General Info

File name

Kompatibilitaetsmodus.exe

Full analysis
https://app.any.run/tasks/20a87cb2-70de-425b-972d-0ab97056476b
Verdict
Malicious activity
Analysis date
6/12/2019, 09:57:02
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

ransomware

sodinokibi

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

455c560d6e7805e0ded22ff1c51c2577

SHA1

67476bf5183c4afdd584511f170896f91c180a56

SHA256

b2ff63f76aaeb73b02777c3b79022ba5a0db2d44f61071af808c4074e88ed6f7

SSDEEP

12288:WBa1UgYgkoBcD7p3GvSBEBiBFEf4I9d27V:WBa6gl07SSBdFEp94

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Renames files like Ransomware
  • Kompatibilitaetsmodus.exe (PID: 3252)
Dropped file may contain instructions of ransomware
  • Kompatibilitaetsmodus.exe (PID: 3252)
Changes settings of System certificates
  • Kompatibilitaetsmodus.exe (PID: 3252)
Sodinokibi keys found
  • Kompatibilitaetsmodus.exe (PID: 3252)
Starts BCDEDIT.EXE to disable recovery
  • cmd.exe (PID: 832)
Deletes shadow copies
  • cmd.exe (PID: 832)
Creates files like Ransomware instruction
  • Kompatibilitaetsmodus.exe (PID: 3252)
Adds / modifies Windows certificates
  • Kompatibilitaetsmodus.exe (PID: 3252)
Creates files in the program directory
  • Kompatibilitaetsmodus.exe (PID: 3252)
Starts CMD.EXE for commands execution
  • Kompatibilitaetsmodus.exe (PID: 3252)
Application launched itself
  • Kompatibilitaetsmodus.exe (PID: 1520)
Executed as Windows Service
  • vssvc.exe (PID: 3520)
Manual execution by user
  • NOTEPAD.EXE (PID: 3848)
Dropped object may contain TOR URL's
  • Kompatibilitaetsmodus.exe (PID: 3252)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (42.2%)
.exe
|   Win64 Executable (generic) (37.3%)
.dll
|   Win32 Dynamic Link Library (generic) (8.8%)
.exe
|   Win32 Executable (generic) (6%)
.exe
|   Generic Win/DOS Executable (2.7%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2018:04:11 09:04:23+02:00
PEType:
PE32
LinkerVersion:
12
CodeSize:
215552
InitializedDataSize:
582656
UninitializedDataSize:
null
EntryPoint:
0x7a14
OSVersion:
5.1
ImageVersion:
null
SubsystemVersion:
5.1
Subsystem:
Windows GUI
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
11-Apr-2018 07:04:23
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000E0
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
6
Time date stamp:
11-Apr-2018 07:04:23
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x000348B0 0x00034A00 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 5.73595
.rdata 0x00036000 0x0000BA04 0x0000BC00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 3.59227
.data 0x00042000 0x00078650 0x0002A200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 5.53014
.idata 0x000BB000 0x00002000 0x00001400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.09516
.rsrc 0x000BD000 0x00005CE6 0x00005E00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.5123
.reloc 0x000C3000 0x00002C52 0x00002E00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 5.63348
Resources
1

2

3

4

5

116

Imports
    KERNEL32.dll

    USER32.dll

    ADVAPI32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
45
Monitored processes
8
Malicious processes
3
Suspicious processes
0

Behavior graph

+
start kompatibilitaetsmodus.exe no specs #SODINOKIBI kompatibilitaetsmodus.exe cmd.exe no specs vssadmin.exe no specs vssvc.exe no specs bcdedit.exe no specs bcdedit.exe no specs notepad.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1520
CMD
"C:\Users\admin\AppData\Local\Temp\Kompatibilitaetsmodus.exe"
Path
C:\Users\admin\AppData\Local\Temp\Kompatibilitaetsmodus.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\kompatibilitaetsmodus.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msvcr100.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\mpr.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll

PID
3252
CMD
"C:\Users\admin\AppData\Local\Temp\Kompatibilitaetsmodus.exe"
Path
C:\Users\admin\AppData\Local\Temp\Kompatibilitaetsmodus.exe
Indicators
Parent process
Kompatibilitaetsmodus.exe
User
admin
Integrity Level
HIGH
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\kompatibilitaetsmodus.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msvcr100.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\mpr.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\drprov.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\winsta.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll

PID
832
CMD
"C:\Windows\System32\cmd.exe" /c vssadmin.exe Delete Shadows /All /Quiet & bcdedit /set {default} recoveryenabled No & bcdedit /set {default} bootstatuspolicy ignoreallfailures
Path
C:\Windows\System32\cmd.exe
Indicators
No indicators
Parent process
Kompatibilitaetsmodus.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\vssadmin.exe

PID
2996
CMD
vssadmin.exe Delete Shadows /All /Quiet
Path
C:\Windows\system32\vssadmin.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Command Line Interface for Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssadmin.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\vss_ps.dll

PID
3520
CMD
C:\Windows\system32\vssvc.exe
Path
C:\Windows\system32\vssvc.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\atl.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\xolehlp.dll
c:\windows\system32\version.dll
c:\windows\system32\resutils.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\authz.dll
c:\windows\system32\virtdisk.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\samlib.dll
c:\windows\system32\es.dll
c:\windows\system32\propsys.dll
c:\windows\system32\catsrvut.dll
c:\windows\system32\mfcsubs.dll

PID
3696
CMD
bcdedit /set {default} recoveryenabled No
Path
C:\Windows\system32\bcdedit.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Boot Configuration Data Editor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\bcdedit.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

PID
3784
CMD
bcdedit /set {default} bootstatuspolicy ignoreallfailures
Path
C:\Windows\system32\bcdedit.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Boot Configuration Data Editor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\bcdedit.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

PID
3848
CMD
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Public\Desktop\rxh94s80-readme.txt
Path
C:\Windows\system32\NOTEPAD.EXE
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Notepad
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\notepad.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\clbcatq.dll

Registry activity

Total events
481
Read events
453
Write events
28
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
1520
Kompatibilitaetsmodus.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1520
Kompatibilitaetsmodus.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3252
Kompatibilitaetsmodus.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\recfg
pk_key
FFD8B5C52E3FBD5005462249ABF4C09CAE4E095BAC4405D028FACB3070D46C17
3252
Kompatibilitaetsmodus.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\recfg
sk_key
E7C643FD2CD84AE262F513A34EE75476E2705133DF2D9F577842CF7FB7E6BA6E65EFF6858A52FA93720638E75F49DC2B8DCEE3404AF7304E28F7F8BE218706DA9997C115F277D2BE071E2307B4E75731E3E8B68A0519B2E2
3252
Kompatibilitaetsmodus.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\recfg
0_key
9B3867CC74F753B4A63DDA10B3358D307F6AA10920C93DE59B2329DDB3D55396812ABB0013C312F392F2CB4968CA46F3C02C55EC01D13F170E27AFB56B735232BA965A3112A0F731EF272DF16EF3EA7BFDE262BB7A333FB0
3252
Kompatibilitaetsmodus.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\recfg
rnd_ext
.rxh94s80
3252
Kompatibilitaetsmodus.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\recfg
stat
5C2CD9703890B7D84303A949CD6213B855C1581CFC376055FC8D4AF8E7272968D0418AE4173A2DA7D5C23149C06EC9EDEE880CF908AAACA62DA532E623903BF56D7424761DC26EE6F56F732EB74EABAE39837E78BDAF57D2D6BA43483EED935D12B1D5310190C6ED04E2897636334FCA4F664BF6CE550F7369A72FCC58BAC2F4430031C77121E07C50B9D6E7A9CFC780FA07F0E4A6C0260BD7F075E03122E1FC68D3F8E7454E9D0189DD5E047F73DBD8EA6500031DF59347A3A39B62023CB16997AFC5E1A6E4EBF7877A41F8C084578C17E7E5F2826F7D8B1847A3C85455D39286C038328BB11DE312E2745F2F3346F789087C705C855412E83A17E4CFAE879E57C52049232DD270C750A23865473FC091EBC2B2307454A6E4DF19E94E9D24E83324AB3E72121F7912B0D592AF49DBDC19367C0267183695BD2FBF73BD929BC6392A60FE3F8EECABF7AEF63CDB1CFC50881BCE3800E4C69A7068AEBC44FCDA1B9E7A41A24EEAA6376BA7DA4516481CB17A5B02DD80A01C278C897C7E5B30B6859F189C877E613EE06F5441ACF086B296A12AC73215F38574A1233C9321217A663355341B23A10A954520C3171757003B5E3DC40745F987980E85768367A9CB299112D81F27E50AD627A3CE13D8B3359BF85F3CC271B3E5061E9FC99E85DAB8F35B83756F49F8C5059A59BCDBE754E8DC3C84DF07116C01C012106BE07164BA0C8808592E37C51C810BC0BEB5E66D47952660DEBA6766FD52FAC41212C083CB5CDA4394BDFDDB6630352EA6100EAC019B64FB5852B615C41A613AAB59C8010F8E8B980034B89255A557976ABA525F6F5D23B2CCC62C8C830935C9FA3EC69142C8F07D014534D9EB9C86976AB175D1B9B19E591A0DEFB474EFEB0E41A274F2F2CB615629694B76D049BEF0686A48B98B35CD00D96E4CF133CA15E964C6612663DC3984037472A8B605C2008DFFA6523E2F635E168D133DAF68DCB5C88A581FB3C0F53B9D0D36C645C2314513A7757182B219CCCECE3F1E5AEA864EA9EE66B003058B82915B58195EECB77CC7DC55B3E72D6FF0CCD826C03DA4349341F47D58C80556BDFBA9B932E7135AC4919F51320606101F85595F57F81D23B0EE7014110C90A18160507500ABAEA8303BB05BD01FDED49E060755D50CF111B983FD5AE8D9928B18D9C447639B0A401E547F8FC2E91A987C6C0F46F8D56101861969730BBC6FACB4D24DC1209C2DC8EF10D8
3252
Kompatibilitaetsmodus.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3252
Kompatibilitaetsmodus.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3252
Kompatibilitaetsmodus.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3252
Kompatibilitaetsmodus.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
0F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE09000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030353000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C01400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB5748501D00000001000000100000005B3B67000EEB80022E42605B6B3B72400B000000010000000E000000740068006100770074006500000003000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B812000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
3252
Kompatibilitaetsmodus.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13
Blob
040000000100000010000000410352DC0FF7501B16F0028EBA6F45C50F00000001000000140000005BCAA1C2780F0BCB5A90770451D96F38963F012D090000000100000042000000304006082B0601050507030406082B0601050507030106082B0601050507030206082B06010505070308060A2B0601040182370A0304060A2B0601040182370A030C6200000001000000200000000687260331A72403D909F105E69BCF0D32E1BD2493FFC6D9206D11BCD67707390B000000010000001E000000440053005400200052006F006F0074002000430041002000580033000000140000000100000014000000C4A7B1A47B2C71FADBE14B9075FFC415608589101D00000001000000100000004558D512EECB27464920897DE7B66053030000000100000014000000DAC9024F54D8F6DF94935FB1732638CA6AD77C131900000001000000100000006CF252FEC3E8F20996DE5D4DD9AEF42420000000010000004E0300003082034A30820232A003020102021044AFB080D6A327BA893039862EF8406B300D06092A864886F70D0101050500303F31243022060355040A131B4469676974616C205369676E617475726520547275737420436F2E311730150603550403130E44535420526F6F74204341205833301E170D3030303933303231313231395A170D3231303933303134303131355A303F31243022060355040A131B4469676974616C205369676E617475726520547275737420436F2E311730150603550403130E44535420526F6F7420434120583330820122300D06092A864886F70D01010105000382010F003082010A0282010100DFAFE99750088357B4CC6265F69082ECC7D32C6B30CA5BECD9C37DC740C118148BE0E83376492AE33F214993AC4E0EAF3E48CB65EEFCD3210F65D22AD9328F8CE5F777B0127BB595C089A3A9BAED732E7A0C063283A27E8A1430CD11A0E12A38B9790A31FD50BD8065DFB7516383C8E28861EA4B6181EC526BB9A2E24B1A289F48A39E0CDA098E3E172E1EDD20DF5BC62A8AAB2EBD70ADC50B1A25907472C57B6AAB34D63089FFE568137B540BC8D6AEEC5A9C921E3D64B38CC6DFBFC94170EC1672D526EC38553943D0FCFD185C40F197EBD59A9B8D1DBADA25B9C6D8DFC115023AABDA6EF13E2EF55C089C3CD68369E4109B192AB62957E3E53D9B9FF0025D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E04160414C4A7B1A47B2C71FADBE14B9075FFC41560858910300D06092A864886F70D01010505000382010100A31A2C9B17005CA91EEE2866373ABF83C73F4BC309A095205DE3D95944D23E0D3EBD8A4BA0741FCE10829C741A1D7E981ADDCB134BB32044E491E9CCFC7DA5DB6AE5FEE6FDE04EDDB7003AB57049AFF2E5EB02F1D1028B19CB943A5E48C4181E58195F1E025AF00CF1B1ADA9DC59868B6EE991F586CAFAB96633AA595BCEE2A7167347CB2BCC99B03748CFE3564BF5CF0F0C723287C6F044BB53726D43F526489A5267B758ABFE67767178DB0DA256141339243185A2A8025A3047E1DD5007BC02099000EB6463609B16BC88C912E6D27D918BF93D328D65B4E97CB15776EAC5B62839BF15651CC8F677966A0A8D770BD8910B048E07DB29B60AEE9D82353510
3252
Kompatibilitaetsmodus.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
190000000100000010000000DC73F9B71E16D51D26527D32B11A6A3D03000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B810B000000010000000E00000074006800610077007400650000001D00000001000000100000005B3B67000EEB80022E42605B6B3B72401400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB57485053000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703030F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE2000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
3696
bcdedit.exe
write
HKEY_LOCAL_MACHINE\BCD00000000\Objects\{345b46fd-a9f9-11e7-a83c-e8a4f72b1d33}\Elements\16000009
Element
00
3784
bcdedit.exe
write
HKEY_LOCAL_MACHINE\BCD00000000\Objects\{345b46fd-a9f9-11e7-a83c-e8a4f72b1d33}\Elements\250000e0
Element
0100000000000000

Files activity

Executable files
0
Suspicious files
162
Text files
1
Unknown types
2

Dropped files

PID
Process
Filename
Type
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\AppData\Local\Temp\CabEFE8.tmp
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\Users\Administrator\Contacts\Administrator.contact
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\AppData\Local\Temp\TarEFD7.tmp
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\AppData\Local\Temp\CabEFC7.tmp
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\AppData\Local\Temp\r2o98xk9o4.bmp
image
MD5: ebc33abc8487c4d80f96fbbc172bdc28
SHA256: 924de6cd23617ee6eb8a2bfe2380e6b000ad6c6740a6ba91b7c32dbc0b2be670
3252
Kompatibilitaetsmodus.exe
c:\users\admin\documents\onenote notebooks\personal\General.one.rxh94s80
binary
MD5: a702f931d9b3423a9edb6726387b1040
SHA256: 5e5b7e4540b305d82ab863c5e8b4f64a8fc12a2b30d7c2f7e274abf643b61259
3252
Kompatibilitaetsmodus.exe
c:\users\admin\documents\onenote notebooks\personal\Unfiled Notes.one.rxh94s80
binary
MD5: d14b9489130e3eda78e819449012a6a4
SHA256: b1209f51d6d0c1b3e4e7e2f32a9bc71ba83775dc68a42befd15f36baa28d6bc8
3252
Kompatibilitaetsmodus.exe
c:\users\public\videos\sample videos\Wildlife.wmv.rxh94s80
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\public\recorded tv\sample media\win7_scenic-demoshort_raw.wtv.rxh94s80
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\documents\onenote notebooks\personal\Open Notebook.onetoc2.rxh94s80
binary
MD5: 871ac3053e4e3c88b817708519487fee
SHA256: d8f4de95d25bde63d82c3ea829c40f61ea1b523af7bc9b2e3d68949508a28e7d
3252
Kompatibilitaetsmodus.exe
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\public\pictures\sample pictures\Tulips.jpg.rxh94s80
binary
MD5: e012f2145f0605722d5a2ba6b96bc53c
SHA256: 8221270689e9e0767a436d0045c209ff6a3e890222daaed581f1d2feb4ccca20
3252
Kompatibilitaetsmodus.exe
c:\users\public\pictures\sample pictures\Penguins.jpg.rxh94s80
binary
MD5: 9fb80289871efc72b6f34535c2fefbf0
SHA256: cd6c57a06e6e8d868bf09fa30a6badcaf451e196369d7c02f08a81cabcc67273
3252
Kompatibilitaetsmodus.exe
c:\users\public\pictures\sample pictures\Koala.jpg.rxh94s80
binary
MD5: 4848fbbd8ba3c707a21e4e65e3cac457
SHA256: bc27d8846bd366e095a84599bf8926f8be2110698d0a61c2e78b6a68457681d5
3252
Kompatibilitaetsmodus.exe
c:\users\public\pictures\sample pictures\Lighthouse.jpg.rxh94s80
binary
MD5: 99587844487705d8c07f0aa2cbf8fba6
SHA256: a5c04f85088bda61e3453fac55acd2347ba0f9f956387c0615b035f111a190f7
3252
Kompatibilitaetsmodus.exe
c:\users\public\pictures\sample pictures\Jellyfish.jpg.rxh94s80
binary
MD5: 3374d05b603425a55d331a3ebbc24c31
SHA256: 9aa19d6a28b54d313bfdd630a1ea6cfb63fb33bcfdd40e523303c60b6f4e3770
3252
Kompatibilitaetsmodus.exe
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\public\pictures\sample pictures\Desert.jpg.rxh94s80
binary
MD5: 882647f8ba958eaf731a1f667d35f8a8
SHA256: 65c3c68d204b6029ec2e085f8a06f9579d808e0b9a1ae239a4db05b74dee50db
3252
Kompatibilitaetsmodus.exe
c:\users\public\pictures\sample pictures\Hydrangeas.jpg.rxh94s80
binary
MD5: ae61d8c1f38b9be4155a5230e28743f7
SHA256: caf2df5d92cd8109d498162d9d571224bbf54818d938057f5b900021da4a04ff
3252
Kompatibilitaetsmodus.exe
c:\users\public\music\sample music\Maid with the Flaxen Hair.mp3.rxh94s80
binary
MD5: 22b87a6f94623e2fbf5691a1976f4f64
SHA256: c678414f99260ee031a6c22667b2fd17f225b79364b4b6d50e1c1793a5451a4f
3252
Kompatibilitaetsmodus.exe
c:\users\public\pictures\sample pictures\Chrysanthemum.jpg.rxh94s80
binary
MD5: a135149ded57ac761e88356b32d80d54
SHA256: 643c90d12a387d1e48c56ef991e886e94c0756db2f933b622512e7a84c20f7ba
3252
Kompatibilitaetsmodus.exe
c:\users\public\music\sample music\Kalimba.mp3.rxh94s80
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\public\music\sample music\Sleep Away.mp3.rxh94s80
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\administrator\favorites\windows live\Windows Live Spaces.url.rxh94s80
binary
MD5: c322bed4e376b51ea61c5834807bded3
SHA256: bc40fa1c94cd74ce09c33edbac6dcf264b71154aa250cc1a662770dbad900a2c
3252
Kompatibilitaetsmodus.exe
C:\Users\Public\Music\Sample Music\Kalimba.mp3
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\Users\Public\Music\Sample Music\Sleep Away.mp3
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Spaces.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\administrator\favorites\windows live\Get Windows Live.url.rxh94s80
binary
MD5: ce370f0e610e1a37ffbee9fc6ec98680
SHA256: fcabf9a5025143ba54625b385a81b3ddc004072dfaff871ebf4b5a5ed0242b02
3252
Kompatibilitaetsmodus.exe
c:\users\administrator\favorites\windows live\Windows Live Gallery.url.rxh94s80
binary
MD5: ef003a6067cb689996cbff693bcaa75a
SHA256: 084c44e3a9a5a88c7ef77a068c46e5ca40482aefbdfaf099d1b9cdbaac30007d
3252
Kompatibilitaetsmodus.exe
c:\users\administrator\favorites\windows live\Windows Live Mail.url.rxh94s80
binary
MD5: f1c420a8e0604aeda9e7ce576918b045
SHA256: c437b29ee44e812e4bebaf86e2ed3bb36a6496ebe54adbeb167264f7d9d3de3b
3252
Kompatibilitaetsmodus.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Gallery.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Mail.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\Users\Administrator\Favorites\Windows Live\Get Windows Live.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\administrator\favorites\msn websites\MSNBC News.url.rxh94s80
binary
MD5: 403510d2d36000331dc4a6c2d81be20e
SHA256: 9730b27a0e629b9bb34c1b5dc4c02eb62c94cbdb2eca9a4d63d4e77784fe6391
3252
Kompatibilitaetsmodus.exe
c:\users\administrator\favorites\msn websites\MSN.url.rxh94s80
binary
MD5: 48125a4f2767575127c2bee7e4d3733e
SHA256: 04efb43cca4dc5982c9d097e22b0538909a68ef2227cf21958e1fe0bce3bf1eb
3252
Kompatibilitaetsmodus.exe
C:\Users\Administrator\Favorites\MSN Websites\MSNBC News.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\administrator\favorites\msn websites\MSN Sports.url.rxh94s80
binary
MD5: 5d32f729f3a2e129820e34a3f0ae1c67
SHA256: 21933463de81c5ac180439dcb3bc01880710e97c510e9ff9b03e10a0c6a87f2e
3252
Kompatibilitaetsmodus.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Sports.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\administrator\favorites\msn websites\MSN Money.url.rxh94s80
binary
MD5: 4452b13fba9ab451250d00efffa570dd
SHA256: da4d0c71f0e2a1f68addbe26c0bf1aba298a165aa18b50ff71f40fd9fe3168ef
3252
Kompatibilitaetsmodus.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Money.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\administrator\favorites\msn websites\MSN Entertainment.url.rxh94s80
binary
MD5: 73dba4d67857bfc7742c47b5eeca1953
SHA256: 35f03bc9dddee2db25df3db7fcc0d6622e62fbeb00cb0c19ca2b876d0188db00
3252
Kompatibilitaetsmodus.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Entertainment.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\administrator\favorites\msn websites\MSN Autos.url.rxh94s80
binary
MD5: c79d4a2f8347d36fbc474d061aaedbf9
SHA256: 40cab5435f0347ab17a6416384e4a02620f0bf849137405a22e56c60716193d0
3252
Kompatibilitaetsmodus.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Autos.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\administrator\favorites\microsoft websites\Microsoft Store.url.rxh94s80
binary
MD5: 509b0807e4c73771275de39c65d90343
SHA256: 2283489e312034376537d7f52ac444d4f87e2d2787ae1bc0270c679bd674a499
3252
Kompatibilitaetsmodus.exe
c:\users\administrator\favorites\microsoft websites\Microsoft At Work.url.rxh94s80
binary
MD5: 61e6cf2bf08d30bf54da7fa470b91767
SHA256: 5b83a973ceeff076835862bdbcb56189d2dedea08cc51e886486a7ae7eb0988b
3252
Kompatibilitaetsmodus.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft Store.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\administrator\favorites\microsoft websites\Microsoft At Home.url.rxh94s80
binary
MD5: c60c5988987f0c7460b06f16d5ec94da
SHA256: b87c16ac7543691c3314883870cb04af99e6744045d101fb70b846a0f1471e2b
3252
Kompatibilitaetsmodus.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Home.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Work.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\administrator\favorites\microsoft websites\IE Add-on site.url.rxh94s80
binary
MD5: 17927cbfd8d6e98ebdec23e6b4d4a3aa
SHA256: 67b58b9e6562ff0e8cf1a01d3d668247058400d2cc099598f89626ac7d9e8ec8
3252
Kompatibilitaetsmodus.exe
c:\users\administrator\favorites\microsoft websites\IE site on Microsoft.com.url.rxh94s80
binary
MD5: 979636c527ed9c62fcae32a47be273bc
SHA256: 084225c4c9404a3f4038b1dca0a05a92896bb197a5fc73add05691cd1b269a33
3252
Kompatibilitaetsmodus.exe
C:\Users\Administrator\Favorites\Microsoft Websites\IE site on Microsoft.com.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\administrator\favorites\links for united states\USA.gov.url.rxh94s80
binary
MD5: 293a98f092711b0d01249021d138d520
SHA256: dd7102cc1d5054a272703aa0b3355a6d74d98d1193f2354cb948267d636b5a71
3252
Kompatibilitaetsmodus.exe
C:\Users\Administrator\Favorites\Microsoft Websites\IE Add-on site.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\Users\Administrator\Favorites\Links for United States\USA.gov.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\administrator\favorites\links for united states\GobiernoUSA.gov.url.rxh94s80
binary
MD5: 83e2c4c16dd60c29443a339d0fd0157b
SHA256: 5edd1d8f621cc054b87f2819901c68c35ec839aa647d8dd7546b4be6ee606655
3252
Kompatibilitaetsmodus.exe
c:\users\administrator\favorites\links\Web Slice Gallery.url.rxh94s80
binary
MD5: 2347480ce21aca0acadd0b0b25137d9b
SHA256: 0e457430624c95a37783c45f2bf99b35dd6ea9f1bd71cdffcfabb2df3787f413
3252
Kompatibilitaetsmodus.exe
C:\Users\Administrator\Favorites\Links for United States\GobiernoUSA.gov.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\Users\Administrator\Favorites\Links\Web Slice Gallery.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\favorites\windows live\Windows Live Spaces.url.rxh94s80
binary
MD5: 636a0d532e0c56bf5fbe024c3f8d15aa
SHA256: db935042440d7f72658dbe88b97b6e081263069dcea6e7be00ac8489c9dca944
3252
Kompatibilitaetsmodus.exe
c:\users\admin\favorites\windows live\Get Windows Live.url.rxh94s80
binary
MD5: 97f84e53efce01ee747c583a684f1d8d
SHA256: ff43c3e07a8a9629bbba4e11d922cb6dbe1666b82b933a4e1513702851791505
3252
Kompatibilitaetsmodus.exe
c:\users\admin\favorites\windows live\Windows Live Gallery.url.rxh94s80
binary
MD5: aaa31e5d9c08b50805a88269909decf7
SHA256: 32d5f92f2d9809a63381604d95b5408f64cf9da7ef0ba3e9e61e892143c17f0b
3252
Kompatibilitaetsmodus.exe
c:\users\admin\favorites\windows live\Windows Live Mail.url.rxh94s80
binary
MD5: db1a3de622afcae8c99fed1cf9b83d16
SHA256: 9044d3a93cc04fbc772a68bb0c88025666d4e191278ee10b5d665f61b2c954c8
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\favorites\msn websites\MSNBC News.url.rxh94s80
binary
MD5: bf55a821eab5daa2793db528dca57f8f
SHA256: e5a37e96a767b77b91f8da8cb70a83a2c907a1406169fe12cf7ca84758ef6074
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\favorites\msn websites\MSN.url.rxh94s80
binary
MD5: b57c6df67f58738db53762eefdb6eedb
SHA256: f76d6c16d8af87fb24c4773fdf1827fdda8d7ac9e9b128833404ecf3d8b5d22d
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Favorites\MSN Websites\MSN.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\favorites\msn websites\MSN Sports.url.rxh94s80
binary
MD5: 4beed2c1a4baf4e81aa94e533040feeb
SHA256: e6ed4985943616f71b475ebc41b67eb98d34228690256d3e19ecd046721f63d5
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\favorites\msn websites\MSN Money.url.rxh94s80
binary
MD5: 05d50fc26db6b9d6a4fc3749e7cabf86
SHA256: d35e6a280a47b080cb038aeff0f8d0f2e1664f1ef9dd6ff21cbeacc647b893c3
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Favorites\MSN Websites\MSN Money.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\favorites\msn websites\MSN Entertainment.url.rxh94s80
binary
MD5: e7a05b1f29929b58aa07c538cd107ae1
SHA256: 0f90596f5ccabc5247b61f2389c3d91a1428faab5a7e325983458f648caecb77
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\favorites\msn websites\MSN Autos.url.rxh94s80
binary
MD5: 5b43d0bcffd2e269df59ce39097d34fe
SHA256: 8907609a2dd7095d563f71bb5e033593ff1082a2575ec91712a1181c4fef279b
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\favorites\microsoft websites\Microsoft Store.url.rxh94s80
binary
MD5: f88a8f3286a3e5a3b9d9d2223ea96dc9
SHA256: 35c339de09eff38d4c4e55505cdf139f50874b2635380bc959754d1d473a9385
3252
Kompatibilitaetsmodus.exe
c:\users\admin\favorites\microsoft websites\Microsoft At Work.url.rxh94s80
binary
MD5: c241b527f1fea847912c551ef0aef8fc
SHA256: 68f8ab3f36eb951fd34be25e71a852d6db8347be4e5980aa8dc2428d12ba3035
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\favorites\microsoft websites\Microsoft At Home.url.rxh94s80
binary
MD5: 6525a0e0ce1819b948a33b6d7b71316f
SHA256: b5ec67b3605ee9ec3221236a8385b2c1cf0203911d57d121f288d27de4768f66
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\favorites\microsoft websites\IE site on Microsoft.com.url.rxh94s80
binary
MD5: c15c4fb49e865a9bdd477cfa620ba7d0
SHA256: d4f2af62a5e9a03347c99bf563ebcf77dc3a5d69c620ecc4644281b9726ccb80
3252
Kompatibilitaetsmodus.exe
c:\users\admin\favorites\microsoft websites\IE Add-on site.url.rxh94s80
binary
MD5: e77a9191d23893cd4f00567f0b151b39
SHA256: 4942b00762ff1892ed61adfea686315321c792b0b8c1b801a6f149c839d29732
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\favorites\links for united states\GobiernoUSA.gov.url.rxh94s80
binary
MD5: 1b331a7a0a7f2ceb9fce3c5f63424c1e
SHA256: 78f99cfe6cefa27fbdaacd32aea9c99ad4edb386689ce4ecd6c63bb31fcacf73
3252
Kompatibilitaetsmodus.exe
c:\users\admin\favorites\links for united states\USA.gov.url.rxh94s80
binary
MD5: 5f3a3298eac92a4c14e8b24b05456cc6
SHA256: 11e3488fd60d2c86811d12b3eee22bdc345e6409f092191df29738f08f38cd96
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Favorites\Links for United States\USA.gov.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\favorites\links\Web Slice Gallery.url.rxh94s80
binary
MD5: 2dbcd9a0c2d35005bed89b8d87595b14
SHA256: 8a97bf2ee1a178ae1cecfa22b6cc39fc55bf058b90c173b2383652a0ec5129c6
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\favorites\links\Suggested Sites.url.rxh94s80
binary
MD5: 9e4ce51105880d580ab562c791829f2d
SHA256: f391b53b90bc2ce9dc7591a0cb4361ee282da502ed0dd40db3047e8fe441b61b
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Favorites\Links\Suggested Sites.url
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\documents\outlook files\Outlook.pst.rxh94s80
binary
MD5: 9bb0d89cd0884e154de82193782c17f0
SHA256: 6de5fb1b220ed8ba2a0e17c12b90789bc7ae22d7d3a591178194c67136785b75
3252
Kompatibilitaetsmodus.exe
c:\users\admin\documents\outlook files\~Outlook.pst.tmp.rxh94s80
binary
MD5: 287a25f8ed24b61fb266589e8d79146e
SHA256: 5ae011d34dd9f57b477b14682df1fe9d19f48e7602c3520e314b5f1e84235188
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Documents\Outlook Files\Outlook.pst
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\documents\outlook files\Outlook Data File - test.pst.rxh94s80
binary
MD5: be1dde9b29e67085055d2f1de34bcfd7
SHA256: fb3aca06f34874597e4aa30df52a409c822e07bb87374afbbfd4fc1d16346777
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\documents\outlook files\Outlook Data File - NoMail.pst.rxh94s80
binary
MD5: e800d489591a63ceda2f458ffddefcc2
SHA256: ac45303e9164ba4686d10403def53ca9793b1ab663053b09ad1777e5145985dc
3252
Kompatibilitaetsmodus.exe
c:\users\admin\documents\outlook files\[email protected]
binary
MD5: 2bf5d4b14a400eca0bca7d5975758234
SHA256: c00b1e9ce4f9026578ad019e752db1f1e040ccb16a4a1f8d070777b4c3653239
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Documents\Outlook Files\[email protected]
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\users\admin\documents\onenote notebooks\personal\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\public\videos\sample videos\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\public\recorded tv\sample media\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\public\pictures\sample pictures\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
c:\users\public\libraries\RecordedTV.library-ms.rxh94s80
binary
MD5: dafe3ed6cf2a9932e26b894706b5e86c
SHA256: 416e4c691abc5548c4d3a5cf3769769c91d3a6873ec5cead1de0be411941fb9e
3252
Kompatibilitaetsmodus.exe
C:\users\public\music\sample music\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\Users\Public\Libraries\RecordedTV.library-ms
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\administrator\searches\Indexed Locations.search-ms.rxh94s80
binary
MD5: 9540adc8b1ab2ba9b1eb89f877503c66
SHA256: 917aeee9431a0259a63e713d2a16b450e5febdd04f8f426d639d77c111c9ea4f
3252
Kompatibilitaetsmodus.exe
C:\Users\Administrator\Searches\Indexed Locations.search-ms
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\administrator\searches\Everywhere.search-ms.rxh94s80
binary
MD5: d93a91022325747f7bda11a70563c400
SHA256: 20fb9adc945f1057effd916c79e00f78c573fbe9a304f230d055c047e85b22af
3252
Kompatibilitaetsmodus.exe
C:\Users\Administrator\Searches\Everywhere.search-ms
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\users\administrator\favorites\windows live\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\administrator\favorites\msn websites\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\administrator\favorites\microsoft websites\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
c:\users\administrator\contacts\Administrator.contact.rxh94s80
binary
MD5: caa325ec3878f14c2757fa3340019491
SHA256: 8c446ca3b3c35d9135ac15fd15ca1572f3633419575bbbf69d1fff2aa025d9e4
3252
Kompatibilitaetsmodus.exe
C:\users\administrator\favorites\links for united states\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\AppData\Local\Temp\TarEFE9.tmp
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\users\administrator\favorites\links\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
c:\users\admin\searches\Microsoft Outlook.searchconnector-ms.rxh94s80
binary
MD5: 438fdc483024c99cca9ce2a1802da33f
SHA256: fbac9334403d3b433c1609829314c3177143652ce5599485c83e72855e2e417a
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\searches\Microsoft OneNote.searchconnector-ms.rxh94s80
binary
MD5: 173159432901f5eb8faf9f4ab3d39059
SHA256: ac5bb6a40c992ca41e08ca7b04f00e19f66a64177c5d06db862b98f9216eefbe
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\searches\Indexed Locations.search-ms.rxh94s80
binary
MD5: 185231c41ab18b35f402c52abe80f586
SHA256: 9ea8ac468482d1d78f7bcbc17e5c48e10cb8af78deb44eaab76b48af451c0b2c
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Searches\Indexed Locations.search-ms
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\searches\Everywhere.search-ms.rxh94s80
binary
MD5: 1982cb5b5705bb069bb0b95dd2f4f66d
SHA256: 4189e6929dd5971c7ba2e41ea67ffa5e2a98b8fa01312786838c8dc216393814
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Searches\Everywhere.search-ms
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\pictures\repairrights.png.rxh94s80
binary
MD5: 48afdb756486fc51b00313e764ab7409
SHA256: c9dec73f80af168b3cabe760ac85336cb37b11c441ea8ea8173631c2543d119e
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Pictures\repairrights.png
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\pictures\ratenotice.jpg.rxh94s80
binary
MD5: 06cba5f30d70fcc2061cd1b80d56b3f3
SHA256: d6903ddb748a9e18e2614343a96af8cc89e0e3264339d624f5e8735ff38f8b57
3252
Kompatibilitaetsmodus.exe
c:\users\admin\pictures\patientsdistrict.jpg.rxh94s80
binary
MD5: 6a0b683bd9951b0dc8927efa1fcef917
SHA256: 655a196e8bc104acbc33d8e33ebb6d2e0d407efd09d476197ab15c01517bcf8c
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Pictures\ratenotice.jpg
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\pictures\maturethemselves.png.rxh94s80
binary
MD5: eddd14df90224d693c1e81da53c092d4
SHA256: 3b505aeec50b24cdb022444cfac916cf9107b4fe0567af310840377afe8c0c82
3252
Kompatibilitaetsmodus.exe
c:\users\admin\pictures\northernme.jpg.rxh94s80
binary
MD5: ef779c417925b926d6f8f1cb9fcdd0ae
SHA256: 846e67223ea549563d9da2bf4dd32a255081591144f03543632c7681f798af80
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Pictures\maturethemselves.png
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\pictures\developedseems.png.rxh94s80
binary
MD5: 365dc4e17d6b9afe8b8b4763fb56c460
SHA256: 3e482e37157aca30d640be895069d120b7cefb8c60206f1420de52f5c5e7e17f
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Pictures\developedseems.png
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\pictures\academicart.jpg.rxh94s80
binary
MD5: f5dfe5148ed670ce6631b2941802f407
SHA256: bfa37251d90468871ef649db653316eb2dcf3b36af89a2076c221f2a3116bf14
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Pictures\academicart.jpg
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\users\admin\favorites\windows live\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\admin\favorites\microsoft websites\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\admin\favorites\msn websites\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\admin\favorites\links\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\admin\favorites\links for united states\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
c:\users\admin\downloads\settingthursday.png.rxh94s80
binary
MD5: da9ee2768a38d91d2e4402921a09a394
SHA256: 59b2173b4a812afdb15d65380e4ff499c2bdd750a08d2de0f4abcf05162cb704
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Downloads\settingthursday.png
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\downloads\organizationmanager.png.rxh94s80
binary
MD5: 081aa0a83147618874501189b2639e8c
SHA256: 2538363e047a4fe47ce05ba30e7c90669eeb3a91d4636c1b979af2632c86a77b
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Downloads\organizationmanager.png
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\downloads\liferingtones.jpg.rxh94s80
binary
MD5: 1c53d1bfe65725f673e66d62da238905
SHA256: 4ea8d1628d51d8f4050e14f57ec82698d44baff7bd7414762d0e29923e92637d
3252
Kompatibilitaetsmodus.exe
c:\users\admin\downloads\listpain.png.rxh94s80
bs
MD5: 40094e0cc281fcd05714480c14be556e
SHA256: 292a792bcb5967c72494294d5ce63e31fd4d7cdaab2676bb6f089e709c17697a
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Downloads\listpain.png
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\downloads\headbecause.jpg.rxh94s80
binary
MD5: 216340e6940f335dbb9d4aedce2a25aa
SHA256: b560c34247ce1a336f4bfaa8793e8fdf1ab9970b06e4ef99073772d193d4208d
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Downloads\headbecause.jpg
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Downloads\liferingtones.jpg
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\downloads\chapterrestaurant.png.rxh94s80
binary
MD5: 6136c5704a079c7d4c2a2d39b8497e0a
SHA256: 604df728fdaa2bd069fb3323c36d577ab0de9e87baa8aefd6c42cb034e35cbb3
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Downloads\chapterrestaurant.png
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\downloads\accessaward.jpg.rxh94s80
binary
MD5: b38f8e1e8dd6e3509174e4fcec86c69b
SHA256: 6485fabc446b38ea85d62c6dbe069587cb0e8475e8c64f6c8808d792ca6d4168
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Downloads\accessaward.jpg
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\documents\processingcapital.rtf.rxh94s80
binary
MD5: 54bfc67af97733492cda08cf2abed538
SHA256: 52f66afc43cc03878613db334d3360126da883954925511374b83d293919f159
3252
Kompatibilitaetsmodus.exe
c:\users\admin\documents\septemberclose.rtf.rxh94s80
binary
MD5: 373e2f5befbdb6c9d334affe348c88d1
SHA256: 47936a70bd9adfce877400971fe6e9e4d8c061013cf16080c1cff0d31de41470
3252
Kompatibilitaetsmodus.exe
c:\users\admin\documents\populationreferences.rtf.rxh94s80
binary
MD5: 5701596abacc889ab2a923ceb115ba9e
SHA256: 6a8292ba1e2ee0f2166a18c82c15640c9e5b86edca5bc09e0e0fbbb21cd5bab8
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Documents\populationreferences.rtf
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\documents\packagesubjects.rtf.rxh94s80
binary
MD5: f751320aabbd8a788c12ef8d92b9f1cb
SHA256: 7c6016dd7b8a75989038138b34041c53e466bcd70390ac13143f02db3447b52d
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Documents\packagesubjects.rtf
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\users\admin\documents\outlook files\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
c:\users\admin\desktop\writtenspring.rtf.rxh94s80
binary
MD5: a00dae934ca2e8c8f195def67c4de8bd
SHA256: d5206c7bb60ed712245cdaa29185911e11f6fcba6c24a1c397833b6484fb4435
3252
Kompatibilitaetsmodus.exe
C:\users\admin\documents\onenote notebooks\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
c:\users\admin\desktop\presentedfully.png.rxh94s80
binary
MD5: 4c6162fae1964901745476b81b477b4e
SHA256: b55d9a1bb21138915c7c01da734cbed196d67217a2fb5abe1cc9522b25e3de37
3252
Kompatibilitaetsmodus.exe
c:\users\admin\desktop\nudehill.png.rxh94s80
binary
MD5: 97115adef4f1a3d4f6303b7e92396acb
SHA256: 4a9ef8c40a49ad0ab2494747a05d755bf45b25fcca1c84056a008bba2b96d769
3252
Kompatibilitaetsmodus.exe
c:\users\admin\desktop\nonesony.rtf.rxh94s80
binary
MD5: db61e0bb23ed1065c67921743975539a
SHA256: f489027198a9a4c7b77209b8d824f482a287430c170d6432a0296cd2849aa71d
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Desktop\nudehill.png
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\desktop\languagemanufacturing.rtf.rxh94s80
pgc
MD5: fa046797e7b819c025e44f4d074d2613
SHA256: 13613389e590f1aff18d6da255c7f0c99633d48d51ca7eef725fd00d8856f885
3252
Kompatibilitaetsmodus.exe
c:\users\admin\desktop\galleriesprobably.png.rxh94s80
binary
MD5: 92dbb315bd64c441b79c92707687f5ff
SHA256: d0abf7570b9687e0a2dd1b411fe0559eb975d137e16938ab034a4361e4a8d24f
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Desktop\languagemanufacturing.rtf
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Desktop\galleriesprobably.png
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\contacts\admin.contact.rxh94s80
binary
MD5: 97260101140d4cb1f2861a64fb0104dd
SHA256: 704dcc0b1873448a82ef5d0b599d5851b7924e7819648155b285717e76002af1
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\Contacts\admin.contact
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp.rxh94s80
binary
MD5: 538aee515cb8295a84b3ff638f283f04
SHA256: f19f110eebff253664477da7a43cbdfaf02fb1c5d3215688d3cf1277d007cad4
3252
Kompatibilitaetsmodus.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\users\public\videos\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\public\recorded tv\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\public\pictures\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\public\music\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\public\libraries\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\public\favorites\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\public\downloads\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
c:\users\default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms.rxh94s80
binary
MD5: 845018fb2e7fbd7b0a6ad416b3362984
SHA256: 05c42141d931ed5b8f17bb566017da5b1cbab3cb2eca1f9d452f69f306daaca9
3252
Kompatibilitaetsmodus.exe
C:\users\public\documents\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms.rxh94s80
binary
MD5: 019de87ef4e6c3dbc03c3ff98653eef0
SHA256: c38d11176faaeba64335ca7e0b91a721f4f5454fd15437855234a74cc798dd60
3252
Kompatibilitaetsmodus.exe
C:\users\default\videos\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\public\desktop\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
c:\users\default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf.rxh94s80
binary
MD5: aa50b679671a9e78eca106e2379f4132
SHA256: 9fac68bdc945a0e044b33728cf08d7dd0d41dbada9da0e29a9263554b586d7e0
3252
Kompatibilitaetsmodus.exe
C:\users\default\saved games\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\users\default\pictures\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
c:\users\default\NTUSER.DAT.LOG1.rxh94s80
binary
MD5: e8905a2c198529c76c215624606a3935
SHA256: c874988123ed24c5a8c22a53b53289eb45e8db93150f66e6bfefa950e45a3a2e
3252
Kompatibilitaetsmodus.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\Users\Default\NTUSER.DAT.LOG1
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\users\default\music\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\default\links\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\default\downloads\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\default\favorites\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\default\documents\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\default\desktop\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
c:\users\administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms.rxh94s80
binary
MD5: 12a1c7d7561933d64d9a7494aaeff0b5
SHA256: 2319f9bd5f445a74ab547e2e61e20d38d9bbbf8156fd1591b6147c763d6ab218
3252
Kompatibilitaetsmodus.exe
C:\users\administrator\videos\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms.rxh94s80
binary
MD5: 1bc94bc798dec527594daa9c8f35627e
SHA256: 184afe629b2ec4aac4835e0b06c9206283f1369310e98009f509bf1c6a91f0a2
3252
Kompatibilitaetsmodus.exe
C:\users\administrator\searches\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\users\administrator\pictures\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\administrator\saved games\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
c:\users\administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf.rxh94s80
binary
MD5: c6c5ac4bce2c73601894684f7c82fddc
SHA256: 8a85aad56618c63bc0fd78fe12ca913d5793484af6e7086e915663751fb2483c
3252
Kompatibilitaetsmodus.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
c:\users\administrator\ntuser.dat.LOG1.rxh94s80
binary
MD5: 012013eb6b8c5a525bd4c5dd4dbc166b
SHA256: 767dbf6e02a206f5bf0316c0e27ed70bc8a64cc4fde8067e73f5d27fe37565b7
3252
Kompatibilitaetsmodus.exe
C:\Users\Administrator\ntuser.dat.LOG1
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\users\administrator\links\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\administrator\music\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\administrator\favorites\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\administrator\downloads\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\administrator\documents\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\administrator\desktop\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\administrator\contacts\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\admin\videos\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\admin\searches\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\admin\saved games\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\admin\pictures\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\admin\music\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\admin\links\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\admin\favorites\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\admin\downloads\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\admin\documents\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
c:\recovery\345b46fe-a9f9-11e7-a83c-e8a4f72b1d33\boot.sdi.rxh94s80
binary
MD5: 63169606a44d4ab9d91ad734803c5f10
SHA256: 2608cdc6e169dc346c248de6d73617d81d3c4375abe208406375e45273ff477f
3252
Kompatibilitaetsmodus.exe
C:\users\admin\desktop\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
c:\recovery\345b46fe-a9f9-11e7-a83c-e8a4f72b1d33\Winre.wim.rxh94s80
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\Recovery\345b46fe-a9f9-11e7-a83c-e8a4f72b1d33\Winre.wim
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\Recovery\345b46fe-a9f9-11e7-a83c-e8a4f72b1d33\boot.sdi
––
MD5:  ––
SHA256:  ––
3252
Kompatibilitaetsmodus.exe
C:\users\admin\contacts\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\admin\.oracle_jre_usage\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\default\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\public\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\admin\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\administrator\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\recovery\345b46fe-a9f9-11e7-a83c-e8a4f72b1d33\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\users\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\program files\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\recovery\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85
3252
Kompatibilitaetsmodus.exe
C:\rxh94s80-readme.txt
binary
MD5: 558e5c643faeb9a9ef5b83178e62f58d
SHA256: bed7656fc7b6dc51fa5139bf0899b24cb354decd8a03241d1700d47596840e85

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
2
TCP/UDP connections
7
DNS requests
6
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3252 Kompatibilitaetsmodus.exe GET 200 67.26.75.254:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab US
compressed
whitelisted
3252 Kompatibilitaetsmodus.exe GET 200 67.26.75.254:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E.crt US
der
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3252 Kompatibilitaetsmodus.exe 178.128.155.196:443 Forthnet GR unknown
3252 Kompatibilitaetsmodus.exe 77.104.180.220:443 SoftLayer Technologies Inc. US unknown
3252 Kompatibilitaetsmodus.exe 5.35.225.215:443 Host Europe GmbH DE unknown
3252 Kompatibilitaetsmodus.exe 67.26.75.254:80 Level 3 Communications, Inc. US unknown
–– –– 147.135.191.154:443 OVH SAS FR unknown
–– –– 37.46.140.5:443 Cyso Management B.V. NL suspicious

DNS requests

Domain IP Reputation
floweringsun.org 178.128.155.196
unknown
nbva.co.uk 77.104.180.220
unknown
cc-experts.de 5.35.225.215
unknown
www.download.windowsupdate.com 67.26.75.254
67.27.158.126
8.248.115.254
67.27.235.254
8.253.207.120
whitelisted
vapiano.fr 147.135.191.154
unknown
dierenambulancealkmaar.nl 37.46.140.5
suspicious

Threats

No threats detected.

Debug output strings

No debug info.