ca168c1e712c01fbfb847276f5b3f53f958f29bb2863452ab073888d15522d663623a459ac716fa2db8f016603837b60

C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui

MD5 cbe45cbbf96ee9c12fb108c86d1078e3
SHA1 8357ae7d47d17f73aa9ea9e1b629e2cee4f97e0e
SHA256 38a50ac7c6be488bcbebf1522abfb1366e659ba779b6177b843eded3343e2c88
SHA512 638aef52e8a9cb0415f4a70ac1b6de44da5fe0ca6b5cbe0851a183adb69821128205db630051a7bf7b6040f35f65d720e2b327c28da4b156f00e9142786cdce7

C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui

MD5 9b1a8f57192236f7e6bcbb982ac3a722
SHA1 596e7f8b505fa2c9bfe0fb347de77fb6587d25e8
SHA256 9f56869246c56348e01ed525f6cb114e28de0f31979627eab25a6373482093b1
SHA512 edac31cb2ae089b413e15bbcbd8139a3ae811778258d865cd2f9b71b78bacc573b92cda44eef759ffc7c9aa4e9397a95c26048efbb762f179159de0aba507bf6

C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui

MD5 38cbeff3b96144852be3cbe42d8ff665
SHA1 ba3bf790915f34283cfe9c3edc07247354335783
SHA256 2ec7b56a98c538fa3136d25bd286ff30081bdc16a749d9c5b751d92aab003fe4
SHA512 5fd1fbad2d8d4a1b1512413a6a944df54c5b51d80bb3951064b7d3d54382f8f39e4549cb80d797da4f73c028bba1c55d32107da77136d85a786bfa92957e6fa5

C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui

MD5 b88e70474f23a02b20891c0f5e0f78a3
SHA1 5fa1ee67e1a3fcf7db7f9800018badc29d08e886
SHA256 980d17b8365fbbb7ba65b93f40bcfdf9cf6ba383f211c52a04255036a19af0c4
SHA512 00e4957d7e1dbdd3b8069d21295787a7846fda3817a94ab88e599b30795846cef8763c0d7b218d7d09afd4668459187b0dbe9cdef46b07943e79f45995f3486d

C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui

MD5 ef3dbff19d2983df33a6470413dbfd34
SHA1 b83182a74ff8a94a64d1670a1480b1bb4fccf092
SHA256 5295d48fb2532968af34935ddc344469f18db822286afbc0dfab3dc94003b52b
SHA512 c6bce241b0c3a9e0e4b012007a265cc51b18d8e34548e02012f160234c7baa4c488c0eb6a08460b88d8ba072c842fc803d20358da563212d4d9ab75cf7f9357e

C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui

MD5 272c13c45a5a07e734e7c78e0dbd71b8
SHA1 9372504d3e817b7ebe9170e2667d2553533c9dd5
SHA256 9f1bde6f21a5b9b41c08990cf9146b4c873b3c527cec7784cafa10c25236879f
SHA512 3913811aee9818e567b5a0e53eb90a96baece0bbbe4fbbf0692b8647080a0b9704a6c44d7747326c03868516e81a41d5ca7218e81b40b624ac4074452c54302d

C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui

MD5 79e545e60ac332905855cce9733d43bc
SHA1 890fa9cb63123f9a1f7a6cf81568dbd372091280
SHA256 9daafcd7dff00104a892cbf3fcdb753a6d44758a5ce4ae61e6c40881323e097b
SHA512 ce6f5a48beccd8e85147089f249a919d8d03beab497dcc17aca61ae69332a6bd6fd91d90bc8e10adea0669b524a1d74e310615b23d6fc86138ff854e58a013a0

C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui

MD5 385b76cc0099691e55302662d1ee51c3
SHA1 8b718a233b597381df977d0ef93401dae9d48eeb
SHA256 21f7df1083a5b7242f0baf345d737fb5080b9ae47aa9728b7d5d344632f5cdcd
SHA512 3821195eb54c06264c93dce35cc35b46c7600ff3d2937a857cfc795b8934f6843555cbef67e1013da4973681a1e484c075db4d3f3afad97e6e29151b465299d9

C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui

MD5 5f0ad0c0e6b3d2b18fe90b061382a5ae
SHA1 a23006512aa2c1400838ea7e8237efb2b6b65976
SHA256 9d7c78394f90ff2b6a140b6a4dcfef0b93f21869f42ae777470339ae26a07572
SHA512 2e2b139eacb2db2cd8738ab47fc7e2dc28a6b87f734e316e0f742a56eb10732691ed4e2aa0592a1a3bc333ad6aac6de0362be7cc29fdf8c068b8e595c80b94eb

C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui

MD5 4ef03b242aba7f6a2327326d4044e20e
SHA1 7d0ea045c05beb5faf1edff7c8291120a9c28605
SHA256 99fd7ef9b3cf83b0a5cb4b5daf30713a17e3a73ccb2216af2f8e5b0042b9ec0e
SHA512 37db7994c4c0cc74f20e1e73033d5e6f191686fa2ee74b7a4cb5e000d97020ed08ffb3d035e89533dfc59ccf0c2ff860dbc558835cff85585e3aa5b055e0e2be

C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui

MD5 a239a8da344041e3425fcba491fba663
SHA1 cc844d8493407e3ec93ef87bc076c93024b7c12e
SHA256 5a76133993ff91ba5b3616ba97f565d1a34ba61e8473ade2c92c5e9e3f48946f
SHA512 8d2029f14e13ed5b113316ae4a227363cc5cda06524352e59c2816530ee5a34ecaccf58b23de74dc0ffa296a121e1b0f19705aa70d31db421a1c4d0270e92aa2

C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui

MD5 e2098cc1deda5123cff05d1861c4c32b
SHA1 f12771fa98d48dccc464d68059b5272f25893b6d
SHA256 b28961d3f5019aebf21c88011ade48f4bedf64ef64e0af8a0dae8a051d0ba1be
SHA512 82a52a1997f5dafc22aa6b1d621b630ee58ac6d395d108d51b560a8b21a4ee86fdf05ec2f6c61da574240c9bb0f90c13055680eaa75dd24b32fd6d2d7dbbc48e

C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui

MD5 29c813035e1ed91f607a339ecf33dd2e
SHA1 88795de468160e0e3e584941a1eefd555401ae54
SHA256 856a95d8b094277634af0d9cf41727edb669046543f735e974d275a00328ca06
SHA512 88e07ad417d28a1f385c2eb65e9246abb11f40583c26dfa17ddca139b80a67f1af2b1912394780e9d13f1d42a1daf8c99d2624a554d416b2684e48293d93537b

C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui

MD5 01f48b2bcc317cad67a2b17a0e0faa02
SHA1 bcad349036a01170ebf341eacdcf46245f9365ae
SHA256 a39a429656c2e3243e66112ca9799fd24aed570bf642b9faff16eddce76a34e6
SHA512 07c52e52effff3460a1e8a3683d460ae09c98822a33048f9da5dca2311ff8433ac02dec26656cdeb50c0fd1a237b9e37ce70078d1853942623b3b619bdd19120

C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui

MD5 c1b0e4d80ebd7889b0cc5df968de5101
SHA1 14fba10d61785bb5388248433cbbd7e71b205562
SHA256 be7d593be24c367b9be7c9df4a11a5fe2bc2002c863d89118a60064f68edb40b
SHA512 7b60502fcc4505ebcc8c2e2c679a019dc20c3e2c2f46f17f21f32ada95c9c4f9abaad0de462a417f1b0fe4341de358a166e20d2aefe5f3fe6d6ad04fcf8e55cb

C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui

MD5 f34028718287956a93f5dc67b2085947
SHA1 bc52772b785bc929094da7919fb1891fb5c148f8
SHA256 c8ddfab2f33ca2ac984616aba4b790d912bf5ed521061985b07712de2eeea4ea
SHA512 33b1e9198ad4c2c601146514bfbc2f6e95a97e2c807a81f0ebb291810b5913bc174a374e975c5f75f50408450fd8afa2dcf5ece256cef214c2c4674392172021

C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui

MD5 ffde6d700a4735b1c4baf143a408387c
SHA1 d11d047e9f9473e71c9049163efcaca0584de147
SHA256 ecec940ff1292e37df6d1ed6c505a08bbd96b12f5a07caa679ff1164f4745dfe
SHA512 3ad6c9361d8f34340e7987ee8b56f545d7cea1ddd2811c9d9a2bad30fdaa102944d3a3f77d030e751cee92ea73247c2dfe00790039b2bb56a3387108f1bf7b10

C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui

MD5 fb7689ba009d2578b28600d61c6b5427
SHA1 2344901f13406d59c1b80545397efacc84edc2c0
SHA256 7c8878f0c21ed783304e91e812eb65f80e5ecbcf904c7eded9bce98e9cf94076
SHA512 99b48fb33b4e2c3d02acd100c50dd7380319ead6b6366591bba154ed4538e2b5328f1f73013283e6a2ddcae46ad5bfdb59fd18c7458417076ce8b0cc3bcb3512

C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui

MD5 2b257e472a585f8a98f617cf5cdd8497
SHA1 891c6e950e53d9058798a5b15cb0cf69a1f85078
SHA256 0743c82b120103624fb082410da8857a6e22cc7febe3b16fce2930832258be61
SHA512 0f6d318e120e8ab75abb7b562872f9ec1277a0ddc9aa1d1d01bf99966b378209b22631afedd3d73d96e0f941110e057d4c6709d2ad88ef9318cb33fddbd2b648

C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui

MD5 a9580da5fc7403f6683206cca8895f41
SHA1 1271064735c1d6a12b44d58486ce920a41423992
SHA256 3a5967b60e60013bc0ec443ab3922330ca6099a14e45ed757882e9c1b196e4cb
SHA512 1758fcd8a5e2f5d32f84b12c9901285d6d5799413d32cfd5689386d1d8de2148ce4a73c3462aecc8cfe1f1352be06f4788f0a281df4e16200042ac5d0aa64be4

C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui

MD5 6123182275dc5efbd1e5e5af4071dcec
SHA1 1c27bb78b5a2c9c116ad655c724776af1c367735
SHA256 fbb18df1040819b8bd008208008836faffdf75843cb03b1e45e0e367871c5a5e
SHA512 0b5f09467e71fef6408f846ac2b574662dacff9eafd3c77ec182b619bc8f26e056b37abd312344a601c891afc8bcb4ad6fee4b932feebd7f5cac489e35ba9d26

C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui

MD5 5422abde5c44486dd0170c4f2b536c01
SHA1 3e1d4e8d7576fb6cf95fa0131d446be089ea2e39
SHA256 6be00bb1c9c8ebe9d77764be5a1aa73a63b702f1ade77df3f68e48f5a5fb03c8
SHA512 5b32c1d546babddf2440b3eaec2bb5c876e5a0cff958dd7275e8f652e4de65db265ab2798267cacbef0f31c9d7ef78872a62837d6f6f40b368ac2da3b927044d

C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui

MD5 eb2d6e96a61f0ccb3cb7bb82581ad13b
SHA1 f94a9785852e1085c7984d42a906bcadb28477c6
SHA256 184c5bb9d6716951ed69f6217bf5e3c290162290fdd4854dd9a07c9e22d8101b
SHA512 72c0a621e79a73104f018333daabca6a714c253e4b7899ca28df3f1054b467793a211f7bfd25c980af621ac7edb37db002297eee0514bbda37d1aad2a5db621a

C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui

MD5 0c38ded3f4454142e03e3a9b12f998c4
SHA1 c113150509a35969750a7638ef9d8e9e7aec6650
SHA256 303c763c6316026c319b30d02ec1edd34ff1ee03421ddfe1ec514e3db5335bb9
SHA512 45850dabc3576ebde1fc943fbc7e26ca11060ce841e6e53c547c72b19805f99769be56b471474ae5db33499f98c84e507e2f4139e47956fc4fabc0416edd2821

C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui

MD5 77e2591eefd957feedbf2b26f6408c89
SHA1 648fc7457b93458f118c4f484edafd0d20c5f030
SHA256 ba0a0856b41df10e2ac668d976e1a1dbbfb0d2237db6d9d7abb9adf646ce3929
SHA512 9030764f30b3084c2771684af44cf3e80b2c2c77062b80f2cc26b7974b226757875ce2433d35f3c3074ff3d856f215819fabcae5975dc1736122db73e32e8aee

C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui

MD5 1bc85abcd2fba4bc7988c57fd7a805ed
SHA1 99238817bd68d76a2fd42016999ec90342c60fc1
SHA256 b68dd33461ae3d67bf215678c3c9ca5a41c62113d02d88f3692565c3804deb48
SHA512 cfe77ff6775e018f98beb8d21b6de9f9a06722cf7f82a6849fe28783c70d73b1d287f993e3f3986f52bf62952d5fd3d4779b6da14b207dbb745b8663529d2580

C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui

MD5 89b356934770867259b61d1c0ac382f5
SHA1 268e82b3a3aa10f8ee902be9ed38c6ff1df77211
SHA256 5b96114d6d9988ed971e6de9e2076702c8f8964eaa7018e43df2dc83c71247d2
SHA512 e2088c85ea59d5e74132cd10a6f97661fd81fe650c45e79d70ae4009f74d4161f2eaf02d744554badf7330fe80f52299ed17f3e07919846ac5d0b893291edc54

C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipTsf.dll.mui

MD5 bbd96731d5e095079ae202e4ceeacb88
SHA1 764e6789e99de901c369d3385f75d2efb4ec1176
SHA256 a9c311837313612bd4f662e70cee3be156c06263aa8ef90c919955a308e8eefa
SHA512 2d49dc64714ee2ae367bab4c1f3c10fd257c601e4e410f4a5560f402cac9b700f6237e4eb5963a034aeba6c83259aa775a99fb6c972c673417d9d1de9083940a

C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipRes.dll.mui

MD5 815f5934f4e278ac43530be3a8f6d24c
SHA1 4736718b2835414c6989878336f854299dec1f48
SHA256 602cb832d92c3f514dddb0193347ce0a23bd0e3ed9d5015a3e64efa2adf56fb2
SHA512 0b344b8617b01ff93d819ff13feee0ffa871f3b8221cc15c19a29995a8765bb1c29e1108b34610b10fe58db27467658ad89706a11a994227c8329ad55f070190

C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui

MD5 2605e0965b4222ed0dd06d391fc8fab3
SHA1 64eaa8def35c209f6f059499a9e3f552ae3b563b
SHA256 35ec6811de22e120864841d58650fa114509845589b0809c4b7d3e2f8f8c8640
SHA512 56a9d1029bf05330efeabec513cc6b28bee0034a7bf3d603593e0823cb7d19829fa8e409f3374408de2bc3201922af94753e481c61f2927ab47695c511556d54

C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui

MD5 404bb8c90fe0b770ed3907c99d17dc85
SHA1 bd4380c3381560f99a1cfec08798be389e7a161e
SHA256 e46dd817e96db1b01b84481c9c6da9e6a1f3c3409c600e341baf779b9637a627
SHA512 3caeda44e6ebbf9c15dd65d76d52bebe5e1dc1a5427c47f1f5d1164081f5596875b8c50a9855e4a06ab17db178d29650e2682377cc328b0c3871248d0fa49762

C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui

MD5 e2460710d5e215c14ec84f440579a8f2
SHA1 aa87ea25b44e073230690aa4474805e8bdbf022e
SHA256 fa906c5e3e5b7082ad9ee52d6cd434730c49953f789e785f1e64a4ea900cbdaa
SHA512 fa9756d03abe7592d1adada085530e4027c9af961d89a45113dd03e44d44122f29b3dfd4786490bf0326cf6950138bbeafe5d88f3c6974290ef0cb1438cd32ee

C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui

MD5 7aec9e62293b364caaa1a3cb1de30b27
SHA1 df58e2b6f77c0ac94e5a865c1c86169b9dbe1772
SHA256 b09e0f37d080f9cbbd138960d58ae671e56627803fd258e3d47ea0132b0b097a
SHA512 9856f6d316b6144a08db1623024590cc7e70e4ff99a23e0a740a1523b7d1661cbcf4a49f67bfa756fbabddc2ffdec1137fc7c4ebd8111d958e79d35e16794cff

C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui

MD5 3bd8df4ca2e8f22387424a6eef4d0e20
SHA1 ad7db36ac1a4edd770391197490d756ccd37ba39
SHA256 6d95c7a2a371a311a0b4cd50fc2273673cefa5c78eb2cc4f5cf6ea72377c666e
SHA512 7bc3fdbe993a4bcf5b3f414f596a72094329922d46438aba5f73dfb0bf5b478df2a95aea9e827033584a9cef85dd60eacf5e8e1b8137508a255b506ee243da39

C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui

MD5 8ef21be2512aa6fdeb076258764cd4f0
SHA1 9c16081620327879c2eb54d7d7410c41b958b849
SHA256 2071e7f27f8d502b0d5ad0033299c32daa518374fe577d3478188cf3d64808bc
SHA512 b9d1aaccbe668942dd8b58c008d357bb8a13bb0cca65f8cde4ea32de698577e1755bf148980a45adc4461cd1f02ecdab831c5d86f0162542240b37dbdf7d20f1

C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui

MD5 a5a0c370b8907d1d20bd949371386520
SHA1 28d5f38f1a416d5d1eea08e59dabd38c701c9540
SHA256 6468f555b0d33217983d62b947f1470faf04a6bd107a3f37b9226d58aed554af
SHA512 6e4542d0b132a8fef71eb14b8460c95da3e64b4eea18e5d75fe86252b803fbce20124f13ada967e8301625bec53aedf0e13edd78d3001343f8c4a7bb11c5a5c0

C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui

MD5 964654a61f7129d676d3f504d953c58f
SHA1 958b8785e667d0cbfdae2c53d36ff4d8c335d729
SHA256 50290df72ce60355a4096ab8768f989c2e3221ccbddb37af1d4a985ab373b40e
SHA512 05c7d552ac40375aa2a8d6b87d8561637c9aaed8cb9b8640017cec4ac2a9f735dd253507060f3cea1b05513a56358322879f1b62668aa6972fa966528010fb84

C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui

MD5 2bfeaaf993aed573aab9dde9714ec80a
SHA1 74f647e51727e71d45d325365e52c3487fef3192
SHA256 f5865917543b47fcd995314b4f1cab32a29dce2adcbed6af9deb0bf5746b0691
SHA512 0508665b82eeebbbd7adbca1ab6c717aad62f62e73f0ce7476352aa0be3d4e4f50d9b3c54f96a89c699c0a3b767bca9f42def050eecdd70aa4a61d08de3b26ac

C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui

MD5 a85b7963e716425c8fa117753aa7f4f5
SHA1 d997e4e3b43e36a46f8a6abe69f42993abedf846
SHA256 33427b54a679f97ae091cef62bc6a8282a05fdb977b8fe115d199ef7ace92f5e
SHA512 bc7382fd2364fd18a62b610832163aa7d9110a4600787d8aa0d68188b23ac5c2a4994556a090f73099e7f413effbcc98b27257f56000f95290cbc6b9e7756709

C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui

MD5 812d8e1c25fbc6e8a8293215233f80c8
SHA1 b6b96f89a356cf277b1b058912314509b7a5d3a6
SHA256 fe65fa714c288ed7e0b535048ca03281153441a42ddef727e71a4f7628c79d4a
SHA512 b8c5e8e8a4d4c3578110688d92ea08d4fc27b6473f82b4c5a6138c5d2b97380354a009633f7576b4010dcac4b892c2cf6b392b72c324df1173cf3700bab65f0f

C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui

MD5 e94b2a1860ffbadeeda67643439cd554
SHA1 1543ec0b7d2a28126beeb5dd33af945bd8ac6c28
SHA256 5afda5b7ca3dcce818119599b370bd09cc1c0fb91d1fb64fbeb4f674f2233138
SHA512 b462b3b53c5bb76777b9ad82b53ec8f778bf1280b32ad8d50312c71ed6082432f785114fbe5c381763c5ed755f63d3577bb8bc1c3957091e531f00c649b5d5e2

C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui

MD5 134e481f98b04f5f95a73e8a082c4dbc
SHA1 5ef7c17ddab029bad5acf839147ea5fa5aa27082
SHA256 3d3422e8c8b4d54f916a24e0f4112a7dcfea43d717cf29d2e5f1ca7dc5d06118
SHA512 6a26a722298e98f31977950c4f7ac6f907b481e0edd1db6591a41312b15f66c979b02cdce9821ef04c5bc2b16179a849f6abf948509aad57afd1bffd8ca6d4f3

C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui

MD5 951c924de5ed5c2b1f3548604846852a
SHA1 014b9134c167637c5f774e4680ff6ca6bde0d1f3
SHA256 793cbf3fa1e9245a72adc25541750cc202e413bf5033338b6b60d877eeb50ad1
SHA512 7fa3559e84328add2de06189ee4eb32f71cea117fa1ce27e4197af28534337567bca8ca17279301459cdb248c9f4f9c619e3178620f4718215372214952299e6

C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui

MD5 76583b04d1af38b192e57a48702f1c57
SHA1 15cf3b6e7c0b91908bca8050c5136c66b01c51bf
SHA256 4e22b9feb5e63461c8a619326f374f301dc3f5e4a13b20318abcc9b7d2b2167a
SHA512 40911ad53e019f0a14dd0ab5baaac1784fc4b8d848f0e5c8c5177cb033b7627449420e9f367b4051a2823cdb270a6cb12b2dcbcbdbe082f49ea71d7f5cf92df8

C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui

MD5 c22e380502412dde47e4c6c896106145
SHA1 2a1dccd5db48fa02344bca03a1125c7be97a4d70
SHA256 fbfa9d252c6832b92b3479ad4a4b21c726c8e67cd0d6e292d521615f9655418e
SHA512 e23e055db2b4d5619f8011a3e415a3b7e33f96ce579ed2373e5f867d37e77c70d27c0fc00c9447f15ac9b1071ca2dac33421bdbbc2eb2db1aa3e48c73b6f8006

C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui

MD5 84c9bceba1c50d2aebbebef5784a3b74
SHA1 7fcc20307021e216eab74816789232cbbe5d7c65
SHA256 ca1607f2062f1e3c2b57990232548924bff22e9ffbb74e4c74b1092fc2e33a2e
SHA512 a270e809c8a469bb87e150dfda5eb73c93473da15e7b9b2ac36fc6978adb0e47b265caee1d1b9ee70ea45aca7cdef95f9a61682bd3c71e6cbd24429baed0f2bb

C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui

MD5 bd1f3010c032269c2027c52e62f8f02a
SHA1 16306756e4fe511bf3a08dc40666c030cba80068
SHA256 67ae8503592e32d000c0f9c3b9281a7894347b88b7db0f7969c39bca893ba2a9
SHA512 92482e981a0763a2d0e806732894c074448cc9d37c7af70018dbd27fb00d58f7853c688105b8ba3ee02fc3ca50d66be67c9ba36bb7944a0cca700c71c38f5807

C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui

MD5 62f4be15fd206b9de08ebbe9f7fe38ac
SHA1 583118ae1a14e33a53f811a91e5327440a9434c2
SHA256 b92bcb9b05c5fb7e1774427dbec53121416bd9c3bfac10ecd7195ac3abef2cf5
SHA512 b4b5a2e6f86fad8a7f64ab8418f5d4755d1f5531cf03c611e8d969bdbc2eeac0a2eba5d2eb8392deb74702872e9c6a897ec37af6486d0a3d444ac3b1dc539a43

C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui

MD5 c3e5e41f8f72df3b384b39468fe7f15e
SHA1 efb16036ce664065e5894ae6fc84533d5fce9be8
SHA256 5e18c36f0042dac1f1f2d5c3bd3df9c78e2004264b8e01dcafce31b431bbfa44
SHA512 28db0846eb7f3feb8d2523f294510340a085e497ef82fc044bfa166e3e9b9eda74b19bcaec653185bd91628b14e0cb4d2abf21b48294fa5f638bd63edffa8a01

C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui

MD5 ca24d9d5234a4240a320a42afd8ebe27
SHA1 f6f2f50f30fb5a321e97642a4591bc788464ff46
SHA256 8443f883cd1194f8d1bf273e28816e74a5c21f00506c4cd4d24a962fe3a9b6d7
SHA512 8047d0ab4d68ea2c29500a0ffcf3b7629276bcf646b4775af2b0d5c8770ce4b073a92e8ccdf1154d54fa1afa47447c67f1630403d70eefc56563b600e2a5ef98

C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui

MD5 ff4f9a5da815fd58bd3e86f95718fa25
SHA1 6bb4eae7056f0bb3b2062da266a2dbe3fe9fc599
SHA256 b9dffd509484e9453f1fb601de28c4c081733f0e820913d24454eb19b2c243eb
SHA512 08497fd2f64f63213e1778330bd9903def12a59f115a89289257190075957ec154ff9412123abb3b8ae95f9308bbd536e18b891405f808d73f77635403a82201

C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui

MD5 6a84dc7f28ebe85654c2da0e7cc62b55
SHA1 86a2c4632722df638efe1c086744f9610adf3ba0
SHA256 54c81ac87cfe8ef520c54a573ab9f526b2847661f432b506fad78a8972e29b70
SHA512 dc81a5aba392f99450bd5726d9756d4dc63e9908923dd17babc8b311f19c37dd57c568e6781cc91eecdb94967953ceaec0a454e13c0d8fd51844bd4bd8071cf5

C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui

MD5 318169eb27c7efaffb0f6e79bd89d070
SHA1 3b6c2521b765d831134de9f2d9970fb210beb8a0
SHA256 cea076fd942e9032d134abd737e6935c2b9ffdc65666cfb6e24cd9420b4bcff4
SHA512 6d9fef1b725698cb1076447769afb265ae94f9f9190f8d5e8362e862ba31f9c101ce863edfec953c0ce46d2c24a88017515bd696fa85f8cf6f969100c513fb18

C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui

MD5 c73a7bbb22c55f669527f4618a9bd2ef
SHA1 236e74ae3bf6e388da446d18a2ec1f0457e5062b
SHA256 16aed047a7c43d17ebb26979bfa3cb83b984921887fc4d52b014a43be30e8b0f
SHA512 94aa6b65964814d500d1171d9fe2a13f7d04e71b4c0492c943fa88ae5f0ca34f6cfdf94666c81ef03f5d4ed676563a737271214e6d78fb6b1d144ac90b87142f

C:\ProgramData\FCCF.tmp

MD5 294e9f64cb1642dd89229fff0592856b
SHA1 97b148c27f3da29ba7b18d6aee8a0db9102f47c9
SHA256 917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2
SHA512 b87d531890bf1577b9b4af41dddb2cdbbfa164cf197bd5987df3a3075983645a3acba443e289b7bfd338422978a104f55298fbfe346872de0895bde44adc89cf

memory/1096-19687-0x000000007FDF0000-0x000000007FDF1000-memory.dmp

memory/1096-19685-0x0000000002650000-0x0000000002660000-memory.dmp

memory/1096-19686-0x000000007FE50000-0x000000007FE51000-memory.dmp

memory/1096-19684-0x0000000002650000-0x0000000002660000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE

MD5 cbc9870c41863a3b2b14cf119a401401
SHA1 3dcb1d56d81ebbfcb5297a78945a90716fc206de
SHA256 19a708e8bc352cba61ba88426afce971f1a16f44327a38df00151697512bcec5
SHA512 ce6704ffe83a227bdac02d5bca846ee16f0460838f5aa938174abadacfb41141d93587fe4473646537f48cc9160fd6e7023b3c095a5ebc030b818a1c2dbc9e95

memory/1096-19683-0x000000007FE70000-0x000000007FE71000-memory.dmp

memory/1096-19717-0x000000007FE30000-0x000000007FE31000-memory.dmp

memory/1096-19716-0x000000007FE10000-0x000000007FE11000-memory.dmp