General Info

File name

f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366

Full analysis
https://app.any.run/tasks/a4161f9f-6186-4e11-ad5d-aca50818d5ff
Verdict
Malicious activity
Analysis date
3/14/2019, 23:33:04
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

trojan

loader

rat

azorult

ransomware

stop

djvu

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

c4391b3b073bb1354afef0f1260b8fb8

SHA1

5881bb7eb22d5e91357fccdb9c2adf0b775b5182

SHA256

f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366

SSDEEP

6144:vmMiL8IYdfZ0Cg5aMBjaLEc9yz/SPmKsc0Wk8:vmMiL8ffZ65acOLEey+mKsx8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
180 seconds
Additional time used
120 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Writes to a start menu file
  • f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe (PID: 1488)
Connects to CnC server
  • f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe (PID: 352)
  • f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe (PID: 1488)
Renames files like Ransomware
  • f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe (PID: 1488)
Application was dropped or rewritten from another process
  • updatewin.exe (PID: 2380)
  • 5.exe (PID: 3488)
  • 4.exe (PID: 3700)
  • updatewin1.exe (PID: 2788)
  • updatewin2.exe (PID: 2820)
  • updatewin1.exe (PID: 2344)
Downloads executable files from the Internet
  • f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe (PID: 1488)
Loads the Task Scheduler COM API
  • f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe (PID: 3408)
  • f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe (PID: 3096)
  • f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe (PID: 1488)
AZORULT was detected
  • 5.exe (PID: 3488)
Task Manager has been disabled (taskmgr)
  • updatewin1.exe (PID: 2344)
Changes the autorun value in the registry
  • f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe (PID: 3096)
Application launched itself
  • f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe (PID: 3080)
  • f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe (PID: 352)
  • powershell.exe (PID: 2728)
  • f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe (PID: 1488)
  • f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe (PID: 3408)
  • updatewin1.exe (PID: 2788)
  • f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe (PID: 3096)
Creates files in the user directory
  • powershell.exe (PID: 2728)
  • powershell.exe (PID: 4028)
  • powershell.exe (PID: 3836)
  • f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe (PID: 3096)
Starts CMD.EXE for commands execution
  • updatewin1.exe (PID: 2344)
Creates files in the program directory
  • f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe (PID: 1488)
Executable content was dropped or overwritten
  • f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe (PID: 1488)
  • f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe (PID: 3096)
Executes PowerShell scripts
  • powershell.exe (PID: 2728)
  • updatewin1.exe (PID: 2344)
Writes to a desktop.ini file (may be used to cloak folders)
  • f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe (PID: 1488)
Changes tracing settings of the file or console
  • f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe (PID: 3096)
Uses ICACLS.EXE to modify access control list
  • f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe (PID: 3096)
Reads settings of System Certificates
  • f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe (PID: 3420)
  • f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe (PID: 352)
Dropped object may contain Bitcoin addresses
  • f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe (PID: 1488)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win64 Executable (generic) (64.6%)
.dll
|   Win32 Dynamic Link Library (generic) (15.4%)
.exe
|   Win32 Executable (generic) (10.5%)
.exe
|   Generic Win/DOS Executable (4.6%)
.exe
|   DOS Executable Generic (4.6%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2019:02:27 16:02:34+01:00
PEType:
PE32
LinkerVersion:
12
CodeSize:
267776
InitializedDataSize:
199168
UninitializedDataSize:
null
EntryPoint:
0x17a73
OSVersion:
5.1
ImageVersion:
null
SubsystemVersion:
5.1
Subsystem:
Windows GUI
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
27-Feb-2019 15:02:34
Detected languages
English - United States
Debug artifacts
E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000108
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
27-Feb-2019 15:02:34
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x000415DC 0x00041600 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.58335
.rdata 0x00043000 0x00013B0C 0x00013C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.40069
.data 0x00057000 0x000199C8 0x00001A00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 3.8681
.rsrc 0x00071000 0x000001E0 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.71768
.reloc 0x00072000 0x00003070 0x00003200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 6.60777
Resources
1

Imports
    RPCRT4.dll

    MPR.dll

    WININET.dll

    WINMM.dll

    SHLWAPI.dll

    KERNEL32.dll

    USER32.dll

    ADVAPI32.dll

    SHELL32.dll

    ole32.dll

    OLEAUT32.dll

    IPHLPAPI.DLL

    WS2_32.dll

    DNSAPI.dll

    CRYPT32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
64
Monitored processes
21
Malicious processes
6
Suspicious processes
2

Behavior graph

+
drop and start start download and start download and start download and start download and start download and start f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe icacls.exe no specs f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe updatewin1.exe no specs updatewin1.exe no specs updatewin2.exe no specs powershell.exe no specs updatewin.exe no specs 4.exe no specs #AZORULT 5.exe powershell.exe no specs powershell.exe no specs mpcmdrun.exe no specs cmd.exe no specs f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3096
CMD
"C:\Users\admin\AppData\Local\Temp\f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe"
Path
C:\Users\admin\AppData\Local\Temp\f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\winmm.dll
c:\windows\system32\shell32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\icacls.exe
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\propsys.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll

PID
884
CMD
icacls "C:\Users\admin\AppData\Local\43946628-348c-44bc-9424-0bc18641f8a2" /deny *S-1-1-0:(OI)(CI)(DE,DC)
Path
C:\Windows\system32\icacls.exe
Indicators
No indicators
Parent process
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\icacls.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll

PID
1488
CMD
"C:\Users\admin\AppData\Local\Temp\f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe" --Admin IsNotAutoStart IsNotTask
Path
C:\Users\admin\AppData\Local\Temp\f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
Indicators
Parent process
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\winmm.dll
c:\windows\system32\shell32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\propsys.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\bd14a38a-026e-47b1-9e8e-bd362d7ed64c\updatewin1.exe
c:\users\admin\appdata\local\bd14a38a-026e-47b1-9e8e-bd362d7ed64c\updatewin2.exe
c:\users\admin\appdata\local\bd14a38a-026e-47b1-9e8e-bd362d7ed64c\updatewin.exe
c:\users\admin\appdata\local\bd14a38a-026e-47b1-9e8e-bd362d7ed64c\4.exe
c:\users\admin\appdata\local\bd14a38a-026e-47b1-9e8e-bd362d7ed64c\5.exe

PID
2788
CMD
"C:\Users\admin\AppData\Local\bd14a38a-026e-47b1-9e8e-bd362d7ed64c\updatewin1.exe"
Path
C:\Users\admin\AppData\Local\bd14a38a-026e-47b1-9e8e-bd362d7ed64c\updatewin1.exe
Indicators
No indicators
Parent process
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\bd14a38a-026e-47b1-9e8e-bd362d7ed64c\updatewin1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msvcr100.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll

PID
2344
CMD
"C:\Users\admin\AppData\Local\bd14a38a-026e-47b1-9e8e-bd362d7ed64c\updatewin1.exe" --Admin
Path
C:\Users\admin\AppData\Local\bd14a38a-026e-47b1-9e8e-bd362d7ed64c\updatewin1.exe
Indicators
No indicators
Parent process
updatewin1.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\bd14a38a-026e-47b1-9e8e-bd362d7ed64c\updatewin1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msvcr100.dll
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\program files\windows defender\mpcmdrun.exe

PID
2820
CMD
"C:\Users\admin\AppData\Local\bd14a38a-026e-47b1-9e8e-bd362d7ed64c\updatewin2.exe"
Path
C:\Users\admin\AppData\Local\bd14a38a-026e-47b1-9e8e-bd362d7ed64c\updatewin2.exe
Indicators
No indicators
Parent process
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\bd14a38a-026e-47b1-9e8e-bd362d7ed64c\updatewin2.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msvcr100.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll

PID
3836
CMD
powershell -Command Set-ExecutionPolicy -Scope CurrentUser RemoteSigned
Path
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Indicators
No indicators
Parent process
updatewin1.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows PowerShell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\shell32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\4bdde288f147e3b3f2c090ecdf704e6d\microsoft.powershell.consolehost.ni.dll
c:\windows\assembly\gac_msil\system.management.automation\1.0.0.0__31bf3856ad364e35\system.management.automation.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management.a#\a8e3a41ecbcc4bb1598ed5719f965110\system.management.automation.ni.dll
c:\windows\system32\psapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.core\fbc05b5b05dc6366b02b8e2f77d080f1\system.core.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\e112e4460a0c9122de8c382126da4a2f\microsoft.powershell.commands.diagnostics.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuratio#\f02737c83305687a68c088927a6c5a98\system.configuration.install.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.wsman.man#\f1865caa683ceb3d12b383a94a35da14\microsoft.wsman.management.ni.dll
c:\windows\assembly\gac_msil\microsoft.wsman.runtime\1.0.0.0__31bf3856ad364e35\microsoft.wsman.runtime.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.transactions\ad18f93fc713db2c4b29b25116c13bd8\system.transactions.ni.dll
c:\windows\assembly\gac_32\system.transactions\2.0.0.0__b77a5c561934e089\system.transactions.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\82d7758f278f47dc4191abab1cb11ce3\microsoft.powershell.commands.utility.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\583c7b9f52114c026088bdb9f19f64e8\microsoft.powershell.commands.management.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\6c5bef3ab74c06a641444eff648c0dde\microsoft.powershell.security.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\system.management.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.directoryser#\45ec12795950a7d54691591c615a9e3c\system.directoryservices.ni.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.data\1e85062785e286cd9eae9c26d2c61f73\system.data.ni.dll
c:\windows\assembly\gac_32\system.data\2.0.0.0__b77a5c561934e089\system.data.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\system32\netutils.dll

PID
2380
CMD
"C:\Users\admin\AppData\Local\bd14a38a-026e-47b1-9e8e-bd362d7ed64c\updatewin.exe"
Path
C:\Users\admin\AppData\Local\bd14a38a-026e-47b1-9e8e-bd362d7ed64c\updatewin.exe
Indicators
No indicators
Parent process
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
User
admin
Integrity Level
HIGH
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\bd14a38a-026e-47b1-9e8e-bd362d7ed64c\updatewin.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcr100.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

PID
3700
CMD
"C:\Users\admin\AppData\Local\bd14a38a-026e-47b1-9e8e-bd362d7ed64c\4.exe"
Path
C:\Users\admin\AppData\Local\bd14a38a-026e-47b1-9e8e-bd362d7ed64c\4.exe
Indicators
No indicators
Parent process
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\bd14a38a-026e-47b1-9e8e-bd362d7ed64c\4.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll

PID
3488
CMD
"C:\Users\admin\AppData\Local\bd14a38a-026e-47b1-9e8e-bd362d7ed64c\5.exe"
Path
C:\Users\admin\AppData\Local\bd14a38a-026e-47b1-9e8e-bd362d7ed64c\5.exe
Indicators
Parent process
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\bd14a38a-026e-47b1-9e8e-bd362d7ed64c\5.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcr100.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crtdll.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll

PID
2728
CMD
powershell -NoProfile -ExecutionPolicy Bypass -Command "& {Start-Process PowerShell -ArgumentList '-NoProfile -ExecutionPolicy Bypass -File ""C:\Users\admin\AppData\Local\script.ps1""' -Verb RunAs}"
Path
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Indicators
No indicators
Parent process
updatewin1.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows PowerShell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\ole32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\shell32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\4bdde288f147e3b3f2c090ecdf704e6d\microsoft.powershell.consolehost.ni.dll
c:\windows\assembly\gac_msil\system.management.automation\1.0.0.0__31bf3856ad364e35\system.management.automation.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management.a#\a8e3a41ecbcc4bb1598ed5719f965110\system.management.automation.ni.dll
c:\windows\system32\psapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.core\fbc05b5b05dc6366b02b8e2f77d080f1\system.core.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\e112e4460a0c9122de8c382126da4a2f\microsoft.powershell.commands.diagnostics.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuratio#\f02737c83305687a68c088927a6c5a98\system.configuration.install.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.wsman.man#\f1865caa683ceb3d12b383a94a35da14\microsoft.wsman.management.ni.dll
c:\windows\assembly\gac_msil\microsoft.wsman.runtime\1.0.0.0__31bf3856ad364e35\microsoft.wsman.runtime.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.transactions\ad18f93fc713db2c4b29b25116c13bd8\system.transactions.ni.dll
c:\windows\assembly\gac_32\system.transactions\2.0.0.0__b77a5c561934e089\system.transactions.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\82d7758f278f47dc4191abab1cb11ce3\microsoft.powershell.commands.utility.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\583c7b9f52114c026088bdb9f19f64e8\microsoft.powershell.commands.management.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\6c5bef3ab74c06a641444eff648c0dde\microsoft.powershell.security.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\system.management.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.directoryser#\45ec12795950a7d54691591c615a9e3c\system.directoryservices.ni.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.data\1e85062785e286cd9eae9c26d2c61f73\system.data.ni.dll
c:\windows\assembly\gac_32\system.data\2.0.0.0__b77a5c561934e089\system.data.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\netutils.dll

PID
4028
CMD
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -File "C:\Users\admin\AppData\Local\script.ps1
Path
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Indicators
No indicators
Parent process
powershell.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows PowerShell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\shell32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\4bdde288f147e3b3f2c090ecdf704e6d\microsoft.powershell.consolehost.ni.dll
c:\windows\assembly\gac_msil\system.management.automation\1.0.0.0__31bf3856ad364e35\system.management.automation.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management.a#\a8e3a41ecbcc4bb1598ed5719f965110\system.management.automation.ni.dll
c:\windows\system32\psapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.core\fbc05b5b05dc6366b02b8e2f77d080f1\system.core.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\e112e4460a0c9122de8c382126da4a2f\microsoft.powershell.commands.diagnostics.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuratio#\f02737c83305687a68c088927a6c5a98\system.configuration.install.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.wsman.man#\f1865caa683ceb3d12b383a94a35da14\microsoft.wsman.management.ni.dll
c:\windows\assembly\gac_msil\microsoft.wsman.runtime\1.0.0.0__31bf3856ad364e35\microsoft.wsman.runtime.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.transactions\ad18f93fc713db2c4b29b25116c13bd8\system.transactions.ni.dll
c:\windows\assembly\gac_32\system.transactions\2.0.0.0__b77a5c561934e089\system.transactions.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\82d7758f278f47dc4191abab1cb11ce3\microsoft.powershell.commands.utility.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\583c7b9f52114c026088bdb9f19f64e8\microsoft.powershell.commands.management.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\6c5bef3ab74c06a641444eff648c0dde\microsoft.powershell.security.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\system.management.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.directoryser#\45ec12795950a7d54691591c615a9e3c\system.directoryservices.ni.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.data\1e85062785e286cd9eae9c26d2c61f73\system.data.ni.dll
c:\windows\assembly\gac_32\system.data\2.0.0.0__b77a5c561934e089\system.data.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\system32\shfolder.dll
c:\windows\microsoft.net\framework\v2.0.50727\diasymreader.dll
c:\windows\system32\netutils.dll

PID
2988
CMD
"C:\Program Files\Windows Defender\mpcmdrun.exe" -removedefinitions -all
Path
C:\Program Files\Windows Defender\mpcmdrun.exe
Indicators
No indicators
Parent process
updatewin1.exe
User
admin
Integrity Level
HIGH
Exit code
2
Version:
Company
Microsoft Corporation
Description
Microsoft Malware Protection Command Line Utility
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\windows defender\mpcmdrun.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\program files\windows defender\mpclient.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\windows defender\msmplics.dll

PID
2156
CMD
cmd /c ""C:\Users\admin\AppData\Local\Temp\delself.bat""
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
updatewin1.exe
User
admin
Integrity Level
HIGH
Exit code
1
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

PID
3408
CMD
"C:\Users\admin\AppData\Local\Temp\f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe" --ForNetRes "RDAFNeO8PH6NVwY4kJoTYFdbELuBUFNbBzaaeAt2" upOacGl1yOz9XbrhjX9UR2M0j8i03YwVB0pXr1t1 IsNotAutoStart IsNotTask
Path
C:\Users\admin\AppData\Local\Temp\f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
Indicators
Parent process
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\winmm.dll
c:\windows\system32\shell32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll

PID
3512
CMD
"C:\Users\admin\AppData\Local\Temp\f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe" --Service 1488 "RDAFNeO8PH6NVwY4kJoTYFdbELuBUFNbBzaaeAt2" upOacGl1yOz9XbrhjX9UR2M0j8i03YwVB0pXr1t1
Path
C:\Users\admin\AppData\Local\Temp\f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
Indicators
Parent process
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\winmm.dll
c:\windows\system32\shell32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\psapi.dll

PID
2432
CMD
"C:\Users\admin\AppData\Local\Temp\f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe" --Service 3408 "RDAFNeO8PH6NVwY4kJoTYFdbELuBUFNbBzaaeAt2" upOacGl1yOz9XbrhjX9UR2M0j8i03YwVB0pXr1t1
Path
C:\Users\admin\AppData\Local\Temp\f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
Indicators
Parent process
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\winmm.dll
c:\windows\system32\shell32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\psapi.dll

PID
352
CMD
C:\Users\admin\AppData\Local\43946628-348c-44bc-9424-0bc18641f8a2\f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe --Task
Path
C:\Users\admin\AppData\Local\43946628-348c-44bc-9424-0bc18641f8a2\f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\43946628-348c-44bc-9424-0bc18641f8a2\f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\winmm.dll
c:\windows\system32\shell32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\apphelp.dll

PID
3080
CMD
"C:\Users\admin\AppData\Local\43946628-348c-44bc-9424-0bc18641f8a2\f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe" --ForNetRes "RDAFNeO8PH6NVwY4kJoTYFdbELuBUFNbBzaaeAt2" upOacGl1yOz9XbrhjX9UR2M0j8i03YwVB0pXr1t1 IsNotAutoStart IsTask
Path
C:\Users\admin\AppData\Local\43946628-348c-44bc-9424-0bc18641f8a2\f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
Indicators
Parent process
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\43946628-348c-44bc-9424-0bc18641f8a2\f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\winmm.dll
c:\windows\system32\shell32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\srvcli.dll

PID
3120
CMD
"C:\Users\admin\AppData\Local\43946628-348c-44bc-9424-0bc18641f8a2\f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe" --Service 352 "RDAFNeO8PH6NVwY4kJoTYFdbELuBUFNbBzaaeAt2" upOacGl1yOz9XbrhjX9UR2M0j8i03YwVB0pXr1t1
Path
C:\Users\admin\AppData\Local\43946628-348c-44bc-9424-0bc18641f8a2\f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
Indicators
Parent process
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\43946628-348c-44bc-9424-0bc18641f8a2\f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\winmm.dll
c:\windows\system32\shell32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\psapi.dll

PID
3420
CMD
"C:\Users\admin\AppData\Local\43946628-348c-44bc-9424-0bc18641f8a2\f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe" --Service 3080 "RDAFNeO8PH6NVwY4kJoTYFdbELuBUFNbBzaaeAt2" upOacGl1yOz9XbrhjX9UR2M0j8i03YwVB0pXr1t1
Path
C:\Users\admin\AppData\Local\43946628-348c-44bc-9424-0bc18641f8a2\f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
Indicators
Parent process
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\43946628-348c-44bc-9424-0bc18641f8a2\f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\winmm.dll
c:\windows\system32\shell32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\psapi.dll

Registry activity

Total events
2296
Read events
1945
Write events
351
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3420
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3420
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000072000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3420
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3420
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3420
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2728
powershell.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2728
powershell.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2728
powershell.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006A000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2788
updatewin1.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2788
updatewin1.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2344
updatewin1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
DisableAntiSpyware
1
2344
updatewin1.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskmgr
1
3836
powershell.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3836
powershell.exe
write
HKEY_CURRENT_USER\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell
ExecutionPolicy
RemoteSigned
3488
5.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\5_RASAPI32
EnableFileTracing
0
3488
5.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\5_RASAPI32
EnableConsoleTracing
0
3488
5.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\5_RASAPI32
FileTracingMask
4294901760
3488
5.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\5_RASAPI32
ConsoleTracingMask
4294901760
3488
5.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\5_RASAPI32
MaxFileSize
1048576
3488
5.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\5_RASAPI32
FileDirectory
%windir%\tracing
3488
5.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\5_RASMANCS
EnableFileTracing
0
3488
5.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\5_RASMANCS
EnableConsoleTracing
0
3488
5.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\5_RASMANCS
FileTracingMask
4294901760
3488
5.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\5_RASMANCS
ConsoleTracingMask
4294901760
3488
5.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\5_RASMANCS
MaxFileSize
1048576
3488
5.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\5_RASMANCS
FileDirectory
%windir%\tracing
3488
5.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3488
5.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006B000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3488
5.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3488
5.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3096
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
EnableFileTracing
0
3096
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
EnableConsoleTracing
0
3096
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
FileTracingMask
4294901760
3096
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
ConsoleTracingMask
4294901760
3096
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
MaxFileSize
1048576
3096
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
FileDirectory
%windir%\tracing
3096
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
EnableFileTracing
0
3096
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
EnableConsoleTracing
0
3096
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
FileTracingMask
4294901760
3096
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
ConsoleTracingMask
4294901760
3096
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
MaxFileSize
1048576
3096
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
FileDirectory
%windir%\tracing
3096
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3096
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3096
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3096
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3096
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3096
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
SysHelper
"C:\Users\admin\AppData\Local\43946628-348c-44bc-9424-0bc18641f8a2\f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe" --AutoStart
4028
powershell.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3408
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3408
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006C000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3408
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3408
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3408
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3512
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3512
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006D000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3512
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3512
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3512
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2432
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2432
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006E000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2432
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2432
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2432
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
352
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
352
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006F000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
352
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
352
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
352
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3080
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3080
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000070000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3080
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3080
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3080
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3120
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3120
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3120
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3120
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3120
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US

Files activity

Executable files
71
Suspicious files
355
Text files
187
Unknown types
48

Dropped files

PID
Process
Filename
Type
3096
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\admin\AppData\Local\43946628-348c-44bc-9424-0bc18641f8a2\f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
executable
MD5: c4391b3b073bb1354afef0f1260b8fb8
SHA256: f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.DLL.trx_dll.kroput
executable
MD5: e2c90f53885d2e2dbfed6033dfafd2ac
SHA256: 56960c221d2f6800932bebf3c40786ee6ee583ef983a6484d2fdb3742b5480e6
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\1036\MAPIR.DLL.trx_dll.kroput
executable
MD5: 928a14a03d186acc726a33aecf5d6ca7
SHA256: f7b0e284b08ca53c5719e3c6d4a5b421cdb4509adff3e2967a34c785d779513c
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\3082\PPINTL.DLL.trx_dll.kroput
executable
MD5: c92dc638d5ab63da5f0eecf361e1a439
SHA256: aef06267d7c4870a59f1e45a9b30dbfcf526ae27d2453d919204b81772c3631a
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\1036\MSOINTL.REST.trx_dll.kroput
executable
MD5: 71ee38b9b8ee45b5d99b0d883c018b50
SHA256: fb8e3f447bb2429c9e0cc18d81010e042b8dc0fe3ccf9a6cc197bb92c8c27d4f
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\3082\OUTLWVW.DLL.trx_dll.kroput
executable
MD5: 457d1b0030783782e0d5f0b37a2d8945
SHA256: 2da77c0e1c6f01adcea6d696f5cf029e343e2d781e6627cae4fa7c043ded35a8
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\1036\GRINTL32.DLL.trx_dll.kroput
executable
MD5: a18df416944006bd42891ee7443f8389
SHA256: de43d6a6300bec302781607470ce13731847cfe53fda245b153bd56bc38a0648
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.REST.trx_dll.kroput
executable
MD5: e6d86354876c0071d6ef273166ff1d3f
SHA256: 1aeb951343e2a41785f969002731b3401323e80c1bd15634e8eadb14abcbdb67
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\1036\ENVELOPR.DLL.trx_dll.kroput
executable
MD5: e15075b1a053dc2542651866ccdf2709
SHA256: e774067aae3895a8eb780d8f43e53d691a3ed7c580402b7fac6cdf9b1fb08a37
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\3082\PPINTL.REST.trx_dll.kroput
executable
MD5: e7abea2c6db0d404b5a8429b09202d9e
SHA256: 20c72428f0a2796399de86af41b9d30995ce52ddc6ed9b450c6609f62c181e28
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\3082\ONINTL.REST.trx_dll.kroput
executable
MD5: 7ecd2e3b0ae3862ae3231fe76dc60921
SHA256: 4b90599ea45405f9923045e79e40f8f28d78d6dc459210784cdb0c8de7622f7f
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\IdentityCRL\ppcrlui.dll.kroput
executable
MD5: b476ed59d391f51693f2efc8d71b1bd4
SHA256: 97f5bddc61b942a04e34bb4d3d9fa853a0bf8ade894bcd4632c20d328c8b379f
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\1036\MOR6INT.REST.trx_dll.kroput
executable
MD5: ead819f847472fc4016b21ded2a47590
SHA256: d5936d1bf3836e1afd7c32ffdb2d0669c4b1ca45278524b013bf2c612bff8cc8
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.DLL.trx_dll.kroput
executable
MD5: 77865f19bc26c2bf520fa56163d50c97
SHA256: 33bc0c124e28cd2de154f5c4d5c4eeb6839d11e7c52b04feb0c60ef71f9f5ef6
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\3082\ONINTL.DLL.trx_dll.kroput
executable
MD5: 9b68d7b40fbb117e16ec2c658434b264
SHA256: 39639dae01bb760d31cd6eec676975fb84813ed90836c156a277f85e9a527971
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\IdentityCRL\ppcrlconfig.dll.kroput
executable
MD5: cb19d77fbb70cd1258713e8d0ae8b27a
SHA256: e7a15a199f67a86da803a606639cf3d55b6e9d686bf76d86ff444b845ab6d3b2
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\1036\MSOINTL.DLL.trx_dll.kroput
executable
MD5: 5356c36c63e1021cc8c04d00f786447a
SHA256: b85ed1e01be98ba3594546bc635f6fbd49896974ae276849dd0ca9eb9d10cbff
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.REST.trx_dll.kroput
executable
MD5: 7a9589efc5c21d5ac1c404f70ba25e81
SHA256: 7f9145f1a8a6430b2ab356653ababa9549ae41961e16dbb8d7bc9cf770dc924c
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\3082\OMSINTL.DLL.trx_dll.kroput
executable
MD5: e0289085d131816f95b4a876a40c15f0
SHA256: 6dd70d29cb0e70049a8b3dfe47561ce2f39696ecb5a37eff2ee3b811e163759f
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Program Files\Java\jre1.8.0_92\bin\javaws.exe
executable
MD5: 2d37946fe538ae71ef2940def62408c3
SHA256: 19fa5e6716e8a235b3aff98bf31f23e867796dba44b22751836711e520e13443
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\1036\ONINTL.DLL.trx_dll.kroput
executable
MD5: e1b625437c2e05904cf7b0711eba0c99
SHA256: 7717f0c24e1cbd7886c90008dc014da4b4cd7f1ea453eb74cf96ec29166a1881
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\3082\PUBWZINT.REST.trx_dll.kroput
executable
MD5: e79e941c8c9105b30ce360134643306b
SHA256: 3de6344b5a2284917dc2f705167189a8424b21c425210201de73a11688ff679c
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\3082\MOR6INT.REST.trx_dll.kroput
executable
MD5: 2cf34ba163bf2e4f003168693b18e382
SHA256: 99c9498d83f5977445d6a50f9406421a34e06ae1821b693d7ffb0e5c1a532e93
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\Oracle\Java\javapath\javaws.exe.kroput
executable
MD5: 2d37946fe538ae71ef2940def62408c3
SHA256: 19fa5e6716e8a235b3aff98bf31f23e867796dba44b22751836711e520e13443
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\1036\OMSINTL.DLL.trx_dll.kroput
executable
MD5: e235f56dd4990e0816e489f46afb3283
SHA256: 9359f30498e6f216fd413ac82c36c49c137bd974cbec4c2625173468d726bc81
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\3082\SGRES.DLL.trx_dll.kroput
executable
MD5: 05f69c4d490c16a8c387416ffdcdd416
SHA256: 4fae1e619c3d49553e434c53bc791c3ed50bed781ba57e83e420f2d1745838cd
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\3082\MSOINTL.DLL.trx_dll.kroput
executable
MD5: 264c50824f28c02a2421b0299b4f8063
SHA256: 440a5ad6726575edd1e2cbf20410c4450d126dd19e09aa3917ecc711528039c9
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\Oracle\Java\javapath\javaw.exe.kroput
executable
MD5: 3d6ef9a42b9564d9ea8c2d9642a01599
SHA256: 0da9947afccb682831c9d5f9769922934e9fcd4597f4402ba2ede3598bfc0631
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.DLL.trx_dll.kroput
executable
MD5: 789ba8ce5f91d423c1bddbbb6cea7d39
SHA256: f2e9872747048f03a1367e4486502eae3fb6182467f985eb0d9c732e271390c0
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\3082\VISBRRES.DLL.trx_dll.kroput
executable
MD5: aaf3c671e4723e41ed7da3989814dfec
SHA256: f765a052a0e7f87106c32cc2dde8c745625bcb96b14704416a53d7bda2b10634
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\3082\MAPIR.DLL.trx_dll.kroput
executable
MD5: b819e83f259f4107a9d382f9e93a53d6
SHA256: 04e31e8d326c5ceb8f5a55b7fcb73e47eb2d4efdb3c943c4fc6b8e166ae54c04
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\Oracle\Java\javapath\java.exe.kroput
executable
MD5: 640a0247933477b0fdcacf96e8e0f83e
SHA256: 7fc643113d9a99ee6e6322621890039c3cab7ec1dd59e697d83a8ada6d0cbd8c
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\1036\PPINTL.DLL.trx_dll.kroput
executable
MD5: a2da4f934888d62a3b8fa7a443792142
SHA256: 2c67762003da6b7527eb2da1e179ffaca4266025c5c8dfceaf91d9631b206f4f
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\3082\STINTL.DLL.trx_dll.kroput
executable
MD5: 284a95ccbb0414f3506a996398e50ffb
SHA256: 0a039eae360269a5b1ff3cfe7e162639e4be6ccf657dc2bec9487cc987eec9a7
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\3082\MSOINTL.REST.trx_dll.kroput
executable
MD5: 4e027d0428581c0888fdb0359efe13c9
SHA256: a8372db3a0000e7414e39e5d3b067de2cf950b875a56b4d401a8f0f0bde2b2f7
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Program Files\Java\jre1.8.0_92\bin\java.exe
executable
MD5: 640a0247933477b0fdcacf96e8e0f83e
SHA256: 7fc643113d9a99ee6e6322621890039c3cab7ec1dd59e697d83a8ada6d0cbd8c
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\1036\OUTLWVW.DLL.trx_dll.kroput
executable
MD5: ca095fce6947261b08e92db3995e952d
SHA256: 7ba8789d81e77ca47986560f17b991bcb972a76b6fe309228aed2248b5a67dff
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\3082\VISINTL.DLL.trx_dll.kroput
executable
MD5: e307928c38c723e64eb0827f2455f115
SHA256: abf2122b2497826fecfbe1dcb8d6eae6a9573e9d511ae0cae9eb6b6448c1201e
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\3082\GRINTL32.DLL.trx_dll.kroput
executable
MD5: 8aa586250f4dc2b60ba84dceaa4b3dd2
SHA256: c0932bfe3b459fca7b01fb1c847e19fba62bf8dc9436e60f31452511297324d2
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe
executable
MD5: 3d6ef9a42b9564d9ea8c2d9642a01599
SHA256: 0da9947afccb682831c9d5f9769922934e9fcd4597f4402ba2ede3598bfc0631
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\1036\ONINTL.REST.trx_dll.kroput
executable
MD5: b38fd79f4e35f59dc335312b6ad92dd9
SHA256: 6319ab57eaa2a05e1be038d4aa65f289bcfc2c13160af13b14a2f5fc3f7f0c96
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\3082\WWINTL.DLL.trx_dll.kroput
executable
MD5: 86accb0976b3d97123c914f8dc507cb3
SHA256: 2cba8b9b55b46465960dcccfc25f28955e879afa805f2a09d7269cea4baae2e5
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\3082\ENVELOPR.DLL.trx_dll.kroput
executable
MD5: f1bc7df7c0087cedca910d6ad07b78fe
SHA256: ae7e5b695cd0ece57139bb0feaa9f01f68d469da0f2678c39ad4e480a194fe6f
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\Setup.exe.kroput
executable
MD5: 58cb22372af07a94c74f2044413881c7
SHA256: 97aa4eebb54ff63dabb695add46245b5bbdc50b6ff35b37897c44265a22e27ac
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.REST.trx_dll.kroput
executable
MD5: e17fa9a2517a60b735d0ec678f1e4575
SHA256: ee2a8913973be9c4071ed22df92e41cd00178f1d2fac890920484dc10ebca1f7
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\3082\WWINTL.REST.trx_dll.kroput
executable
MD5: 64721efc5c72142ad33ff803ae28f8ee
SHA256: 75e1f7fea2e74364db39e66d882845daa4e86bfd49a2440440fd99a7cb63b2ac
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\3082\GRINTL32.REST.trx_dll.kroput
executable
MD5: 841aba3acd0cf1e300d1b7c9c7cb98f5
SHA256: bb40222299910e436c368e7790ffe3c97839e2f1f88734c18e4c4fa495104fd1
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\admin\AppData\Local\bd14a38a-026e-47b1-9e8e-bd362d7ed64c\5.exe
executable
MD5: d0e483e60acd942f4c398678cbb36b0c
SHA256: 4321c83a3271d38f170094c2abfc4db4fa60a83f417805f9c4139fdb8fcd1483
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\1036\PPINTL.REST.trx_dll.kroput
executable
MD5: 74c420f25104f963fbdf5d51e97a5e29
SHA256: 9b380273b30ff938fa5f85330183d725a69f3794660c0026cfef31ce489adb88
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\3082\XLINTL32.DLL.trx_dll.kroput
executable
MD5: c65ff63bc627fccbf5f4488b9066069a
SHA256: dba9432ec0962706087be6efd53f4fae41c0ede8feeddbfbbdd22cae821e69df
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\1036\WWINTL.REST.trx_dll.kroput
executable
MD5: 3fc932e59d8e902201e0eafc386803e9
SHA256: 91a18207cb060d4c94059a4eae2219ea6d3e7f3972f8d2466f0b9618c9990f00
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\admin\AppData\Local\bd14a38a-026e-47b1-9e8e-bd362d7ed64c\4.exe
executable
MD5: 76d9c9d7a779005f6caeaa72dbdde445
SHA256: b61991e6b19229de40323d7e15e1b710a9e7f5fafe5d0ebdfc08918e373967d3
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.DLL.trx_dll.kroput
executable
MD5: 888aac87dc4424ced71b1ad12f02af7b
SHA256: eee604ac5a5e49a5ef0a8235263132ddff99948e7f3d464ce244d36567f0723c
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\3082\XLSLICER.DLL.trx_dll.kroput
executable
MD5: ef3ce39de7e7ccfaa9edbe166c6b0f8c
SHA256: dbdbe447c46ee8090cbaccf4ae2aee55dfac61036cd1256c3b94a4a763ff5dd8
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.REST.trx_dll.kroput
executable
MD5: 0f5db11addf09fca13a837866f871134
SHA256: 75181e8c242c48744de60234acb614cdb033ffa4cdfc0620dbcd0ac8f8ac0b7a
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\admin\AppData\Local\bd14a38a-026e-47b1-9e8e-bd362d7ed64c\updatewin.exe
executable
MD5: e3083483121cd288264f8c5624fb2cd1
SHA256: 114ccacb7ca57c01f3540611fdf49e68416544da8d8077f5896434a4b71b01dd
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\1036\STINTL.DLL.trx_dll.kroput
executable
MD5: 5763ac30a44ccba14c2c41fe02e477f3
SHA256: 1312b39c3d01ff88d45aec907e912c93a7e012b8251481cf98a712a65f082ba1
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\3082\XLINTL32.REST.trx_dll.kroput
executable
MD5: e7d1aabeb33a8cd95fe59a1814c6eb23
SHA256: e776a022257c7f60ce6a96e3d5640146487dd85dc022e4a51aa57c8d39869ef6
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\1036\SGRES.DLL.trx_dll.kroput
executable
MD5: fe2f6607a082a34fa940f009dcba32ba
SHA256: a96c88a89814753879ab8aa2cc1ed05f27ec9902a0f402f65d666a181a783cef
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\admin\AppData\Local\bd14a38a-026e-47b1-9e8e-bd362d7ed64c\updatewin2.exe
executable
MD5: 996ba35165bb62473d2a6743a5200d45
SHA256: 5caffdc76a562e098c471feaede5693f9ead92d5c6c10fb3951dd1fa6c12d21d
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\1036\VISBRRES.DLL.trx_dll.kroput
executable
MD5: 4a8becbcc6c544372041a6a45d2c9287
SHA256: 18cd2dc5e9339fc9c9bf7d32c791acdba92679fdcefb5374ea96945f288969b6
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Package Cache\{7e9fae12-5bbf-47fb-b944-09c49e75c061}\VC_redist.x86.exe.kroput
executable
MD5: 9bdf594c08cd47f7c03efd0e026cb8ad
SHA256: d38a85521cd1bc363c117a8655f5ed2ee725f73845ecd43c23f1850389a53943
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\1036\XLINTL32.DLL.trx_dll.kroput
executable
MD5: 793c2b52a886cc741d00906284a0d050
SHA256: 247d0015de32b90d2a22625bebb0c7b6b99590f77a8b42a829bbd54175cf7caf
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\admin\AppData\Local\bd14a38a-026e-47b1-9e8e-bd362d7ed64c\updatewin1.exe
executable
MD5: 5b4bd24d6240f467bfbc74803c9f15b0
SHA256: 14c7bec7369d4175c6d92554b033862b3847ff98a04dfebdf9f5bb30180ed13e
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\1036\WWINTL.DLL.trx_dll.kroput
executable
MD5: 4849d91f59e633b223f2a3fe5ee99946
SHA256: ccc3a06ce2e7b09b6e6f2d62145d223b6106b62e08193b00c562621108c35fbd
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe.kroput
executable
MD5: 51b880f8d1cf4d7a90492713bba7b1a9
SHA256: 59db0976bdd08704833092476bd7c7fbd98245ae6f09d0ad22632873755a403c
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\1036\VISINTL.DLL.trx_dll.kroput
executable
MD5: e1d3b471122abe872b377d0aab787a10
SHA256: 174ad545f75629d599856630058ea098d9907827b854a4be38dac50c08cf3c2c
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\1036\PUBWZINT.REST.trx_dll.kroput
executable
MD5: 0b9a2730e5e5d42afaed11919282e998
SHA256: 36c9428eec084e2efb7e3e3e8c636375a32caf42178bc55bc94164e5681a8a28
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\1036\XLINTL32.REST.trx_dll.kroput
executable
MD5: 3f1a9def3d5f2f71a31017ec90dc32ad
SHA256: ca9dd67676983942e36e9c180a94fcc6cdb8fef0b67b10da145b5ffdfc43ac83
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\1036\XLSLICER.DLL.trx_dll.kroput
executable
MD5: b6b22b734688fbb66b7e056ce6f7a7a4
SHA256: 0a5deee0a2b8e6e6279985dec35af1ea1790fd00d25e81f4899f967addb4c57c
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\UICaptions\1036\GRINTL32.REST.trx_dll.kroput
executable
MD5: 394ce640ecfc7929788a9141c0b49bac
SHA256: a100ff8dd90e689b8cf186b892b622e5a3cc8c8aabc925f742ec6aa03cc1b7c3
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\Links for United States\USA.gov.url
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\PACKAGE CACHE\{F65DB027-AFF3-4070-886A-0D87064AABB1}\STATE.RSM
––
MD5:  ––
SHA256:  ––
3120
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\geo[1].json
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\PACKAGE CACHE\{7E9FAE12-5BBF-47FB-B944-09C49E75C061}\VC_REDIST.X86.EXE
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Package Cache\{7e9fae12-5bbf-47fb-b944-09c49e75c061}\state.rsm.kroput
binary
MD5: d1b0d490adcd8a571132b1066059d623
SHA256: fd651be783faeecc33c2b47758291dcc02779144f6fb347b4c1213448e16f487
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Package Cache\{568CD07E-0824-3EEB-AEC1-8FD51F3C85CF}v14.11.25325\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.kroput
binary
MD5: 0e900f1fe61c7fa449860a7cd6b48a26
SHA256: e28b1851d515febdb0f95f13e0e1e04bed35d91d295703cf4ae87a7768833dce
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\PACKAGE CACHE\{7E9FAE12-5BBF-47FB-B944-09C49E75C061}\STATE.RSM
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\PACKAGE CACHE\{568CD07E-0824-3EEB-AEC1-8FD51F3C85CF}V14.11.25325\PACKAGES\VCRUNTIMEADDITIONAL_X86\VC_RUNTIMEADDITIONAL_X86.MSI
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Package Cache\{568CD07E-0824-3EEB-AEC1-8FD51F3C85CF}v14.11.25325\packages\vcRuntimeAdditional_x86\cab1.cab.kroput
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Package Cache\{39E15475-23F2-345D-8977-B5DC47A94E26}v14.15.26706\packages\vcRuntimeMinimum_x86\cab1.cab.kroput
binary
MD5: 949433aa49fd1aa6c5260ce33379df1b
SHA256: 56f6ba33b1d6232284be41946dd8f40679c7c89509223b99bbf8744ef9f6dfff
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Package Cache\{39E15475-23F2-345D-8977-B5DC47A94E26}v14.15.26706\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.kroput
binary
MD5: 5ca23f9d0dd884bb6b11a93edcbb3f1e
SHA256: 79be199874307caf83926625591901f9deae87888f702fa91b70dfa37d94d9d9
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\PACKAGE CACHE\{568CD07E-0824-3EEB-AEC1-8FD51F3C85CF}V14.11.25325\PACKAGES\VCRUNTIMEADDITIONAL_X86\CAB1.CAB
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\PACKAGE CACHE\{39E15475-23F2-345D-8977-B5DC47A94E26}V14.15.26706\PACKAGES\VCRUNTIMEMINIMUM_X86\VC_RUNTIMEMINIMUM_X86.MSI
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Package Cache\{2757496A-3E74-320A-B007-36120A9F126D}v14.15.26706\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.kroput
binary
MD5: 7f13cdae0a8edd201ff3e09e12b2eab8
SHA256: 82230f5acfae6552af90859c8a83bd3c6979b3e6d64534ba42a63186020d9424
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\PACKAGE CACHE\{2757496A-3E74-320A-B007-36120A9F126D}V14.15.26706\PACKAGES\VCRUNTIMEADDITIONAL_X86\VC_RUNTIMEADDITIONAL_X86.MSI
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\PACKAGE CACHE\{39E15475-23F2-345D-8977-B5DC47A94E26}V14.15.26706\PACKAGES\VCRUNTIMEMINIMUM_X86\CAB1.CAB
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.kroput
binary
MD5: 943e432a4faa6b701192092e17b98d6a
SHA256: 8d03b3e7e9ae56f772da2c92f4bfc1f84f92c0b00b27760c88fa4fecd2401cfd
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.kroput
binary
MD5: 49cc5a890d6b86df9e9161f55ecafbfa
SHA256: 50bcd14c3ff4da1abfa515334180fbc98ca472c172a811f03cef7acb0ef0b435
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\PACKAGE CACHE\{2757496A-3E74-320A-B007-36120A9F126D}V14.15.26706\PACKAGES\VCRUNTIMEADDITIONAL_X86\CAB1.CAB
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Package Cache\{2757496A-3E74-320A-B007-36120A9F126D}v14.15.26706\packages\vcRuntimeAdditional_x86\cab1.cab.kroput
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\PACKAGE CACHE\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}V12.0.21005\PACKAGES\VCRUNTIMEMINIMUM_X86\CAB1.CAB
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\PACKAGE CACHE\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}V12.0.21005\PACKAGES\VCRUNTIMEMINIMUM_X86\VC_RUNTIMEMINIMUM_X86.MSI
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Package Cache\{029DA848-1A80-34D3-BFC1-A6447BFC8E7F}v14.11.25325\packages\vcRuntimeMinimum_x86\cab1.cab.kroput
binary
MD5: bd4d66685f8c050bc8c55a58de6ef54d
SHA256: ded1777b95d1ecde6ecfbae28f9db0a8670484432bcada37f6bd53f8a9bac51f
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Package Cache\564F02E6419B9858949B0CD5A65E2C8C0944DD88\packages\Patch\x86\Windows6.1-KB2999226-x86.msu.kroput
binary
MD5: 51e124ce1286b4a74ef0339abc74d638
SHA256: 29827caa16c89c8e35fc00cd62ffb00c0bfb6837d1c8fa6d75e36985e418875f
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Package Cache\{029DA848-1A80-34D3-BFC1-A6447BFC8E7F}v14.11.25325\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.kroput
binary
MD5: 6e991859b37d467d56253859e0736a8a
SHA256: dfbf9fb8686b3167677ea65eb3844f61fe48d101012a78acba97214396862ac9
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\PACKAGE CACHE\{029DA848-1A80-34D3-BFC1-A6447BFC8E7F}V14.11.25325\PACKAGES\VCRUNTIMEMINIMUM_X86\VC_RUNTIMEMINIMUM_X86.MSI
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\PACKAGE CACHE\564F02E6419B9858949B0CD5A65E2C8C0944DD88\PACKAGES\PATCH\X86\WINDOWS6.1-KB2999226-X86.MSU
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\PACKAGE CACHE\{029DA848-1A80-34D3-BFC1-A6447BFC8E7F}V14.11.25325\PACKAGES\VCRUNTIMEMINIMUM_X86\CAB1.CAB
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk.kroput
binary
MD5: 4c85cef62a4a084007bef32b607be6b8
SHA256: 828c28a8f9520f77fcca8d7b6120966df10b32c030e8e5fd2c59ea737fb15797
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk.kroput
binary
MD5: fef231af1a4d37ad01f819fe93eb9e40
SHA256: 2790030e4419cfaf60c637e38c495fe61a0d134d0b7b9b2d90e76ded33284274
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Windows Update.lnk.kroput
binary
MD5: d2611cb1831e60169c4d3410941e264b
SHA256: cf22611af4740353dadf1f14fa202e5e163aa75266a6d9116d310bfc6353791e
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows Defender\Support\MPLog-09092018-155555.log.kroput
txt
MD5: 6077414811fbe632ad6e5bda02af8b61
SHA256: 31dc18a6a05bf1c43d2b013f6bc9fd06591a89814e76fdef865c42f48ed10563
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk.kroput
binary
MD5: b713a26935f7fb0ab3f4c3ac2914739e
SHA256: 249338f3f145ded246fb388be5c3e18f38184ef9c45173cdd4ab77dc121b1cbb
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\WINRAR\WINRAR HELP.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\WINDOWS UPDATE.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS DEFENDER\SUPPORT\MPLOG-09092018-155555.LOG
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\WINRAR\WINRAR.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\XPS VIEWER.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk.kroput
binary
MD5: 310e4dd37892c31b229b535df75b3833
SHA256: 8b136e74ba9568e8ec8431c4da3fba97c92b3a2f5158b6dc9ac3434388d7e079
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk.kroput
binary
MD5: 30ed849ea2c9bee73de342aeabe3d363
SHA256: 5eeafbef3b4651ba9c06ead2d612f42de6023f283a2364cc083a3b91a0328f51
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk.kroput
binary
MD5: 6f8e58c4f59a25865a2c418ec8e43753
SHA256: ae0d72da90c3b2e29868954584d552fa897fb0ed134cb17a66e6b8dc22e6181a
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk.kroput
binary
MD5: 5d75547fd4507e85fe388a66692919a2
SHA256: 0045bacdd7ee7c83d602aad651f417b1983cd53c019ff09ae5fb60d9263dc451
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk.kroput
binary
MD5: 41eeb848c91137f3f8e3f890bcdf7915
SHA256: 8e970d280ea7cf78b910f083281a29323910c48a3a0b6787e71170bcbec1b17c
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk.kroput
binary
MD5: c120d0e481b9e83f43630562e0591451
SHA256: e137623703212fd687f151bac749899c4fc47c41c602ecd9084b9f01f26eae0d
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk.kroput
binary
MD5: eae3d11bf43721df6713855697bd2428
SHA256: 92aadb29d3a92004544ffe1542f351082eaf4b7d0e79e0ba91c7c5dfee7a8d55
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\VIDEOLAN\VLC MEDIA PLAYER.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\WINDOWS ANYTIME UPGRADE.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\WINDOWS FAX AND SCAN.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\WINRAR\CONSOLE RAR MANUAL.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\WINDOWS DVD MAKER.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\WINDOWS MEDIA PLAYER.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\WINRAR\WHAT IS NEW IN THE LATEST VERSION.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk.kroput
binary
MD5: 5125052dc4fa63c76380956b64cf0904
SHA256: edc26a02b7eb3ef89b4aace9c7ddbe206b005cf19537188d8947990a0f2ebc39
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk.kroput
binary
MD5: 46bf35c9ab9cc94817ef50d36be55e63
SHA256: 3ed0637690ac312f484d02fbeffbb16dc53a8e0718e0addedac15ec747ebb0d5
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk.kroput
binary
MD5: 513ad4e257b022d3afacbcc9dd035608
SHA256: 6228ad28178a00fc93ddaefea02b07b7cbda416aa83599ae03e46250e409cb3e
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk.kroput
binary
MD5: 0cb2b922fba7531d6403360a28e4fd23
SHA256: d53b19401928ee32aa3efae0bc541eb2bf5aa62b99cf47d3255418a74b9cf40f
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk.kroput
binary
MD5: 69d81bb9f5c5316b2dc06827d94e6604
SHA256: 6f9f6e19583fd610dc5cb1d0b6ceb28d05b35f0f73a5b3b7f769c97f37995e49
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk.kroput
binary
MD5: 3af5b621859c7d60c328e4a5f98b2c78
SHA256: 09ef02a75ec647e46dcda34656a64a8c3cd235dd54d233409ea448e81583eeb4
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk.kroput
binary
MD5: e0a50b4061a2c8e2cdbe9eee00ee68c4
SHA256: 621452528683a0594d00d476dc6697ee87fa771394c86bccb8ee35d91946fd92
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.kroput
text
MD5: 0a6e8aea9231b5a8406e2d654d9d004e
SHA256: dcc88352477df044638e8bf1f87f9b00baec1f1c09fb02ee7df37c4a2c7ea32e
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\VIDEOLAN\VLC MEDIA PLAYER - RESET PREFERENCES AND CACHE FILES.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\VIDEOLAN\DOCUMENTATION.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SKYPE\SKYPE.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\VIDEOLAN\RELEASE NOTES.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\VIDEOLAN\VLC MEDIA PLAYER SKINNED.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\DESKTOP.INI
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\VIDEOLAN\VIDEOLAN WEBSITE.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Opera.lnk.kroput
binary
MD5: 449653baeb4f20a0eefdbc2e2c939e2b
SHA256: 7ebdd49bf3f4d221f18944cae4701dbfb93fc501181711cfb070d5c591d655db
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk.kroput
binary
MD5: fce4ddc8a90128f874694188d23bec1e
SHA256: 37f8f67138c52575469e67a24a8c4322c1cae2a704ef7351c9eb584c65e070df
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk.kroput
binary
MD5: 0ecdcd3636cbf3d97c52ae6d8d59022a
SHA256: da4cc3d876eb580a565a458e4d58f3f540f07e725975ea5531ff8642d3d97cf5
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Notepad++\Notepad++.lnk.kroput
binary
MD5: e3422f02b4b7f8b7ea9f7bd319968217
SHA256: 42d1137ce7aeac2b95788657dea96f42d29c022b7977b9df7d7d9987e61af6be
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk.kroput
binary
MD5: f1348ea12e6a4dbd6aaf8367620d672b
SHA256: fef38dfd5b28e56fd301f5e4c36df0d311b9957d9783ae41607529f2dd27d763
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk.kroput
binary
MD5: 6fef25c9c2d1bd67f72b9139f5887f1e
SHA256: bdbd97504fb3b5326dcab57f7b4af44c47d9c51ff8b653db6904d7ba3c86aaea
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk.kroput
binary
MD5: 974f8b83cc0b51ca516c79c910c094a0
SHA256: 2b8e4d000d889611af0b5345558476092080724c2746d869cf9236dcf5d8fea0
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MICROSOFT OFFICE\MICROSOFT POWERPOINT 2010.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MICROSOFT OFFICE\MICROSOFT WORD 2010.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MICROSOFT OFFICE\MICROSOFT OUTLOOK 2010.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\OPERA.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MICROSOFT OFFICE\MICROSOFT PUBLISHER 2010.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\NOTEPAD++\NOTEPAD++.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SIDEBAR.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Language Preferences.lnk.kroput
binary
MD5: 08dff77d7a491304999f81d92a583b89
SHA256: b618c9f80a9e1abe00d37cf2993b80b2982bfae42dc18426fe1743ee497d377f
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Office Anytime Upgrade.lnk.kroput
binary
MD5: f2d982863678af208adee484a3f8dca2
SHA256: 2a7c7a5d9f56f20be69c76f3d092a8f96eb54a4560f6f4f5e50e8c5cf69d09d6
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk.kroput
binary
MD5: f80339a805fcf95e2d877866ca983206
SHA256: 0d4bb9675e1c07357eb8983717874d8c7a18e44e77fa44e2db75a761942d1cde
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk.kroput
binary
MD5: e3f2e681e28385bc05167f8a9cacff82
SHA256: 4f3193a7aac4e6c94e7e505d6466003a0e600814663b2046b7c7a3c94fa68e71
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk.kroput
binary
MD5: 09eeea33f91a3d969377f624f5ddd667
SHA256: 59acafbe50f733e985b151b8e10a39fac45163846817f9d8b78e2bf64542c4fb
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Digital Certificate for VBA Projects.lnk.kroput
binary
MD5: 82c1429cc481b11e03d000d6fc5f3eab
SHA256: 1cfd2db0d60094737945c5563a31721e869ea7e9582be69bab4d4bf71944504d
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MICROSOFT OFFICE\MICROSOFT OFFICE 2010 TOOLS\DIGITAL CERTIFICATE FOR VBA PROJECTS.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MICROSOFT OFFICE\MICROSOFT OFFICE 2010 TOOLS\MICROSOFT OFFICE 2010 UPLOAD CENTER.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MICROSOFT OFFICE\MICROSOFT OFFICE 2010 TOOLS\OFFICE ANYTIME UPGRADE.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MICROSOFT OFFICE\MICROSOFT OFFICE 2010 TOOLS\MICROSOFT CLIP ORGANIZER.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MICROSOFT OFFICE\MICROSOFT OFFICE 2010 TOOLS\MICROSOFT OFFICE 2010 LANGUAGE PREFERENCES.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MICROSOFT OFFICE\MICROSOFT ONENOTE 2010.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MICROSOFT OFFICE\MICROSOFT OFFICE 2010 TOOLS\MICROSOFT OFFICE PICTURE MANAGER.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.kroput
text
MD5: 8fa8ebee8ad5ae9f496e247f40c6a45d
SHA256: 1ad424c13220039fbfd63416f8b00ab49cff2008d1435258f59c22b1c11c1845
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk.kroput
binary
MD5: 061be30cb02fab47808c86bebaefde28
SHA256: 996a70ea28a7b8d08f737238200644d75e73eab52b556868afde222174009ee2
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk.kroput
binary
MD5: 5ed1c42d559e99530288fa418b146397
SHA256: 5588e15ec5efc5e542e2bf6829559f9396f0c23a7c04ed080d01fcda6b3ebab7
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk.kroput
binary
MD5: cf87712eb7348d936808a3218f24e527
SHA256: 3662c8b864bfe26ab6844cb0bbc2b85cff02873832dacedd8ec98d37c2d80533
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Media Center.lnk.kroput
binary
MD5: cb9419ccb5f406b93d0e62d912c43307
SHA256: c5f9a6262a9c81b6d28cc3a5540f61c78eb1b17f2609fece0e9d7615bc232cb8
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MICROSOFT OFFICE\MICROSOFT EXCEL 2010.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MAINTENANCE\REMOTE ASSISTANCE.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MEDIA CENTER.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MICROSOFT OFFICE\MICROSOFT ACCESS 2010.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MAINTENANCE\DESKTOP.INI
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url.kroput
ini
MD5: 404c92efc211f44b0bacc194176723ee
SHA256: 60cb90c6a35fe67d0920398c6f4396430559fa96db90661bfc2f30653d14afa8
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk.kroput
binary
MD5: 84fbd7700a59ecadb9310136e0cd2936
SHA256: fb662b6a39b32b4eda2f628b49b8eef4f9034694e43936a0e2224f4b2fe099cc
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk.kroput
binary
MD5: 11e6a46ed67586bd5ad90f1e3db40ef7
SHA256: 330f51e9fe0e597eecc3e25923d7036606dd9afd24147df306cbc415155756be
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk.kroput
binary
MD5: c1dc6fcc22c28a979ffc3a62afd196c0
SHA256: 3a4f393c12593daf582dd3bb2afa2dc02c50708b6ca376a7fb462065b843f06e
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk.kroput
binary
MD5: 2dccbff2d5d1721687f2a74e26163695
SHA256: 360ad35c983d40e655c326a1d3b7eed56151f7e26bc8a6435f521343860f31a5
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url.kroput
ini
MD5: 502382e4ef9d39602bccdc82e2442524
SHA256: 6ec636d3e3bb087a8d165725c51a1b32f015270c2a28227980eb078a08fe9f13
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk.kroput
binary
MD5: 66910cbf8ec9d267a0cbfebe4ebe46d7
SHA256: b3e7c8cf74f4e08a729da4bbbeb8d35f7c67172e670fec2309dc819465018385
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\JAVA\CHECK FOR UPDATES.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\JAVA\ABOUT JAVA.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\JAVA\GET HELP.URL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MAINTENANCE\BACKUP AND RESTORE CENTER.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MAINTENANCE\CREATE RECOVERY DISC.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\JAVA\VISIT JAVA.COM.URL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\JAVA\CONFIGURE JAVA.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk.kroput
binary
MD5: a4d0ee2153b431d09c55a678feb3dcc0
SHA256: ac5cd586c131a6c4d80dd4b0ab384993ed1f5991cdab3090e21f135abd0ec8e4
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini.kroput
ini
MD5: 3fad4c3132b4a714643dadf7d2667d71
SHA256: e7689c16929a599491593538ebed3590ce005d1c3922b87c2d0291317504478e
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk.kroput
binary
MD5: df27b1e426622fba12309fccbdf64fe2
SHA256: a52c8490fa36c00beb7fff7a1b82926eddbd41eb1468d85efe887c000e408031
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\GOOGLE CHROME.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\GAMES\GAMEEXPLORER.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\GAMES\DESKTOP.INI
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Firefox.lnk.kroput
binary
MD5: f3e5f192a5f8eadebe75abea16e053d9
SHA256: 15776ad27630e799c443a9cfeb1b33a75978abbd0907c80224c3bd7a378b9532
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client\Uninstall.lnk.kroput
binary
MD5: 35c7e11a011ea805ce6e64c5b910c671
SHA256: 1154efe74f04a27963d6dfeeb73b3a81f6778e7004ea77e36576f8a71f440c99
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client\FileZilla.lnk.kroput
binary
MD5: 3130317601b68a2fe9a3f7d7732047bf
SHA256: 149c85c298a17e53b12ba82d11bd20618b5dde5ea8e52cdea25d83901e031fb5
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\desktop.ini.kroput
text
MD5: 2f22254e3a862361285a430ce39441cb
SHA256: 983ed6c80c04d5d82799a357a38a87a8f54361c049bdce2110ed935ac1393521
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\FIREFOX.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\FILEZILLA FTP CLIENT\UNINSTALL.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\FILEZILLA FTP CLIENT\FILEZILLA.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url.kroput
ini
MD5: 2f5bdd759018043383fb0626a8c1ce82
SHA256: 10f743c2256769d376e104e5cb6c6d306421b1838643af3dbbc80ccf8a829763
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk.kroput
binary
MD5: ba0597323e7ee486866ca57776a1448a
SHA256: 6ad49f214415ecb86dbae1bf26e9e04356331cda6849964119e50ea483900fa6
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk.kroput
binary
MD5: b2c29121034905be8fd48243364dc7f1
SHA256: 718a8f4278744b042efaafb4e7a375c209a57462c8ba5354cb2ba68315b7e514
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\DESKTOP.INI
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CCLEANER\CCLEANER HOMEPAGE.URL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CCLEANER\CCLEANER.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk.kroput
binary
MD5: 882d42f888c54ebf34a9afe6568f618f
SHA256: 274c0ff7718c32d0e7861497c24ed1231584d36d660445c672e682e78407f9f9
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.kroput
binary
MD5: aaa4fb63f62eb4ec6f00592f9e3130ad
SHA256: 1c1b57a83a3b644ed5fe87e626adbe9c6a43482df80beeaa5d6fc5609939dc43
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.kroput
binary
MD5: d51ce10d514d2d4fd2adca7eb17cef0a
SHA256: a55866fe9df59ec76355be6816434f246fedc503a1e67f9357bc689ea22f6439
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ADMINISTRATIVE TOOLS\WINDOWS POWERSHELL MODULES.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ADMINISTRATIVE TOOLS\WINDOWS FIREWALL WITH ADVANCED SECURITY.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ADMINISTRATIVE TOOLS\TASK SCHEDULER.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.kroput
binary
MD5: 683b45e849d763c9089eaf1f25044937
SHA256: 804db4ae12ed332bf5c0722612583ac84676ea8c58a638d1515bc1acfcd00b95
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk.kroput
binary
MD5: 215c778f96b30867d1c2f7e496f18856
SHA256: 0205f5807705d82980163bb037a89fd670489c552bf5685f73e0d7f4c4351fa1
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.kroput
binary
MD5: dd5198a831ff1f4a789c9f14314c5a30
SHA256: 1525fba3e91685f179efa0b7891a603fa830b2388ef2c68d9b52509c3ce21cdb
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk.kroput
binary
MD5: f52ad24018b574294c85537c4e3f3321
SHA256: 39376eaea89f68089e11209d91b1100a83b4c7c40e60a01b78ee9bb678b6e0d5
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.kroput
binary
MD5: b900853b43a0a91df4a27b6455e3faaa
SHA256: 3bd6ed6c1357da22e5ab7cf7183c949dacd46bd767c3c3fb450cfccddb826101
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ADMINISTRATIVE TOOLS\PERFORMANCE MONITOR.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ADMINISTRATIVE TOOLS\MEMORY DIAGNOSTICS TOOL.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ADMINISTRATIVE TOOLS\SECURITY CONFIGURATION MANAGEMENT.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ADMINISTRATIVE TOOLS\SERVICES.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ADMINISTRATIVE TOOLS\SYSTEM CONFIGURATION.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ADMINISTRATIVE TOOLS\PRINT MANAGEMENT.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.kroput
binary
MD5: 87c0895b7e0d2de077b521d5318e63c2
SHA256: 1883f93dc1238db05c2f169c99e0c90eb495d3742118aa85cc765d9767d64574
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ADMINISTRATIVE TOOLS\ISCSI INITIATOR.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini.kroput
txt
MD5: 831a61daf787822f615f7b5f1ec5b720
SHA256: d627a6f64010933e0c82db34595bc59ac8ca9d562e45194b9742a8bd166330e9
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.kroput
binary
MD5: db872003c991a72893bd89b7d3ea55be
SHA256: cdd409a6790aa75132d7b9ac63160cde17d8affc83fc2f1d85f16d654900a6c9
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk.kroput
binary
MD5: c1d63d03ad6f967ce0c6ac580ec601ba
SHA256: 8e9844ffbce05f2f358e4ac90fb48279af4ec73f16e08f5a2e969c1ce4246f3a
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ADMINISTRATIVE TOOLS\EVENT VIEWER.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ADMINISTRATIVE TOOLS\DESKTOP.INI
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk.kroput
binary
MD5: 5386083a46fa7d8f280c25dd92619935
SHA256: 548f8f5f7c315bff9734588034c456c6e248fb1460b0b7c00c876350c62a96ab
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk.kroput
binary
MD5: 8b1d0ed1acb2b8fdc0a34155e4556c09
SHA256: 71465f9ac3fc66d05e2d2a6152a8ff126569ccb1f52da07f68941d0fee76a1e3
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk.kroput
binary
MD5: 1468eeb7316c7bcef5c36fea06435ac6
SHA256: 8e11694100ab46f6ec1a644442b94461f22cc4a0ad35a63de705772cdb6a0540
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk.kroput
binary
MD5: c4b73867b1999f9bedb89146d3611958
SHA256: 1cfe83c9bf2e6c5d2aafb403e6f596a3303ec92cbb8cf7e9108b396e6d2bdecd
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk.kroput
binary
MD5: 9aeb8b11570e4a3ba98510abf33542c1
SHA256: ecf9d1cf2901bd3d8b54600ed5e52d44bbf4a60d1e04e0cb9fc277cafac496d4
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ADMINISTRATIVE TOOLS\COMPONENT SERVICES.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ADMINISTRATIVE TOOLS\COMPUTER MANAGEMENT.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\WINDOWS POWERSHELL\WINDOWS POWERSHELL.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACROBAT READER DC.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\WORDPAD.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ADMINISTRATIVE TOOLS\DATA SOURCES (ODBC).LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini.kroput
ini
MD5: d1e7abdfc2b1e7e957443c553e1df01d
SHA256: 9e96361300fb52bfc56b5b773446a152480c7822ffe36fd08685d50d5ca32451
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.kroput
binary
MD5: 96e640e639456d9b9718743f8fbd01bb
SHA256: 221c04df46807acd7ef1cd478d05b8eca1c915f9e165644c9d2257287e47fa3b
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk.kroput
binary
MD5: 919c7314953829794ce6035fa0a67714
SHA256: 17cd9a47b6e8055c6ea9d01b3a73a530bdabc6b1ec8380a29cf73da721502692
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk.kroput
binary
MD5: 38b80ef44acb130ea8aee15f76786c25
SHA256: ccf69b51253ccf1ae3725bf8a27fd368b8f5017f32b890b6c7d160ce3e0e314e
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk.kroput
binary
MD5: f7a65d89b9a81ffdf84eccd9e7258f48
SHA256: 0beac7bbcc0f1fa9454e5bd0be7f3cf930fd7d6c56b85cac496363ccff25ba12
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk.kroput
binary
MD5: eb30c6df0be44a797b4b5ec3ac2b4032
SHA256: bbfaf7c10d1a0ccfdc0fe79717663ecbf6abbec2041bf52f1714bca302968775
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.kroput
ini
MD5: 008550b14d32a16736b5d46ba1b343e9
SHA256: 36e3adb6c9aa04e4aae7000049fcca2d3942dfaf1eb54e6d435754ad21a25575
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk.kroput
binary
MD5: 412ee019dd2b3b930009e410efb20bfc
SHA256: 480a7f46b4c20e45b8241f1343e2dc09788b7ed83a0722a6d388c39f5dd59823
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk.kroput
binary
MD5: d5e15f0829d994031831ae09810e44fa
SHA256: d98060e977065d3dc0b2584a2c0df8f30634f219596e561759c1b219e94f06c6
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\TABLET PC\WINDOWS JOURNAL.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\TABLET PC\SHAPECOLLECTOR.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\SYSTEM TOOLS\WINDOWS EASY TRANSFER REPORTS.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\WELCOME CENTER.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\SYSTEM TOOLS\WINDOWS EASY TRANSFER.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\TABLET PC\TABTIP.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\WINDOWS POWERSHELL\WINDOWS POWERSHELL ISE.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\WINDOWS POWERSHELL\DESKTOP.INI
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\TABLET PC\DESKTOP.INI
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk.kroput
binary
MD5: 7b42e799fe0bc12ac271a47ec0998608
SHA256: 14b968f786cf2205cae138b4e382b445fe9a7a63a49ef6da94d5db85d54c445c
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk.kroput
binary
MD5: dc2a2692b963b9753c80dee6eac6d066
SHA256: dd1638a8d00a041363da57d7af2623a4a8160d30c02dd2589513bb692085fac6
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk.kroput
binary
MD5: 7ce66c47f9d35c39dd738d386e00f923
SHA256: d6274e3ddabc503ff0e31a19d810509e5f32a6412d92187f2ad9483b212bd8ba
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk.kroput
binary
MD5: 30027632f17964cbe52f69d3f46774d0
SHA256: c3b32aefb39eca3be6ef572a3f1a3402343d6877a0de33ab71a8618f92787eec
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk.kroput
binary
MD5: 6e755e158ab74137f2debbee479910c6
SHA256: e269c290b881ef5a8f8d0fc1d10b84af6de28774d41f596af7269420d39dd110
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk.kroput
binary
MD5: 161474972aab58421c26ffcb8ad0409d
SHA256: 0bb154de1a11d42da42647d4ed6fbfc423e1ddbabb43bed899ce4cc689d55dd9
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\SYSTEM TOOLS\DFRGUI.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\SYSTEM TOOLS\RESOURCE MONITOR.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\SYSTEM TOOLS\SYSTEM RESTORE.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\SYSTEM TOOLS\TASK SCHEDULER.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\SYSTEM TOOLS\DISK CLEANUP.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\SYSTEM TOOLS\SYSTEM INFORMATION.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk.kroput
binary
MD5: c040e248c3fe27427a16fcec61fd554d
SHA256: 4970e0a6842bc916a1270eef05b30d7bd6634247779e9f9f8e15750bee283fd7
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk.kroput
binary
MD5: f850f6d1f19473fd20c130479afe4913
SHA256: fc2e3e9316f9ad0d768f375881b5e425d108fb7d8057e8e448f081e08928d3da
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk.kroput
binary
MD5: 142388ab71a065ae03be49d8e76513f7
SHA256: 23b11731a767e2243cde66aa2bc9f92f4eef9e39b2033f4c7ff2e29e812b98cf
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk.kroput
binary
MD5: 257bb039a77eed9c85994693a4be457d
SHA256: 6ca762b5d5281ff0d592848d02948a4339dc214fbc0d3322f60319bcf1780335
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.kroput
binary
MD5: eb24f37f9909592c41e352766a8eb801
SHA256: 2779e4d8c12df308dca9d7a5fef73144f7fe68f327cb1055d5704caa4d48831e
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini.kroput
text
MD5: e7584cbb158c3ba5d26d32a8951eac43
SHA256: 817d63b18731961a6432aa547e5e44f2e2290c542e2a7c180e245d56d7f7c01d
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\SYSTEM TOOLS\CHARACTER MAP.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\SOUND RECORDER.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\SYNC CENTER.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\SYSTEM TOOLS\DESKTOP.INI
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\STICKY NOTES.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\SNIPPING TOOL.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk.kroput
binary
MD5: 65e8e74e348fd37c113286ce480d1639
SHA256: f2822d52d763444f3e667d5959a482c50ec1769e77b3391654863d6e4bee5362
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk.kroput
binary
MD5: 0915149c60aaf362896e4de9df633d6a
SHA256: 8e589b8196196e2bcd9783a1b4a7eb79edf235008cd8d60a8555c5433953aaa4
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk.kroput
binary
MD5: fac6e701f0a91e044a8be5b868ceef3b
SHA256: c669c37254b4226ef007725c6d5b13c6531db7a9e18bf8a644312cf76c724e2d
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.kroput
binary
MD5: 39eb19997f2bfc14afb56966f5d67e7f
SHA256: e79ac143000e469f80e04dd7908293ac911124592e00a5d3cd36ff704351cb4e
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk.kroput
binary
MD5: 5aa8c28b2e122e2ab57082f124ff49ce
SHA256: c91b1a6010c2285e63617f9d066486ddde3ae05421fcb2c4f61f9f13c087c1b5
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk.kroput
binary
MD5: 3e8c7f90c939f79303b62386a1f5a422
SHA256: fbc6c92678aec1df6bf0adbc6950b97e1f37ecd520b5306e36c55d19e88f2e66
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\MATH INPUT PANEL.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\MOBILITY CENTER.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\REMOTE DESKTOP CONNECTION.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\NETWORKPROJECTION.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\PAINT.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\DISPLAYSWITCH.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Ringtones\Ringtone 10.wma.kroput
binary
MD5: 91275c7803a134e8d53d01cb5ea231bd
SHA256: 867eecba08e065783168b6c36cc28efb07377a56a607dc20d550f12144c21ceb
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini.kroput
text
MD5: 18b2a673e8508249403f3148490e7f44
SHA256: 55ce7fb316928e53d1a6d29de0c3a6b4b9877f81d6b17a4e9d6f9b895bbb160e
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\desktop.ini.kroput
text
MD5: dd6c4b8838515330c20305c0d0544f93
SHA256: 72979f2d57a20e973bc452a7a9bafd0d16cdd1b239017a4775fb1f8048931f48
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk.kroput
binary
MD5: 6d865b442d5fb547aa08e487f67d3514
SHA256: 89ed92c11222ea5ad0f43049b1974c4da248ad0e8e7fc7b748fd5af34f27d94f
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk.kroput
binary
MD5: 0a4ae985fab2c73c34048d1144ab5f0f
SHA256: a63ef469226681602269b7d68757b56abe281665b676158c3e5db7e829848650
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini.kroput
txt
MD5: f5138d36367a0204edb6e1c92706607e
SHA256: 52530d96ad0c70b201a14a06a5edff96c3de3a9e4c22e1fde5d9bb5398bdc39e
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Start Menu\Default Programs.lnk.kroput
binary
MD5: 7e67688f0e605800f288ab4847c1000e
SHA256: e530a751364bfd1b0ad5bc29e35a44e9683cdac95d056eab92de3e7bad36b874
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\CALCULATOR.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\DESKTOP.INI
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\DESKTOP.INI
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\ACCESSIBILITY\DESKTOP.INI
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\DEFAULT PROGRAMS.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\ACCESSIBILITY\SPEECH RECOGNITION.LNK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Ringtones\Ringtone 08.wma.kroput
binary
MD5: 089dafe14427d8c8671509c87967a487
SHA256: 1deaa2dffd7caad75f9fe02af0f5d1a91a123618e0bf379fc3271d400669440d
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Ringtones\Ringtone 09.wma.kroput
binary
MD5: e71cc818a83634294a4dc6490bbad699
SHA256: 95e2db2158d511c8cd332510c3f7289b9a658d66d0231596c71e62f6121f383f
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Ringtones\Ringtone 06.wma.kroput
binary
MD5: f0b650b032706cc9f832b974aa277c5f
SHA256: f4244ec1c7d49b4b5a29fb485d9e89e7d5a658a4edfba07d054c28175905e113
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Ringtones\Ringtone 07.wma.kroput
binary
MD5: cd8ac869ba2cb8bc53c0c42e17a7bd31
SHA256: 7b44f904f76905ae1874adc8120733a0abe56a4a28c767e264e161c779cc5078
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\RINGTONES\RINGTONE 08.WMA
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\RINGTONES\RINGTONE 06.WMA
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\RINGTONES\RINGTONE 07.WMA
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\RINGTONES\RINGTONE 10.WMA
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\RINGTONES\RINGTONE 09.WMA
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Ringtones\Ringtone 05.wma.kroput
binary
MD5: 82327cc859f663cd901dcb37f62855b4
SHA256: 6275c82cf1f17414feb6d750d935a36e203baa6c5597d8b97fadcc915c7139fe
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Ringtones\Ringtone 03.wma.kroput
binary
MD5: 4f6d5c50801bd38a0ec03c9208d9451b
SHA256: 7d2d3d81d808033722c791e5d90a03635836851147f19df566f5d354958a2ca8
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Ringtones\Ringtone 02.wma.kroput
binary
MD5: 26609462077e2133c52171de4db7e1e7
SHA256: 40ef3c0ee3426b2d7dbc9131ea237bc04692f7efbcc24acdf98da1be485de169
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Ringtones\Ringtone 04.wma.kroput
binary
MD5: ff6c5fbdb4d590bbfcf4353a67293764
SHA256: e5c01975be81892c0e60d4da0419de223b2b42a49ac9dd739b3f61bdf939558f
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\RINGTONES\RINGTONE 03.WMA
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\RINGTONES\RINGTONE 05.WMA
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\RINGTONES\RINGTONE 04.WMA
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\RINGTONES\RINGTONE 02.WMA
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Ringtones\Ringtone 01.wma.kroput
binary
MD5: 48c23dd2ae897a6cec8103698f64190c
SHA256: b766c34c94c7d4968d4fea9422dc00b8fba921390ccc146424dc3a759519a536
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\RINGTONES\RINGTONE 01.WMA
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Ringtones\desktop.ini.kroput
ini
MD5: 3d995cf91c5440a05827aba608d77a87
SHA256: 20e03c0b7d1458d792564c5141cb5b24deca8720adaa13d950a8cb31b1ff77f5
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Power Efficiency Diagnostics\energy-trace.etl.kroput
mpg
MD5: a944e78d89ec21b29fb963931ded7f3a
SHA256: c3f61e70bbcf332e1f27adb37623cb804b64e057e7f18185c4ba2c8c84a3a710
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\RINGTONES\DESKTOP.INI
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Power Efficiency Diagnostics\energy-report.html.kroput
txt
MD5: 1eb0f737cc0885d6ba8c554ffa1d7046
SHA256: 325dee2a88f3a6bb9311fa008a32b5c35a6d078cffb796eeb6b5e2a5a58037cb
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-latest.xml.kroput
txt
MD5: b23d92d54018734c3c6094dc9a9650c9
SHA256: e32512d314175f12d7ea8a7fde85bf2c63c4f1597216e51efe7b9544818b2e40
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\POWER EFFICIENCY DIAGNOSTICS\ENERGY-REPORT.HTML
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\POWER EFFICIENCY DIAGNOSTICS\ENERGY-TRACE.ETL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-2018-03-01.xml.kroput
txt
MD5: b23d92d54018734c3c6094dc9a9650c9
SHA256: e32512d314175f12d7ea8a7fde85bf2c63c4f1597216e51efe7b9544818b2e40
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\POWER EFFICIENCY DIAGNOSTICS\ENERGY-REPORT-LATEST.XML
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\POWER EFFICIENCY DIAGNOSTICS\ENERGY-REPORT-2018-03-01.XML
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Power Efficiency Diagnostics\energy-ntkl.etl.kroput
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\POWER EFFICIENCY DIAGNOSTICS\ENERGY-NTKL.ETL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000008.db.kroput
binary
MD5: 9b0f844ed1f70492ac045c324fe7fc57
SHA256: a9d178f918f60105bfa1ad612ce3acfff5e0ef71b078e61f786707fecbd6a35f
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db.kroput
binary
MD5: f5f8f312abc72576a2adf74d31f37828
SHA256: 765b23342423baf408fd5e2770a6328dec79377e5db663250d5019a8ed5e7721
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000007.db.kroput
binary
MD5: f74e373efc903d4d0c289155bac46bfe
SHA256: f052ac7a7317246765a405427ae4e7ff8087c81dd6f41f786d5e889339f33218
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Caches\{7CD55808-3D38-4DD5-90C9-62F0E6EE60D4}.2.ver0x0000000000000001.db.kroput
binary
MD5: 50268fcdee88811341913cf09c0c1d7f
SHA256: 00ead7de5881fbd4a89e8a39044542d58dccc71ae89c60aeaf5c249f04417505
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Caches\{F3F7B506-0FB0-4600-9D05-11E09ABCA102}.2.ver0x0000000000000001.db.kroput
binary
MD5: cde6cc75c7fa51e6aea8753b07b587e6
SHA256: ea04791c0472203465909ecb21d5307e1e62fc68bc66b0d8ed1646996dd1d8e0
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\CACHES\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.VER0X0000000000000002.DB
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\CACHES\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.VER0X0000000000000007.DB
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\CACHES\{7CD55808-3D38-4DD5-90C9-62F0E6EE60D4}.2.VER0X0000000000000001.DB
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\CACHES\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.VER0X0000000000000008.DB
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\CACHES\{F3F7B506-0FB0-4600-9D05-11E09ABCA102}.2.VER0X0000000000000001.DB
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Caches\{67D69890-D853-4011-A87E-AA64FA83CE5A}.2.ver0x0000000000000002.db.kroput
binary
MD5: e3c43a9472115fedaaf0ee3f1d17ee4e
SHA256: fb0da6c37fdc43faf857c0b56b8b6cdf74a033fb528558f8d76130faeea9135f
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.kroput
binary
MD5: a961b9fe28aab4e42f09de52ab23699a
SHA256: fb6c2b9c55c0bdb7bf363a48128cb356cb6ab6e9219cac4e57daaed13b0425df
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Windows\Caches\cversions.2.db.kroput
binary
MD5: dbf89112f05eddc66f1acc56498bac88
SHA256: 46935f4987e72864cc443fbe280700b86740af8c7fe509d91fd11014a88350d4
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\CACHES\{67D69890-D853-4011-A87E-AA64FA83CE5A}.2.VER0X0000000000000002.DB
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\WINDOWS\CACHES\CVERSIONS.2.DB
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\VAULT\AC658CB4-9126-49BD-B877-31EEDAB3F204\POLICY.VPOL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\User Account Pictures\user.bmp.kroput
image
MD5: af4dd3fbd38fdbe3ce003a0386b7e9ef
SHA256: edfaa105aaa156c312e83d07d4d2819fff00e1c5ab30c53a07a83df54a6a0c6f
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\User Account Pictures\guest.bmp.kroput
image
MD5: 62d0f3aec66b4c97bcf45c6c0d42f9a3
SHA256: 280b519f2e968ab41908de1d8a9a4cb943722452d3bba5d8315054abd2a7314a
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.kroput
binary
MD5: 761538d934d049caea2e252df6afa007
SHA256: 415780e90c0a1bad19ceb85d072a4a689b14ee084ab064ab3135c085db7fa93c
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.kroput
binary
MD5: efae344aca62e43a875fbef42d6181be
SHA256: c6ef1d08b8edc879aba094a2f31b27887bf0993409555d72b3809578f42393ef
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\USER ACCOUNT PICTURES\USER.BMP
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\VAULT\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.VSCH
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\VAULT\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.VSCH
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\USER ACCOUNT PICTURES\GUEST.BMP
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002.kroput
binary
MD5: 465e64d95b5a44c31f7ceae9449dfd4f
SHA256: 624042af0c611858cfd98a2b579e0dd777dcd334fe2890bec9b3c93530c2aa39
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001.kroput
binary
MD5: 465e64d95b5a44c31f7ceae9449dfd4f
SHA256: 624042af0c611858cfd98a2b579e0dd777dcd334fe2890bec9b3c93530c2aa39
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\PROJECTS\SYSTEMINDEX\SECSTORE\CIST0000.002
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\User Account Pictures\Administrator.dat.kroput
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\User Account Pictures\admin.dat.kroput
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\PROJECTS\SYSTEMINDEX\SECSTORE\CIST0000.001
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.001.kroput
binary
MD5: 95961bd0a9bb55ef3d798bda3f0c1644
SHA256: 427bba3b5f4c75a3a66f5bb3b65b67e198aea72da7eccfd435550831f8907658
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\SETTINGS.DIA.kroput
binary
MD5: 4352d88a78aa39750bf70cd6f27bcaa5
SHA256: 67abdd721024f0ff4e0b3f4c2fc13bc5bad42d0b7851d456d88d203d15aaa450
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002.kroput
binary
MD5: 95961bd0a9bb55ef3d798bda3f0c1644
SHA256: 427bba3b5f4c75a3a66f5bb3b65b67e198aea72da7eccfd435550831f8907658
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002.kroput
binary
MD5: 209b363fe6e2c86495d20fb0cd065c6f
SHA256: 937c576c74576b83c2d95c85247fb1a4db0c371bfc92769fbc805fbb646a82dc
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001.kroput
binary
MD5: 209b363fe6e2c86495d20fb0cd065c6f
SHA256: 937c576c74576b83c2d95c85247fb1a4db0c371bfc92769fbc805fbb646a82dc
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\PROJECTS\SYSTEMINDEX\INDEXER\CIFILES\INDEX.002
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\PROJECTS\SYSTEMINDEX\PROPMAP\CIPT0000.002
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\PROJECTS\SYSTEMINDEX\PROPMAP\CIPT0000.001
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.002.kroput
binary
MD5: d1345be92aadf1c02f46a7f8d5365805
SHA256: c20ed81e2396fe5e0e7f025db41cf7ad13e82bef7a78f39ddf52360f0a55781c
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.000.kroput
binary
MD5: 01d01d01932ce8af2e4ddaa9ad46296c
SHA256: 1e10a65cc4eaeba41dceb166755636080d080a9aa08c721cf15a8e1ee44160ad
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.001.kroput
binary
MD5: d1345be92aadf1c02f46a7f8d5365805
SHA256: c20ed81e2396fe5e0e7f025db41cf7ad13e82bef7a78f39ddf52360f0a55781c
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.001.kroput
binary
MD5: 7965ba4e999d89a1962d05698092dd5b
SHA256: 0a2e8de6d321d2d4d626e61e7e0f256625a1dc6abdb01460c77c9b2c2ef714c6
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.002.kroput
binary
MD5: 7965ba4e999d89a1962d05698092dd5b
SHA256: 0a2e8de6d321d2d4d626e61e7e0f256625a1dc6abdb01460c77c9b2c2ef714c6
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\PROJECTS\SYSTEMINDEX\INDEXER\CIFILES\CIAD0001.002
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\PROJECTS\SYSTEMINDEX\INDEXER\CIFILES\INDEX.001
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\PROJECTS\SYSTEMINDEX\INDEXER\CIFILES\CIAB0002.002
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\PROJECTS\SYSTEMINDEX\INDEXER\CIFILES\CIAD0001.001
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\PROJECTS\SYSTEMINDEX\INDEXER\CIFILES\CIAD0001.000
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\PROJECTS\SYSTEMINDEX\INDEXER\CIFILES\0001000B.DIR
binary
MD5: 46de03e23a76991e4aafa7e36a8df4d0
SHA256: 19b1767cc45ba041c40aca711879074148a0b036dacce64ada547d1c21dd8c3b
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.001.kroput
binary
MD5: 7fa09a81f0821e8ef12937ccaa05f95f
SHA256: ed002deb010904839d79d2ea7361766b84e2fe6f20372c2e1938671e301ad236
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.000.kroput
binary
MD5: 01d01d01932ce8af2e4ddaa9ad46296c
SHA256: 1e10a65cc4eaeba41dceb166755636080d080a9aa08c721cf15a8e1ee44160ad
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\PROJECTS\SYSTEMINDEX\INDEXER\CIFILES\0001000B.CI
binary
MD5: 33c124f08b40f4beac22231b7e877cfa
SHA256: 4d5c6a5c0aea47d0a9c0a4b23f78dda13da39c2df8ad87315c71738535a23c1f
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.002.kroput
binary
MD5: 7fa09a81f0821e8ef12937ccaa05f95f
SHA256: ed002deb010904839d79d2ea7361766b84e2fe6f20372c2e1938671e301ad236
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.000.kroput
binary
MD5: 873e52de4c22b91304713d9e15a5624d
SHA256: fc8bc3b830ebb302bb1e6d5e9eae1af6064b8416e4a5596343d7c9bc45679776
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\PROJECTS\SYSTEMINDEX\INDEXER\CIFILES\CIAB0002.000
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\PROJECTS\SYSTEMINDEX\INDEXER\CIFILES\CIAB0001.002
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\PROJECTS\SYSTEMINDEX\INDEXER\CIFILES\CIAB0002.001
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\PROJECTS\SYSTEMINDEX\INDEXER\CIFILES\CIAB0001.001
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\PROJECTS\SYSTEMINDEX\INDEXER\CIFILES\CIAB0001.000
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\PROJECTS\SYSTEMINDEX\INDEXER\CIFILES\00010003.DIR
binary
MD5: 0adc59fe0b852b08e256db7ecd90a0a8
SHA256: 9ed3efd55b556cacd3b65ac344f7c904e29e24cad15e644a2ed558ddf7c9d7ae
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrs.kroput
binary
MD5: 8f2d53519b9f296c23e22a239b746c61
SHA256: a6a66ad3c67fb34e6dbcdfcd63f1a7cb3dc1b75369474dfeea76e1dde46f22ad
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\PROJECTS\SYSTEMINDEX\INDEXER\CIFILES\00010001.DIR
binary
MD5: 0adc59fe0b852b08e256db7ecd90a0a8
SHA256: 9ed3efd55b556cacd3b65ac344f7c904e29e24cad15e644a2ed558ddf7c9d7ae
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\PROJECTS\SYSTEMINDEX\INDEXER\CIFILES\00010002.CI
binary
MD5: b68ec012240b8ea1997ff82de70ffa58
SHA256: 1942dee45129fbfbd70745d6df9e52cf8efdf86d9ad2cb366ba34eb799a1a45e
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\PROJECTS\SYSTEMINDEX\INDEXER\CIFILES\00010003.CI
binary
MD5: b68ec012240b8ea1997ff82de70ffa58
SHA256: 1942dee45129fbfbd70745d6df9e52cf8efdf86d9ad2cb366ba34eb799a1a45e
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\PROJECTS\SYSTEMINDEX\INDEXER\CIFILES\00010001.CI
binary
MD5: b68ec012240b8ea1997ff82de70ffa58
SHA256: 1942dee45129fbfbd70745d6df9e52cf8efdf86d9ad2cb366ba34eb799a1a45e
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\PROJECTS\SYSTEMINDEX\INDEXER\CIFILES\00010002.DIR
binary
MD5: 0adc59fe0b852b08e256db7ecd90a0a8
SHA256: 9ed3efd55b556cacd3b65ac344f7c904e29e24cad15e644a2ed558ddf7c9d7ae
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\MSSRES00002.JRS
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs.kroput
binary
MD5: 8f2d53519b9f296c23e22a239b746c61
SHA256: a6a66ad3c67fb34e6dbcdfcd63f1a7cb3dc1b75369474dfeea76e1dde46f22ad
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSS.chk.kroput
binary
MD5: 3b7e29ea3b9813c01e0d19adc0f08fa4
SHA256: c9a9e57ec0f442462a4dce0c0dc004d0945b0033d73af6fce4df4c18fe0311a5
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.3.Crwl.kroput
text
MD5: 56de09beb36d81fba06ef9d1e5c5ae76
SHA256: 46b8ba2e4b51b19e324fe89f51ef338a4eec7e003d706aa4456f06af4302a651
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.3.gthr.kroput
txt
MD5: 1ffd9327a6a0d8ec8e39383c9b7ce194
SHA256: d4489514edf0c483d2f9316126296325aedfef5648498ae9efe069c640a60ee1
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\MSSRES00001.JRS
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\MSS.CHK
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\GATHERLOGS\SYSTEMINDEX\SYSTEMINDEX.3.CRWL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\GATHERLOGS\SYSTEMINDEX\SYSTEMINDEX.3.GTHR
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl.kroput
txt
MD5: 1bc2ce478b1b25864b2113d280f9cbda
SHA256: 7b3fe520b88db470a55a51b082c724336b9a5f9629aa85c43fcd1e0ba638f738
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.Crwl.kroput
text
MD5: 073f8fb1620a61239e3e55b31dc38236
SHA256: c5e1c67a7cdd7a0c709e9b2e20e13a7eda2d31042a6757497d27ddc1833ca9cf
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.gthr.kroput
text
MD5: 89a9f1cd1163ba0e1694b6fe74f8b476
SHA256: a85b0fb8fb6658622eee3b3bba6d487ebddd330ee80f6770083cd4d87d6a92ea
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr.kroput
txt
MD5: 42fd3bce87a94237543491d8d439adb7
SHA256: 1efb9d8784078100a1e18f8784506011eb16d87175a187ee4d9242dc67c71164
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat.kroput
binary
MD5: 37eb7fafee03ffc9f90d270651b1e5ca
SHA256: 1915de17cab9cd9b8491da89d9dd1165fc92f385b338692dd4bbb69abbbc2e61
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\RAC\StateData\RacWmiEventData.dat.kroput
binary
MD5: 8fb9a096cbf87744daae00f306536d40
SHA256: 32e7614b71e8770cbe8444aa3ccc3a54f320ed5e51f859bb727edf9e9f951448
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\GATHERLOGS\SYSTEMINDEX\SYSTEMINDEX.2.GTHR
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\RAC\STATEDATA\RACWMIEVENTDATA.DAT
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\RAC\STATEDATA\RACWMIDATABOOKMARKS.DAT
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\GATHERLOGS\SYSTEMINDEX\SYSTEMINDEX.2.CRWL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\GATHERLOGS\SYSTEMINDEX\SYSTEMINDEX.1.GTHR
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\GATHERLOGS\SYSTEMINDEX\SYSTEMINDEX.1.CRWL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\RAC\StateData\RacDatabase.sdf.kroput
binary
MD5: 17d3f7014054fa8522a549078840108c
SHA256: ae00c570edd6e790e41d26b126eca6db72ab4b9edd1eb4d9f05aaa9d822ddc4b
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\RAC\StateData\RacMetaData.dat.kroput
binary
MD5: 4a94fff5ecf4d736d4642a02d5a5b303
SHA256: c65621a8fd59a2a75ff80299f766fbee83fb386122b66a23478d90ddfc2551d8
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf.kroput
binary
MD5: 261480481d95f118379e365cbc99a388
SHA256: f933459d3fbe025992f967cba9e4a690a71a129f765c9f075c37c17d262a9fb3
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\RAC\STATEDATA\RACMETADATA.DAT
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\RAC\STATEDATA\RACDATABASE.SDF
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\RAC\PUBLISHEDDATA\RACWMIDATABASE.SDF
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICESOFTWAREPROTECTIONPLATFORM\TOKENS.DAT
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat.kroput
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat.kroput
binary
MD5: c241b87a115cc29b688c5369c9757306
SHA256: e3da32afe95e2bda979bcdef50e4cbb7b9abe7cf49d0e3a6c3be55c2243a0efe
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICESOFTWAREPROTECTIONPLATFORM\CACHE\CACHE.DAT
––
MD5:  ––
SHA256:  ––
3080
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\geo[1].json
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\desktop.ini.kroput
text
MD5: bdae7bbf998e34b96e6b799f4ea4452c
SHA256: e0d517ab9fea408bf2163ba8fcb05cabf86838f06ba38f77c823fa4704480f35
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\3082\XLSLICER.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\3082\XLINTL32.REST.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\desktop.ini
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms.kroput
binary
MD5: c13633a06e0896a269941f9826ab7465
SHA256: 22854093589b44dbca7a53dd5d78603fa37748407187d8ba465fa903b2fe6b62
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\3082\XLINTL32.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms.kroput
binary
MD5: 049b72103e53b1ebbe42c722d0cbfda1
SHA256: 1be46163c16ea88d24cf4c94ab98a79477e8fdc1b9a7ebd99544b3d8a502f45b
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\3082\WWINTL.REST.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\3082\WWINTL.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\NTUSER.DAT.LOG1.kroput
hiv
MD5: dcae297d93195ab659e56f93bc65aabb
SHA256: 199f5d96599b081a073de7fe966d2d2109f4be9ebb22cf203ba00f56fd4a7275
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\NTUSER.DAT.kroput
hiv
MD5: a3e5fe4c4b569878b8b5c7526fc33dca
SHA256: 50657c83e5804d03b27c79d5ae1524b05ca959879005c6b0dc89281a3c9d165c
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\3082\VISINTL.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\3082\VISBRRES.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\3082\STINTL.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf.kroput
binary
MD5: 9df99c7fefd091ccb929fa5390cbcb1f
SHA256: 83df6fd77a8eaf3771d66db318cfacdb7f0b4a4e1ccfca4b8a64243069dacf82
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\NTUSER.DAT.LOG.kroput
hiv
MD5: 6de31860d04af0d1cd6ec7f3ec364c9b
SHA256: 069ac5ecd15a9aba9b8356b6fb25627699a3be8846d13f4ddcd0865ec98e60ff
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\3082\SGRES.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\3082\PUBWZINT.REST.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\3082\PUB6INTL.REST.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\NTUSER.DAT.LOG2.kroput
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\NTUSER.DAT.LOG
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\NTUSER.DAT.LOG1
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk.kroput
binary
MD5: 1c3a518db9a7a091a02411941c5902ec
SHA256: 3f1a1aba55ed1140cfde943b483155e75b7f42fbb9b83163946722fafa7e113f
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\3082\PPINTL.REST.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\3082\PUB6INTL.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\3082\PPINTL.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\3082\OUTLWVW.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.kroput
text
MD5: 4c126960cbfd771185a6e056c90525b7
SHA256: ba010d9974e5826366c0862d0e76f79c59b9ccf3a12fa199d8e76affc325105c
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini.kroput
text
MD5: 0bfa9ba2e3bc689abb55f6e2e5cf8326
SHA256: 75b3c10067c725a1a75252b9efb1d6a0cbc72106ce6b469b16ee98247de139fd
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk.kroput
binary
MD5: 2da4d026c7ba900b3381de9dbbb33667
SHA256: aa0f013d1f5d7dabdbf555841c51045c8d50594767b44f279785772d0172f710
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\3082\OUTLLIBR.REST.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\3082\OUTLLIBR.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\3082\ONINTL.REST.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\3082\ONINTL.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk.kroput
binary
MD5: f6401e026592985a4c9cb0e0ed067e9f
SHA256: 36b5833b0c0cc8a529b37247c5eb77cc6bb4673c0fec676eecb0272cef33af99
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk.kroput
binary
MD5: 974e8482dfa34d5d253f589381a123fd
SHA256: 5c4250709a09ec3c04cffac488f62f913ab680053128d1aef6f1e0541e016c98
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\3082\OMSINTL.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\3082\MSOINTL.REST.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\3082\MSOINTL.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\3082\MOR6INT.REST.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\3082\MAPIR.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\3082\GRINTL32.REST.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\3082\GRINTL32.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\3082\ENVELOPR.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\NTUSER.DAT
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk.kroput
binary
MD5: d3ca4de5409cb505f6005cdcf4cc0b1d
SHA256: 496d8d5915fc197d177df55dd933aff71b914bc902e820baf748cca7a4bb57ce
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk.kroput
binary
MD5: ed0104b2fab00a057e0cd8dfbbd23ab2
SHA256: 08da174b74c334d776b15509f54ab7858ab6292aa9204b9f4e30dceb88ce4783
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk.kroput
binary
MD5: 98a4d72c87f51486dbd0cb5e5c8f4fbe
SHA256: 17c4186aa8906e63ef63ee445dc6ec14dc10f2f38de0027b0f7483c4125312ec
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\1036\XLSLICER.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\1036\XLINTL32.REST.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\1036\XLINTL32.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\1036\WWINTL.REST.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk.kroput
binary
MD5: 6c32000e359b11c80ba2b14142b0f071
SHA256: 5409e5fcf78a42df49b819166c91245a992378436fe047b2c52fc6348df5ddcb
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk.kroput
binary
MD5: ef6c97116af03641526eab91d9403d60
SHA256: 10f7a483cdb6d51d5e03ceed193bb7edfa69103bf531b082d83139cc0176688d
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\1036\WWINTL.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\1036\VISINTL.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk.kroput
binary
MD5: 8eb43d6bab3f3346cef4392263eb82b1
SHA256: d8e9f5a10d5db399655b1c4d6af8a5ca7fc09f3fac9fe4d6b6e1e897e516d05e
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk.kroput
binary
MD5: 8543d541f358113fa22eb1c2fa1d509f
SHA256: fa3f45a8b6840e7a60827d2627b146e2a3ebde0c4dd66e80a99a82fe8df6a9c7
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini.kroput
text
MD5: 1f11bc5a5be9d34f5d1f57b742cf30a9
SHA256: fe5e6bcbd939b1360c2713f2c2556a3797b6468376869a217f5c0668bbaf5686
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\1036\VISBRRES.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\1036\STINTL.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\1036\SGRES.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\1036\PUBWZINT.REST.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\1036\PUB6INTL.REST.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\1036\PUB6INTL.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\1036\PPINTL.REST.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink.kroput
text
MD5: 54bf0c30454a5513568297d8d5aad26d
SHA256: 63ef7db91492700fafcc6ab198ea5237a2fd17eb5b0a11f6cb4b2d6382bd333c
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\1036\PPINTL.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\1036\OUTLWVW.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\1036\OUTLLIBR.REST.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\1036\OUTLLIBR.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini.kroput
text
MD5: e27f047164e97b2b7a81687183ac1392
SHA256: d870fcef3ef35a5adb3df921e8fc95bd65fcf7b4f2dd2508bdb3009695a91327
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk.kroput
binary
MD5: 4ab1f9035696f7a4078bf36b56a1b41e
SHA256: 3489c1fd007c2308f1f13fd3be6ff4bf43b710607c9278b9dfc7a9ccdd4fedb9
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\1036\ONINTL.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\1036\ONINTL.REST.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\1036\OMSINTL.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Compressed (zipped) Folder.ZFSendToTarget.kroput
text
MD5: 963ab0bbea32f1f9d19afb00d08be14d
SHA256: 7bc88ebb6d01d4dd3ef364010b10f0bba125bcd23f901f0137cd55d7f3fd4563
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk.kroput
binary
MD5: b34c665202a935e772ba89ac8501b36e
SHA256: 0473aef334658fe3678013185491526dcfc4d6e4cff17f9e2e030f5d8d65d7f5
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Mail Recipient.MAPIMail.kroput
text
MD5: 4dfbb099eafd3c82e033bf92946d3ce6
SHA256: 07ed6ccf6bf6393d18684d1d4f774639d44c7d2d2895fd30491ccc50614ed4ea
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\1036\MSOINTL.REST.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\1036\MSOINTL.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\1036\MOR6INT.REST.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk.kroput
binary
MD5: 848085e459c315183167a1bdc2d94b33
SHA256: 7d22ffa82f111c81fea606a86ae2b93a8fedb9b8a74830c973b9eba749f34c18
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk.kroput
binary
MD5: d03cbda4bc04ac12f2d341bb39ee15d5
SHA256: d96283d2ba9e1f28dbe088faa317c1c3e16d8c0fba7c64a542255e4a5f3730c1
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini.kroput
text
MD5: 8a18706178dede07e99e8329fe35c77d
SHA256: 105b11e97e6776b88e24f82e1cf4620fdb36e9d517f0b081168ac7b5e27d2958
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\1036\MAPIR.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\1036\GRINTL32.REST.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\1036\GRINTL32.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\SharePointPortalSite.ico.kroput
mpg
MD5: 85c1656d6690200fbc0bf6382e5cc6fd
SHA256: 6669dc62bc763c1eb11dde54d25143464d7cbbbfc38174b26e3f852388f6bb28
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\MySite.ico.kroput
mpg
MD5: 06f9e771dc05ccd0693da444a2468b0c
SHA256: 6ac4344d3cd15eb48189d6771ccd6197b07b608551c9230428c3c5ceada18347
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\SharePointTeamSite.ico.kroput
mpg
MD5: cef9ab0ede03fe4ecb9bc5a1d83051fd
SHA256: 0dd74c487a4e5d01e07aa7b21c8eb7750af9bf75fe3de7054c719f57d95f1c85
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\SHAREPOINTTEAMSITE.ICO
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\SHAREPOINTPORTALSITE.ICO
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\MYSITE.ICO
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\UICAPTIONS\1036\ENVELOPR.DLL.TRX_DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\DocumentRepository.ico.kroput
mpg
MD5: 5d84fc572c76af9b5986a28467a61938
SHA256: e063d25195853dda1223bbf98104e059a4ebe53de779fefa9275197fa873b30e
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\MySharePoints.ico.kroput
mpg
MD5: 1a29aaff29bfdb7e65907788ec6fbc9d
SHA256: 9ffcd9b8d912880c16f0f980d7f80aa984e0aea91ceee4f594c5168afbdac211
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\MF\Pending.GRL.kroput
binary
MD5: 061bacc20e362185dcdccc0098e21c3a
SHA256: cb2bb5edf4f0a6d6732aca9121ab549e3aec714483adab122d540f2eb94b33cb
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\OFFICE\AssetLibrary.ico.kroput
mpg
MD5: fb6a2df6192e16c11d1f37f1a5082be5
SHA256: 5df1a01a111fb8371549731f5a65ead87178769854b8efac20b0735a9a0fa9ab
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\MYSHAREPOINTS.ICO
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\ASSETLIBRARY.ICO
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\OFFICE\DOCUMENTREPOSITORY.ICO
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\MF\PENDING.GRL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\MF\Active.GRL.kroput
binary
MD5: 061bacc20e362185dcdccc0098e21c3a
SHA256: cb2bb5edf4f0a6d6732aca9121ab549e3aec714483adab122d540f2eb94b33cb
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\IDENTITYCRL\PPCRLUI.DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\MF\ACTIVE.GRL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q.kroput
binary
MD5: e2ef534c6f176c22591cd052c48142cf
SHA256: f0f3a783a422003369616dd5b1c58696b120212a0a173f884fcab1d6e513ba1a
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\IDENTITYCRL\PPCRLCONFIG.DLL
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D.kroput
binary
MD5: b0cf5a4e4ef6561ea05b49118b1bf4a8
SHA256: 3285b9cc2bf6d5ebab18c212c59ec6b0bea308a145bd7aade9111d24263c99d8
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck.kroput
text
MD5: b485167c5b0e59d47009a16f90fe2659
SHA256: db44b8db4f05d720ef1a57abadeed0c164d47b17416c7dd7d136d8f10fba91c9
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H.kroput
binary
MD5: fcd178cd3555eabdf60287ba46d1bf71
SHA256: 553e624d0c78de03aeeede06d5dd479b093ea36ba25d2f8a08b1347f8bb7df9d
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\ASSISTANCE\CLIENT\1.0\EN-US\HELP_MVALIDATOR.H1D
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\ASSISTANCE\CLIENT\1.0\EN-US\HELP{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W.kroput
binary
MD5: c43e0320c0bd5d04d6975c8c3acbbd69
SHA256: 924804551a28477e2606874fd9041142fb07be20bedc5a57e25b3bda6fcf9d9c
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W.kroput
binary
MD5: 9f33fe57af8e40972c518e43cc6f6649
SHA256: 4a3169210c8703f76babc3f2a8f1475f94ed22c1661d3843509a3398b5d0818c
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\ASSISTANCE\CLIENT\1.0\EN-US\HELP_MTOC_HELP.H1H
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\ASSISTANCE\CLIENT\1.0\EN-US\HELP_MKWD_BESTBET.H1W
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\ASSISTANCE\CLIENT\1.0\EN-US\HELP_MKWD_ASSETID.H1W
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D.kroput
binary
MD5: c1808373aaa69c8e6a47e2cf45e57706
SHA256: b8efea1f2cae67f2bab9067d59d7e945e81a0cfe46cf27330a5f032347ae058b
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\ProgramData\MICROSOFT\ASSISTANCE\CLIENT\1.0\EN-US\HELP_CVALIDATOR.H1D
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Videos\desktop.ini.kroput
text
MD5: 12fdde351e4825617f1803fdc65f37b0
SHA256: 22cbc5c2e5d8566e0a32af10cd9be187a3214c3685e6ad60ef71e7b39df490d5
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Pictures\desktop.ini.kroput
text
MD5: 880115ad43443f61810a44cc3145fcf3
SHA256: 8b3de7449597e9c9c4ad30fae70628a9cb9620e0ca5ef6b8c958dbae5aac0ca9
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Saved Games\desktop.ini.kroput
text
MD5: aeb92c955b57f02ef98003b6132fd7b2
SHA256: fb8924d3b466fc4011e5bcb442b8294ffee3c57bf52cc4a766abb5f2791a063d
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Searches\desktop.ini.kroput
text
MD5: b14b344b56386749f7854cda4fbcb73f
SHA256: 7f301b68a33ed46998e6ca576437a8592192d84cae123ff6d9e7f5a1140c4d2b
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Videos\desktop.ini
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Saved Games\desktop.ini
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Searches\desktop.ini
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms.kroput
binary
MD5: c13633a06e0896a269941f9826ab7465
SHA256: 22854093589b44dbca7a53dd5d78603fa37748407187d8ba465fa903b2fe6b62
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms.kroput
binary
MD5: f8d85e900ab60ce4074c525775343a59
SHA256: 038a91f10b3faccd9e9d2af047b186e4004012ad823e8988863fd5ff5aa89993
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\ntuser.ini.kroput
text
MD5: ffca2a892e3b3dca4bc78a7a509749ed
SHA256: a789db0029b46029f4aff946c90dc760122876f30f9e6d907006498bc1d2ca32
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\ntuser.ini
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Pictures\desktop.ini
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf.kroput
binary
MD5: 2afc8c3996d099775fca5db8f2517d36
SHA256: ec8a3d5076389bdd56c51eff75306abbcc6eba8da5752bac33b507c0a68e93b4
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\ntuser.dat.LOG1.kroput
hiv
MD5: 7ff455c6459cb3f4939ccd589da8a079
SHA256: d5289ea38834b7c35405b11fa3d81b27fae39a8ae9397300b5afdd983fff6670
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\ntuser.dat.LOG2.kroput
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Music\desktop.ini.kroput
text
MD5: 22403e2e428b576a6a0673176d579d20
SHA256: e3c2c754dd5df01d8623433a1be3e0c1ec66f1c832d98dbb4eae93a2b1ba7852
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\NTUSER.DAT.kroput
hiv
MD5: ec2ec231e992c31dc835edc4e72e2bac
SHA256: 70446627cb0fefb05c2b32797b9a95c594a52786d6273d26a25dd71b1951a069
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\NTUSER.DAT
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\ntuser.dat.LOG1
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Links\Downloads.lnk.kroput
binary
MD5: aa54e5f6f13e5361eef50c194b7d4419
SHA256: a436a779832bc83e915046bb8df8088edf84de24c9f65a6aebc3c90e509b415e
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Links\Desktop.lnk.kroput
binary
MD5: bcfde6604fabc7a949502bcf0e712997
SHA256: 85a30c40fb5080a74767861e2f89b8e965c3c0de8ec2b7c86ce891e4169cf774
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Links\RecentPlaces.lnk.kroput
binary
MD5: aff197e5a4af5e21ec7ded0ac2450f65
SHA256: 51950977de0b0f9935e8357476ab3ea7b802f66ce6eb9da5612901bba64fe6ee
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Links\RecentPlaces.lnk
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Links\Desktop.lnk
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Links\Downloads.lnk
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Music\desktop.ini
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Mail.url.kroput
ini
MD5: c0ed0aa71b5b3eca77d706b84c84666e
SHA256: d00c7871410f9066df4e4489c5dca177003b3a1473a15fc3be5aad9c55b14b0a
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Gallery.url.kroput
ini
MD5: 84047851581f6f0f9bcb11ecd3cc9b81
SHA256: 64f790dba57d9ba38e57307ba8d4ec910f30930b454cf9f4a53a6a79dace22c4
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Links\desktop.ini.kroput
text
MD5: 9d9bb80d713f2812bde1f9a0c2d28603
SHA256: 77257f7f8c42c579f8ed7beec126ca9d726002afc11f6c371998765b7ce33c72
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Spaces.url.kroput
ini
MD5: c8a1ee4fcb8ea4fad6e38624b85b0fb1
SHA256: 3ecce565e8801182f9232b37f2713713a7f8af97664d3d25290741fb46578a62
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Links\desktop.ini
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Gallery.url
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Spaces.url
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Mail.url
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\Windows Live\Get Windows Live.url.kroput
ini
MD5: 15e463d1c2909e44df2964b3bbbdd70f
SHA256: 484e78b02e1db624dc15cfa754d1c86069e33a2ae3798dca1be6820698fc3d39
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\Windows Live\Get Windows Live.url
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Sports.url.kroput
ini
MD5: 3a90312693196615a59de0e5530cbc89
SHA256: b32da67b0ac242f154f265fb8137daf1359df9a5c35a6bded051c2156ce74c2d
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\MSN Websites\MSNBC News.url.kroput
ini
MD5: cc8a68f978f9ecbe98b4a3b85df4bfcf
SHA256: 0342c82fbac4ba68afeff25e220d597fc84071336c8dc289f8fd8546d772cdf3
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN.url.kroput
ini
MD5: 7ba8e22baa16af0cc87be8a3c8ff7a9f
SHA256: e047c1a0f40d49af6e54c07a11e6d6b20d5dbb96e3f86d878b3724d0f8257ce2
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\MSN Websites\MSNBC News.url
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Sports.url
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN.url
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Autos.url.kroput
ini
MD5: 0c12f650bbd19cb95dd06e98a7b115bd
SHA256: 6fe3ca605721d5abc5081246b5924973b03258eb9752f61268068e27dbec5929
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Entertainment.url.kroput
ini
MD5: f5fddccf230a660aba18a7e3d0b3efb1
SHA256: 0eac775e322da026eb5620d1f4b1c912553c8a1d7859f642d988a67ee13a68c1
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Money.url.kroput
ini
MD5: 1b043f960ca5cb92ed9c4020b72ac707
SHA256: 8b02a2f5351da30c9ee315305454dcaf39d0642e9c6376c6ae4e8d1dee738944
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Entertainment.url
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Money.url
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Autos.url
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Work.url.kroput
ini
MD5: f88ff6101a6d4061dea09cb42d83e7bc
SHA256: 1ecefd03fabdc22d03192f40948813051a85151422cb12bcf7264b8d237b1a90
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft Store.url.kroput
ini
MD5: eb0f7830508908d4bac87424bd66b79b
SHA256: b19644a0b6e22a28d4bb96cbc89619bca418ba3e28fd53210a76f6f76d5d8499
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Home.url.kroput
ini
MD5: 2fdf785354c92a12cc8b3494f28a3149
SHA256: 23d6718c45c825d8702cd86ea54a5a1315f726a408f054121385314666475bb9
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft Store.url
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Work.url
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\Microsoft Websites\IE Add-on site.url.kroput
ini
MD5: b397f8c28b656e741ec542bf8eae6d5d
SHA256: e30b255f137f236bb964562abf70dd38642fd6744c055e6871e1876bcc7286fa
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\Microsoft Websites\IE site on Microsoft.com.url.kroput
ini
MD5: 006ae9d4b53d2737d02bef4de259dc3c
SHA256: 4d5aa972941de92fdfe5c2ea395640d7b80e12220fa12679e7d4a86cc03fe711
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\Links for United States\GobiernoUSA.gov.url.kroput
ini
MD5: cd7e8c669a33db56ce134c4a4b95e8b5
SHA256: 76a0e31dbb9f1f1036462168c1ffab8d3386c519adf400f8d5af510fe989e9d8
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\Links for United States\USA.gov.url.kroput
ini
MD5: a815ec08b485a3e438aa01db546a8462
SHA256: 7a298598d8a17eb873e1c11c655afb1a461f5a53b6fb383b89741c9a34830635
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\Links for United States\GobiernoUSA.gov.url
––
MD5:  ––
SHA256:  ––
3096
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\geo[1].json
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\Microsoft Websites\IE site on Microsoft.com.url
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\Microsoft Websites\IE Add-on site.url
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Home.url
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\Links\Web Slice Gallery.url.kroput
ini
MD5: 29e2bb28747d70850f479d359f105a25
SHA256: 2153697198b74a05e141c9819707d9be5a76c4c27fc738dce0fd99ec0228d373
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\Links for United States\desktop.ini.kroput
ini
MD5: 4d2ec668d7de2041f3be971c74fa4d78
SHA256: c67552c85f54abb7d65921082eebe87929cd90b7cc1c64ff8225ff1d06d3f2a9
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\Links\desktop.ini.kroput
ini
MD5: 3d8116d13371e50f3db5b2792a6dcdb0
SHA256: 0e5a8e92472e27adc61ca15abe86ad4d64137ace6a59108339cfb894a7c04a01
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Downloads\desktop.ini.kroput
text
MD5: de487b59b8c478cd4baa3a3c6bdc833d
SHA256: eba7cbc32fc1d36488eca29b92d7c4d917424b5eceeb32c117eceb863bd88b73
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\desktop.ini.kroput
text
MD5: 70b3bf34361d0aa31fd6c4c3d950d3ea
SHA256: b21d721b11f9752b59cfb911ea4dfcd88da522fe7192b94b84eb8cb571fb2c1b
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\desktop.ini
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\Links\desktop.ini
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\Links for United States\desktop.ini
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Favorites\Links\Web Slice Gallery.url
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Contacts\desktop.ini.kroput
text
MD5: 32c679efd76e43152499a5427d5e5ffb
SHA256: 15259f51ad33fcdf1b8ac36e4cbb8b80bef6dc874d72a474a6fe540b15091b1f
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg.kroput
image
MD5: 71c215b787b4f431ff0568c697b788f8
SHA256: df31aa39ec4d30ce0182ca6a5b1ea684e43beec3b46591cc0c95dd80c73cce29
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Contacts\Administrator.contact.kroput
xml
MD5: 6b8004c4d09eaed31f683a6e7f4421ff
SHA256: da8e7a020102b9294f12d73d5b6d3ee3818bcf6839194ad2daff0a71f272a2d9
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Desktop\desktop.ini.kroput
text
MD5: b858e93fb08f8679f4dc0e4c3f17ee6b
SHA256: f625a72aab2e48e47e863580ba46073dda2548b817ac78c59c0ab27abd322c5c
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Documents\desktop.ini.kroput
text
MD5: a3c490e7dbf544bea5b4596321668f21
SHA256: 50d7cfa5a7ad24544646398a0777ebe4cb92876c1ee9ee03cb2bebbb3a8d57f9
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Documents\desktop.ini
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Desktop\desktop.ini
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Contacts\Administrator.contact
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Downloads\desktop.ini
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\Contacts\desktop.ini
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.kroput
text
MD5: 0a6e8aea9231b5a8406e2d654d9d004e
SHA256: dcc88352477df044638e8bf1f87f9b00baec1f1c09fb02ee7df37c4a2c7ea32e
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk.kroput
binary
MD5: 2da4d026c7ba900b3381de9dbbb33667
SHA256: aa0f013d1f5d7dabdbf555841c51045c8d50594767b44f279785772d0172f710
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.kroput
text
MD5: 4c126960cbfd771185a6e056c90525b7
SHA256: ba010d9974e5826366c0862d0e76f79c59b9ccf3a12fa199d8e76affc325105c
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk.kroput
binary
MD5: 8dadb0d78d105d9ac5b04c73d3fc56d7
SHA256: 606b59bf9814af1ebb5e4ca203b716b24a43fe2c453af750fa73e1554df9302d
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk.kroput
binary
MD5: f6401e026592985a4c9cb0e0ed067e9f
SHA256: 36b5833b0c0cc8a529b37247c5eb77cc6bb4673c0fec676eecb0272cef33af99
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini.kroput
text
MD5: 5d776f9e7f08f45b75a655e7301ea2f9
SHA256: 496935ab84a73e4abda3ab44effb439287c19c3be654f4fab65173a3e9cc3a85
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk.kroput
binary
MD5: 974e8482dfa34d5d253f589381a123fd
SHA256: 5c4250709a09ec3c04cffac488f62f913ab680053128d1aef6f1e0541e016c98
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini.kroput
text
MD5: f960b57ed68dab080992941f97397da3
SHA256: c1813cbc8eb5fa8558a2c86fc48f0f060615085640deab1009b6883f2eba8fcf
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b32366.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
––
MD5:  ––
SHA256:  ––
1488
f2da65eecb421c5ed44ca7fa45cd62e66ee7a022954ffec951e0fc5fa9b3236