Windows Analysis Report
mal2

Overview

General Information

Sample name:	mal2
Analysis ID:	1523388
MD5:	5daadb531113cad75786097b02e393f0
SHA1:	9dfad0a4084103d1fb53a9e2f7637a5ba7667ceb
SHA256:	f57bc4c23407f071076c629e9ca80dd737d034dafc216595b5fba3e29d4b2c1b
Infos:

Detection

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for dropped file

Multi AV Scanner detection for submitted file

Creates files in the recycle bin to hide itself

Drops PE files to the startup folder

Drops or copies MsMpEng.exe (Windows Defender, likely to bypass HIPS)

Machine Learning detection for dropped file

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

May sleep (evasive loops) to hinder dynamic analysis

Sigma detected: Startup Folder File Write

Stores files to the Windows start menu directory

Uses 32bit PE files

Classification

Signatures

AV Detection

Antivirus detection for dropped file

Source: C:\ProgramData\Microsoft\Diagnosis\osver.txt.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\ProgramData\_curlrc.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\ProgramData\Microsoft\MF\Active.GRL.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Users\Public\Desktop\Adobe Acrobat.lnk.exe.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Users\Public\Desktop\Google Chrome.lnk.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\ProgramData\Microsoft\MF\Pending.GRL.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\ProgramData\.curlrc.exe.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\ProgramData\.curlrc.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Users\Public\Desktop\Adobe Acrobat.lnk.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\ProgramData\Microsoft\Diagnosis\parse.dat.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen

Multi AV Scanner detection for submitted file

Source: mal2

ReversingLabs: Detection: 95%

Machine Learning detection for dropped file

Source: C:\ProgramData\Microsoft\Diagnosis\osver.txt.tmp	Joe Sandbox ML: detected
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Joe Sandbox ML: detected
Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk.tmp	Joe Sandbox ML: detected
Source: C:\ProgramData\_curlrc.tmp	Joe Sandbox ML: detected
Source: C:\ProgramData\Microsoft\MF\Active.GRL.tmp	Joe Sandbox ML: detected
Source: C:\Users\Public\Desktop\Adobe Acrobat.lnk.exe.tmp	Joe Sandbox ML: detected
Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk.tmp	Joe Sandbox ML: detected
Source: C:\Users\Public\Desktop\Google Chrome.lnk.tmp	Joe Sandbox ML: detected
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Joe Sandbox ML: detected
Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk.tmp	Joe Sandbox ML: detected
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Joe Sandbox ML: detected
Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk.tmp	Joe Sandbox ML: detected
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Joe Sandbox ML: detected
Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk.tmp	Joe Sandbox ML: detected
Source: C:\ProgramData\Microsoft\MF\Pending.GRL.tmp	Joe Sandbox ML: detected
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Joe Sandbox ML: detected
Source: C:\ProgramData\.curlrc.exe.tmp	Joe Sandbox ML: detected
Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk.tmp	Joe Sandbox ML: detected
Source: C:\ProgramData\.curlrc.tmp	Joe Sandbox ML: detected
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Joe Sandbox ML: detected
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Joe Sandbox ML: detected
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Joe Sandbox ML: detected
Source: C:\Users\Public\Desktop\Adobe Acrobat.lnk.tmp	Joe Sandbox ML: detected
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Joe Sandbox ML: detected
Source: C:\ProgramData\Microsoft\Diagnosis\parse.dat.tmp	Joe Sandbox ML: detected
Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk.tmp	Joe Sandbox ML: detected
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Joe Sandbox ML: detected

Uses 32bit PE files

Source: mal2

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\Desktop\mal2.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\.curlrc.exe
Source: C:\Users\user\Desktop\mal2.exe	File opened: C:\Documents and Settings\All Users\Application Data\.curlrc.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\.curlrc.exe
Source: C:\Users\user\Desktop\mal2.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\.curlrc.exe
Source: C:\Users\user\Desktop\mal2.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\.curlrc.exe
Source: C:\Users\user\Desktop\mal2.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\.curlrc.exe

Uses 32bit PE files

Source: mal2

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal72.adwa.evad.win@1/1025@0/0

Source: C:\Users\user\Desktop\mal2.exe

File read: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini

Source: C:\Users\user\Desktop\mal2.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: mal2

ReversingLabs: Detection: 95%

Source: C:\Users\user\Desktop\mal2.exe

File read: C:\Users\user\Desktop\mal2.exe

Source: C:\Users\user\Desktop\mal2.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Desktop\mal2.exe	Section loaded: mfc42.dll

Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1

Drops PE files

Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Onboarding.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpasdlta.lkg.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpavdlta.lkg.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\User Account Pictures\user-48.png.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PhoneLink.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e64ffef1-e246-b632-595b-56076a3fa776.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gl-ES\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nl-NL\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\User Account Pictures\user.png.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\Browse Extras.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x86).lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpClient.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\ASAP_CloudPolicy.json.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Buffers.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\el-GR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mi-NZ\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win64.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Users\Public\Documents\desktop.ini.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-CA\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin32.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\LfSvc\Geofence\GeofenceApplicationID.dat.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpSenseComm.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDlp.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win64.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\ecbc2601-0a67-4963-e594-43c65d6ec9a5.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Rest.ClientRuntime.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.provider.e_sqlite3.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\DesktopSettings2013.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Newtonsoft.Json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\6e90ed81-9187-fa62-ce90-f18d7bed6b12.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\_curlrc.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win64.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Pal.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Drivers\WdDevFlt.sys.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\el-GR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gu-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\.curlrc.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\a7e08b8b-ad4b-af00-ebcc-1aa29a833ce9.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.lib.e_sqlite3.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\Scripts\RegisterInboxTemplates.ps1.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP,0.23082.41.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Users\Public\Documents\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Polly.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b34b197c-c0ed-bf12-c9bb-44e883c66a9d.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Drivers\WdBoot.sys.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Users\Public\Desktop\Adobe Acrobat.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin64.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b59f5123-f94a-28bc-cf2d-1f77c3cd60ad.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-GB\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-MX\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Windows.AugLoop.Core.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\state.rsm.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpAzSubmit.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpAsDesc.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-GB\confident.cov.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,System.Management.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\it-IT\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nl-NL\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fi-FI\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mr-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\el-GR\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\ea39969e-9808-10a2-23ff-be783a132fea.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\User Account Pictures\user.dat.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-CA\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\he-IL\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\StorageGroveler.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\eee47229-947d-2ac7-e8a3-49bafee251d1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDetours.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lv-LV\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Transport,0.7.2012.2221.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\f1d940d0-b5b2-0083-8403-807a8db430d5.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-US\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\TroubleshootingSvc.json.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Xaml.Behaviors.Wpf,1.1.39.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kn-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpUpdate.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IdentityModel.Tokens.Jwt.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\he-IL\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDlpCmd.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Obex,0.23051.1.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\da-DK\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate.xsd.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\eu-ES\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2010.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin64.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\DefenderCSP.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kok-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Onboarding,0.23082.41.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\MF\Active.GRL.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Xaml.Behaviors.Wpf.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\User Account Pictures\hardz.dat.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\config.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lv-LV\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win64.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\it-IT\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00012.jtx.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win32.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.bundle_e_sqlite3.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\is-IS\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDetoursCopyAccelerator.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\CortanaUWP.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mpextms.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.jfm.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpasdlta.vdm.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\User Account Pictures\user-192.png.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PlatformSdk.Protocol.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Rest.ClientRuntime,2.3.24.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nl-NL\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Users\Public\Pictures\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Common,0.7.2012.2221.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate2013.xsd.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IO.Abstractions.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.bundle_e_sqlite3,2.1.4.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\User Account Pictures\guest.png.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Common.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e8ac9388-7c9c-19cc-fd4d-cb72bb1544ea.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x64).lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Diagnosis\osver.txt.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\9a9f1e94-851b-c6b4-27c0-55a242e0d96d.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\TightVNC\tvnserver.log.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Common.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\Defender.psd1.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nb-NO\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Drivers\WdNisDrv.sys.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.jfm.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpSvc.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Users\Public\Desktop\desktop.ini.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Users\Public\Desktop\Google Chrome.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pl-PL\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.SideChannel.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\DirectXDbVersion.json.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.core.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpRtp.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\User Account Pictures\user-32.png.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Codecs.Protobuf.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\a1e5b165-0532-a6a3-f542-0c5c162be3e1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\abbb44f6-ae33-2e7c-ac40-4d8ac17bf46b.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpEvMsg.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\71c8f37a-a7b9-aff0-6de0-9b276c089ad6.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Diagnosis\EventStore.db.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win32.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Auth,0.23082.41.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpUpdate.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kk-KZ\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.lib.e_sqlite3,2.1.4.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpSvc.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e9bff135-4a26-0e2f-d743-30d9666eed8e.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Users\Public\Music\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Polly.Extensions.Http.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20231003-085557.log.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nb-NO\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpRtp.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Drivers\WdFilter.sys.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\id-ID\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IO.Abstractions,19.2.51.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\endpointdlp.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\71ef3df1-f4b1-69cd-793a-48e165e282aa.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-GB\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hr-HR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.bk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lt-LT\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Users\Public\Desktop\Firefox.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\Diagtrack-Listener.etl.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftWordpad.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoItX\AutoItX Help File.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\IdentityCRL\INT\wlidsvcconfig.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Users\Public\Desktop\Google Chrome.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fil-PH\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b81d7e70-84e7-b16a-e3d0-1e7aa2f1232d.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-20231003-085557.log.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin64.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hr-HR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\LfSvc\Geofence\GeofenceApplicationID.dat.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Pbap.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbres00002.jrs.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoIt v3 Website.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\DeviceMetadataCache\dmrc.idx.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpScan.cdxml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nb-NO\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Users\Public\Videos\desktop.ini.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,HtmlAgilityPack.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Users\Public\Desktop\Firefox.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpavdlta.vdm.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft OneDrive\setup\refcount.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\User Account Pictures\user.bmp.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.ServicesClient.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\AppV\Setup\OfficeIntegrator.ps1.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\ThemeSettings2013.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\NetworkPrinters.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\User Account Pictures\user-40.png.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\832f9d1e-5f47-dfb1-157b-5239adf4c1db.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b6126597-8ecb-81b4-8b3a-1430dc2988c1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hi-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.lkg.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\User Account Pictures\user-48.png.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.core,2.1.4.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpOAV.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\tokens.dat.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\SCCInstallService.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Network\Downloader\edbres00002.jrs.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\fc93b452-8a84-dede-3b7a-0fc9413c4592.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PlatformSdk,0.23082.41.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\d834be1c-66d4-85d2-5bfc-720e73e8e544.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\User Account Pictures\user-40.png.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\ac116a72-b6b1-d558-23f6-10796e634d41.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Examples.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e2a686b1-b02a-b3e7-90cb-3fa0d708ce04.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\UsoSettings.json.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Office\ClickToRunPackageLocker.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Google.Protobuf.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.db.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\MpDiag.bin.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.YourPhone.Vcard.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Stateless.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-GB\fyi.cov.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\CortanaUWP.json.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Common,0.23082.41.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.SideChannel.Protocol.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Polly,7.2.4.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\User Account Pictures\user-32.png.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\MpDiag.bin.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mk-MK\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\AppxProvisioning.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\7309084a-bb6f-20c3-ea54-aa108ceab1ae.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbres00001.jrs.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpEvMsg.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-US\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,TestableIO.System.IO.Abstractions.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\ca947da2-7e9a-7249-8095-bceb379c6f74.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IO.Pipelines.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft OneDrive\setup\refcount.ini.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\EaseOfAccessSettings2013.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win32.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin32.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpLics.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\km-KH\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpOAV.dll.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8d56e57b-8663-136d-ff69-a004e217825a.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\id-ID\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Auth.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\TroubleshootingSvc.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ga-IE\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\IdentityCRL\production\wlidsvcconfig.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\it-IT\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Network\Downloader\edb.log.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mpextms.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Tokens.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\6ffa25dc-c89d-3de9-3601-df09bae65a75.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Codecs.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-GB\urgent.cov.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\en-GB\WelcomeFax.tif.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\StorageGroveler.json.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\RoamingCredentialSettings.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e8fff2df-6041-8f21-3df7-db31661aa09b.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCommu.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\f5fc8c03-78f6-342c-372b-15d02609bd3c.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Codecs,0.7.2012.2221.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Network\Downloader\edb00001.log.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin32.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Examples.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCommu.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Diagnosis\TenantStorage\P-ARIA\EventStore.db.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\a92561ce-87c0-7d40-42ea-c87d237c0db0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Users\Public\Videos\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Diagnosis\parse.dat.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e78cdb72-8076-1aa5-5df6-048300a0f594.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Diagnostics.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Map.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.privacy.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\et-EE\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Buffers,0.7.2012.2221.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpClient.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ml-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mt-MT\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8cfc804a-d777-2361-1670-4569e516397e.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Toolkit.Uwp.Notifications.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00014.jtx.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\bb26a0e5-d235-0ee6-0c36-6d5e185fa5b1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin32.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpLics.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lb-LU\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\AppV\Setup\OfficeIntegrator.ps1.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\9d3ad23c-c6b8-7fb5-e4ab-f5d0a66dcfbc.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.WindowsAppSDK.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\91a5b4c7-29a8-ec80-4321-fbecea906705.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Diagnosis\ScenariosSqlStore\EventStore.db.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Obex.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PlatformSdk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Help File.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Stateless,5.13.0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-GB\generic.cov.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Network\Downloader\edb.chk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Windows.Apps.TraceLogging.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\wfp\wfpdiag.etl.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\CTAC.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Polly.Extensions.Http,3.0.0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ms-MY\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jcp.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\DirectXDbVersion.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpAsDesc.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00013.jtx.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x64).lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win64.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\da-DK\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PhoneLink,0.23082.41.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ja-JP\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\User Account Pictures\user-192.png.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\User Account Pictures\jones.dat.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\MF\Pending.GRL.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftNotepad.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-US\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.NET.StringTools.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.NET.StringTools,17.4.0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin64.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\SCCInstallService.json.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Users\Public\Music\desktop.ini.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Users\Public\Desktop\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Antimalware-RTP.man.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\6ab96728-2783-240f-370f-afa9d4e52fdd.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-MX\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ka-GE\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\VdiState.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ja-JP\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbtmp.jtx.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\FeatureConfig.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Network\Downloader\edbres00001.jrs.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,MessagePack.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.allow.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x86).lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lt-LT\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpUxAgent.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\da-DK\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IO.Pipelines,7.0.0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ne-NP\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Transport.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,System.Management,7.0.1.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\ASAP_CloudPolicy.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ja-JP\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win32.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Diagnosis\osver.txt.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gd-GB\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate2013A.xsd.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Newtonsoft.Json,10.0.3.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.SideChannel,0.23082.41.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fi-FI\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fi-FI\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\.curlrc.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fa-IR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win32.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\UsoSettings.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Users\Public\Desktop\Adobe Acrobat.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lo-LA\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Users\Public\Pictures\desktop.ini.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\et-EE\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Antimalware-NIS.man.tmp	Jump to dropped file

Drops PE files to the application program directory (C:\ProgramData)

Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-GB\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\te-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpasdlta.lkg.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpavdlta.lkg.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpClient.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PhoneLink.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Google.Protobuf,3.23.4.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Abstractions.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Caching.Abstractions,7.0.0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gl-ES\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\User Account Pictures\user.png.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Cyrl-RS\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpClient.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Skype for Business Recording Manager.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\en-GB\mpasdesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\el-GR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Buffers.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win64.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin32.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win32.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpAsDesc.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpSenseComm.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,MessagePack.Annotations,2.6.100-alpha.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDlp.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win64.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.provider.e_sqlite3.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\DesktopSettings2013.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\6e90ed81-9187-fa62-ce90-f18d7bed6b12.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hu-HU\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1faf63f7-f387-4522-1175-68c9652d968a.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\306e67c8-9a1d-38de-8654-054bd8a6e6d6.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoItX\AutoItX Help File.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Drivers\WdDevFlt.sys.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\el-GR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\.curlrc.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\a7e08b8b-ad4b-af00-ebcc-1aa29a833ce9.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.lib.e_sqlite3.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\Scripts\RegisterInboxTemplates.ps1.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin64.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fi-FI\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\Defender.psd1.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.JsonWebTokens.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b34b197c-c0ed-bf12-c9bb-44e883c66a9d.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\52a7e8cc-4b89-0eb8-5b4c-0f924bfc3949.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-GB\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Windows.AugLoop.Core.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\state.rsm.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpAzSubmit.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\19\0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpAsDesc.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,TestableIO.System.IO.Abstractions,19.2.51.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1f7b7aa2-506a-03cd-6648-5b78ac12040f.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\el-GR\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\User Account Pictures\user.dat.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office Language Preferences.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\01\2.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\StorageGroveler.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDetours.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Transport,0.7.2012.2221.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\f1d940d0-b5b2-0083-8403-807a8db430d5.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-US\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\TroubleshootingSvc.json.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Xaml.Behaviors.Wpf,1.1.39.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kn-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PlatformSdk.Protocol,0.23082.41.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IdentityModel.Tokens.Jwt.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\he-IL\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Obex,0.23051.1.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\da-DK\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\C773B593-9C79-47E6-BF01-073C12072B16\x-none.16\i320.c2rx.hash.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sk-SK\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ug-CN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpAsDesc.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ar-SA\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Windows.AugLoop.Core,0.0.230717008.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\215f9712-9fca-a3f8-5b11-660eefc73b96.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin64.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\config.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\User Account Pictures\hardz.dat.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hr-HR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win64.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win32.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\93BCA88018E5993458BC6BBE55D33E61.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDetoursCopyAccelerator.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\CortanaUWP.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\USOShared\Logs\User\NotifyIcon.fbe50464-f61d-4a15-a5b7-ed239a079807.1.etl.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20231003-085557.log.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-CN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\User Account Pictures\user-192.png.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PlatformSdk.Protocol.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Rest.ClientRuntime,2.3.24.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpClient.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\USOShared\Logs\User\NotifyIcon.0884f9b2-b6ec-4b87-899f-510361add0dc.1.etl.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nl-NL\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\19\1.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Client.Core,7.0.9.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Client.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\0f8e2cd5-b8eb-7a22-b9e9-9b1183fa0a84.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mk-MK\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.bundle_e_sqlite3,2.1.4.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e8ac9388-7c9c-19cc-fd4d-cb72bb1544ea.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x64).lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Diagnosis\osver.txt.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-Eco3PTelDefault.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\da-DK\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pl-PL\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Latn-RS\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\USOShared\Logs\User\NotifyIcon.f4d4c9b8-57b5-43ca-ab7a-5d857e7666b9.1.etl.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin32.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.jfm.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kn-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pl-PL\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Data.Sqlite.Core.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.SideChannel.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.core.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ug-CN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\SciTE Script Editor.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpRtp.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-FR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\km-KH\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\User Account Pictures\user-32.png.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Codecs.Protobuf.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Common,7.0.9.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\a1e5b165-0532-a6a3-f542-0c5c162be3e1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Antimalware-NIS.man.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ga-IE\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\abbb44f6-ae33-2e7c-ac40-4d8ac17bf46b.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Primitives.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Graphics.Win2D.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kk-KZ\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Abstractions,6.32.0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cy-GB\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e9bff135-4a26-0e2f-d743-30d9666eed8e.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Latn-RS\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20231003-085557.log.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ar-SA\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpRtp.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\3f446420-d8ef-3b9c-d5b4-ba09c43121b4.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\et-EE\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IO.Abstractions,19.2.51.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Logging,7.0.0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\vi-VN\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\th-TH\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpUxAgent.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\state.rsm.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpAzSubmit.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-CN\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-GB\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hr-HR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.bk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bg-BG\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gl-ES\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Http.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoItX\AutoItX Help File.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\endpointdlp.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.Crwl.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fil-PH\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin64.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hr-HR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\61b5bd89-4cb0-db77-6622-cb63b5a58080.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.YourPhone.LibNanoApi.Managed.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbres00002.jrs.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\af-ZA\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013Backup.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoIt v3 Website.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpDetours.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lb-LU\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\vi-VN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\DeviceMetadataCache\dmrc.idx.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpScan.cdxml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nb-NO\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,HtmlAgilityPack.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ru-RU\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\C73297F3A28B41D0B045DECE1D0D81EF.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.DependencyInjection.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sk-SK\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft OneDrive\setup\refcount.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\AppV\Setup\OfficeIntegrator.ps1.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\USOShared\Logs\User\UpdateUx.475a5b13-420d-4358-9fdb-c77913ec90af.1.etl.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\ThemeSettings2013.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Options.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b6126597-8ecb-81b4-8b3a-1430dc2988c1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lv-LV\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hu-HU\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\az-Latn-AZ\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpOAV.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Network\Downloader\edbres00002.jrs.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\Browse Extras.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\fc93b452-8a84-dede-3b7a-0fc9413c4592.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win64.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win32.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Cyrl-RS\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\User Account Pictures\user-40.png.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Office\ClickToRunPackageLocker.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Google.Protobuf.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\0a8c1492-65ca-6a01-de25-0e183559d10d.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Catalogs\IGD.CAT.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.db.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\MpDiag.bin.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.YourPhone.Vcard.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\USOShared\Logs\User\NotifyIcon.480bc3f4-4991-4ffc-b70d-c15db82e9d6a.1.etl.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\81FE2459AB45799D6C1FB53DEEE30AF6.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Stateless.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\az-Latn-AZ\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MsMpLics.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-FR\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Common,0.23082.41.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Logging.Abstractions.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Polly,7.2.4.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\uk-UA\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-CN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\tt-RU\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-PT\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Logging.Debug.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\User Account Pictures\user-32.png.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Antimalware-RTP.man.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Drivers\WdBoot.sys.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fa-IR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\AppxProvisioning.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\7309084a-bb6f-20c3-ea54-aa108ceab1ae.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-CA\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hi-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-TW\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbres00001.jrs.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpEvMsg.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\th-TH\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\USOShared\Logs\User\NotifyIcon.a686e598-6877-4264-9711-989651a302f7.1.etl.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IO.Pipelines.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\EaseOfAccessSettings2013.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\tr-TR\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin32.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpLics.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\uk-UA\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\USOShared\Logs\User\NotifyIcon.1d47542d-bdee-4dc6-94ed-be9cdb6f14e1.1.etl.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-MX\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cs-CZ\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ta-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\km-KH\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Logging.Abstractions,7.0.1.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.3.gthr.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\USOShared\Logs\User\NotifyIcon.f3f7cc8e-795b-4925-9b8c-26e2ea300f41.1.etl.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8d56e57b-8663-136d-ff69-a004e217825a.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sl-SI\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Auth.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Features,7.0.9.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\C773B593-9C79-47E6-BF01-073C12072B16\en-us.16\s321033.hash.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ka-GE\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetry Log for Office.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\it-IT\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\en-US\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Network\Downloader\edb.log.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kk-KZ\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Tokens.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gu-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\2ff6ba33-4212-e6d3-dcc2-11aadb3d61ef.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\da-DK\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pa-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\StorageGroveler.json.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\TELEMETRY.ASM-WINDOWSSQ.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ThirdPartyNotices.txt.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-MX\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hr-HR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol_.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\f5fc8c03-78f6-342c-372b-15d02609bd3c.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Codecs,0.7.2012.2221.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-PT\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin32.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Network\Downloader\edb00001.log.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Examples.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ur-PK\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cs-CZ\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\a92561ce-87c0-7d40-42ea-c87d237c0db0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\C773B593-9C79-47E6-BF01-073C12072B16\x-none.16\s320.hash.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Diagnosis\parse.dat.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e78cdb72-8076-1aa5-5df6-048300a0f594.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Check For SQLite Updates.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ta-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin32.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.JsonWebTokens,6.32.0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\13edb933-4688-0f79-3d0a-499edf952ba0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpClient.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Protocols.Json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Latn-RS\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ml-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mt-MT\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sl-SI\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpOAV.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\0f8e2cd5-b8eb-7a22-b9e9-9b1183fa0a84.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpScan.cdxml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\USOShared\Logs\User\NotifyIcon.a821f645-76e8-4ba9-965c-60ad931c30ce.1.etl.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Graphics.Win2D,1.0.5.1.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Drivers\WdNisDrv.sys.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDetours.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ro-RO\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00014.jtx.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\vi-VN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpLics.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\9d3ad23c-c6b8-7fb5-e4ab-f5d0a66dcfbc.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Map,0.23051.1.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Obex.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Help File.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ur-PK\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office64mui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\SciTE Script Editor.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-GB\generic.cov.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\CTAC.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jcp.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ru-RU\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2010.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ProtectionManagement.mof.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\vi-VN\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\da-DK\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.Http.Connections.Common.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ja-JP\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\User Account Pictures\user-192.png.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoIt v3 Website.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\2b5d0f60-d93b-1629-f3e5-4167231c7ee6.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\MF\Pending.GRL.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftNotepad.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\en-GB\mpasdesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-PT\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.NET.StringTools,17.4.0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Caching.Memory,7.0.0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin64.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.provider.e_sqlite3,2.1.4.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sq-AL\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\ThemeSettings2013.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\6ab96728-2783-240f-370f-afa9d4e52fdd.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ka-GE\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\VdiState.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\0890ad2f-b74f-c384-f684-9c33f8f67924.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbtmp.jtx.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,MessagePack.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Http,7.0.0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Logging,6.32.0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pl-PL\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lt-LT\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Transport.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\ASAP_CloudPolicy.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win32.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate2013A.xsd.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.SideChannel,0.23082.41.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fi-FI\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\67447b0c-05cf-6740-5f7b-391ab440c42d.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Common.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fa-IR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\.curlrc.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win32.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lo-LA\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Onboarding.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\it-IT\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ru-RU\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\User Account Pictures\user-48.png.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e64ffef1-e246-b632-595b-56076a3fa776.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\C773B593-9C79-47E6-BF01-073C12072B16\operations.db.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nl-NL\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\Browse Extras.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x86).lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ar-SA\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\ASAP_CloudPolicy.json.exe.tmp	Jump to dropped file

Boot Survival

Drops PE files to the startup folder

Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini.exe.tmp			Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini.tmp			Jump to dropped file

Stores files to the Windows start menu directory

Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Firefox.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\desktop.ini.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\7-Zip\7-Zip Help.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\desktop.ini.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Notepad.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Quick Assist.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Adobe Acrobat.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Examples.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Firefox Private Browsing.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Firefox.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Google Chrome.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Edge.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\desktop.ini.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Examples.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Publisher.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\desktop.ini.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Quick Assist.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Registry Editor.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\AutoIt Help File.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x64).lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x86).lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Check For SQLite Updates.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Check For Updates.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x64).lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x86).lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Extras\AutoIt v3 Website.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Extras\AutoItX\AutoItX Help File.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Extras\Browse Extras.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Run Script (x64).lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Run Script (x86).lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\SciTE Script Editor.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Firefox Private Browsing.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Windows PowerShell\desktop.ini.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Help File.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x64).lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x86).lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Check For SQLite Updates.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Check For Updates.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoIt v3 Website.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\Browse Extras.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x64).lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x86).lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\SciTE Script Editor.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x64).lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x86).lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Extras\AutoItX\AutoItX Help File.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Office Language Preferences.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Skype for Business Recording Manager.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Telemetry Log for Office.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office Language Preferences.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetry Log for Office.lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.tmp
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Skype for Business Recording Manager.lnk.exe.tmp

Hooking and other Techniques for Hiding and Protection

Creates files in the recycle bin to hide itself

Source: C:\Users\user\Desktop\mal2.exe

File created: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp

Source: C:\Users\user\Desktop\mal2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\mal2.exe	Process information set: NOOPENFILEERRORBOX

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Desktop\mal2.exe

Window / User API: threadDelayed 735

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-GB\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\te-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpasdlta.lkg.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpavdlta.lkg.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpClient.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PhoneLink.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Abstractions.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Google.Protobuf,3.23.4.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Caching.Abstractions,7.0.0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gl-ES\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\User Account Pictures\user.png.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Cyrl-RS\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpClient.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Skype for Business Recording Manager.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\en-GB\mpasdesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Buffers.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\el-GR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win64.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin32.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win32.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpAsDesc.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpSenseComm.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,MessagePack.Annotations,2.6.100-alpha.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win64.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDlp.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.provider.e_sqlite3.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\DesktopSettings2013.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\6e90ed81-9187-fa62-ce90-f18d7bed6b12.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hu-HU\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1faf63f7-f387-4522-1175-68c9652d968a.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\306e67c8-9a1d-38de-8654-054bd8a6e6d6.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoItX\AutoItX Help File.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Drivers\WdDevFlt.sys.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\el-GR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\.curlrc.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\a7e08b8b-ad4b-af00-ebcc-1aa29a833ce9.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.lib.e_sqlite3.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\Scripts\RegisterInboxTemplates.ps1.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin64.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fi-FI\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\Defender.psd1.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.JsonWebTokens.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b34b197c-c0ed-bf12-c9bb-44e883c66a9d.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\52a7e8cc-4b89-0eb8-5b4c-0f924bfc3949.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm.tmp
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-GB\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Windows.AugLoop.Core.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\state.rsm.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpAzSubmit.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\19\0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpAsDesc.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,TestableIO.System.IO.Abstractions,19.2.51.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1f7b7aa2-506a-03cd-6648-5b78ac12040f.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\el-GR\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\User Account Pictures\user.dat.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office Language Preferences.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\01\2.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDetours.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\OneSettings\StorageGroveler.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Transport,0.7.2012.2221.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\f1d940d0-b5b2-0083-8403-807a8db430d5.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-US\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\OneSettings\TroubleshootingSvc.json.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Xaml.Behaviors.Wpf,1.1.39.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kn-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PlatformSdk.Protocol,0.23082.41.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IdentityModel.Tokens.Jwt.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\he-IL\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Obex,0.23051.1.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\da-DK\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\C773B593-9C79-47E6-BF01-073C12072B16\x-none.16\i320.c2rx.hash.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sk-SK\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpAsDesc.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ug-CN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ar-SA\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Windows.AugLoop.Core,0.0.230717008.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\215f9712-9fca-a3f8-5b11-660eefc73b96.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin64.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\User Account Pictures\hardz.dat.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\OneSettings\config.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hr-HR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win64.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win32.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\93BCA88018E5993458BC6BBE55D33E61.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDetoursCopyAccelerator.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\OneSettings\CortanaUWP.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\USOShared\Logs\User\NotifyIcon.fbe50464-f61d-4a15-a5b7-ed239a079807.1.etl.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20231003-085557.log.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-CN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\User Account Pictures\user-192.png.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PlatformSdk.Protocol.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Rest.ClientRuntime,2.3.24.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpClient.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\USOShared\Logs\User\NotifyIcon.0884f9b2-b6ec-4b87-899f-510361add0dc.1.etl.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nl-NL\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\Users\Public\Pictures\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\19\1.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Client.Core,7.0.9.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Client.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\0f8e2cd5-b8eb-7a22-b9e9-9b1183fa0a84.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mk-MK\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.bundle_e_sqlite3,2.1.4.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e8ac9388-7c9c-19cc-fd4d-cb72bb1544ea.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x64).lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Diagnosis\osver.txt.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-Eco3PTelDefault.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\da-DK\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pl-PL\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Latn-RS\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\USOShared\Logs\User\NotifyIcon.f4d4c9b8-57b5-43ca-ab7a-5d857e7666b9.1.etl.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin32.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.jfm.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kn-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\Users\Public\Desktop\Google Chrome.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pl-PL\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Data.Sqlite.Core.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.SideChannel.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.core.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ug-CN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\SciTE Script Editor.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpRtp.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\km-KH\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-FR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\User Account Pictures\user-32.png.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Codecs.Protobuf.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Common,7.0.9.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\a1e5b165-0532-a6a3-f542-0c5c162be3e1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ga-IE\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Antimalware-NIS.man.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\abbb44f6-ae33-2e7c-ac40-4d8ac17bf46b.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Primitives.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Graphics.Win2D.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kk-KZ\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Abstractions,6.32.0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cy-GB\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e9bff135-4a26-0e2f-d743-30d9666eed8e.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Latn-RS\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20231003-085557.log.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ar-SA\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db.tmp
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpRtp.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\3f446420-d8ef-3b9c-d5b4-ba09c43121b4.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\et-EE\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IO.Abstractions,19.2.51.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Logging,7.0.0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\vi-VN\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\th-TH\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\state.rsm.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpUxAgent.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpAzSubmit.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-CN\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-GB\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hr-HR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.bk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bg-BG\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gl-ES\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Http.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoItX\AutoItX Help File.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\endpointdlp.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.Crwl.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fil-PH\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin64.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hr-HR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\61b5bd89-4cb0-db77-6622-cb63b5a58080.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.YourPhone.LibNanoApi.Managed.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbres00002.jrs.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\af-ZA\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013Backup.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoIt v3 Website.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpDetours.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lb-LU\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\vi-VN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\DeviceMetadataCache\dmrc.idx.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpScan.cdxml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nb-NO\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\Users\Public\Videos\desktop.ini.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,HtmlAgilityPack.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ru-RU\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\Users\Public\Desktop\Firefox.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\C73297F3A28B41D0B045DECE1D0D81EF.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.DependencyInjection.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sk-SK\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft OneDrive\setup\refcount.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\AppV\Setup\OfficeIntegrator.ps1.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\USOShared\Logs\User\UpdateUx.475a5b13-420d-4358-9fdb-c77913ec90af.1.etl.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\ThemeSettings2013.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Options.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b6126597-8ecb-81b4-8b3a-1430dc2988c1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lv-LV\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hu-HU\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\az-Latn-AZ\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpOAV.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Network\Downloader\edbres00002.jrs.tmp
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\Browse Extras.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\fc93b452-8a84-dede-3b7a-0fc9413c4592.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win64.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win32.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Cyrl-RS\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\User Account Pictures\user-40.png.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Office\ClickToRunPackageLocker.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Google.Protobuf.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\0a8c1492-65ca-6a01-de25-0e183559d10d.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Catalogs\IGD.CAT.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.db.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\MpDiag.bin.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.YourPhone.Vcard.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\USOShared\Logs\User\NotifyIcon.480bc3f4-4991-4ffc-b70d-c15db82e9d6a.1.etl.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\81FE2459AB45799D6C1FB53DEEE30AF6.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Stateless.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\az-Latn-AZ\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MsMpLics.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-FR\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Common,0.23082.41.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Logging.Abstractions.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Polly,7.2.4.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\uk-UA\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-CN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\tt-RU\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-PT\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Logging.Debug.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\User Account Pictures\user-32.png.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Antimalware-RTP.man.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Drivers\WdBoot.sys.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fa-IR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\AppxProvisioning.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\7309084a-bb6f-20c3-ea54-aa108ceab1ae.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-CA\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hi-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-TW\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbres00001.jrs.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpEvMsg.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\th-TH\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\USOShared\Logs\User\NotifyIcon.a686e598-6877-4264-9711-989651a302f7.1.etl.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IO.Pipelines.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\EaseOfAccessSettings2013.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\tr-TR\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin32.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpLics.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\uk-UA\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\USOShared\Logs\User\NotifyIcon.1d47542d-bdee-4dc6-94ed-be9cdb6f14e1.1.etl.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-MX\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cs-CZ\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ta-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\km-KH\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Logging.Abstractions,7.0.1.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.3.gthr.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\USOShared\Logs\User\NotifyIcon.f3f7cc8e-795b-4925-9b8c-26e2ea300f41.1.etl.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8d56e57b-8663-136d-ff69-a004e217825a.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sl-SI\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Auth.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Features,7.0.9.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\C773B593-9C79-47E6-BF01-073C12072B16\en-us.16\s321033.hash.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ka-GE\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetry Log for Office.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\it-IT\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\en-US\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Network\Downloader\edb.log.tmp
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kk-KZ\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Tokens.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gu-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\2ff6ba33-4212-e6d3-dcc2-11aadb3d61ef.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\da-DK\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pa-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\OneSettings\StorageGroveler.json.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\TELEMETRY.ASM-WINDOWSSQ.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ThirdPartyNotices.txt.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-MX\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hr-HR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol_.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\f5fc8c03-78f6-342c-372b-15d02609bd3c.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Codecs,0.7.2012.2221.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-PT\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin32.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Network\Downloader\edb00001.log.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Examples.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ur-PK\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cs-CZ\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\a92561ce-87c0-7d40-42ea-c87d237c0db0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\C773B593-9C79-47E6-BF01-073C12072B16\x-none.16\s320.hash.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\Users\Public\Videos\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Diagnosis\parse.dat.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e78cdb72-8076-1aa5-5df6-048300a0f594.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Check For SQLite Updates.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ta-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin32.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.JsonWebTokens,6.32.0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\13edb933-4688-0f79-3d0a-499edf952ba0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpClient.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Protocols.Json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Latn-RS\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ml-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mt-MT\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sl-SI\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpOAV.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\0f8e2cd5-b8eb-7a22-b9e9-9b1183fa0a84.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpScan.cdxml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\USOShared\Logs\User\NotifyIcon.a821f645-76e8-4ba9-965c-60ad931c30ce.1.etl.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Graphics.Win2D,1.0.5.1.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Drivers\WdNisDrv.sys.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ro-RO\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDetours.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00014.jtx.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\vi-VN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpLics.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\9d3ad23c-c6b8-7fb5-e4ab-f5d0a66dcfbc.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Map,0.23051.1.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Obex.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Help File.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ur-PK\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office64mui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\SciTE Script Editor.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-GB\generic.cov.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\OneSettings\CTAC.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jcp.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ru-RU\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2010.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ProtectionManagement.mof.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\vi-VN\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\da-DK\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.Http.Connections.Common.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ja-JP\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\User Account Pictures\user-192.png.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoIt v3 Website.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\2b5d0f60-d93b-1629-f3e5-4167231c7ee6.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\MF\Pending.GRL.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftNotepad.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\en-GB\mpasdesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-PT\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.NET.StringTools,17.4.0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Caching.Memory,7.0.0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin64.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\Users\Public\Music\desktop.ini.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.provider.e_sqlite3,2.1.4.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sq-AL\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\Users\Public\Desktop\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\ThemeSettings2013.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\6ab96728-2783-240f-370f-afa9d4e52fdd.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ka-GE\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\VdiState.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\0890ad2f-b74f-c384-f684-9c33f8f67924.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbtmp.jtx.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,MessagePack.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Http,7.0.0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Logging,6.32.0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pl-PL\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lt-LT\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Transport.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\OneSettings\ASAP_CloudPolicy.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win32.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate2013A.xsd.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.SideChannel,0.23082.41.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fi-FI\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Common.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\67447b0c-05cf-6740-5f7b-391ab440c42d.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\.curlrc.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fa-IR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win32.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\Users\Public\Desktop\Adobe Acrobat.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lo-LA\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\Users\Public\Pictures\desktop.ini.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Onboarding.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\it-IT\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ru-RU\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\User Account Pictures\user-48.png.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e64ffef1-e246-b632-595b-56076a3fa776.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\C773B593-9C79-47E6-BF01-073C12072B16\operations.db.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nl-NL\MpAsDesc.dll.mui.tmp	Jump to dropped file

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\mal2.exe TID: 784

Thread sleep count: 735 > 30

Source: C:\Users\user\Desktop\mal2.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\.curlrc.exe
Source: C:\Users\user\Desktop\mal2.exe	File opened: C:\Documents and Settings\All Users\Application Data\.curlrc.exe.tmp
Source: C:\Users\user\Desktop\mal2.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\.curlrc.exe
Source: C:\Users\user\Desktop\mal2.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\.curlrc.exe
Source: C:\Users\user\Desktop\mal2.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\.curlrc.exe
Source: C:\Users\user\Desktop\mal2.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\.curlrc.exe

HIPS / PFW / Operating System Protection Evasion

Drops or copies MsMpEng.exe (Windows Defender, likely to bypass HIPS)

Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe.tmp			Jump to dropped file
Source: C:\Users\user\Desktop\mal2.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe.tmp			Jump to dropped file

Screenshots

Network Map

⊘No contacted IP infos

Name	Type	MD5	SHA1	SHA256
C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	ADEE5B7F1862F27F3A1A6B7223045D12	B7E3F8E826641B49B05A79272B8600D9684E3B30	DDFC6489848B138CFE4CBA85C224648EE606BD39DBA4291A15BB369D00D38FA5
C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	ADEE5B7F1862F27F3A1A6B7223045D12	B7E3F8E826641B49B05A79272B8600D9684E3B30	DDFC6489848B138CFE4CBA85C224648EE606BD39DBA4291A15BB369D00D38FA5
C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4D3A1AAA9619C4B40773412EDF1D277C	292D9232D4016DCCE3B6DDD6FC9AFD9A7754CC0A	C504E407B060C0A051D4AE5461E690D17EF4E6E9AEC5F83E16CC2829F567E62D
C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4D3A1AAA9619C4B40773412EDF1D277C	292D9232D4016DCCE3B6DDD6FC9AFD9A7754CC0A	C504E407B060C0A051D4AE5461E690D17EF4E6E9AEC5F83E16CC2829F567E62D
C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B42A91A20544B3181CBB9C635151E096	4959807A5DB5E3C35621141DB0294FC41B4162C1	0ACB64B1CDBDBA14C23A18FA36A188ADAE35EDDA729A2E76177BB91C01A7DB6E
C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B42A91A20544B3181CBB9C635151E096	4959807A5DB5E3C35621141DB0294FC41B4162C1	0ACB64B1CDBDBA14C23A18FA36A188ADAE35EDDA729A2E76177BB91C01A7DB6E
C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	29756D17F3CB7E1AECF712BBD20D05AE	CEF8AA59958D038B885A55D5C93EA8419449AA2D	F852EAC84CE819BB1D816E5848D5FC781AE50738B7024CE288F4637E51D7769C
C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	29756D17F3CB7E1AECF712BBD20D05AE	CEF8AA59958D038B885A55D5C93EA8419449AA2D	F852EAC84CE819BB1D816E5848D5FC781AE50738B7024CE288F4637E51D7769C
C:\Documents and Settings\All Users\.curlrc.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D9D75D4B4C326E47CBFF86BF4A1427E9	EB392C34B4A65C1568DC48B3B69FC3C347D56584	1DD1F9D6DC23C586FE5D52BDD6F020A10F14D92787B32191A090DD0BD6E614F2
C:\Documents and Settings\All Users\Application Data\.curlrc.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DBE14B1709C16C328207D647833F7A3E	5FCCE33985B2A3E2A6A16CA3BFDDB6A360625C23	751B19494477BAA1094D824F9B2B00397AA508C86D583A57CCCECCC47A8BC39B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\_curlrc.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AB9C59C1628045067D5C2F29A1C6FBB7	A7E6C112B8587583721FDC282AB09925A01E7316	4ED562D4C1A3A59E3C2628992EC7354C5E207456B948AD90E0B0F61339AA2AD3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Adobe Acrobat.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	68E547FDE35F67BFD064B3EA8F39E680	B6E96CB2CA2FFB9F73E8EDB2C31A02BEC8560D07	133981F736784530C7C539FD7A4BD0BB3CAC8D2A489A59634146A4CD27A104EA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Firefox.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6DCE055A03DF83F2CF53AAC9560C5D2A	754480D79294A85A0897AF0C9676626F0EFE740B	F65993EA21826E8252C3D6B3D2EEED674116EFAF2D536E49B76549FD78B0E72E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Google Chrome.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8111F9B8C2056C4BF0E056D527E53629	0833D5AA7AC4C68195153685C62AA7E1DB6069BF	5196DBA170D9F63CAB45B6DDE4D435E0916A61510ACD531C7C523E15B4ACF64D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	750120688F068755638777F74D41798E	44177DCA5E217BD9E443F043E717C1F96CD08B0E	88B1F5F9FEBC6E21F4D1FE470142BCA0D559722244C977ED07F8563EFB5720CA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9E4AA42B39047FC90A9E2E0DD5099869	BCD4BBCEFB91EE2B7E2061854138862C4F2A6793	6F42DE1BF650DA6A3DC970651C8E5FFA202DD901DCB874F155D830CFDCD7F7F4
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6AEA41DE0337890E80BC1E4B5E45ACE3	B143F0A51388E050B58DC05C886C9B0AB425367B	365C1893F72E3DA757A2D5FDE68D15E258150802792AF8904733E720E4953C3E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	71D8FDE7453F6CDBAC98F849D2DE9E73	33AC222FBD3F0D963C847BB9AF3D1B8071EC7516	6673B634208234D1C6A0E8B038F473726ED8B887D200308A3AED7616F5D7720E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\osver.txt.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6988EDB3CB1464181FF1BBEEE382EB72	0B56F987BD826CC2CFF4F42384369869A0DA24B6	DEBF219E9982FD0DDFC45058B6E2E16E367033AE43C948DEBE1BCA5343EDD55D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4D43309D2524DBE7FEFBD3886995BA83	E3039CA13778E80ED4718714BD949B1FD27F9657	1347E3B248F3395871A255D05A386621CF3A96C2BB78D4A210AA33D01D163025
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7A281AC4C6FFE18118FB40CE14350E71	1A22E37B03F95C3D54E0F94DF91AF362F81B8993	2884D1719538C41DAED87716653588981199C65A61B081A4CEDA2536502469A6
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	088D9D53140D21DACB17FD0395BBA081	FC36712CF4806CCB72026E3F9925892C8995F191	0FA7655E0C08E436731F85F054D7CDA87CBDC66BBD9D073F65EB4C8655951665
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	87CA15E734BCAEE1C32E9939EBD86088	71AACADBEB549FCFC1BB52F087A09F9628AA59D6	6F115D429B36B5631AF45026690E4CDBA9749CB432DCF53BC5606D5AE4FFD2A0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	378574F01B3B2A01F39B455BDC22E9F0	79322D9261BA846A382CAFD4BC3A622C8406685F	E50CC75D167A9CFA588246A2D53F2A5B381EDF8A37A7DFD80EFE1F3EA981BDDC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Firefox.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5FB6296AE2463AAD1F089B0B2D90E2E9	8F33D888CE8B1C6759E2004BE6E17AC1569BD39F	C6EDB5CF3DFDD8278648F0CD092B45D9D762E94D153AB5C40AB3AEBD4020818A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	37DC13BE77D3F40A3B2DDBEC7E57A6D4	6F363597A6EF3BD8CFF4B488A83397247353E1BD	1615A50AA00858B11613FBDD4067DED0B1D35E3A1827B6431E36F5EB3B882C95
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	94F3D2A586020FD9448E6182A7B942B8	95C7BA6141398DAB775DC3A068A3737F4555AC31	7491D4A2F1B8763B44AB7512ACD9DCCA1DC50E081F311EAFE8482E28982C1D01
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	612ECF21EB4B9889350C38C6386E5165	1A6C9DA7AD9DAAA8C43ECDC4E512C682003C531A	FC7F1F3FDA5066F10615A29A12E2AF24F04669EE72723C60FD3EA2ABFE00E7A8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2F10CF33E7631FE339AA6F9104B7E9FF	A3C0EDCE7E0B03FFE93C6FBD8DC74308DE1CE523	4B0F075518660DB30354C4FB520CED2F2F34230BB924B717F776AE9E90C6E092
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1F1A1D7890A94B7F594CFEAC58AC6B3A	AC30BDF74AFB97044812DA1C1903759D551E946A	74857FD207B0C15D7BB48E3B044183D037DA427756ECEB754DB42FA17F8ED782
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Adobe Acrobat.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0D225E49499BF1EEB953EC2E700122B8	4F085022F64510576C9D40788CBC37DA142346D2	DD3A2D56F7A7FC5EA1D556B2EA7C226DD1BEAFAE02758CFEC79CF095E7126E9D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Firefox.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1FF04DA84031307A81FF0830883A4BC6	8014C84E6CADEBB9E40A0EE73C31B1A9396CF6A9	72F12D8277897596604B484C5C5DEE024F73444637FB635081FB2BFF30625DF0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Google Chrome.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5158C31620ECC580AF433C53B8AEB961	EC59FA2929A6D57EEB5B127EB3F65C4D0256231E	67CCE65FEF69C4DE861F84CCF36BFA4C3EFB4E5382473DE3FFE43A357C8BAF37
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A59D2ADC06C07A4FADDAB6B743563EA5	3BA58D1938D42F0E82D45543B14342411F829C6D	498382E5AC7AA6B1462BF31D5AF2F54BC3DFD863A2218626543DEC621A70C90D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	81FA9CC44A7A0B47CD4D4E061A526C72	36E6C074C4CA409EC26C2F67C14C48BD20979F99	40A04E51750782389D16DBDF76FA08CCA7E0993FA9CFE86FCB9B661AB1763510
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5D4C70EBF1C6189ECE6CCC2E7B95647D	66775CD11B57734E973BAEA1D17BFB8C5D2324A9	829449C074C32C15A820918D5C1D10480F990D848FDDA75B1D791F062F644078
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A3C711A6D5CF1404D3FEDF5A31E96A43	EC9142A924024B68C314D4E2081871ED6D3322E0	AD941828CBAA7FB2EE609B49D8EC1E433DFDD8620D8C58E7BD9917EE416630A4
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6B01C03240F68143E748C521070657AD	A04F9A0984D0D3EFEEC6BD837320BB4DACBA3071	A61C2E48EC88F3BF7B646F362FBA254ACFF910CFF3C07A620E389B14ACFCC9F6
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E6C9AD7B3A2A424909E43D55B34E5EE1	08FC743989D9357120CDDCF5E116B359DAE48610	B0C2BEE7A00F65BA2EB21ACD8BD5AC65430E3BC931E170B81DAB24C6A3DE5375
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\AppV\Setup\OfficeIntegrator.ps1.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	155237F844B4307C2BD7A1945FD4525F	022ECF88373BE4C3954F3D9DBB60A6BD8903CD37	BF4F4C76A7B7204053E18E0BDB2FEC5FE896B1B8B9F92428C6E107E636F1438F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D8AFBA8FF3331CDF6FFBEBA93761CF17	EE1D9579C5319530C50897DE37679C9A7EFB23E7	49F0A32FCC5851552AED7D6547553EA4322DA27FCCECB6C185AA7A8E7A052A93
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	34092E946648ACEB2816DEE3F62D383C	1787233B81F22C4D3741A23E28F9C5D1D06276A4	14EA49570230484F9EA91319B75A06B66B5E96AC53E75846AB1FE3FAAFE4E1B0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2263A8840862BF2EC27F29428A1C1AB2	732142EDE5159CDBC9C1B49D94A072867FBB4E93	AE68518D325793D42E36DC0A338991F017DC47FF451B5E93A4F947DB6B804CA7
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\EventStore.db.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D2F94D48052D0EAF8EDF606A927B6FF1	DE8FB4CC23E6675BD32E754F2BC9FB75DF66ECD1	0A1222B97A7A795064287ED0AB6F5C0939FE75DC8D24CF65719703CCE28500A4
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\osver.txt.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2D2EB2CFF79A9F4A406C1BFC704E3993	5ABDFBD347688626908D6AF56A76BA264CE7241E	EE5F196EC8B1B9D33338572C8DE144273FFDD3B5BCF5E67C0CB3EC1349590410
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	305283616D5C7E80882DAF05F2981A57	1BF19E686FEA4E67CD0099662547C79AA134017A	65529A2084D08C3EA3B0F2AC2139F4DEA50D5E5EA56E1DE1CB204FEE8BD05413
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\INT\wlidsvcconfig.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7E29BD5604B6DE23BA2393FE29717BC5	365121334E9F4FC198B45351A4CE2A4F6950D6DC	B91589ADE0C735CF4D4802D42D380B4E37DC9AFB74214F047171739AD87CD893
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edb.chk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4D2694327FB844F0E1DD55837C29940B	673D0AA5C3670B1BC77867D1C9EFDC0577DBFFD2	47D5D47A9D9F580A4BFD8F75C77C5AA296A769D1A39EE0BCA14B4A43E146F308
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edb.log.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	11734837EF74F2E0EA91ECB71C028188	6B633203157850D8E280C375C432CAD3171524B3	3A7EA0D5B605D13775285495196D39BB134A2758A47098EBAF9735DA88668DCD
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edb00001.log.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A92942DC80FCCED9A9A95851AFC5A287	E7B9C319BD50646971A51C0E9374FBD4DB11DEE0	6D4F41D48E01AF6AC1321F2D71A5F9BDD464F7E588E4D63B9896DD74E2B50A66
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbres00001.jrs.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2C807A74C0196FB86BBCB96EA117ADC9	912A715422C2CB5F792556EE169AD840BD3E92F6	1EDAF6E9859922FE89A7B6DC269CF74F08C81FD0E42C8907AA6DF44B592D10EB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbres00002.jrs.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9C87F988795F4B92A99638AD32343540	C981041B6FEE9F986B94A73427F12AAB9DCD70FC	B1EA56954B05DBEE35FC4C96F0A1275B7136516172D5AF5AE604C0EC1A5E4C60
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbtmp.log.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	79C338E77C9DC63054F3CBAC49BDA226	D4EBDCE1F29808B5FF67D8D69B86F63A03073B70	A6FCC24E5126D73D6BC97B135B60CDFCEDA618FBD2CC08119C7EEBFB961733E1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr.db.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8CD1CD078F3BB2B355439CD4F4499777	7540CC1E52767BB334B5A162DA24CCCB200733D0	0EB6E5ECAC5F16EB79D00293B936F9D6B1C26A947656D074A0A3BF20FF37CC5B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr.jfm.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	57E956FB13071109F8517512CAA48E1B	260C5FC7D5CCBA181C3AE2F2E841801D0994AE9F	2268A554EC7C28AA4898006CB76E53AA1174B1E3D4F16797CB07648B851CF05D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9BF9DEF251F1CDC026BB06FBE9088E33	49BF8344F8D07AF8D8281A81B301611962F00F8D	E456432D49965B29CEEC67C67849C12ABD16AD7AFDE36B3F9AE04943A99EE9E9
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	ADFECC25420F9284576CD227806625F7	F821AB8C4250A91CC39D45534D1497283815E715	9763FB96FBD1CF05D0F5017778972525AA631E1BDE3DE74D55B08A7D2D20B603
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\hardz.dat.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FCAD27AB3107B257DB2F0A0C9C5FB09C	C92FDD16167C812704309E6775EFDA83F1EEE94D	5BE976CF35B5D229AB1183FD1793321BFEBD3F679D7A336BFA8CA39443FF6722
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\jones.dat.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EB31119B095AED9926C9BAD566D19373	F3776590536400FD3A59460955381A9FE005F707	8122881423CA6115F12EA4984802BF2B71A48DCDFB08E6013F1747454EC69D48
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.dat.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	00684F3F2B08C851A76261CF90D9B6D6	BD63DD43B8D051C737B8EFDDD797B7378350CF3D	5F28B545FCDA2713CA412B2E6D2426A4276ABA65359627A50DDEAD1D5BCB7433
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FE544BB5BB202A85EB3B1BAE7F172C89	5C2A852EB73792D71491EE85AE0E675589B08457	7C659E827252CE6B0280CD9D500C4DF19E067589C59A17E45E5F2896DD28D7F5
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B19E917605CF991C1B8C2ADEE3F4024E	DE9AACF6722B133FB4BD5F542469A1262E37F336	2EC6DE91F501D2A3D2037471D80D7AA6A202FF175A4F1472D62A1010A65801CA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F627DCC24D5EEDA5CC5C8162F926AF22	3E179091B0542763F4EF09C960A50289CA53E247	99351032739CA23380690CDDB4D82476AAFEA06BDC2DF349588461337F7580CF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	872068487642D47E9FCDB48E12313ED3	457E1779AE60AA9D4E4839784FA949971BB10F8A	FF78CBFF001C2BB28E7C6A54C024F6F0653F095AFC296E90AD86A65A0FB6767B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7D72A4A8BDBE836FF97AC9EA80C2786A	C6C1789BEB5FCE57C331ACFE4376935BD2C5294D	E6F54BF0358765F219545122B9236E76616EBE617BD598BEC3EB26CB1F16328C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	06E82F204E60A670AF9CD0D601B80BE4	63C8D3EE038D5E1DE0FD658A2A600FF98B362C2D	E5C08A9FF1586239711DBA94905C6A41C5C02AC4117BD13BAAFA5743A1C20A1B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4E37D6C38E0626842E463E0C6A51912C	6D43E841D81D074C4F09DB1392242894E5AD01BC	01D36FA68B6265B933EB1C87F189400FD0897EA75BD9D720B7127A56A323DF79
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpenginedb.db.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	616E57CD7D83EA303191A81F59FF309D	87AF57DC0826A6B0E855150CFAADDAEDE549CCCC	0168E93A973D2CF1AFD93F7227A365E96315A8B46DFD3425EE42B7D2EB485ECC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	638BC436783307399652291B1D314574	D866411B9D45A6FD9E0D1530F529CA34A412D39D	E3D338293797DC28C4C3F6F9B43B5CF276626E4B26939FDEA41A8E24F01B4151
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\AppxProvisioning.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F14E2DA383FEDD50CE3EEECAC4F0430A	498A47219787A1A0B43CEB27FCF72C8578388828	67602A771BD1646E6E0FD9A94AC43A649F6918ED4A52B5FFB4E76BD3E2A114A3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\DeviceMetadataCache\dmrc.idx.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6558AABEE09B12996ABCB78EEAA0E2DE	B0C2CD914BC057AFCCE645A23231EC86A734EB2D	7BF2D57F86BF66B301661E9A14AB40B3AF2CEBB80A5D1589F4A4533CFB518942
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\CTAC.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0721BAFC5B765D8F5AB2FE893CBC57D5	9E1454A2F51D993BCEBF7D7E99662A1E54BD1E62	982D95086FDA3294E6B646042E50935E2A0D7374ACEF6B411E0B752C55406C28
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\CortanaUWP.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E429B3A072201ABE36B13A79DEDADDD8	37B3FAFD3FFE66659604097E07CF44BB49018506	29577603FF03183FB53FB17FCC7957ACFF0DBCA18C954A033910D107A82AA580
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\FeatureConfig.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	70A88E38ADDF00078FCC577F94515088	E2BD7DC2E50C4C04A3ABC5D5F246F72390CCCC51	1377CF5D9ADF5CA78909298DC7C198E6763356D09892D98B246EF7E0C80932E8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\UsoSettings.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CCE53208D52438B8469D396E62613473	957650E9DA7C26CE084EFAC63324AA191B50CB9E	BC1190B2E2A1FD5B34D462F20D355B6AA869B9A27D2DCE360EE67F0CD9391104
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\config.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0267AB9C67A026FC9C9ED3A1D75FBAD9	19465220F45F354F8C4370B642763E0C6D412DAB	BA32BADCCA6D6C31361407DC8E679600D54E18864647903C64797B9494C42323
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F86365C8F02A86725236C415F9C4216E	31F9F9BF86CC4245F4C61E495199C2E7C4FBFE4C	015E5ADEA1AA36ACD8D0A9B4F80413BF24CA8AE6B0EE7443865D61147EDD8B12
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\wfp\wfpdiag.etl.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2B455691FB4D2A591AF78B1D216E3321	B408F5E0C3B4A74BB1E4DE4BE18E115B37907418	CC444DA637FDDB5EA50FEA6D3474FFA01CC2752FAFF13DCF5B0C9F571A8586CA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4FDBD86E59221A8ACF259262CCB7F9C2	4A4EF1DF1465B147D6863E82E4D5BC75678DC03F	CD60D46562DD03E0FA41203EE8A69E66BE11737F1087A4A0B3DDAB3D62A4A19E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\7-Zip\7-Zip Help.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	75C98AF1D0D56F9554BCD7843A53D141	9B9EDC7FF498AB55E168F2040E5AED331EBE5916	C7C37769FD40B03C3DAF2760A16379D8501084ADC8CF9360CC96FE6E5998F201
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	90C0D634B95BBF6DBB14D151CC50FE8D	7301F85F7C14D4D371179E43F51413D3B729014A	31D2A163AA1E561418337091674CFEF32C9650D62E2392F28C7D4E4878A2B2C9
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9AC0D743B8E1065CA2A71F20C4F91BD0	90448F5C6F4057E2022D67AE0D10BDFD77477563	4640D438143A54A20865619106BB0E2F3C7FAACBE2C5A6F4E090A4FCE1F551F8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Notepad.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	482F8B48CDD9BB3C3866D299AA482694	4F66B3FDDFE9F2231BCE53599199679988C4AD61	F8CAB61E17FF5690CC6AB9FEF2E3DE9ED6E77952EBCB3B70A51859C8711942F4
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0171B9BB82ECF9F7F4BBEE4285F346C0	433C81F299B5DFEADA1166C0DF77C4CD5EF46737	42E2321A75A0C01564DB6ED4DCB11F347477BBC9A9E562520EDB446D9F880C92
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Quick Assist.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FDCE1D93AF569FFB2B8AA9AAB2F799EF	1D915EC1ACC53473F934D5A2CC7062A14B669A70	2B854177E584D4826F7758E98DA6F0EE2545851683A5039E23A0ABD870769CF6
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	86D43CB64A06A262ECFD33C94E1AA6D6	768579F1A44B432D61DAF25CE070541A7B551058	159AEA62351C6F99A5D0ACE26A676ED6B55EB56D99FF99B73340830EF1F0423B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A5BE41698F411E0D2D463F1FFA4286F7	6875B89033DC58BA3E518ED9F9A4CF8A4A38DEC3	996E19B2F918399A0B3568E31FC9D9A0BF2D22D7D12740EEBDAC9BA0BF17E8A5
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2AB1ECE237463A32FC98D56ADB896437	DD976D80317F2A82262BDFCCEA41A16D60653019	FDF2C4CA65EA08688776F66F40D11F7F46583E07D02C2448C0AA484D805B48D4
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Adobe Acrobat.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	04DB578DE9B6933B2541E1E1CE80B610	4C211D61D16766FF9C52600B9018D0F3E8776B6A	B0A80CF359817D235F77DB0AA9D907F1BBC10F7D0453C8682D24432C8BFFDC6B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Examples.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C0CA5F2892CE158F1F4C84D449ECA5B4	9B5EE4D2D715DE6FD796B312AF323F40FF39E3C9	D36C1F07B33E361F4C385CFC6D05DD18D1AE66B0DF7A07783E20CBA53990D73F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4BACA5DF5947844BAAEB39501B44D8A3	A347EB6B9DE79F91C6F75B934ED75E43B7DA1F3F	1C1492E1804307EBC8D06741411A1106FD88A5F29089BB254619D23292D174FA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Firefox Private Browsing.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9072843D5B1EA03E32740F8BF5F51ED1	79D6E61296653AE1E6C85DD5479EB322CE9548E3	92D27F605C9B17AA541BA8AF6EB7709ADD83270B5A853E6694B2EE3AD2F6DC88
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Firefox.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3D96D46A16299338D290402DF8DCB134	B2135476AB078AA55F510C1DC2B2B27B672562E6	C7CC112D8744EF6DBAE510048AADA83AA3A2D16147BE4BF7E58257DCE90878FF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Google Chrome.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0C0ED2EF569E34C097C11E1177BFC94A	DDFD3418473B6AB250CB9119B0B3F68E0D56D572	97D6DC07279AFDB36868533C089B82122748AD18268B958B26E9F5F6E08BF65C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0C55E3E2F0B6231D09F3B9DF75C6636B	46B4FB1B971CDBCE2157A694392CB8A7D6361B70	95A8D82F38AD820127F922CFCAF5C06F90F0FA1DD8DEE078E36567C33263B224
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	792172E65832F94608896B457858362E	93E34D3CD8EEFA2A4515904D16DB1B304061A2E1	D0099E8C6E7C7A37ACD61A002A4F73DF6123CDC4DBD16D6876B0D9B9670E922F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	087C4D948AB43D057C101FF4C571027A	5FA374C58299B2BF377162D0871E6D4ADCB3CD41	98974379D27A5CD24950A02C97354BAC237ECC6CAD46C264BB9E21ACB2852A12
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	77EDE32A781B786841D760EE5FD0C5A3	A9E1691011C675A3F9485EBA296F0C8EB8818F1D	F92535F431F6C03D33204FE56864D9D7AA871B0A7C97D47C5190231DF40A3DE3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9566894A62CD86CE5E38C46B8C697E67	DF13F3DB79E4770CBE0E52CFFB5BABFF63304A92	1AF4A4CE0E5563E56578CC064A9F9F21DC6899B0277E0B8A459EA36204009874
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A0914C81167E851FD3EA6A4F11C806EA	C34182BF66704C84A977877240436CE1BFFCA507	1F75B701F715A118930E64EA1670CA0CCAA67868E6FFBA68E701052B3431E3FF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Edge.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AEA087DC013A3884F26C7827E2C31F78	F27378B4A719C721DE83C5184436B26E8224B016	155B459D530D725B99A7C8938DD9ABA90B36C1E4A83EF7CADDAE3DEF15EF65D2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	98585710261E8ED74C8BD9D23F638662	5DDD4DF3C4B2E483F8AE424998C4FAF194033BCF	A3724687A166E2CFDE2571C4E02B5A8DB78D000B11817E2BD14F9497DCFC9BCF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3C9CFF312FBC53F6D51B847DDF885C4B	860F82C6A4FD2CFA4A4C9CD736A63347D6D5F45A	D74E3D8773D6FCDF523C07D1AEF43A83954C130C23441975AB35611FC7135A8E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C12153DD3128D4E2F9E72FB06E0CA6FE	064420A0741DED541966569C35140606ECF59FB6	401E3E6F151EEDD2FFEA998B312F9280CBECE492FEF5C6FF77BE30A09B103B20
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A5F94B220F3241C6ECD4C59098CA3D98	947394A255FEF7F27B24A62B7D87962A3D1A63ED	FD3CF83ECB2745879ADF14BC2D125D181A921940AD81FB53E48F036D975FD3E8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A3C9D8FC9A47F31AA48FDCF75C79F407	DCD7F6C6CA8CAD19217C09C20CBD73DF88CC1F31	569A881DC32079E47B4D299B92CB783F43DEC6A09C393548996BFBA7A3B504DE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	51CDBB2EDFE20D10131D1C86E2BEBE55	921DDAC3FC940A4AF1E161B959BF4B858A486CF5	F30D7AACB528B467B49EC52B884BE26A4D239F380A1B0AAAAC9B259209FFA2D0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	178623CC2B548F033A300BA5C1091D85	DB58773E3CD1C25C52D9AF946E9066338EBBAA40	599F2B57C77F6646553CFDA343283537DCA49A8ABC52B07A51784D4236780550
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E52C82BF74FF2FCA34C8579322C9A113	D44EC25C00139B22652946438F08A8D7CF938E2C	F38EA9CCA89B1A3F81DF77BDD884451DA16AA7064E26FA440CAD13767F22B4C3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C6883D13537102F74426A32F1B824B59	50197D03D4589A6F69A13146EB069B332BF58AAD	FB9E34FD88E96FAD4BDDAD3D080B2EB9657773768A9E603788A5BD3BC15FCDF6
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F3CFB9D4A8B3AA1998150C9B07507249	A4A75E1FBD641202A05BBBF55F1DE7A9EE37D728	6A5228E886A9FB9DDE83F32E3C41E8B8FDB38778014CAFD7EACB44105B3137C3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	677C719A47A3C6A5C96B65FFDC2C4970	DEA0308C7B24D149AD75041FE9EA84C07F0FC5C3	AACA369192D96CA34AA5521EFDAF925A2D17824C03AC61FEABAE4080CB153FA6
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2E6613047ACED0AD2E5503AF4F5321D2	FDF503309F8C7A4E7612B7D2D1CA4F918AF0E2A5	03397CFFF2FCB17BA8393386B2D379F4E6247F0E68601E5B351C44C8BD10B976
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\AppV\Setup\OfficeIntegrator.ps1.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6C98DB1DF64FCFA2595D08E8320C34EF	28B6DAC64141DBA1A5BDD3A26E7140638B7A0379	CE4EB52404B0AFE23EA57782A63D54CB98D1EAF584A1115EDCBE6C05267E0BE4
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BE3387487C4BDF2AF0F464DD2E89E199	4E81F2F04BBFB16F11AC79C0A4E8E2B1D2136C81	DD37A291470BB4E05B183537743A0B03FACF54B3D86F9B73E407099610A08BEA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D68B648C12113511CA90931E6DBC6866	F48475D19E2457E51549211A17D75F98397107C7	7A3DE1E36740CC8AFFE4BB9297E3B3F31A2A44DC9FFAB33314D897445A75F1CA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3EBF52D0ACB7DCE38FCFB3DFAB8E3F3E	A5C915016974845001542D5E597EA0E169FE1559	969BF2F794F5E20A2180B264EB729A605FBE883C11FD937AE090C33697F0EA7A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.allow.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	389C92738D8DCC8780FDE4A93E96C7A2	9179B3A3E3ACB8324D693D6EC9294B5DC1472F8C	3FC80E4A632AD85CC2E1B7BFE58C7D6E675C965682B01E54C93EC4102892EE96
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	546744C2E02290B9216395AAC71119F6	B9B4A8CB49930C8F478DF3EC4CA9534FB9C3B5A5	49E8A0521AE0E5B20F1D9892A4B1F2F898B8741DBC9817BC88F933A981818C78
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CF714EAD8A19111492976C5BC31C2985	0059BE35F9B1DBD51C3CD1201B94779A348042BF	26A0BD9592AED324E6ED6616E4404709272419045BFB9DE6480949C2E2F0E11E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	972C2D00DE0F941BD6102D5D59001719	72F5F4A10AD60DBDEDC45B09BAAA18087C549486	19BE2A1A56C289ED4BE922F108C3FD9D4DAD31AFD0268D9D08E8E7980D444CA8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.privacy.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F918A13DCACB7F0DB044A2B327660732	C5AF3CE8F2F832CA9785397A00DE360EFB2BE0E6	B22977C3CBE757DE7D05B720DE4F0BE40CB09A429B59DCBCAFF65AF6C3A6081C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.bk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	64EE64EC569480CACA6CDFE52804847C	6BA81BEBA1429AF515C54B9890DB19AB5F0799E2	6A89D69A32DB4A19FD28C28016263F8CA1F0467593B2ECAF75CC3DE3E6B740BD
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1228A96E9C176E5F17563E3FBBA023B5	EB12234935FC2220DF6AE80A5AEFB0CCB70CFBC8	5C8C3B87E487C16578B92B594FD2C70EBF3403FDCB6EC7A901F86957928DAB0C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\Diagtrack-Listener.etl.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1153A1EC480C018F9002A65FCF98550E	323CA0B73D410674935BAC5622714F4B05980F2A	A6B09F62F4759086C5C997065AC5CCD159CAA8F67276C760076F588D958AB919
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ScenariosSqlStore\EventStore.db.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FE6AA75EAD5781791A729FE0940F319A	4251DB01A65EF2F34D0BE12B5AD09706379B9D7F	D3332F373F418BC918F0636988A9A2F326C26932E3D63961B2D015F692E718B8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\TenantStorage\P-ARIA\EventStore.db.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3E739E5F644A165612104C2DCCCADE8E	92120620A8DDE53EF7C19A1B3500AEEF5F0A2558	8D7F11D2BC67E52781BECF9B12AE692896979686DDFF75A83D2D43C8BD85F549
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\production\wlidsvcconfig.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	51959EAA8C8BE336ED5F86A249D8E171	C2CC1C1594BC6BA924FADD11BF80611AD38E264A	646F2E3CF18B05151ADAA0612C6C73D5930B663012CF0531CA96879A08CAAA9A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Google.Protobuf.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	07E29BEFEC2561B83875193C0F73C8E2	FD5D98308E25440E767A659FA8394F99518C362F	8A0A5E1161FADB191CA7D6704E96EAA7DD659BD42F5242B81E0F6BB4C1806E80
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,HtmlAgilityPack.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4208D8E83D092841A21BB90B5D17920E	6CBD576D8E6155A84AFA9FC8E0B2C5052A86916A	E16489DA75E4F1313977F1153B43460FF865AFE353EEC00AE25FA7852B634E75
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,MessagePack.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1B336E5330A09596A324AF0ED03C051E	424C93E164ECD54BA78850DF73781E9247361DE8	5ED319587478AB33A8BB454E8EDD115A8B270FC6D7104333EC0AFBEC2C584CBC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Newtonsoft.Json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AF6CFE95CFD8321E5866D3C33E8BC326	75D257669F93D7A25F5E9FF966B2FBFD3F26873B	5AC295C64F02FAEB84441A1DA59D4CE3F5C404DEBC44B621D88BEF1BAAEA7389
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Polly,7.2.4.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A3BB6F3CD4C84E252A1962CCD74B97C9	5D7C83F1014E92619EF2D9CDEA05F9F8CC47EB31	18E787BA63C03C6BF02621B5CB82F09BA39F9BDC971EC9A35C9D92DFE0845D93
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Polly.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	887B35A6A25B132D0B000631021306DB	C0C5773053E394072F8E219CCBF60F8C405C2BEB	A6A14203A225EAF46AE77965A6E487356DB62A74DDB405889ACF79C1AE8A3AEF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.core.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	172BB2EF8A4BD286549D796525758C0F	CD0654CD5E2CE828B1C095089A03539A16702DC9	01C64E1553A012AB2AA7A935E32C64BB02636231045D401009BDC08AB1368517
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Buffers.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	622243DC5CEA65A63CD2237BB73A4104	24DC4AC7D5EBA2B87E0DC57D4729BFA1ABEE15C4	EB89A9AC50EA1453243CD78FD6077D0AB21FFFC28D409796D9065BE42793A75D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Codecs.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	28A7E3FF69F974E0E13823E8D4EEB786	1C743927A98EED1E6C177E43BCE30BC115018FE5	65B8A71DAA4FD6EF6A243910BF484C01B684A5213B57D17D5B1655902476E00C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Common.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	78FB7B3513FB498B727AC0AB4FD621BB	25AD38F37F93C538ADA08481E97BA3D2D03F4998	1B7275B1116C42BCB064951F2BD28A97B055B84AA1143CA1D03D09B1DFC82B64
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Transport.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	62B3E092BF175CD770CC3F85E15DF39A	57AC01ED1A5009EF0EF47D36C6EA7628A2B49FDC	B9FBBAB3B65A74E6EEFD6CAC2390A7494B1E3BE682252A2BB44B5084246AE7AF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Stateless,5.13.0.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0B33763B0D34B86A49FF3C4F059E7A18	C80F537B9DF4DF6BD75F3FAC95288280B3EA280F	B325B9F3A6AD09DC79DAAA723C63DA4B15F06728635E12F3E80402CE868FE0DE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Stateless.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E06902C4E92DDEE37AAAF72AF7ED9053	0BA883AEECF490D2FEF152DB073300728B5D597C	825DB49F02B56C0FB15E0E624EA05AA8F1A90E8561C3A8D496D869EAB87481B5
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IO.Pipelines.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	056CD1ADFFE49B552EBC70F35E612B04	834E7A62AA56A6A4F9871E765DADEBC55C5759A7	0952F1C69BE2AF6BCE8866D8BF5C63AA7E745CB980964A63C35005AD9372FEBA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,System.Management.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	34FB71AEEDC1DFD47C0BED231D77EF98	EA01D191BC635B9D062F4F7BA8A9EDB24DDA0854	D549AA09B3C6D6A22DAA0DC15C047AD7A83AA6784ED3A9C033A3305B961FB3EC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Auth.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	50F3AFDEBE6227121AE78AB90360A145	306C22CA5117A5DF2FE17B06CFD5B1303023C3B7	7E1E7DD346C708A45A568F1E810C9B29C31922081E514787B79255E58C7DA253
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	58634F2F2FE0F01F684435B6A8620710	5163252CDF416AF9463044B6646DDA19847B4513	57B529F9D2A427043DEEB57A7E02402D68611ACA1387E63CE4B48508233FA26E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9C80A6E122B4B7FF339EE75E78897A8D	5E4230470993203C707C65C0A05E2762E189745C	BF7E660FA373F7C16B4A384406BB15C1309E8B26EFB84C3164A419B26985AF1E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.jfm.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4677FD88EA8E9F141EB847CD4656A5A2	952BE5B84EAEFDC8A495E1D7CE52AE6ADEB7AC42	643FC38A129D987B20C5F7AF4E9B6A37820C1F80A7588AD8BA1CB49AA43E5BC8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\edb.jcp.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2F45DF4AE99EBAD4CC01D12FE682A9FB	E0C7BBA2847601A40AD39A07F1D6BB22582E8460	B1A1F1BBD60A2B6524B3F667EAD2DF86CE200583281F94227721AC2410D58504
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\edb.jtx.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	167F1FBBA59C3D5C01032B72B5294985	A3F3DD08D1D1E157DF88F05AF91B305E4306614D	910CC87CAEFBCBD0EF7540CC8AD35F6047AA3E7A34E9B75B6DA36C5A42EA24BD
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\edb00012.jtx.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D05CAF7F06DC7EBC6E406112A3B5A394	BB87FD5E0AA1F75B79677BB0EEF4D6791D79BF7B	B1EED6009DFA2584D9F811EEF8D72F92C705FF3884010769BABB6759CEFB6C78
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\edb00013.jtx.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D44B53A2E7361DB8E086A2AD29A31464	CCF43F821E1A1CD11FD635023D91D3B817897059	7C0B629A30AB25C9776FC80AD6233FCA66714F7CF5E7EF01D25C9B215BEF3AF3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\edb00014.jtx.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EF6346456906BB2EDF01E28E4B04C02A	73EBAA734F54BBF11E57EBBF1739C2EF3454FCC7	31B20D4D09125B4B00EBC8BB0F4A8AD02CC668D3E76D4C6376590D78B98D0C2E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\edbres00001.jrs.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6D7D846FC207314C976845678E173EA7	6A17965CF5B79B7CC271BB7207574D7B137CEA45	674F44956DC110672B8BC74CBFBA18416FB6CFD532ADBB7B36C82C318ED37AED
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\edbres00002.jrs.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	49D962147283628EFD6F024858ADC012	2AF2E9EB782CA7BE882E0B70CA4D08F330A4D949	B335767F00954E4A3DAA53E1D2D9A707B2AACF7190D62D200F7C7FBBA775B861
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\edbtmp.jtx.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3B3AFD6190DC1F9385A951C189B0EFE0	367AFF1CB9CCE67A0552FF03FA9C1B2CBE713402	A945144FDB057627460B09BE873D999711B15F4F1EDD2CA9ABBC340ACD676012
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CA25A6FA941E94F99F88AF1A89C5EEE4	2FDDB19EEC8E4ECD351A77610AC5DFA50A0EE671	08C0F136BF6505F94DABE2A42DCB83890F0FA1561494DEE86EE6F6777E0E4FEC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.db.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D01ACB775530930EC22A06314092191F	FC82C8DE08917D44D5AA498E7158C06C556BC966	30CA8556415A25DC6025D49B8D173174A0C157235096E285955AD65AC0A4633C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.jfm.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3799BE3F78187A88E08C2BD41BD608CA	B79E7FC577AB72416922FB839978AE94F04BB46D	3A6958625BFDF880DB59D7F555C3A2EACC89CFD26620239AD099A2040DC3D6C6
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\DesktopSettings2013.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DE6FD019815313B21014CA5B1D0262EA	FA926BA604683D1EEEA306D2172890995ABBFF98	E7F72414949BC74EF0832853396B54F34CEC625BF0F251B53D36769A60421E63
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\EaseOfAccessSettings2013.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B6E8283BDEC492F7166ADA474DC69165	49AD3BE1CD46EBA03D9B63F7412D477BB1CFF961	E0E8EA0C4B2CDF75F7217CCAFFF4EFF1EFC7D11F82275AAF7AD52E127FB87F0A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	473B849B0CD7596EC395FAAFCFE4EB17	CE0AA09106212BD520FE1515692D298952CCF249	EFA6071EDA62BB38A232197697CE72A07F003684AE4EBE03C9E73E3A7E0FD7F8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftLync2010.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3A472BC27BF6CF0D3BD5887E7F21A510	C4E8FDC479B56407BB8028EC097A6919C66020FD	2983F90B7DA3CE6789117F6F517577BF56AD7BA4B87F2CA0C066C1B1040966D2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win32.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D7188750335086E69EB08EF4038741F8	5D2B9C669AA4EF84F4967CDAC934A240A979A0C3	E52F946C46C51EA5765A27D635C688CDD359183DC51B792761CC6C6DA5B785FE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win64.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DD578D1B4FE5DA85CEAECCD6BB9D34AC	0010848C0DEE96D850AE71F212A565BEB0FBE0F1	EB77E2DD7BF9836ABFB1E97AEB1158FC04FCD49FC5D7A0C9B3045E74AC5A1767
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftNotepad.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	69E3E233863AF7D571C1FE4A6522E4EB	061B7801BD11A3584792189EE8C64269AD7722F9	60A1299BAF471810EAD7EDC526390315D0DA5898A949A82D404002D204DF9BFA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win32.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E7AEB1E5054C5670EB49ECDEF860609A	180AA959B5707260B6CC587E3197D9C90A8FB70B	837E036D7DF405034D052E25700E03EC7D8B3E4CC9FE2379005E508720120551
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win64.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4BA245A4D654A6C74F0DE04FFFC241C0	1260A852656B177B3AEEC3D38E196D8D95E0C732	10773FDB8FAD626C9EEBD477A8DB0F5667207CE2385F38B893D997922FE61BA8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin32.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	553D21B68FCCF5DF6A09445BB0A568EE	943A7F6A3EE00AECC1826031BF4C90081D05C4FE	3754D0969E1695A35EC985EF1AAC6EB4704D9548498E3A015F5FBADC7A9598A2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin64.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EA58C7832E48F20B38B530AEF0ADBF7B	2AE3A4F6D6C3C9BED6A92D43EB5C1DAC01155BC8	03BF21747E26CE90493D8598ED5DF306381860D155DA1F3DA02EB821C0E3547E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win32.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C4FF3CB4A24B473A7E4FB1A165F9DAAB	A189875ED4FCDE50EE8BF8D45DF9D301E4091213	228CF5AD7488ACBCC4B5A8D4C9191F35F19E4C95BA150AF903E0E22D07B9304C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win64.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0880A8F1FF100DDE256552D2FC6D0FDD	58B49F4C4516CCFADE54470BEC94F05239801FDE	456A9515A65EAE258B739A38EF04A4CF601CCC2767939FE85ABBE7F1B8167DA3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win32.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AA15E220E8615ABFBF3EEF47395750CA	E3F2445D6E0B181010D7CC6EEF999EEAF46D2EB7	B990564E57D134CE5BEB4E8732835EEDD030F6291946FDB9DDDF4BA08D090E6C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win64.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E658F7C50F9123E8C910AC0A82EB2247	67B0C7E2DF39F6AF2920E5BF1F7276656A988066	1A00D1E74576A6D957817761DB04988F1B7380B2E19B0D3FBC91A1E33A874595
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin32.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2E7AEABFCB2547DCFC6EC61B2ECF7D23	2A994BC2D3A523C9AA872A82C7A439B44B3D1D9E	909A2307BCDDEA90DEB0A41FF3A1454CCE8FAEBB79F43E39F8C2C45F4D0C6CDD
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin64.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4FD3F50A685D47AA8DACBA4DAF5D536A	617FF8E3E24D9A4A95E0D9F6EE5200E17A866D65	A26B5F6AB07588852C26B398505E1A9DED44D92B7737F04A9E8401974A6F8BF5
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win32.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1B670F9A942FCEA543AD20428105B374	E24906CFC7EC059BDEF675C6A4FEE5C724F1B0BE	3AAA5F3D61B805DDC9E4224815EE91CDBF995C88F498628E5A802696D537E0E7
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win64.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2768399C75263089306C9CE82FF1C885	3229E918D64B212622C915EC20828711EDC070C9	C7106F5CEF143C4F89DC90EFC5EFFB11A8495D58F24623F8FA843E32F0232189
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin32.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B688CC35D10F7061A1EE3F727CD4DE26	61E264C520C7AB109CDFA62F65132A4999C3FBA6	4946E092A0452D916DCE477D58E14BCC5601C4BA3AE9135E38C1148FE94443F5
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin64.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	120A46E0F11908F05389EA08DE412B8A	1E58A0E32EBE0D7EAB1054D5EB85235AFADC40AF	15C18655BD0D0F4130BE1048A6519B51BC6FC6258BDC4032C696AC7A3EA71235
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin32.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0D207F324E1AF2A97125A9F7F86E41FA	21E01AF5B584B570BE57BF0C6B52F0C8326D5CE5	5E8DE24945BDFC82F149ED92E16C938AA1F015A427CFEFE79B6C184E65DA916C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin64.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F16F51CA7D6FB0F28B011DC6D6983BB3	60BAA6B24028EB1E6A54D0F7A949F2A2209F4EC9	5405A788EB46687210A10640F66C6D7556E46625717024E522A15E8B1DE6BB6F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftWordpad.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	51977BDA67C8701B34F1B47138925E24	639A1ED44F609F42636F1CC5F0D468F048425E27	E5298ED953BD266175899EE492D03FBC7194A5ED3D99DDB6DCA39925DC849F87
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\NetworkPrinters.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4B9E12B5412807A95879A207AF66C38F	055E86EFD5078E555388030B5E816B890E2DE6CF	99C1DD983D95C8484112C5983801DFE95F622C46FAE581F7CE93D41D37C7949D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\RoamingCredentialSettings.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	75E65E944293C7CD0666879442A18FDE	0F7BE939D9EE1731295058A3502169D8D0FC0CD6	DD98E60376F31763E7BF5075FF2D42FADD2A6FD5668C0E125CF431F92845A731
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\ThemeSettings2013.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	03A67362D5F2D804D4D22FEB4C859CCD	68B8F5E3B25E3247855ECC72EE9853B7B3A27D4E	A1845D835A31EC9045CCC9442EAC39DCBF0E62BB47DB774A427E77C133EEDAF1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\VdiState.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D27E257B977FD8EA28CE3963F0968435	DDE38F023235C058D44782EE194EA6C31C983815	C22E402D82D29BFFA270BC6F45AF746398981DEF2D218E299E9D070DD143F0AF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\Scripts\RegisterInboxTemplates.ps1.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B343FE9058AC7E3AB342DEA3E1D3C92B	576B1EF679C1F1F497D676F0FEF295B302405909	03AD0B1C3D7CCCE540EAE5B985E3AD61688E11B9A79804618D531C98553CBE29
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\Templates\SettingsLocationTemplate.xsd.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7D5FC266570C84041F58B30A9D97BABB	C2FA7B2F0F5D817B44B88372D69F23CE6D4DA69B	2B497A8C457F7A6B2003708251E94F5D2F639688ED73294A5341968D305C733D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\Templates\SettingsLocationTemplate2013.xsd.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C2603B1C3DE40EC091088B6EEA4B3058	1156113CEED474683CD5ED3322B2C63C872718BA	8456CBB4103980A28A6373925988E0281D1ADC02678E0A2B53422F2D15116C82
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\Templates\SettingsLocationTemplate2013A.xsd.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	374357286876F937376705885491F732	FA52FCE8119A10843587C7EFA7E855724E93DD34	BB3FF9924B7E4CD1F9C5EA2EDA01FABB36D373AA18E4B965DF7BE16D94F08794
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	80304D008170BFF9D592DE9A8992290B	FFF61464B67F58534DBF4692084CB1DFBFA4EDEB	FD91AC60043EB2B5916B033204DEB9D1EAC37AD5F65102848474002609EF3073
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	63EEC9722870613BF401225A89F4488D	0F3AEE362816AE09392BA58B76CF5BDB20D25A13	632C977C3754669BD4955AD2AB54EDEC7F4EEA79A91C79289DBC16E8709847C5
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	593DD541AA2DCB9B03B494A455406AE9	58BD7858AD4027938C3E5529954CFE21931B3149	B01C56BE19E8BFC86EF7C56639CF4B4E040EABCAC68F261666FDDB46D61984B2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0D99451A7FD623A851E1E49563E1492D	AC1F71D915960139E1286434CEACA5A260AFF9C6	A503FBA2989F9652B9CD9D763EF0A6DE07596903FFEDA2B2D937E18568E4061B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E328334FBB0CB41A679EE2C55DBFF950	3DFEE0BF9888D0921AB1A7F18B1EB34C97358897	97B732E08A15508516D1E1514CB99E092BCFD27BF51723A9204A051604BAEE5B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpasdlta.lkg.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A6032B6CA9B5D0CCA42A024CBCBCF580	A7889DE215B789787528B706C117C46CB4ACBF4C	08CEA98BBBC55FA8ECFD67A1FB94B09F6DD2F71645478A3EFB105D779C6A578C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpasdlta.vdm.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	16C532A4C7728FAAA0BB83313FD91448	3BDF7D59628D2D313C07B575E8D19ED487D81876	451FD171C1DF384386191542C0943E776A4004F59FFB28F2A9E0813513300DB4
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpavdlta.lkg.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D90F2014EB3287BD858199B7E81B2A0F	19F06CC8457A46D7FF6AD15F606F2A0C692737DF	F2ABBDE49CBFB7E9A5374C7F1108FAC70ED0CE529B6B45491C6D8ECFC03192AF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpavdlta.vdm.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CEFFB4436ABFE8692C2AD71A0B40E13D	CF8A794BB0964EE44DED46384B51FEF3581F1283	41B21ECC32FA2E23C4B1A60C6E125B5EBDCABC81CFCF7E3AC136F6292B65DF8A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FEEA72ED5D2FAA7603D8163574A1EA2B	3CA29A938B392F032355D1D9E9A6E25E23F52900	653F423EA3E06F82E1EEE7D250A8C7BD56C24FB36F073EE42384D8376231287B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.lkg.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B7F6839CB9CA8B159F0C58679A507271	3592AB586289B20A95EF758B34597D4FE37C26B4	BA5950A9F57A096E7B98AEDFED0273DBAF5C7BF6C3187C50B18DFF0FD0D0B574
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpAsDesc.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FC1DE7AB71E8A89F2698A03BDC76AEF2	04D2517EC689BDF1D6D0E500E8627CC47E56EFD0	E550D58E2288B21BED58EAE28645E00A854721F86700BBA6B44857EA4B73643E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpClient.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	97DDE38B2D59F29D3399A3A0B9BFBFA8	B476D612C328F44AD06F928263B19AAF6B81C981	E619A0813849CE817351748E57B457C07A1D1D01E918E0E16B2C1E85F2B9FA3C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A59B87370DF16B481EE1117B4BC7F45C	FA2760A3A344727794F59BB458FE2D68DA925295	6677B9D3866849321A53F499F7D5468BF39D749861E241316533A369E4C619F9
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCommu.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0BAB7321B5F6D919B0FC853C6B7CC422	0BB2C59953B900EFD70509FA51C6D74B899B5345	37E9D0BC68D0D978A30250C13C4D3B4DCB37AFC41A003CCBA2F261A33713C929
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AF5A22C69E1C0F05ACE7A575DCA9610B	1E4B44E3D5C2BEA0940E59DCFF3D6B43858004A7	5C6D00AE14DC8313ABF6EA4FF7F7CD95D24A17D19ACDA33FE9B3B4A54825E612
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpEvMsg.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2DDCBC66D21283F71C149DFDC1770554	48D590204C3DA5A15D4B6F43B14124EF4A3A031C	138B07D49E2ACF52709991177D38BCFC8FAFCF87804544FC726C551AD95E029A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpOAV.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	68097E0A8EAB9B86B7F30BDC134DF16E	5473966FBE6FC9EA0D870A878FB80369FF93BC58	0555BDC84BDB97B06E62581F49AFE188D9E0706BE8B52949EECCD47CC03F30B8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpRtp.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6E00C58A9DD6045139F239D4001967D0	EAC03C59E2446B553AE709CAFD7E9CD68694CF71	3B7E20C461030FD56CF0B066EC75C97576264E842A5CDC3BA579B11FD0B8EF08
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpSvc.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	74556983544657D619898EC7464B9CE3	D6C34FBE93403B1FD7718DB8216FBA8F69C640C3	8B79BC3E4DB5D96637DD6A5FCFDCC20D0D83199B2143E13011F7F8A10AD9F613
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpUpdate.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8D6251437D025F6D4F8AC68A54CDA08E	FC4C4ACB1C5F5D56CD7F4819764A14F2D81A2932	635FF4D38BACAAC2D8695B5F6AAAE92DE84087B3F5F2A8AA0BA4A3FC2ED8051C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5FBD10BF1A7FD8CE955BC9110B0239D3	10192477391D8C8646803FEB23990FC461D1E2CD	5B0C72AC39240FA211BB520D7D8E48C645D37AE03BE4BDAA3D6001B7A0F9CEA1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpLics.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F95107243E0A10EE4573D1DA349E7AF6	5D5A292740D4E09FFF73C448C2A254C455C5F615	E0866332E47559316A3C23AEF389B45DFFFAD8ED20B6EC4EDBB30DCAA8909DF9
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D5A4110E8E39224383993465E97F717D	753CBF021326A9A3000763717B24813E78227F37	511093F511BADB70D7609AA9CD8D97EE6F3475BE370F5236A5BA476B085D267F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mpextms.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4CF542849D022EB7A783E1D4ACD94E02	F458A2FC109D453115F6090ACA6DA4D284F97C97	CC728A9C4D023C87ED5DA61BF2435F9A3C7925D427AC90206A9AFFF08B65A7B8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpAsDesc.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F7C7FEFC6F0CE155BDAF9C54EB16649D	731F906A53AFE7065F8FA1518496EC51D334E868	81AF22B6756F26EADCFA8D9AE686AB22B927DFCFC95C5F3068F8B276BFCE6FD8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpClient.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	280976409B6A6D6023985261763BB6DF	D17D6DDEDC262511A1281566FD9E14E6646A3DCD	062766ABFD254F69B0DCCB99468B7C616501879E4ECCE233C4D0685613123924
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BAD058776C6FE4BD7BB24F98BAD9EE4C	98F6A8F2EA1DC50713C8CFFD9A3143B82FCE1437	C9400B129BB524F28F61930473C7CBAA730195D97C258CC75B043077E0474D6A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCommu.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D7E99B6879ABC7894E65B58D8218FFDC	74B571B11A4F85DB387E0666354E25BF1102274A	AF7A7F377358EC04FA80D68F5766EE6DA313A0951FB5FA9989D8742CA7EF73BD
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDlp.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	09CB0B59D52760B1035BB08F05598CA9	66854FCE3A479A88B6A4640F904CAA905BFE2622	F1FEC90789D2F3D352B7B85AEEEFBA2F58E948C88830BAF1DAE051C344ED1DCA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDlpCmd.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BB389ACA8AADF76B704975D498633047	1833D44F4FFC697F43CFDEC366091DD8B2F7AF2C	FD276EB65D06E2B06C036F96CF0B6630500BFB97BB854FA9B4CABB81F780719E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpEvMsg.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	864B2334101A3840B36E53979C2B3B8F	CCAC7F6CAD4C4ED19E80681A1DD2C1B430BFFA9E	83A334B20DF0FB234A11325A7F3CF0CA4EBC47809F3FC1EB5899076219D126E8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpRtp.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	10D80D9BAE774BD0F70AC910249B336F	F6F40CF59079BC6E5DE8383806E24E40EE35E1CB	E82420F0447B0F5746BA1ACCD239C527AAAB29060B50E10A6ECAA9A0C22B0294
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpSvc.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DB264BC23D44CC7CD08FA993A2C83C14	ED4C84059C52D938D8E89074AB43FD4C1629BB6F	0E0038655A08C2829CF7978688A8FA50094EEF610D34E91908780679DD9DB8E9
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpUpdate.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F403EDC544359D4AD59177AD24EE8205	503C1BBE1E1D206E968AB3C6A5CBC924DD81590B	874BB347C749A8D1ADE91A59EBED2FB04958018F759B3BB066A41F118D2E8B8D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	ECA765F004ED20E53D4C35501B87996E	A048EBD425F2C6A10B402C5055294D109AC350A7	1FE195C763B19810728357C3588D9790FE5351DA7F6475DF92A891DFC94166F6
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpLics.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	244076B45070E802CED09AB9469F1644	9DEE3649E05B56CE927551FB3A7185AA49FBB332	BB63E60D1711C5128176F0F0A253B89095A89A10D0BC0D47CF2220CB300A5F67
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7CA1248CD85E25BDDA872A74FFA395EB	458C647EB4DD602F8FD8C978F53481B5045AB207	741CA723671DF0085EBC822FF9D77EE202ABF2912727108EE45577EB29EB58A2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mpextms.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BB768215FE7AACD7B39468772966B422	DB14BE2697C29005DE7DA1EDAE8C840B1223F56E	9CB72197118AF0082A7AD549193392BB5E5F5039B2B10A744C990C50197ECECC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Detections.log.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6E4E88BF377B633E15C4E863BD9D1CB1	D012EE16F85FF40A45E5D2FE5ED5DC5E1EC52191	32107D11CFE5431F3A9544851F06152B7DE1F4C1FA8E3AA044C887B8E2BBD48C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\History.Log.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	634134FE2D469B7DBA9CFC9948FC281B	E96B710F25F0A4509DD5E41055FDA85710FF88BC	3E6800824E70F868715F1FBC93D2C8F0479AB730ABB2199866463EB15F88A138
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	00F99701BD6EC7AE47D47DD30E3C5110	4A124AA68384087ACE0FF6A588254FFC9CBD1E1B	DA9613BD83A8E6A7E4FC3E371B7C5D6F5ADCA7E6222E6FB6E990673DE64329A3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6D2E1FF0C1C7C8AAB7837129C8DA1847	9FE4595125C93B18FE1C880BC59A5AA959B40F9A	B9E535C1B1F533C3B08A25D7E8AF4B5666E4706C0FC5DE7204023B4A75D01C60
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MPDetection-20231003-085557.log.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0C852D53634A5708146D5C38CEA9A467	E03535FB87F7DEBA12121EB1F56F28D5E9790BB1	D8F2F96B552CE0E730EA18E73AC86B1E5C02334AA6A8F866568F0F4319971848
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MPLog-20231003-085557.log.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6A49E531D6A8D1C51006CE7523140D40	3FB4766D3A407EA072EA13AB182BAB8FDBC5956F	9A4A76FF2FDFBBFAF236204BC7454BBC060973335FA3383A6333D7FFF9C72D91
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-GB\confident.cov.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	931EDB1F9A879393197CC2EF6F2CBBB0	ED4C2604C9543CCF6EC4C5D4882F82FBFA33EFC3	6811B0D5CDABBED2C636D3B7174C2F69F8DD0C9E5298B5758ABE7AF900219FB3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-GB\fyi.cov.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	649BA5EBB11499DD65881418A99ED189	D27B54F0ED6AAA355EEE4508B7EE3F22558E79FA	F73BD4073959C949F5E5546794DE12D886C2F6A632A2F19E60E181CA0488C357
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-GB\generic.cov.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D53AA2724EE6CD48C54D1DBA3676F94A	ECA97576F1150C1EF6C1857AD1491E60BBE1425E	66FF8761508AF1140C31AE49B0EB6E5E3A52945C406A57A7F054E66CDC987DEA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-GB\urgent.cov.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2E21622198EC9729AF7541A734A34D8C	B8B0EED1D790E42EB1828B36F2AD294DED2C295A	B71F9E0B0294F50CB2C3DF17794E42316C7F052B3D1ED78571A75CAE18988749
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-GB\WelcomeFax.tif.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6463444A24C57354DD33155D8EFE619F	F6FDA3237D29953F5FC6D632542975B8C30624C1	A6281EED633D6BF72B137FC3512B68F4C14C826D2499E5F42C41010B86DE0345
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\LfSvc\Geofence\GeofenceApplicationID.dat.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	43AEB817464D18F51883B1F1BDBD971A	C536F074ED66E682970615E703C3D42FF04C0634	E607CB357BCA2552A130E33AF61EF7FE6CDF1B31F9D5E410550CF4D55AD290D5
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\ASAP_CloudPolicy.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E9052B1844676B4D8BDFFE77474AF962	36DCAD05F5858D4DA625F5425C8955BF5DBF98CE	2B88320BEB597E14024DCFC5AE3A26B075FE5BC82E66E2C161F654CE5621C7FA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\CortanaUWP.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6D77AFEBDDA21FEA4FD498190BB7D4A0	FE7676511E8F7B6DEDF94E6F082A852BD9CE638B	93C94F2F2DB49E9E7DBCEBF7C05FA1170A34D752E6CC6566F16385E8AA4269D4
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\DirectXDbVersion.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D6EA6FA0F995B37E71746D56C572B75B	CDE9BEEECA25AFA7EB021992F3875D5A26B6EA91	EFE2C86E05BD679DFFE4EFFDFBBBB3B390FCDDFB31E5572587A446648D8A8A35
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\SCCInstallService.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	61E3F3612B3D50498EC17814A4AAE935	F0ABE46190C7CFD50CFFD7C7D7DB3AB75335AD38	9362FE5A37979D61AFDD4DC34A080B2741A8CEC853E3E5C869502CD24B82E77E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\StorageGroveler.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F264011F9E9A5CC98B710915F781695D	749D3C539792BA7DC1B9E1123F39D225D302C694	6FF614AD61002140263949897266FB2A1BD944AB53E8C8E757B786ACE938C631
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\TroubleshootingSvc.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	99B7B190BC27D841710830C591C92906	9C0CFFDDFFCA6816AE2051472E2F54CA18D496A6	E823F7EC60DBAC72115519477A01507C4A0089B2BA5AE837D4A7AC84A701DE05
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\UsoSettings.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	98C142BF12152C6CA7A0E825CE2182CE	4AA4F46EB7742C22CFB30B00DFBB938E19824942	58ED5A13F811652A7288B386241DCCBA2E85AA4C3714115275F1D61E348472DA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2AB8CA300528DC5FA5EFAEBCFA8B9276	C0FF0E57778933D6CD65A12A1287857439D6E347	B5BB18B2B7EB7142FCE2B0B1DD53D8F3DDEC49093B9E618F6821012DB94BA0F9
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4229C379C8CEA115241E0F8C50DB143E	48991247E7353BBC18BE12B5F9825E5D66802F35	7ABBDD16BB8302991119172829ED55845963A5FED47800342F132F792E2ED6F5
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A81FA409881F5A136BA211A90941501D	4C3C73B925160FFD2207C15C3EC5C14096FCDF28	A686D7F4CE67BA2AC4BFC9ACBD674CEDA9E4952A65D810C033EE4EBDE955A34E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E641F30A580264BD45CC9B0056E9D051	AA68106B56499CF91250F5F21054850B1925C5D8	60093A037175C358EC59901AA06935840C6EA540C44B619179ABF2BAA705BE50
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	294BC388FA95194D1E0EFDEF22DC72A5	100381C8C2AA5E0F70582DC998DF07D8AE33CDDF	C6C44507E7379B3A4FAA1C2A8C6CC7AB6BC190EBC1E36C60977A5CA32F7721E8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E9E99EB0A55A66228194E890D83D6513	55E22E2C85EE079A562027DE22EC8A5DC4A69466	C54058CD7908E724860FA825B73F3279A907F5167801C724923D01F6D19003DC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Examples.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1467C0EBB1AA9DCD5A492D9C3BB4C088	854EB043119A42578ADF3210D086A15F4980D3F6	2D6A129C6BA4C3FD72C2FA4A665C0C2B358171D14B9C07104E51F339E900020B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	838FBCF63D5400F124AD0A5C14AEB106	8573480E0865E400B721312A77AB7B98615929A0	A15E4A66D491DBD52FA969C012D00BEB0601A7435BB7C3406F89356B4A3867A4
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8212DD3BECE36266EA3EE54A2B59717F	E92B9F4473B7FF22877A36286EA0712424BEFB03	298669F81FE3E0820DE028C14C3F01E7BB0A41344DA9164830E746B6C7B90F98
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	38A3F481BEDB236F8BDEA3BC582607A6	214985F345EF2ADF295431A798BCF3862900BD55	92DC27C6A2A493465E8CEBE4C0577B7FA1F0D478D86BDB6C4D62D118FB764488
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5883702E8AB8223419304B5BC8EC8059	EB9EF59A36ED6DCDD3BED137CC96F683A75FE73C	823A957602188C77B88D1AA03D91859DB7C4631E5F8BF57FF66BAACBF5A70190
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	28354E5A1CBAF807085FE348C79CDC2D	C4E0E5068D4015CCAB6D5A24604671B9A11D2AB1	80F7A1236490AB8C0EA90179949D29BC02ABA9AEC3EAAF9C739C2437FFF7926E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CF295471363712F1E729FB874546E824	46D48DA81C981B8CAC13A52558D9CE2E3DCFE7E3	947B3944A42B396680180B0242D2FE281FDF6FE6164D893F500C6985B5732C14
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4F1F3697339D589E929208B3A4F3917D	C7EA812457878FEEDD7398F0B4B0DE90EBAC7636	0B56473D6611B6DF3FCBF5F3AD476386CC527D6A759E1FF0BA42A803A8AF230D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5003D75C7BB5E2460A03238679FBE05F	CA56F0D372A451FA64806EEAEED81DED0CA4A6D9	F374BBBAFF42FB8CA480669D1BF835668CAD502007E59ED6484127CA07E6813F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Publisher.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A2C926EFB0B692E0059E013709A98027	3BB3A6FC35E8CD70FFE25D4356CC0C689EABDEA3	F196FC46F0716CA85E3DD232B00629E38054FA223CE94E4CB99B35385A0F1634
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BBC01B456C69C2D1FECBE73D27CD22CF	1ED2BA955C3CDDC9AA19A1C39223769B30849C8D	FA189500CFA90D1E18F3E0D0838CB9227BF9DD71E1535D865A1B7E2FC0D3D4A1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E0A643E2C301A7247A68009934E79F98	6CF62FCE28FDB47B1E6D6ED40F0D0789C08D82CE	6BC43A7652D1C920CAC623B9B1B48D54B3C66133F382DD7562EC9674B6B527C8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D7E4780BFDBDA6A643B9082B68C5D562	8F04534CD4E438D47A3497C03402FC62ADD89B32	A3BB7DBA80FFF943B856F39B0688600E4AF9E536956DDE24DCB647727E507BD1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\state.rsm.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4079C92C64AED623C6E1EE85A26696B2	EDA6DC8BCDD476B60B5CE9B9BEEDEE01D98E861B	9CEF48580C9872EED9CC234A4868D52993921DD12C314D28BEA2130E535E67A8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5D5FBB0CC6AAADA17E95B7346892676E	AA5E44645609C57E7D924454A577A80E7E05A005	3F7D134B1E3D6B4A34E1B616DB0323E69871CDFAF49F7A5EC18ED44F690F3583
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Extras\AutoIt v3 Website.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	ADFB54892246B963BC75E016775D448C	31FED4176C1075C43EABD17E55A91FB0075D7825	CA3120360F6E9CCBC4A6ECE170B37EF303AEFECC4661EA638E3A4B99BC4A5FDF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Extras\AutoItX\AutoItX Help File.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AEFD6D558047150470308DBF6B596BB5	604B65ED9361B2D8CA5B74F898B35A9C2D89F835	FEAAC23887512FC68F017914A8E2C052C3EFC9D74F8C7CE8B743231A000582C0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Extras\Browse Extras.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A1907A87376FDBD9F6E388A1E5B35034	689646FF4746EA98256168397F75A9CDE6C61A92	1CC61BC3FA1D72561E834D77AD6299136397F1867DE622582E39BEBC4052BE47
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Run Script (x64).lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3AFC42958395C431B76FF23A6F42FEA3	936937F2D22791C12662CBD0C32D69CFDC25183C	A369484915C7FA0444AFE62909E6BAF3A4F916568348038A9641600A008C313D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Run Script (x86).lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F3CD99366F2CA6752CC1911FDB9E1114	F3404241FB0E9A3C0EA04D50C384D20EB1041066	2B87C8320F76A7D7D8E9C95B351D747C52FA802F5615C6277054393EB861473A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\SciTE Script Editor.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9F927DD88FECFAB1AEADEC264B485F90	918F451C548341270D69AB0BAC0F712DD262D07E	7EB67279B62A2FE4ECBC98E796DF6FE3357A5DBB72DC8B345AAF9722999DAF8E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Firefox Private Browsing.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B9B54C62E66F7DDAFA5D615D17C1F4DC	4F077665DE5DDD6DCC53B320FA416C63F939340A	B62581644313EC68156B1145BEBDA556B9E8D92801C3D3AEEA372C866A249470
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	49832133D235E18BB5CC92C0E33D4556	ECE74DF8BB317AC79EB6173DD9C2605E3629F37B	CFD55488D7422841B9EDE822D0D81A6781A09716E1ED21A7DEFAA55DF2848B35
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9027B5522D46D598763B5F9FAD5A91A9	935F67FEFBDF12F2107BD258B4D05F0E145FD554	7A388E69542477E0338790B29FB3A838A2FE812E2CBB4AE95B286CCA9BCF6A88
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7E677EB93F0456E8FA72998A6A50CD48	D16F30E5840DAE9BCC58F5F3090BC673B6FD923A	91F31B938E9A966CB4DB38AAD1EAE9F55F6D6A0FB2519E75BDFB49089685A1FA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FB61277990FF637E7EEE14E2D2707092	A049EDF4D30F5F6319F412D7009BC3E7C70920E2	E476898F16736D106B154852615EAA20AB2F0824AF2EBA1F4452E05F44A1D7F1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C9A879C1A1A285B6171716072F6CD9B1	8D90E11C63EFF500AC937D14DF5779EA3C09A2D5	FCDB24B8DC69839EF3D65C69B36A511ECC8C54730E0FD3D3455A3F2A9AD1E38D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Windows PowerShell\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DB619EFDE0DFAAE354A0ECF72E65ED6A	B61DE568F8EAD145D7A0E3914E6B0D626143FC28	45F1DB6A2D4806ED0DE08EE256F28BDC52D37D7CE6B6EA85EC9A580043DE616A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6AF056C9D132DE28FF3FE9806E1FBED8	2F7587108EB27C81CAA27ADB38272160D940A996	13A7105B8532B5FEDBC0CA0EEFB6CE4C0E7407178A16D6F3CEACDD6AF3D76381
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	44073744ED1E678DD42AF5F7460AB55E	194D5C9319967FCF2FE9FFDDF8EE9332F496A424	F8F4456846FE36591AEAB7AB6043EDCAD1B88F58549F410E67F424FFBACDE0C1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	04BA98277DAE7BF2AB2DE700F8EB4310	B84F0F0C0BBF959092C805759BB1F2D625A25222	CBA9D0146DF1BE5D01E27D9CDE081BB7AC8701AA1EEA1C21F1D0579A63ACCE29
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A67A452E2453BCCD0A75B7F6982EFF72	251980C3A453048BC2783A1963C09F9D1599A854	1C0258C085E23AF07013F04FA473F9E9FA8501E416D581A23BF8F259D7502EE7
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FE464EA523F0DCC6F9032CF1A068378A	1316367D119D2D2B9689EDC66C29C9E241FF9D92	96C78B323260FEB268EF7570C202B4BE6149F4FC13825F94C19C919B3AA7E2F5
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C055D5C221678DFE000BAB2624975011	FA61A6757CA19C286666F758C246BD81FA16F869	E56E757938C94C4651390E3A33FFD5DA3EB20ABB937439334F0475C9C37B6A75
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1BFC2228A880D22CA86C11100008D11B	449E408DB73EAA683E2557EA701F9E57A0F4B69B	5C43B17DF44920815DA1C72582231DB9A3CB9668BA018CC059C3E157F9EAE43F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5606884A933669A7B1D6E3653551B3D8	A3E94A7B0BB4DED862034D724D04BD5F44E33553	D08FC05A241316074362994C1A72D814BBC8951ED572FCA1B8E0054B3685E567
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	07143FB48D499C4EFD69CED8CD221B36	C5BCDCC7A31F8ED6F7AACA763513EA911C240DD1	3B01C1426BEA71391BA050372E1B6F78A0CFD0579173527E1FC075DD52177C19
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	128DB4139B6770F496EC420E77F0E271	60D1CB2D5C1B16788580F07E20CF28BED9375A06	485A6C7802AD9DE3D69BFD5BA6F6ADFEE2A42C7B8BCAED5E7D17A1F785D3A509
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F9A21875AC1C55AC9E032664F73CE1A1	A84EDA15F090D0AA054861242119D2CE522B5973	5CB21F9FF8782604E24E0858AE874ED7BACD938F52C61168708EB0F891496206
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E79B381886859895AB013F80436E63FF	4CF02DCBCE0063B4052ED92BEA73BA567993CF69	D802F1F6F45ECEF322C9C3FF4BF3074C69AA4F6D22426043B5AC485E37783F38
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	28BF0C86B68E401608E6BE5CFAAB1346	306074F6ECB9484888D5A5D08B098FD97C77E207	BF2E3B5CF43BF139FD7E39FDC5DAEBFCADDD7C2DA2477169DD4C1B72709AC218
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D9A6C686DA0B90240965A4778BEAC9DE	AD573860C8B77A9088F7A733110D94A53DF793F9	0C4BAE748D98E5C94A8E301E0F886CB6090D28AE45C908636BA844BD0BF47E30
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9E6F0391D95BE4ECA26F3337D458A567	CA552C1DDFB4F038EC233EBCCFC3CB5166990104	B30497839AE106160DC9E1C81DD4D8FE2FB0AFAD2E89E98F0DC85F6633D876A9
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5520295754EC0063CA5E66E743A57639	67F95E74249E1F42F307DC9FEC0ED5B153D11344	952A87F102C6B79C744BA96063006C07770EEC8D218021AF00A0E5227C3CFB83
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A8BBF0132AAD21D6FF9D544970F23350	865DAFB5FC70EA7DA86C04E39CFEDE78977034FA	5C80381CF7A0F924B01617708AB276866023505CE1CA15A67C4C7288F6511C0C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	173D981126EF3A6BC897CF74EA0D7BF4	E0805FFD4FDA37DE06A596A71C6C25D4FFAB9632	06B10174899A266F07D9B3E46BBD0C7B2F3700178ED6670B16F325662120984D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B844DFA7874370FB1589B86E8C0D1BDC	1C7501EBC1EEF56800972995621D9EC8C6DBBA47	800CEDC33BF373E27F1E344D9230EE425DA2B2B5FBD4EE36DA01F4F6388683CA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6E49CEE15B2629A064AFCC576F45C531	E32DC10FDA9D9716AA501E48BED26B8A87E800B4	5AB9AF61096AAF4B88C4478EDFD8C73D0CC7E66C1D2F76E5A33E67406319980A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D68CCE4D8CB649236C2C498F4D468132	C656637C4BD2F90C3C3889B2D2D38C731F8A5931	3B1C5EF81E496CE86CD05F4363B30D8716ECE348F51DAD9A77B9A8B85801DE92
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7C5D5D2F4308F5A80716EB41B891BCD0	97A1F16BF70EBB5B8EE6074F27FF651A517B0BAB	328C6299825BE860A85CACBBCE56151684E0C87FCAFAF787C18196CA590AFC32
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	169285AD126CBF852F4BDA005C84ADE3	084273B7DDB729D310CC0E314493F4F6BC57C0C1	E0B8EC69BCF85F36C1C39B5D336CD0D5541C58458F74817D6EB418FB531881EB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FD2320C762BBA9340E50087FF9A119D4	DBB2F3CF3411DC2C4C31878F380C16012133AD40	DB12BA788F7F6C09F967378127660E0E3DAEB8AA5A8FEF05C2EF4755E4949B7C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BC8561F80E3952D1314041CEF9F9070F	8F6891C8DA75EBF33EEC0D417B0DFCE3669C2040	5EE0C7467354B73C69BDDB68F480E704EA1BFD2D402A194CDA747502228B8C45
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	614A3CF58998ED1E8345CC5E5F0695F6	64BCA7430EDA2E0A62DA7308118BE3768048421F	B5BE23EEDAA3CE06C05B8169CD730F83208570117738788A1AB7412F7214D906
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\TELEMETRY.ASM-WINDOWSSQ.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F8C4D8DF3BFFC520689A3F1E5D2CA52C	B74ED849EF29BA381CE995F254D2837D9921695D	6F0157E970C17AEF80688317FFD1234713275E8772F69612FF297B3A67C295DB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DF2EF0C278E4547CFBBAC1A3FDB98CDE	89A4F75E87966811DC8A4D10FE527186B3D0C72D	C1918FCAEB7D257D7736501B54D6201719B4036E9ED11E32DA3E23E4D461471C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E25512D1CEDB83CAB3F0D2EFD4655273	67599680025585230F2CED046F0DB6BC09B573E3	EE0348A20C881B5D39CA9A7EB45A475202E5E328DEFE2432E35CD91814E18858
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-Eco3PTelDefault.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F64CB1A7B960F20D8D4DB6AED52F5F4B	4D1A1188C8F0A592B6F4C61E48A05358CB07BBAC	E8073106BE2F16F6EE5DF408BBCCEA22412FE01362FBFB099FA9DE49A75CBD95
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	386CC58A9711ADFEC9817937AA1896F7	D4512BB29EA4B555D97D3BD8546580E5370CCA2F	650913EA122E4F543A1928D5F9EF7A6374B23D2C00699E325E7651EA9FD65944
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.bk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7EE329792060D9C59525C2478FE4E314	6031312DFABDBB631DB4E149152F872314482A85	7D4B62AAA35EACF816298B2EFCA0D0020E0770D35FDE91C48958489889706436
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E2558FA6FABE8D32C2276549AD517E86	2BDE90487E0C6CAF47A2BE4467F8D71DE4337ADA	C4087A69D09CB0B6F1F75F7B5045AAE99B5B90595E57A373F682444091EF98D8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,ConcurrentDataStructures,0.2.0.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4DCDBE91B7FDE5BA2AA38C736147962F	6A82A8B9693F66E7366E8EC9E1F4FE5A12F6AB79	D6A33C230BA07F0A7BCA5F0D6EB99406C64B9CE2376F0C15DCDBF9DF6F0ECAA7
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,ConcurrentDataStructures.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	49D96223BE3D9C78128700C505439DDF	F4E9C9C9BE8AB100F8B62E8C68C4DC2EDDF854B3	2818903B1783EDF53A6CA7444399F56407587A78061067568F7A19CB87F57F19
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Google.Protobuf,3.23.4.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	236D3F20C94B425EE214860FFFCA9866	A7F9FB06F142AC4F53C96C486950F81B2C4FF47B	A4EEA0FDC6AFF3949130303CB24533E9656FCF7049BCED4F94348072BDEBDCBE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,HtmlAgilityPack,1.11.46.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	53F91CC31C32A49F54600AB1F29998C7	E94A99B1AFD0BD22E244B155F3D15D30368CAA4E	377244FC6BCA2488F971DBCA1F299B9EF5E66650DEF234B85B7CFE3BAEB7B632
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,MessagePack,2.6.100-alpha.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	879B44F66FCB9510F1189872AE9C140B	3942A8DA58A6D4DF39273133CA4E186FC3F431EE	67223103277DB40D404EB76AF44588BC951867C85BD5AE1AC329182693E7BFA4
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,MessagePack.Annotations.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BDABC7B559EAF7F4AF148F0AEC05245F	5DFE7E7CE19696FABD4E0E8F954AC4DB78CBC903	8B50095D36109C3686BFAB187824D4A743E59967C8BE721D04006A92FE426D71
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Client.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	235CDC0605484938D6B8AF44F6E0D2D2	AE91A68CF42B4A851FA3842A4CC52643C62F280C	34E9C7C75E2980AC5BCF847FDBAC13F1C3F7CA2D81067D66AD8C60E28A13C4B7
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Common.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	38DCCF5312715551BF0BCCCB4E71C5B5	3D0138138CAAC0C71B912DCDECCA5289E48B4C1D	3E57C13763565B5D1EE6ED2DC0B804FD5EA3F4BA794F2F30CFF0A9525CF15C64
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Data.Sqlite.Core,7.0.5.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4E37F6831C56C01C118F4B8DEFFE2EA7	D5462C2698313A8E910825904410D2DA1BE4318E	A8CEA17BCAB65A6C262C563E6D2A27972B90EA066C1C29B0095CB8FA493BD206
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Data.Sqlite.Core.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5FC6EE7CD5A2F4F58E8512C13B7C3BC8	2D9535A4394032E6782585DE498CF012B63E0E70	668481084872C21F1D57674402F9653E46F1CBD8131881086B04C9100EBB4AD1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Caching.Memory.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	91FFB083F22E430185D5A4DE9F3217EC	4C8F367EFDDE3A0D2C9ECB882330354AE6C331CE	21ECBD27CF3FD2A8DFC805B6B917CA6B96FEDE4CA2EA195D5A5946A02A739342
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Features,7.0.9.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	208B617C76FC8A403F9B53560EFE11FD	E9E80369C13A65F6BE693A9F4344CD769BFE218F	E4B1120C62A7E6223E3D0AA3B18AD643F07CB62ACD02CF5172DD1FD77FE56B4C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Features.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	ABBFE0B7FF51BD3178BEB8BDBE787BDD	AD5C85072553F7561B58EB39FB2D2276A4C96190	8A576A0B8DF7541A00F315ED765724F16108C4CC3E7BB0E9FA22208593E6F2DC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Http,7.0.0.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8621A1DB3BDCF955DDFD2F138001A89C	6B84D04DB060FB86A609FDA1DA87B8FEDACDAD34	859C96B65DC1EE205B0D372148C103B5ACF8A4E6151586EDE8A5095E24D45FE7
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Http.Polly.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4AE60D47A5D1145A10BB3D0ED46AD758	FFD72AE0C600400774DB19F7A19AE695B65D9FFC	2B37D8C51BD4556F881F8DB7840391DF7F0E8D59A98E9CE22F8625863F0E1461
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Http.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	31CC1FA8724FE2142032BB89F1995AD7	4CF803A4FD0C384F52A6EC219EE1BC5A68A55B99	3FC4CD2138C53AE180A437BFFD5010AAB95909BC52780295F51FA940963160AC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Logging,7.0.0.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1425D8206C00869F2EA2FF04AA840C82	27FD662AA45F6696227DE54A3C184873AA870B82	B231E0B1D6415B4DC8AC833CB7FFCB13C4B8D053BBE1914501C35E31C68B2D7B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Logging.Debug.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4538C3E5044B441759964CC5659003EF	AF1464BD8836687ECA4C4C8436A1DB2273796B7D	52F6514B0CF9252DE041FE85C0ACDB5C82FB94F009E285775320F258768113B7
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Logging.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BE3A9B8A61842FDB1DFC9FA14C74D8C1	CA068D4DC04C29F82CD11E52846A16C3F7000CF1	306242C7DBAA2DEF67FD33B75D69C4F31EC0CFA7E92FF4D8E462834EFDDD0EC3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Options,7.0.1.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	82EFA37CB804201F3FA9D4AF8186B7E1	4B7105F6DC5E8135B03A92A902ADA652B8AC8C91	E0B526EC99F7882D6E197B6E02F8C72C0B8D9A7D5C719D2ADE562A4432F3364D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Options.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	ED6B8A05CE204205BB405C5A5B229879	A7E4BAB81FCB76AADAC67B09508F93E306B22040	0C43BD59FB242427AD583F549D528E5298528CBD985C10E9A90FB0E35E344580
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Primitives.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	ED4E3250AE0EF29D8081F4188C084CF7	79E7E33732A50845B1142F8DB6E247BE5A08DAE9	3BA241030331A53D571F3E108F14D1081C5A646CD000A0854C3D6D26E4BE3DBD
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Graphics.Win2D,1.0.5.1.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	74BD509A2E0F6FB21139D6787920B7C5	6B5631B2E86F3951C50239E824209540BD39472A	312A2D20794B5D21EF34F379848DF6BF902A1EFD7F9B49CED1B56FE57F6ED7F6
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Graphics.Win2D.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B2A3EE40907BCB074036975B3A82821A	CFCE22A89F867E32CFAF62B64B96F374B91194F0	2A8264C44927816D73CE591593596C8659F03B7F4E4150A01548246762ECD9CD
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Abstractions.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CA0ED1449D6BE8A585C54600C0A2D3FB	31231AEFE5F1399361F1D1E3883E06EEADC1C647	6455269469A0936F9DDA3D39C7E206B073303145AFF0D7A3443AAC82B1F88197
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Logging.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	27B2CA9CFFD513F31AF51B9067BB684C	1A0763D3591B87239EF19B4F08C88A5F0C22A1AD	BAA7520DD6BEC8A8C317CD50612FB1146996E6828F76C96B95A5C8EFBDFDB3BB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Tokens.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D323C0B25D8786410F01F614D6078763	26B9C70B4C9CAB95EEDB121669D25CB63BE16805	17ED66CE5A3508E2AD7BF2319864BAADB2BF3222EE7C78CCAF48E21D6595A557
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Map.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3CD69038137F4E6D5BC7DF1D9C1011D2	1117DA52C617903A48B9265EC588F0A5A2B509F7	F90D11B196FA1B158C9B555030ED058C1B62AEA58B4B6C3300664832E5AB96FC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Pal.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	28BC43E1F03686749DA9E376538BEAF6	DB1A26E5442D253D1E40F1A382DB2329F0DA36F4	96EA68544040C6E5E42E475B1F611717CFBA5C6F30E57D0EFEE630ACCADC2EDE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Pbap.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DAEAC46DBE7F86AB1ECEBE696D413724	1FD430002D0C15C5C03C648D3ED389CB114157EE	B2C6A47E738E984F93B2746E424E5E0B53B326865D11988AF71DA103EB05C7DD
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Diagnostics.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5530BA249CC1A3A3AC7ECD8C6FCF5600	095603ECB1B5841B543768F085006443FC9661B9	729934FD39936BBA60827358A5264105D4841A7EE6B2149857B1CAF1D3A6FFEB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Obex,0.23051.1.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FB7E63E14993559398CDB50CF6F4FC33	B84B1760AA0BAC9556EB6861214406D7E6B1C5B5	D833B283FC5209E165F9F6C5AE6F249B7F308C356350AB3C209A9701868112FB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Obex.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D5657B2EC407BA2729219714DCBE6ECE	CADF6EACC03C4189FA5854DBC35CC4179FC49E57	E12CC92116860FCFD3703D0FC5081E8C37BF17DA71BF1A540C87FA7A320E901A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.YourPhone.Vcard.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AE2134F0C095F3927209D2D8E7C15A7E	AD81B93A8E58380505570F74C6C4B855BAE24837	3178D58DCF45B343A036695C9293A09A09EBB8CDAC9A92127A9D54990DD5E7C6
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.NET.StringTools,17.4.0.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EFD76B528764E46CD2F3A2AC8D7E61A1	E0B6EAEDBAFBAD70F34403E2421291F43B938922	702E21D1757FBEC655F8A4C1C7863543F2ED204866BE9E03E2695D98D125356C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.NET.StringTools.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9AE52044F97B4815F1B8110578B88C78	BD8406A2F6425757C6EF8263217E6FA1916E0952	28939B7734875899D35E33F382D7194C6AB98F78432F962071073484AF30DDF4
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Rest.ClientRuntime,2.3.24.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DF9BC0313771F47C52145F3E52C0198C	D1B78A4753D586B09B241D82C56D43E015526786	D4F50003DDB2B82E244A42BB27A743B8AD9E34713C94DCF1C94248F1C822D7C2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Rest.ClientRuntime.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	30AEE1673DF89F32C479F1ED83504518	55FA17995B2CCBEDCA3C8EC4D245AEEA92DE7B9C	B1C3D436ACD09542298C9D0F4F8FD2BE656ECC43C38D6F14973ECED124D616AD
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Toolkit.Uwp.Notifications.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9C1AE90BFE5B96B5929D34B17CF226ED	D88804D366D4887904A6695A521202B9C39F3819	93CE68643ED7B2C9691227773CF1D1C5E93F6446724C4D11594433EB94A6105D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Windows.Apps.TraceLogging.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9AF65A9FEE5D576697564CF0B2408D73	47950EDC686050BBEAC50DACECAC1554C55C7E87	421F16B0F193A151D2F6110EA270138FDE12FF0A184F33A089E1BED34DCB5905
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Windows.AugLoop.Core.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B9F9429B5C708BD68207EF54132BC365	B71A52965F6D6F5D76F2315D71C090989117B4C1	E42EA327784660A909898CA98A250321A135E636AB713077BCBC217E4B8C24EE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.WindowsAppSDK.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A7458E85638EA3B7431DA3E8F76BC025	C3291A012BB31D668DDD4AE384FF1D8FD889E499	9ADF9371A74DA5F38CAB9BDBC603B854A096820F5BC88DD55A01BCF9A26BDA61
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Xaml.Behaviors.Wpf,1.1.39.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2A869EF48686DB57483181A149F1149E	7BD5E18AA67B3A47275581E2312EE4316F5F7BD5	C7DF63D9D7365BA6F5425ED5C46864F27955F555A9B68E1FEC1D37D35C2C8CBF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Xaml.Behaviors.Wpf.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	53723EA795C6844132449952EB4C4C41	66A7A118551C963F30DDE8F4E85F53CE65D7569C	22F8E09382D29FF371353C30F60D7916AE44D3B0C2F5E14C08D1DF372E97C325
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Newtonsoft.Json,10.0.3.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AB57FFB905082003718A798079CC012F	A66A5B86AA9379C89475D34D2DD52A945A3DB90E	C9E1B0C9F7491D1F39A7178A983B9A6C4E24036F96FC6088E8A6AE7728CCCEA9
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Polly.Extensions.Http,3.0.0.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E9EC8133E54C255B1B2DD202CEA64F21	D98B69722053F5A552CF2F6E545E4E64E4CCF74E	43876511FF2969E2B163729FE7FDCB65364F41B6A77C1D2349D396E391EC3708
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Polly.Extensions.Http.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	17904CFC26E170E8253A6C1D5A10A7F8	B749EA4BA94B7BF89F1C5FA7A9CE583809EFF8E8	C40388313987D2E9E7CF3CF4F635535ABE3848A6595493079CBF6F15EA8552E4
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.bundle_e_sqlite3,2.1.4.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EF0BC04A9DF9E634DDD8225DF19D5B7F	CB35260A36AEF87565E03E84511A1BA3C135C767	B2DD533F32713CB54937D95D0B7327AF703448D1E70EB1096FF1A571497C0826
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.bundle_e_sqlite3.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CA302E4C2BF1F273A96CC713D959E9DE	DEE29805B2F636ACF461187221C643F0C5D43971	C7CD6304008D0D2A42F1F0B2730F7496992C7FBE43E78481D993B655F6A06D66
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.core,2.1.4.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DC6E0E1CD991F45CF837124918680918	84986F3BFD5E50029866116E5D405A6EB6FCBD0C	5B7B389DADA8F762D39A9AF51BF6574BC78C18AD49EB6E212FA3EDABE51618D0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.lib.e_sqlite3,2.1.4.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6A60E0FC77C22A0BAD1A8649D7DC076F	563FC8024FB1814FF49E4CD6CFE44466E3943766	647785E7568330369BC57BCB4700C9947BB8423E408DFC86C3DB6203A97A6AB3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.lib.e_sqlite3.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	89C9B5E17F604B7FCDC5E2E93E299F8C	AD91D58F296FC41A2A5009739C757D36B43BB087	FDE5277D125526775C95D15B2413B423DF3D70CC6A5903B036D3D733221BBF39
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.provider.e_sqlite3.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	93277766054BE06313029CBA3D06B072	1F3F7308814BBEDFBF62BDC04C806AD5EDE6D955	5235824E5794EA0EDDA0E53B8BAE6A83C31846E327725C872299467828BF0536
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Buffers,0.7.2012.2221.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	16612A06E5D0C9C0F03BB15181189229	6A8306D493C41AA884B6CCDAF38EB71B96A12054	E58C2BD996876B7831667D34516EAC44FA930382347466D4C18996E055DD8329
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Codecs,0.7.2012.2221.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	14230325D92C971EB1E2194111F80DB7	51CF2C1E6285852578D9C8E0C52685D5900F8776	56F80CB0E5EF351124B38408C02734373EB75E0DDE9DC726D4F741882F68D4B5
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Codecs.Protobuf.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4E955CC83304D82B75898741F6B2A037	03DEF13B6F1669480A87CD553074B33EDB3E6FB1	CF797E7C077013B93611BB7B7D6B1AD3BF39DE8443BD8387E3B4194CC9A7FBB2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Common,0.7.2012.2221.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A1F93C85F4CD8F4265D1D31CCF3A4BF8	CC8D6CB638C9DB0267BBD0963F97BE84D95E41C0	76F9D25677AE068088EE61225902DF901BE0E02E89D78F914E4F426417C825BD
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Transport,0.7.2012.2221.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1EACF1FB6F1786160547B642C5C7A129	9FD4A84D6FAC66B727D42C752B783EAE1C70E3E4	1FB861198CA0705501E1CD795827FA53D1301FC386FC400315F4456393C24ED4
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IO.Abstractions,19.2.51.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	35548036B9C132E9527DCF51D633FC2D	5D91C4B130DF865BBD05A5F0731026077F37198C	1467FD375BEAB25535F6A9A633B0C2E187AC1B943B5AD408D346148482E9703B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IO.Abstractions.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7D1A7FF460714102DA9DE24FAFF476E5	4EDBA5B129E106D81A83734913630E28C0DC492A	EBDFA8ED131E587AE84D22CBCB4FD1FF6E7B072B2062A22600866AB11CABA102
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IO.Pipelines,7.0.0.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E9C210DFDA404EEB0234D1AB3BAB8C37	B3870C3D99697D037DC3B937E6E45B67544A711A	69A2520517DCC815EEFB220DEDA10A51A20056ABE7134E42CEF79B54F481D07C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IdentityModel.Tokens.Jwt.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AFF94BB9D007453CFAAFB5F7AAD6D4BB	AA155A707357C6C997CCB4EE2B307662250DF619	B047D3C383A7679E844444201FB7A164CDC91C3E9B960B83CD2338F641D5D028
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,System.Management,7.0.1.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	ABC1D62D8A269EC4C26D094526BF25C7	E1AA88A1797E3E2924E3A6B500CE03D2027C4EC4	3912288A8B1F09E60829E2B5C8721D18D9A90B18900850EC2F3A78DF1FBA64BD
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,TestableIO.System.IO.Abstractions.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4E4834642B08583411035C5F79898CF4	64D9511A7FC608D35778271A98AC52C9CC2A5098	A6A2E6F371ACB51FFEF955DF5BB5E1997B3692F11205BEB4CC6F892ACB0F26D6
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP,0.23082.41.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	871EE258F9A7D45A51E01ACC4E1BD49C	223F00F48A79EA144490039DF0064F10BEBE2CBA	5988499BF95FC52D42BC9273DE11FDEC34413FAAF22365B67E1E65FE4FF4B775
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Auth,0.23082.41.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	94F0C4A8EE496A2C9CE51C5A243DC5AF	4348E724295D78B55FA74CEFA73D8C45CF9742BF	F3A1A0218049D7813FB1C2621627E45ABADCE130E1B233C004DF9BAAFECE0AB0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Common,0.23082.41.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CCF96E01C13DE290DFE282AAB399C057	55A14B68D21B538E2D9DF9169EEB1554EE9B50E5	9A4A7C690DA89316696E52F8FF2DFACA3D2E06252D7C225F8AB8A5EE3FBA2489
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Common.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E2B8F1A569363C0F52E92F8E1628A70D	9B6867A7D503F5AD35E9D29ADE445C9AE7D75DA7	C593C5DFEBCE32713479DD1FC42E648924BF04FE1BA34C6D3EA81F3A5D988144
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Onboarding,0.23082.41.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	223C91FA58AEFBD7849EE21DE0FD916A	2B7320E3A0494E70BB76A2B8FF7005FA3A405E85	7168C253B31164242376832A375FA1A7C23C896E967E3E2AA1502E68B5EFEB6A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Onboarding.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	84E894FAA5098C56DE61A1F821B47D24	57DF737E78635D15ED8EFA21BBA9BC8A61E44ECB	42F94D5489FC0C2425DC772DBE904B8AEC8AA4FFD52700D00F365D439C8195F2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PhoneLink,0.23082.41.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7D1E5FEBF84E5C0C906E9C3AEC699AE4	7B74E9B5BAAC87A81094EFCD59928411449E4655	1E7B5B87345FF26831E7F573E4C28CD3AE6D8DCA4E14C8B090D55082EFEF9483
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PhoneLink.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F236B684FE272D325DE4F207BEC2E945	8DAA4B34876F3B04CADD28BDC4BBA273AA9E447C	4A40AAEB873016797A12395F3BDFFD94D5E73B1CD7586F1E3AC140799D488B66
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PlatformSdk,0.23082.41.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0E675BF1DEB4D4E2FEDE2353C08C0728	B0017CBBBA6F0E5750B61104DDAA415552F08454	8CB9BBF48302333DFB8DF170E6914633EB3FAC4484CCD8C6E7509ECB92655A19
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PlatformSdk.Protocol.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9BD9A92D2A6DFA6C97B3A95AAAEBAF27	240DBBBF15322C7A0CCD3DD00152C9BF04830F31	4CF0355EFED61CD8E030B054EEBA64DF946B7BAAC959A33D3CEB21FBB0128B7A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PlatformSdk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EC21E1E3E9ADC672947D511A27F9FDD6	CC7A30A326309272BCC47683565E1E53476487C1	A9330E70FDE9A941224DDF2386F46E0284D38F8EB8D48F965D396C8C3115A402
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.ServicesClient.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	79546ED83378C05D1788E7980279C7DD	708E2AB799F110E2C53226B528022FDAA908AA87	0199FACA397811802AFF78665B97C8FF23D01ED6ABB842E188AAC55FA1A73725
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.SideChannel,0.23082.41.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	39D1E6D99A8621B856D40698B05290AD	D64CA8627F653AC662321B4F95D039C2ACE8BB75	46E0E13728E685EC91AECEDD8A3DD3B3078311871FA4D3B11026D5A1C453F632
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.SideChannel.Protocol.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1A5F987FA8C764695369C1981BAF8FE6	1DFAC71C7156BAD69CB2C1B567E1B37C7B36BBDF	D134D7BDDBF1A02AFD8C626ACB0EF89064949F025D38F525CCACAD7D9F859AC6
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.SideChannel.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0DBF07C20D42C23DC73E44152774CB97	24FB8B94C28ABE1FC4B7368CDF4AA640EA8B81B0	5003BF7A6D2BC8DA9520F1D4EB84DDD34F99B26F2B762B8657F883B41F996F2F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edb.chk_.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	122A462B260029EECD580F1A14098C76	361A2D53299EDF4B7D6D2DA615421757C212A479	B427B73E6686496814DDC28C24642061B9160006F2C81A8E2D5DF72E6D85CEA1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbres00001.jrs_.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1401314DB8A6032957ADCD0C5AFAB287	0D96C5F5F8FC64C665C0ED2A10C66F66B26CD2E8	7764CE751A4940D4CCEB7C268198321EB761026C900A1BD3A15443A382AE6723
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbres00002.jrs_.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	039BB845A2F5DA57B89E18F0F1003DF0	BE79E028AB37917F6B43C50A6671C052B35C37FD	3280C331E77524B28823626F4103B416F14FDA5FBD9F5CC6EAD8FE2D23F7D9CD
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0C59955DEFBC74309CC12D02DE83C857	C1C5E0A5F99A3E2E4B0A8DDA29E531A25403127C	E86240B68ED3C8577631BE566C937278530F4D81494B233DD9C2C83EAE556C35
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013Backup.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C66037F2E0111D0A628D86ACF391B385	9430A991ABD63F94BF885A0787D4F55D8FC4B66E	0201F917861630DA8C4255E336C0FDA9C6FB79F806D84A184A975878D55B4881
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftLync2010.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D48A3B53AE75B5C08302DFBC3BAFB222	2BBCBBD7F6AD40392A5411698569EFE161C94C56	9DB5CEF14DB68F30AAB5019D4A9B774B6995B03D525D2C0BC19EE0BD8E50AE28
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win32.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	98AA8673F9814BBA8A265209FA403540	7F145F1C6C93314F2C73604F690F01130FF2F409	55C9BB9027B05D2D1D96BE81AE5EA3EA527144E43203525D6FCC6F36A5AD0DDC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win64.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BA4FFDA9A3C35927CC400F44638BF6F6	18990EDC77530DF5360A8633D935C9BC594C36FC	15560BBB436CD04D330B777B434C22DCF1B6C49A3E33B8C7AEC748373A5A85E8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin32.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	52B5F87D0CF99CB25CE153AD9570F5E9	F5F89AD3C19B5D87E1CEB2847E4E428CF6F45770	52D4AA3A108D28102C0BDDE98BA33724C535C93E1853EFFC182AF8B9BFE6524C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin64.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C4772F102004D54355B8C65BF20F97AF	52B91232435360D7D9C54892E148622238D161FB	CCBD9F5F014989C48284101D38D6555C6DCB8835F0EAAA3D4498B1522808C446
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin32.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B1B520D6B266BA454F501CB8F6029D5E	CCEE3EF5547195211E6E89D7D3220E6BD981F199	EB5A3E177073F7E73034E4869843FA2A2C0017767B4792BB40A7D76ED1BBF125
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin64.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A27ABC7068BDFAADBFF1013CB9A2C6C0	4DB4B95650326860E5ED9A76DF16C08C6C6FF28F	EA08779BE017527991FF0FD2C99AD02E6093B5D3E23D1B183C2C1DA5F895F64F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win32.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C0A165FAC8ECBD9B46C75FA076252CFE	B945126AC04BFB8F04BAAAE46A7051665BF892F8	FE8D9B5B9436EF21F1B56F6F7C5963905CB210419A35D3D8D23913AA86E17213
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win64.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0FC7A8D2A0B02505857811EE2AFB9EAC	BE60A95B8E1574C9CB1AB77049FF67E428E717A1	8D5CA7B8D3FA4C790882C87B2A63E2BFDAE1C755175A7D50DA0F4C55626F9DE9
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\RoamingCredentialSettings.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	855F656CF85AF87F922FDD414D8C2EAA	624A10A66C6A20F1D67078F5FF67874CED8D030C	B059D6900ECA6E786EB2F4FA62B503A1BAAF3D043712C61F0E6B9A8C0A3AA469
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\ThemeSettings2013.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9A01CA29DF0C1E79A1C2A7E6B455AD7B	DCD9559A5DCC9C0DEF65E1213112EC71C2EAF6C5	8686F82F00E79D4E6D48EE5FFDF985E2C888516CF62021617AA8FCD2502F5A40
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	46A5122A84D5D07DA2BA8193560CEAE4	DE34666CA3DD646FC6662538BA9B39B8AE37D6BE	B107B5363536E97E443E44F1783975A9B141E07D17D66E3D7DCD818397962B3F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol_.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	ADC3432A0F9C2656244D7444855DE287	256294161EF867B8C4DAF639FF33C7F6C862E52E	FC2AFBD87B3BA604EEF6FB2A36E96BB3796DBD801E7D7079BCA532C721DCAE7D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Catalogs\IGD.CAT.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6880421508A29850109B1657FADE218F	FA77FD6D5BDD45080B439653B513C32AD3E8A65F	F907C02F1926A1CC63CAFE82A5D124E21DB81C6CD92C9177A726D243C70E1A19
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ConfigSecurityPolicy.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	96C71506DEDC9E575D2FCBA96E577EC5	9859E440F6E11EC3BD2842B1602442B16426EE86	D3C0DAD6225B5C1E712F2202F64C3A39F159C3085FCF6D491E3FCA2EDF45BED6
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\DefenderCSP.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	23B725346EE4CD00C4F618B92BA0FD3F	51E848AEEE95C070732655927EC8ACA31EBDD29E	238B9BBF0A7A0746976001A7A92574C65EB51790D2251733EEE7A12161CCAB4F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Drivers\WdBoot.sys.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AE036FC664177E8F3DCA315CF8D677A4	D5E3E001790BA50C09FFA344A3415518285F0B3A	4F4AEB888E4F4280AA6701DC2B6240E039FAD007DC85065D82569E680CDB3C05
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Drivers\WdDevFlt.sys.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	618E925B17CBD74CA6F7866326C2C353	0DE96E91F2777B46B63D346233008F0BAFB397FC	245ECB443DF6230C32768ADAF07625481667195EA44E33626620DC736740D845
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Drivers\WdFilter.sys.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F277EF09B42BF61EF2C64BED235C7F81	3D342391FA05952CF616B2C622E14D4504BBC8F8	F5AA35A07336852E02843102604C542AA7E91014D1C75EDCB68858506B21C18F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Drivers\WdNisDrv.sys.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EF0F07315CD567A7CCBA8EBB6AEB4D57	EB68468D8A6DB99F21A2E1CB8822EC4553F4927E	958AF7B8E20D7CC7222C2289E49911E9B43261E39256478220651CCA80DED67B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Antimalware-NIS.man.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	07BB506D5BD6B31857C057E0792FAEC0	9A287445B8F780181647621D5211A735DD61C456	E5947A00F545F9A915BFB1EE9D7F7D58F0BD080939AA58280C78715EEDE15506
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Antimalware-RTP.man.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	973DB2EE6E881A1DE3D9058AF6CEF465	5DFD7D64FC3C623AE4C0EE71FE4EA57273A115C7	26D76A62ECE1BA404848FEBB1F76E7EDD78C0957BA8343F823B7AC1E62057C88
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpAzSubmit.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B3BDA35D0F8E58DCE0BD928E8F7992CA	06A08EFF65D808273815179C9D1648928309F4C3	3433DB15CD4845588044C235B00CFA10D1668A7296EB13C3FAC6DDDBC4D7576A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	44A2EF7E4FEE68F67CB1D1DB3BB42272	B21F823BDD95B27730282D3ED80C4A39400F5941	7F81B2FE5F950A71A3B730117845CD3844FA0D633EF22DFD5E86817ADB817929
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDetours.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3D6319085EE8CC3E6880E6BF457C78BD	A40668DCBF270456A7B0A9323C3D6884E250F293	D1C171994E08C38DA701FBF312794C0E557F145419FA73F16C5F6D679CBE415D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDetoursCopyAccelerator.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	985C1A9C088D4747F651A7FE35AAD96A	4A8749D2EF2E31D8723B834A4FAC3556330363A1	9176519AA6409EF447D2BF33A10CCE63C6DC2C0A1595822E9139761967FECFE9
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpSenseComm.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6AA78B22AD70F6FC4C295482FEB35299	98E3F3056B8E9970E97F6D46B961F4C1A748AC95	CB2D093945F33E71917D9541774F83FD628E3D049CB9F8EE1E6F7C571ACB55AC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpUxAgent.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DE6BF0A0A062C696745D339958EA53A5	85ED87A145DE359E46E3BC7BA3C9BD735C4B440E	A47A3D2930061E3F9BE74036C94E6A659D2DF93291CD3C902FB3C455A24E67E2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\Defender.psd1.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0BF6550556E7797A250F678033378457	639AD2CAA24A2AE256AECE02E52AA958510418D8	C3510AF8A0FA6B41918EF813ABF97B47C9947C42E2D7B2FCDE42C48313017EBD
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpScan.cdxml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F7D70366B3BB46E9ABA89D44E8158B91	FA12D97B592F0F0D22E1CD07DD3543D968E6EF96	00B176B4CC319251AE2F814D1045448D1C427B1C340BA08AC6CE12E914CB2926
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ThirdPartyNotices.txt.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A24FE989366BF29DBAB3B2CDD5C0CACE	3EDB0AB7D5FE94582A3FED8EFF667D3DEEF84EE1	B448CEE14B611FD1ED1FDEEB67ABCE5C187714F688ABDA84EB7808568AD780EB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpAsDesc.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CADC6A9A518B4AAB338F7097467BC3B4	F68A05241B2E3545D6DF2138220837EBEEFF404A	F5E9EDAFDAA80A6524451E1E5974B80BB139F4F3D4CD537B949C08B62A728F27
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpClient.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0BD801BFF5A528D56CD3FB6BAB40577C	A2FD20C8933388AA88C3A53CB1ED6AC37FBB5AD3	1CE6FAC452B35721A6C4C97139C7021F63051B5EBD606D2763B871E22E44BFD6
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CA981A06022946FDD39C5148CD3BDAF6	EE7D2D388D4C6AE49E2AE4B4CC0EAC6B72F14D90	25B08B2B0CD4D559FBF66682E61CDDF9A3ADF47A91D36BC981F498D22137297B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpDetours.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	18814EAFECF0BE7AF039F9F29708C069	86AE60A351FF8AAE98699C8339D22C662F08A574	F5AB02E4FD9EA49ABB477ABCD6F5346BF8073FE682CBC829F6FECAD4B4380819
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpOAV.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B77E13172F33032FDA3209841A25123F	BDA7D4BC8376C9E5DD4DA391FF22E4FB8D73E4C3	F9387474DA1446F2580AE4FEBBFF1BEB4F78221FE83DECA0D6AF359093A54693
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MsMpLics.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	92C2426607A7E8DACEEDF6574F94A5B3	411C0862C9BD9E1DC4B42E20184259557F3E1B15	5B6BDB145FFABA09DFDA1A5CDA045D40D2F1A42BFAD5E36AFCFC1594B6F66D83
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\en-GB\mpasdesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CF418FD2C725846DE155149D8FFA2C4F	2AB8FCEEAF176A037C5DB7D4EB7D564FB3F0F1CD	1FD9D68237A92C79A3A6EF2D21C76BFBADF010136BEDA20B31069B4FBA6FFEF7
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\en-US\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6F225FEB432B8513AF3F1BE7497F34EB	F2193D7D5855DABEEF9E2DF82F2B8C05BC5A740C	D1EF801EB3DAF9E5846B58A68F209D52BD94AF2AAF5B5374BA05E9E1B80CABF5
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\endpointdlp.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7431463BE877C5AA7E2D5C35C69B3130	1F58EACB4EA2F62ED2646BCCE503520799C9A2DA	584814B05079D52D029F463A173B0F717A93C2A6D4462356FF113D95FC8EEA05
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\af-ZA\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D7C968E257E34E9DC5E6D85D2EFDF1DE	A09E11F1C9D995D733ABFB83AB92A318BE2A48AB	AD8F422F75B51A87CCC9DFC947D6B9299EEA0C93B42F462F1358F579C6D9361F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\am-ET\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	23095D7CFBDAAEFD2FD83BFEC30E2686	3DFB07BC903FE5C91414A9503CE104C384193962	56E561FA1460718A76C5EECE18147F9F0737F2FF2DBFB4CEF017C6E80A8AF002
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ar-SA\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FD5F9C738F0F349A3D72F9B5C3BB0051	58334798D88667822FDF3F01152F1D2A8D239C64	3989166FC9BBC6545CCD142B482FFAE26671E5A1D6139835D59339255CA03864
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ar-SA\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	540FAFF6188B225B29EDA1CAD1426B3D	C72138E8EF166967F1DDF66C2F33B6737DCE073B	8751B227D7CA1FB631AA18AED4FDAB9785A90EC51145E34734489747D93ADA97
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\as-IN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9024242A9560CDFDDD7CDDAC9B6D5541	10F404BAC46FB1423A825E9C3DA2BBB5A0EE196D	64CF3698D3EBB555D34546FDCE9259C38999AB3F841FACD2A633362EC22B81B8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\az-Latn-AZ\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D754CB41A63F225D590705D627918050	E77FC4C9839CBEAD0201B95AC6837715BC98E4D8	B86A6B6FD24A8A71074F72FF6CE23CC09103B4073CB637B1F2C8B30CA732ECB9
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bg-BG\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	18CE6616AF6A86A8CB9BB1BCF183E05B	D5CBD67FD3B6084F9D6AD5B5D377BE780B594F71	47057B8C30405183137BD7A01042CAF6A55511496E310F77B982CE265224CF94
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bg-BG\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	34C49A6A89C021060FF3511452BD85BB	EC440A2D582D01EA20540DC8225061DF20C9EA4D	AC96F359456E49AE8BC79C8E61056006DBED69051AA10A0C2F5C9DE4CEDA45AF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bn-IN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6AFBBFF1C89C09E9039461E8B902A3B3	DDF8097ED35AFEF757F0481EEE492006664F66BC	6AC84A9087B526B4E263C2D527C3E5A74BEAED559259E8B180DAC7AC2641AE0F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bs-Latn-BA\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0062A53C04D373D7F0DD26BE692A1231	ED9994B5F4221ED5A9C87C351AFE0DC7639C10C7	3F5752EA247B05E199CF973BDF757022DC3892DB7C18E0F438E84CD51274BB57
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ca-ES\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F69F07144AF23D71DE06FD4525C0984C	01397E501F51D60002E29B97620C45DAA65DA7C5	9FCBB88A7042B59053D0CF3053BDB9BE61611EA247AB784332AE77A8ACE125C7
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ca-ES\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D5571B230E258A79AA2243019DD771E5	0977F9D274ED3CD06F74E0A0E7E4757EFA3A429F	900B27ECB182D4799BCE6B71FEBFBDDFCED2DB547D74827170DEAFA4B04C19E3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A444CF3AB63AA98FD2B78E333D017DB6	9B0963A935BF88C7016D2A920F7158A841AFBCAA	E41ED7B590E596D2BCE238C8607E8C62AD6F4E8F8C2AC968207035001D743237
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D18FF6E114314A945790615D10BDD005	6283B11C2C0724C52F6250CA62129D548C9632CB	D00A9BCD566302C83BDBF63961AD1F328E1A631814882FA998E3F7547C6AA3D0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0913743D3FE1E7BC00D42B97F480ACA0	F6CF0BB38EB184903C49003222A4C0B6B68C45A8	F3DCAE188BE26A5B01D683C8401923A82ED7EE1A746B828E045F6D329A72A5AB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cy-GB\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6AD4C393A49DDC650EA926DD3D5F9CA6	3496AE115F676CB1B9EC2E10F14F9978DDBB44AB	2C0207D3BE2C70E1D5BBC5E595D0FDEDFF7DACEACAD819267686F89D9C6BFA09
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\da-DK\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	425568F529AE32414FDC8858142645E0	4414FF9A2B101931C2025E5E7A7CC1EFB474501C	57C74542E2F0967B5D0B6FFF49F94049A2A144CC5508782C1FFEDE0AB175D6E0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\da-DK\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5446C692FEF18F3043288C5F60AB0960	D65AC56670FCD37497912761906AA07B53D0C9BC	3486903168B310FEBC6FC0888904BE64D6630BE56BC3B2F9EB378982B557DFDB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\da-DK\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B8D5E7AF3C8EC95C2A7B73C778108349	9F2F2D690A8FB3FCB6022878EA972DC002FF7451	67211F3B024F05670BDC74C2B45E43495C9D9FEDFE0AB0B2B08987FF04745DEE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	693C726AE2F994D23A17704292708E9B	78176EEBC56ADB35A7C51EEB3126716238E4F6E0	3613AE1F87B8F2352BE77582647FCFA612C1699498662F795C17025D3A4353C2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	65BC4AB52A0623039F84583FA6F5D24A	7460B515661C299471A09BE3C489D1EB71F40801	ABBA9B685B3D9F3625BE99A9E3C8E1374A0B2CCDFDF8D168A454AD6969C7DF1A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F8BD4506C36CAC950277E1076C5542B8	A478C619BC2EC8C984CBC5D0A24EAA6E08FADF45	633073DD2C9C2DACF6ADBD94D5D37938A09869ED4DEC02E785107513181178E6
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\el-GR\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D8A3EA1F6F48FB71E93CAE7D3A2C18FF	8694A21EB798F78DEC9626CAA9267A498134442B	F8E22F1702EBF7F050003277D8750F70451E66A4BF48083FF0DC190DF4A8F9A0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\el-GR\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	971B3AB8A8A9524982573604056378BA	BEDDA1A746C74A1B17C148226ED0DAAFFF7FCBA7	5A95DDCB75F6F98365E39511D87FF194BA7E20DC4007981049D6BFD6CE88CF4D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\el-GR\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	365315A6972DB10F9FE64DF34C2BC1A0	7075E7A764D56D65D699EA602B7DE3260BB3DE49	C718E82A5898E23DF742B99E60BA847BCB1238604A5956E3242E99478D38E9DE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-GB\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	464154F1ED4828E84E39502161D55DAD	9250D8B0971F40C49EA57F930BE48526FBD71EB6	126B51E4A946913A156F83D3A6351D66CF943828F3281FC8EDF27C3F6362B63B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-GB\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1CE6C235020ED765EE411346A3046F8C	B58C8B2414206F9695F5C9D262A323C4A319D8D2	ED196602689EECB1D4DFA2E3FC5D1681E08B183D3506499B9F644E948BB61320
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-US\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9E2AAF549D997023254E174D6C355FD0	240B5147899BA62781E65C771B4137DE65895016	2BFA9C194CBC156083F7C7318775F2B6499BFF565F9D2D6327BB0B0FD7B9124A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-US\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	80F47EF04C083164B240139E2023BB4C	C19A4B2D72788092FEB013C011C648AB62539019	FBA673D3658969CB5004478356F58113F9DCB5D47F3990E930A6291456EFBE25
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-US\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4B247AFC0152C01F449546BE6C140EAF	BCE990BCEEE7FF36EFE958AB0766E0ABC9A9B136	6994D9FCE7D9772925E18E655B911E1A61795B48FB7927058244BB0211340099
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\endpointdlp.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E3F9C99F6C9C82FEA872B3C2A9C35337	E1BD386763ACEC090BF63E778578B71BCFBEA694	C3341DF0A046F8D9F1DB55D1208BD533FBA07D96976B416E449482739F6ABDAD
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FF78654C7EFD316B2150C45F50941763	EE1A78BE48D908FD8E5A139B882310A86EED85D3	4D4C195BB2AF990B3373FBCB670ED6F91FA4486692EE937761E16884F156B8E1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	39E36C945309E5E39E9E13949E4DAA06	1F8EDD5FF5610F3B84890D12536B2F94EEFA7CC1	A3DFA0B06F1888D7B720C8EFF3071E6694A05DA8F23B3B765F12445F339C1569
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3BD99D0CF8BCBE3D593ED67BD7993D13	D7F773D50E1DBCB2D7300BF88D2BCB9464F390BE	89AFE35A887BC3508583743CB94D5E0CF7276331F825B6E59FB51A763B54849E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-MX\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B7DAC2E92F5735869F61AA752524B65D	6F69FD66A0D5F432677F958F19854D8B6F7E0ABA	FF9D85DAFD90B7F3ACBAACF457E6F7027F5DA8CB9101E5AB33F9E8D6E5934B6E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-MX\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A8F73A38CF039FA67F95D652435A9BD3	1C5BFF2C94C4F69ABD7E752248D6C17F1F6C3FD8	22FC4480D774869B3779B3221C3835B4EF8531801D599F6F1B0C9CC48E616502
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\et-EE\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B7A854A75FD8825583A2735E4F126A3B	67AAFA5067AE796D266D69C917E0F04EF00B5A42	7BB7C9F34621F26BD739699584DC67DF12EFA17CC0A9406654FC36148F311359
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\et-EE\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AF9F5AD660A8F2D15BAC225AF8D7864D	B46BD4C5DD358934A8F72B7C44BA82FD8F20C3AD	2F7499B08A3E5BA80B34718002ECF538BFB124C7ADE5F8E5296BE8D3B1E3E2A4
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\eu-ES\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	743E37C36262055FF4B75C70593C9BE6	9F2675DD2CC09F4A5E1A222BED4EE2E0ECABC719	3FB94AD9F5E3E515CDB1DD2FD5CB2DAB4A88DBE944ACE1C9B7B1913DD843DE61
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fa-IR\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0AAB9E9B8EF01832AF6AF50727C34F04	6BFAF008BD495B6A70A94B824A29ABBAC68BE0DB	9201DEF3518D884F9721B7E00418225B992429AC79BDE0449985185478EC586E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fi-FI\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E6CC1AA7BB3536CD0111F5BB9076857D	261583180C284038CACABD809D33E92DCB7EA316	B51153FB0AE5F44B42B4C88FEA69A10CD8DB063DE786765404D4F6671A0E7F9D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fi-FI\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B44C291EE123372D3E8ADFEEF62CBBBC	0857F8D225F86072F1FD62214B5A1B4E284DBC15	A87D349B80CFD59BFCDB8A74A9AF2F6C7BDF07A6BE31F59FF71216C20418BE1F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fi-FI\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	953B9CAE3FE1D67C103056B36E496114	56C342F7BC57672233E46118D4FECD07678EB055	D4D8662D48C1B3BD5F568DD498ADA73CD7DBA787E2EBDA83CE9ACC15877969DB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fil-PH\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	45DA9B66866520BEB9A771226053B82E	EBCD293F6AD9C1F2EA242E4010C885272B29B92F	6322AB7C45D07175F7CEAC9CA061BE13269C86D3758DCCC58D1250C53C724184
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-CA\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B3D8C30BA3EB7ED68E7E47A8E01EFEEA	A4D665870F90B1E1830547E020D0DA595E893904	0619F64DA67A6EC437C6BFF7B51BAC1918F070BABEC13099FB0FE4398BDE4C82
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-CA\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	04D4A1C27AFDD833820E08F0AFDA4622	8706ABFAD1ACE5106BE67F133218ED7784922A96	0B7D8C79E43AA4B5C7B99E17989325F9E15E4C7B878A1F1C95225FCD451297D6
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C7454584DE377D54C61EFAC7C4BF97BE	C6F19B9E77EF4F91A40EB4E9C5BC277538DCF95C	34D5D8A8163F3DA7DD5CF3B132319C78E16AA7049E8EEB1D95ECF455D3E0969C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2BD586A4015F9E95DCA5C2A19CDBB0BB	FE6D1437FEF0185D1853EC77B4DB2DE69B5A7224	A00C5D2CBFFFE8CE06715074C731B845B113D4418298B1597426FE1E517AC67F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FB1B5972151A2E4C643A4C42DB1F4E79	71A78A5A87E979150716A2A0ED5A27A88C6AA268	2EF9E9D3C6980CEFEEFFA861F5BCDC62BD4DEBF33C172B89906A28713F47F2F4
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ga-IE\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A7BA1F67801365291A88A1FFA979F414	C91991B1F0994B6D04B880BBBE9FE9EEFA87A902	38196A81A1D82ED731EAFF00020103F8AC3D2F48662C001599206E7D56C522A2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gd-GB\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C8F4627DF402CF532E5171A68D1C48B5	D49981E5F55FAB46AB56CF143A32CD4B488A93FA	64CDD47DFD5F2EC2249DA80B67D3C546BCB09723F7B08C42165E1BB3926B692B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gl-ES\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	809A1176140252F4AF083D2A4C2DC6A1	B6E1DD02F8E7244D38F4376FEFA1ADA8FC40C4C9	25263605BE45B0615CBB86DF1A3B5361BC103E94BFEABC1AF4C7ED63CBC2FAFC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gu-IN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4DDEDCA934B7C256E48BB045205C8CFD	A4F54E84F9392B20A0486A97A47016DE4566A8CD	C170B45DA71043DBB5E6413E796F4926EC9B943B1B4C9AF199A9AAF7ABAEC645
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\he-IL\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B6EE8B563ED00E037AD5816537D4E9A0	A9235A68D0FB83693E888B898CD092108B2DB0E0	D7DFDDB9FC00502FE26DE74DF4941F70ABA168FD85C0342065047313519BF90A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\he-IL\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7224C437C66ED7C732DBD23562F2B771	7B9267ADC65A5B39EC1CE238433689034B0E39FF	6969007630D0ADCA52307D21B2BEBCA979C8BC2CB0B99FEA9E3DAE8D988C09E9
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hi-IN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7DC798D8B1944C3EF231A56F088C31A0	198E95595094FC2EA694EBAFBE4B950E6128FD10	57D942026F77BFD82A0B717E76E6C03B051F982750361A6D09A304E700A8A2B3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hr-HR\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DB1952161D6E9159E46A582E8A414E00	2B0FEA67B3DC5E966C3411D9076AD2B18BE00068	6D913A7D0CD075BC4F530C0F13A8E83B62CC25BD27CCF97538C85A650B3363E0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hr-HR\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	62C0260C4D069ADCE465BF3F5612E4EA	D665AA6418CBCD6F141EC776D719788A2B0E5DC0	3BA1EA0EF3FAB591BD7EA05861E3019EC5E266D44B01B4B07039EE55CEAB6BBF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	319C7FFA2324A4BA07C8A7EE3D8D9109	7DB45E0F25C659B28AD81923C75AE9BA26BB392D	072F3A3ACAC62FCA3EDF168F4D77D14F0D3B646DE41C5B5E6727BFDC21F97D47
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9705206BC49E11A4B03E524307BE0863	069A7001C82E75E10D552E42A868F7BA2DAEC14A	38BE0597E9A4A7987EB3B61E361EE4797E28FC167508AA37C74502FB2AADE81D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	55E696B60CE1AFE1F3A479066B8679CC	A92736B3D137D03E701F522DE48AD4D4EEECDB58	7AE3B8CC81B7BB760BC5C2871746375FD40B987A69ED7A076D89CDE3A4D2C5A1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\id-ID\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C6BE9C842605EAE2DE0CA247ABC811E4	768B46D4E5C27BC1CA80D26141923CC264578B26	D6BF312F187BA21A9E9AF56FCE501F1B18AE070F6DC10A77EE2F5FA2C5746577
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\id-ID\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5DBF3ACE7E62BA0FA928E6FE7822C52E	052B362D5B5D13436B3224988E6240DE192C798A	B977FF0DFCBF8011CC6DDCF6A36F50A05B91E04A1846218A5349813C1E54876C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\is-IS\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BC014A77F2F3923785B90CB65AF9752C	1531868AD3A469341683F71A5B779C9B4C133863	DD754F7AEDD3F5B6F93477FE33894DBC92F9D717A10658F19795C116FC552416
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\it-IT\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5D5AA96B68716BC5F8CB066B103ED999	A547F8357405C226EE4E235F7BAD02DC405EBCF7	08AB7DBD73C4C4CC3CCA2E0067E6F892954573975BDBD714E070C37CE271414B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\it-IT\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7055A21FBC2CA34C95BA3FECC929E7D6	C688305EA616E9807248D0E93B10A22E05C50112	8BB1FFD5A999362AFB00906699019D00AE2B36F9CFFFE5221554A0A43A3ECC7D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\it-IT\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0B1EE20C39BAD933A02B40947D79E415	C3E34EBE04C02FB811737041D194CC35DD0E6B54	76BA595274DF68456154CDCA8B05CDBB79599FAEC432C462951A93DD5E2A7A2B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ja-JP\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5FA5C719AEFA8F644F59D670D9DFC8FD	6EEB50236AAAD1DC59159F3972CE3A03EC3BFB5B	67D856803FA537E2647E7F0087DEA389EB6E2D8AEE6E3895B23E56E6353E7406
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ja-JP\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7FFD2EE2CB6318912ADA055C239383E0	799AC58C7735B70C30D66D6874ADBE254DC59363	506EB2DD5DF32B1759A04BDF65E34403E70F694934200A17947E71634394F41A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ja-JP\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	41683CEB90987387D8D3B1904802FBFA	0AAD4C75BC8776357151338789CC2BDD9BE38952	3630755A37A41192F30836D4DE579E9F51FCEC08849DE82F8829DCBAB03FB456
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ka-GE\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AB49AC91B51809B75A90D5192F4F845E	4B2AE540BF3B6E0CCA27FCE7F93CD1DFC76F5700	2EFB063EA56A74523DACD8033243A24EC1616CAE1231EB3A2A7B2CF943E8B6D1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kk-KZ\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	74640C0C47C814EA41AF2323BDD2DDA9	64189D6CFAD86AF848E5940CAFE7EC57C44735D6	FCC3460E1104A4AF02106432B8DCA607652AB54E96339E2F6CAC0F70A8711C4C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\km-KH\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A2F924A0D69D0E8DFA54943B8571C3D6	117FB05674233DB60324ADC75925F846334A7E53	C21F99B26633CAB4633E60B1CECBACF08FF277D0A0B0BBE3E8E7F46F8B3554AB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kn-IN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8350EDCAF88D1A7D9C2C55E96B6AAD3D	16A75EA5CBEA56188684232FE8C72D1E4806A495	C0E0881CF88DC78212D4E4BF85167B58BBA4B6CEB7780F650AFE671D4AD48250
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AE51C3682C579E7E9C3A732B8BD12B92	3736D370E78FD27FF5B8D42FB2D9E8C0251E47A5	811CCCCB15C60DCCF0A5525FB02F733A87F6CE45DE3684B8ED2EB9C6C050B482
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A39C39975E9C4215BFD25863EBBD6611	E9D81A2C7414B98181598DD1E7509BE8BC2CC2B4	6B0F28F590A8A5FC36FE3FBE503544C8473879A69DF67DC1EC5801AE014222D3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9EBD98BDE1568D35F3256B5A20877132	6CADA8AADF416B344AC160974D105BB959768283	6118481C864D9F46C45A5106254BDE73793FDA365859457EEA49677DC03C54D4
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kok-IN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6814B621085F67F4718B74DFD6B09B0E	901ADFEC944602AB76AFC1370AE240257F052BB9	F1B90170315B3B402BB7922D6AB1434A1C9EDA51DB7C933B75FCD2E559FBE351
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lb-LU\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EF6C3A2A9CF1A0C244E1B53D19F5D302	EA8F38BFB7E34505E9F8C8EDED1E93D5AF6A80A7	923CAD8C2B08840A9E3487799C184D7F59B6947BF88262797E6A8845D429FA74
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lo-LA\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D9539C8F74E2EEDBEFEF035D9F50825B	AD426BEA953A1A92B943122A74AE364B761C1F5B	092DD01574E23E344E70105948AD9891B50A30637787D5334B79B7EAD4535C2E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lt-LT\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A46C6FAA0D950A993E9947125F1F3C12	796BFE6535D985476CB4264E1D17A5EF512CC31B	FF51A1BCE3C055476082EDC451B7B563DC6784A3D15BB9BFAF74373F977BEE0A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lt-LT\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	25598C61F303BCF9C8E74A139C5F5006	4D8435627E3AE667C89E6098316094B4B2CF5D6B	D0F218C698CBB3912C42657AF179FA3FEFAF87EB4F2C67C3E71B68D181C2427F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lv-LV\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A486CEF451F665013B932D849F24D1EE	B31E806A6156A95A1A5440627C12E1018FCABF00	02E8B921265BB9F02F7350355CCEBBFFFED36693C1FAC186C04A3E78FFD22EE8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lv-LV\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D0D9DB7A270E5B36F3E5DBCADC26DCEF	CD6BB68EA91161CA8FECF06D8FBAE93EB311AA59	618AA8BB41759D2986D5F8061AC3F7572BD6DE7DAAA6BA2D28C9EF0040FE1F6D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mi-NZ\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	78BDCBFBDF9A137296B0EDF51BC8F091	484718F95CB95B4F010052462372991E89F4A95F	2C0C411CB3DD91F830F4C23ACC4D60FBEC670F5B93AE31AD66DC2FB26738AB19
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mk-MK\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	08C98CE080C6C3430B66F07AAC11A3AB	D944EA94B4CE05294F5CE5508FED5A8DF4A1179C	2844DD0DF993CBE4BCEAA724150D8C5223A4DF1246A270A7BEF67F919458037E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ml-IN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3711EEEC739A0F562EC98D556F9B498E	7747BACBCAE60036C347C945E34F0DC6947CA586	5E5732BE1BF657509B70D4AFEE6A9FD5282A42CD9147012523C4805D11674AC4
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mr-IN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E3EFD493151407191F09405326B6F32D	FF2FD1B6484B01327ECA0BE436CC6F9CCA2047BC	08D3BCB7F114DDF296D03312A59BA9A93C225A44183C256EE7C22B964EF13CB6
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ms-MY\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	856855534133A3385771E42BD0BE478B	FEC82F2563482FE4124898F21E680C49E5195ED3	36B1B17516472D9EC4114EC81BC52E2CAF29DBDF64CD0E72552C9D4FBF5603AB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mt-MT\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	058DB4E1E4AEBAC0C8901C2469A6AA14	4ED685DD17B9F026977ED4CF38C6154F870D211F	A30D058A9737162F4C99A446A6DBB7E00DE7373516CAA4B260679607A346C8AE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nb-NO\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AC74280A1BFE8B8BB5FFA5826A8C84D5	BCBDE474AC9480DDEBC5A1C2CC369B8787FEBA77	8E26439976435254DE7658D14B588C4E4002DCECDDC1D302878D834F057B68F3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nb-NO\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	61D8AE4EE069487E80AF05BADA1AB9EF	CB132180D24CA045FCD9A57A2EC6839D594F37A3	FD172FEAB75B64B2F9E75C4091ED1AD7B97A4CD92557B65851092B17E8A81ADD
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nb-NO\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1CDA77EDA6D5781FDE3DFF6D7D14A9E7	044EBC7EF2AE08B52ACB4D19F872339FC8B53CF1	7457F53F93C64C23FE0C3511963520C8A95EE2CEC8711066BCC36B7243D85659
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ne-NP\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BA17508B62BC4408E897EE485258D8A4	3A1B59F35B5D8E5E84E263E17467A2357E9936BF	3AED95AB51017AF7A4DAFD6FECC4812E8578826F0521F963C6C13FBC5E3B2894
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nl-NL\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	04977C053A5BAA5824505F3B19A2C271	6E928EDA327E1FC64EA72FAE67051764A5F8FC40	3C1D04BBE2A56993E74BD37AB029DAE4E9604AE52631DFDB3FEEA1213DB59A5F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nl-NL\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	90F56CA3F7445A382B59F8ABD77CBF19	0CFEDD0993CD6DDE547BE96F6FD20212F307988B	0E361E35EC4901605FD73A826CC4F9F39B3E92932AB2779743D1345DE9BCCB2A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nl-NL\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5FBB433A0D065AFBF4ACB0E7445C24A4	330119C68CA8F86B840C9C2F70E569CCF52AC117	26229FA7C02AC36B9F903541EDC000AFE69B37AEADDA2C4D9D3E97CCB1625F7D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nn-NO\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	00B97153E4DE0EECEC497C3B1F897266	17738CFEB28379B1563E42163BEF6CD565DAFD19	B988E15B5F37B47C6D02D101D7DB9F6A31642B0A11F04A172B6903DC6E140087
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\or-IN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B171B8080989D87A448D72DE5A7FE381	3B860DD25F625791997B65B2302755901145694E	FFCF74A50CDE919E72E360D807FF51A88A212003F6F24FD6AFA7482C1BAAB5EA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pa-IN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	98604BB46A17DB8242AD42DC8212720C	17BE5E7A2EB6981FFBADAA14911319B22DD9E441	ED12D986D59BE0AF80460589FA2ED565E14B75C0BAA04FDD275BF21F418DA083
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pl-PL\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9432D9494247AB1F42580C61A868174C	C55DA0BCDD0A808ECB5EF6E51B69EEC47D243E38	B6F941FC3938E7EF4974D7E2C10FFD2494FFD91C1FE04759C27FC810C473A9BB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pl-PL\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3E87ACBFB5B3763DFB6099212420B953	5F95730CE4999EBBF36E9AFAB3050A349529082A	BEF117DA8B7F48A94FA314E5C03CA7A1EF7726CCD6458B1EBF7EA7EECD320244
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pl-PL\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	789FB0FC805C2734CA4E5FAB41E2613A	F74A2ECF5034317E9702F59644FF1C885A3E7E76	0C26F2719A8A719947EEA36F7D94D1D2FB5823BBFB86359616573EB925796E69
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ru-RU\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	202AD6F303D0B54A28C6ECAC7263CB84	6D5C0939ECFA9B81F81B30D6949A963D9DDF73B6	E12645311A0A8753F0605F936B9B6D4C782F3D42100994A13D1CEC585FEA5849
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sk-SK\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A5B822017C8DF44AE1F86FC40CD41223	783E148BF01D7F6AF4C816D2F9D35B75847944A7	BB447389B2C11A381B3D04B3CEFC08FFEC208B96341C19B7BEB2258DB2B50819
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sk-SK\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	75FB16EA08FA9E1AF7EE993A59CFE075	AAAEE25A4B350CDCA6124803AD4BFF65A0C35032	5668799348E8C8E1DB27529B17B3479604AA82547F676DFA2A6D9BD048938352
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sl-SI\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	03A29E93C32BC5FBF9D53970020C8AAE	4EC264A16FFEA2F57887BB878025AB2CF7038D89	DD70977911DEFB278C77E0D784A22A333FFC41546CC4C6506C12AE71EA892772
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sl-SI\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F8D2AA12BEC653C2BC64ADDA142E3968	D16278D77C8589A45C275E3603959B8DDA4B13DD	010A81C4A87160770D288714ED126D94B865A845F87BE306352E817CF653B765
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sq-AL\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	240F6F0252BDAB805CC1B198F0039C2A	8D838DAE380F8C012FC100D9632216E58DFB90AA	977FF68D55AC051CC9F33DD90D14AA67BE398C29A6D68843BF08596A767DE86A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Cyrl-BA\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0CC50AF3E8E28E688D47A24EE87593D2	CCDFF0B46B657085684623E559E0CB82DC8E8D9F	9774B970261BE380ADC92866DDAEDB1D0BE94BA36768F5762E974E2E314D63AD
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Cyrl-RS\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	663081144A44D2593FCC1B257FAF83F2	3AB6494012B239BFA058F9D9BDD455AA3EA02597	A2273801350D41FECF856EE576DFFF4ACAC743CAC5C129675BECE810439BBF00
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Latn-RS\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DEA1BF2F1792E2E5371C7D236529E465	FA1B1D599DA4C6723C05C5974F53F46D5E8AF163	C407E7E1EE5A0B2D42476EC7B86D2CD91F31D2EC40ED364168DFBDA18989D66F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Latn-RS\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7CCFB457F7899DD03B938015E24D8829	A13565ACF17C50B28513FDD997174461BD1C343A	64B51DA8B6630BDA5DD49C196ED2BF9B38F31294D606035F58A1E67B71E55397
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sv-SE\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A5401FE82BBA6E3AE771A37BC1354A22	8A27BF86946E2AC2F1656DBE5A990B350A769792	11E4F1EA37D25DC19E5458A704500D907C1585F8E5026A892873972FB0D90056
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sv-SE\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DD4534FD8F7C9BF05FCCE4A883A24950	7233BC1A73B4D099EC5AC7E598A681D2ECFFC249	02E64AD158B03126D0C6B3D0A29EA1C8114B41108BE8E50692D4239B0A935435
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sv-SE\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DAAEFE188A9CE3E8E5BACA0DD69FA25A	D8FF3A1B97D1A25C5D117FA69363F369BC4B2CBE	307DD3090AD712BF60EB922CA3616639B8F7EE22D74F2A95E80A61C92B896C32
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ta-IN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	157E8FAF9BBCBB20AE3E130BFCA5FA0A	41A582E2908DDA3EFF4B00C2F74BDF60E86ECBB6	A327BF8FE21282E2DF9369434E638E03440F79A2C2289D9AA1B63E2C813EA5E4
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\te-IN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1EB63B263E99A2DD59DA9A21B555D512	F6A9715469675705BEC7A8E3D8012FA9C9BDD0A0	C678CF830B3E41F6EAE84FF5E60DA8E3841FDF73911A3A8F1F9F64CCD31762A1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\th-TH\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	26CF3A50FB246E703FF6C746A03E9291	1831A44A189B6A6D26A1E795739ACA47FCF506A2	0A1549E0536B5EA687EF30FB48409A3887604FC21110561150F1C16DE3C40DAD
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\th-TH\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5BE3891C6E9B58C57FE9632C1D10ECFF	C76357E9F8FEDADD5C77239E65B3BB12652EB80F	91FE3EC0EB74994D036F8B24DC6ADB4A18BCB912082672BA32109F09003E0CE6
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\tr-TR\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8726228E56AA4359DCF9E3A0EC26C528	DADECD11274CF474B06277336BA86931473DF7F7	5528907CD1C18039F521C086756AB731B1FEDDB8BF3E8C3651C6454886D3CF79
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\tr-TR\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8A8C62C822B6A1E99131B45CF0EB08BB	66CA5810339B656448473A86C59D3581AC2B8DC9	1AAF9A0F36D442BE476289FE02497A18B59BE2968FABCA89E23B73443F6248B1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\tr-TR\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DCFA49327E45DC7C8E5B03F8C956281D	1903FBFC62A821810EB241C7B75D13E9FC7DC043	D2E5CC4AA76939A150AF72C09AEA4B3C8B9707D3601643059AA780407F5AA9E7
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\tt-RU\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1C40B90D2213B4FFDA6E5F39C45FD876	63A3B856663BA2887B86E7DBE3C963325DF5C409	38ACF8E1C3996780A42F44B0C102B22FD0662111F9DA449616C80ED0E1CC4131
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ug-CN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4DBEB0AC5E489814652BEE6DC5B77DAC	DAF5776DE2E5E770A75778E58F637E94C887D689	61A284C755DE03DC876A3500CCF1AA27F58A4D038782DF23EC2E460770763C58
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\uk-UA\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F271E6F52643087379EB340925E219D0	743E54FA9856D6AE192C5942451E9857E68B9B35	CD7A75923863546414D3F53474C327E697E79F1BAA5BA503EBEC4DB3E494F521
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\uk-UA\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2D5B35B708230C230B2E8464025A1BF1	ED157C4712767F2B981A35CF2040FBA5E9C02920	B16D451438FD49E430CBA7C72930D4BC4131D20C1421FD67DBAF256D8AAD8A07
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ur-PK\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FA0BC9CB92F7002CB09B4339A80DCF10	CE44ABE20A42D3262B388DCD4B6F72E65ED9F6AE	B7ADEFB0BC6F175B584636406F1932AED47C8D9F78E2EDD0F9D9431E128C1067
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\vi-VN\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5151A27919D024FB52FFAF3C11D55E1B	060AA58D45EE03C047A4529ED7673301734595D2	DE2CB55AFEF32D4526D888411224C489FF50CEFC9583C103A10DA9D27AAF3361
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\vi-VN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C9DA11AE84DB656E2D77B4B3029E43BE	10B3031F5202E761B2063B57F788FD8B60C2D367	D337FF0C88B806E83332860F192DFA5C292096923ECAED0787E59B0198E99388
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-CN\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A49ADAB804916F0EC212C0796E33B5CE	5A0BAC0E5B87920C6A0891613332957435E83C60	C9C0150B2A06233A88DFFE240AFEBA6A28995B41CD6D8A7C2A23D7BCA08A841B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-CN\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7E7B12F8E6B69BA6ECA1147E40B246E4	C3FE0B8D106DE588B709988AB4C31D681815A2E9	B98A99FADD60450D86B928D79C6CA75323C51C44F98ACF0E289F1C5B12B2CE71
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-CN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	193992ACAEE82ADD0973175FCFAA7AA5	5F735C79548F73B123AE780DD6278150A8FF19A2	6258EF2D1FF13694F1A94D421DA0443A8495BF7996FB80EFEB89DB6670DE6719
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5F56D41F06FA5EE812F05425A03540F5	0BCF8ABA8C6DD309DC02051112360BA7E76B9DB1	5FCC4C184DBED982E508B87E3CC5DBA2761E9E94CF3D830A3FE340527BE67CA0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B9B3DE9213646156F60F260FBFFA67A7	A5C63A28894A6914A796698A863CD58C4DC2ADA0	D275AFA020A0153E7BD284E3B2D1B444158B45B43459F8380D46660285190FAE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	30A94DFF53691C4E557DC5ED5FB885F1	CCD36622A193B9134FAB5F40A90A4F3F86C546D1	1605DB411C0C3A3F80C05FCFBAB0B2BD2EB6EF5053FBF6B4B23DA521C874EDB2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Catalogs\IGD.CAT.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B7173DEB96434C773643B2F6A56AFA83	ACE9DF1EB18A5587363C9CDC01848541C6117D29	1E4930D44AB3821E7C9C9E7AFE5FE9AF27E3F1F4B45E47B09ACC2C2AE02D6F4D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ConfigSecurityPolicy.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	77085390A9ECB790AE78F85C14576195	2E6EA90F74CB75FF9A82AD583CCE3A4E011E2800	2E991FAD9B3BCC3A113B0A1D3B3D13C7BC1B0B86253AD6D6D01C099DBE1D5EBD
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\DefenderCSP.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	13B385B156F6C3FB4636B5ADE21464FA	F2AE9E4D0C6AEF70EBA10E60DFAAF8E0357BD1BE	32AEBA9CF228762B2CED27493BD35B51179E97FF932F5FC3894F35B814F63E51
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Drivers\WdBoot.sys.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EBDA327FCA1F3D3939F0D73BFD3518BD	85E4CDBD107A6CE96567BF28CAD15254EA7D10A1	DA65F95721D95BC1923EE815D7680347A3FEA405C88AE4A65951E66D7B661B16
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Drivers\WdDevFlt.sys.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	898EACE52CDE565DEB77210F4B8E1E21	872D19353DB02E5EB4A958DB1E04EB3B55F456D4	B45FFF8BA4C032631521504F0946B207441732778156302B243BF8503C1752C1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Drivers\WdFilter.sys.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	537BE8AFEBC04B751ACE9399998CECE0	5437AF0B3D988C4E79CF2E9ADF0540322A229867	947997143918789EFC1D9EC52F2401E21D16CAF08B952596CA9810481E7F005F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Drivers\WdNisDrv.sys.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	63EB176C45452673F930DD3575E574EE	842D21CCBBC7A3AD09334BA934F64AEF6BEB537C	94888B10556CD65D35C66DC91EFA0C3380B6B517CFBFA8014FA74381D9090E54
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Antimalware-NIS.man.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	264A2C112B125891EC70DA8697DEA4B2	8C8FADF71D4C526EA4FA8EF4A29132397F46494E	FD9DF99FBDFAAF4523674BA023EEF824DC000B9D77BEEC7B8AE8B08ACE10E3CB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Antimalware-RTP.man.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B641716421C9E3BC70A8A8CA35AF3832	3C912B243EBAFD4EB682FBC035AA0807F6DF6BBE	6D21437A7FED8B0CCF7A67EE48D7B74C20E311AE1B7A57A27046AE5144D089CE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpAzSubmit.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A44B86A10992432E619B2411DD2FB53A	BB6E3A0447466BC5B01A75E5FC6479CBD36452AD	DA30A9EDD60765D8A91AE04561C30674483EE9BA12F14A607818BA6FACD15B1E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCopyAccelerator.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EAB857E112C36BDD82EB8D87FC9B5484	5BC3552D8B0A1C798C5591E3CA269E7BF368D37F	EA8298C4B4ECD71B9CC38AC3BC08DB61DBEAAF173AB35836E9F6A003F4177186
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDefenderCoreService.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5CFA051DD358E7D06DFB060440636B93	EB118188FFCC15E68A9CFB1DE40EF0EA6A78C191	2C5F3807B8A22851BAC5728303460D14FC595E05335C1D3B41EB689A5C9708D4
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDetours.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E94598FAD415079E7742D1C803ECB785	4D44DCD479E2FF879068338176A717747DD8EF02	C2ED40F0E390944765006DCEE961E53318CC69E8F29984DBAECE338C2029B714
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDetoursCopyAccelerator.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	75D177C465F372D828C1FE453CB15C30	05A9C4F61061FD3036FA4AB954CB6AE7353F5F80	4BDBD6D0147B803D0057D61E8662FDFD51A2B5ED4CDDD2BF49B905CA31D674AE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpSenseComm.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	88C4668D6C424D03B51C8C637D023863	F1E23DBB786CD9A6DA932AF73C3066BEB9795CBA	E63EBB35C30C5F6A1E2643B0A543C39D78DE5B320167F35D050868BC91CCBC24
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpUxAgent.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	06F6FCCCBA5B79F9C0E09867E5718ACF	8C66D248856A34071123C3288F910ADCD6B73FB2	71386F13312CE7E0DE908B4F985340B5E97C7870432BC08A7B1D108D38A749D2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\Defender.psd1.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AD104782191519A408644DB905ABEDDB	5D5BD87B55B7B2682667EDB336627FAC3E60F1F5	E26CA3CEC0BC7CAFAAD9FCDBD89848BFE9B3EE9CF3556CE2960F9D363B394C53
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpScan.cdxml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C21BE9FE6F8D841B9F7F13DFEBDE2A53	F451674B7B86272FAD0E34538BAB9DD29265C937	9FC568AE53A59AB33D086600B60BEC0C86BA025F17C1D8CED6E09AFF40971C22
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ProtectionManagement.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CAECDE5D08CE1EFA0A9FB87B4A57C653	A586D50CDAE978B31B2CF1B831D4C5E26C4D2AB1	FB03DEA9D85B0077E07876314F31631001C1F6E2517FF816E46CC6F305500A05
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ProtectionManagement.mof.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	976F62A32822FA0EA63FD8EF36293B28	56FF3EA497246952F48A6ADE2BD6F6CD1DEBF7A8	F2C8273F7FA34D4005BADB7372AD89FBE952CB9F308B5F5558278EEDF21F5E40
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ThirdPartyNotices.txt.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7AF06B3421DA98058F3E2AA3AAB29FB8	8FDFE77B0F3FBF8535E7C9C0DC430B4C4592E115	7A90EB5F5E955F01AB9AC3E96A84E76D9E30E7418C7EFB2842E7FE6EB926E597
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpAsDesc.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2094C6C946048B62FECCDE6EDA387EF9	E4B55B6C79B77B291D8F0397CD46D2175D611FB5	449F4FE2413A3D9DFB20CE789F22889767C20CA0CCA51A4C99DDD82DE12AAAE5
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpCmdRun.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1CBE50A981DE513F66B45BC3381BA674	09D27BEDC99218D584CFDD660A2F3BC2A57E42EB	EBD1FF245F4FBE3ECB5188FC40161E2A3E1EBF085D20CA85E18B13B0713F7F6D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpDetours.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BBA7E6DE36E6368660D1CC94FA81FDD6	3F9F4CF5E6A1675FA79A03CB2FDC06748AC7E2BE	F5EAAE61A21F29EDC18CAC8C98A6E582D9DC7A0A7E51A8B8F6A8215D7E1617C9
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MsMpLics.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9F0091F20DCA813C1E650988B5129E35	5853A521F5DEC8D39A5219DE4B20559076175BCB	FBACF5A863230E7C4DD4E41E1CDAC92688CA47AAEB9F97E5F69C1BCE5A0DCA73
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\en-GB\mpasdesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FD3B6300CBAC1DD05050CBB6314F3CC0	5CA3809F7E7E9495545BB8032E2FC8542D163773	370E6428409A47195459F1664398CBB78A7A3360270AAF0AD5FB61830CE34D93
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\en-US\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AD778D91F4AAA541DCEC2D562B2DB815	208A471264D2D3BA2C52C84D74A81C17FAFD8EB5	6DD4614516DFF47910EC7301B3CB8C7BB45274A0878DD4EEB5D3784B0E276F34
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\endpointdlp.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3F095539A6D6FD6C786AA6032D78E004	8922B96A73CECD3F414D8AED63248CBFC9329369	C377A810C646E9B97EE54FF99CD9BEEEC9E259A3827AFD7A677183B68138AD14
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\af-ZA\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	ECFC505AF07BEF464EBF0A51C0D684A7	3D090D494706E71099384DA0226092E4DB1D25F4	9C6A5671DF8FAE7AD6EB797204DEB49F7895C85EF47799CDDC38792270B85979
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\am-ET\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D0F835FB4482B65064244BCBD732F8BB	0CE6449DEE8D576DEA3F033DAFCF6D0ABBB17F2B	89DEBBE532F210417857CC184CA997BA98CA19225050AF3716051E547BE602C3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ar-SA\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F63DF40CE9D159841DAD57FD47E8EB9C	7606B57681292F121F0B5D53D470855431837CF0	5CC7C0A3C2A05D14321D173202FF65040C24408F3B59863D43E9A00DD4C4D6ED
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ar-SA\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C1920A6A3194361AF684A8F60E560927	78FF501CCEA472C18E52315A38B1A5F797B555AB	870799DBECD1412CAE5B8BED72A441444AD43CC0C47F716EAA7E5261DD87607C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\as-IN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	67146D4751070F00874077BD69A5F564	E5CF1FF65A685B8E9015737516A0B3446CA9F419	580F1FC33064E40D759499926BDD1A26C4C28CD2576AC36D33B984796AD5CA3D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\az-Latn-AZ\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FFAAACB248215EA374EC9D6871C73EBF	C5767E141DF9361DAEBACED55BA7CD203E6DCE41	F2911FBF241D9D164FEE723B6FC969BC43A04F61A3ED60C15259AD18C7BFDF2B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bg-BG\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A8272FF351A22827058540EDB4643C2B	990BF6910098D8AB68154A64C6F1ECD77491A08B	ED12636479E180C3C7D6B14FB82599F657BF9A14E286EFB8897DAC6F6DF1A87E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bg-BG\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	12D8505AF4EC3F3C5D26DC19CEEFB325	F0AA2D069F59EF880AF08F7C17625CF07E04020B	E9ADD5F52625D3DD9CCFA39E40DACB92A11E1C64207BBC0C595F0515868EE48B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bn-IN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	511AAA560F546791D78E54D6E1CB56E0	703E7EFBDABC620960A81F1BD2812360C9923D3E	A070599ECA3F244E0CC0156E8A4DAAABBCC861CF0972C006EB46FA0838B6C1D3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bs-Latn-BA\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C2AA2D39243E5E7C2C09DD87A6805251	F16C7B8DF2AFDE0669431B5E5B9B848FCD4487B5	CF5E9BB4B35D550748B23FA79810359D5E25E1CBD5348653DA3895210B284E7F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ca-ES\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1CB06BE249EC61B3F439AC0716459B91	FCEF4E1D4C9AF78099DA5E7394421167DD4F7B1D	F914936004C8B81FE38EDF2805D7226E1F1A28A225CF63F25A5019D84AB86EB2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ca-ES\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	50FA55B2D61FC4E89B8A51101D61FA40	BDBD4C78EEBF3819738E297B654CAA2156ECE2C3	B59930BBCDCAD995B15CB7286BE1BB938F61ED0FB1ADD824141D5B99439D945A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cs-CZ\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D85716216597B43E0F00913A70A90234	6AD4DCC2622C6FE8EBB44C205DB76ED565B03E4C	7F8E6EEF8456607A17BEBCB318EEB80BDD2B591114A143A115C4B62457F9BAB1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cs-CZ\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DE3415F93D3225E070CDD64F017DC320	30F501D25AA13A874D3635A247E2A781BD4C9F65	ED3CAE663C5D5BD10EDA419EBF0C4740C87E96E15AE4412A17CF9DB56BD3160A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cs-CZ\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	069A2F7A10E4039AA9A0C13FA00A1CCC	A40A1AD7B248DED06905F402F367B4EBB0A7CAE0	7E04100CA9C35F64C85FA4A7B83E521786EFBE0B1C1E468CE61565F84AEEF984
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cy-GB\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E656511218805623BB15F8077197429E	566DD776950C700CF86E8906E984192AFAEC2AED	E67D7427E30D3A6BD03E2A47B7C2380FD615848B8418FA36EB5CBC7D22B70133
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\da-DK\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	95B7B2A5CD0A82BC27FBE3A3730FEE73	2D62BD3BE729E19211B565CCD8D27559C41AE38A	8CCF324E008D4E295399E84091AD15F86EA09CB101E4A57507C7A513F0D58C21
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\da-DK\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	95B5322D069A8C392944EF9003958DE8	5165D53A16C54ECA0AE513D64AD784FFAF561DDB	444F18989DF9D790AC3D7AF6D45CAEC3B0897A7DBB4BC75B4ABF04E3072D91D0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\da-DK\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	663B2624656762B5392B396920AD64D5	F6933815E25CD0F57C604C69512B1A4A0F5A82FC	8A40F24B8DEA15E0CF98D19DD4C4C4D0B514230A78EFE03E47ADB1A753EBC040
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D82369908B168733B4E919DC135EF39F	B9D20A8B5DCDFA722BF0325ABB9BF378E7F98AF4	F5272923A8CB10100206D3314E4C6AF6FCDD512799D104334E98F89A2FFD6202
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	30EF096CA6D293EB7AAB5423AD26B287	B53A65A4089BE48E21E8703DA4BB635FFF35A070	E006E23B4ED912E7EB6437EBBEC532C0A1C0ADA6A3934E67CBBF0B918A919ABB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	29B6B247D99A93EDB6DF6CA759D60FD2	9D9A1B158D0E3FA19AF0158D0F66EAE89C0EF2E1	504F6096850528E95F6D83A7841C850AEFA7A66A888184B1C1425B295BFDAB04
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D0A9D322291D809BBAD83F4163FC86D3	845E8023F2E6C76933AA4D11FA9DF2A99D9BC42D	1810DC136E17557A3432766B831A66B40B7D5883A54C082296438F7FB8DAC13F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1EEE421BDD7054ADFDBF0F22BE8EB44C	DA3B81F3536949D975A5DE8A5807229B7639632A	34F4BAF18E597B4AED72DFE573E62EB2D843FF3744E47394E99388A94802D921
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	44E5A21229921BB728D82DB386196008	4E21243B1CF9E8D31C71240A819CC53BB51B5C25	5702BD11F08499AC68D95940C351ACD945EA098E790E7D6D5840036BD5CC83E0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-GB\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	957D65D268463643BA5BBE679AFD15D1	616A5DF5A49D4B45C88F119AF8C370913EAD98DC	A8AEDA71B888ED223C7BB882490B2831990FBA92AF98C804D75371072C0DA114
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-GB\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0822E7FC37E8BDD634FE0148E2FF15A0	A1E90CD710DEE9112CA57C0C525B97A92489A698	2BDCA11BA0DFCE1C449DEA3D0AF7D088A8507F814D8DA9E3A708CB01E594AA3A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C8471AE7853D719494DDF28DF2BA6A55	1EB8B7518B4426F668304FD48657B23E810A3DDF	9D66F9B73E88DADB9F484ED0D79E3DCB3E9A7F7ABC19AEF9B570C4437A2CF61C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E9792AC0A6A984103F8DEF82BA44AB05	65137A8A7A82C340994D37612471EC7F65C40D3F	F8513AB649FABFC5BD2641734A2ADF5BE4C524B07A93BBAA1C3CD466D927187D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B648E6BCEA08E80956B7EB03AE23B1AE	05A79DFCF01A203589F8E6F281EF2BF4C87C4B48	47305CC558A808D2DB20E7B5AEE595440DE2881274DCDB04EF866D3914A3A51F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\endpointdlp.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5354CC58D03756A7CD029A1A39EF1F3B	7AF0F6633DF311A942965CE7102AE50E084D075A	32803B68DAEC38CD66643E7ABFA5167B868A6B0FC21174B7C2141C163B5EA82A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7105E783B56D777D70C2E62ED4726F33	0BAE73341F54FDDA68B50843D9CF7823A94EB79B	371D0E2AA9B2E442695E7686C59A4B4AD55360D620F6434301FDBF1A4AB17BB9
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5A63DA48F29FEB770E36E3AE17536B85	C12A1536405AB10F1BE40828534D03419245513F	B9DBC0FFE703AB01A4A258C0D5D57EBE26B73F5C5B2EB34F23C5D7CD53479343
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E6E71CE0754AC6BD7E29555690A47AF9	EB6A82690763717B7380D29BAB3DAB5F032C95A3	76AC859047EA835F478D9C73EFD1D7C3F768670AE130C841EAF5425C3CB967A9
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-MX\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6D84F7FB6E2EB565700A5203C73CC5C2	A0141F19ADCFD5D424DAAB6EE6FCCAF3842006F3	CE072456C402823B7AE95475379F33020C54E209DCFF1FA92148A28D38CDD7EE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-MX\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	259079EAD724B34CAE52D2863CE14774	6D76B075DBDD6FE0EDC2267C24B4C69B6A9C3DC4	AA9B69B7F6825440C9B7E7952B1C0BB17407F846764B8E50E72D84BA3551A82F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\et-EE\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DA19829BA3157FB2C1F209F7FB29CEFF	554EEF6B0151D86E6553C8318FA4EB23F00B9D07	88CE3A31CF66C4BC859B76A518AEA7682F812B38C22CD945333CD53846B24403
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\et-EE\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C9274205D9937582BE32DE9182710AC3	516D19549AA02F8CDFB88D6B381708654F086197	C2B624302C8AB2EC924B748E3CBAD3920B7257C35BA765EF3AE94FF355518453
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\eu-ES\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D85CE32BEA075E19548422CF6A894808	1CDB2C2AC98FC536433EF677F8DDE46D9A335AA8	110EB30DDBB47DC9EB237ACB0CB211B296DF02FEA9A9007734C0C000C0669D96
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fa-IR\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	90A8AAEDBAEB74DCB794BA87B5A2D4F0	73EC9B22794D238C760E544C132AC2116AEEBFEC	EBDB57A7E5C4F47C0074CE098322DAAB3737CCC7CF507D811375B6986A2B663A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fi-FI\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E828BCBFB161E9D821B3C3758B92A5B0	E96362EC83F9C204A5E99F54E347AC4B8B664F01	15360C94AF3E0B613A6060F86135DE3095BE2D4878B05A1381D8CE27E697D83A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fi-FI\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C4E04A405F888BD8BC940D77096821FB	EFDD9792ACD1AF360B6ED212118BD581B8EC379F	3C13B4EF12C41AE29CCB3DA47F65627846CD551879A02EC373B5196BC519F8B4
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fi-FI\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	16E0F261EE66A5F00FBF8981BA248FE8	019C642400313D3274CAD6EE0195821C0071308E	DD48D81BCE3D0B8C80E367554817FBF4385499466F444FB3F34FEBD924F3AA94
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fil-PH\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CF447CFBC9396C525ACA5EA24DCDDB7E	F2196DD78A6F8A730C6494C2E7B99A347D454337	507324B03C44A0EFB912DC8704BC6F70221F4425FADB03D82510AC4E9D032C34
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-CA\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B2564A5A6BF065AB973D9D197CCA9568	60B5E0DF61F2BEEAC28C1152DB71C1062560439A	9812897F604AC0FCA332C1744C7B85D97395154758FC0154EBDAC5BC271AC66D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-CA\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	473BA9BDB539E6E11E72D351AD4495B6	FD9E3FE6216311874D10E194428958F2F996CAF4	936038F39A9CEF682B1C7F616FD6F2B1972CE74D332FA904277EE1BF7E014670
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-FR\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E1EB51B302020B7CD7DE82646627E3B1	31FAC32EE50AE16B7A1800C930443307E27BC836	49D79529A2D51BD954F5B9C3AD406FE3A27A97B5CE1AB28ED471A7C8DF29A7A5
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-FR\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EA729CAB638D3462DA7F4F999231A064	B48C583E101DCC1C3E7403BA30A60A011A62632C	D6DAEEF81544CE98AF9B95E5ED275FF20FF91D056EDB4BC38F7F93BC8BC7DCD3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-FR\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D6A2DFC7A678B9C9505A79FF0D55E234	FA195FC17065927711A379812EED5AD993D2557C	74C392BA9FF96CC7184D1813DDCC11B1D8C4D460B2DAEEB36275695500619795
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ga-IE\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	38A67BF6EDCB2043EBBE4C84346A08FD	A782CCCD11FB9671AB14ECECD84C0EC509482D92	8EA2B0A70F55F68E0AB065A56C6680435B077CC0A1795E2B702847D02912F27E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gd-GB\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D8BF7E1C21B491F543BE1DC2FF08B53B	1C1B65A3DD0980BE30CB53AE5D5617823D64C7A0	83EEF850B8C1166F0B8CE299F27ACD1B9938207ACD95ABFB865F2D242E478485
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gl-ES\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	815F5D128902F6E748FF372A25E39156	3C15C0E5ABF4B83E904A9CC985AA0E6B70BEDB57	398CE636A224D5CE55C17D7DA93A2FB23625099065A7539EF43B2B9B53497CA4
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gu-IN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	96CE29156A74AD70A378AD437F68C49B	1BE50BFC2EB69E0E2387FF9DC1FECE2E5BF73222	1D84EC35E8712526CEAB793EA657A561075D3A8A92A7278ABD093068E5477DDC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\he-IL\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CE72A768629FE42FE37C53563D686FFF	7FD5F9D1837E3C1AD7A97754D555B9CC0DF0CEE4	4AB46C6DE33FA9DC7BDD9133969B5A9B860C963929A432D393A81D595FBB10AA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\he-IL\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E5BA4BB7123B1F65C9A3BDD4ABC5EC80	DB8119E1F3D92916335AB473B34B37A16D660CAF	4DBFC24997D8DE771497374B409AF297227C55DD55AE3AA5E0320DC9C41D29C7
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hi-IN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FA696C985BAD62CCBD492FC52D79F653	20F48B9D271EEEEC5B88A6121AE92A3861DD4C2B	1A72CE34A95C4C683A2AD452CBE0E1D29C14022216856A928A0D7CDF9E9FE275
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hr-HR\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D98C59BB61CF586C0E508041029455D9	F7A029DE3E465B45B464A27102B02A97BC4AC937	20FB5CEE40C8F3C63CFA7C59DEA17D18D741E59936417CBF28EC34E83B3E8069
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hr-HR\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8F2973B408A6129A7D976464F8074B66	AAED2670C0338471426082D3E6F9BF7A48B2D7A3	EC89E3DC2B28800180C978F13ABC50D47E9391A59FBAC02E89C115249E777FED
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hu-HU\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9EE0E8EFF395C27E740723AE4EEE11A6	391AE54AA7D3F4DA07C195324A4FD3556DD85B6D	7CB7DD3C72A50F0F37EF27800531E975BBEC333CB3C3217002583A8D1DD97ED5
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hu-HU\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EACE603D632F007A5994D15DB099BFB0	205DF9F2C19C731C5989122287884C1B0026AA0F	0CD69DC4819AF98F003A712ED2FAE847CCA8A388DF29E41652238DB35F3873B0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hu-HU\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BE30E1C539024E516727A45D9707154E	10098DC85FF8D0FDC8B722DDEB77131CE48998C0	2A361AC5FCF2E2D0327F0BE366B3C99EDD1B8A54946B2BD4C1F538A290056888
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\id-ID\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F814502677C487EE6DB703C0269BA0C9	E0BBE39DB3B986FBC778B9A1B428E9CAAD5B94BA	BD252579D926F329BEC17522E105129B2503B459B07DD4D86CDB0FEE6983F404
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\id-ID\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C253391F39D4A0F44DE38CC62D2DA440	9E31D65477DDFFC0664CADB3EDED521E66D6D61A	BCA0748C7409C7E1CA31EBA5CFD23EB0807E820CC7102BEE4740A3BB44DBA4B5
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\is-IS\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	08AF952A435A55ED4BAD123254ACFC17	39D034438B00DD17C3C87470B6F02B9D8E888462	66FABCCD6D8778AAB0E37C1681939D105C9B2349EA4435E6EAC734D06E3B7B90
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\it-IT\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CC08AE1365243B9B200FA17735231B89	F79D6CB5BC69BA24250FAD0F504E09FE8E5609EB	40B767397DD1CF506F0963F2143F864270A37442FC3A53FB9467309CF46091FE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\it-IT\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C5C5E49B45B88B6934535D87B6955DCD	14E674D9FFB29532682738270415BC0DDF644BE6	A558EF6E3886C0F6F352B76738C20E4ECF9A27C8854482B9ECA73BEEEF065AE4
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\it-IT\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	32D7F244CD25C64A02FCACB5CF47E668	DBD1185D58D188CC043694F348BA433170A6BCC6	FF7A38FA52C115D348E064AED0D11ECBA7E0532D445B7B934DBF791947D9943F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CBDE0D82F1B3163F020FC698BD085250	2DA76A69E73E9E1EEB098BCC88D6326AA7EA5270	F03C1133A1AE72B57078978BB08175E510F8F1A2D49B5EFFF8D087726166FE61
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1270C271304E74F53F15425A0202FB35	AED8EEEA94A06B352C20DB7268905055A9827499	02647BEE493918BC190543130207F45D2B16CDA9614C23D1CF6694DA85563463
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EAD73D6902B9F8AB732AC57EF81C5439	AF180AE1DE0EC7C89B28C625B1A88C0FF57F2969	C780BF7949E9FAABFAE41CB6CC67CACC626C251581C104B777D20B15A6A3BEBC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ka-GE\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8783D23426D279C62475B099F0B0398F	6DAF3C007AF250396F2A226634FEDD22B93DC06A	38201595187BAAFF0CC93394F3AAB18B26F12967ABE609F4CC96BA6541368B00
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kk-KZ\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	958F92586924B2FC46F82575D1161F45	8111B98BA217FBB49836392134E0D95E53F9A06A	3E99C855F22108CAC2305F794C07C7D5843A0F7B6763F89C0D920F485BC2F6A7
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\km-KH\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	ED97C6F555E7C58624C2781B5392187A	FDAE3B58F16C2A34129D4F437B2C07566651A592	A5B91C1DB6C1D54A1D64880866A715CD9C3B512270F2065F5BFE311811937827
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kn-IN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	37A33BAF549EA7E3F30852419B7186E7	95C2CA30DF59153ACB4D0C5DB19BFD3801D97F57	50F31E8040C50BD72D51055DFDA7B8702AED314A2C707422525BC1445438B543
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AAB51DC17B850843E624EA59F0237875	A8B134C84DAE675E13DBCBDF346206AC1AF0CBC1	2C28D40349536066AA1B224A281C68C935BECBA3D3ED77927070030DDA97F3CF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F80892B65A4158683A4CF41569DE3CFF	1EFE4E5200105822913D2DB49888721C4160AF44	E6310898B02141B754CE7CC8236E2BE0C42FE09F5B3AAF3C82A47A7E02EAFB96
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	306AD4CCFC966FD39C41BD66EA1D1576	0AF62B6A5BF7BD9A629B8AE581C2ADDEADC3BB77	3B4A1A6587DA3EA3CFC1BE8695AFFE15E9C240E3C433DDA7316F83DEFC80D97B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kok-IN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3364B2AA727D93554455E49E4EDCC3D0	A71428B75184158FDE45359E73C6C9075B28AC23	B369A6FB82AA81063CEC7B0444372F43D1A116FF3983E9C2C00F2BEBEAAF72F9
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lb-LU\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7C9DC600613648E888A69E9D6EDDBD70	F27A58E5D10D6353F6CDF7E6D505F52B9EC36568	A7C4E9EAAD9F0E6D9B7905B98733856FD40413195FFA81C560DFDC2A252C2B67
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lo-LA\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	68CBBBFB5591652F6A6B13F9FBEC5EE7	7E0031EE2A38696E4368D77B772B3F060FEA830D	376065A430FD2AFD6AD8EE65B75205CD4CAF225AFEF611F1957CF4EFE7CFEBF8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lt-LT\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B73550B88FE075DD670792E7F5C4A996	4F1D00B831CFB57EC5032D28178DA24EA1D2B2A9	02DD6A8975603CB17166C0F6BDE726130B41089DD77D46049754B89A17FE6C6E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lt-LT\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	72A843A94024C263D28EC1D7032E181D	26294254AC7A9045967D3C379F80BD976F85C7BE	C76B257ACC0098D2CC40A913872D5FBB41FE36644D416ABAEB40E31424154F0E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lv-LV\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	997B5764C4FF702903DB16CE17E9622E	B284E5DA46702F456FCB9B8D57B53AD5E7F614CA	889BE6FEB34820A4E127E8AB45FC6F6332B007E220A03FBFEE37A46EBD2C269C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lv-LV\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0D0F1D391221E5142421649B6F9F27FC	39F98C8E58D97399F294167EAC43CAF6FA1470F5	228B464977293ABC5881AD9D7046E60F1B5C3891F352278504E8F82CE96D363F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mi-NZ\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CC09504F626273B5302478E475CE4E0D	6618E16F564C65534FD4704BEB379FA6A6359329	CC56DA698EA5C0C1628B0FB7F4CF1C30DEF1D5B31ED29BF536AE5EA07E702E7A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mk-MK\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F558B84EAE11A62846F31C87D6EE57EC	9CA0504FF8D1AD40544FD4530EA67A9FAE9B8F1A	01470B4E9D92565E4354BB7C9E08298CFC245E034601F8DBC6B915B4DE600B76
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ml-IN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C30B0D3D12B5C009BA28ABC23537F510	600975A64945707BDB220477938E177388C609F0	7D57E2EB606C0B13431148ABA5874B7128AB337B9D54A7803EFECB0F506EDDEE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mr-IN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6B481904B1B08050D8753CD982B05569	93125924BB1E9776D9685998E09CDEB4BE1274EF	D45F78770F6C90FBD016ED56D4FF975902336E387DE1E4132A1B631D2A46E2FC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ms-MY\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	966473949CC0F07A1F8F540214D647BB	C0DDAD51FA5B76EFB226AB55D9D838CA563D190F	1D3B5FB35624711E8EE887392348AEBC9FD2A046C5583805427FB69EE29840B2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mt-MT\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FB973EDE5C6E7D9CAA2DDB5FB2E49BC5	A28251D8387011B4E1060038A23BEA12ACEEF424	72CDDC254752AC526F2CDE38158D4341D0BAE7E5684C1C39A0FEA0B41A086A3C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nb-NO\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9FFF3F7A1487C0043F6DF6216F601F15	0059F1FD743C83EEEBDC0733116E50AF5C52B145	59E4EB021FAA73CB1A5A7A4EAB628B8A81EEF080E2ACF16322F747005B6FA375
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nb-NO\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0DBCCAC286FD253585F668948C1AA783	EA6E1E7F67A9DFE103CD25AC76AF4BA33522A5ED	60E6F291A87262F793974932AAAE39C63794D129F765FD3D2824B66A06D61DD0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nb-NO\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	03639443CF11FE50B1745759665A6669	8E408C7973785041C6907BA60EE754D521DD2858	CE52929CF58D647FEA77A1E5450D09C8CFBCABA98717B119AAF3B1631CC21BCC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ne-NP\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0CE8B776F239CD63EF38719426B8DF50	2E447CBC032220A54BDFE1CA4E7DA522E6E1A41A	AE7BD464E4959F896B8026122EC0FC4B0F6C187D0AB66A1B0D7E1415FC31E08D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nl-NL\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F2B7FC9573F4D7691CF709B46D91B20B	87A19C7AC828C4E5D61FAF3B1BC97225045390F7	7345024C2414E436398D8502479741AAAA40D6AA3739460E72075C3921406DCA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nl-NL\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	079E82A6BFF769FD14063D704C08F922	E948B80C6FDE2A04CCBA755C81CD7367EFE2CB95	CBDCA332A6A133AC0EDE4B815CB025AF73CCA0F0B15832E9A6DA5D6102F4E49C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nl-NL\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9D169AB7050F949BF412F320C32B3B3B	C8085A160990F1C641D7266B22CB5A89B2BA2FCA	57E7748AC1812221F66E4BBC5AF6F0AF5FFAB69822C95090BECFF89EF832B61F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nn-NO\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	09C1B1D2DCD8749E8A0874FEE616B6E9	27559181050810079603D7B4E00E2A7086EA56DE	A8F5739ACFF1364DD824CAF9ED5BEE58269E572877C23BFAAEA3F7499A2EE5D8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\or-IN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DAF2DF81BFAD96202E828EAB0A2B31FC	D422B23C1425C9BEBF28427CF92982FAC06B2341	11A0F79EC879B2488E7EF8B3143B9138B4D700A9BDC6A063954BCA47C9CDC143
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pa-IN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E03BAD1F13FED1D461315B5F8FCD5EE3	F477E71A878E2A0E3CA63A7B6D115BC67EBA6CE6	DBC88979785CF8F92CCDD5BB2DF1A6AF5533FF37EA53E78943C50EA31AD4D42F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pl-PL\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	365C52551315C1CBAB80E915DE8BF4D5	3A7E6B269CAE2C9B13D16440B9DE88938F2B0D1B	CF0D3F4C1EA28E6B776A81E117C720AA9060F8A91614309AB623EFBBE6DCDF83
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pl-PL\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C5F692D5B007D358C6949529BF196CB9	370AEFD0F7A66496A98B1C3961239CEA0AE5FD01	6307A29D278DD89047F22944D46C14CB3FCE5BA15C546F0C0FA2FCA80B779FFB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pl-PL\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	15E2BCCDA1DC074780694A08065C175F	1C8069286D1F3B9A86F4B4B23B9A0370C542490D	96D7D3137E38C9EDB8CCC4A888DA1CD80A53469978B0B4531F5D3F6AA24B25EF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-BR\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0CD552C84639059384F0DB4D7BAA1357	8D32D4A3EBD231A904B9186D335806D72FE497F2	5306B75ECA18A746643F71935602444D50830F3BE9057B7354C684389A208D40
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-BR\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6C8D90CEFE68748500D348A5BDF8BF5A	6991303DC9E1B69E40A5675FDFD98D7B6D35CC17	B9839E99A666B3329059A3CC7BFDA3E2586FE85A6709F5FCB3FAC5B7FE88A7C5
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-BR\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	363CBBC773A87D3B74194F5132006569	EAD6E8F142B9063C098937D1309B5CEB7C7A9D73	929A22894AC1A9AE2C06195FBC1A521727D9F4EC19FF037419EE669D619E6D46
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-PT\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	190CBCA1B2F16FE08D4118B757E12228	F952CF4E8C5FB331771B11590716970E334C2791	446E240DAD1D441635661F063966D6C20C63F5C81FC82436EACC0A749D2FC75D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-PT\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	552C2AD7AF2D223A8190DDB9AAD8B750	AEAA98BCA9290988CCD2A284DBFF9465F9836398	034B7A6A873DE122CB9EE58F7205013BB0D316A6E0F0CCEFDF04EB784DB7F191
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-PT\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0451B5857D5A50EA0383B2CC0EE4CB7D	4BBC236F19ABE84DC5E871BD7B368437F9C04D94	8909A10FF556C0017512A9F7FB4DD2C7028FBC45D7B0B76898D5D6BCA30BB8A5
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\quz-PE\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E8AE44F8E467C640B26715A71B804888	BBB671866272834F7E4FDECD6AF6E4A3253217EF	405001BE4973E06DD15BB9496ADF03E459F293BCBB3C8D3942A46703D3DE6171
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ro-RO\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	32275D282BA82CA9077F0629B8906755	FF0F312D9855C1A940BA45FE3F62AF7803D3D5D3	3323AFC26F4B32514338EB8ED4C248494ADE03BF8F970A51D754F3CBE035156C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ro-RO\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F44F87FB1481050E071557B1C469D55C	68F18E9EFF33DEF31E7EED12BC03151E7EE041DB	F5312D05A2AEB82328BA810852F59C18944D462C5451691B515B8BCB418028CF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ru-RU\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	25592FB9E798F8E8697908C68C67B635	E01D937B0A5D483DBCF73AACEC33D7CE35E01955	6987A82E5C16D092989FF34D2B2A04A0E2D6D1BDD95C0F84D28EC167158B8760
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ru-RU\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	346C976713F48D71AEA83496078A379D	903ECAA77249DD534241789A69FAFDF57482274A	A9A0EE2572D137C467343316AC1B1C4B6AC9BC7039587BED4EB82B1132046EDA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ru-RU\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4EC18FB2FB3310C74A61567B8A6B4752	9E07B7A9B8CC848C46337D4110813AE3EF7DFE96	DC9466B4DF28AF3718FB4B45644110065DB24C5984EA789FFE2896E3E8A91668
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sk-SK\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DF36D9163BA69924CEA8D3FC9E5987C5	46FC6EB1A06C0B4CD319899E0FD6C39B0F1161F8	929A02429E0C55BE9C3E96BBCA41B3740396F580EDA6FFF3858DD8B527A9F2F3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sk-SK\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1391A7A786E122315BE979A6CADEA68B	5E12DFA7B0AF50A9DFDF1A1A887E4EFE0DC08347	BCC80F24D768B1A8DE40C747A4932EAC7EF441D03A098D28CB8AA6884E78BDFB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sl-SI\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7E8688F3F457107DC38DEEA9BDBAAFD1	109AC7388C7E1EA595BAC52492BCFAE08ED8974E	F42D6EF45A197D43C246FB1C7C82B52E0229030715DC280400EA23D581D71A39
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sl-SI\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2C5AFE523CD95503F25E3BC851B412C9	A85BC0CEC89E38A8C16C6667AA05758EEFE898E4	11A7EEF7D91C636E4DCC28DC806EFECA6C8C1590A370780662E2CAB828603B73
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sq-AL\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C9AF31165E7BA4B01BC21B78B2BA0558	A2DD07A13A42B3C27D31E6525220535E11E70011	12ED065255FA62F30BE9D03A32B0DA310051881616A05DBE3D383958DCE4039B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Cyrl-BA\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6F356F9CC26449619374A9441D341A69	292C483F0257AF95CC9246763E00E9D2026B77F8	D9D76C7532C10BE2165BAB9B6EDDAD3A2DFC89EE84C6516AFE183130816D96A6
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Cyrl-RS\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BD1A5C9BAC6032FDC801E07C7F679C9D	FEEA88ACDD91A1236D23F0DD1ED5F6B539391E0B	0C1131A3315C1A9EE3D2376376FA34DC592B09FCA1CE85CB08371D5BD1640069
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Latn-RS\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D70E55F5CC855B5182C74EA131AD8CEB	177F4EF22154F77D54FF0B4C768A2194377F4477	A7505B1C580B7BC5C8C64F274EDAEDC93208150FAFFF768127EF61309AB45C33
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Latn-RS\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0613A33C65D01D02A73862EA4FD6C4F0	336D34012BFD66D6EB34442C8622A8D939FE4425	ED67E4EB6A7460C9E030BB5B152D9BB6B5080B0AC71AA7BC4BA72D3444E90734
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sv-SE\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6113C59CCC453AE13CC9B633B07FF998	39AE54DD6E81BD26359EBCEBA1BCD755B5A619BD	122DAA7594CA4A36BCF2A3DD4232821BA23DE8F9122C7400E6F8A67844345EA0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sv-SE\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AEDD42755D5CDA4059EB44A081AA4C41	C808BF77C9DAB5C087343CB34E0D848880CD0258	4FFCC3F1EB11C7927FD62CFCB0C76D9FCF1F1C4226A14E44A10E3457CB31FE48
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sv-SE\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	81EA74A49A7800DF7E45A92BF796745D	23AE77E0521AD4B07087D7EEBED5E7DA3E86B4F7	A87810CFBE51C0C491417C5473659AD83FFE9B99D36CE67EE7BBC1F4D26FDF20
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ta-IN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	08D3C86CAFD7451D04446AA80B4FEB18	06C38F432D25829BCEB0C5D689ECC55760DC679F	6A1D8EBC6C76E81BC9879674BA1ED14813333DD678EA691E87B3989DFFA5DC69
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\te-IN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B7DC1B714248D56D6FE67BBB4704065D	0F0B8197002EFE91C09F655AF5C3CEA3B714AF01	3DA38BBB828DA3A2ADFF1FD039D12836EE53B3DAE401F53F63E6B7A6C0B369EB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\th-TH\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	61B97B41C60A09645A6313E8A788DE12	1245F0DE15F0B2804096F47E9AEC56D8E25A9175	1D3DD3DF7A7373D6EEFE200BF2CA75FFDE7602BA1EB2D64B62B9BF89F5B79840
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\th-TH\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E1B2762CD5CCEBC0373F1B184AA13060	C86C3BC75CEF6283493A7DAB4D33A26389AADC7E	8608589C1CDAF641FDF35F92D1F74F95C8B492C0B89A88BEB11C4DEFC5B8C714
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\tr-TR\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1145158CE2D3C344A220D70F6BE82AE9	55E894993131EB5FEA6D19FB3CF2341C297A2453	698C27C82FBD943834E9450769E78A8EFE87BB241FAEEA32B2602EA3FF8A407C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\tr-TR\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D991807328CED63633ACCAAB6A194479	A59D7A8687076E87241AC2DF88DF835C96B9584E	D5295AAB942E3A6083D7683683FFA96AB2AEED9CA48A96059E8A6321A4D8C686
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\tr-TR\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0FE6109D703AB169F8A7FDAF6A023AB3	96DE34962C4E75C6848FDF45ABEF9AD244A7F2F4	3D7B8EA8642B68C63240C21AF8AFE68E22FDB74AF8CD063D0C1EA7BD132B29CE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\tt-RU\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3E2E2740A4C2C8E913679941FC45526C	79D589C0FD97A78AF73631C267BFCC7E3182285E	53A8358A1E26B8E940B807AA63B13798367382912149946FB792457D88AECF70
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ug-CN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	300828F6274B734937DA54FAB58CCA25	0F0FECF1B92357BA483C377D0A13D37CC12E27E7	164B3E07BF3B449DDC559D3C8B8DB48B106877F34263993FCE1B512EF5F75096
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\uk-UA\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	316F526AE26E0EE00696AAF611F9E859	43B9918F8425E8CE17A175C476072A4AFD2DEB62	6EFAEF65B1524D9035C11A34DA9197CB36FB1DF6DF2291943B41D9066C70442D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\uk-UA\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A6156F617D5D3011FCBFE272D0EFE07A	1B5A5A9007122F34FADEC73EE820874038B2E8BF	C6AD5E584E67A23B3835160A7BABFFA1734E95082AC36879A00DE475B4DD4523
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ur-PK\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B198885A6EBFC5DD7AD22290A59FE774	E0E286DBD5BA58D23D1D8D20114A101342135964	96B7EBC8BEF996888E849752EDB039146C16A0E44493720313C06258C33CFEFA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\vi-VN\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	898CD69161827D830C777B5B49102F19	AD5F94AE2A3A492FD9B93212B15D19E29910B413	1B68085C9E6EAD99971135AF57CCD1CD4079A4733D62C44055E6365010050002
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\vi-VN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	904E5A8D2E8EDF2083F0CEB232A9254D	D9E9D3C2D18C5960DACCEE8FA770800D78590EA2	AB3E0951326F4667F265C18449E54456A37591DA34544AC727959277B287768B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-CN\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	965E94822F7D2C40C318A426FBD1338B	627242902C5F9F7021BD1DDF3F501A999C349D96	7D8ADC397263E84D99329A45C7506864B30E80C60458ED739B68FDA64E2ED485
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-CN\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	52812FA79491AFC66C3FBE5EC8E39E25	9E3669FCE65C50C96E8D22E5011BCC11AD12F46D	C3ACD3A9984DEAA7C739ECC2079BEC5FCA3B4808C46A8396CE38F81C1418DB5D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-CN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F56CAD3B34BAB51D28A38CA1CCC8C7DA	859D3E60030A5C9C8C0F2D9A946C96232DE18901	30A0982E5E11C129DEFC50BAB5FE2029E1FB894A9E9E3F8437F7E06D73462C0B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-TW\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	89A1574B1734CDB10B5495E0655BDC0D	1B62D99EFC98E05CD3A0F36726C5515C73D96DA2	73EBC0B88B3E2C102DC9A0EFE6BB26EDA5DF58F31F9B1AC326884A4D5FB7D793
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-TW\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8DAA97D58291906A243DF00779E54546	D822AEBDC14D9CF96BD5D885AE90B6AF4B28EB4C	473CE34C4833E3D0850516A440BE8A4854E71D47399E30C2B6D23BBA6E1789E8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-TW\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	46B97853A4C7AE5E367BABD24DF4E1C9	4CF7C82F34321A780722229B0BA3790662A0BB58	D6C394E331B8C7886BF30B8338628038DBD7573ED3B8DDE2B243427DBCA27EB0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\01\2.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	33B429157432152BB1FAF43BC0FDE968	53E56FED2AC8D0448837ADE1BB1BA680E084B982	56D6B41B1F4CF66A9DA7014086447FBDA473EF207B9CDC65272682350310C1C9
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\19\0.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F61CAAC69C196C31FF8A0ACAFBD30F7D	C5742442DADC345206F8C3498883A247D6684172	0579DA256F8D51A3F200DEEED020C911B235A2369DE849DFE96081C90E42C378
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\19\1.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	249DFD2A85DF044E023795CEF93718D8	9AD0D7F0A6A6A30956D2D6117B67910942E2B237	6EBB450B4E1873AF552744642C0BA86F55B52034EF899C7681B596B2D54414A2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Detections.log.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0CA3B3A27850A8C4ECB5C4058435F01F	B31D72BD770471E462692C60EAB5CD7B744767AD	95C832F5280469030D6D738DB825C532224C6E71425BF8BC3DDFEB4469314B6E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\History.Log.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	74DDCDA68E3147B6232246952E564504	7CAD056AA21D319CBB6F3C969E487053DF1F590B	877311CFDB03D7F24FAB3C969592A618D433DF0B644B538E31F5C769D9841525
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B37BF0960B688D8FBA6890A8343033B8	1818F0846243B975FAA350C50528E0E776FF7FEF	D2ED47F66E2A07BE57A087B9062EE6907EE9EDA0DEAF87D006CE7EDD33F0CDD1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Store\3846C1B485BFA46E3AB54DFBE9D1DE49.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	392974524A87E7088BE98039B1A18232	E8D10A6A35F3D71A23290C0080D7E0A81A1FBE0B	F1A69B96D13BEAE7194EDAB1B04ACA904CE4CEE844634495930150D556A83B9A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Store\56598B41F139620898884E49C611C148.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	13BEAD6AE3DC25EB6355A637631939F4	A7A4D3DE5D6E9F81FE411EF314F05FB7A4BA1249	49FEE06888681DEBF85A2DDDDAD648C784125B58BDB6C0663F20A8C13AACCCF5
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Store\81FE2459AB45799D6C1FB53DEEE30AF6.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FFE8A12609EA19E575F0120C5371CA53	3587BEC8F17E79C0662BE29B1EA027D55B8B9547	D1A35F1C4795AE8AB0021BE348509F674FE6DC6142A9BE30F1B56E6BC9216977
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Store\93BCA88018E5993458BC6BBE55D33E61.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8A34FA1AF98E3E0B38EAB95F68B193C7	2E014A888E2404B6D392C23C70636494D330A9B4	E16E84CFF214EADD345BCBBB6B8D871551E6D9868EF8672A248B28789845EC0E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Store\9BBF8E3725F51A366740AC59C8CBB345.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B27F79E2E04871E575AE3DFDBD66CBC2	E29E196E9ECC464A5E504787A4082E803953CDA5	A30B07522529CCA17C061FBFD037F9E84E135C1EB9B759BA41C0982DFEADD5A0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Store\A0137882FC829131E8629036339BD1FB.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	67DB710EFA0C2121D62A1B017BBC3638	99F3D194C63DA1FE93CF7BB746F0E54B4EE170B3	370897253598BA924F05A994063E6FBB2873B22DF9F35FA6C05067454E4944B2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Store\C73297F3A28B41D0B045DECE1D0D81EF.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5F1439046981F486A54AE7FDD2FB0BCD	4ED14334EBAC916D5D56DBCED6EDA7ECFE09BC3D	C7C038912B2D8FA1441EDBD39AAAF9A5D770098F08E589F05630FB304B8E52F6
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MPDetection-20231003-085557.log.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BB65C36CD594C7DD3751580FC5424D24	66583F5530282FF87484CDBEDF17EDB10D4EFCDE	6EE00976DA58361D5F8823C0BC7C659C44DAF766CF4FB5CB38229140E68DC905
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MPDeviceControl-20231003-122002.log.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	497577684B230E6045DF7EC9252DC429	DCC05E60049F712659C85DE0C8ED11A47571D467	72289FB8761FEA81A41DB5C95A6D8EB340601DEB3649D4CA0CFCBC5D7E9EB8D1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\02305155-8ac1-1189-ff55-b7119a53887c.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9206F25B89294C8F51DD7B29962BAE0A	53D37BEA2B84F75EB27210347457F8A54D9B0B99	44169B96EEE22F100990717E38C55E53A1CB5793DDEBD33EB336E76F8004B89F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	74EA9B36C355D8CF9ADD55F78E4A78D9	41D9661209BA77CF8CC90DF9338B571688C4B685	23CFC5074DFDDAB6E2AD99D37E14981EC35E2957BCB60E018E29656F62B7EC3B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\0890ad2f-b74f-c384-f684-9c33f8f67924.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CA8E3E1F81E9FE6FDC88A04F02FD7F04	AB03A25DE30BC1603327E484CCCFA90A8A7CDF66	7572F510C4AB29D23960BF6D6B9188AD8EEB58F867892EE7B38310D765AF1091
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\0a8c1492-65ca-6a01-de25-0e183559d10d.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6AAADFAC006ACE1F528463BFC73A3B1F	7FE1EFC44BE87518D7BBD3334EE1B2F57527F16F	E5F04072922C12F37E54162DF76BD8A8AFEA080084DB36EEEDA9F0AD58F93DAA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\0f8e2cd5-b8eb-7a22-b9e9-9b1183fa0a84.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6ED790405A8269C963C32FBF2EB0C518	E2A034D727F954D7C284F55A5CE8568C1741A261	E51B73C156EDB9F5817F5F02E2E9985DF08971B053E27AAD0BAFDBB0070DB2EA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\13edb933-4688-0f79-3d0a-499edf952ba0.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7474BC4B07395998325C8CA9E4CA0FD7	EB06995B417774A74AD4A85A4814DAA0BC2CE336	91ED2CC464FA6584AA319CF3ADA5EC38A076DDA89E928F72EDAFC580FBE4E357
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	485690A0FFBBF4AA45A0EE7D543E9A33	813B9BFFA5A870E27A27262A7FD1A05DD1FEC29C	81D2AF9D9C7F141A07219488F8719D95E58AC416DCE36AB153380BB127E06421
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\18549a9c-bedc-b855-f0e6-0787d8b3300d.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5F386F861AEF05AFF51D4DDFBFEDF2B2	AB3B89B690B4B147254B26DA9A28DD8D64546499	9577A019B56B1E7F2BAFED0AC98C5B5E541D73A2060051793639F6E8A003E10F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3C4D92855AA9A38C6FA3EAA68CFE0277	CDB1431CD4BBA9824126E6A3BF22C4139B32973F	EF30CAE086A02FE4A77A45896C0F9EA9C2BB7A8A27D9A6387438DDA867571E16
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\1e77870d-1a93-60e5-ffda-9653c7cad20a.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F17356997328B9A26568C3C19B68DC03	DC762AD1B434704AE3C9C55E0EC26087A057CBB6	895A7136CCB7AD02C208D7D49D58E1E26E6719B0D570F3E7D58B905A7DBAF42D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\1f7b7aa2-506a-03cd-6648-5b78ac12040f.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9046DA1974516DBAE9DB223DE1FD5FDA	D33C24609D010722CBF6E219C055A320889F02EC	7FE642AC75FF5197A0E263EDB75C3D62BCAF13F4C53F504A6B69F1DA76AF19F5
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\1faf63f7-f387-4522-1175-68c9652d968a.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2E4E3FD225495B76FDCD16903BF90550	8F49FD17D7CD090B89409245C88DE6254C8A4614	8D445AB1087F18209887992819148E538CE72095C437E244887972638B872551
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\215f9712-9fca-a3f8-5b11-660eefc73b96.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3D05D61A48E1468C876B60DAB6450138	43DA62590F937835EA2750EA0515822F94BDB93E	BF2FF6F3DC182040F28EAB9C2EB0A15CCE710D13B15BBDA58CD7DF944E32B0CD
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\26943e1f-42ed-f190-2895-3bc2b8c4176d.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B13654A634180220CEA2AB55B3638D8F	58EAB905290802577771A12AAFA9FF56DBAE2C4F	017F85084BB200830ACE4A815B0A9A74AE8F09925045C7F75FCA2B02DF14717D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\280b97f1-1f94-1458-c842-d18e2d1e05f9.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E3F2DB18EE312708FB306CD6A9D3B945	24101FC9FAE52AD9FDD26619E0F504E13587D218	712EBDE980E9631A2D1F7D381F4A3EAD4B653F8018FE1732D18259A87252A35E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\28502d06-9d29-8514-1e5d-64447116d798.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A55B3E3AAFFC714E45EB565B1C5DF972	A93D9CC7DBA77931D653EEE4F9E5AE6A33614D8F	A8ACA3DFDE5024920B3338B27229C46B931C0EE0B9F6C08510F0148476E48A33
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\28748306-9f02-a5d7-6ded-4459fddadc31.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0CDBCF8A3C4E5206337E646DDFDDE84A	30789D389BEBFCB9AE985F5CAFED17A231F6E4E6	67B4319336B81B9F7695B53A17AA83E5943178E397AAE25898BCB397B2279391
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\292d761b-1fa7-9c70-1afd-c2e4040b6577.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B7152201BA7C68E90B2529580C1CB61D	8ABC61D2B47143D7EE9E3D1B76CF8816DAFAD45D	501322F5409EC0BC8E2893C8725FB1E03957176C909003697CB92BF681D1C95A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\2b5d0f60-d93b-1629-f3e5-4167231c7ee6.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CA511684D7C47456FC68BA2A36619B6D	200CFE5D67B8D8DD745D00CC382B320635B46CC6	1420370074258CA23E42834C063ED11039E1C95A88DD2DFBD85CCF8E61E8430E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\2ff6ba33-4212-e6d3-dcc2-11aadb3d61ef.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2F0EAA14CCB40097F9D17F87EB3687EC	B38FC26B4AABF2FB1F7DBDFACC1D7F8A8DD335FD	3D63D6E398D3DA27D65B7A9E4CEA5A3B71D94F17AFB164F0F0A718D1580B46D0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\306e67c8-9a1d-38de-8654-054bd8a6e6d6.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FEECBEC4E096E03ECD84106ED2D98D66	73FB346B32DCF8F4E0F6A3D5C540BD478A35F9D2	754868D75895B99EF5E2E77684616B40CC0BFDC4C838BB14C023EC04E1D95D09
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\38ae356e-4b11-78bd-6f1e-d1fbd81b826a.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E7ECBD58183DD6212E39C3DB06BD4B0A	270656E6AA49CEA77CD137CC423CA38200EA799A	2275D523A91F94D92284A78CE51276F499FABEAD956289EFCEA873E748E49CCA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\3c8c7eb3-7a1d-7981-0472-571cdd1d1292.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6C29377D4CE72344215B353AA154767E	5448008EFAE7F4246B0FE03C4B321D0BE128A49A	4CBCDA81A742C76A968D47D826FA28D9056347E2C5D0629AAADA0F3FA21D589F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\3f446420-d8ef-3b9c-d5b4-ba09c43121b4.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	292E48D0CD09844EA98B4AFD85E546CD	858964F30C40E1ADB007C7B6B7602FCFA41060FA	EAC28CE838DD12D9376BC677F8FFDED0F66A591D4E43021E0D8666AD6A6D3760
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\42180d93-7e2c-7efa-09ed-dfdffa034b8e.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3D84B0E8D519439F4DD160769E814F72	815E4C1E7DE3E79BFD500D28C2247BA51126CCE5	271CD31D5B3EEE9FFD9F7E8357B086720AB5B1ACC6C860AEF401245B2C18E188
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\436e78a7-dabb-5a30-f98d-963a03bf8af1.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F3CDF878FF6B833133E9246CB08D9859	F74FD34EEC7DBB32CEBFA72897FE7C8F5B97CB99	70F95487AFE626ABCCC1D6E2E8CC099D72DC968919C3472B4C363B29868F01BA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\4c4ecbc0-0ec0-3929-aebb-a931a339fb23.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8C117275DE94BCB94F6D8BABB455F92B	FB996FAC03FD4DD68B844162656DFE4C202CDCC8	3CAD7F2136F3E5A4A5F0CF0AAA436EE5CDEE5D7E3A4833990D90EB2743CC693B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\517cfcaf-138b-1796-2cea-62892204250a.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	66176A963289AF451519574A4824AFFE	119AA293FB00E567ACE0248556F616F7E4A0D649	0616F7F714C98A4E9C425F42E612897D9886B145EBFBB5120814FF2AA0DC8CCE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\52a7e8cc-4b89-0eb8-5b4c-0f924bfc3949.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5789E7FA9060377E405BE27D2A3FF954	EE93A9A2F1C2ECA7E4B0B4C928362B8BBF6AE553	F064A31B506B4C548F3E0D7A48CBC382BD63238531277ACC4DEDE7D30933F107
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\5c834b0b-64f8-6383-854a-915ac7ddab77.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DC779C89FEFB9BB38CA78D273B58FF99	54752B69B4F0F5BB3E2A78B5B952C6B8DE5FF3B8	ED10CED237BCF931C075A21EB82A961655F20618F7D302BB56CB6DB732E1F181
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\61b5bd89-4cb0-db77-6622-cb63b5a58080.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E883E02041A9844249B862DF0F6B891B	EA13EED64F2866C92A11020C939BB2AFF592A0F0	761633A9BB766790F1642197F39826A9A3C35C97C9C87F3D6F651148897C344F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\630a70e7-1832-4f42-e2a2-5d35fdddc45f.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DDFE2C6558BB9802477DD992451DAAC5	79B940BBB3182D6744559E12BAC7BA980C58A573	B9473DCFDF351BFBAD770EBA2A54105C2EAAAA64BE4E1020D947200CCD5C000C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\67447b0c-05cf-6740-5f7b-391ab440c42d.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6E479D3843A39B15D46991C6D7DB89D5	FFD99F9B4562DCA0CC7C8A8DD4BFBF353AD03E88	6838860D86B1AD43229CBC072F82A4F35AA4D0DA68A20577B7462AFE9B2D0443
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\6ab96728-2783-240f-370f-afa9d4e52fdd.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	768112A71E16D72DE85306F0E50A7103	D1842E58B59926B6FBBDCB08DF76DFC9A6835C7B	6AD2CF554DDE1492596CCA87700C64D519D1813DD9850A65632E97AE3B15D4C7
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\6e90ed81-9187-fa62-ce90-f18d7bed6b12.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E7B6574C39FC60C46CD27C823E378645	A72F1784622D23A52A108DF43D9EE769C4714AB4	9CDB68DF5F95D522E25339143A8EECAFB9A31D91D45874E0768245D146640230
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\6ffa25dc-c89d-3de9-3601-df09bae65a75.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	130FB9AA27C1EB0F1D24AD0563BDE8CC	913F1C755D5B899C7BAA4ED658C2D05A3F6333F5	FC803BB7CB184FB0521B11675BBBAC14AE7168B825E9CCFAE9E3D87F2E57809F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\71c8f37a-a7b9-aff0-6de0-9b276c089ad6.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0A8179DAD034EBBD56AFD087EEF1425E	DC002CD26187F66A17D1B8D272DC08F4607B0981	27D2DBD2139315DACCD9661F6E9231AFD79E38424E72767685643E75A1A9ACAF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\71ef3df1-f4b1-69cd-793a-48e165e282aa.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D9E78CE64E5CEACBAF87542ABBA33572	534EBB0E4BD25CFFDE92683A0209DBFA3F85D549	07E18B75BACCE50B88B76F3CC410FE04FA551E6C9F880667E3FEF738EF730B51
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\7309084a-bb6f-20c3-ea54-aa108ceab1ae.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	401F0F18B00E4B135E60891CCF3C1A01	1096C4F390D25B32B32E0A68CFA7473A38E90AAF	072326DD6DDC03223C7EE3E3717D0D3A00B537BB5E221237F9FE1B254544CCA6
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C3DC67060F489DF6B176B2B3F656BD9A	8C74435826179ADB132DE2F0CD435B6EBC35002A	D76A927F00B1B634420F9C57DDB0B801B5D5EEDF9A62AE95A37BB8836AFC849E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	29571C469F451D217F69FE6FFFBC9319	C3B1AA9BED0613F854C75C3CD0B2A990402BB356	37E67D64FFB867094EA96F4ECC1B6F4C70B74E4651FC735E7DB76E4174D861E7
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\832f9d1e-5f47-dfb1-157b-5239adf4c1db.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D0DEB83C790D088132B39EF471D7741D	E4820A4EE265F7B02D721A94846D5F91E0ED5F9B	D57FDE203B17697B48C015C780164141EC12BB48E7C239CC78ACAC7DE0D10568
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A7761744D3F32B5528D66DEE8C7405AB	EA1E8534B38C9685471EA53C4A2DA1182EC97297	8ADEB09798C968C91C8CAEB8FDC25C18EAD6E117F323B542B1FDEFF68C3D85E5
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F247F16ED054259E1B1A6C8416CE7DDC	D07131DA25FC936AD3A06D108F8E5D5EFCB285FC	7AA2F627C9FAF6B30963DCA434A18DE4AAD779C613A046B3C6AAAA19C7642EA2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\8cfc804a-d777-2361-1670-4569e516397e.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BBA317FB8A676D40CB39726435237D09	9DE798404FC54D8E5AC9E3C0AFAA79106A0F9EF0	F3CFE2A278E907E611B48FDA905C2A50A478F4B0A9736F8F01C6508212B96ADF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\8d56e57b-8663-136d-ff69-a004e217825a.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7E6FA6592B42CABE71E5060004A52CEF	FEBBCF08CFBBA28C605FE2535D5DF48F62A4B729	12C82578E01557800B8413759434833AA580355A4D039B990E9BEF986D610BBC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	93DFDDAD6F2E67C61217CE8FC6B1D4D5	DBA8151D8D35378452A7377AB84A16B2556E4E1A	B1DD6B14F01D96EF3B73C5838D01F7D29DD05CFF9EE48B39A95EA8EC5BC749E7
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\91a5b4c7-29a8-ec80-4321-fbecea906705.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3526D094B9F7BFF431FF9BA82F207ABF	11DF72A31A7D30012DEDB4BE5019F7478F5BB8E8	322CD7B55237C566C952FCAC504499C287795451837A2558C7BE21EFD940DB29
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\9a9f1e94-851b-c6b4-27c0-55a242e0d96d.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	411947806BECE2066DFFD8AB13E75106	724084B8D9AFC62D4E4394340F88FC6B828E467C	FC3FF47EB52BC2CBC38380DFDDFDAF20E1B5C4B39B7ADFE38456B49F31515CC8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\9d3ad23c-c6b8-7fb5-e4ab-f5d0a66dcfbc.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9111143D4AA2E2656DF07C7E4C7757C5	3BB3BB57C1162319AB2F130AD13F43AC4C07DEC2	0D1E36506FE01474F53804D4350C96B19CC81D9FC4A08079524A45A67CB99EAB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\a1e5b165-0532-a6a3-f542-0c5c162be3e1.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FF6519584C50CCA2330592545A38F3CD	80B1BC3F524BB6CC0805935A7CD3BEEE949E1DA3	C4155A5BD196B503608BBF12F8EE6EA343543F3B366AB66E6DFF69EA5A9C3997
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\a7e08b8b-ad4b-af00-ebcc-1aa29a833ce9.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D29C0DD67CCFC5F527B0394734A372E4	14A26CD970C62F2B80D0633A0380BF8C38F96B5D	A0F93A0FA149227FE6BDB97D9D5AB7B5F76277B30678CF34E01C09E52C9EF8FA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\a92561ce-87c0-7d40-42ea-c87d237c0db0.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D59D1D60997AF699DCE62CCC524B64B5	5E538F72D741C19988616307AE1822F74B7DCCEB	652C2FF5786ADA9BA3BC8A1C8ED1B6E17F9C32F3EB51DC43A463E7B7A85FBCB0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\abbb44f6-ae33-2e7c-ac40-4d8ac17bf46b.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	69AA41C5B45FA56CA711D0BD958776DC	1FB26CCC0DFD13489C2C8C5B40FCCA9FAE39F537	ED5BE8440DD24109877706DB8D5D0926DA347695C076EC0A0628188E8573C113
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\ac116a72-b6b1-d558-23f6-10796e634d41.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	71FB1628D7CBD09975FBD6C1C8D9715D	E53FAEE17FA278C08F6DB58D935E3082C600A17D	E47EA2C493F57A591E03E139CF7E83665906FFB5ECEDE736EB59864F2B06F92F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\b34b197c-c0ed-bf12-c9bb-44e883c66a9d.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7A96A35B45D516577924AC3EE4C5363F	752D8FBC4E2D556AB436B50790ADB5BE9D627CC1	DAAC58FF949BE11B3E2F1D2766AA397198D1D284176528AAF28326780FEB968D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\b59f5123-f94a-28bc-cf2d-1f77c3cd60ad.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B729230A8B08E024A9F36745F58AC513	1DE3545CD9AE4457D3235783586DF9C70A0DA541	B71F96CFF0CC3A8ABD8A872D1F944489A7E895F7CB847086ED111F258796E879
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\b6126597-8ecb-81b4-8b3a-1430dc2988c1.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C98B2DA9D20C2429D1C3E35757D02BA0	7E99C80540054C99694A121BB07C8691440B25EC	BE4D99C722FE6D929F4903CDDEDF549C4639CAE129A1943F7AEA6B7FA482BF40
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\b81d7e70-84e7-b16a-e3d0-1e7aa2f1232d.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	496D4C81DABE80D6345994FFB7023F38	B4C7397863D94AA90D6E9D39BDD45C2C74FB2CBF	FA3C71E9802CA16AACEAC301AED15E74DD3450CD2ABE255E64C5D1E4606E9456
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\bb26a0e5-d235-0ee6-0c36-6d5e185fa5b1.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C24685DFDAE64C05CEB5BD3A33DE8DBD	D41BB785405ECCF1EC86A917482601CD357F8A24	8C5724B95609B9DA1322E61D17161CF44333236A2AA0F3CA72E437C1B95AD551
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2F43BFBC6CA3EA538C43AD9C83BE1DC1	40A325AA200A0BF0C5AA2E2982FC1E6D2BEFC684	C62C69B36406DE155C417E5A001B674EFB6CC8B95F4D50D696FAAD660B6A1474
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FD072585BE9C7DC8A92A861079ADF170	365889BDD2A58C5EF283C28A406D032992869DBD	58764E89466BAB23730BE346D1CCF519EC985C04C27D9A4DBD17B32E25239D5E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D87D7CCD404C6F19CD722A3CE53DFE22	5906E79373A3040F5A48AD38042A4A6CF30E1B7C	CF6BBEBEB4ECAB914998B3B38AEA8B69496C83B14681C9B50A46295D2AB6F5ED
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	53FD37A418938DA1CFDF58862E3FC9E6	6C3E611BD2795C4C14F0669F60044A05860950A6	10612D582595E4DF65C1A35A23091645BFE410B40514F05FA48609D66E67A6F7
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\ca947da2-7e9a-7249-8095-bceb379c6f74.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CEE93FFC48F10B29E92A79866DF56B1A	77FC52728E6BDB45DE27FBC7DCC5F737D53B0663	C31A95420829F05852524EE697326570854FD140603C03EFA04047751A9F75C5
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	62881238E18EF541C661667BDD316F74	51CACAB612E9C2CC4D3946691CD3EEF9A4F69368	4EE5226DB15ADB485938D3C7A5BC2656EFB9A221B577C5F837106C04E95224DF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CE24B187E5B1FCE46A002B8670E196CB	E61F2F4A9C9AC4ADBA8E066CD31C3B245AA12EED	59A15080BCA1372515F7C015803B8B8E48D7CBA2A75002E598D2EB1513386FDE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\d834be1c-66d4-85d2-5bfc-720e73e8e544.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	62D7B5C131A03831FF7ECDB41692BA42	072C8EA3D7A13A1680F49EE37FC242C97F6D2572	76AA2EA2A8BAE5728B9EE2028F7A41F1677D941D793796E0F6E41345A4327F02
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\e2a686b1-b02a-b3e7-90cb-3fa0d708ce04.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F6278968B400987734CBF5FE8941C0DE	70C4F2F60447608CDFF277D9BB3C440C6F2BF71B	9E2074EDCAE2129E3F0DB83DB9A610089309D4E6CDF8BA3ACD02181EE0659C64
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\e64ffef1-e246-b632-595b-56076a3fa776.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EFDAE556F15512963A1B1F5C06FCB923	AB34119AB3787C3A7544EFC4C52DD625BBF637E5	56813B77F12C82E93715439790A93797D0E6008D2065C0F5E4D4C748634ED736
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\e78cdb72-8076-1aa5-5df6-048300a0f594.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D49D71DA54C97312C62C99E3B1927F49	82AB69329B389F5ECE64383A949B589FA959AD5A	FD3004570424F3EDC0116E794B36A97526ED660555C9B6458679F54EABB2868D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\e8ac9388-7c9c-19cc-fd4d-cb72bb1544ea.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CB01FDC7D8E9F21987CD9418A88048C6	0D1FFDF69930C90F4753DD6F13991F991DD7904B	051C0E736CAD0C87B44C19ECCD86354B4593C53A88C5914B520D65568A15301D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\e8fff2df-6041-8f21-3df7-db31661aa09b.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8162889C72B7E56B5D94858BE372295B	29CFE2F336949590BE9D8BF8D223A28569C458CB	5CD9845DADEE32C3633949B1F1F05BBE6F0FACE2548D9F890307379AEA685465
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\e9bff135-4a26-0e2f-d743-30d9666eed8e.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FA0CEC81CCD534AD012B170EA5931DD2	116BA71F9514A67C64A110DA67930FF55629CC5D	AEC9EA710741785537DA629F45C56C5BBE5BB3F5BB6D5744EF77AA8E51896C93
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\ea39969e-9808-10a2-23ff-be783a132fea.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	729292192EFFFF95BD7575096533D73E	FBCFCF0B7F56F83B2DFEDF6FCCFDBD52FA9CF178	E967E233C05B3B80161DBD7DEA59118FB9414635656D6A41D605D7842CE0A78E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\ecbc2601-0a67-4963-e594-43c65d6ec9a5.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E0569CDE5EF62A1CDB215BA173F2E604	1BB09B759324429EFC7E58666540C1436EDD3603	64E7489F030A2A129FA7668E83C18E60E43B1A911326583D92C0F65198F5F91B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\eee47229-947d-2ac7-e8a3-49bafee251d1.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6D3F37906D5C770AA98E54021FFA95AA	58D2903E8381A9377C2A964F8B60D9C09D199118	48A5EDA4C651B401A5DD62C6222B00AB20A6B038DAA073E9813C8C1D19ABAA56
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\f1d940d0-b5b2-0083-8403-807a8db430d5.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BC9D542B5FA523E6D8827F1479026B38	103A2DFE6F4F20CD9B96605C101222C27299BDA8	4F0D49A73B3EF9F0D358AFE5094748B7DB940747A1C08F2E4F41F6D3EDB341EF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\f5fc8c03-78f6-342c-372b-15d02609bd3c.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	ED23DE819F05F8FC2E60FE4DFACCD5E6	2EE287CF8FBF32E506F49670FE4E1BE754886515	B984EA761688C5B91DE2FF698115CFD9140CFA718C25462D95354036D4A0D5D1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\fc93b452-8a84-dede-3b7a-0fc9413c4592.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1089AC8C01F32206576FC056E1E374FD	37133E08F1367DA4501FDEE3501E12BFCF8A4174	839ABA7B8D59B6E0AE931ABFE2F4ED0B55263FE8C54DFEC08748DA5E288A7CC4
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\LfSvc\Geofence\GeofenceApplicationID.dat.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	93FB44AF30B65E87BA4B23F39715EA2C	8331C78301BD01AB05848B2EB50B73DE674F84FB	322970485BD614DEC16A24513EAF4673C4AEB7EC663B3271E988A3FC945639EE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\ASAP_CloudPolicy.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AD51DCE6CD0A55E633F05230AD413875	D8C1E0855EDB03AF02758B6AF44FBF8D8FC23F5A	E7023EC800FB6E46A847A0B23854BD397CC54EBCB94A5CCB2B71DFC1D03BDECE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\DirectXDbVersion.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3F368A25B6047AC5DC963A6557F8F48D	0B9F4401134BB97889661175A0BD72DF5338DFD4	5D4814D28031909BF05AB070259A53FA58DCDE5C2F058930CA4B1FFF1C544733
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\SCCInstallService.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C3E47F763CD9CAAF85F5944E2D5767D4	EF54B889FC086D8D5B55C7EF5BAC5C72CF5746B4	4A22BDAD79A3DAEC7702C32B15DA08627C35C1BB98C606237A508465AB7FDDCF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\StorageGroveler.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8ED4B7429BE6DFF8BCA54CE73943D57A	4738F8EE3B98D563A493896C7036F72C57AE12A3	53D6CA3631669915EBBD1C6A5ECB00DAFCEC6332A410A5F400295493596AD488
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\TroubleshootingSvc.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EE25D92F9FB011D1553E6FF73CB957F4	0ACCF6A98274FDDABA693340EDD60B325A7B6327	EE70969CBA2EA7BA9906017FD6E3E5126340B59F7B53BD548E66DCB3797BEF11
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E52BD28B9473C001F14D710DB1D00318	20EB36ACB2D5019A41E40804258C54124D02F2D3	449AE47AD6FA846E7521BB367374DD3C6E39920BAF91EE48E5129AF4002CC4D1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F51277BA67E45EAC631D3DC5E4A90234	E497141396CE0D3C0D3AFA992E10ADF3A84918D6	A8403943E900CA43AE611FA402D1BB75813C0E05D58A43C2B7391412301D0412
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D04AD37224628CAC9E4DBDCD8BACAD3E	D4A1770A030D74D622183D4213BEFA6AA7863C92	8545A6CFFE1EA1BE36C45968071CAD40F34DBFFF5C32EC8F7706C21729405E66
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	790794CA5295F1713C2ABFA1474BAF28	CE533838C8F9F8097E19799C74CD05AF85DF57F5	D74F13B17D9E22E7A64FD7B0193B19CC6F8637833D496C715BD12B93DB3882B5
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7D935A2F2F0B996F5B9054AC0C069736	49FFA2B15E781B9F4D722FC508F7AB53AC3EE6C0	78EE1F339E6C319C3CC6A260F85DA71D00C96900843587F9386FD7EDC23BEA06
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7B134696D80B5F961B514B2F27297F11	C67F29BD775B246EFA30AE5B02E2E3394ABB861F	24075EAF5A3CCC51DDCBDA6F4FB44B6BBC0B5D29CBF258BE7498B975735C2A0B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	79C3127674724047E1F23BE73DCB5B84	2BDA122D445AFD8BE893FC2371F70E77B18A5A2D	B4DC40ACD3A960B8735864F56A9AAA494DAC7C47E3748B1FABB65DE453B8C5EE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	28E4F984C23C7CEC7AAC492A05910790	47B96947C3D6457B007FFCC277624698C5803481	F73B59B6CF052665D95DFC222171BEEF39C2B78183BD4A33F7C61D1C162F4091
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	36E907D2A60CDE95580E731004C40737	38F2CC58A78E6ABB1E27317C43150AA0332567EC	786B8E0B2F51543A600F308FE4ADE4208C800FA9DA72A07487F832D867E96D58
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5BCC40CAD15C883385F1D8FB8ED760ED	F4BD6A076D4F3F763AB9E43CB10DECD9A01CECE6	2256EB10BD2D24FE2D514B35A7B7277D2C0177C17609895CDD629793E02AA543
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C4C292CEAD1E5F188399957338AD3D4D	C8170FCE1F51ED3E33ECFAFD2D92C51023CCB340	6350C36874205FD433D97B28615F4E2A472E6D5F5C37E2985ADD9AF8CC9ABD6B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	48A20B48021436EB94105E50E8425C34	24303F886AB5696418FFC59E47C54D6D0506BE8A	4CBFB73A1D07A3A4B3607FDAD29DD2C609484B79F160F177FCF459D6C0EA8789
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	758522DFFD9114A2BDCB7940D72140EB	6811C08E66CB3430DE16294F26FD1E9247339F35	0634B4CF58C6AB8D1F0B9C744320A44FF12529D7A20853D782CE5A6D6D14CC15
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8D08FE1B8D01D64D24E57F4F4DD79D1E	F3013AC330DA79FAB5736FBDA0B9AB648135BE0F	6C211CFF27A68DC91F0EBA12B30522DDE33D16536FD7F095AEC60AF80C9F0625
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	106E541C7A27C9EED8CE8C6BA5A3FF33	026B9939C4BA57EB69B61F987E1229D62C451959	DB912B38C2C3EA73FAD24E33FF2CD42BF79DE3C39DD6C057E3C5D9F78A991E98
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F77210B5D9B4599606D71A3E8FA5257F	C8787AF74B006BAA8F5A7F1BAC83726A0FE265C8	6F8BBBB9741D72B27A8D50C36120AD83EBBAE44B3A315E4FD5057556064EF855
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	ABD47E493C240117369D248B777D35B4	DD75325026750FACCB781EEC6A976D45C92525E4	0F3F186F41119154715D2079645A38BE9B1463B33B8854A77B7CA5C0D5A4464B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	960CEFC920656D81B8E55765674AF851	A7E7E1FA6F41CB6166AB24339ECBC12B45A59E9C	0BDD56494E47CAE291A5144C04B4E202E54AA48362FE3CFF1D823852AC3DCDFB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Help File.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7C46D3B544AFD482A26020736B50CF04	BF462AA0455516B7F1D0E798AF677425B5298EC4	95B3F24F46BEF144F6A805C678F6B2766F100AE218743938B804794C4A2231EA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x64).lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D8AD821C132EA991269BB8F1C725F318	30A7C2A5EE5498919E49A9A6FB398CC3330B92ED	A705BF5E302EC639C0A7F25D6EF63236E1A42FF4B1B61686167A6DDA81916AA0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x86).lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E66DEBA5D58FD515F146D60ABE8EE86C	5B920DE538D4046A63F76EB3A60C95AA71B955F0	8A0EA8E56C169C5C729BFBE18C44597E01DEFE7275A44712186A008B024DAC8E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Check For SQLite Updates.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	89AE290398E7FF9A653346119CB5CF95	381D27BD7725A1D2E1A2BC19FD70D0E2D2ED67D9	484F89FAB9C3637A84B1F3C0AFCFBAB71B8B1BDB4C0F597B1734420F316DD8BD
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Check For Updates.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	620E8D71E6B3B4971FD76E1B569348EE	6DEC358DA73BC29D4D5AADDA4F24A40B16C83F98	E216F2418D1F43DB2AF29730478B7FC5E493266DCED89C380400B3E607A66E57
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoIt v3 Website.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3691D8FAE27ED6A369500F752E01D68D	378B87CA7D120E7BFCA7ABD5B027569FEC503E35	BB7582A23021F8BD91420D8D1CC669C5D44D2430ADA263C561A5F4C2C120FD55
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\Browse Extras.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AFF8624F832C4EED42D744389DFD3A6D	C1C33F544A515263BA40D6562596C8CB7839D787	6FEE66962038AC1C71E19875F7F38D70CE797701ADB6B767E093416C563CC575
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x64).lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	14476CF7515A47AA98013AC0F1CCFC5A	8496BD2F9B2A21F1FF3CB78BF85C082FCA540CF6	0D70E0EDCA36EA47E78DC82BE16A9E84400A8745D525F3D6E51398906251A634
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x86).lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	168C7415D5CB98F62368E037A7A35362	127F585874D22A24FCD4653D4B740F51E599AD1F	E8985A745311718F7F9FE985E5A614EC060EE91AAA519303AE21E1E374D4C664
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\SciTE Script Editor.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F4F11C6C92B0A12495A0E2A1649C1482	7D0CD47A99FFA9D7B629E537DA1964744D52302F	A3AEDEF6A43BF5731C1E64BF3ED8136559CFED20EF2DE48BC7F546980128D0BF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	606939999C86A12B4526E7BDCC54E6A4	7DE15739B2543EB659610A1C974ACE65562D990A	0DA13664BDE65D7D93032739C3AEB499BF403B29D6E7C79C8A855E36A6E7E101
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\UpdateLock-308046B0AF4A39CB.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8A9E255FE934253EDDDFB5D253DBB4BC	956F5E35DFA80AD09625FFDD691647EBC60F48ED	1AF8A75001EA1F5A7328A337A363D7C5EB931CFA7C43843857987079FC93AD79
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B906799FEF0EDD7BD1ADC3F8D0050460	58040513FEBA90131136AA300D124E7F5BBAEBED	B0DBEA67D8CF9D893232ED7B2FF7340AFF92EE48DE9D18F68D47E95B091B041B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\state.rsm.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1F1457F8CC5397DEBD62E724C364AFC3	B75CD75F2E7567F96254B1B8EE20EBC1FE140EA0	2EC0D16DBF27544B216E116CDD7A8628C1DA812C391F85C8DA9335EF1EAE7AC2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BDC74E151FBAA703BF0D451E25F2E95E	958413D306DB460D4F6103CCC4B91E15E35A7254	8A4BB852C115B1D3FDC0535A7A9C51DA9E2A3B35E241AFA8C5F10492B45C5408
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	644DB7E336F816DF6869E1D89F25702C	F1E77358245131BD6059EE9C407298552DF1E5D6	CB85A935CDDC3106EA56AE84466441C1A480A1D01B72757D5CCDE3F88A8BD5B2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A200B8523064314079B229AAEE5D258F	E2C0C0CE83F63462E6C9E4B12D9C56CF999E5AAF	9D36622A3F6D334A8860A7D8B812EF393C33D09BEAF3A2689FDC4DB5B433373C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7D426121CA8AAE33F6FC9EE87B16A47B	47919A48315AD127DA29D8AD403D7C31AFAC8208	CB7874C56D317F67C719BC340BF0B6E62CD28ABE12C3F8096E9623E815558119
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B331DB812A3318CE15CC26106C38F452	F5401A39B29475B1BAF7301817F4F52196ACD812	2D92AED0B947B68C109385D116E71D2C1D9403BA255DF5DBC602B8383C2FD5A3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F2DB4D0D7E897B3D871F48BA6D877E84	880F5DDCB0C0F128B38AA42350940DFFB210F5AF	04CA97A5A6C6FF7EB216EBDA1999C725C4DC5F5F6490567FFD7FFF639D96EB6F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D076D05C0820478FF88E8DEE2BF5DC6C	0428A46E5368F3AC3D77FD28040CD7E6E86F353C	CC3644C634C35CD60CCB8DF46E0125A4C8FE53FC3C367F40650E569577817EE7
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AE1860171E76CFFC21AEDC8A87C3B4C0	0DEA950B2FDD65B463A4E676425E226CBB68BFE3	91929B52D1F04B274EFAE0A179DC72199EC9CCB9D509101920FB84D08DD39659
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B8F405CC8AB663C6E1DE1CA2F745919D	AEEF1247B3EDFE820A563BD0B3E92750051C5939	F4158B2D71A9F53A913C3088326787DD7D4A28633721FEC33EF2EC99E48FE777
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A2C073AE36368C096B089CFAA3A44B09	9607984D6CA03AA4845C29061BC3A79213F6D243	3979F0E6F02CD4C1E2347B6764AD61B0EAA16F66D0218753E5E7AB1EF8B36CED
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x64).lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	29769250432CF0B5CEA3BE26BB89D9DF	9602BEE7D49A4648FA53AE0A44BAB5C0F4409E4F	226F0B79AF759D7FE8BC52F2D9AA988BCDDE554BC0D79B181B40846DC800AF4C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x86).lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C88684D93EE2F2EE9882529B66F208BE	A30235C9AE806E4F8E8F76A63ED197F174FFD6F2	DAD5C3D1FFC3505AB1B123698E61111A8B943AF037E49E8ABEE605D5288CC890
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Extras\AutoItX\AutoItX Help File.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CF299368AB6CD96BC638A8DCE1C0C37B	6E2E3126194CEF4FC7047819C811D39163CA58DB	120B7A4CB1E45BF4E5B92D9881BE190DFC8152D437BD9F4CC5E90A0CAA123865
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A02D004DB8A835BFDCE2B9080925E67F	A67B27325FEED066820D80EECD12D085C445E573	DA3B99099A2548C8083954A1C694161EBD6213C55ACF477F61DC76BF1628B148
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Office Language Preferences.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	02461247AE3CCCB474311ADB5CBF825D	29FC8E264F79D8F03F2346DE1CB681B152287056	62A664D12A73B158FD9D8226B181709FDF68D36EA46B5C90FCDC432C865DFEF1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Skype for Business Recording Manager.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	25B009DB3AAC4B0ADA0C4B9FEFB5073A	218205DD2C9B1397A5C38BB43DCC9250FB80CE69	01DAC5DAC0DE50991843395B31E2EF73243BB877E79C3A2D1FA50F2E95048024
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AD761246495B50B6C62C6618BBA145C2	59965AED7D5339784718BE815A84CA54E7ECEE37	105F4A9CE6CB0C01977578A60E4C19EB846C00EFA18CF30F6A8BADDF70CB8666
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Telemetry Log for Office.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1FBE797F113CBB180848E9AE5C7EDCF8	23F867FD126AA3A292A212D147F107339D0F5B4C	6A387F60FD30C2EE25BD060E82F3B65F773F6FD0872E3A60BC763798BD4AB3B0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	67A5944394417BD7B5F3899B251190D8	56F70F53C8932C50609EA6893E561F16347AFA33	A51C8C5D0D86F661CA03BF196CC7CF9AEFEBA6666852F96587F58B22396980F4
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CAA098A5FB68CEAED839E1F1D8B6A09E	65A6E52A0200D63D4936E50067AB2A9A36BE1E3E	95E2A71BBA439DC65A38543222388B77ACD47DBA2CDC3C9D5A4D1D1FDCCD3362
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.0884f9b2-b6ec-4b87-899f-510361add0dc.1.etl.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B2AB229D2FEF817BCAEA50393980D8DA	34FDBCCFC32D08F63264EAA035D2F55E46DCB94B	5A35497B766C3CA1BB51BD9F3BD7D9851A2BD5B0673F79A5EA5D19B47272457F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.1d47542d-bdee-4dc6-94ed-be9cdb6f14e1.1.etl.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BDF14ACF1F5284D0508AF8058FE27882	90E620EA5BD045ECD93B8F87D759D0267C284671	80E5627891D6B8EB6A6BA369C55D68514374AF1699E3B07C42388787735425A5
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.21a55447-0332-4ea2-8e22-8ddd09981184.1.etl.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	ED0D292828601CFDDFBF3423E33D0325	4633FD74932B2EE601780DE3CE080A0F6E8FB1A4	DE57D6CE2062C6074FEE0EB56CD18308403A155411465D2680A2C628F3C3970D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.38fad0bf-4730-4bc4-be22-5277e88811cd.1.etl.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5ED5D07472170E429253BEE72DD4FA76	EC3080DF5DBB2274E25C2A629C2312B5AC11EB49	B0160F50BEC22D26620282E3C9E8BE7FAA7DB10CDFFEBBF7B07AF6494D916E9D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.480bc3f4-4991-4ffc-b70d-c15db82e9d6a.1.etl.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EE72C2CB25A83272C0118CD2912F860F	18F6E1F030C22C3033369A96F9DFECC48C31B4C6	A4CAD697A840FA20A073FB74A763BA367161094B1A334D5C8D6E0F9040B68DBD
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.a686e598-6877-4264-9711-989651a302f7.1.etl.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	68A62BA99F5A55C7E0A7A2CCED17EDEC	9A0AE6CC76602D74BE476EFA7C156A8297B5C0B7	1F98A9F3FD5A2784FA9CFD3C63E6BB0E2DE705DDBB77971CFD2764371929D942
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.a821f645-76e8-4ba9-965c-60ad931c30ce.1.etl.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9D0CB806AE06A001A3F8F468852411E3	EC39139E898CDE06FE69B1DC3A618FA0FF0F9C7D	F99FEAF6D532A1CC832B2264B26977EFABADA82BB2D3B47D03E8EE0311A32EAC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.c6e0f9e8-f670-49c4-974e-9d40568a1011.1.etl.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F31C1B64697E347209094612E69792BE	9BF1DCCC426AF331A9D2D8B4E966EF6A8B269C7C	E3D2F34B8C389F1BA76685FFEF1E7FCAE9301220F954521F08F997A2C2EA57C1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.d9261b8a-d5e2-42ed-ab32-cd2fab1962fc.1.etl.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	217F82EF52A617635A60E5B5B4698AA7	388425171F72C7C3FE28F52EBFA1FC7DED20745F	695DCFD5854A3FD7D77DBF3790F10B9E75B250300700F21C4C3C1D510164E325
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.e99a38d9-255f-44d4-9ce1-275e8cf23855.1.etl.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CC0F9E8299E7B7A055EC4EBF2285B21C	E807E7ADC23A92DB866146E82849AE0C2484E516	32B9CCF3B1521E81D666E8EF4651DAED604BD7B93313CFF8BFB3BE951C4F49F2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.f3f7cc8e-795b-4925-9b8c-26e2ea300f41.1.etl.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2456CFEDB1CF9DD029C6A72C2D01FB6A	BE358D25A3C89938ABB84043FF2B80CEA0A19AB7	BA900E1EC14546C57E048C160BAC483D65689B796698422F85B1202199FEB051
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.f4d4c9b8-57b5-43ca-ab7a-5d857e7666b9.1.etl.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	93CA78484AC9B68EC3A5C475C0665270	F587FDC07F89DE49DDF32E44D16C1D2A6BBB7EB9	DCE714668A289767388B81FB6554EE608A7CA3D8CA9FD410E8986082B2C354FE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.fbe50464-f61d-4a15-a5b7-ed239a079807.1.etl.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D591CA6A2045BEAFCF9E73D9424EE505	96DF88A905CD5B55D8D3583705DDDD48392D5D4B	22742C2EEA221D48A87F1777997B2449573A55874C64A0BE2EE432BEFB924929
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\UpdateUx.475a5b13-420d-4358-9fdb-c77913ec90af.1.etl.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9F36C4E81611DF7D78592AD13A832B6D	1FDCD3A72A433E658BEAF21B8A36A3DA854B2845	EEF4C0C39EB1BFA0A46934384E4125D0B0EF7F82A9732554F1E37FD9AE0D512B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	68F83E9EEB7BEAA41A68059DB76558CB	C9898165E21BBEA0D0DB8D9581A61ECB30D423EA	815A06A44053917B7D436F35247A2F51984E4EB85305F3220563A21C992D301D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\C773B593-9C79-47E6-BF01-073C12072B16\VirtualRegistry.dat.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1AD40D6A3D323F89002788101C58A777	9623585F183918D933023471B3F0865890C6D590	4282C828EE5519912E31A64F4CA34CCC9F13E5C389CCCCFE4C56236C1DDA5188
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\C773B593-9C79-47E6-BF01-073C12072B16\en-us.16\s321033.hash.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A8732F853CF88DBA26D8F48AB13EB6A7	E8E29F4720D8050E0B3CD982932AF41731C0FECF	208904BA46F567C53765E62F9C354B3B36C2EC0A1FF76393B96EFCA4A5AE34E3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\C773B593-9C79-47E6-BF01-073C12072B16\operations.db.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0361D1381219DE96A998D154DE4E7E53	E919BCD4ABE22D7FDC8805BC47644D2EAEB805AD	7851B03971EA0F8963600DE71E448054F446A905B55CBBB6C2F37695C792D21F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\C773B593-9C79-47E6-BF01-073C12072B16\x-none.16\i320.c2rx.hash.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FFF664E34C150F0B2CF49643A61CF467	E9AC84378FCA329DACB987DBC539B457FD861FCF	E2BE44B918F89071A912170C44FD77D948B32585A72975C600FF8B96D2B5C0A0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\C773B593-9C79-47E6-BF01-073C12072B16\x-none.16\s320.hash.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9D0D0F87B34560B0F2B42EAD3FB7ECA0	A93E71744A01EFD63BE22D508836370C4DD49832	A6E69F937108F399EBBA757B74C082557A43961A3F9BD476B4412194C44E2B77
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	922B232C8330A42EAF59ED8555880125	21F39FDE2180752FB42C01E20A24219DF521F62B	E6FE15FE365F83AF2378453D817CF5A589C88A65D2B5EEB43B17AC917FD48D14
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FF33BBA5021C2F6496BDA5EFDCFBA3C9	31DF4643E0034E030D63F56B74B80A69514231A9	B9EC1A7546E05A12ED971EE6B55698BB53ED51FE913142F1F7AE75373186F44A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EE8FF21380622DC59AE1A933066F4309	2DC47F6A9D02172579FA09B5EC8696A19DEEDB9B	D85E4F4BE319B0EED31907A81504A1759BEE784B731F184A5CB3465D05972E2D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9A71EE9FEC759631D801F3CCB35E6E99	39CB8FF25677FD7A73D7CAE71154FECB62EDBAF7	2FE44CF385C64CF048EC2BCA3368F31DB2113165009801385B9E703E5D97C430
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office64mui.msi.16.en-us.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1147ED944B8C169A7CA803666149448B	D5EE6C237B97153A2926E09399B5CA7B701EF2F2	241F8BE456E3C856294EE2C494AA0105AC3EB375FB0336FD2E8AF867BCAB6321
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office64ww.msi.16.x-none.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	899E72B86102354649F48964238A8DF8	F1AF081CEF05A732164C10D3810094BB22818BCE	D9394BBEB4DA6FF1CC2D894697E357F709C5E27721D5C94A28775EDE621B9922
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	17CA0D95D7BC72C10BB611A57F833EAB	AD133F6D46FFC6AC9EF248E1A0C2429BB8087320	EEFB01EBA7749955B812185C19C13B05727A241AA5154C6C996954566E23F2E0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	14C47F9985DCD2A089D12FA4B5FAEF99	FFA355D17F06A23554B6E2B99F916EFC9133C28D	6AA294178B1729DC3F233CF120BF0C0979A317F13248FF0270DC4C6F4EC0AA0F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F91B2ED3383CC79EEE2980A05381AF12	FC6A80BDD1E04BE3BD9897A866653F55B9213B82	702CA6A0CC7CA1449D8C7D7E36ED80CC293038597867C423F06036639763DC68
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8B602D6FE33A545E793D90334E1F5482	E2AE27E501809C4C11491429F699098F7DD65816	C6C73195F54660976A46C095B689A899BCEC4B0346632D275A4910421205F712
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	46B43832AA2D21A772C234D2D3BEA432	2E92ACA3DE6BA7F69B1E45FE0BAA3752511991FB	D4DAD11AED500A3596FC8FE8D6BF2CB97EAA6DC1AB5E631C1DF58813687DC31D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7E909A41C3B839F28685BCAD2E3A397E	B8702B2E46105415370074537F14CF388B883A19	E8C84A5E01C89180B509059B89B231527A2E6837CE9A0846E14A450952C8193F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	58D183486475445747CB2CA49EF9386B	049FB5D8D47F3C6C25C981C2F1F1CB55C24AB262	8EA6FE101F77A7106E5A72643BECDE631800302703F586CFC5068FCB7367940C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DCA3DB870F9B4C2EDC4DC2BB52E7E6A2	4DFC0CFCEBDAFAD1509F083AD06CAEA5AB8B120C	CCA5B3C647BED572D74C72F38F176D4C4D27048905D6B96F9D0BB89CF5767853
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-GB\resource.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BC53963393863045642DEEA6DDC53FA3	E0E2B0B5E266DECC2C60EC8AADABDD8FF8D0E2A6	A1AE1FE291761A74A99387A9828ABF61A22DFB4499D1E15BED9E37EC8C452DF2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,MessagePack.Annotations,2.6.100-alpha.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F2742E4CA880AA369689027A73BBC436	62DAD2BB97E602F5C4B1065EC26571B2C98F88CB	A4DE27D5FED1E12B25D0D87B78642CD14CF33AFCE2A23182725CA0C45782D708
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.Connections.Abstractions.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	24CCBA3066851AB6F83D1C85F8435196	1C31B020AEB8919678AA0FB5CEAE488FE72EE330	46C0E38025BED76853D76A7BBC626FC8D8D89B4BF6EE6A810BC4EAA8A7BCD8AF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.Http.Connections.Client.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E3E14554B95EE1BEF653E29B1FF650A8	B4EEEC5D18C51025D3D757F080604979097DDAA5	6EFE5A8AD19817A3F7FE5999FCF69D9B5533711B0A3F144331414CA1C3AE025E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.Http.Connections.Common.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DF64D7C66615F9A68AE1979AC3CD2757	8997EC4695C95C0143DDA11AF2DA8B164C538803	42241D2BD7BA60EB45D0BCB4A0256D10682BF04BE3CABFBB70E6E6D24A89BDE3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Client,7.0.9.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9D43E30CE9F00CEFBA3248570B07FDDB	71FF8A94A2A3AF85B2A53EE883B5DE8B44D31CBE	39F6DB4DA048B8677AA7A9434E35A90C1791B68811338072C6FF2DD16DC2E244
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Client.Core,7.0.9.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FABD3B434C0CA825C1F15BFBB68CD562	3ECE0262E3C502B46C15369DAF03F1E399C76C5A	67248681EDC4F63DAEEA8A15A9173D383D80E49D75F805D93E8FA006337181FC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Client.Core.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8B02F6F6B2F30C30F2CFC97935C40219	C802DE425F6902D5CB02010CA65DAFD8EAA2F57F	833AE7DE81F29A9C27F8A394276DBF529BA747A77677624CFC542B00AC591DE0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Common,7.0.9.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	468FF4339CDEF6F4913F201D18899D86	4FEFED716E6B7598AE0C890FA881B1ECAC6D6150	CD4709D54023A35BD28E10DEC8726270491C44AAFCBF3F8C0FAC0F7A630455BB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Protocols.Json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2617B38A301C7566F5642192079464A2	D5322094746E85EF869357E770B07E783D124BE4	EDA711516ED3AEF792A39F002DAC7F6C739A489EEF8E17C4660A15455FB9933F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Caching.Abstractions,7.0.0.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5E43373D8652817DAAE87D7ED54F03EF	CED7B913718A82CAFE4FC412C7868CCC220DCBF6	257A5FC5638F681E4A0C15CE4B7236496566E5930988D82C521F6E63D955F7BC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Caching.Abstractions.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FB19E8FC4922C6FD0A6382BDE04A8633	CBC42F4943E35AE5DBCCDC5802A32A5F802B1B0A	AD890D46104151EA6C0493F0F3E89906A48789241AAB37B3860426736A7102C3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Caching.Memory,7.0.0.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B7864991F7C0C867829208166E40AC16	93E612D829D91DD20DEE2D8FCBA7E8E9A9D41CF2	B487B718961272005357D7507F3A14866DFE93CF6F6EBFC6B57F38F5EE36A4E9
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.DependencyInjection,7.0.0.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1679C3D44DE1E4D329525A91A664BE56	C60A986D03B5737EAD1B476F8F68B95F1985A04F	6E0D5D6C34DEFCF0E6F8BD6F93C35966930F083E7A7A69EF7733F257EA0A9372
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.DependencyInjection.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A4D3483A5139E1396FC4FB163DD36EF0	08335B108F8F94FF13BF9DA7CB9856903E160EAF	00EEE6129EEE6A9E24AF21B047C1DD2FAFB0DC6006D6C7B85C4824880526996C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Http.Polly,7.0.0.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	920206FAC51CCEC88C6AD445FC50882E	8EF15B519D528CA3ADCBD3809E4BAE1D436F6B56	BFD6CB7FE9C00862E2A827C29428008D2CD6554D118412294D4E0963C20B674E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Logging.Abstractions,7.0.1.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CBF15C0FA39310824F01F97E0A7BB002	635AF1F2E24E762E269FF1CA095BA75E9866542D	60E40DB4236B304DBA60AE8779D59996859614857371EC7E3FCDBA2196AB442F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Logging.Abstractions.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	289855E34BDE4E91DD1A85DCC1B3AD18	16C6B67DF4CAF4BCA5B37EF29136972AC9AC6C72	E57D0C2D83C92CC001DDC3304206DD10AD0AF594883B1463714228AF1FE6A3BF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Logging.Debug,7.0.0.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8D875813B53D6404A37AF0958048F6F8	55F8093C83A862A7E98BFD8A720BB3FB58D1A02B	1F3DC143C63E3DB5B1C83490683D85266044DE51065FF207779632BC209967AD
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Primitives,7.0.0.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E9472D06D10D1B9010BB3A06CE26A6FC	29D99A1622BB9D236AEF10099BF415FDD44B00D2	2611568F6EEEADD4341A2FD532DC863A05BA52B2D42C5372FC4B69FA2D18BACC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Abstractions,6.32.0.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9780719AA6F5D535C50086681F005ACB	DED7C5EF0C72B34D87E39A9EA62DA20530EBA63E	C09753B40BD5835595EFFCDC160208ECBEBAC8BC051C8E292C43DA48C128A852
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.JsonWebTokens,6.32.0.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D1308CE431886C1CDA01A1BDB1769ECC	76BC7D649499667250B247BF95C409B3972832D7	10C4A0BE3E5659E9CDEC858F4C209383105D358FF2477A832CD1ED1C7AC50792
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.JsonWebTokens.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D80E5B3DCD729A742B283AD88DB39510	336130B6881996FF2ECB41FBB81A2C8CCB1F6880	0F412DDA6F2B2D0187B10498B0A392A298702F53B91C0B85033FDE0B98A3BF8D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Logging,6.32.0.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	053047B210E571197FC901207958528E	0D21B0CAC223C033BD24FA6E8D6B4D6D00C9644F	DF0BDE0EDD560F5EFC5847DBB14B81B17F2B660A655016C4982009A4305069C6
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Tokens,6.32.0.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AA0E6E8B21A85292512D15419D421A7B	4B81518E404A97B09C609E1006D4DEDC701FE92C	4AFE357C5A99C7EE63E42E31D1DEF0841C5786202318F1BB3F29B4C3F16032D7
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Map,0.23051.1.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6D8FFBF39496687D381C03913B738C93	A937683C31968C2AC56FB993036079E40154FFF9	7296877C753D028578120F2BAE56B51B0FB91FEB6E1C16983E12497458A1C0D8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Map.BMessage.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AF9B834DFE5562E9509A3B1112811A27	4BD8721EA99B23C616565485EB5FBD11740834E9	B1A5BFC17DB50C46952719853F68C1260E1CAE327D476FF8F17E5489F7190D26
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Pal,0.23051.1.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DBBDC9D8A7CD618B681A490A4D73FC2D	63D2876D84B54F7C527BE1F888E2C8852AE99937	362EB893DED955D30F760FAAE5B46EBA3CA80ED2A026C4ECDF7C5B3B601196BA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Pbap,0.23051.1.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D848601AA800B5F61939DAF0EE7CE9AE	8FC445E911C96B4871D93AFFF065EFD6C0E33230	9DBA4FC256D9E181F21ABCB8AE463B896A2458396C43DEB519686B8C9517E2CC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Profiles,0.23051.1.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6F5D4200CC0EA3A808975070ACC32C14	1AB1188509B37100D0B8AB786441B128DAF3E7BA	74550C8A257021456ACD69B4459DB76CB9FD9AE401DA18CAD5B37240C57EE087
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Profiles.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A2BD664E16C6367EAB01222C0DEE8FED	B997550470D5A1A3DEA4F487BF2667BDCBA34C80	147E188BD407441A5AF9B3021E262726D319DD6BDD3C918E15056425A62276DF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Diagnostics,0.23051.1.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C0F525C16415B00D6EB8C039703353BF	47C6254E2F270AD37B42F747E3ACA12A4A1E633B	8565C732D8CC23D12A366B4EF64D55A8BE82D1D57B6C2441AEE65AEBF7762176
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.YourPhone.LibNanoApi.Managed.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	275A9EB3E27FD8B8D3C50048B4161289	A4144D67AA1D3BD1875FDDA011F5489A9D2A81E1	EA5061AFE97AD2A0A886966609B57FB8597C7C71180299E7C201AEC12A7E9AEB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.YourPhone.Vcard,0.22092.18.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7D0C485F3D74677C3554A7241A4D219F	4F057709CE8070B4E4711F227AA5121FF999C59D	2C2101894AC3C7C17D98D5CEF931820AB88C5C3C18FD7697F64E446E073F8575
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Toolkit.Uwp.Notifications,7.1.2.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	51505782417AD7D78E16ADC764F136B3	0BFD1E004F7B1AE864AB7C5B587968B45ABC52CA	AF237616216ED2961F8F7F600069C4CE0D62AA4F0C63BC7AECFAA82A223BDA61
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Windows.Apps.TraceLogging,1.0.8.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	950677044CA55B30637F07D4E7215CCD	19AE58E893DD93542A4DC2DB8C7CEC010154AE99	CE020110AECAEBD1E9685EF6D107D4A754A4366A3084A6F4F2B66C85D89C7CD1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Windows.AugLoop.Core,0.0.230717008.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	317B062E4FB6EEF2CCFE8699D7EADAC0	E797CB568FB0BD67F998F7B50D5786613953D323	EC5E9AECFCC8993B8023A10B21015AA78DBE0CD42059D61CF8D10173AB2E2377
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.WindowsAppSDK,1.3.230724000.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B11B5A9765FF6740431A83BF33423C66	237719F2435E4F9ACC94BA9771643C98DAC1AE7C	79E318EAACB54C317B8CD8E83D22269A80921CE004AED0290D18A4B58F11B9C7
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.provider.e_sqlite3,2.1.4.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	ABB4281B983ED024FF5597A61951CAD2	26B9CF4BA3C3C38C375490EA71D7544E5978D59A	97BC177CDF7117E74BE870F5329AD6AF1730C944E5492E74675385BA1019CBA8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Codecs.Protobuf,0.7.2012.2221.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B41D514D904DAE761E2044BDBE9F587E	73CFBB64ECB0C9D51790E663796C6409708726CC	C18ABA1F79A6C0D3CA599149F39B1077874C93AB0573F159C91B3784EE649AE1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IdentityModel.Tokens.Jwt,6.32.0.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2157DCAF7BFA90712C2E7EB8584F226B	2672D25CC7A05D41A7B9935B544CD93E5DCDACCE	84746AAF6CDED606CC1E46EC81C9D4825C37685D64E4D24C31D192B5BC5D27FC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,TestableIO.System.IO.Abstractions,19.2.51.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5F5CEB89B489D95F037705634010C7A6	95A4B52FDF6D92860BAE1607132D5789D799F7ED	D0C14270B9E4F12E2FECC26BC6344DB356C9624F1FCC59E684EB54232CA755C6
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,TestableIO.System.IO.Abstractions.Wrappers.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CA8FB9CE7BF48139CB9ADF5932B1D158	D4712B55CCE3DAF07F08257E0F5F71E68ADBC35D	8A7B7CEBD0C1E363BC6E36F3BB61EFF296AE58AD3A1FCBA4BBF7270D89AAD543
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PlatformSdk.Protocol,0.23082.41.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	770B3C198BBE498CC31E43B2645C617E	5E25628DFF7E46DB4089EAECC33A3AD7ED6AAA55	5703FFE183203C4D432C3C60DCD3E869B150DBB069590BFC1250A7F78FCEFC5F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.ServicesClient,0.23082.41.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BB3411CA228AA45162728BA1EF9A2CC9	7C7246DF8CD2A186F5AED36E7984BEB49B2BD3E0	6E00BC4ACDF4B1647EFDE5DFDA5C4E11C1E83673C64EEBB6B65BBEA05D68F845
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.SideChannel.Protocol,0.23082.41.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A13BD758E8CFD8C294AD138465FFDCA1	1E992FB25ABAE3A5C51AF86EA79E59144C3B0F9D	7F0AA42FE075B8B2E0552654E8655F5961778024DC0F269265286BF2746D1C00
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EE6F94253453D44C6DD10BF37E746473	E3C86026C7CB7CE6A99FBA83209A65B061BCD25C	2B8135E893DF3C1813E4505D911486C172C1AC9A9518B169C1738DF87B595D07
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A70CA9AD360788AFF07ED3DE0FB04654	7163CA9C7899E4C1B659B1EB6978BFF213326E0C	06A5981152B830CBBFB017E90E4D37B19A492EFB19FF3363D8B4324F35305D73
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.Crwl.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D87F3DAE7C4B6081C3B16DE1B2EA367C	F7EE95057A96C8B1310C1693B38584EB9E16AA01	38F463ED6359CF79070324F485059D367EBB1CB0958746EAEBF9B240E173A2F9
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.gthr.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FB02B564066B096F69703C1D0D5790D4	CC82526E77748AD39AE72DC9F7472B9152222A6C	BC28E9E080559F454E62351A96B2183955489C21BA462D895EAEBA4494871EC7
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.3.Crwl.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C49260452CDE0684C523585E12C8E853	18F6A9F1F1C538CE7EB13AC34A583DBAF7A39877	5D8BC0CF2F9FE267640DE6E307C07B7FB8FB849E696CDFE059AB1115F16E2062
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.3.gthr.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B8D47490AE5B568055643481D298A0BC	FF6CD79C8DC579AB7B463D36409161F47DBB3833	246F769CE099705F92FC231A5020E722403BB65378EF5DE967A198F54D2E4343
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	45EDBAA2B3E95FFFD6C83D50BDD478EF	7907FA62EA65C60715FAC95C34F255A9C5AF6FB9	A9BAD27770B4DDB49530BCD9869845643789395D7171084935FF74AB1EB41430
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F22B0CE76E7F33187F2F75EF4F7979C4	FE7E994C6DECB3957A9F6FB195FAFE4244251BB2	A3940CD347990F48DAE08A117625E33AD6B170C851B5E6A66D0E7A3682405016
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	ADB4450EDCF1BA35A91D83F82AA439DC	316DA012BF48C2CD84CC6F9384003095BCA345D1	30BBE949077502642C54A181AA3E0D0DA2D7D747DC59C4B66BFB6F5ED29DBA19
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9ED0268CA97577A1580D93FBA7C12870	8619274DB6D0B633CCBBFA8327A104345A7FAB56	F1677C9A85C415C0CC6B0E94085FA1FD6E56C9B475BE07278CB2C03BF736D27C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	95C4C27D230EEA91A1C7779225137310	732279FAC7954CBA6644242CA8AC8041FE78A8A8	5546BB20BE34C285DFAA94C5FA95F7651594F5E351DF299E916A6B0479E59CBA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	24B7A774998BD768255CD74CB5804681	ACB8B52F3BCAE9CA909453FBC54E03A0C5467AE6	E3458EFABC868B4E2D3D3DDB81271C4BF1867C96C149087922ABE16D14AAD38F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013Backup.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F9B123A2E0886AD3B7B8CFDA6A207E1A	6398378CF27E3C67180963FA29904361F46DCC19	8F51A6B2C782FC2E96C6F75B7EA4C0A38EF89D0734907428298DD6A1538E1726
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win32.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E2F964719AF7D37AA884596C642ED65D	EE0D86F88E11D4059B95F165C34A939E132A68EA	117493F1C7DBCED475DB125CECF5B9267CAF12FD0427BCE9CF186F7BC2066F06
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win64.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BCE51A651FB660BB7C6DAA4142C1FE4A	0EE7B82E53E49616D1796D6C08B3E2C1F3CA6493	B79FB01E202840FB678C4C699DB9C48A173F341FAC9C7FC2C6774D5ACA305688
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3888F1FB08337821EB4DD7C1500CA8A5	81A8C7AE5AF03E49B90F7AE7CA23891CD7FC89C2	7EE782735C2164B3222CA29949FCB7751FCE472B228D2EE0737978FCB801E55A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EB52A4322FA480F2E134042FBE6596F2	4E31CE8BB85C3E5F1D9D94CAC890ADA5FFC88C42	D0E3EB1F3E7FA9D1990AD1143FDB468D261DBF0A9A5AE269A7B29B54E9D0268B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	359232A001097583922CBFE896A80A45	5231BC2966A01AAC1993CED22719FFBD8ECBFAD5	9BFB76E976EA625667D393DB34F35E289B0F985A09C22FD2F0388F9E62FFCBE9
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol_.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	949E0729A05AB3DF105E7214EEE7A71F	7D1A0548B6A610AEAB8EEE8C1324E03C6BC43CBC	8B08D42EEAD7FB6519AB75C2D99F8312097F77B7150FBD0208D5DB43296F77B2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\02305155-8ac1-1189-ff55-b7119a53887c.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	78E43C98B7AA35F4995248172AF4A192	D9C1736BAC786FC4629B8705F1DBE929DFD9192A	9F08CE96B8A32F7FC2A7B7EC72731A9B3530CAD9040417EA993B2B437E22411E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	527941D3DD33BACC52462F23FF70AE8C	BD488F798EA0BE79C5C8635679709A95F651209E	C1D33AEE708C587117D483EF599235C0E3FED959BB4E250E5A478D6AF59D16AF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\0890ad2f-b74f-c384-f684-9c33f8f67924.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8C3B643B1809AACAB8C93DDFE26495C7	66AB1B1618CDACD8E3DB8502DE9E482287111AD5	A212C069861E0BA9A57B14894C84AD63382EBE712E8DDAB6AB6A5FA6D146D920
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\0a8c1492-65ca-6a01-de25-0e183559d10d.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0B8B51555D5FDBB8347D23EDB561DFD5	C0E5BD28AC95A5B27DA01A496BDD787BED62349D	9C6758D62AAF8A840BAD75F6CFFC7F50397EC74CC567448433B635F119DB3BCB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\0f8e2cd5-b8eb-7a22-b9e9-9b1183fa0a84.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A58E1AB3CF83CC933D67BB344B261F96	340F8D75559BAF8F9B6EDC9D2543E1B49019C6CB	A83050A854518CAE26846738091808CA21CE6132535FF5192C6D0058899B6BFF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\13edb933-4688-0f79-3d0a-499edf952ba0.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	351BC987670DA7F1BCB12B9ACF190F38	8A4AE26605102ABCAD742C94827F14D673E01C63	889DDEEFD86BFD9425F07BFCD86E6185CEF8A20B0267FE9E52162DFF512F0B11
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\18549a9c-bedc-b855-f0e6-0787d8b3300d.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	58E0C069E3D38527B7ADF70F93AD93B2	DD948257F410394880230E8A28C330EFD1B39852	F1475CB0BD8EC77CB8781ECB7F99493D4DA75C2E95294E12B9096FA8BDDBA6C2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	47EAF88E9A5432C2125D12C90CA16ECD	CA5245B6B526568323DDAC578F0DEF41D71F319F	EE7E7222462EC65889F1A16B655ED35F4B8AE48EC68A253F18B1EC6F383F9FF2
C:\ProgramData\.curlrc.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DBE14B1709C16C328207D647833F7A3E	5FCCE33985B2A3E2A6A16CA3BFDDB6A360625C23	751B19494477BAA1094D824F9B2B00397AA508C86D583A57CCCECCC47A8BC39B
C:\ProgramData\.curlrc.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D9D75D4B4C326E47CBFF86BF4A1427E9	EB392C34B4A65C1568DC48B3B69FC3C347D56584	1DD1F9D6DC23C586FE5D52BDD6F020A10F14D92787B32191A090DD0BD6E614F2
C:\ProgramData\Microsoft OneDrive\setup\refcount.ini.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2E6613047ACED0AD2E5503AF4F5321D2	FDF503309F8C7A4E7612B7D2D1CA4F918AF0E2A5	03397CFFF2FCB17BA8393386B2D379F4E6247F0E68601E5B351C44C8BD10B976
C:\ProgramData\Microsoft OneDrive\setup\refcount.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E6C9AD7B3A2A424909E43D55B34E5EE1	08FC743989D9357120CDDCF5E116B359DAE48610	B0C2BEE7A00F65BA2EB21ACD8BD5AC65430E3BC931E170B81DAB24C6A3DE5375
C:\ProgramData\Microsoft\AppV\Setup\OfficeIntegrator.ps1.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6C98DB1DF64FCFA2595D08E8320C34EF	28B6DAC64141DBA1A5BDD3A26E7140638B7A0379	CE4EB52404B0AFE23EA57782A63D54CB98D1EAF584A1115EDCBE6C05267E0BE4
C:\ProgramData\Microsoft\AppV\Setup\OfficeIntegrator.ps1.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	155237F844B4307C2BD7A1945FD4525F	022ECF88373BE4C3954F3D9DBB60A6BD8903CD37	BF4F4C76A7B7204053E18E0BDB2FEC5FE896B1B8B9F92428C6E107E636F1438F
C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BE3387487C4BDF2AF0F464DD2E89E199	4E81F2F04BBFB16F11AC79C0A4E8E2B1D2136C81	DD37A291470BB4E05B183537743A0B03FACF54B3D86F9B73E407099610A08BEA
C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D8AFBA8FF3331CDF6FFBEBA93761CF17	EE1D9579C5319530C50897DE37679C9A7EFB23E7	49F0A32FCC5851552AED7D6547553EA4322DA27FCCECB6C185AA7A8E7A052A93
C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D68B648C12113511CA90931E6DBC6866	F48475D19E2457E51549211A17D75F98397107C7	7A3DE1E36740CC8AFFE4BB9297E3B3F31A2A44DC9FFAB33314D897445A75F1CA
C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	34092E946648ACEB2816DEE3F62D383C	1787233B81F22C4D3741A23E28F9C5D1D06276A4	14EA49570230484F9EA91319B75A06B66B5E96AC53E75846AB1FE3FAAFE4E1B0
C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3EBF52D0ACB7DCE38FCFB3DFAB8E3F3E	A5C915016974845001542D5E597EA0E169FE1559	969BF2F794F5E20A2180B264EB729A605FBE883C11FD937AE090C33697F0EA7A
C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2263A8840862BF2EC27F29428A1C1AB2	732142EDE5159CDBC9C1B49D94A072867FBB4E93	AE68518D325793D42E36DC0A338991F017DC47FF451B5E93A4F947DB6B804CA7
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\C773B593-9C79-47E6-BF01-073C12072B16\VirtualRegistry.dat.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1AD40D6A3D323F89002788101C58A777	9623585F183918D933023471B3F0865890C6D590	4282C828EE5519912E31A64F4CA34CCC9F13E5C389CCCCFE4C56236C1DDA5188
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\C773B593-9C79-47E6-BF01-073C12072B16\en-us.16\s321033.hash.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A8732F853CF88DBA26D8F48AB13EB6A7	E8E29F4720D8050E0B3CD982932AF41731C0FECF	208904BA46F567C53765E62F9C354B3B36C2EC0A1FF76393B96EFCA4A5AE34E3
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\C773B593-9C79-47E6-BF01-073C12072B16\operations.db.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0361D1381219DE96A998D154DE4E7E53	E919BCD4ABE22D7FDC8805BC47644D2EAEB805AD	7851B03971EA0F8963600DE71E448054F446A905B55CBBB6C2F37695C792D21F
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\C773B593-9C79-47E6-BF01-073C12072B16\x-none.16\i320.c2rx.hash.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FFF664E34C150F0B2CF49643A61CF467	E9AC84378FCA329DACB987DBC539B457FD861FCF	E2BE44B918F89071A912170C44FD77D948B32585A72975C600FF8B96D2B5C0A0
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\C773B593-9C79-47E6-BF01-073C12072B16\x-none.16\s320.hash.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9D0D0F87B34560B0F2B42EAD3FB7ECA0	A93E71744A01EFD63BE22D508836370C4DD49832	A6E69F937108F399EBBA757B74C082557A43961A3F9BD476B4412194C44E2B77
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6AF056C9D132DE28FF3FE9806E1FBED8	2F7587108EB27C81CAA27ADB38272160D940A996	13A7105B8532B5FEDBC0CA0EEFB6CE4C0E7407178A16D6F3CEACDD6AF3D76381
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	922B232C8330A42EAF59ED8555880125	21F39FDE2180752FB42C01E20A24219DF521F62B	E6FE15FE365F83AF2378453D817CF5A589C88A65D2B5EEB43B17AC917FD48D14
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FF33BBA5021C2F6496BDA5EFDCFBA3C9	31DF4643E0034E030D63F56B74B80A69514231A9	B9EC1A7546E05A12ED971EE6B55698BB53ED51FE913142F1F7AE75373186F44A
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EE8FF21380622DC59AE1A933066F4309	2DC47F6A9D02172579FA09B5EC8696A19DEEDB9B	D85E4F4BE319B0EED31907A81504A1759BEE784B731F184A5CB3465D05972E2D
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9A71EE9FEC759631D801F3CCB35E6E99	39CB8FF25677FD7A73D7CAE71154FECB62EDBAF7	2FE44CF385C64CF048EC2BCA3368F31DB2113165009801385B9E703E5D97C430
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office64mui.msi.16.en-us.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1147ED944B8C169A7CA803666149448B	D5EE6C237B97153A2926E09399B5CA7B701EF2F2	241F8BE456E3C856294EE2C494AA0105AC3EB375FB0336FD2E8AF867BCAB6321
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office64ww.msi.16.x-none.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	899E72B86102354649F48964238A8DF8	F1AF081CEF05A732164C10D3810094BB22818BCE	D9394BBEB4DA6FF1CC2D894697E357F709C5E27721D5C94A28775EDE621B9922
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	17CA0D95D7BC72C10BB611A57F833EAB	AD133F6D46FFC6AC9EF248E1A0C2429BB8087320	EEFB01EBA7749955B812185C19C13B05727A241AA5154C6C996954566E23F2E0
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	14C47F9985DCD2A089D12FA4B5FAEF99	FFA355D17F06A23554B6E2B99F916EFC9133C28D	6AA294178B1729DC3F233CF120BF0C0979A317F13248FF0270DC4C6F4EC0AA0F
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F91B2ED3383CC79EEE2980A05381AF12	FC6A80BDD1E04BE3BD9897A866653F55B9213B82	702CA6A0CC7CA1449D8C7D7E36ED80CC293038597867C423F06036639763DC68
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8B602D6FE33A545E793D90334E1F5482	E2AE27E501809C4C11491429F699098F7DD65816	C6C73195F54660976A46C095B689A899BCEC4B0346632D275A4910421205F712
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	46B43832AA2D21A772C234D2D3BEA432	2E92ACA3DE6BA7F69B1E45FE0BAA3752511991FB	D4DAD11AED500A3596FC8FE8D6BF2CB97EAA6DC1AB5E631C1DF58813687DC31D
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7E909A41C3B839F28685BCAD2E3A397E	B8702B2E46105415370074537F14CF388B883A19	E8C84A5E01C89180B509059B89B231527A2E6837CE9A0846E14A450952C8193F
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	44073744ED1E678DD42AF5F7460AB55E	194D5C9319967FCF2FE9FFDDF8EE9332F496A424	F8F4456846FE36591AEAB7AB6043EDCAD1B88F58549F410E67F424FFBACDE0C1
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	04BA98277DAE7BF2AB2DE700F8EB4310	B84F0F0C0BBF959092C805759BB1F2D625A25222	CBA9D0146DF1BE5D01E27D9CDE081BB7AC8701AA1EEA1C21F1D0579A63ACCE29
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A67A452E2453BCCD0A75B7F6982EFF72	251980C3A453048BC2783A1963C09F9D1599A854	1C0258C085E23AF07013F04FA473F9E9FA8501E416D581A23BF8F259D7502EE7
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FE464EA523F0DCC6F9032CF1A068378A	1316367D119D2D2B9689EDC66C29C9E241FF9D92	96C78B323260FEB268EF7570C202B4BE6149F4FC13825F94C19C919B3AA7E2F5
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	58D183486475445747CB2CA49EF9386B	049FB5D8D47F3C6C25C981C2F1F1CB55C24AB262	8EA6FE101F77A7106E5A72643BECDE631800302703F586CFC5068FCB7367940C
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C055D5C221678DFE000BAB2624975011	FA61A6757CA19C286666F758C246BD81FA16F869	E56E757938C94C4651390E3A33FFD5DA3EB20ABB937439334F0475C9C37B6A75
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1BFC2228A880D22CA86C11100008D11B	449E408DB73EAA683E2557EA701F9E57A0F4B69B	5C43B17DF44920815DA1C72582231DB9A3CB9668BA018CC059C3E157F9EAE43F
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5606884A933669A7B1D6E3653551B3D8	A3E94A7B0BB4DED862034D724D04BD5F44E33553	D08FC05A241316074362994C1A72D814BBC8951ED572FCA1B8E0054B3685E567
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	07143FB48D499C4EFD69CED8CD221B36	C5BCDCC7A31F8ED6F7AACA763513EA911C240DD1	3B01C1426BEA71391BA050372E1B6F78A0CFD0579173527E1FC075DD52177C19
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	128DB4139B6770F496EC420E77F0E271	60D1CB2D5C1B16788580F07E20CF28BED9375A06	485A6C7802AD9DE3D69BFD5BA6F6ADFEE2A42C7B8BCAED5E7D17A1F785D3A509
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DCA3DB870F9B4C2EDC4DC2BB52E7E6A2	4DFC0CFCEBDAFAD1509F083AD06CAEA5AB8B120C	CCA5B3C647BED572D74C72F38F176D4C4D27048905D6B96F9D0BB89CF5767853
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F9A21875AC1C55AC9E032664F73CE1A1	A84EDA15F090D0AA054861242119D2CE522B5973	5CB21F9FF8782604E24E0858AE874ED7BACD938F52C61168708EB0F891496206
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E79B381886859895AB013F80436E63FF	4CF02DCBCE0063B4052ED92BEA73BA567993CF69	D802F1F6F45ECEF322C9C3FF4BF3074C69AA4F6D22426043B5AC485E37783F38
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-GB\resource.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BC53963393863045642DEEA6DDC53FA3	E0E2B0B5E266DECC2C60EC8AADABDD8FF8D0E2A6	A1AE1FE291761A74A99387A9828ABF61A22DFB4499D1E15BED9E37EC8C452DF2
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	28BF0C86B68E401608E6BE5CFAAB1346	306074F6ECB9484888D5A5D08B098FD97C77E207	BF2E3B5CF43BF139FD7E39FDC5DAEBFCADDD7C2DA2477169DD4C1B72709AC218
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D9A6C686DA0B90240965A4778BEAC9DE	AD573860C8B77A9088F7A733110D94A53DF793F9	0C4BAE748D98E5C94A8E301E0F886CB6090D28AE45C908636BA844BD0BF47E30
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9E6F0391D95BE4ECA26F3337D458A567	CA552C1DDFB4F038EC233EBCCFC3CB5166990104	B30497839AE106160DC9E1C81DD4D8FE2FB0AFAD2E89E98F0DC85F6633D876A9
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5520295754EC0063CA5E66E743A57639	67F95E74249E1F42F307DC9FEC0ED5B153D11344	952A87F102C6B79C744BA96063006C07770EEC8D218021AF00A0E5227C3CFB83
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A8BBF0132AAD21D6FF9D544970F23350	865DAFB5FC70EA7DA86C04E39CFEDE78977034FA	5C80381CF7A0F924B01617708AB276866023505CE1CA15A67C4C7288F6511C0C
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	173D981126EF3A6BC897CF74EA0D7BF4	E0805FFD4FDA37DE06A596A71C6C25D4FFAB9632	06B10174899A266F07D9B3E46BBD0C7B2F3700178ED6670B16F325662120984D
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B844DFA7874370FB1589B86E8C0D1BDC	1C7501EBC1EEF56800972995621D9EC8C6DBBA47	800CEDC33BF373E27F1E344D9230EE425DA2B2B5FBD4EE36DA01F4F6388683CA
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6E49CEE15B2629A064AFCC576F45C531	E32DC10FDA9D9716AA501E48BED26B8A87E800B4	5AB9AF61096AAF4B88C4478EDFD8C73D0CC7E66C1D2F76E5A33E67406319980A
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D68CCE4D8CB649236C2C498F4D468132	C656637C4BD2F90C3C3889B2D2D38C731F8A5931	3B1C5EF81E496CE86CD05F4363B30D8716ECE348F51DAD9A77B9A8B85801DE92
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7C5D5D2F4308F5A80716EB41B891BCD0	97A1F16BF70EBB5B8EE6074F27FF651A517B0BAB	328C6299825BE860A85CACBBCE56151684E0C87FCAFAF787C18196CA590AFC32
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	169285AD126CBF852F4BDA005C84ADE3	084273B7DDB729D310CC0E314493F4F6BC57C0C1	E0B8EC69BCF85F36C1C39B5D336CD0D5541C58458F74817D6EB418FB531881EB
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FD2320C762BBA9340E50087FF9A119D4	DBB2F3CF3411DC2C4C31878F380C16012133AD40	DB12BA788F7F6C09F967378127660E0E3DAEB8AA5A8FEF05C2EF4755E4949B7C
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BC8561F80E3952D1314041CEF9F9070F	8F6891C8DA75EBF33EEC0D417B0DFCE3669C2040	5EE0C7467354B73C69BDDB68F480E704EA1BFD2D402A194CDA747502228B8C45
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	614A3CF58998ED1E8345CC5E5F0695F6	64BCA7430EDA2E0A62DA7308118BE3768048421F	B5BE23EEDAA3CE06C05B8169CD730F83208570117738788A1AB7412F7214D906
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\TELEMETRY.ASM-WINDOWSSQ.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F8C4D8DF3BFFC520689A3F1E5D2CA52C	B74ED849EF29BA381CE995F254D2837D9921695D	6F0157E970C17AEF80688317FFD1234713275E8772F69612FF297B3A67C295DB
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DF2EF0C278E4547CFBBAC1A3FDB98CDE	89A4F75E87966811DC8A4D10FE527186B3D0C72D	C1918FCAEB7D257D7736501B54D6201719B4036E9ED11E32DA3E23E4D461471C
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E25512D1CEDB83CAB3F0D2EFD4655273	67599680025585230F2CED046F0DB6BC09B573E3	EE0348A20C881B5D39CA9A7EB45A475202E5E328DEFE2432E35CD91814E18858
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-Eco3PTelDefault.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F64CB1A7B960F20D8D4DB6AED52F5F4B	4D1A1188C8F0A592B6F4C61E48A05358CB07BBAC	E8073106BE2F16F6EE5DF408BBCCEA22412FE01362FBFB099FA9DE49A75CBD95
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.allow.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	389C92738D8DCC8780FDE4A93E96C7A2	9179B3A3E3ACB8324D693D6EC9294B5DC1472F8C	3FC80E4A632AD85CC2E1B7BFE58C7D6E675C965682B01E54C93EC4102892EE96
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	546744C2E02290B9216395AAC71119F6	B9B4A8CB49930C8F478DF3EC4CA9534FB9C3B5A5	49E8A0521AE0E5B20F1D9892A4B1F2F898B8741DBC9817BC88F933A981818C78
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CF714EAD8A19111492976C5BC31C2985	0059BE35F9B1DBD51C3CD1201B94779A348042BF	26A0BD9592AED324E6ED6616E4404709272419045BFB9DE6480949C2E2F0E11E
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	386CC58A9711ADFEC9817937AA1896F7	D4512BB29EA4B555D97D3BD8546580E5370CCA2F	650913EA122E4F543A1928D5F9EF7A6374B23D2C00699E325E7651EA9FD65944
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	972C2D00DE0F941BD6102D5D59001719	72F5F4A10AD60DBDEDC45B09BAAA18087C549486	19BE2A1A56C289ED4BE922F108C3FD9D4DAD31AFD0268D9D08E8E7980D444CA8
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.privacy.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F918A13DCACB7F0DB044A2B327660732	C5AF3CE8F2F832CA9785397A00DE360EFB2BE0E6	B22977C3CBE757DE7D05B720DE4F0BE40CB09A429B59DCBCAFF65AF6C3A6081C
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.bk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7EE329792060D9C59525C2478FE4E314	6031312DFABDBB631DB4E149152F872314482A85	7D4B62AAA35EACF816298B2EFCA0D0020E0770D35FDE91C48958489889706436
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.bk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	64EE64EC569480CACA6CDFE52804847C	6BA81BEBA1429AF515C54B9890DB19AB5F0799E2	6A89D69A32DB4A19FD28C28016263F8CA1F0467593B2ECAF75CC3DE3E6B740BD
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E2558FA6FABE8D32C2276549AD517E86	2BDE90487E0C6CAF47A2BE4467F8D71DE4337ADA	C4087A69D09CB0B6F1F75F7B5045AAE99B5B90595E57A373F682444091EF98D8
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1228A96E9C176E5F17563E3FBBA023B5	EB12234935FC2220DF6AE80A5AEFB0CCB70CFBC8	5C8C3B87E487C16578B92B594FD2C70EBF3403FDCB6EC7A901F86957928DAB0C
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\Diagtrack-Listener.etl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1153A1EC480C018F9002A65FCF98550E	323CA0B73D410674935BAC5622714F4B05980F2A	A6B09F62F4759086C5C997065AC5CCD159CAA8F67276C760076F588D958AB919
C:\ProgramData\Microsoft\Diagnosis\EventStore.db.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D2F94D48052D0EAF8EDF606A927B6FF1	DE8FB4CC23E6675BD32E754F2BC9FB75DF66ECD1	0A1222B97A7A795064287ED0AB6F5C0939FE75DC8D24CF65719703CCE28500A4
C:\ProgramData\Microsoft\Diagnosis\ScenariosSqlStore\EventStore.db.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FE6AA75EAD5781791A729FE0940F319A	4251DB01A65EF2F34D0BE12B5AD09706379B9D7F	D3332F373F418BC918F0636988A9A2F326C26932E3D63961B2D015F692E718B8
C:\ProgramData\Microsoft\Diagnosis\TenantStorage\P-ARIA\EventStore.db.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3E739E5F644A165612104C2DCCCADE8E	92120620A8DDE53EF7C19A1B3500AEEF5F0A2558	8D7F11D2BC67E52781BECF9B12AE692896979686DDFF75A83D2D43C8BD85F549
C:\ProgramData\Microsoft\Diagnosis\osver.txt.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2D2EB2CFF79A9F4A406C1BFC704E3993	5ABDFBD347688626908D6AF56A76BA264CE7241E	EE5F196EC8B1B9D33338572C8DE144273FFDD3B5BCF5E67C0CB3EC1349590410
C:\ProgramData\Microsoft\Diagnosis\osver.txt.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6988EDB3CB1464181FF1BBEEE382EB72	0B56F987BD826CC2CFF4F42384369869A0DA24B6	DEBF219E9982FD0DDFC45058B6E2E16E367033AE43C948DEBE1BCA5343EDD55D
C:\ProgramData\Microsoft\Diagnosis\parse.dat.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4D43309D2524DBE7FEFBD3886995BA83	E3039CA13778E80ED4718714BD949B1FD27F9657	1347E3B248F3395871A255D05A386621CF3A96C2BB78D4A210AA33D01D163025
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	305283616D5C7E80882DAF05F2981A57	1BF19E686FEA4E67CD0099662547C79AA134017A	65529A2084D08C3EA3B0F2AC2139F4DEA50D5E5EA56E1DE1CB204FEE8BD05413
C:\ProgramData\Microsoft\IdentityCRL\INT\wlidsvcconfig.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7E29BD5604B6DE23BA2393FE29717BC5	365121334E9F4FC198B45351A4CE2A4F6950D6DC	B91589ADE0C735CF4D4802D42D380B4E37DC9AFB74214F047171739AD87CD893
C:\ProgramData\Microsoft\IdentityCRL\production\wlidsvcconfig.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	51959EAA8C8BE336ED5F86A249D8E171	C2CC1C1594BC6BA924FADD11BF80611AD38E264A	646F2E3CF18B05151ADAA0612C6C73D5930B663012CF0531CA96879A08CAAA9A
C:\ProgramData\Microsoft\MF\Active.GRL.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7A281AC4C6FFE18118FB40CE14350E71	1A22E37B03F95C3D54E0F94DF91AF362F81B8993	2884D1719538C41DAED87716653588981199C65A61B081A4CEDA2536502469A6
C:\ProgramData\Microsoft\MF\Pending.GRL.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	088D9D53140D21DACB17FD0395BBA081	FC36712CF4806CCB72026E3F9925892C8995F191	0FA7655E0C08E436731F85F054D7CDA87CBDC66BBD9D073F65EB4C8655951665
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,ConcurrentDataStructures,0.2.0.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4DCDBE91B7FDE5BA2AA38C736147962F	6A82A8B9693F66E7366E8EC9E1F4FE5A12F6AB79	D6A33C230BA07F0A7BCA5F0D6EB99406C64B9CE2376F0C15DCDBF9DF6F0ECAA7
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,ConcurrentDataStructures.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	49D96223BE3D9C78128700C505439DDF	F4E9C9C9BE8AB100F8B62E8C68C4DC2EDDF854B3	2818903B1783EDF53A6CA7444399F56407587A78061067568F7A19CB87F57F19
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Google.Protobuf,3.23.4.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	236D3F20C94B425EE214860FFFCA9866	A7F9FB06F142AC4F53C96C486950F81B2C4FF47B	A4EEA0FDC6AFF3949130303CB24533E9656FCF7049BCED4F94348072BDEBDCBE
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Google.Protobuf.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	07E29BEFEC2561B83875193C0F73C8E2	FD5D98308E25440E767A659FA8394F99518C362F	8A0A5E1161FADB191CA7D6704E96EAA7DD659BD42F5242B81E0F6BB4C1806E80
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,HtmlAgilityPack,1.11.46.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	53F91CC31C32A49F54600AB1F29998C7	E94A99B1AFD0BD22E244B155F3D15D30368CAA4E	377244FC6BCA2488F971DBCA1F299B9EF5E66650DEF234B85B7CFE3BAEB7B632
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,HtmlAgilityPack.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4208D8E83D092841A21BB90B5D17920E	6CBD576D8E6155A84AFA9FC8E0B2C5052A86916A	E16489DA75E4F1313977F1153B43460FF865AFE353EEC00AE25FA7852B634E75
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,MessagePack,2.6.100-alpha.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	879B44F66FCB9510F1189872AE9C140B	3942A8DA58A6D4DF39273133CA4E186FC3F431EE	67223103277DB40D404EB76AF44588BC951867C85BD5AE1AC329182693E7BFA4
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,MessagePack.Annotations,2.6.100-alpha.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F2742E4CA880AA369689027A73BBC436	62DAD2BB97E602F5C4B1065EC26571B2C98F88CB	A4DE27D5FED1E12B25D0D87B78642CD14CF33AFCE2A23182725CA0C45782D708
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,MessagePack.Annotations.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BDABC7B559EAF7F4AF148F0AEC05245F	5DFE7E7CE19696FABD4E0E8F954AC4DB78CBC903	8B50095D36109C3686BFAB187824D4A743E59967C8BE721D04006A92FE426D71
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,MessagePack.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1B336E5330A09596A324AF0ED03C051E	424C93E164ECD54BA78850DF73781E9247361DE8	5ED319587478AB33A8BB454E8EDD115A8B270FC6D7104333EC0AFBEC2C584CBC
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.Connections.Abstractions.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	24CCBA3066851AB6F83D1C85F8435196	1C31B020AEB8919678AA0FB5CEAE488FE72EE330	46C0E38025BED76853D76A7BBC626FC8D8D89B4BF6EE6A810BC4EAA8A7BCD8AF
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.Http.Connections.Client.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E3E14554B95EE1BEF653E29B1FF650A8	B4EEEC5D18C51025D3D757F080604979097DDAA5	6EFE5A8AD19817A3F7FE5999FCF69D9B5533711B0A3F144331414CA1C3AE025E
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.Http.Connections.Common.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DF64D7C66615F9A68AE1979AC3CD2757	8997EC4695C95C0143DDA11AF2DA8B164C538803	42241D2BD7BA60EB45D0BCB4A0256D10682BF04BE3CABFBB70E6E6D24A89BDE3
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Client,7.0.9.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9D43E30CE9F00CEFBA3248570B07FDDB	71FF8A94A2A3AF85B2A53EE883B5DE8B44D31CBE	39F6DB4DA048B8677AA7A9434E35A90C1791B68811338072C6FF2DD16DC2E244
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Client.Core,7.0.9.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FABD3B434C0CA825C1F15BFBB68CD562	3ECE0262E3C502B46C15369DAF03F1E399C76C5A	67248681EDC4F63DAEEA8A15A9173D383D80E49D75F805D93E8FA006337181FC
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Client.Core.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8B02F6F6B2F30C30F2CFC97935C40219	C802DE425F6902D5CB02010CA65DAFD8EAA2F57F	833AE7DE81F29A9C27F8A394276DBF529BA747A77677624CFC542B00AC591DE0
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Client.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	235CDC0605484938D6B8AF44F6E0D2D2	AE91A68CF42B4A851FA3842A4CC52643C62F280C	34E9C7C75E2980AC5BCF847FDBAC13F1C3F7CA2D81067D66AD8C60E28A13C4B7
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Common,7.0.9.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	468FF4339CDEF6F4913F201D18899D86	4FEFED716E6B7598AE0C890FA881B1ECAC6D6150	CD4709D54023A35BD28E10DEC8726270491C44AAFCBF3F8C0FAC0F7A630455BB
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Common.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	38DCCF5312715551BF0BCCCB4E71C5B5	3D0138138CAAC0C71B912DCDECCA5289E48B4C1D	3E57C13763565B5D1EE6ED2DC0B804FD5EA3F4BA794F2F30CFF0A9525CF15C64
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Protocols.Json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2617B38A301C7566F5642192079464A2	D5322094746E85EF869357E770B07E783D124BE4	EDA711516ED3AEF792A39F002DAC7F6C739A489EEF8E17C4660A15455FB9933F
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Data.Sqlite.Core,7.0.5.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4E37F6831C56C01C118F4B8DEFFE2EA7	D5462C2698313A8E910825904410D2DA1BE4318E	A8CEA17BCAB65A6C262C563E6D2A27972B90EA066C1C29B0095CB8FA493BD206
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Data.Sqlite.Core.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5FC6EE7CD5A2F4F58E8512C13B7C3BC8	2D9535A4394032E6782585DE498CF012B63E0E70	668481084872C21F1D57674402F9653E46F1CBD8131881086B04C9100EBB4AD1
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Caching.Abstractions,7.0.0.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5E43373D8652817DAAE87D7ED54F03EF	CED7B913718A82CAFE4FC412C7868CCC220DCBF6	257A5FC5638F681E4A0C15CE4B7236496566E5930988D82C521F6E63D955F7BC
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Caching.Abstractions.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FB19E8FC4922C6FD0A6382BDE04A8633	CBC42F4943E35AE5DBCCDC5802A32A5F802B1B0A	AD890D46104151EA6C0493F0F3E89906A48789241AAB37B3860426736A7102C3
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Caching.Memory,7.0.0.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B7864991F7C0C867829208166E40AC16	93E612D829D91DD20DEE2D8FCBA7E8E9A9D41CF2	B487B718961272005357D7507F3A14866DFE93CF6F6EBFC6B57F38F5EE36A4E9
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Caching.Memory.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	91FFB083F22E430185D5A4DE9F3217EC	4C8F367EFDDE3A0D2C9ECB882330354AE6C331CE	21ECBD27CF3FD2A8DFC805B6B917CA6B96FEDE4CA2EA195D5A5946A02A739342
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.DependencyInjection,7.0.0.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1679C3D44DE1E4D329525A91A664BE56	C60A986D03B5737EAD1B476F8F68B95F1985A04F	6E0D5D6C34DEFCF0E6F8BD6F93C35966930F083E7A7A69EF7733F257EA0A9372
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.DependencyInjection.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A4D3483A5139E1396FC4FB163DD36EF0	08335B108F8F94FF13BF9DA7CB9856903E160EAF	00EEE6129EEE6A9E24AF21B047C1DD2FAFB0DC6006D6C7B85C4824880526996C
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Features,7.0.9.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	208B617C76FC8A403F9B53560EFE11FD	E9E80369C13A65F6BE693A9F4344CD769BFE218F	E4B1120C62A7E6223E3D0AA3B18AD643F07CB62ACD02CF5172DD1FD77FE56B4C
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Features.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	ABBFE0B7FF51BD3178BEB8BDBE787BDD	AD5C85072553F7561B58EB39FB2D2276A4C96190	8A576A0B8DF7541A00F315ED765724F16108C4CC3E7BB0E9FA22208593E6F2DC
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Http,7.0.0.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8621A1DB3BDCF955DDFD2F138001A89C	6B84D04DB060FB86A609FDA1DA87B8FEDACDAD34	859C96B65DC1EE205B0D372148C103B5ACF8A4E6151586EDE8A5095E24D45FE7
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Http.Polly,7.0.0.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	920206FAC51CCEC88C6AD445FC50882E	8EF15B519D528CA3ADCBD3809E4BAE1D436F6B56	BFD6CB7FE9C00862E2A827C29428008D2CD6554D118412294D4E0963C20B674E
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Http.Polly.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4AE60D47A5D1145A10BB3D0ED46AD758	FFD72AE0C600400774DB19F7A19AE695B65D9FFC	2B37D8C51BD4556F881F8DB7840391DF7F0E8D59A98E9CE22F8625863F0E1461
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Http.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	31CC1FA8724FE2142032BB89F1995AD7	4CF803A4FD0C384F52A6EC219EE1BC5A68A55B99	3FC4CD2138C53AE180A437BFFD5010AAB95909BC52780295F51FA940963160AC
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Logging,7.0.0.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1425D8206C00869F2EA2FF04AA840C82	27FD662AA45F6696227DE54A3C184873AA870B82	B231E0B1D6415B4DC8AC833CB7FFCB13C4B8D053BBE1914501C35E31C68B2D7B
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Logging.Abstractions,7.0.1.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CBF15C0FA39310824F01F97E0A7BB002	635AF1F2E24E762E269FF1CA095BA75E9866542D	60E40DB4236B304DBA60AE8779D59996859614857371EC7E3FCDBA2196AB442F
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Logging.Abstractions.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	289855E34BDE4E91DD1A85DCC1B3AD18	16C6B67DF4CAF4BCA5B37EF29136972AC9AC6C72	E57D0C2D83C92CC001DDC3304206DD10AD0AF594883B1463714228AF1FE6A3BF
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Logging.Debug,7.0.0.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8D875813B53D6404A37AF0958048F6F8	55F8093C83A862A7E98BFD8A720BB3FB58D1A02B	1F3DC143C63E3DB5B1C83490683D85266044DE51065FF207779632BC209967AD
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Logging.Debug.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4538C3E5044B441759964CC5659003EF	AF1464BD8836687ECA4C4C8436A1DB2273796B7D	52F6514B0CF9252DE041FE85C0ACDB5C82FB94F009E285775320F258768113B7
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Logging.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BE3A9B8A61842FDB1DFC9FA14C74D8C1	CA068D4DC04C29F82CD11E52846A16C3F7000CF1	306242C7DBAA2DEF67FD33B75D69C4F31EC0CFA7E92FF4D8E462834EFDDD0EC3
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Options,7.0.1.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	82EFA37CB804201F3FA9D4AF8186B7E1	4B7105F6DC5E8135B03A92A902ADA652B8AC8C91	E0B526EC99F7882D6E197B6E02F8C72C0B8D9A7D5C719D2ADE562A4432F3364D
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Options.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	ED6B8A05CE204205BB405C5A5B229879	A7E4BAB81FCB76AADAC67B09508F93E306B22040	0C43BD59FB242427AD583F549D528E5298528CBD985C10E9A90FB0E35E344580
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Primitives,7.0.0.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E9472D06D10D1B9010BB3A06CE26A6FC	29D99A1622BB9D236AEF10099BF415FDD44B00D2	2611568F6EEEADD4341A2FD532DC863A05BA52B2D42C5372FC4B69FA2D18BACC
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Primitives.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	ED4E3250AE0EF29D8081F4188C084CF7	79E7E33732A50845B1142F8DB6E247BE5A08DAE9	3BA241030331A53D571F3E108F14D1081C5A646CD000A0854C3D6D26E4BE3DBD
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Graphics.Win2D,1.0.5.1.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	74BD509A2E0F6FB21139D6787920B7C5	6B5631B2E86F3951C50239E824209540BD39472A	312A2D20794B5D21EF34F379848DF6BF902A1EFD7F9B49CED1B56FE57F6ED7F6
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Graphics.Win2D.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B2A3EE40907BCB074036975B3A82821A	CFCE22A89F867E32CFAF62B64B96F374B91194F0	2A8264C44927816D73CE591593596C8659F03B7F4E4150A01548246762ECD9CD
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Abstractions,6.32.0.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9780719AA6F5D535C50086681F005ACB	DED7C5EF0C72B34D87E39A9EA62DA20530EBA63E	C09753B40BD5835595EFFCDC160208ECBEBAC8BC051C8E292C43DA48C128A852
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Abstractions.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CA0ED1449D6BE8A585C54600C0A2D3FB	31231AEFE5F1399361F1D1E3883E06EEADC1C647	6455269469A0936F9DDA3D39C7E206B073303145AFF0D7A3443AAC82B1F88197
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.JsonWebTokens,6.32.0.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D1308CE431886C1CDA01A1BDB1769ECC	76BC7D649499667250B247BF95C409B3972832D7	10C4A0BE3E5659E9CDEC858F4C209383105D358FF2477A832CD1ED1C7AC50792
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.JsonWebTokens.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D80E5B3DCD729A742B283AD88DB39510	336130B6881996FF2ECB41FBB81A2C8CCB1F6880	0F412DDA6F2B2D0187B10498B0A392A298702F53B91C0B85033FDE0B98A3BF8D
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Logging,6.32.0.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	053047B210E571197FC901207958528E	0D21B0CAC223C033BD24FA6E8D6B4D6D00C9644F	DF0BDE0EDD560F5EFC5847DBB14B81B17F2B660A655016C4982009A4305069C6
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Logging.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	27B2CA9CFFD513F31AF51B9067BB684C	1A0763D3591B87239EF19B4F08C88A5F0C22A1AD	BAA7520DD6BEC8A8C317CD50612FB1146996E6828F76C96B95A5C8EFBDFDB3BB
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Tokens,6.32.0.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AA0E6E8B21A85292512D15419D421A7B	4B81518E404A97B09C609E1006D4DEDC701FE92C	4AFE357C5A99C7EE63E42E31D1DEF0841C5786202318F1BB3F29B4C3F16032D7
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Tokens.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D323C0B25D8786410F01F614D6078763	26B9C70B4C9CAB95EEDB121669D25CB63BE16805	17ED66CE5A3508E2AD7BF2319864BAADB2BF3222EE7C78CCAF48E21D6595A557
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Map,0.23051.1.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6D8FFBF39496687D381C03913B738C93	A937683C31968C2AC56FB993036079E40154FFF9	7296877C753D028578120F2BAE56B51B0FB91FEB6E1C16983E12497458A1C0D8
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Map.BMessage.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AF9B834DFE5562E9509A3B1112811A27	4BD8721EA99B23C616565485EB5FBD11740834E9	B1A5BFC17DB50C46952719853F68C1260E1CAE327D476FF8F17E5489F7190D26
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Map.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3CD69038137F4E6D5BC7DF1D9C1011D2	1117DA52C617903A48B9265EC588F0A5A2B509F7	F90D11B196FA1B158C9B555030ED058C1B62AEA58B4B6C3300664832E5AB96FC
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Pal,0.23051.1.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DBBDC9D8A7CD618B681A490A4D73FC2D	63D2876D84B54F7C527BE1F888E2C8852AE99937	362EB893DED955D30F760FAAE5B46EBA3CA80ED2A026C4ECDF7C5B3B601196BA
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Pal.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	28BC43E1F03686749DA9E376538BEAF6	DB1A26E5442D253D1E40F1A382DB2329F0DA36F4	96EA68544040C6E5E42E475B1F611717CFBA5C6F30E57D0EFEE630ACCADC2EDE
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Pbap,0.23051.1.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D848601AA800B5F61939DAF0EE7CE9AE	8FC445E911C96B4871D93AFFF065EFD6C0E33230	9DBA4FC256D9E181F21ABCB8AE463B896A2458396C43DEB519686B8C9517E2CC
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Pbap.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DAEAC46DBE7F86AB1ECEBE696D413724	1FD430002D0C15C5C03C648D3ED389CB114157EE	B2C6A47E738E984F93B2746E424E5E0B53B326865D11988AF71DA103EB05C7DD
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Profiles,0.23051.1.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6F5D4200CC0EA3A808975070ACC32C14	1AB1188509B37100D0B8AB786441B128DAF3E7BA	74550C8A257021456ACD69B4459DB76CB9FD9AE401DA18CAD5B37240C57EE087
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Profiles.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A2BD664E16C6367EAB01222C0DEE8FED	B997550470D5A1A3DEA4F487BF2667BDCBA34C80	147E188BD407441A5AF9B3021E262726D319DD6BDD3C918E15056425A62276DF
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Diagnostics,0.23051.1.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C0F525C16415B00D6EB8C039703353BF	47C6254E2F270AD37B42F747E3ACA12A4A1E633B	8565C732D8CC23D12A366B4EF64D55A8BE82D1D57B6C2441AEE65AEBF7762176
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Diagnostics.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5530BA249CC1A3A3AC7ECD8C6FCF5600	095603ECB1B5841B543768F085006443FC9661B9	729934FD39936BBA60827358A5264105D4841A7EE6B2149857B1CAF1D3A6FFEB
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Obex,0.23051.1.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FB7E63E14993559398CDB50CF6F4FC33	B84B1760AA0BAC9556EB6861214406D7E6B1C5B5	D833B283FC5209E165F9F6C5AE6F249B7F308C356350AB3C209A9701868112FB
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Obex.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D5657B2EC407BA2729219714DCBE6ECE	CADF6EACC03C4189FA5854DBC35CC4179FC49E57	E12CC92116860FCFD3703D0FC5081E8C37BF17DA71BF1A540C87FA7A320E901A
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.YourPhone.LibNanoApi.Managed.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	275A9EB3E27FD8B8D3C50048B4161289	A4144D67AA1D3BD1875FDDA011F5489A9D2A81E1	EA5061AFE97AD2A0A886966609B57FB8597C7C71180299E7C201AEC12A7E9AEB
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.YourPhone.Vcard,0.22092.18.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7D0C485F3D74677C3554A7241A4D219F	4F057709CE8070B4E4711F227AA5121FF999C59D	2C2101894AC3C7C17D98D5CEF931820AB88C5C3C18FD7697F64E446E073F8575
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.YourPhone.Vcard.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AE2134F0C095F3927209D2D8E7C15A7E	AD81B93A8E58380505570F74C6C4B855BAE24837	3178D58DCF45B343A036695C9293A09A09EBB8CDAC9A92127A9D54990DD5E7C6
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.NET.StringTools,17.4.0.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EFD76B528764E46CD2F3A2AC8D7E61A1	E0B6EAEDBAFBAD70F34403E2421291F43B938922	702E21D1757FBEC655F8A4C1C7863543F2ED204866BE9E03E2695D98D125356C
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.NET.StringTools.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9AE52044F97B4815F1B8110578B88C78	BD8406A2F6425757C6EF8263217E6FA1916E0952	28939B7734875899D35E33F382D7194C6AB98F78432F962071073484AF30DDF4
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Rest.ClientRuntime,2.3.24.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DF9BC0313771F47C52145F3E52C0198C	D1B78A4753D586B09B241D82C56D43E015526786	D4F50003DDB2B82E244A42BB27A743B8AD9E34713C94DCF1C94248F1C822D7C2
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Rest.ClientRuntime.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	30AEE1673DF89F32C479F1ED83504518	55FA17995B2CCBEDCA3C8EC4D245AEEA92DE7B9C	B1C3D436ACD09542298C9D0F4F8FD2BE656ECC43C38D6F14973ECED124D616AD
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Toolkit.Uwp.Notifications,7.1.2.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	51505782417AD7D78E16ADC764F136B3	0BFD1E004F7B1AE864AB7C5B587968B45ABC52CA	AF237616216ED2961F8F7F600069C4CE0D62AA4F0C63BC7AECFAA82A223BDA61
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Toolkit.Uwp.Notifications.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9C1AE90BFE5B96B5929D34B17CF226ED	D88804D366D4887904A6695A521202B9C39F3819	93CE68643ED7B2C9691227773CF1D1C5E93F6446724C4D11594433EB94A6105D
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Windows.Apps.TraceLogging,1.0.8.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	950677044CA55B30637F07D4E7215CCD	19AE58E893DD93542A4DC2DB8C7CEC010154AE99	CE020110AECAEBD1E9685EF6D107D4A754A4366A3084A6F4F2B66C85D89C7CD1
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Windows.Apps.TraceLogging.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9AF65A9FEE5D576697564CF0B2408D73	47950EDC686050BBEAC50DACECAC1554C55C7E87	421F16B0F193A151D2F6110EA270138FDE12FF0A184F33A089E1BED34DCB5905
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Windows.AugLoop.Core,0.0.230717008.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	317B062E4FB6EEF2CCFE8699D7EADAC0	E797CB568FB0BD67F998F7B50D5786613953D323	EC5E9AECFCC8993B8023A10B21015AA78DBE0CD42059D61CF8D10173AB2E2377
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Windows.AugLoop.Core.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B9F9429B5C708BD68207EF54132BC365	B71A52965F6D6F5D76F2315D71C090989117B4C1	E42EA327784660A909898CA98A250321A135E636AB713077BCBC217E4B8C24EE
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.WindowsAppSDK,1.3.230724000.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B11B5A9765FF6740431A83BF33423C66	237719F2435E4F9ACC94BA9771643C98DAC1AE7C	79E318EAACB54C317B8CD8E83D22269A80921CE004AED0290D18A4B58F11B9C7
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.WindowsAppSDK.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A7458E85638EA3B7431DA3E8F76BC025	C3291A012BB31D668DDD4AE384FF1D8FD889E499	9ADF9371A74DA5F38CAB9BDBC603B854A096820F5BC88DD55A01BCF9A26BDA61
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Xaml.Behaviors.Wpf,1.1.39.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2A869EF48686DB57483181A149F1149E	7BD5E18AA67B3A47275581E2312EE4316F5F7BD5	C7DF63D9D7365BA6F5425ED5C46864F27955F555A9B68E1FEC1D37D35C2C8CBF
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Xaml.Behaviors.Wpf.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	53723EA795C6844132449952EB4C4C41	66A7A118551C963F30DDE8F4E85F53CE65D7569C	22F8E09382D29FF371353C30F60D7916AE44D3B0C2F5E14C08D1DF372E97C325
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Newtonsoft.Json,10.0.3.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AB57FFB905082003718A798079CC012F	A66A5B86AA9379C89475D34D2DD52A945A3DB90E	C9E1B0C9F7491D1F39A7178A983B9A6C4E24036F96FC6088E8A6AE7728CCCEA9
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Newtonsoft.Json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AF6CFE95CFD8321E5866D3C33E8BC326	75D257669F93D7A25F5E9FF966B2FBFD3F26873B	5AC295C64F02FAEB84441A1DA59D4CE3F5C404DEBC44B621D88BEF1BAAEA7389
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Polly,7.2.4.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A3BB6F3CD4C84E252A1962CCD74B97C9	5D7C83F1014E92619EF2D9CDEA05F9F8CC47EB31	18E787BA63C03C6BF02621B5CB82F09BA39F9BDC971EC9A35C9D92DFE0845D93
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Polly.Extensions.Http,3.0.0.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E9EC8133E54C255B1B2DD202CEA64F21	D98B69722053F5A552CF2F6E545E4E64E4CCF74E	43876511FF2969E2B163729FE7FDCB65364F41B6A77C1D2349D396E391EC3708
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Polly.Extensions.Http.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	17904CFC26E170E8253A6C1D5A10A7F8	B749EA4BA94B7BF89F1C5FA7A9CE583809EFF8E8	C40388313987D2E9E7CF3CF4F635535ABE3848A6595493079CBF6F15EA8552E4
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Polly.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	887B35A6A25B132D0B000631021306DB	C0C5773053E394072F8E219CCBF60F8C405C2BEB	A6A14203A225EAF46AE77965A6E487356DB62A74DDB405889ACF79C1AE8A3AEF
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.bundle_e_sqlite3,2.1.4.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EF0BC04A9DF9E634DDD8225DF19D5B7F	CB35260A36AEF87565E03E84511A1BA3C135C767	B2DD533F32713CB54937D95D0B7327AF703448D1E70EB1096FF1A571497C0826
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.bundle_e_sqlite3.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CA302E4C2BF1F273A96CC713D959E9DE	DEE29805B2F636ACF461187221C643F0C5D43971	C7CD6304008D0D2A42F1F0B2730F7496992C7FBE43E78481D993B655F6A06D66
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.core,2.1.4.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DC6E0E1CD991F45CF837124918680918	84986F3BFD5E50029866116E5D405A6EB6FCBD0C	5B7B389DADA8F762D39A9AF51BF6574BC78C18AD49EB6E212FA3EDABE51618D0
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.core.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	172BB2EF8A4BD286549D796525758C0F	CD0654CD5E2CE828B1C095089A03539A16702DC9	01C64E1553A012AB2AA7A935E32C64BB02636231045D401009BDC08AB1368517
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.lib.e_sqlite3,2.1.4.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6A60E0FC77C22A0BAD1A8649D7DC076F	563FC8024FB1814FF49E4CD6CFE44466E3943766	647785E7568330369BC57BCB4700C9947BB8423E408DFC86C3DB6203A97A6AB3
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.lib.e_sqlite3.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	89C9B5E17F604B7FCDC5E2E93E299F8C	AD91D58F296FC41A2A5009739C757D36B43BB087	FDE5277D125526775C95D15B2413B423DF3D70CC6A5903B036D3D733221BBF39
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.provider.e_sqlite3,2.1.4.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	ABB4281B983ED024FF5597A61951CAD2	26B9CF4BA3C3C38C375490EA71D7544E5978D59A	97BC177CDF7117E74BE870F5329AD6AF1730C944E5492E74675385BA1019CBA8
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.provider.e_sqlite3.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	93277766054BE06313029CBA3D06B072	1F3F7308814BBEDFBF62BDC04C806AD5EDE6D955	5235824E5794EA0EDDA0E53B8BAE6A83C31846E327725C872299467828BF0536
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Buffers,0.7.2012.2221.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	16612A06E5D0C9C0F03BB15181189229	6A8306D493C41AA884B6CCDAF38EB71B96A12054	E58C2BD996876B7831667D34516EAC44FA930382347466D4C18996E055DD8329
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Buffers.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	622243DC5CEA65A63CD2237BB73A4104	24DC4AC7D5EBA2B87E0DC57D4729BFA1ABEE15C4	EB89A9AC50EA1453243CD78FD6077D0AB21FFFC28D409796D9065BE42793A75D
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Codecs,0.7.2012.2221.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	14230325D92C971EB1E2194111F80DB7	51CF2C1E6285852578D9C8E0C52685D5900F8776	56F80CB0E5EF351124B38408C02734373EB75E0DDE9DC726D4F741882F68D4B5
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Codecs.Protobuf,0.7.2012.2221.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B41D514D904DAE761E2044BDBE9F587E	73CFBB64ECB0C9D51790E663796C6409708726CC	C18ABA1F79A6C0D3CA599149F39B1077874C93AB0573F159C91B3784EE649AE1
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Codecs.Protobuf.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4E955CC83304D82B75898741F6B2A037	03DEF13B6F1669480A87CD553074B33EDB3E6FB1	CF797E7C077013B93611BB7B7D6B1AD3BF39DE8443BD8387E3B4194CC9A7FBB2
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Codecs.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	28A7E3FF69F974E0E13823E8D4EEB786	1C743927A98EED1E6C177E43BCE30BC115018FE5	65B8A71DAA4FD6EF6A243910BF484C01B684A5213B57D17D5B1655902476E00C
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Common,0.7.2012.2221.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A1F93C85F4CD8F4265D1D31CCF3A4BF8	CC8D6CB638C9DB0267BBD0963F97BE84D95E41C0	76F9D25677AE068088EE61225902DF901BE0E02E89D78F914E4F426417C825BD
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Common.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	78FB7B3513FB498B727AC0AB4FD621BB	25AD38F37F93C538ADA08481E97BA3D2D03F4998	1B7275B1116C42BCB064951F2BD28A97B055B84AA1143CA1D03D09B1DFC82B64
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Transport,0.7.2012.2221.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1EACF1FB6F1786160547B642C5C7A129	9FD4A84D6FAC66B727D42C752B783EAE1C70E3E4	1FB861198CA0705501E1CD795827FA53D1301FC386FC400315F4456393C24ED4
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Transport.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	62B3E092BF175CD770CC3F85E15DF39A	57AC01ED1A5009EF0EF47D36C6EA7628A2B49FDC	B9FBBAB3B65A74E6EEFD6CAC2390A7494B1E3BE682252A2BB44B5084246AE7AF
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Stateless,5.13.0.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0B33763B0D34B86A49FF3C4F059E7A18	C80F537B9DF4DF6BD75F3FAC95288280B3EA280F	B325B9F3A6AD09DC79DAAA723C63DA4B15F06728635E12F3E80402CE868FE0DE
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Stateless.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E06902C4E92DDEE37AAAF72AF7ED9053	0BA883AEECF490D2FEF152DB073300728B5D597C	825DB49F02B56C0FB15E0E624EA05AA8F1A90E8561C3A8D496D869EAB87481B5
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IO.Abstractions,19.2.51.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	35548036B9C132E9527DCF51D633FC2D	5D91C4B130DF865BBD05A5F0731026077F37198C	1467FD375BEAB25535F6A9A633B0C2E187AC1B943B5AD408D346148482E9703B
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IO.Abstractions.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7D1A7FF460714102DA9DE24FAFF476E5	4EDBA5B129E106D81A83734913630E28C0DC492A	EBDFA8ED131E587AE84D22CBCB4FD1FF6E7B072B2062A22600866AB11CABA102
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IO.Pipelines,7.0.0.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E9C210DFDA404EEB0234D1AB3BAB8C37	B3870C3D99697D037DC3B937E6E45B67544A711A	69A2520517DCC815EEFB220DEDA10A51A20056ABE7134E42CEF79B54F481D07C
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IO.Pipelines.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	056CD1ADFFE49B552EBC70F35E612B04	834E7A62AA56A6A4F9871E765DADEBC55C5759A7	0952F1C69BE2AF6BCE8866D8BF5C63AA7E745CB980964A63C35005AD9372FEBA
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IdentityModel.Tokens.Jwt,6.32.0.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2157DCAF7BFA90712C2E7EB8584F226B	2672D25CC7A05D41A7B9935B544CD93E5DCDACCE	84746AAF6CDED606CC1E46EC81C9D4825C37685D64E4D24C31D192B5BC5D27FC
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IdentityModel.Tokens.Jwt.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AFF94BB9D007453CFAAFB5F7AAD6D4BB	AA155A707357C6C997CCB4EE2B307662250DF619	B047D3C383A7679E844444201FB7A164CDC91C3E9B960B83CD2338F641D5D028
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,System.Management,7.0.1.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	ABC1D62D8A269EC4C26D094526BF25C7	E1AA88A1797E3E2924E3A6B500CE03D2027C4EC4	3912288A8B1F09E60829E2B5C8721D18D9A90B18900850EC2F3A78DF1FBA64BD
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,System.Management.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	34FB71AEEDC1DFD47C0BED231D77EF98	EA01D191BC635B9D062F4F7BA8A9EDB24DDA0854	D549AA09B3C6D6A22DAA0DC15C047AD7A83AA6784ED3A9C033A3305B961FB3EC
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,TestableIO.System.IO.Abstractions,19.2.51.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5F5CEB89B489D95F037705634010C7A6	95A4B52FDF6D92860BAE1607132D5789D799F7ED	D0C14270B9E4F12E2FECC26BC6344DB356C9624F1FCC59E684EB54232CA755C6
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,TestableIO.System.IO.Abstractions.Wrappers.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CA8FB9CE7BF48139CB9ADF5932B1D158	D4712B55CCE3DAF07F08257E0F5F71E68ADBC35D	8A7B7CEBD0C1E363BC6E36F3BB61EFF296AE58AD3A1FCBA4BBF7270D89AAD543
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,TestableIO.System.IO.Abstractions.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4E4834642B08583411035C5F79898CF4	64D9511A7FC608D35778271A98AC52C9CC2A5098	A6A2E6F371ACB51FFEF955DF5BB5E1997B3692F11205BEB4CC6F892ACB0F26D6
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP,0.23082.41.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	871EE258F9A7D45A51E01ACC4E1BD49C	223F00F48A79EA144490039DF0064F10BEBE2CBA	5988499BF95FC52D42BC9273DE11FDEC34413FAAF22365B67E1E65FE4FF4B775
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Auth,0.23082.41.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	94F0C4A8EE496A2C9CE51C5A243DC5AF	4348E724295D78B55FA74CEFA73D8C45CF9742BF	F3A1A0218049D7813FB1C2621627E45ABADCE130E1B233C004DF9BAAFECE0AB0
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Auth.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	50F3AFDEBE6227121AE78AB90360A145	306C22CA5117A5DF2FE17B06CFD5B1303023C3B7	7E1E7DD346C708A45A568F1E810C9B29C31922081E514787B79255E58C7DA253
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Common,0.23082.41.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CCF96E01C13DE290DFE282AAB399C057	55A14B68D21B538E2D9DF9169EEB1554EE9B50E5	9A4A7C690DA89316696E52F8FF2DFACA3D2E06252D7C225F8AB8A5EE3FBA2489
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Common.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E2B8F1A569363C0F52E92F8E1628A70D	9B6867A7D503F5AD35E9D29ADE445C9AE7D75DA7	C593C5DFEBCE32713479DD1FC42E648924BF04FE1BA34C6D3EA81F3A5D988144
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Onboarding,0.23082.41.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	223C91FA58AEFBD7849EE21DE0FD916A	2B7320E3A0494E70BB76A2B8FF7005FA3A405E85	7168C253B31164242376832A375FA1A7C23C896E967E3E2AA1502E68B5EFEB6A
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Onboarding.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	84E894FAA5098C56DE61A1F821B47D24	57DF737E78635D15ED8EFA21BBA9BC8A61E44ECB	42F94D5489FC0C2425DC772DBE904B8AEC8AA4FFD52700D00F365D439C8195F2
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PhoneLink,0.23082.41.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7D1E5FEBF84E5C0C906E9C3AEC699AE4	7B74E9B5BAAC87A81094EFCD59928411449E4655	1E7B5B87345FF26831E7F573E4C28CD3AE6D8DCA4E14C8B090D55082EFEF9483
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PhoneLink.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F236B684FE272D325DE4F207BEC2E945	8DAA4B34876F3B04CADD28BDC4BBA273AA9E447C	4A40AAEB873016797A12395F3BDFFD94D5E73B1CD7586F1E3AC140799D488B66
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PlatformSdk,0.23082.41.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0E675BF1DEB4D4E2FEDE2353C08C0728	B0017CBBBA6F0E5750B61104DDAA415552F08454	8CB9BBF48302333DFB8DF170E6914633EB3FAC4484CCD8C6E7509ECB92655A19
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PlatformSdk.Protocol,0.23082.41.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	770B3C198BBE498CC31E43B2645C617E	5E25628DFF7E46DB4089EAECC33A3AD7ED6AAA55	5703FFE183203C4D432C3C60DCD3E869B150DBB069590BFC1250A7F78FCEFC5F
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PlatformSdk.Protocol.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9BD9A92D2A6DFA6C97B3A95AAAEBAF27	240DBBBF15322C7A0CCD3DD00152C9BF04830F31	4CF0355EFED61CD8E030B054EEBA64DF946B7BAAC959A33D3CEB21FBB0128B7A
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PlatformSdk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EC21E1E3E9ADC672947D511A27F9FDD6	CC7A30A326309272BCC47683565E1E53476487C1	A9330E70FDE9A941224DDF2386F46E0284D38F8EB8D48F965D396C8C3115A402
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.ServicesClient,0.23082.41.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BB3411CA228AA45162728BA1EF9A2CC9	7C7246DF8CD2A186F5AED36E7984BEB49B2BD3E0	6E00BC4ACDF4B1647EFDE5DFDA5C4E11C1E83673C64EEBB6B65BBEA05D68F845
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.ServicesClient.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	79546ED83378C05D1788E7980279C7DD	708E2AB799F110E2C53226B528022FDAA908AA87	0199FACA397811802AFF78665B97C8FF23D01ED6ABB842E188AAC55FA1A73725
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.SideChannel,0.23082.41.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	39D1E6D99A8621B856D40698B05290AD	D64CA8627F653AC662321B4F95D039C2ACE8BB75	46E0E13728E685EC91AECEDD8A3DD3B3078311871FA4D3B11026D5A1C453F632
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.SideChannel.Protocol,0.23082.41.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A13BD758E8CFD8C294AD138465FFDCA1	1E992FB25ABAE3A5C51AF86EA79E59144C3B0F9D	7F0AA42FE075B8B2E0552654E8655F5961778024DC0F269265286BF2746D1C00
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.SideChannel.Protocol.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1A5F987FA8C764695369C1981BAF8FE6	1DFAC71C7156BAD69CB2C1B567E1B37C7B36BBDF	D134D7BDDBF1A02AFD8C626ACB0EF89064949F025D38F525CCACAD7D9F859AC6
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.SideChannel.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0DBF07C20D42C23DC73E44152774CB97	24FB8B94C28ABE1FC4B7368CDF4AA640EA8B81B0	5003BF7A6D2BC8DA9520F1D4EB84DDD34F99B26F2B762B8657F883B41F996F2F
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	58634F2F2FE0F01F684435B6A8620710	5163252CDF416AF9463044B6646DDA19847B4513	57B529F9D2A427043DEEB57A7E02402D68611ACA1387E63CE4B48508233FA26E
C:\ProgramData\Microsoft\Network\Downloader\edb.chk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	122A462B260029EECD580F1A14098C76	361A2D53299EDF4B7D6D2DA615421757C212A479	B427B73E6686496814DDC28C24642061B9160006F2C81A8E2D5DF72E6D85CEA1
C:\ProgramData\Microsoft\Network\Downloader\edb.log.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EA138F8B9BF0840BA24A0C469568B037	53EDB8F300A69A062C997F77BFC523539348D0F3	94A16CC4C000C460529B21FBC6AFCFC7CAD446FCEDA2E1216F190509E21CDDE5
C:\ProgramData\Microsoft\Network\Downloader\edb00001.log.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A92942DC80FCCED9A9A95851AFC5A287	E7B9C319BD50646971A51C0E9374FBD4DB11DEE0	6D4F41D48E01AF6AC1321F2D71A5F9BDD464F7E588E4D63B9896DD74E2B50A66
C:\ProgramData\Microsoft\Network\Downloader\edbres00001.jrs.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1401314DB8A6032957ADCD0C5AFAB287	0D96C5F5F8FC64C665C0ED2A10C66F66B26CD2E8	7764CE751A4940D4CCEB7C268198321EB761026C900A1BD3A15443A382AE6723
C:\ProgramData\Microsoft\Network\Downloader\edbres00002.jrs.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	039BB845A2F5DA57B89E18F0F1003DF0	BE79E028AB37917F6B43C50A6671C052B35C37FD	3280C331E77524B28823626F4103B416F14FDA5FBD9F5CC6EAD8FE2D23F7D9CD
C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	00A3074CB7F1DC327B1E4AC9A9BF00BB	3A52599F37AFAE6BED3AD129FE1F15AE2537302C	C7FBD6FAD2DA9A1ED42AFB476A3145A1E5C16AB33BEF9A8A7BDF09CC881F02A5
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BE1DF2B6DBC18C872514272C08B7DE8F	15229F89D46DF095C60E702CC5F609E1FDBD213E	06F7FEF09D70FC36EEFC65AE8280632F4812DF7DCED5BB1CFF5A8B70C17921E6
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B1456E97BA3BF00AEAFC417C3164DBAE	846EC7CED216640A5AFA5F34F240F952C89B9F4C	8D89BFC839DF68667DDFC93E42319C8C80803E6C082DB1D143AF6B458BCB195B
C:\ProgramData\Microsoft\Office\ClickToRunPackageLocker.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9BF9DEF251F1CDC026BB06FBE9088E33	49BF8344F8D07AF8D8281A81B301611962F00F8D	E456432D49965B29CEEC67C67849C12ABD16AD7AFDE36B3F9AE04943A99EE9E9
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EE6F94253453D44C6DD10BF37E746473	E3C86026C7CB7CE6A99FBA83209A65B061BCD25C	2B8135E893DF3C1813E4505D911486C172C1AC9A9518B169C1738DF87B595D07
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A70CA9AD360788AFF07ED3DE0FB04654	7163CA9C7899E4C1B659B1EB6978BFF213326E0C	06A5981152B830CBBFB017E90E4D37B19A492EFB19FF3363D8B4324F35305D73
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.Crwl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D87F3DAE7C4B6081C3B16DE1B2EA367C	F7EE95057A96C8B1310C1693B38584EB9E16AA01	38F463ED6359CF79070324F485059D367EBB1CB0958746EAEBF9B240E173A2F9
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.gthr.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FB02B564066B096F69703C1D0D5790D4	CC82526E77748AD39AE72DC9F7472B9152222A6C	BC28E9E080559F454E62351A96B2183955489C21BA462D895EAEBA4494871EC7
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.3.Crwl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C49260452CDE0684C523585E12C8E853	18F6A9F1F1C538CE7EB13AC34A583DBAF7A39877	5D8BC0CF2F9FE267640DE6E307C07B7FB8FB849E696CDFE059AB1115F16E2062
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.3.gthr.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B8D47490AE5B568055643481D298A0BC	FF6CD79C8DC579AB7B463D36409161F47DBB3833	246F769CE099705F92FC231A5020E722403BB65378EF5DE967A198F54D2E4343
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	45EDBAA2B3E95FFFD6C83D50BDD478EF	7907FA62EA65C60715FAC95C34F255A9C5AF6FB9	A9BAD27770B4DDB49530BCD9869845643789395D7171084935FF74AB1EB41430
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F22B0CE76E7F33187F2F75EF4F7979C4	FE7E994C6DECB3957A9F6FB195FAFE4244251BB2	A3940CD347990F48DAE08A117625E33AD6B170C851B5E6A66D0E7A3682405016
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	ADB4450EDCF1BA35A91D83F82AA439DC	316DA012BF48C2CD84CC6F9384003095BCA345D1	30BBE949077502642C54A181AA3E0D0DA2D7D747DC59C4B66BFB6F5ED29DBA19
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9ED0268CA97577A1580D93FBA7C12870	8619274DB6D0B633CCBBFA8327A104345A7FAB56	F1677C9A85C415C0CC6B0E94085FA1FD6E56C9B475BE07278CB2C03BF736D27C
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	95C4C27D230EEA91A1C7779225137310	732279FAC7954CBA6644242CA8AC8041FE78A8A8	5546BB20BE34C285DFAA94C5FA95F7651594F5E351DF299E916A6B0479E59CBA
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	24B7A774998BD768255CD74CB5804681	ACB8B52F3BCAE9CA909453FBC54E03A0C5467AE6	E3458EFABC868B4E2D3D3DDB81271C4BF1867C96C149087922ABE16D14AAD38F
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9C80A6E122B4B7FF339EE75E78897A8D	5E4230470993203C707C65C0A05E2762E189745C	BF7E660FA373F7C16B4A384406BB15C1309E8B26EFB84C3164A419B26985AF1E
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.jfm.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4677FD88EA8E9F141EB847CD4656A5A2	952BE5B84EAEFDC8A495E1D7CE52AE6ADEB7AC42	643FC38A129D987B20C5F7AF4E9B6A37820C1F80A7588AD8BA1CB49AA43E5BC8
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jcp.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2F45DF4AE99EBAD4CC01D12FE682A9FB	E0C7BBA2847601A40AD39A07F1D6BB22582E8460	B1A1F1BBD60A2B6524B3F667EAD2DF86CE200583281F94227721AC2410D58504
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	167F1FBBA59C3D5C01032B72B5294985	A3F3DD08D1D1E157DF88F05AF91B305E4306614D	910CC87CAEFBCBD0EF7540CC8AD35F6047AA3E7A34E9B75B6DA36C5A42EA24BD
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00012.jtx.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D05CAF7F06DC7EBC6E406112A3B5A394	BB87FD5E0AA1F75B79677BB0EEF4D6791D79BF7B	B1EED6009DFA2584D9F811EEF8D72F92C705FF3884010769BABB6759CEFB6C78
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00013.jtx.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D44B53A2E7361DB8E086A2AD29A31464	CCF43F821E1A1CD11FD635023D91D3B817897059	7C0B629A30AB25C9776FC80AD6233FCA66714F7CF5E7EF01D25C9B215BEF3AF3
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00014.jtx.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EF6346456906BB2EDF01E28E4B04C02A	73EBAA734F54BBF11E57EBBF1739C2EF3454FCC7	31B20D4D09125B4B00EBC8BB0F4A8AD02CC668D3E76D4C6376590D78B98D0C2E
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbres00001.jrs.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6D7D846FC207314C976845678E173EA7	6A17965CF5B79B7CC271BB7207574D7B137CEA45	674F44956DC110672B8BC74CBFBA18416FB6CFD532ADBB7B36C82C318ED37AED
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbres00002.jrs.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	49D962147283628EFD6F024858ADC012	2AF2E9EB782CA7BE882E0B70CA4D08F330A4D949	B335767F00954E4A3DAA53E1D2D9A707B2AACF7190D62D200F7C7FBBA775B861
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbtmp.jtx.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3B3AFD6190DC1F9385A951C189B0EFE0	367AFF1CB9CCE67A0552FF03FA9C1B2CBE713402	A945144FDB057627460B09BE873D999711B15F4F1EDD2CA9ABBC340ACD676012
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CA25A6FA941E94F99F88AF1A89C5EEE4	2FDDB19EEC8E4ECD351A77610AC5DFA50A0EE671	08C0F136BF6505F94DABE2A42DCB83890F0FA1561494DEE86EE6F6777E0E4FEC
C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.db.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D01ACB775530930EC22A06314092191F	FC82C8DE08917D44D5AA498E7158C06C556BC966	30CA8556415A25DC6025D49B8D173174A0C157235096E285955AD65AC0A4633C
C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.jfm.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3799BE3F78187A88E08C2BD41BD608CA	B79E7FC577AB72416922FB839978AE94F04BB46D	3A6958625BFDF880DB59D7F555C3A2EACC89CFD26620239AD099A2040DC3D6C6
C:\ProgramData\Microsoft\UEV\InboxTemplates\DesktopSettings2013.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DE6FD019815313B21014CA5B1D0262EA	FA926BA604683D1EEEA306D2172890995ABBFF98	E7F72414949BC74EF0832853396B54F34CEC625BF0F251B53D36769A60421E63
C:\ProgramData\Microsoft\UEV\InboxTemplates\EaseOfAccessSettings2013.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B6E8283BDEC492F7166ADA474DC69165	49AD3BE1CD46EBA03D9B63F7412D477BB1CFF961	E0E8EA0C4B2CDF75F7217CCAFFF4EFF1EFC7D11F82275AAF7AD52E127FB87F0A
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0C59955DEFBC74309CC12D02DE83C857	C1C5E0A5F99A3E2E4B0A8DDA29E531A25403127C	E86240B68ED3C8577631BE566C937278530F4D81494B233DD9C2C83EAE556C35
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	473B849B0CD7596EC395FAAFCFE4EB17	CE0AA09106212BD520FE1515692D298952CCF249	EFA6071EDA62BB38A232197697CE72A07F003684AE4EBE03C9E73E3A7E0FD7F8
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013Backup.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F9B123A2E0886AD3B7B8CFDA6A207E1A	6398378CF27E3C67180963FA29904361F46DCC19	8F51A6B2C782FC2E96C6F75B7EA4C0A38EF89D0734907428298DD6A1538E1726
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013Backup.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C66037F2E0111D0A628D86ACF391B385	9430A991ABD63F94BF885A0787D4F55D8FC4B66E	0201F917861630DA8C4255E336C0FDA9C6FB79F806D84A184A975878D55B4881
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2010.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D48A3B53AE75B5C08302DFBC3BAFB222	2BBCBBD7F6AD40392A5411698569EFE161C94C56	9DB5CEF14DB68F30AAB5019D4A9B774B6995B03D525D2C0BC19EE0BD8E50AE28
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2010.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3A472BC27BF6CF0D3BD5887E7F21A510	C4E8FDC479B56407BB8028EC097A6919C66020FD	2983F90B7DA3CE6789117F6F517577BF56AD7BA4B87F2CA0C066C1B1040966D2
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win32.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	98AA8673F9814BBA8A265209FA403540	7F145F1C6C93314F2C73604F690F01130FF2F409	55C9BB9027B05D2D1D96BE81AE5EA3EA527144E43203525D6FCC6F36A5AD0DDC
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win32.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D7188750335086E69EB08EF4038741F8	5D2B9C669AA4EF84F4967CDAC934A240A979A0C3	E52F946C46C51EA5765A27D635C688CDD359183DC51B792761CC6C6DA5B785FE
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win64.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BA4FFDA9A3C35927CC400F44638BF6F6	18990EDC77530DF5360A8633D935C9BC594C36FC	15560BBB436CD04D330B777B434C22DCF1B6C49A3E33B8C7AEC748373A5A85E8
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win64.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DD578D1B4FE5DA85CEAECCD6BB9D34AC	0010848C0DEE96D850AE71F212A565BEB0FBE0F1	EB77E2DD7BF9836ABFB1E97AEB1158FC04FCD49FC5D7A0C9B3045E74AC5A1767
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftNotepad.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	69E3E233863AF7D571C1FE4A6522E4EB	061B7801BD11A3584792189EE8C64269AD7722F9	60A1299BAF471810EAD7EDC526390315D0DA5898A949A82D404002D204DF9BFA
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win32.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E7AEB1E5054C5670EB49ECDEF860609A	180AA959B5707260B6CC587E3197D9C90A8FB70B	837E036D7DF405034D052E25700E03EC7D8B3E4CC9FE2379005E508720120551
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win64.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4BA245A4D654A6C74F0DE04FFFC241C0	1260A852656B177B3AEEC3D38E196D8D95E0C732	10773FDB8FAD626C9EEBD477A8DB0F5667207CE2385F38B893D997922FE61BA8
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin32.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	553D21B68FCCF5DF6A09445BB0A568EE	943A7F6A3EE00AECC1826031BF4C90081D05C4FE	3754D0969E1695A35EC985EF1AAC6EB4704D9548498E3A015F5FBADC7A9598A2
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin64.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EA58C7832E48F20B38B530AEF0ADBF7B	2AE3A4F6D6C3C9BED6A92D43EB5C1DAC01155BC8	03BF21747E26CE90493D8598ED5DF306381860D155DA1F3DA02EB821C0E3547E
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win32.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C4FF3CB4A24B473A7E4FB1A165F9DAAB	A189875ED4FCDE50EE8BF8D45DF9D301E4091213	228CF5AD7488ACBCC4B5A8D4C9191F35F19E4C95BA150AF903E0E22D07B9304C
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win64.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0880A8F1FF100DDE256552D2FC6D0FDD	58B49F4C4516CCFADE54470BEC94F05239801FDE	456A9515A65EAE258B739A38EF04A4CF601CCC2767939FE85ABBE7F1B8167DA3
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win32.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AA15E220E8615ABFBF3EEF47395750CA	E3F2445D6E0B181010D7CC6EEF999EEAF46D2EB7	B990564E57D134CE5BEB4E8732835EEDD030F6291946FDB9DDDF4BA08D090E6C
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win64.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E658F7C50F9123E8C910AC0A82EB2247	67B0C7E2DF39F6AF2920E5BF1F7276656A988066	1A00D1E74576A6D957817761DB04988F1B7380B2E19B0D3FBC91A1E33A874595
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin32.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2E7AEABFCB2547DCFC6EC61B2ECF7D23	2A994BC2D3A523C9AA872A82C7A439B44B3D1D9E	909A2307BCDDEA90DEB0A41FF3A1454CCE8FAEBB79F43E39F8C2C45F4D0C6CDD
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin64.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4FD3F50A685D47AA8DACBA4DAF5D536A	617FF8E3E24D9A4A95E0D9F6EE5200E17A866D65	A26B5F6AB07588852C26B398505E1A9DED44D92B7737F04A9E8401974A6F8BF5
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win32.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1B670F9A942FCEA543AD20428105B374	E24906CFC7EC059BDEF675C6A4FEE5C724F1B0BE	3AAA5F3D61B805DDC9E4224815EE91CDBF995C88F498628E5A802696D537E0E7
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win64.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2768399C75263089306C9CE82FF1C885	3229E918D64B212622C915EC20828711EDC070C9	C7106F5CEF143C4F89DC90EFC5EFFB11A8495D58F24623F8FA843E32F0232189
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin32.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	52B5F87D0CF99CB25CE153AD9570F5E9	F5F89AD3C19B5D87E1CEB2847E4E428CF6F45770	52D4AA3A108D28102C0BDDE98BA33724C535C93E1853EFFC182AF8B9BFE6524C
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin32.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B688CC35D10F7061A1EE3F727CD4DE26	61E264C520C7AB109CDFA62F65132A4999C3FBA6	4946E092A0452D916DCE477D58E14BCC5601C4BA3AE9135E38C1148FE94443F5
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin64.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C4772F102004D54355B8C65BF20F97AF	52B91232435360D7D9C54892E148622238D161FB	CCBD9F5F014989C48284101D38D6555C6DCB8835F0EAAA3D4498B1522808C446
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin64.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	120A46E0F11908F05389EA08DE412B8A	1E58A0E32EBE0D7EAB1054D5EB85235AFADC40AF	15C18655BD0D0F4130BE1048A6519B51BC6FC6258BDC4032C696AC7A3EA71235
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin32.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B1B520D6B266BA454F501CB8F6029D5E	CCEE3EF5547195211E6E89D7D3220E6BD981F199	EB5A3E177073F7E73034E4869843FA2A2C0017767B4792BB40A7D76ED1BBF125
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin32.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0D207F324E1AF2A97125A9F7F86E41FA	21E01AF5B584B570BE57BF0C6B52F0C8326D5CE5	5E8DE24945BDFC82F149ED92E16C938AA1F015A427CFEFE79B6C184E65DA916C
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin64.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A27ABC7068BDFAADBFF1013CB9A2C6C0	4DB4B95650326860E5ED9A76DF16C08C6C6FF28F	EA08779BE017527991FF0FD2C99AD02E6093B5D3E23D1B183C2C1DA5F895F64F
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin64.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F16F51CA7D6FB0F28B011DC6D6983BB3	60BAA6B24028EB1E6A54D0F7A949F2A2209F4EC9	5405A788EB46687210A10640F66C6D7556E46625717024E522A15E8B1DE6BB6F
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win32.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E2F964719AF7D37AA884596C642ED65D	EE0D86F88E11D4059B95F165C34A939E132A68EA	117493F1C7DBCED475DB125CECF5B9267CAF12FD0427BCE9CF186F7BC2066F06
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win32.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C0A165FAC8ECBD9B46C75FA076252CFE	B945126AC04BFB8F04BAAAE46A7051665BF892F8	FE8D9B5B9436EF21F1B56F6F7C5963905CB210419A35D3D8D23913AA86E17213
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win64.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BCE51A651FB660BB7C6DAA4142C1FE4A	0EE7B82E53E49616D1796D6C08B3E2C1F3CA6493	B79FB01E202840FB678C4C699DB9C48A173F341FAC9C7FC2C6774D5ACA305688
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win64.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0FC7A8D2A0B02505857811EE2AFB9EAC	BE60A95B8E1574C9CB1AB77049FF67E428E717A1	8D5CA7B8D3FA4C790882C87B2A63E2BFDAE1C755175A7D50DA0F4C55626F9DE9
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftWordpad.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	51977BDA67C8701B34F1B47138925E24	639A1ED44F609F42636F1CC5F0D468F048425E27	E5298ED953BD266175899EE492D03FBC7194A5ED3D99DDB6DCA39925DC849F87
C:\ProgramData\Microsoft\UEV\InboxTemplates\NetworkPrinters.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4B9E12B5412807A95879A207AF66C38F	055E86EFD5078E555388030B5E816B890E2DE6CF	99C1DD983D95C8484112C5983801DFE95F622C46FAE581F7CE93D41D37C7949D
C:\ProgramData\Microsoft\UEV\InboxTemplates\RoamingCredentialSettings.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	855F656CF85AF87F922FDD414D8C2EAA	624A10A66C6A20F1D67078F5FF67874CED8D030C	B059D6900ECA6E786EB2F4FA62B503A1BAAF3D043712C61F0E6B9A8C0A3AA469
C:\ProgramData\Microsoft\UEV\InboxTemplates\RoamingCredentialSettings.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	75E65E944293C7CD0666879442A18FDE	0F7BE939D9EE1731295058A3502169D8D0FC0CD6	DD98E60376F31763E7BF5075FF2D42FADD2A6FD5668C0E125CF431F92845A731
C:\ProgramData\Microsoft\UEV\InboxTemplates\ThemeSettings2013.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9A01CA29DF0C1E79A1C2A7E6B455AD7B	DCD9559A5DCC9C0DEF65E1213112EC71C2EAF6C5	8686F82F00E79D4E6D48EE5FFDF985E2C888516CF62021617AA8FCD2502F5A40
C:\ProgramData\Microsoft\UEV\InboxTemplates\ThemeSettings2013.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	03A67362D5F2D804D4D22FEB4C859CCD	68B8F5E3B25E3247855ECC72EE9853B7B3A27D4E	A1845D835A31EC9045CCC9442EAC39DCBF0E62BB47DB774A427E77C133EEDAF1
C:\ProgramData\Microsoft\UEV\InboxTemplates\VdiState.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D27E257B977FD8EA28CE3963F0968435	DDE38F023235C058D44782EE194EA6C31C983815	C22E402D82D29BFFA270BC6F45AF746398981DEF2D218E299E9D070DD143F0AF
C:\ProgramData\Microsoft\UEV\Scripts\RegisterInboxTemplates.ps1.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B343FE9058AC7E3AB342DEA3E1D3C92B	576B1EF679C1F1F497D676F0FEF295B302405909	03AD0B1C3D7CCCE540EAE5B985E3AD61688E11B9A79804618D531C98553CBE29
C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate.xsd.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7D5FC266570C84041F58B30A9D97BABB	C2FA7B2F0F5D817B44B88372D69F23CE6D4DA69B	2B497A8C457F7A6B2003708251E94F5D2F639688ED73294A5341968D305C733D
C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate2013.xsd.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C2603B1C3DE40EC091088B6EEA4B3058	1156113CEED474683CD5ED3322B2C63C872718BA	8456CBB4103980A28A6373925988E0281D1ADC02678E0A2B53422F2D15116C82
C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate2013A.xsd.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	374357286876F937376705885491F732	FA52FCE8119A10843587C7EFA7E855724E93DD34	BB3FF9924B7E4CD1F9C5EA2EDA01FABB36D373AA18E4B965DF7BE16D94F08794
C:\ProgramData\Microsoft\User Account Pictures\guest.png.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	ADFECC25420F9284576CD227806625F7	F821AB8C4250A91CC39D45534D1497283815E715	9763FB96FBD1CF05D0F5017778972525AA631E1BDE3DE74D55B08A7D2D20B603
C:\ProgramData\Microsoft\User Account Pictures\hardz.dat.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FCAD27AB3107B257DB2F0A0C9C5FB09C	C92FDD16167C812704309E6775EFDA83F1EEE94D	5BE976CF35B5D229AB1183FD1793321BFEBD3F679D7A336BFA8CA39443FF6722
C:\ProgramData\Microsoft\User Account Pictures\jones.dat.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EB31119B095AED9926C9BAD566D19373	F3776590536400FD3A59460955381A9FE005F707	8122881423CA6115F12EA4984802BF2B71A48DCDFB08E6013F1747454EC69D48
C:\ProgramData\Microsoft\User Account Pictures\user.dat.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	00684F3F2B08C851A76261CF90D9B6D6	BD63DD43B8D051C737B8EFDDD797B7378350CF3D	5F28B545FCDA2713CA412B2E6D2426A4276ABA65359627A50DDEAD1D5BCB7433
C:\ProgramData\Microsoft\User Account Pictures\user-192.png.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	80304D008170BFF9D592DE9A8992290B	FFF61464B67F58534DBF4692084CB1DFBFA4EDEB	FD91AC60043EB2B5916B033204DEB9D1EAC37AD5F65102848474002609EF3073
C:\ProgramData\Microsoft\User Account Pictures\user-192.png.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FE544BB5BB202A85EB3B1BAE7F172C89	5C2A852EB73792D71491EE85AE0E675589B08457	7C659E827252CE6B0280CD9D500C4DF19E067589C59A17E45E5F2896DD28D7F5
C:\ProgramData\Microsoft\User Account Pictures\user-32.png.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	63EEC9722870613BF401225A89F4488D	0F3AEE362816AE09392BA58B76CF5BDB20D25A13	632C977C3754669BD4955AD2AB54EDEC7F4EEA79A91C79289DBC16E8709847C5
C:\ProgramData\Microsoft\User Account Pictures\user-32.png.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B19E917605CF991C1B8C2ADEE3F4024E	DE9AACF6722B133FB4BD5F542469A1262E37F336	2EC6DE91F501D2A3D2037471D80D7AA6A202FF175A4F1472D62A1010A65801CA
C:\ProgramData\Microsoft\User Account Pictures\user-40.png.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	593DD541AA2DCB9B03B494A455406AE9	58BD7858AD4027938C3E5529954CFE21931B3149	B01C56BE19E8BFC86EF7C56639CF4B4E040EABCAC68F261666FDDB46D61984B2
C:\ProgramData\Microsoft\User Account Pictures\user-40.png.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F627DCC24D5EEDA5CC5C8162F926AF22	3E179091B0542763F4EF09C960A50289CA53E247	99351032739CA23380690CDDB4D82476AAFEA06BDC2DF349588461337F7580CF
C:\ProgramData\Microsoft\User Account Pictures\user-48.png.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0D99451A7FD623A851E1E49563E1492D	AC1F71D915960139E1286434CEACA5A260AFF9C6	A503FBA2989F9652B9CD9D763EF0A6DE07596903FFEDA2B2D937E18568E4061B
C:\ProgramData\Microsoft\User Account Pictures\user-48.png.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	872068487642D47E9FCDB48E12313ED3	457E1779AE60AA9D4E4839784FA949971BB10F8A	FF78CBFF001C2BB28E7C6A54C024F6F0653F095AFC296E90AD86A65A0FB6767B
C:\ProgramData\Microsoft\User Account Pictures\user.bmp.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7D72A4A8BDBE836FF97AC9EA80C2786A	C6C1789BEB5FCE57C331ACFE4376935BD2C5294D	E6F54BF0358765F219545122B9236E76616EBE617BD598BEC3EB26CB1F16328C
C:\ProgramData\Microsoft\User Account Pictures\user.png.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	06E82F204E60A670AF9CD0D601B80BE4	63C8D3EE038D5E1DE0FD658A2A600FF98B362C2D	E5C08A9FF1586239711DBA94905C6A41C5C02AC4117BD13BAAFA5743A1C20A1B
C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3888F1FB08337821EB4DD7C1500CA8A5	81A8C7AE5AF03E49B90F7AE7CA23891CD7FC89C2	7EE782735C2164B3222CA29949FCB7751FCE472B228D2EE0737978FCB801E55A
C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EB52A4322FA480F2E134042FBE6596F2	4E31CE8BB85C3E5F1D9D94CAC890ADA5FFC88C42	D0E3EB1F3E7FA9D1990AD1143FDB468D261DBF0A9A5AE269A7B29B54E9D0268B
C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	359232A001097583922CBFE896A80A45	5231BC2966A01AAC1993CED22719FFBD8ECBFAD5	9BFB76E976EA625667D393DB34F35E289B0F985A09C22FD2F0388F9E62FFCBE9
C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	46A5122A84D5D07DA2BA8193560CEAE4	DE34666CA3DD646FC6662538BA9B39B8AE37D6BE	B107B5363536E97E443E44F1783975A9B141E07D17D66E3D7DCD818397962B3F
C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	ADC3432A0F9C2656244D7444855DE287	256294161EF867B8C4DAF639FF33C7F6C862E52E	FC2AFBD87B3BA604EEF6FB2A36E96BB3796DBD801E7D7079BCA532C721DCAE7D
C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol_.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	949E0729A05AB3DF105E7214EEE7A71F	7D1A0548B6A610AEAB8EEE8C1324E03C6BC43CBC	8B08D42EEAD7FB6519AB75C2D99F8312097F77B7150FBD0208D5DB43296F77B2
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpasdlta.lkg.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A6032B6CA9B5D0CCA42A024CBCBCF580	A7889DE215B789787528B706C117C46CB4ACBF4C	08CEA98BBBC55FA8ECFD67A1FB94B09F6DD2F71645478A3EFB105D779C6A578C
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpasdlta.vdm.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	16C532A4C7728FAAA0BB83313FD91448	3BDF7D59628D2D313C07B575E8D19ED487D81876	451FD171C1DF384386191542C0943E776A4004F59FFB28F2A9E0813513300DB4
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpavdlta.lkg.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D90F2014EB3287BD858199B7E81B2A0F	19F06CC8457A46D7FF6AD15F606F2A0C692737DF	F2ABBDE49CBFB7E9A5374C7F1108FAC70ED0CE529B6B45491C6D8ECFC03192AF
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpavdlta.vdm.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CEFFB4436ABFE8692C2AD71A0B40E13D	CF8A794BB0964EE44DED46384B51FEF3581F1283	41B21ECC32FA2E23C4B1A60C6E125B5EBDCABC81CFCF7E3AC136F6292B65DF8A
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FEEA72ED5D2FAA7603D8163574A1EA2B	3CA29A938B392F032355D1D9E9A6E25E23F52900	653F423EA3E06F82E1EEE7D250A8C7BD56C24FB36F073EE42384D8376231287B
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.lkg.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B7F6839CB9CA8B159F0C58679A507271	3592AB586289B20A95EF758B34597D4FE37C26B4	BA5950A9F57A096E7B98AEDFED0273DBAF5C7BF6C3187C50B18DFF0FD0D0B574
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Catalogs\IGD.CAT.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6880421508A29850109B1657FADE218F	FA77FD6D5BDD45080B439653B513C32AD3E8A65F	F907C02F1926A1CC63CAFE82A5D124E21DB81C6CD92C9177A726D243C70E1A19
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ConfigSecurityPolicy.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	96C71506DEDC9E575D2FCBA96E577EC5	9859E440F6E11EC3BD2842B1602442B16426EE86	D3C0DAD6225B5C1E712F2202F64C3A39F159C3085FCF6D491E3FCA2EDF45BED6
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\DefenderCSP.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	23B725346EE4CD00C4F618B92BA0FD3F	51E848AEEE95C070732655927EC8ACA31EBDD29E	238B9BBF0A7A0746976001A7A92574C65EB51790D2251733EEE7A12161CCAB4F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Drivers\WdBoot.sys.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AE036FC664177E8F3DCA315CF8D677A4	D5E3E001790BA50C09FFA344A3415518285F0B3A	4F4AEB888E4F4280AA6701DC2B6240E039FAD007DC85065D82569E680CDB3C05
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Drivers\WdDevFlt.sys.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	618E925B17CBD74CA6F7866326C2C353	0DE96E91F2777B46B63D346233008F0BAFB397FC	245ECB443DF6230C32768ADAF07625481667195EA44E33626620DC736740D845
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Drivers\WdFilter.sys.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F277EF09B42BF61EF2C64BED235C7F81	3D342391FA05952CF616B2C622E14D4504BBC8F8	F5AA35A07336852E02843102604C542AA7E91014D1C75EDCB68858506B21C18F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Drivers\WdNisDrv.sys.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EF0F07315CD567A7CCBA8EBB6AEB4D57	EB68468D8A6DB99F21A2E1CB8822EC4553F4927E	958AF7B8E20D7CC7222C2289E49911E9B43261E39256478220651CCA80DED67B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Antimalware-NIS.man.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	07BB506D5BD6B31857C057E0792FAEC0	9A287445B8F780181647621D5211A735DD61C456	E5947A00F545F9A915BFB1EE9D7F7D58F0BD080939AA58280C78715EEDE15506
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Antimalware-RTP.man.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	973DB2EE6E881A1DE3D9058AF6CEF465	5DFD7D64FC3C623AE4C0EE71FE4EA57273A115C7	26D76A62ECE1BA404848FEBB1F76E7EDD78C0957BA8343F823B7AC1E62057C88
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpAsDesc.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FC1DE7AB71E8A89F2698A03BDC76AEF2	04D2517EC689BDF1D6D0E500E8627CC47E56EFD0	E550D58E2288B21BED58EAE28645E00A854721F86700BBA6B44857EA4B73643E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpAzSubmit.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B3BDA35D0F8E58DCE0BD928E8F7992CA	06A08EFF65D808273815179C9D1648928309F4C3	3433DB15CD4845588044C235B00CFA10D1668A7296EB13C3FAC6DDDBC4D7576A
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpClient.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	97DDE38B2D59F29D3399A3A0B9BFBFA8	B476D612C328F44AD06F928263B19AAF6B81C981	E619A0813849CE817351748E57B457C07A1D1D01E918E0E16B2C1E85F2B9FA3C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A59B87370DF16B481EE1117B4BC7F45C	FA2760A3A344727794F59BB458FE2D68DA925295	6677B9D3866849321A53F499F7D5468BF39D749861E241316533A369E4C619F9
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCommu.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0BAB7321B5F6D919B0FC853C6B7CC422	0BB2C59953B900EFD70509FA51C6D74B899B5345	37E9D0BC68D0D978A30250C13C4D3B4DCB37AFC41A003CCBA2F261A33713C929
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	44A2EF7E4FEE68F67CB1D1DB3BB42272	B21F823BDD95B27730282D3ED80C4A39400F5941	7F81B2FE5F950A71A3B730117845CD3844FA0D633EF22DFD5E86817ADB817929
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDetours.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3D6319085EE8CC3E6880E6BF457C78BD	A40668DCBF270456A7B0A9323C3D6884E250F293	D1C171994E08C38DA701FBF312794C0E557F145419FA73F16C5F6D679CBE415D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDetoursCopyAccelerator.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	985C1A9C088D4747F651A7FE35AAD96A	4A8749D2EF2E31D8723B834A4FAC3556330363A1	9176519AA6409EF447D2BF33A10CCE63C6DC2C0A1595822E9139761967FECFE9
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AF5A22C69E1C0F05ACE7A575DCA9610B	1E4B44E3D5C2BEA0940E59DCFF3D6B43858004A7	5C6D00AE14DC8313ABF6EA4FF7F7CD95D24A17D19ACDA33FE9B3B4A54825E612
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpEvMsg.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2DDCBC66D21283F71C149DFDC1770554	48D590204C3DA5A15D4B6F43B14124EF4A3A031C	138B07D49E2ACF52709991177D38BCFC8FAFCF87804544FC726C551AD95E029A
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpOAV.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	68097E0A8EAB9B86B7F30BDC134DF16E	5473966FBE6FC9EA0D870A878FB80369FF93BC58	0555BDC84BDB97B06E62581F49AFE188D9E0706BE8B52949EECCD47CC03F30B8
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpRtp.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6E00C58A9DD6045139F239D4001967D0	EAC03C59E2446B553AE709CAFD7E9CD68694CF71	3B7E20C461030FD56CF0B066EC75C97576264E842A5CDC3BA579B11FD0B8EF08
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpSenseComm.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6AA78B22AD70F6FC4C295482FEB35299	98E3F3056B8E9970E97F6D46B961F4C1A748AC95	CB2D093945F33E71917D9541774F83FD628E3D049CB9F8EE1E6F7C571ACB55AC
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpSvc.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	74556983544657D619898EC7464B9CE3	D6C34FBE93403B1FD7718DB8216FBA8F69C640C3	8B79BC3E4DB5D96637DD6A5FCFDCC20D0D83199B2143E13011F7F8A10AD9F613
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpUpdate.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8D6251437D025F6D4F8AC68A54CDA08E	FC4C4ACB1C5F5D56CD7F4819764A14F2D81A2932	635FF4D38BACAAC2D8695B5F6AAAE92DE84087B3F5F2A8AA0BA4A3FC2ED8051C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpUxAgent.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DE6BF0A0A062C696745D339958EA53A5	85ED87A145DE359E46E3BC7BA3C9BD735C4B440E	A47A3D2930061E3F9BE74036C94E6A659D2DF93291CD3C902FB3C455A24E67E2
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5FBD10BF1A7FD8CE955BC9110B0239D3	10192477391D8C8646803FEB23990FC461D1E2CD	5B0C72AC39240FA211BB520D7D8E48C645D37AE03BE4BDAA3D6001B7A0F9CEA1
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpLics.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F95107243E0A10EE4573D1DA349E7AF6	5D5A292740D4E09FFF73C448C2A254C455C5F615	E0866332E47559316A3C23AEF389B45DFFFAD8ED20B6EC4EDBB30DCAA8909DF9
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D5A4110E8E39224383993465E97F717D	753CBF021326A9A3000763717B24813E78227F37	511093F511BADB70D7609AA9CD8D97EE6F3475BE370F5236A5BA476B085D267F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\Defender.psd1.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0BF6550556E7797A250F678033378457	639AD2CAA24A2AE256AECE02E52AA958510418D8	C3510AF8A0FA6B41918EF813ABF97B47C9947C42E2D7B2FCDE42C48313017EBD
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpScan.cdxml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F7D70366B3BB46E9ABA89D44E8158B91	FA12D97B592F0F0D22E1CD07DD3543D968E6EF96	00B176B4CC319251AE2F814D1045448D1C427B1C340BA08AC6CE12E914CB2926
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ThirdPartyNotices.txt.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A24FE989366BF29DBAB3B2CDD5C0CACE	3EDB0AB7D5FE94582A3FED8EFF667D3DEEF84EE1	B448CEE14B611FD1ED1FDEEB67ABCE5C187714F688ABDA84EB7808568AD780EB
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpAsDesc.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CADC6A9A518B4AAB338F7097467BC3B4	F68A05241B2E3545D6DF2138220837EBEEFF404A	F5E9EDAFDAA80A6524451E1E5974B80BB139F4F3D4CD537B949C08B62A728F27
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpClient.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0BD801BFF5A528D56CD3FB6BAB40577C	A2FD20C8933388AA88C3A53CB1ED6AC37FBB5AD3	1CE6FAC452B35721A6C4C97139C7021F63051B5EBD606D2763B871E22E44BFD6
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CA981A06022946FDD39C5148CD3BDAF6	EE7D2D388D4C6AE49E2AE4B4CC0EAC6B72F14D90	25B08B2B0CD4D559FBF66682E61CDDF9A3ADF47A91D36BC981F498D22137297B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpDetours.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	18814EAFECF0BE7AF039F9F29708C069	86AE60A351FF8AAE98699C8339D22C662F08A574	F5AB02E4FD9EA49ABB477ABCD6F5346BF8073FE682CBC829F6FECAD4B4380819
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpOAV.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B77E13172F33032FDA3209841A25123F	BDA7D4BC8376C9E5DD4DA391FF22E4FB8D73E4C3	F9387474DA1446F2580AE4FEBBFF1BEB4F78221FE83DECA0D6AF359093A54693
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MsMpLics.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	92C2426607A7E8DACEEDF6574F94A5B3	411C0862C9BD9E1DC4B42E20184259557F3E1B15	5B6BDB145FFABA09DFDA1A5CDA045D40D2F1A42BFAD5E36AFCFC1594B6F66D83
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\en-GB\mpasdesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CF418FD2C725846DE155149D8FFA2C4F	2AB8FCEEAF176A037C5DB7D4EB7D564FB3F0F1CD	1FD9D68237A92C79A3A6EF2D21C76BFBADF010136BEDA20B31069B4FBA6FFEF7
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\en-US\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6F225FEB432B8513AF3F1BE7497F34EB	F2193D7D5855DABEEF9E2DF82F2B8C05BC5A740C	D1EF801EB3DAF9E5846B58A68F209D52BD94AF2AAF5B5374BA05E9E1B80CABF5
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\endpointdlp.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7431463BE877C5AA7E2D5C35C69B3130	1F58EACB4EA2F62ED2646BCCE503520799C9A2DA	584814B05079D52D029F463A173B0F717A93C2A6D4462356FF113D95FC8EEA05
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\af-ZA\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D7C968E257E34E9DC5E6D85D2EFDF1DE	A09E11F1C9D995D733ABFB83AB92A318BE2A48AB	AD8F422F75B51A87CCC9DFC947D6B9299EEA0C93B42F462F1358F579C6D9361F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\am-ET\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	23095D7CFBDAAEFD2FD83BFEC30E2686	3DFB07BC903FE5C91414A9503CE104C384193962	56E561FA1460718A76C5EECE18147F9F0737F2FF2DBFB4CEF017C6E80A8AF002
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ar-SA\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FD5F9C738F0F349A3D72F9B5C3BB0051	58334798D88667822FDF3F01152F1D2A8D239C64	3989166FC9BBC6545CCD142B482FFAE26671E5A1D6139835D59339255CA03864
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ar-SA\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	540FAFF6188B225B29EDA1CAD1426B3D	C72138E8EF166967F1DDF66C2F33B6737DCE073B	8751B227D7CA1FB631AA18AED4FDAB9785A90EC51145E34734489747D93ADA97
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\as-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9024242A9560CDFDDD7CDDAC9B6D5541	10F404BAC46FB1423A825E9C3DA2BBB5A0EE196D	64CF3698D3EBB555D34546FDCE9259C38999AB3F841FACD2A633362EC22B81B8
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\az-Latn-AZ\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D754CB41A63F225D590705D627918050	E77FC4C9839CBEAD0201B95AC6837715BC98E4D8	B86A6B6FD24A8A71074F72FF6CE23CC09103B4073CB637B1F2C8B30CA732ECB9
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bg-BG\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	18CE6616AF6A86A8CB9BB1BCF183E05B	D5CBD67FD3B6084F9D6AD5B5D377BE780B594F71	47057B8C30405183137BD7A01042CAF6A55511496E310F77B982CE265224CF94
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bg-BG\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	34C49A6A89C021060FF3511452BD85BB	EC440A2D582D01EA20540DC8225061DF20C9EA4D	AC96F359456E49AE8BC79C8E61056006DBED69051AA10A0C2F5C9DE4CEDA45AF
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bn-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6AFBBFF1C89C09E9039461E8B902A3B3	DDF8097ED35AFEF757F0481EEE492006664F66BC	6AC84A9087B526B4E263C2D527C3E5A74BEAED559259E8B180DAC7AC2641AE0F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bs-Latn-BA\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0062A53C04D373D7F0DD26BE692A1231	ED9994B5F4221ED5A9C87C351AFE0DC7639C10C7	3F5752EA247B05E199CF973BDF757022DC3892DB7C18E0F438E84CD51274BB57
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ca-ES\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F69F07144AF23D71DE06FD4525C0984C	01397E501F51D60002E29B97620C45DAA65DA7C5	9FCBB88A7042B59053D0CF3053BDB9BE61611EA247AB784332AE77A8ACE125C7
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ca-ES\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D5571B230E258A79AA2243019DD771E5	0977F9D274ED3CD06F74E0A0E7E4757EFA3A429F	900B27ECB182D4799BCE6B71FEBFBDDFCED2DB547D74827170DEAFA4B04C19E3
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A444CF3AB63AA98FD2B78E333D017DB6	9B0963A935BF88C7016D2A920F7158A841AFBCAA	E41ED7B590E596D2BCE238C8607E8C62AD6F4E8F8C2AC968207035001D743237
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D18FF6E114314A945790615D10BDD005	6283B11C2C0724C52F6250CA62129D548C9632CB	D00A9BCD566302C83BDBF63961AD1F328E1A631814882FA998E3F7547C6AA3D0
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0913743D3FE1E7BC00D42B97F480ACA0	F6CF0BB38EB184903C49003222A4C0B6B68C45A8	F3DCAE188BE26A5B01D683C8401923A82ED7EE1A746B828E045F6D329A72A5AB
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cy-GB\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6AD4C393A49DDC650EA926DD3D5F9CA6	3496AE115F676CB1B9EC2E10F14F9978DDBB44AB	2C0207D3BE2C70E1D5BBC5E595D0FDEDFF7DACEACAD819267686F89D9C6BFA09
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\da-DK\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	425568F529AE32414FDC8858142645E0	4414FF9A2B101931C2025E5E7A7CC1EFB474501C	57C74542E2F0967B5D0B6FFF49F94049A2A144CC5508782C1FFEDE0AB175D6E0
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\da-DK\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5446C692FEF18F3043288C5F60AB0960	D65AC56670FCD37497912761906AA07B53D0C9BC	3486903168B310FEBC6FC0888904BE64D6630BE56BC3B2F9EB378982B557DFDB
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\da-DK\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B8D5E7AF3C8EC95C2A7B73C778108349	9F2F2D690A8FB3FCB6022878EA972DC002FF7451	67211F3B024F05670BDC74C2B45E43495C9D9FEDFE0AB0B2B08987FF04745DEE
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	693C726AE2F994D23A17704292708E9B	78176EEBC56ADB35A7C51EEB3126716238E4F6E0	3613AE1F87B8F2352BE77582647FCFA612C1699498662F795C17025D3A4353C2
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	65BC4AB52A0623039F84583FA6F5D24A	7460B515661C299471A09BE3C489D1EB71F40801	ABBA9B685B3D9F3625BE99A9E3C8E1374A0B2CCDFDF8D168A454AD6969C7DF1A
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F8BD4506C36CAC950277E1076C5542B8	A478C619BC2EC8C984CBC5D0A24EAA6E08FADF45	633073DD2C9C2DACF6ADBD94D5D37938A09869ED4DEC02E785107513181178E6
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\el-GR\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D8A3EA1F6F48FB71E93CAE7D3A2C18FF	8694A21EB798F78DEC9626CAA9267A498134442B	F8E22F1702EBF7F050003277D8750F70451E66A4BF48083FF0DC190DF4A8F9A0
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\el-GR\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	971B3AB8A8A9524982573604056378BA	BEDDA1A746C74A1B17C148226ED0DAAFFF7FCBA7	5A95DDCB75F6F98365E39511D87FF194BA7E20DC4007981049D6BFD6CE88CF4D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\el-GR\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	365315A6972DB10F9FE64DF34C2BC1A0	7075E7A764D56D65D699EA602B7DE3260BB3DE49	C718E82A5898E23DF742B99E60BA847BCB1238604A5956E3242E99478D38E9DE
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-GB\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	464154F1ED4828E84E39502161D55DAD	9250D8B0971F40C49EA57F930BE48526FBD71EB6	126B51E4A946913A156F83D3A6351D66CF943828F3281FC8EDF27C3F6362B63B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-GB\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1CE6C235020ED765EE411346A3046F8C	B58C8B2414206F9695F5C9D262A323C4A319D8D2	ED196602689EECB1D4DFA2E3FC5D1681E08B183D3506499B9F644E948BB61320
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-US\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9E2AAF549D997023254E174D6C355FD0	240B5147899BA62781E65C771B4137DE65895016	2BFA9C194CBC156083F7C7318775F2B6499BFF565F9D2D6327BB0B0FD7B9124A
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-US\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	80F47EF04C083164B240139E2023BB4C	C19A4B2D72788092FEB013C011C648AB62539019	FBA673D3658969CB5004478356F58113F9DCB5D47F3990E930A6291456EFBE25
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-US\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4B247AFC0152C01F449546BE6C140EAF	BCE990BCEEE7FF36EFE958AB0766E0ABC9A9B136	6994D9FCE7D9772925E18E655B911E1A61795B48FB7927058244BB0211340099
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\endpointdlp.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E3F9C99F6C9C82FEA872B3C2A9C35337	E1BD386763ACEC090BF63E778578B71BCFBEA694	C3341DF0A046F8D9F1DB55D1208BD533FBA07D96976B416E449482739F6ABDAD
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FF78654C7EFD316B2150C45F50941763	EE1A78BE48D908FD8E5A139B882310A86EED85D3	4D4C195BB2AF990B3373FBCB670ED6F91FA4486692EE937761E16884F156B8E1
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	39E36C945309E5E39E9E13949E4DAA06	1F8EDD5FF5610F3B84890D12536B2F94EEFA7CC1	A3DFA0B06F1888D7B720C8EFF3071E6694A05DA8F23B3B765F12445F339C1569
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3BD99D0CF8BCBE3D593ED67BD7993D13	D7F773D50E1DBCB2D7300BF88D2BCB9464F390BE	89AFE35A887BC3508583743CB94D5E0CF7276331F825B6E59FB51A763B54849E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-MX\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B7DAC2E92F5735869F61AA752524B65D	6F69FD66A0D5F432677F958F19854D8B6F7E0ABA	FF9D85DAFD90B7F3ACBAACF457E6F7027F5DA8CB9101E5AB33F9E8D6E5934B6E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-MX\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A8F73A38CF039FA67F95D652435A9BD3	1C5BFF2C94C4F69ABD7E752248D6C17F1F6C3FD8	22FC4480D774869B3779B3221C3835B4EF8531801D599F6F1B0C9CC48E616502
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\et-EE\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B7A854A75FD8825583A2735E4F126A3B	67AAFA5067AE796D266D69C917E0F04EF00B5A42	7BB7C9F34621F26BD739699584DC67DF12EFA17CC0A9406654FC36148F311359
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\et-EE\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AF9F5AD660A8F2D15BAC225AF8D7864D	B46BD4C5DD358934A8F72B7C44BA82FD8F20C3AD	2F7499B08A3E5BA80B34718002ECF538BFB124C7ADE5F8E5296BE8D3B1E3E2A4
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\eu-ES\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	743E37C36262055FF4B75C70593C9BE6	9F2675DD2CC09F4A5E1A222BED4EE2E0ECABC719	3FB94AD9F5E3E515CDB1DD2FD5CB2DAB4A88DBE944ACE1C9B7B1913DD843DE61
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fa-IR\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0AAB9E9B8EF01832AF6AF50727C34F04	6BFAF008BD495B6A70A94B824A29ABBAC68BE0DB	9201DEF3518D884F9721B7E00418225B992429AC79BDE0449985185478EC586E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fi-FI\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E6CC1AA7BB3536CD0111F5BB9076857D	261583180C284038CACABD809D33E92DCB7EA316	B51153FB0AE5F44B42B4C88FEA69A10CD8DB063DE786765404D4F6671A0E7F9D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fi-FI\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B44C291EE123372D3E8ADFEEF62CBBBC	0857F8D225F86072F1FD62214B5A1B4E284DBC15	A87D349B80CFD59BFCDB8A74A9AF2F6C7BDF07A6BE31F59FF71216C20418BE1F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fi-FI\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	953B9CAE3FE1D67C103056B36E496114	56C342F7BC57672233E46118D4FECD07678EB055	D4D8662D48C1B3BD5F568DD498ADA73CD7DBA787E2EBDA83CE9ACC15877969DB
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fil-PH\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	45DA9B66866520BEB9A771226053B82E	EBCD293F6AD9C1F2EA242E4010C885272B29B92F	6322AB7C45D07175F7CEAC9CA061BE13269C86D3758DCCC58D1250C53C724184
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-CA\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B3D8C30BA3EB7ED68E7E47A8E01EFEEA	A4D665870F90B1E1830547E020D0DA595E893904	0619F64DA67A6EC437C6BFF7B51BAC1918F070BABEC13099FB0FE4398BDE4C82
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-CA\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	04D4A1C27AFDD833820E08F0AFDA4622	8706ABFAD1ACE5106BE67F133218ED7784922A96	0B7D8C79E43AA4B5C7B99E17989325F9E15E4C7B878A1F1C95225FCD451297D6
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C7454584DE377D54C61EFAC7C4BF97BE	C6F19B9E77EF4F91A40EB4E9C5BC277538DCF95C	34D5D8A8163F3DA7DD5CF3B132319C78E16AA7049E8EEB1D95ECF455D3E0969C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2BD586A4015F9E95DCA5C2A19CDBB0BB	FE6D1437FEF0185D1853EC77B4DB2DE69B5A7224	A00C5D2CBFFFE8CE06715074C731B845B113D4418298B1597426FE1E517AC67F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FB1B5972151A2E4C643A4C42DB1F4E79	71A78A5A87E979150716A2A0ED5A27A88C6AA268	2EF9E9D3C6980CEFEEFFA861F5BCDC62BD4DEBF33C172B89906A28713F47F2F4
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ga-IE\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A7BA1F67801365291A88A1FFA979F414	C91991B1F0994B6D04B880BBBE9FE9EEFA87A902	38196A81A1D82ED731EAFF00020103F8AC3D2F48662C001599206E7D56C522A2
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gd-GB\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C8F4627DF402CF532E5171A68D1C48B5	D49981E5F55FAB46AB56CF143A32CD4B488A93FA	64CDD47DFD5F2EC2249DA80B67D3C546BCB09723F7B08C42165E1BB3926B692B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gl-ES\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	809A1176140252F4AF083D2A4C2DC6A1	B6E1DD02F8E7244D38F4376FEFA1ADA8FC40C4C9	25263605BE45B0615CBB86DF1A3B5361BC103E94BFEABC1AF4C7ED63CBC2FAFC
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gu-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4DDEDCA934B7C256E48BB045205C8CFD	A4F54E84F9392B20A0486A97A47016DE4566A8CD	C170B45DA71043DBB5E6413E796F4926EC9B943B1B4C9AF199A9AAF7ABAEC645
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\he-IL\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B6EE8B563ED00E037AD5816537D4E9A0	A9235A68D0FB83693E888B898CD092108B2DB0E0	D7DFDDB9FC00502FE26DE74DF4941F70ABA168FD85C0342065047313519BF90A
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\he-IL\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7224C437C66ED7C732DBD23562F2B771	7B9267ADC65A5B39EC1CE238433689034B0E39FF	6969007630D0ADCA52307D21B2BEBCA979C8BC2CB0B99FEA9E3DAE8D988C09E9
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hi-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7DC798D8B1944C3EF231A56F088C31A0	198E95595094FC2EA694EBAFBE4B950E6128FD10	57D942026F77BFD82A0B717E76E6C03B051F982750361A6D09A304E700A8A2B3
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hr-HR\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DB1952161D6E9159E46A582E8A414E00	2B0FEA67B3DC5E966C3411D9076AD2B18BE00068	6D913A7D0CD075BC4F530C0F13A8E83B62CC25BD27CCF97538C85A650B3363E0
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hr-HR\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	62C0260C4D069ADCE465BF3F5612E4EA	D665AA6418CBCD6F141EC776D719788A2B0E5DC0	3BA1EA0EF3FAB591BD7EA05861E3019EC5E266D44B01B4B07039EE55CEAB6BBF
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	319C7FFA2324A4BA07C8A7EE3D8D9109	7DB45E0F25C659B28AD81923C75AE9BA26BB392D	072F3A3ACAC62FCA3EDF168F4D77D14F0D3B646DE41C5B5E6727BFDC21F97D47
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9705206BC49E11A4B03E524307BE0863	069A7001C82E75E10D552E42A868F7BA2DAEC14A	38BE0597E9A4A7987EB3B61E361EE4797E28FC167508AA37C74502FB2AADE81D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	55E696B60CE1AFE1F3A479066B8679CC	A92736B3D137D03E701F522DE48AD4D4EEECDB58	7AE3B8CC81B7BB760BC5C2871746375FD40B987A69ED7A076D89CDE3A4D2C5A1
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\id-ID\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C6BE9C842605EAE2DE0CA247ABC811E4	768B46D4E5C27BC1CA80D26141923CC264578B26	D6BF312F187BA21A9E9AF56FCE501F1B18AE070F6DC10A77EE2F5FA2C5746577
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\id-ID\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5DBF3ACE7E62BA0FA928E6FE7822C52E	052B362D5B5D13436B3224988E6240DE192C798A	B977FF0DFCBF8011CC6DDCF6A36F50A05B91E04A1846218A5349813C1E54876C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\is-IS\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BC014A77F2F3923785B90CB65AF9752C	1531868AD3A469341683F71A5B779C9B4C133863	DD754F7AEDD3F5B6F93477FE33894DBC92F9D717A10658F19795C116FC552416
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\it-IT\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5D5AA96B68716BC5F8CB066B103ED999	A547F8357405C226EE4E235F7BAD02DC405EBCF7	08AB7DBD73C4C4CC3CCA2E0067E6F892954573975BDBD714E070C37CE271414B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\it-IT\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7055A21FBC2CA34C95BA3FECC929E7D6	C688305EA616E9807248D0E93B10A22E05C50112	8BB1FFD5A999362AFB00906699019D00AE2B36F9CFFFE5221554A0A43A3ECC7D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\it-IT\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0B1EE20C39BAD933A02B40947D79E415	C3E34EBE04C02FB811737041D194CC35DD0E6B54	76BA595274DF68456154CDCA8B05CDBB79599FAEC432C462951A93DD5E2A7A2B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ja-JP\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5FA5C719AEFA8F644F59D670D9DFC8FD	6EEB50236AAAD1DC59159F3972CE3A03EC3BFB5B	67D856803FA537E2647E7F0087DEA389EB6E2D8AEE6E3895B23E56E6353E7406
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ja-JP\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7FFD2EE2CB6318912ADA055C239383E0	799AC58C7735B70C30D66D6874ADBE254DC59363	506EB2DD5DF32B1759A04BDF65E34403E70F694934200A17947E71634394F41A
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ja-JP\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	41683CEB90987387D8D3B1904802FBFA	0AAD4C75BC8776357151338789CC2BDD9BE38952	3630755A37A41192F30836D4DE579E9F51FCEC08849DE82F8829DCBAB03FB456
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ka-GE\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AB49AC91B51809B75A90D5192F4F845E	4B2AE540BF3B6E0CCA27FCE7F93CD1DFC76F5700	2EFB063EA56A74523DACD8033243A24EC1616CAE1231EB3A2A7B2CF943E8B6D1
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kk-KZ\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	74640C0C47C814EA41AF2323BDD2DDA9	64189D6CFAD86AF848E5940CAFE7EC57C44735D6	FCC3460E1104A4AF02106432B8DCA607652AB54E96339E2F6CAC0F70A8711C4C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\km-KH\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A2F924A0D69D0E8DFA54943B8571C3D6	117FB05674233DB60324ADC75925F846334A7E53	C21F99B26633CAB4633E60B1CECBACF08FF277D0A0B0BBE3E8E7F46F8B3554AB
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kn-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8350EDCAF88D1A7D9C2C55E96B6AAD3D	16A75EA5CBEA56188684232FE8C72D1E4806A495	C0E0881CF88DC78212D4E4BF85167B58BBA4B6CEB7780F650AFE671D4AD48250
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AE51C3682C579E7E9C3A732B8BD12B92	3736D370E78FD27FF5B8D42FB2D9E8C0251E47A5	811CCCCB15C60DCCF0A5525FB02F733A87F6CE45DE3684B8ED2EB9C6C050B482
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A39C39975E9C4215BFD25863EBBD6611	E9D81A2C7414B98181598DD1E7509BE8BC2CC2B4	6B0F28F590A8A5FC36FE3FBE503544C8473879A69DF67DC1EC5801AE014222D3
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9EBD98BDE1568D35F3256B5A20877132	6CADA8AADF416B344AC160974D105BB959768283	6118481C864D9F46C45A5106254BDE73793FDA365859457EEA49677DC03C54D4
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kok-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6814B621085F67F4718B74DFD6B09B0E	901ADFEC944602AB76AFC1370AE240257F052BB9	F1B90170315B3B402BB7922D6AB1434A1C9EDA51DB7C933B75FCD2E559FBE351
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lb-LU\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EF6C3A2A9CF1A0C244E1B53D19F5D302	EA8F38BFB7E34505E9F8C8EDED1E93D5AF6A80A7	923CAD8C2B08840A9E3487799C184D7F59B6947BF88262797E6A8845D429FA74
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lo-LA\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D9539C8F74E2EEDBEFEF035D9F50825B	AD426BEA953A1A92B943122A74AE364B761C1F5B	092DD01574E23E344E70105948AD9891B50A30637787D5334B79B7EAD4535C2E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lt-LT\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A46C6FAA0D950A993E9947125F1F3C12	796BFE6535D985476CB4264E1D17A5EF512CC31B	FF51A1BCE3C055476082EDC451B7B563DC6784A3D15BB9BFAF74373F977BEE0A
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lt-LT\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	25598C61F303BCF9C8E74A139C5F5006	4D8435627E3AE667C89E6098316094B4B2CF5D6B	D0F218C698CBB3912C42657AF179FA3FEFAF87EB4F2C67C3E71B68D181C2427F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lv-LV\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A486CEF451F665013B932D849F24D1EE	B31E806A6156A95A1A5440627C12E1018FCABF00	02E8B921265BB9F02F7350355CCEBBFFFED36693C1FAC186C04A3E78FFD22EE8
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lv-LV\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D0D9DB7A270E5B36F3E5DBCADC26DCEF	CD6BB68EA91161CA8FECF06D8FBAE93EB311AA59	618AA8BB41759D2986D5F8061AC3F7572BD6DE7DAAA6BA2D28C9EF0040FE1F6D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mi-NZ\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	78BDCBFBDF9A137296B0EDF51BC8F091	484718F95CB95B4F010052462372991E89F4A95F	2C0C411CB3DD91F830F4C23ACC4D60FBEC670F5B93AE31AD66DC2FB26738AB19
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mk-MK\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	08C98CE080C6C3430B66F07AAC11A3AB	D944EA94B4CE05294F5CE5508FED5A8DF4A1179C	2844DD0DF993CBE4BCEAA724150D8C5223A4DF1246A270A7BEF67F919458037E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ml-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3711EEEC739A0F562EC98D556F9B498E	7747BACBCAE60036C347C945E34F0DC6947CA586	5E5732BE1BF657509B70D4AFEE6A9FD5282A42CD9147012523C4805D11674AC4
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mpextms.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4CF542849D022EB7A783E1D4ACD94E02	F458A2FC109D453115F6090ACA6DA4D284F97C97	CC728A9C4D023C87ED5DA61BF2435F9A3C7925D427AC90206A9AFFF08B65A7B8
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mr-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E3EFD493151407191F09405326B6F32D	FF2FD1B6484B01327ECA0BE436CC6F9CCA2047BC	08D3BCB7F114DDF296D03312A59BA9A93C225A44183C256EE7C22B964EF13CB6
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ms-MY\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	856855534133A3385771E42BD0BE478B	FEC82F2563482FE4124898F21E680C49E5195ED3	36B1B17516472D9EC4114EC81BC52E2CAF29DBDF64CD0E72552C9D4FBF5603AB
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mt-MT\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	058DB4E1E4AEBAC0C8901C2469A6AA14	4ED685DD17B9F026977ED4CF38C6154F870D211F	A30D058A9737162F4C99A446A6DBB7E00DE7373516CAA4B260679607A346C8AE
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nb-NO\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AC74280A1BFE8B8BB5FFA5826A8C84D5	BCBDE474AC9480DDEBC5A1C2CC369B8787FEBA77	8E26439976435254DE7658D14B588C4E4002DCECDDC1D302878D834F057B68F3
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nb-NO\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	61D8AE4EE069487E80AF05BADA1AB9EF	CB132180D24CA045FCD9A57A2EC6839D594F37A3	FD172FEAB75B64B2F9E75C4091ED1AD7B97A4CD92557B65851092B17E8A81ADD
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nb-NO\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1CDA77EDA6D5781FDE3DFF6D7D14A9E7	044EBC7EF2AE08B52ACB4D19F872339FC8B53CF1	7457F53F93C64C23FE0C3511963520C8A95EE2CEC8711066BCC36B7243D85659
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ne-NP\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BA17508B62BC4408E897EE485258D8A4	3A1B59F35B5D8E5E84E263E17467A2357E9936BF	3AED95AB51017AF7A4DAFD6FECC4812E8578826F0521F963C6C13FBC5E3B2894
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nl-NL\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	04977C053A5BAA5824505F3B19A2C271	6E928EDA327E1FC64EA72FAE67051764A5F8FC40	3C1D04BBE2A56993E74BD37AB029DAE4E9604AE52631DFDB3FEEA1213DB59A5F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nl-NL\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	90F56CA3F7445A382B59F8ABD77CBF19	0CFEDD0993CD6DDE547BE96F6FD20212F307988B	0E361E35EC4901605FD73A826CC4F9F39B3E92932AB2779743D1345DE9BCCB2A
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nl-NL\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5FBB433A0D065AFBF4ACB0E7445C24A4	330119C68CA8F86B840C9C2F70E569CCF52AC117	26229FA7C02AC36B9F903541EDC000AFE69B37AEADDA2C4D9D3E97CCB1625F7D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nn-NO\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	00B97153E4DE0EECEC497C3B1F897266	17738CFEB28379B1563E42163BEF6CD565DAFD19	B988E15B5F37B47C6D02D101D7DB9F6A31642B0A11F04A172B6903DC6E140087
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\or-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B171B8080989D87A448D72DE5A7FE381	3B860DD25F625791997B65B2302755901145694E	FFCF74A50CDE919E72E360D807FF51A88A212003F6F24FD6AFA7482C1BAAB5EA
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pa-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	98604BB46A17DB8242AD42DC8212720C	17BE5E7A2EB6981FFBADAA14911319B22DD9E441	ED12D986D59BE0AF80460589FA2ED565E14B75C0BAA04FDD275BF21F418DA083
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pl-PL\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9432D9494247AB1F42580C61A868174C	C55DA0BCDD0A808ECB5EF6E51B69EEC47D243E38	B6F941FC3938E7EF4974D7E2C10FFD2494FFD91C1FE04759C27FC810C473A9BB
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pl-PL\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3E87ACBFB5B3763DFB6099212420B953	5F95730CE4999EBBF36E9AFAB3050A349529082A	BEF117DA8B7F48A94FA314E5C03CA7A1EF7726CCD6458B1EBF7EA7EECD320244
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pl-PL\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	789FB0FC805C2734CA4E5FAB41E2613A	F74A2ECF5034317E9702F59644FF1C885A3E7E76	0C26F2719A8A719947EEA36F7D94D1D2FB5823BBFB86359616573EB925796E69
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ru-RU\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	202AD6F303D0B54A28C6ECAC7263CB84	6D5C0939ECFA9B81F81B30D6949A963D9DDF73B6	E12645311A0A8753F0605F936B9B6D4C782F3D42100994A13D1CEC585FEA5849
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sk-SK\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A5B822017C8DF44AE1F86FC40CD41223	783E148BF01D7F6AF4C816D2F9D35B75847944A7	BB447389B2C11A381B3D04B3CEFC08FFEC208B96341C19B7BEB2258DB2B50819
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sk-SK\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	75FB16EA08FA9E1AF7EE993A59CFE075	AAAEE25A4B350CDCA6124803AD4BFF65A0C35032	5668799348E8C8E1DB27529B17B3479604AA82547F676DFA2A6D9BD048938352
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sl-SI\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	03A29E93C32BC5FBF9D53970020C8AAE	4EC264A16FFEA2F57887BB878025AB2CF7038D89	DD70977911DEFB278C77E0D784A22A333FFC41546CC4C6506C12AE71EA892772
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sl-SI\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F8D2AA12BEC653C2BC64ADDA142E3968	D16278D77C8589A45C275E3603959B8DDA4B13DD	010A81C4A87160770D288714ED126D94B865A845F87BE306352E817CF653B765
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sq-AL\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	240F6F0252BDAB805CC1B198F0039C2A	8D838DAE380F8C012FC100D9632216E58DFB90AA	977FF68D55AC051CC9F33DD90D14AA67BE398C29A6D68843BF08596A767DE86A
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Cyrl-BA\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0CC50AF3E8E28E688D47A24EE87593D2	CCDFF0B46B657085684623E559E0CB82DC8E8D9F	9774B970261BE380ADC92866DDAEDB1D0BE94BA36768F5762E974E2E314D63AD
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Cyrl-RS\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	663081144A44D2593FCC1B257FAF83F2	3AB6494012B239BFA058F9D9BDD455AA3EA02597	A2273801350D41FECF856EE576DFFF4ACAC743CAC5C129675BECE810439BBF00
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Latn-RS\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DEA1BF2F1792E2E5371C7D236529E465	FA1B1D599DA4C6723C05C5974F53F46D5E8AF163	C407E7E1EE5A0B2D42476EC7B86D2CD91F31D2EC40ED364168DFBDA18989D66F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Latn-RS\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7CCFB457F7899DD03B938015E24D8829	A13565ACF17C50B28513FDD997174461BD1C343A	64B51DA8B6630BDA5DD49C196ED2BF9B38F31294D606035F58A1E67B71E55397
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sv-SE\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A5401FE82BBA6E3AE771A37BC1354A22	8A27BF86946E2AC2F1656DBE5A990B350A769792	11E4F1EA37D25DC19E5458A704500D907C1585F8E5026A892873972FB0D90056
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sv-SE\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DD4534FD8F7C9BF05FCCE4A883A24950	7233BC1A73B4D099EC5AC7E598A681D2ECFFC249	02E64AD158B03126D0C6B3D0A29EA1C8114B41108BE8E50692D4239B0A935435
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sv-SE\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DAAEFE188A9CE3E8E5BACA0DD69FA25A	D8FF3A1B97D1A25C5D117FA69363F369BC4B2CBE	307DD3090AD712BF60EB922CA3616639B8F7EE22D74F2A95E80A61C92B896C32
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ta-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	157E8FAF9BBCBB20AE3E130BFCA5FA0A	41A582E2908DDA3EFF4B00C2F74BDF60E86ECBB6	A327BF8FE21282E2DF9369434E638E03440F79A2C2289D9AA1B63E2C813EA5E4
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\te-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1EB63B263E99A2DD59DA9A21B555D512	F6A9715469675705BEC7A8E3D8012FA9C9BDD0A0	C678CF830B3E41F6EAE84FF5E60DA8E3841FDF73911A3A8F1F9F64CCD31762A1
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\th-TH\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	26CF3A50FB246E703FF6C746A03E9291	1831A44A189B6A6D26A1E795739ACA47FCF506A2	0A1549E0536B5EA687EF30FB48409A3887604FC21110561150F1C16DE3C40DAD
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\th-TH\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5BE3891C6E9B58C57FE9632C1D10ECFF	C76357E9F8FEDADD5C77239E65B3BB12652EB80F	91FE3EC0EB74994D036F8B24DC6ADB4A18BCB912082672BA32109F09003E0CE6
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\tr-TR\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8726228E56AA4359DCF9E3A0EC26C528	DADECD11274CF474B06277336BA86931473DF7F7	5528907CD1C18039F521C086756AB731B1FEDDB8BF3E8C3651C6454886D3CF79
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\tr-TR\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8A8C62C822B6A1E99131B45CF0EB08BB	66CA5810339B656448473A86C59D3581AC2B8DC9	1AAF9A0F36D442BE476289FE02497A18B59BE2968FABCA89E23B73443F6248B1
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\tr-TR\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DCFA49327E45DC7C8E5B03F8C956281D	1903FBFC62A821810EB241C7B75D13E9FC7DC043	D2E5CC4AA76939A150AF72C09AEA4B3C8B9707D3601643059AA780407F5AA9E7
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\tt-RU\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1C40B90D2213B4FFDA6E5F39C45FD876	63A3B856663BA2887B86E7DBE3C963325DF5C409	38ACF8E1C3996780A42F44B0C102B22FD0662111F9DA449616C80ED0E1CC4131
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ug-CN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4DBEB0AC5E489814652BEE6DC5B77DAC	DAF5776DE2E5E770A75778E58F637E94C887D689	61A284C755DE03DC876A3500CCF1AA27F58A4D038782DF23EC2E460770763C58
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\uk-UA\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F271E6F52643087379EB340925E219D0	743E54FA9856D6AE192C5942451E9857E68B9B35	CD7A75923863546414D3F53474C327E697E79F1BAA5BA503EBEC4DB3E494F521
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\uk-UA\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2D5B35B708230C230B2E8464025A1BF1	ED157C4712767F2B981A35CF2040FBA5E9C02920	B16D451438FD49E430CBA7C72930D4BC4131D20C1421FD67DBAF256D8AAD8A07
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ur-PK\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FA0BC9CB92F7002CB09B4339A80DCF10	CE44ABE20A42D3262B388DCD4B6F72E65ED9F6AE	B7ADEFB0BC6F175B584636406F1932AED47C8D9F78E2EDD0F9D9431E128C1067
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\vi-VN\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5151A27919D024FB52FFAF3C11D55E1B	060AA58D45EE03C047A4529ED7673301734595D2	DE2CB55AFEF32D4526D888411224C489FF50CEFC9583C103A10DA9D27AAF3361
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\vi-VN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C9DA11AE84DB656E2D77B4B3029E43BE	10B3031F5202E761B2063B57F788FD8B60C2D367	D337FF0C88B806E83332860F192DFA5C292096923ECAED0787E59B0198E99388
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-CN\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A49ADAB804916F0EC212C0796E33B5CE	5A0BAC0E5B87920C6A0891613332957435E83C60	C9C0150B2A06233A88DFFE240AFEBA6A28995B41CD6D8A7C2A23D7BCA08A841B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-CN\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7E7B12F8E6B69BA6ECA1147E40B246E4	C3FE0B8D106DE588B709988AB4C31D681815A2E9	B98A99FADD60450D86B928D79C6CA75323C51C44F98ACF0E289F1C5B12B2CE71
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-CN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	193992ACAEE82ADD0973175FCFAA7AA5	5F735C79548F73B123AE780DD6278150A8FF19A2	6258EF2D1FF13694F1A94D421DA0443A8495BF7996FB80EFEB89DB6670DE6719
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5F56D41F06FA5EE812F05425A03540F5	0BCF8ABA8C6DD309DC02051112360BA7E76B9DB1	5FCC4C184DBED982E508B87E3CC5DBA2761E9E94CF3D830A3FE340527BE67CA0
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B9B3DE9213646156F60F260FBFFA67A7	A5C63A28894A6914A796698A863CD58C4DC2ADA0	D275AFA020A0153E7BD284E3B2D1B444158B45B43459F8380D46660285190FAE
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	30A94DFF53691C4E557DC5ED5FB885F1	CCD36622A193B9134FAB5F40A90A4F3F86C546D1	1605DB411C0C3A3F80C05FCFBAB0B2BD2EB6EF5053FBF6B4B23DA521C874EDB2
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Catalogs\IGD.CAT.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B7173DEB96434C773643B2F6A56AFA83	ACE9DF1EB18A5587363C9CDC01848541C6117D29	1E4930D44AB3821E7C9C9E7AFE5FE9AF27E3F1F4B45E47B09ACC2C2AE02D6F4D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ConfigSecurityPolicy.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	77085390A9ECB790AE78F85C14576195	2E6EA90F74CB75FF9A82AD583CCE3A4E011E2800	2E991FAD9B3BCC3A113B0A1D3B3D13C7BC1B0B86253AD6D6D01C099DBE1D5EBD
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\DefenderCSP.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	13B385B156F6C3FB4636B5ADE21464FA	F2AE9E4D0C6AEF70EBA10E60DFAAF8E0357BD1BE	32AEBA9CF228762B2CED27493BD35B51179E97FF932F5FC3894F35B814F63E51
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Drivers\WdBoot.sys.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EBDA327FCA1F3D3939F0D73BFD3518BD	85E4CDBD107A6CE96567BF28CAD15254EA7D10A1	DA65F95721D95BC1923EE815D7680347A3FEA405C88AE4A65951E66D7B661B16
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Drivers\WdDevFlt.sys.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	898EACE52CDE565DEB77210F4B8E1E21	872D19353DB02E5EB4A958DB1E04EB3B55F456D4	B45FFF8BA4C032631521504F0946B207441732778156302B243BF8503C1752C1
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Drivers\WdFilter.sys.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	537BE8AFEBC04B751ACE9399998CECE0	5437AF0B3D988C4E79CF2E9ADF0540322A229867	947997143918789EFC1D9EC52F2401E21D16CAF08B952596CA9810481E7F005F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Drivers\WdNisDrv.sys.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	63EB176C45452673F930DD3575E574EE	842D21CCBBC7A3AD09334BA934F64AEF6BEB537C	94888B10556CD65D35C66DC91EFA0C3380B6B517CFBFA8014FA74381D9090E54
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Antimalware-NIS.man.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	264A2C112B125891EC70DA8697DEA4B2	8C8FADF71D4C526EA4FA8EF4A29132397F46494E	FD9DF99FBDFAAF4523674BA023EEF824DC000B9D77BEEC7B8AE8B08ACE10E3CB
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Antimalware-RTP.man.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B641716421C9E3BC70A8A8CA35AF3832	3C912B243EBAFD4EB682FBC035AA0807F6DF6BBE	6D21437A7FED8B0CCF7A67EE48D7B74C20E311AE1B7A57A27046AE5144D089CE
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpAsDesc.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F7C7FEFC6F0CE155BDAF9C54EB16649D	731F906A53AFE7065F8FA1518496EC51D334E868	81AF22B6756F26EADCFA8D9AE686AB22B927DFCFC95C5F3068F8B276BFCE6FD8
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpAzSubmit.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A44B86A10992432E619B2411DD2FB53A	BB6E3A0447466BC5B01A75E5FC6479CBD36452AD	DA30A9EDD60765D8A91AE04561C30674483EE9BA12F14A607818BA6FACD15B1E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpClient.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	280976409B6A6D6023985261763BB6DF	D17D6DDEDC262511A1281566FD9E14E6646A3DCD	062766ABFD254F69B0DCCB99468B7C616501879E4ECCE233C4D0685613123924
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BAD058776C6FE4BD7BB24F98BAD9EE4C	98F6A8F2EA1DC50713C8CFFD9A3143B82FCE1437	C9400B129BB524F28F61930473C7CBAA730195D97C258CC75B043077E0474D6A
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCommu.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D7E99B6879ABC7894E65B58D8218FFDC	74B571B11A4F85DB387E0666354E25BF1102274A	AF7A7F377358EC04FA80D68F5766EE6DA313A0951FB5FA9989D8742CA7EF73BD
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCopyAccelerator.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EAB857E112C36BDD82EB8D87FC9B5484	5BC3552D8B0A1C798C5591E3CA269E7BF368D37F	EA8298C4B4ECD71B9CC38AC3BC08DB61DBEAAF173AB35836E9F6A003F4177186
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDefenderCoreService.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5CFA051DD358E7D06DFB060440636B93	EB118188FFCC15E68A9CFB1DE40EF0EA6A78C191	2C5F3807B8A22851BAC5728303460D14FC595E05335C1D3B41EB689A5C9708D4
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDetours.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E94598FAD415079E7742D1C803ECB785	4D44DCD479E2FF879068338176A717747DD8EF02	C2ED40F0E390944765006DCEE961E53318CC69E8F29984DBAECE338C2029B714
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDetoursCopyAccelerator.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	75D177C465F372D828C1FE453CB15C30	05A9C4F61061FD3036FA4AB954CB6AE7353F5F80	4BDBD6D0147B803D0057D61E8662FDFD51A2B5ED4CDDD2BF49B905CA31D674AE
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDlp.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	09CB0B59D52760B1035BB08F05598CA9	66854FCE3A479A88B6A4640F904CAA905BFE2622	F1FEC90789D2F3D352B7B85AEEEFBA2F58E948C88830BAF1DAE051C344ED1DCA
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDlpCmd.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BB389ACA8AADF76B704975D498633047	1833D44F4FFC697F43CFDEC366091DD8B2F7AF2C	FD276EB65D06E2B06C036F96CF0B6630500BFB97BB854FA9B4CABB81F780719E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpEvMsg.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	864B2334101A3840B36E53979C2B3B8F	CCAC7F6CAD4C4ED19E80681A1DD2C1B430BFFA9E	83A334B20DF0FB234A11325A7F3CF0CA4EBC47809F3FC1EB5899076219D126E8
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpOAV.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EB0B106CA33123DA86EEE51D2EBE34F8	F8153121E07B09D9F1883C0564BC75254FEF40F6	56C9A732FE350F103E4C1185D6873021D25A0C72AB67036024AE850962BAA822
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpRtp.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	10D80D9BAE774BD0F70AC910249B336F	F6F40CF59079BC6E5DE8383806E24E40EE35E1CB	E82420F0447B0F5746BA1ACCD239C527AAAB29060B50E10A6ECAA9A0C22B0294
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpSenseComm.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	88C4668D6C424D03B51C8C637D023863	F1E23DBB786CD9A6DA932AF73C3066BEB9795CBA	E63EBB35C30C5F6A1E2643B0A543C39D78DE5B320167F35D050868BC91CCBC24
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpSvc.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DB264BC23D44CC7CD08FA993A2C83C14	ED4C84059C52D938D8E89074AB43FD4C1629BB6F	0E0038655A08C2829CF7978688A8FA50094EEF610D34E91908780679DD9DB8E9
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpUpdate.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F403EDC544359D4AD59177AD24EE8205	503C1BBE1E1D206E968AB3C6A5CBC924DD81590B	874BB347C749A8D1ADE91A59EBED2FB04958018F759B3BB066A41F118D2E8B8D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpUxAgent.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	06F6FCCCBA5B79F9C0E09867E5718ACF	8C66D248856A34071123C3288F910ADCD6B73FB2	71386F13312CE7E0DE908B4F985340B5E97C7870432BC08A7B1D108D38A749D2
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	ECA765F004ED20E53D4C35501B87996E	A048EBD425F2C6A10B402C5055294D109AC350A7	1FE195C763B19810728357C3588D9790FE5351DA7F6475DF92A891DFC94166F6
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpLics.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	244076B45070E802CED09AB9469F1644	9DEE3649E05B56CE927551FB3A7185AA49FBB332	BB63E60D1711C5128176F0F0A253B89095A89A10D0BC0D47CF2220CB300A5F67
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7CA1248CD85E25BDDA872A74FFA395EB	458C647EB4DD602F8FD8C978F53481B5045AB207	741CA723671DF0085EBC822FF9D77EE202ABF2912727108EE45577EB29EB58A2
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\Defender.psd1.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AD104782191519A408644DB905ABEDDB	5D5BD87B55B7B2682667EDB336627FAC3E60F1F5	E26CA3CEC0BC7CAFAAD9FCDBD89848BFE9B3EE9CF3556CE2960F9D363B394C53
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpScan.cdxml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C21BE9FE6F8D841B9F7F13DFEBDE2A53	F451674B7B86272FAD0E34538BAB9DD29265C937	9FC568AE53A59AB33D086600B60BEC0C86BA025F17C1D8CED6E09AFF40971C22
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ProtectionManagement.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CAECDE5D08CE1EFA0A9FB87B4A57C653	A586D50CDAE978B31B2CF1B831D4C5E26C4D2AB1	FB03DEA9D85B0077E07876314F31631001C1F6E2517FF816E46CC6F305500A05
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ProtectionManagement.mof.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	976F62A32822FA0EA63FD8EF36293B28	56FF3EA497246952F48A6ADE2BD6F6CD1DEBF7A8	F2C8273F7FA34D4005BADB7372AD89FBE952CB9F308B5F5558278EEDF21F5E40
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ThirdPartyNotices.txt.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7AF06B3421DA98058F3E2AA3AAB29FB8	8FDFE77B0F3FBF8535E7C9C0DC430B4C4592E115	7A90EB5F5E955F01AB9AC3E96A84E76D9E30E7418C7EFB2842E7FE6EB926E597
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpAsDesc.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2094C6C946048B62FECCDE6EDA387EF9	E4B55B6C79B77B291D8F0397CD46D2175D611FB5	449F4FE2413A3D9DFB20CE789F22889767C20CA0CCA51A4C99DDD82DE12AAAE5
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpClient.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F72C4CE07C88199F38894B4DA2E29BA0	91F820CA8F2B236A1C9CA486B22C8B8AC02EFE40	64B71D23D8274AF1B9B85DA7904FA08288BF142ECB3471D0AFE0ED2C0BAA84AB
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpCmdRun.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1CBE50A981DE513F66B45BC3381BA674	09D27BEDC99218D584CFDD660A2F3BC2A57E42EB	EBD1FF245F4FBE3ECB5188FC40161E2A3E1EBF085D20CA85E18B13B0713F7F6D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpDetours.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BBA7E6DE36E6368660D1CC94FA81FDD6	3F9F4CF5E6A1675FA79A03CB2FDC06748AC7E2BE	F5EAAE61A21F29EDC18CAC8C98A6E582D9DC7A0A7E51A8B8F6A8215D7E1617C9
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpOAV.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E23883A8F9E7E3F70CBFA24FE28FABFE	6094D1EA3D2B0890DB4D471293D40F3A3CC4C2D2	0740564EAAFB1B2A0428939C7E314B27E5F28D1B5CD5BAE10068054886594124
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MsMpLics.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9F0091F20DCA813C1E650988B5129E35	5853A521F5DEC8D39A5219DE4B20559076175BCB	FBACF5A863230E7C4DD4E41E1CDAC92688CA47AAEB9F97E5F69C1BCE5A0DCA73
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\en-GB\mpasdesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FD3B6300CBAC1DD05050CBB6314F3CC0	5CA3809F7E7E9495545BB8032E2FC8542D163773	370E6428409A47195459F1664398CBB78A7A3360270AAF0AD5FB61830CE34D93
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\en-US\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AD778D91F4AAA541DCEC2D562B2DB815	208A471264D2D3BA2C52C84D74A81C17FAFD8EB5	6DD4614516DFF47910EC7301B3CB8C7BB45274A0878DD4EEB5D3784B0E276F34
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\endpointdlp.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3F095539A6D6FD6C786AA6032D78E004	8922B96A73CECD3F414D8AED63248CBFC9329369	C377A810C646E9B97EE54FF99CD9BEEEC9E259A3827AFD7A677183B68138AD14
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\af-ZA\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	ECFC505AF07BEF464EBF0A51C0D684A7	3D090D494706E71099384DA0226092E4DB1D25F4	9C6A5671DF8FAE7AD6EB797204DEB49F7895C85EF47799CDDC38792270B85979
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\am-ET\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D0F835FB4482B65064244BCBD732F8BB	0CE6449DEE8D576DEA3F033DAFCF6D0ABBB17F2B	89DEBBE532F210417857CC184CA997BA98CA19225050AF3716051E547BE602C3
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ar-SA\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F63DF40CE9D159841DAD57FD47E8EB9C	7606B57681292F121F0B5D53D470855431837CF0	5CC7C0A3C2A05D14321D173202FF65040C24408F3B59863D43E9A00DD4C4D6ED
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ar-SA\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C1920A6A3194361AF684A8F60E560927	78FF501CCEA472C18E52315A38B1A5F797B555AB	870799DBECD1412CAE5B8BED72A441444AD43CC0C47F716EAA7E5261DD87607C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\as-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	67146D4751070F00874077BD69A5F564	E5CF1FF65A685B8E9015737516A0B3446CA9F419	580F1FC33064E40D759499926BDD1A26C4C28CD2576AC36D33B984796AD5CA3D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\az-Latn-AZ\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FFAAACB248215EA374EC9D6871C73EBF	C5767E141DF9361DAEBACED55BA7CD203E6DCE41	F2911FBF241D9D164FEE723B6FC969BC43A04F61A3ED60C15259AD18C7BFDF2B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bg-BG\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A8272FF351A22827058540EDB4643C2B	990BF6910098D8AB68154A64C6F1ECD77491A08B	ED12636479E180C3C7D6B14FB82599F657BF9A14E286EFB8897DAC6F6DF1A87E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bg-BG\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	12D8505AF4EC3F3C5D26DC19CEEFB325	F0AA2D069F59EF880AF08F7C17625CF07E04020B	E9ADD5F52625D3DD9CCFA39E40DACB92A11E1C64207BBC0C595F0515868EE48B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bn-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	511AAA560F546791D78E54D6E1CB56E0	703E7EFBDABC620960A81F1BD2812360C9923D3E	A070599ECA3F244E0CC0156E8A4DAAABBCC861CF0972C006EB46FA0838B6C1D3
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bs-Latn-BA\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C2AA2D39243E5E7C2C09DD87A6805251	F16C7B8DF2AFDE0669431B5E5B9B848FCD4487B5	CF5E9BB4B35D550748B23FA79810359D5E25E1CBD5348653DA3895210B284E7F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ca-ES\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1CB06BE249EC61B3F439AC0716459B91	FCEF4E1D4C9AF78099DA5E7394421167DD4F7B1D	F914936004C8B81FE38EDF2805D7226E1F1A28A225CF63F25A5019D84AB86EB2
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ca-ES\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	50FA55B2D61FC4E89B8A51101D61FA40	BDBD4C78EEBF3819738E297B654CAA2156ECE2C3	B59930BBCDCAD995B15CB7286BE1BB938F61ED0FB1ADD824141D5B99439D945A
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cs-CZ\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D85716216597B43E0F00913A70A90234	6AD4DCC2622C6FE8EBB44C205DB76ED565B03E4C	7F8E6EEF8456607A17BEBCB318EEB80BDD2B591114A143A115C4B62457F9BAB1
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cs-CZ\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DE3415F93D3225E070CDD64F017DC320	30F501D25AA13A874D3635A247E2A781BD4C9F65	ED3CAE663C5D5BD10EDA419EBF0C4740C87E96E15AE4412A17CF9DB56BD3160A
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cs-CZ\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	069A2F7A10E4039AA9A0C13FA00A1CCC	A40A1AD7B248DED06905F402F367B4EBB0A7CAE0	7E04100CA9C35F64C85FA4A7B83E521786EFBE0B1C1E468CE61565F84AEEF984
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cy-GB\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E656511218805623BB15F8077197429E	566DD776950C700CF86E8906E984192AFAEC2AED	E67D7427E30D3A6BD03E2A47B7C2380FD615848B8418FA36EB5CBC7D22B70133
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\da-DK\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	95B7B2A5CD0A82BC27FBE3A3730FEE73	2D62BD3BE729E19211B565CCD8D27559C41AE38A	8CCF324E008D4E295399E84091AD15F86EA09CB101E4A57507C7A513F0D58C21
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\da-DK\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	95B5322D069A8C392944EF9003958DE8	5165D53A16C54ECA0AE513D64AD784FFAF561DDB	444F18989DF9D790AC3D7AF6D45CAEC3B0897A7DBB4BC75B4ABF04E3072D91D0
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\da-DK\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	663B2624656762B5392B396920AD64D5	F6933815E25CD0F57C604C69512B1A4A0F5A82FC	8A40F24B8DEA15E0CF98D19DD4C4C4D0B514230A78EFE03E47ADB1A753EBC040
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D82369908B168733B4E919DC135EF39F	B9D20A8B5DCDFA722BF0325ABB9BF378E7F98AF4	F5272923A8CB10100206D3314E4C6AF6FCDD512799D104334E98F89A2FFD6202
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	30EF096CA6D293EB7AAB5423AD26B287	B53A65A4089BE48E21E8703DA4BB635FFF35A070	E006E23B4ED912E7EB6437EBBEC532C0A1C0ADA6A3934E67CBBF0B918A919ABB
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	29B6B247D99A93EDB6DF6CA759D60FD2	9D9A1B158D0E3FA19AF0158D0F66EAE89C0EF2E1	504F6096850528E95F6D83A7841C850AEFA7A66A888184B1C1425B295BFDAB04
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D0A9D322291D809BBAD83F4163FC86D3	845E8023F2E6C76933AA4D11FA9DF2A99D9BC42D	1810DC136E17557A3432766B831A66B40B7D5883A54C082296438F7FB8DAC13F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1EEE421BDD7054ADFDBF0F22BE8EB44C	DA3B81F3536949D975A5DE8A5807229B7639632A	34F4BAF18E597B4AED72DFE573E62EB2D843FF3744E47394E99388A94802D921
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	44E5A21229921BB728D82DB386196008	4E21243B1CF9E8D31C71240A819CC53BB51B5C25	5702BD11F08499AC68D95940C351ACD945EA098E790E7D6D5840036BD5CC83E0
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-GB\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	957D65D268463643BA5BBE679AFD15D1	616A5DF5A49D4B45C88F119AF8C370913EAD98DC	A8AEDA71B888ED223C7BB882490B2831990FBA92AF98C804D75371072C0DA114
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-GB\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0822E7FC37E8BDD634FE0148E2FF15A0	A1E90CD710DEE9112CA57C0C525B97A92489A698	2BDCA11BA0DFCE1C449DEA3D0AF7D088A8507F814D8DA9E3A708CB01E594AA3A
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C8471AE7853D719494DDF28DF2BA6A55	1EB8B7518B4426F668304FD48657B23E810A3DDF	9D66F9B73E88DADB9F484ED0D79E3DCB3E9A7F7ABC19AEF9B570C4437A2CF61C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E9792AC0A6A984103F8DEF82BA44AB05	65137A8A7A82C340994D37612471EC7F65C40D3F	F8513AB649FABFC5BD2641734A2ADF5BE4C524B07A93BBAA1C3CD466D927187D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B648E6BCEA08E80956B7EB03AE23B1AE	05A79DFCF01A203589F8E6F281EF2BF4C87C4B48	47305CC558A808D2DB20E7B5AEE595440DE2881274DCDB04EF866D3914A3A51F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\endpointdlp.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5354CC58D03756A7CD029A1A39EF1F3B	7AF0F6633DF311A942965CE7102AE50E084D075A	32803B68DAEC38CD66643E7ABFA5167B868A6B0FC21174B7C2141C163B5EA82A
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7105E783B56D777D70C2E62ED4726F33	0BAE73341F54FDDA68B50843D9CF7823A94EB79B	371D0E2AA9B2E442695E7686C59A4B4AD55360D620F6434301FDBF1A4AB17BB9
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5A63DA48F29FEB770E36E3AE17536B85	C12A1536405AB10F1BE40828534D03419245513F	B9DBC0FFE703AB01A4A258C0D5D57EBE26B73F5C5B2EB34F23C5D7CD53479343
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E6E71CE0754AC6BD7E29555690A47AF9	EB6A82690763717B7380D29BAB3DAB5F032C95A3	76AC859047EA835F478D9C73EFD1D7C3F768670AE130C841EAF5425C3CB967A9
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-MX\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6D84F7FB6E2EB565700A5203C73CC5C2	A0141F19ADCFD5D424DAAB6EE6FCCAF3842006F3	CE072456C402823B7AE95475379F33020C54E209DCFF1FA92148A28D38CDD7EE
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-MX\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	259079EAD724B34CAE52D2863CE14774	6D76B075DBDD6FE0EDC2267C24B4C69B6A9C3DC4	AA9B69B7F6825440C9B7E7952B1C0BB17407F846764B8E50E72D84BA3551A82F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\et-EE\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DA19829BA3157FB2C1F209F7FB29CEFF	554EEF6B0151D86E6553C8318FA4EB23F00B9D07	88CE3A31CF66C4BC859B76A518AEA7682F812B38C22CD945333CD53846B24403
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\et-EE\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C9274205D9937582BE32DE9182710AC3	516D19549AA02F8CDFB88D6B381708654F086197	C2B624302C8AB2EC924B748E3CBAD3920B7257C35BA765EF3AE94FF355518453
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\eu-ES\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D85CE32BEA075E19548422CF6A894808	1CDB2C2AC98FC536433EF677F8DDE46D9A335AA8	110EB30DDBB47DC9EB237ACB0CB211B296DF02FEA9A9007734C0C000C0669D96
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fa-IR\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	90A8AAEDBAEB74DCB794BA87B5A2D4F0	73EC9B22794D238C760E544C132AC2116AEEBFEC	EBDB57A7E5C4F47C0074CE098322DAAB3737CCC7CF507D811375B6986A2B663A
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fi-FI\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E828BCBFB161E9D821B3C3758B92A5B0	E96362EC83F9C204A5E99F54E347AC4B8B664F01	15360C94AF3E0B613A6060F86135DE3095BE2D4878B05A1381D8CE27E697D83A
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fi-FI\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C4E04A405F888BD8BC940D77096821FB	EFDD9792ACD1AF360B6ED212118BD581B8EC379F	3C13B4EF12C41AE29CCB3DA47F65627846CD551879A02EC373B5196BC519F8B4
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fi-FI\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	16E0F261EE66A5F00FBF8981BA248FE8	019C642400313D3274CAD6EE0195821C0071308E	DD48D81BCE3D0B8C80E367554817FBF4385499466F444FB3F34FEBD924F3AA94
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fil-PH\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CF447CFBC9396C525ACA5EA24DCDDB7E	F2196DD78A6F8A730C6494C2E7B99A347D454337	507324B03C44A0EFB912DC8704BC6F70221F4425FADB03D82510AC4E9D032C34
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-CA\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B2564A5A6BF065AB973D9D197CCA9568	60B5E0DF61F2BEEAC28C1152DB71C1062560439A	9812897F604AC0FCA332C1744C7B85D97395154758FC0154EBDAC5BC271AC66D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-CA\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	473BA9BDB539E6E11E72D351AD4495B6	FD9E3FE6216311874D10E194428958F2F996CAF4	936038F39A9CEF682B1C7F616FD6F2B1972CE74D332FA904277EE1BF7E014670
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-FR\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E1EB51B302020B7CD7DE82646627E3B1	31FAC32EE50AE16B7A1800C930443307E27BC836	49D79529A2D51BD954F5B9C3AD406FE3A27A97B5CE1AB28ED471A7C8DF29A7A5
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-FR\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EA729CAB638D3462DA7F4F999231A064	B48C583E101DCC1C3E7403BA30A60A011A62632C	D6DAEEF81544CE98AF9B95E5ED275FF20FF91D056EDB4BC38F7F93BC8BC7DCD3
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-FR\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D6A2DFC7A678B9C9505A79FF0D55E234	FA195FC17065927711A379812EED5AD993D2557C	74C392BA9FF96CC7184D1813DDCC11B1D8C4D460B2DAEEB36275695500619795
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ga-IE\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	38A67BF6EDCB2043EBBE4C84346A08FD	A782CCCD11FB9671AB14ECECD84C0EC509482D92	8EA2B0A70F55F68E0AB065A56C6680435B077CC0A1795E2B702847D02912F27E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gd-GB\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D8BF7E1C21B491F543BE1DC2FF08B53B	1C1B65A3DD0980BE30CB53AE5D5617823D64C7A0	83EEF850B8C1166F0B8CE299F27ACD1B9938207ACD95ABFB865F2D242E478485
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gl-ES\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	815F5D128902F6E748FF372A25E39156	3C15C0E5ABF4B83E904A9CC985AA0E6B70BEDB57	398CE636A224D5CE55C17D7DA93A2FB23625099065A7539EF43B2B9B53497CA4
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gu-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	96CE29156A74AD70A378AD437F68C49B	1BE50BFC2EB69E0E2387FF9DC1FECE2E5BF73222	1D84EC35E8712526CEAB793EA657A561075D3A8A92A7278ABD093068E5477DDC
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\he-IL\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CE72A768629FE42FE37C53563D686FFF	7FD5F9D1837E3C1AD7A97754D555B9CC0DF0CEE4	4AB46C6DE33FA9DC7BDD9133969B5A9B860C963929A432D393A81D595FBB10AA
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\he-IL\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E5BA4BB7123B1F65C9A3BDD4ABC5EC80	DB8119E1F3D92916335AB473B34B37A16D660CAF	4DBFC24997D8DE771497374B409AF297227C55DD55AE3AA5E0320DC9C41D29C7
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hi-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FA696C985BAD62CCBD492FC52D79F653	20F48B9D271EEEEC5B88A6121AE92A3861DD4C2B	1A72CE34A95C4C683A2AD452CBE0E1D29C14022216856A928A0D7CDF9E9FE275
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hr-HR\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D98C59BB61CF586C0E508041029455D9	F7A029DE3E465B45B464A27102B02A97BC4AC937	20FB5CEE40C8F3C63CFA7C59DEA17D18D741E59936417CBF28EC34E83B3E8069
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hr-HR\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8F2973B408A6129A7D976464F8074B66	AAED2670C0338471426082D3E6F9BF7A48B2D7A3	EC89E3DC2B28800180C978F13ABC50D47E9391A59FBAC02E89C115249E777FED
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hu-HU\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9EE0E8EFF395C27E740723AE4EEE11A6	391AE54AA7D3F4DA07C195324A4FD3556DD85B6D	7CB7DD3C72A50F0F37EF27800531E975BBEC333CB3C3217002583A8D1DD97ED5
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hu-HU\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EACE603D632F007A5994D15DB099BFB0	205DF9F2C19C731C5989122287884C1B0026AA0F	0CD69DC4819AF98F003A712ED2FAE847CCA8A388DF29E41652238DB35F3873B0
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hu-HU\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BE30E1C539024E516727A45D9707154E	10098DC85FF8D0FDC8B722DDEB77131CE48998C0	2A361AC5FCF2E2D0327F0BE366B3C99EDD1B8A54946B2BD4C1F538A290056888
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\id-ID\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F814502677C487EE6DB703C0269BA0C9	E0BBE39DB3B986FBC778B9A1B428E9CAAD5B94BA	BD252579D926F329BEC17522E105129B2503B459B07DD4D86CDB0FEE6983F404
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\id-ID\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C253391F39D4A0F44DE38CC62D2DA440	9E31D65477DDFFC0664CADB3EDED521E66D6D61A	BCA0748C7409C7E1CA31EBA5CFD23EB0807E820CC7102BEE4740A3BB44DBA4B5
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\is-IS\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	08AF952A435A55ED4BAD123254ACFC17	39D034438B00DD17C3C87470B6F02B9D8E888462	66FABCCD6D8778AAB0E37C1681939D105C9B2349EA4435E6EAC734D06E3B7B90
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\it-IT\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CC08AE1365243B9B200FA17735231B89	F79D6CB5BC69BA24250FAD0F504E09FE8E5609EB	40B767397DD1CF506F0963F2143F864270A37442FC3A53FB9467309CF46091FE
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\it-IT\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C5C5E49B45B88B6934535D87B6955DCD	14E674D9FFB29532682738270415BC0DDF644BE6	A558EF6E3886C0F6F352B76738C20E4ECF9A27C8854482B9ECA73BEEEF065AE4
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\it-IT\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	32D7F244CD25C64A02FCACB5CF47E668	DBD1185D58D188CC043694F348BA433170A6BCC6	FF7A38FA52C115D348E064AED0D11ECBA7E0532D445B7B934DBF791947D9943F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CBDE0D82F1B3163F020FC698BD085250	2DA76A69E73E9E1EEB098BCC88D6326AA7EA5270	F03C1133A1AE72B57078978BB08175E510F8F1A2D49B5EFFF8D087726166FE61
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1270C271304E74F53F15425A0202FB35	AED8EEEA94A06B352C20DB7268905055A9827499	02647BEE493918BC190543130207F45D2B16CDA9614C23D1CF6694DA85563463
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EAD73D6902B9F8AB732AC57EF81C5439	AF180AE1DE0EC7C89B28C625B1A88C0FF57F2969	C780BF7949E9FAABFAE41CB6CC67CACC626C251581C104B777D20B15A6A3BEBC
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ka-GE\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8783D23426D279C62475B099F0B0398F	6DAF3C007AF250396F2A226634FEDD22B93DC06A	38201595187BAAFF0CC93394F3AAB18B26F12967ABE609F4CC96BA6541368B00
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kk-KZ\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	958F92586924B2FC46F82575D1161F45	8111B98BA217FBB49836392134E0D95E53F9A06A	3E99C855F22108CAC2305F794C07C7D5843A0F7B6763F89C0D920F485BC2F6A7
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\km-KH\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	ED97C6F555E7C58624C2781B5392187A	FDAE3B58F16C2A34129D4F437B2C07566651A592	A5B91C1DB6C1D54A1D64880866A715CD9C3B512270F2065F5BFE311811937827
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kn-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	37A33BAF549EA7E3F30852419B7186E7	95C2CA30DF59153ACB4D0C5DB19BFD3801D97F57	50F31E8040C50BD72D51055DFDA7B8702AED314A2C707422525BC1445438B543
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AAB51DC17B850843E624EA59F0237875	A8B134C84DAE675E13DBCBDF346206AC1AF0CBC1	2C28D40349536066AA1B224A281C68C935BECBA3D3ED77927070030DDA97F3CF
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F80892B65A4158683A4CF41569DE3CFF	1EFE4E5200105822913D2DB49888721C4160AF44	E6310898B02141B754CE7CC8236E2BE0C42FE09F5B3AAF3C82A47A7E02EAFB96
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	306AD4CCFC966FD39C41BD66EA1D1576	0AF62B6A5BF7BD9A629B8AE581C2ADDEADC3BB77	3B4A1A6587DA3EA3CFC1BE8695AFFE15E9C240E3C433DDA7316F83DEFC80D97B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kok-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3364B2AA727D93554455E49E4EDCC3D0	A71428B75184158FDE45359E73C6C9075B28AC23	B369A6FB82AA81063CEC7B0444372F43D1A116FF3983E9C2C00F2BEBEAAF72F9
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lb-LU\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7C9DC600613648E888A69E9D6EDDBD70	F27A58E5D10D6353F6CDF7E6D505F52B9EC36568	A7C4E9EAAD9F0E6D9B7905B98733856FD40413195FFA81C560DFDC2A252C2B67
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lo-LA\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	68CBBBFB5591652F6A6B13F9FBEC5EE7	7E0031EE2A38696E4368D77B772B3F060FEA830D	376065A430FD2AFD6AD8EE65B75205CD4CAF225AFEF611F1957CF4EFE7CFEBF8
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lt-LT\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B73550B88FE075DD670792E7F5C4A996	4F1D00B831CFB57EC5032D28178DA24EA1D2B2A9	02DD6A8975603CB17166C0F6BDE726130B41089DD77D46049754B89A17FE6C6E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lt-LT\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	72A843A94024C263D28EC1D7032E181D	26294254AC7A9045967D3C379F80BD976F85C7BE	C76B257ACC0098D2CC40A913872D5FBB41FE36644D416ABAEB40E31424154F0E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lv-LV\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	997B5764C4FF702903DB16CE17E9622E	B284E5DA46702F456FCB9B8D57B53AD5E7F614CA	889BE6FEB34820A4E127E8AB45FC6F6332B007E220A03FBFEE37A46EBD2C269C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lv-LV\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0D0F1D391221E5142421649B6F9F27FC	39F98C8E58D97399F294167EAC43CAF6FA1470F5	228B464977293ABC5881AD9D7046E60F1B5C3891F352278504E8F82CE96D363F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mi-NZ\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CC09504F626273B5302478E475CE4E0D	6618E16F564C65534FD4704BEB379FA6A6359329	CC56DA698EA5C0C1628B0FB7F4CF1C30DEF1D5B31ED29BF536AE5EA07E702E7A
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mk-MK\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F558B84EAE11A62846F31C87D6EE57EC	9CA0504FF8D1AD40544FD4530EA67A9FAE9B8F1A	01470B4E9D92565E4354BB7C9E08298CFC245E034601F8DBC6B915B4DE600B76
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ml-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C30B0D3D12B5C009BA28ABC23537F510	600975A64945707BDB220477938E177388C609F0	7D57E2EB606C0B13431148ABA5874B7128AB337B9D54A7803EFECB0F506EDDEE
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mpextms.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BB768215FE7AACD7B39468772966B422	DB14BE2697C29005DE7DA1EDAE8C840B1223F56E	9CB72197118AF0082A7AD549193392BB5E5F5039B2B10A744C990C50197ECECC
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mr-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6B481904B1B08050D8753CD982B05569	93125924BB1E9776D9685998E09CDEB4BE1274EF	D45F78770F6C90FBD016ED56D4FF975902336E387DE1E4132A1B631D2A46E2FC
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ms-MY\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	966473949CC0F07A1F8F540214D647BB	C0DDAD51FA5B76EFB226AB55D9D838CA563D190F	1D3B5FB35624711E8EE887392348AEBC9FD2A046C5583805427FB69EE29840B2
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mt-MT\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FB973EDE5C6E7D9CAA2DDB5FB2E49BC5	A28251D8387011B4E1060038A23BEA12ACEEF424	72CDDC254752AC526F2CDE38158D4341D0BAE7E5684C1C39A0FEA0B41A086A3C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nb-NO\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9FFF3F7A1487C0043F6DF6216F601F15	0059F1FD743C83EEEBDC0733116E50AF5C52B145	59E4EB021FAA73CB1A5A7A4EAB628B8A81EEF080E2ACF16322F747005B6FA375
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nb-NO\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0DBCCAC286FD253585F668948C1AA783	EA6E1E7F67A9DFE103CD25AC76AF4BA33522A5ED	60E6F291A87262F793974932AAAE39C63794D129F765FD3D2824B66A06D61DD0
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nb-NO\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	03639443CF11FE50B1745759665A6669	8E408C7973785041C6907BA60EE754D521DD2858	CE52929CF58D647FEA77A1E5450D09C8CFBCABA98717B119AAF3B1631CC21BCC
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ne-NP\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0CE8B776F239CD63EF38719426B8DF50	2E447CBC032220A54BDFE1CA4E7DA522E6E1A41A	AE7BD464E4959F896B8026122EC0FC4B0F6C187D0AB66A1B0D7E1415FC31E08D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nl-NL\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F2B7FC9573F4D7691CF709B46D91B20B	87A19C7AC828C4E5D61FAF3B1BC97225045390F7	7345024C2414E436398D8502479741AAAA40D6AA3739460E72075C3921406DCA
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nl-NL\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	079E82A6BFF769FD14063D704C08F922	E948B80C6FDE2A04CCBA755C81CD7367EFE2CB95	CBDCA332A6A133AC0EDE4B815CB025AF73CCA0F0B15832E9A6DA5D6102F4E49C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nl-NL\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9D169AB7050F949BF412F320C32B3B3B	C8085A160990F1C641D7266B22CB5A89B2BA2FCA	57E7748AC1812221F66E4BBC5AF6F0AF5FFAB69822C95090BECFF89EF832B61F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nn-NO\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	09C1B1D2DCD8749E8A0874FEE616B6E9	27559181050810079603D7B4E00E2A7086EA56DE	A8F5739ACFF1364DD824CAF9ED5BEE58269E572877C23BFAAEA3F7499A2EE5D8
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\or-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DAF2DF81BFAD96202E828EAB0A2B31FC	D422B23C1425C9BEBF28427CF92982FAC06B2341	11A0F79EC879B2488E7EF8B3143B9138B4D700A9BDC6A063954BCA47C9CDC143
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pa-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E03BAD1F13FED1D461315B5F8FCD5EE3	F477E71A878E2A0E3CA63A7B6D115BC67EBA6CE6	DBC88979785CF8F92CCDD5BB2DF1A6AF5533FF37EA53E78943C50EA31AD4D42F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pl-PL\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	365C52551315C1CBAB80E915DE8BF4D5	3A7E6B269CAE2C9B13D16440B9DE88938F2B0D1B	CF0D3F4C1EA28E6B776A81E117C720AA9060F8A91614309AB623EFBBE6DCDF83
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pl-PL\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C5F692D5B007D358C6949529BF196CB9	370AEFD0F7A66496A98B1C3961239CEA0AE5FD01	6307A29D278DD89047F22944D46C14CB3FCE5BA15C546F0C0FA2FCA80B779FFB
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pl-PL\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	15E2BCCDA1DC074780694A08065C175F	1C8069286D1F3B9A86F4B4B23B9A0370C542490D	96D7D3137E38C9EDB8CCC4A888DA1CD80A53469978B0B4531F5D3F6AA24B25EF
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-BR\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0CD552C84639059384F0DB4D7BAA1357	8D32D4A3EBD231A904B9186D335806D72FE497F2	5306B75ECA18A746643F71935602444D50830F3BE9057B7354C684389A208D40
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-BR\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6C8D90CEFE68748500D348A5BDF8BF5A	6991303DC9E1B69E40A5675FDFD98D7B6D35CC17	B9839E99A666B3329059A3CC7BFDA3E2586FE85A6709F5FCB3FAC5B7FE88A7C5
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-BR\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	363CBBC773A87D3B74194F5132006569	EAD6E8F142B9063C098937D1309B5CEB7C7A9D73	929A22894AC1A9AE2C06195FBC1A521727D9F4EC19FF037419EE669D619E6D46
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-PT\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	190CBCA1B2F16FE08D4118B757E12228	F952CF4E8C5FB331771B11590716970E334C2791	446E240DAD1D441635661F063966D6C20C63F5C81FC82436EACC0A749D2FC75D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-PT\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	552C2AD7AF2D223A8190DDB9AAD8B750	AEAA98BCA9290988CCD2A284DBFF9465F9836398	034B7A6A873DE122CB9EE58F7205013BB0D316A6E0F0CCEFDF04EB784DB7F191
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-PT\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0451B5857D5A50EA0383B2CC0EE4CB7D	4BBC236F19ABE84DC5E871BD7B368437F9C04D94	8909A10FF556C0017512A9F7FB4DD2C7028FBC45D7B0B76898D5D6BCA30BB8A5
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\quz-PE\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E8AE44F8E467C640B26715A71B804888	BBB671866272834F7E4FDECD6AF6E4A3253217EF	405001BE4973E06DD15BB9496ADF03E459F293BCBB3C8D3942A46703D3DE6171
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ro-RO\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	32275D282BA82CA9077F0629B8906755	FF0F312D9855C1A940BA45FE3F62AF7803D3D5D3	3323AFC26F4B32514338EB8ED4C248494ADE03BF8F970A51D754F3CBE035156C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ro-RO\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F44F87FB1481050E071557B1C469D55C	68F18E9EFF33DEF31E7EED12BC03151E7EE041DB	F5312D05A2AEB82328BA810852F59C18944D462C5451691B515B8BCB418028CF
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ru-RU\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	25592FB9E798F8E8697908C68C67B635	E01D937B0A5D483DBCF73AACEC33D7CE35E01955	6987A82E5C16D092989FF34D2B2A04A0E2D6D1BDD95C0F84D28EC167158B8760
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ru-RU\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	346C976713F48D71AEA83496078A379D	903ECAA77249DD534241789A69FAFDF57482274A	A9A0EE2572D137C467343316AC1B1C4B6AC9BC7039587BED4EB82B1132046EDA
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ru-RU\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4EC18FB2FB3310C74A61567B8A6B4752	9E07B7A9B8CC848C46337D4110813AE3EF7DFE96	DC9466B4DF28AF3718FB4B45644110065DB24C5984EA789FFE2896E3E8A91668
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sk-SK\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DF36D9163BA69924CEA8D3FC9E5987C5	46FC6EB1A06C0B4CD319899E0FD6C39B0F1161F8	929A02429E0C55BE9C3E96BBCA41B3740396F580EDA6FFF3858DD8B527A9F2F3
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sk-SK\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1391A7A786E122315BE979A6CADEA68B	5E12DFA7B0AF50A9DFDF1A1A887E4EFE0DC08347	BCC80F24D768B1A8DE40C747A4932EAC7EF441D03A098D28CB8AA6884E78BDFB
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sl-SI\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7E8688F3F457107DC38DEEA9BDBAAFD1	109AC7388C7E1EA595BAC52492BCFAE08ED8974E	F42D6EF45A197D43C246FB1C7C82B52E0229030715DC280400EA23D581D71A39
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sl-SI\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2C5AFE523CD95503F25E3BC851B412C9	A85BC0CEC89E38A8C16C6667AA05758EEFE898E4	11A7EEF7D91C636E4DCC28DC806EFECA6C8C1590A370780662E2CAB828603B73
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sq-AL\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C9AF31165E7BA4B01BC21B78B2BA0558	A2DD07A13A42B3C27D31E6525220535E11E70011	12ED065255FA62F30BE9D03A32B0DA310051881616A05DBE3D383958DCE4039B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Cyrl-BA\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6F356F9CC26449619374A9441D341A69	292C483F0257AF95CC9246763E00E9D2026B77F8	D9D76C7532C10BE2165BAB9B6EDDAD3A2DFC89EE84C6516AFE183130816D96A6
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Cyrl-RS\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BD1A5C9BAC6032FDC801E07C7F679C9D	FEEA88ACDD91A1236D23F0DD1ED5F6B539391E0B	0C1131A3315C1A9EE3D2376376FA34DC592B09FCA1CE85CB08371D5BD1640069
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Latn-RS\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D70E55F5CC855B5182C74EA131AD8CEB	177F4EF22154F77D54FF0B4C768A2194377F4477	A7505B1C580B7BC5C8C64F274EDAEDC93208150FAFFF768127EF61309AB45C33
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Latn-RS\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0613A33C65D01D02A73862EA4FD6C4F0	336D34012BFD66D6EB34442C8622A8D939FE4425	ED67E4EB6A7460C9E030BB5B152D9BB6B5080B0AC71AA7BC4BA72D3444E90734
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sv-SE\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6113C59CCC453AE13CC9B633B07FF998	39AE54DD6E81BD26359EBCEBA1BCD755B5A619BD	122DAA7594CA4A36BCF2A3DD4232821BA23DE8F9122C7400E6F8A67844345EA0
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sv-SE\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AEDD42755D5CDA4059EB44A081AA4C41	C808BF77C9DAB5C087343CB34E0D848880CD0258	4FFCC3F1EB11C7927FD62CFCB0C76D9FCF1F1C4226A14E44A10E3457CB31FE48
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sv-SE\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	81EA74A49A7800DF7E45A92BF796745D	23AE77E0521AD4B07087D7EEBED5E7DA3E86B4F7	A87810CFBE51C0C491417C5473659AD83FFE9B99D36CE67EE7BBC1F4D26FDF20
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ta-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	08D3C86CAFD7451D04446AA80B4FEB18	06C38F432D25829BCEB0C5D689ECC55760DC679F	6A1D8EBC6C76E81BC9879674BA1ED14813333DD678EA691E87B3989DFFA5DC69
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\te-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B7DC1B714248D56D6FE67BBB4704065D	0F0B8197002EFE91C09F655AF5C3CEA3B714AF01	3DA38BBB828DA3A2ADFF1FD039D12836EE53B3DAE401F53F63E6B7A6C0B369EB
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\th-TH\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	61B97B41C60A09645A6313E8A788DE12	1245F0DE15F0B2804096F47E9AEC56D8E25A9175	1D3DD3DF7A7373D6EEFE200BF2CA75FFDE7602BA1EB2D64B62B9BF89F5B79840
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\th-TH\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E1B2762CD5CCEBC0373F1B184AA13060	C86C3BC75CEF6283493A7DAB4D33A26389AADC7E	8608589C1CDAF641FDF35F92D1F74F95C8B492C0B89A88BEB11C4DEFC5B8C714
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\tr-TR\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1145158CE2D3C344A220D70F6BE82AE9	55E894993131EB5FEA6D19FB3CF2341C297A2453	698C27C82FBD943834E9450769E78A8EFE87BB241FAEEA32B2602EA3FF8A407C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\tr-TR\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D991807328CED63633ACCAAB6A194479	A59D7A8687076E87241AC2DF88DF835C96B9584E	D5295AAB942E3A6083D7683683FFA96AB2AEED9CA48A96059E8A6321A4D8C686
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\tr-TR\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0FE6109D703AB169F8A7FDAF6A023AB3	96DE34962C4E75C6848FDF45ABEF9AD244A7F2F4	3D7B8EA8642B68C63240C21AF8AFE68E22FDB74AF8CD063D0C1EA7BD132B29CE
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\tt-RU\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3E2E2740A4C2C8E913679941FC45526C	79D589C0FD97A78AF73631C267BFCC7E3182285E	53A8358A1E26B8E940B807AA63B13798367382912149946FB792457D88AECF70
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ug-CN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	300828F6274B734937DA54FAB58CCA25	0F0FECF1B92357BA483C377D0A13D37CC12E27E7	164B3E07BF3B449DDC559D3C8B8DB48B106877F34263993FCE1B512EF5F75096
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\uk-UA\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	316F526AE26E0EE00696AAF611F9E859	43B9918F8425E8CE17A175C476072A4AFD2DEB62	6EFAEF65B1524D9035C11A34DA9197CB36FB1DF6DF2291943B41D9066C70442D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\uk-UA\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A6156F617D5D3011FCBFE272D0EFE07A	1B5A5A9007122F34FADEC73EE820874038B2E8BF	C6AD5E584E67A23B3835160A7BABFFA1734E95082AC36879A00DE475B4DD4523
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ur-PK\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B198885A6EBFC5DD7AD22290A59FE774	E0E286DBD5BA58D23D1D8D20114A101342135964	96B7EBC8BEF996888E849752EDB039146C16A0E44493720313C06258C33CFEFA
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\vi-VN\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	898CD69161827D830C777B5B49102F19	AD5F94AE2A3A492FD9B93212B15D19E29910B413	1B68085C9E6EAD99971135AF57CCD1CD4079A4733D62C44055E6365010050002
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\vi-VN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	904E5A8D2E8EDF2083F0CEB232A9254D	D9E9D3C2D18C5960DACCEE8FA770800D78590EA2	AB3E0951326F4667F265C18449E54456A37591DA34544AC727959277B287768B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-CN\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	965E94822F7D2C40C318A426FBD1338B	627242902C5F9F7021BD1DDF3F501A999C349D96	7D8ADC397263E84D99329A45C7506864B30E80C60458ED739B68FDA64E2ED485
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-CN\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	52812FA79491AFC66C3FBE5EC8E39E25	9E3669FCE65C50C96E8D22E5011BCC11AD12F46D	C3ACD3A9984DEAA7C739ECC2079BEC5FCA3B4808C46A8396CE38F81C1418DB5D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-CN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F56CAD3B34BAB51D28A38CA1CCC8C7DA	859D3E60030A5C9C8C0F2D9A946C96232DE18901	30A0982E5E11C129DEFC50BAB5FE2029E1FB894A9E9E3F8437F7E06D73462C0B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-TW\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	89A1574B1734CDB10B5495E0655BDC0D	1B62D99EFC98E05CD3A0F36726C5515C73D96DA2	73EBC0B88B3E2C102DC9A0EFE6BB26EDA5DF58F31F9B1AC326884A4D5FB7D793
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-TW\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8DAA97D58291906A243DF00779E54546	D822AEBDC14D9CF96BD5D885AE90B6AF4B28EB4C	473CE34C4833E3D0850516A440BE8A4854E71D47399E30C2B6D23BBA6E1789E8
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-TW\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	46B97853A4C7AE5E367BABD24DF4E1C9	4CF7C82F34321A780722229B0BA3790662A0BB58	D6C394E331B8C7886BF30B8338628038DBD7573ED3B8DDE2B243427DBCA27EB0
C:\ProgramData\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\01\2.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	33B429157432152BB1FAF43BC0FDE968	53E56FED2AC8D0448837ADE1BB1BA680E084B982	56D6B41B1F4CF66A9DA7014086447FBDA473EF207B9CDC65272682350310C1C9
C:\ProgramData\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\19\0.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F61CAAC69C196C31FF8A0ACAFBD30F7D	C5742442DADC345206F8C3498883A247D6684172	0579DA256F8D51A3F200DEEED020C911B235A2369DE849DFE96081C90E42C378
C:\ProgramData\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\19\1.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	249DFD2A85DF044E023795CEF93718D8	9AD0D7F0A6A6A30956D2D6117B67910942E2B237	6EBB450B4E1873AF552744642C0BA86F55B52034EF899C7681B596B2D54414A2
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0CA3B3A27850A8C4ECB5C4058435F01F	B31D72BD770471E462692C60EAB5CD7B744767AD	95C832F5280469030D6D738DB825C532224C6E71425BF8BC3DDFEB4469314B6E
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6E4E88BF377B633E15C4E863BD9D1CB1	D012EE16F85FF40A45E5D2FE5ED5DC5E1EC52191	32107D11CFE5431F3A9544851F06152B7DE1F4C1FA8E3AA044C887B8E2BBD48C
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	74DDCDA68E3147B6232246952E564504	7CAD056AA21D319CBB6F3C969E487053DF1F590B	877311CFDB03D7F24FAB3C969592A618D433DF0B644B538E31F5C769D9841525
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	634134FE2D469B7DBA9CFC9948FC281B	E96B710F25F0A4509DD5E41055FDA85710FF88BC	3E6800824E70F868715F1FBC93D2C8F0479AB730ABB2199866463EB15F88A138
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B37BF0960B688D8FBA6890A8343033B8	1818F0846243B975FAA350C50528E0E776FF7FEF	D2ED47F66E2A07BE57A087B9062EE6907EE9EDA0DEAF87D006CE7EDD33F0CDD1
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	00F99701BD6EC7AE47D47DD30E3C5110	4A124AA68384087ACE0FF6A588254FFC9CBD1E1B	DA9613BD83A8E6A7E4FC3E371B7C5D6F5ADCA7E6222E6FB6E990673DE64329A3
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\3846C1B485BFA46E3AB54DFBE9D1DE49.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	392974524A87E7088BE98039B1A18232	E8D10A6A35F3D71A23290C0080D7E0A81A1FBE0B	F1A69B96D13BEAE7194EDAB1B04ACA904CE4CEE844634495930150D556A83B9A
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\56598B41F139620898884E49C611C148.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	13BEAD6AE3DC25EB6355A637631939F4	A7A4D3DE5D6E9F81FE411EF314F05FB7A4BA1249	49FEE06888681DEBF85A2DDDDAD648C784125B58BDB6C0663F20A8C13AACCCF5
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\81FE2459AB45799D6C1FB53DEEE30AF6.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FFE8A12609EA19E575F0120C5371CA53	3587BEC8F17E79C0662BE29B1EA027D55B8B9547	D1A35F1C4795AE8AB0021BE348509F674FE6DC6142A9BE30F1B56E6BC9216977
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\93BCA88018E5993458BC6BBE55D33E61.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8A34FA1AF98E3E0B38EAB95F68B193C7	2E014A888E2404B6D392C23C70636494D330A9B4	E16E84CFF214EADD345BCBBB6B8D871551E6D9868EF8672A248B28789845EC0E
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\9BBF8E3725F51A366740AC59C8CBB345.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B27F79E2E04871E575AE3DFDBD66CBC2	E29E196E9ECC464A5E504787A4082E803953CDA5	A30B07522529CCA17C061FBFD037F9E84E135C1EB9B759BA41C0982DFEADD5A0
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\A0137882FC829131E8629036339BD1FB.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	67DB710EFA0C2121D62A1B017BBC3638	99F3D194C63DA1FE93CF7BB746F0E54B4EE170B3	370897253598BA924F05A994063E6FBB2873B22DF9F35FA6C05067454E4944B2
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\C73297F3A28B41D0B045DECE1D0D81EF.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5F1439046981F486A54AE7FDD2FB0BCD	4ED14334EBAC916D5D56DBCED6EDA7ECFE09BC3D	C7C038912B2D8FA1441EDBD39AAAF9A5D770098F08E589F05630FB304B8E52F6
C:\ProgramData\Microsoft\Windows Defender\Scans\MpDiag.bin.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6D2E1FF0C1C7C8AAB7837129C8DA1847	9FE4595125C93B18FE1C880BC59A5AA959B40F9A	B9E535C1B1F533C3B08A25D7E8AF4B5666E4706C0FC5DE7204023B4A75D01C60
C:\ProgramData\Microsoft\Windows Defender\Scans\MpDiag.bin.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4E37D6C38E0626842E463E0C6A51912C	6D43E841D81D074C4F09DB1392242894E5AD01BC	01D36FA68B6265B933EB1C87F189400FD0897EA75BD9D720B7127A56A323DF79
C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	616E57CD7D83EA303191A81F59FF309D	87AF57DC0826A6B0E855150CFAADDAEDE549CCCC	0168E93A973D2CF1AFD93F7227A365E96315A8B46DFD3425EE42B7D2EB485ECC
C:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20231003-085557.log.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BB65C36CD594C7DD3751580FC5424D24	66583F5530282FF87484CDBEDF17EDB10D4EFCDE	6EE00976DA58361D5F8823C0BC7C659C44DAF766CF4FB5CB38229140E68DC905
C:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20231003-085557.log.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0C852D53634A5708146D5C38CEA9A467	E03535FB87F7DEBA12121EB1F56F28D5E9790BB1	D8F2F96B552CE0E730EA18E73AC86B1E5C02334AA6A8F866568F0F4319971848
C:\ProgramData\Microsoft\Windows Defender\Support\MPDeviceControl-20231003-122002.log.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	497577684B230E6045DF7EC9252DC429	DCC05E60049F712659C85DE0C8ED11A47571D467	72289FB8761FEA81A41DB5C95A6D8EB340601DEB3649D4CA0CFCBC5D7E9EB8D1
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-20231003-085557.log.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6A49E531D6A8D1C51006CE7523140D40	3FB4766D3A407EA072EA13AB182BAB8FDBC5956F	9A4A76FF2FDFBBFAF236204BC7454BBC060973335FA3383A6333D7FFF9C72D91
C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-GB\confident.cov.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	931EDB1F9A879393197CC2EF6F2CBBB0	ED4C2604C9543CCF6EC4C5D4882F82FBFA33EFC3	6811B0D5CDABBED2C636D3B7174C2F69F8DD0C9E5298B5758ABE7AF900219FB3
C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-GB\fyi.cov.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	649BA5EBB11499DD65881418A99ED189	D27B54F0ED6AAA355EEE4508B7EE3F22558E79FA	F73BD4073959C949F5E5546794DE12D886C2F6A632A2F19E60E181CA0488C357
C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-GB\generic.cov.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D53AA2724EE6CD48C54D1DBA3676F94A	ECA97576F1150C1EF6C1857AD1491E60BBE1425E	66FF8761508AF1140C31AE49B0EB6E5E3A52945C406A57A7F054E66CDC987DEA
C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-GB\urgent.cov.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2E21622198EC9729AF7541A734A34D8C	B8B0EED1D790E42EB1828B36F2AD294DED2C295A	B71F9E0B0294F50CB2C3DF17794E42316C7F052B3D1ED78571A75CAE18988749
C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\en-GB\WelcomeFax.tif.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6463444A24C57354DD33155D8EFE619F	F6FDA3237D29953F5FC6D632542975B8C30624C1	A6281EED633D6BF72B137FC3512B68F4C14C826D2499E5F42C41010B86DE0345
C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	638BC436783307399652291B1D314574	D866411B9D45A6FD9E0D1530F529CA34A412D39D	E3D338293797DC28C4C3F6F9B43B5CF276626E4B26939FDEA41A8E24F01B4151
C:\ProgramData\Microsoft\Windows\AppxProvisioning.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F14E2DA383FEDD50CE3EEECAC4F0430A	498A47219787A1A0B43CEB27FCF72C8578388828	67602A771BD1646E6E0FD9A94AC43A649F6918ED4A52B5FFB4E76BD3E2A114A3
C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5E440169DB6D9FE9BC1EF6188AA90A8D	1C896302AE05CDBA73C2589371607C421A7927BC	C64E4756B6272CE6AD0C05C3D8A8E2127F44B9EB3499936308FFBF80F5DE9D8F
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\02305155-8ac1-1189-ff55-b7119a53887c.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	78E43C98B7AA35F4995248172AF4A192	D9C1736BAC786FC4629B8705F1DBE929DFD9192A	9F08CE96B8A32F7FC2A7B7EC72731A9B3530CAD9040417EA993B2B437E22411E
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\02305155-8ac1-1189-ff55-b7119a53887c.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9206F25B89294C8F51DD7B29962BAE0A	53D37BEA2B84F75EB27210347457F8A54D9B0B99	44169B96EEE22F100990717E38C55E53A1CB5793DDEBD33EB336E76F8004B89F
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	527941D3DD33BACC52462F23FF70AE8C	BD488F798EA0BE79C5C8635679709A95F651209E	C1D33AEE708C587117D483EF599235C0E3FED959BB4E250E5A478D6AF59D16AF
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	74EA9B36C355D8CF9ADD55F78E4A78D9	41D9661209BA77CF8CC90DF9338B571688C4B685	23CFC5074DFDDAB6E2AD99D37E14981EC35E2957BCB60E018E29656F62B7EC3B
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\0890ad2f-b74f-c384-f684-9c33f8f67924.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8C3B643B1809AACAB8C93DDFE26495C7	66AB1B1618CDACD8E3DB8502DE9E482287111AD5	A212C069861E0BA9A57B14894C84AD63382EBE712E8DDAB6AB6A5FA6D146D920
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\0890ad2f-b74f-c384-f684-9c33f8f67924.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CA8E3E1F81E9FE6FDC88A04F02FD7F04	AB03A25DE30BC1603327E484CCCFA90A8A7CDF66	7572F510C4AB29D23960BF6D6B9188AD8EEB58F867892EE7B38310D765AF1091
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\0a8c1492-65ca-6a01-de25-0e183559d10d.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0B8B51555D5FDBB8347D23EDB561DFD5	C0E5BD28AC95A5B27DA01A496BDD787BED62349D	9C6758D62AAF8A840BAD75F6CFFC7F50397EC74CC567448433B635F119DB3BCB
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\0a8c1492-65ca-6a01-de25-0e183559d10d.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6AAADFAC006ACE1F528463BFC73A3B1F	7FE1EFC44BE87518D7BBD3334EE1B2F57527F16F	E5F04072922C12F37E54162DF76BD8A8AFEA080084DB36EEEDA9F0AD58F93DAA
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\0f8e2cd5-b8eb-7a22-b9e9-9b1183fa0a84.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A58E1AB3CF83CC933D67BB344B261F96	340F8D75559BAF8F9B6EDC9D2543E1B49019C6CB	A83050A854518CAE26846738091808CA21CE6132535FF5192C6D0058899B6BFF
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\0f8e2cd5-b8eb-7a22-b9e9-9b1183fa0a84.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6ED790405A8269C963C32FBF2EB0C518	E2A034D727F954D7C284F55A5CE8568C1741A261	E51B73C156EDB9F5817F5F02E2E9985DF08971B053E27AAD0BAFDBB0070DB2EA
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\13edb933-4688-0f79-3d0a-499edf952ba0.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	351BC987670DA7F1BCB12B9ACF190F38	8A4AE26605102ABCAD742C94827F14D673E01C63	889DDEEFD86BFD9425F07BFCD86E6185CEF8A20B0267FE9E52162DFF512F0B11
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\13edb933-4688-0f79-3d0a-499edf952ba0.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7474BC4B07395998325C8CA9E4CA0FD7	EB06995B417774A74AD4A85A4814DAA0BC2CE336	91ED2CC464FA6584AA319CF3ADA5EC38A076DDA89E928F72EDAFC580FBE4E357
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	485690A0FFBBF4AA45A0EE7D543E9A33	813B9BFFA5A870E27A27262A7FD1A05DD1FEC29C	81D2AF9D9C7F141A07219488F8719D95E58AC416DCE36AB153380BB127E06421
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\18549a9c-bedc-b855-f0e6-0787d8b3300d.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	58E0C069E3D38527B7ADF70F93AD93B2	DD948257F410394880230E8A28C330EFD1B39852	F1475CB0BD8EC77CB8781ECB7F99493D4DA75C2E95294E12B9096FA8BDDBA6C2
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\18549a9c-bedc-b855-f0e6-0787d8b3300d.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5F386F861AEF05AFF51D4DDFBFEDF2B2	AB3B89B690B4B147254B26DA9A28DD8D64546499	9577A019B56B1E7F2BAFED0AC98C5B5E541D73A2060051793639F6E8A003E10F
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	47EAF88E9A5432C2125D12C90CA16ECD	CA5245B6B526568323DDAC578F0DEF41D71F319F	EE7E7222462EC65889F1A16B655ED35F4B8AE48EC68A253F18B1EC6F383F9FF2
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3C4D92855AA9A38C6FA3EAA68CFE0277	CDB1431CD4BBA9824126E6A3BF22C4139B32973F	EF30CAE086A02FE4A77A45896C0F9EA9C2BB7A8A27D9A6387438DDA867571E16
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1e77870d-1a93-60e5-ffda-9653c7cad20a.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F17356997328B9A26568C3C19B68DC03	DC762AD1B434704AE3C9C55E0EC26087A057CBB6	895A7136CCB7AD02C208D7D49D58E1E26E6719B0D570F3E7D58B905A7DBAF42D
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1f7b7aa2-506a-03cd-6648-5b78ac12040f.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9046DA1974516DBAE9DB223DE1FD5FDA	D33C24609D010722CBF6E219C055A320889F02EC	7FE642AC75FF5197A0E263EDB75C3D62BCAF13F4C53F504A6B69F1DA76AF19F5
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1faf63f7-f387-4522-1175-68c9652d968a.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2E4E3FD225495B76FDCD16903BF90550	8F49FD17D7CD090B89409245C88DE6254C8A4614	8D445AB1087F18209887992819148E538CE72095C437E244887972638B872551
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\215f9712-9fca-a3f8-5b11-660eefc73b96.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3D05D61A48E1468C876B60DAB6450138	43DA62590F937835EA2750EA0515822F94BDB93E	BF2FF6F3DC182040F28EAB9C2EB0A15CCE710D13B15BBDA58CD7DF944E32B0CD
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\26943e1f-42ed-f190-2895-3bc2b8c4176d.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B13654A634180220CEA2AB55B3638D8F	58EAB905290802577771A12AAFA9FF56DBAE2C4F	017F85084BB200830ACE4A815B0A9A74AE8F09925045C7F75FCA2B02DF14717D
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\280b97f1-1f94-1458-c842-d18e2d1e05f9.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E3F2DB18EE312708FB306CD6A9D3B945	24101FC9FAE52AD9FDD26619E0F504E13587D218	712EBDE980E9631A2D1F7D381F4A3EAD4B653F8018FE1732D18259A87252A35E
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\28502d06-9d29-8514-1e5d-64447116d798.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A55B3E3AAFFC714E45EB565B1C5DF972	A93D9CC7DBA77931D653EEE4F9E5AE6A33614D8F	A8ACA3DFDE5024920B3338B27229C46B931C0EE0B9F6C08510F0148476E48A33
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\28748306-9f02-a5d7-6ded-4459fddadc31.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0CDBCF8A3C4E5206337E646DDFDDE84A	30789D389BEBFCB9AE985F5CAFED17A231F6E4E6	67B4319336B81B9F7695B53A17AA83E5943178E397AAE25898BCB397B2279391
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\292d761b-1fa7-9c70-1afd-c2e4040b6577.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B7152201BA7C68E90B2529580C1CB61D	8ABC61D2B47143D7EE9E3D1B76CF8816DAFAD45D	501322F5409EC0BC8E2893C8725FB1E03957176C909003697CB92BF681D1C95A
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\2b5d0f60-d93b-1629-f3e5-4167231c7ee6.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CA511684D7C47456FC68BA2A36619B6D	200CFE5D67B8D8DD745D00CC382B320635B46CC6	1420370074258CA23E42834C063ED11039E1C95A88DD2DFBD85CCF8E61E8430E
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\2ff6ba33-4212-e6d3-dcc2-11aadb3d61ef.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2F0EAA14CCB40097F9D17F87EB3687EC	B38FC26B4AABF2FB1F7DBDFACC1D7F8A8DD335FD	3D63D6E398D3DA27D65B7A9E4CEA5A3B71D94F17AFB164F0F0A718D1580B46D0
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\306e67c8-9a1d-38de-8654-054bd8a6e6d6.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FEECBEC4E096E03ECD84106ED2D98D66	73FB346B32DCF8F4E0F6A3D5C540BD478A35F9D2	754868D75895B99EF5E2E77684616B40CC0BFDC4C838BB14C023EC04E1D95D09
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\38ae356e-4b11-78bd-6f1e-d1fbd81b826a.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E7ECBD58183DD6212E39C3DB06BD4B0A	270656E6AA49CEA77CD137CC423CA38200EA799A	2275D523A91F94D92284A78CE51276F499FABEAD956289EFCEA873E748E49CCA
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\3c8c7eb3-7a1d-7981-0472-571cdd1d1292.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6C29377D4CE72344215B353AA154767E	5448008EFAE7F4246B0FE03C4B321D0BE128A49A	4CBCDA81A742C76A968D47D826FA28D9056347E2C5D0629AAADA0F3FA21D589F
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\3f446420-d8ef-3b9c-d5b4-ba09c43121b4.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	292E48D0CD09844EA98B4AFD85E546CD	858964F30C40E1ADB007C7B6B7602FCFA41060FA	EAC28CE838DD12D9376BC677F8FFDED0F66A591D4E43021E0D8666AD6A6D3760
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\42180d93-7e2c-7efa-09ed-dfdffa034b8e.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3D84B0E8D519439F4DD160769E814F72	815E4C1E7DE3E79BFD500D28C2247BA51126CCE5	271CD31D5B3EEE9FFD9F7E8357B086720AB5B1ACC6C860AEF401245B2C18E188
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\436e78a7-dabb-5a30-f98d-963a03bf8af1.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F3CDF878FF6B833133E9246CB08D9859	F74FD34EEC7DBB32CEBFA72897FE7C8F5B97CB99	70F95487AFE626ABCCC1D6E2E8CC099D72DC968919C3472B4C363B29868F01BA
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\4c4ecbc0-0ec0-3929-aebb-a931a339fb23.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8C117275DE94BCB94F6D8BABB455F92B	FB996FAC03FD4DD68B844162656DFE4C202CDCC8	3CAD7F2136F3E5A4A5F0CF0AAA436EE5CDEE5D7E3A4833990D90EB2743CC693B
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\517cfcaf-138b-1796-2cea-62892204250a.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	66176A963289AF451519574A4824AFFE	119AA293FB00E567ACE0248556F616F7E4A0D649	0616F7F714C98A4E9C425F42E612897D9886B145EBFBB5120814FF2AA0DC8CCE
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\52a7e8cc-4b89-0eb8-5b4c-0f924bfc3949.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5789E7FA9060377E405BE27D2A3FF954	EE93A9A2F1C2ECA7E4B0B4C928362B8BBF6AE553	F064A31B506B4C548F3E0D7A48CBC382BD63238531277ACC4DEDE7D30933F107
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\5c834b0b-64f8-6383-854a-915ac7ddab77.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DC779C89FEFB9BB38CA78D273B58FF99	54752B69B4F0F5BB3E2A78B5B952C6B8DE5FF3B8	ED10CED237BCF931C075A21EB82A961655F20618F7D302BB56CB6DB732E1F181
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\61b5bd89-4cb0-db77-6622-cb63b5a58080.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E883E02041A9844249B862DF0F6B891B	EA13EED64F2866C92A11020C939BB2AFF592A0F0	761633A9BB766790F1642197F39826A9A3C35C97C9C87F3D6F651148897C344F
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\630a70e7-1832-4f42-e2a2-5d35fdddc45f.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DDFE2C6558BB9802477DD992451DAAC5	79B940BBB3182D6744559E12BAC7BA980C58A573	B9473DCFDF351BFBAD770EBA2A54105C2EAAAA64BE4E1020D947200CCD5C000C
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\67447b0c-05cf-6740-5f7b-391ab440c42d.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6E479D3843A39B15D46991C6D7DB89D5	FFD99F9B4562DCA0CC7C8A8DD4BFBF353AD03E88	6838860D86B1AD43229CBC072F82A4F35AA4D0DA68A20577B7462AFE9B2D0443
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\6ab96728-2783-240f-370f-afa9d4e52fdd.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	768112A71E16D72DE85306F0E50A7103	D1842E58B59926B6FBBDCB08DF76DFC9A6835C7B	6AD2CF554DDE1492596CCA87700C64D519D1813DD9850A65632E97AE3B15D4C7
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\6e90ed81-9187-fa62-ce90-f18d7bed6b12.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E7B6574C39FC60C46CD27C823E378645	A72F1784622D23A52A108DF43D9EE769C4714AB4	9CDB68DF5F95D522E25339143A8EECAFB9A31D91D45874E0768245D146640230
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\6ffa25dc-c89d-3de9-3601-df09bae65a75.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	130FB9AA27C1EB0F1D24AD0563BDE8CC	913F1C755D5B899C7BAA4ED658C2D05A3F6333F5	FC803BB7CB184FB0521B11675BBBAC14AE7168B825E9CCFAE9E3D87F2E57809F
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\71c8f37a-a7b9-aff0-6de0-9b276c089ad6.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0A8179DAD034EBBD56AFD087EEF1425E	DC002CD26187F66A17D1B8D272DC08F4607B0981	27D2DBD2139315DACCD9661F6E9231AFD79E38424E72767685643E75A1A9ACAF
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\71ef3df1-f4b1-69cd-793a-48e165e282aa.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D9E78CE64E5CEACBAF87542ABBA33572	534EBB0E4BD25CFFDE92683A0209DBFA3F85D549	07E18B75BACCE50B88B76F3CC410FE04FA551E6C9F880667E3FEF738EF730B51
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\7309084a-bb6f-20c3-ea54-aa108ceab1ae.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	401F0F18B00E4B135E60891CCF3C1A01	1096C4F390D25B32B32E0A68CFA7473A38E90AAF	072326DD6DDC03223C7EE3E3717D0D3A00B537BB5E221237F9FE1B254544CCA6
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C3DC67060F489DF6B176B2B3F656BD9A	8C74435826179ADB132DE2F0CD435B6EBC35002A	D76A927F00B1B634420F9C57DDB0B801B5D5EEDF9A62AE95A37BB8836AFC849E
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	29571C469F451D217F69FE6FFFBC9319	C3B1AA9BED0613F854C75C3CD0B2A990402BB356	37E67D64FFB867094EA96F4ECC1B6F4C70B74E4651FC735E7DB76E4174D861E7
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\832f9d1e-5f47-dfb1-157b-5239adf4c1db.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D0DEB83C790D088132B39EF471D7741D	E4820A4EE265F7B02D721A94846D5F91E0ED5F9B	D57FDE203B17697B48C015C780164141EC12BB48E7C239CC78ACAC7DE0D10568
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A7761744D3F32B5528D66DEE8C7405AB	EA1E8534B38C9685471EA53C4A2DA1182EC97297	8ADEB09798C968C91C8CAEB8FDC25C18EAD6E117F323B542B1FDEFF68C3D85E5
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F247F16ED054259E1B1A6C8416CE7DDC	D07131DA25FC936AD3A06D108F8E5D5EFCB285FC	7AA2F627C9FAF6B30963DCA434A18DE4AAD779C613A046B3C6AAAA19C7642EA2
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8cfc804a-d777-2361-1670-4569e516397e.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BBA317FB8A676D40CB39726435237D09	9DE798404FC54D8E5AC9E3C0AFAA79106A0F9EF0	F3CFE2A278E907E611B48FDA905C2A50A478F4B0A9736F8F01C6508212B96ADF
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8d56e57b-8663-136d-ff69-a004e217825a.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7E6FA6592B42CABE71E5060004A52CEF	FEBBCF08CFBBA28C605FE2535D5DF48F62A4B729	12C82578E01557800B8413759434833AA580355A4D039B990E9BEF986D610BBC
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	93DFDDAD6F2E67C61217CE8FC6B1D4D5	DBA8151D8D35378452A7377AB84A16B2556E4E1A	B1DD6B14F01D96EF3B73C5838D01F7D29DD05CFF9EE48B39A95EA8EC5BC749E7
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\91a5b4c7-29a8-ec80-4321-fbecea906705.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3526D094B9F7BFF431FF9BA82F207ABF	11DF72A31A7D30012DEDB4BE5019F7478F5BB8E8	322CD7B55237C566C952FCAC504499C287795451837A2558C7BE21EFD940DB29
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\9a9f1e94-851b-c6b4-27c0-55a242e0d96d.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	411947806BECE2066DFFD8AB13E75106	724084B8D9AFC62D4E4394340F88FC6B828E467C	FC3FF47EB52BC2CBC38380DFDDFDAF20E1B5C4B39B7ADFE38456B49F31515CC8
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\9d3ad23c-c6b8-7fb5-e4ab-f5d0a66dcfbc.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9111143D4AA2E2656DF07C7E4C7757C5	3BB3BB57C1162319AB2F130AD13F43AC4C07DEC2	0D1E36506FE01474F53804D4350C96B19CC81D9FC4A08079524A45A67CB99EAB
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\a1e5b165-0532-a6a3-f542-0c5c162be3e1.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FF6519584C50CCA2330592545A38F3CD	80B1BC3F524BB6CC0805935A7CD3BEEE949E1DA3	C4155A5BD196B503608BBF12F8EE6EA343543F3B366AB66E6DFF69EA5A9C3997
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\a7e08b8b-ad4b-af00-ebcc-1aa29a833ce9.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D29C0DD67CCFC5F527B0394734A372E4	14A26CD970C62F2B80D0633A0380BF8C38F96B5D	A0F93A0FA149227FE6BDB97D9D5AB7B5F76277B30678CF34E01C09E52C9EF8FA
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\a92561ce-87c0-7d40-42ea-c87d237c0db0.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D59D1D60997AF699DCE62CCC524B64B5	5E538F72D741C19988616307AE1822F74B7DCCEB	652C2FF5786ADA9BA3BC8A1C8ED1B6E17F9C32F3EB51DC43A463E7B7A85FBCB0
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\abbb44f6-ae33-2e7c-ac40-4d8ac17bf46b.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	69AA41C5B45FA56CA711D0BD958776DC	1FB26CCC0DFD13489C2C8C5B40FCCA9FAE39F537	ED5BE8440DD24109877706DB8D5D0926DA347695C076EC0A0628188E8573C113
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\ac116a72-b6b1-d558-23f6-10796e634d41.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	71FB1628D7CBD09975FBD6C1C8D9715D	E53FAEE17FA278C08F6DB58D935E3082C600A17D	E47EA2C493F57A591E03E139CF7E83665906FFB5ECEDE736EB59864F2B06F92F
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b34b197c-c0ed-bf12-c9bb-44e883c66a9d.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7A96A35B45D516577924AC3EE4C5363F	752D8FBC4E2D556AB436B50790ADB5BE9D627CC1	DAAC58FF949BE11B3E2F1D2766AA397198D1D284176528AAF28326780FEB968D
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b59f5123-f94a-28bc-cf2d-1f77c3cd60ad.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B729230A8B08E024A9F36745F58AC513	1DE3545CD9AE4457D3235783586DF9C70A0DA541	B71F96CFF0CC3A8ABD8A872D1F944489A7E895F7CB847086ED111F258796E879
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b6126597-8ecb-81b4-8b3a-1430dc2988c1.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C98B2DA9D20C2429D1C3E35757D02BA0	7E99C80540054C99694A121BB07C8691440B25EC	BE4D99C722FE6D929F4903CDDEDF549C4639CAE129A1943F7AEA6B7FA482BF40
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b81d7e70-84e7-b16a-e3d0-1e7aa2f1232d.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	496D4C81DABE80D6345994FFB7023F38	B4C7397863D94AA90D6E9D39BDD45C2C74FB2CBF	FA3C71E9802CA16AACEAC301AED15E74DD3450CD2ABE255E64C5D1E4606E9456
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\bb26a0e5-d235-0ee6-0c36-6d5e185fa5b1.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C24685DFDAE64C05CEB5BD3A33DE8DBD	D41BB785405ECCF1EC86A917482601CD357F8A24	8C5724B95609B9DA1322E61D17161CF44333236A2AA0F3CA72E437C1B95AD551
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2F43BFBC6CA3EA538C43AD9C83BE1DC1	40A325AA200A0BF0C5AA2E2982FC1E6D2BEFC684	C62C69B36406DE155C417E5A001B674EFB6CC8B95F4D50D696FAAD660B6A1474
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FD072585BE9C7DC8A92A861079ADF170	365889BDD2A58C5EF283C28A406D032992869DBD	58764E89466BAB23730BE346D1CCF519EC985C04C27D9A4DBD17B32E25239D5E
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D87D7CCD404C6F19CD722A3CE53DFE22	5906E79373A3040F5A48AD38042A4A6CF30E1B7C	CF6BBEBEB4ECAB914998B3B38AEA8B69496C83B14681C9B50A46295D2AB6F5ED
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	53FD37A418938DA1CFDF58862E3FC9E6	6C3E611BD2795C4C14F0669F60044A05860950A6	10612D582595E4DF65C1A35A23091645BFE410B40514F05FA48609D66E67A6F7
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\ca947da2-7e9a-7249-8095-bceb379c6f74.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CEE93FFC48F10B29E92A79866DF56B1A	77FC52728E6BDB45DE27FBC7DCC5F737D53B0663	C31A95420829F05852524EE697326570854FD140603C03EFA04047751A9F75C5
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	62881238E18EF541C661667BDD316F74	51CACAB612E9C2CC4D3946691CD3EEF9A4F69368	4EE5226DB15ADB485938D3C7A5BC2656EFB9A221B577C5F837106C04E95224DF
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CE24B187E5B1FCE46A002B8670E196CB	E61F2F4A9C9AC4ADBA8E066CD31C3B245AA12EED	59A15080BCA1372515F7C015803B8B8E48D7CBA2A75002E598D2EB1513386FDE
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\d834be1c-66d4-85d2-5bfc-720e73e8e544.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	62D7B5C131A03831FF7ECDB41692BA42	072C8EA3D7A13A1680F49EE37FC242C97F6D2572	76AA2EA2A8BAE5728B9EE2028F7A41F1677D941D793796E0F6E41345A4327F02
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e2a686b1-b02a-b3e7-90cb-3fa0d708ce04.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F6278968B400987734CBF5FE8941C0DE	70C4F2F60447608CDFF277D9BB3C440C6F2BF71B	9E2074EDCAE2129E3F0DB83DB9A610089309D4E6CDF8BA3ACD02181EE0659C64
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e64ffef1-e246-b632-595b-56076a3fa776.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EFDAE556F15512963A1B1F5C06FCB923	AB34119AB3787C3A7544EFC4C52DD625BBF637E5	56813B77F12C82E93715439790A93797D0E6008D2065C0F5E4D4C748634ED736
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e78cdb72-8076-1aa5-5df6-048300a0f594.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D49D71DA54C97312C62C99E3B1927F49	82AB69329B389F5ECE64383A949B589FA959AD5A	FD3004570424F3EDC0116E794B36A97526ED660555C9B6458679F54EABB2868D
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e8ac9388-7c9c-19cc-fd4d-cb72bb1544ea.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CB01FDC7D8E9F21987CD9418A88048C6	0D1FFDF69930C90F4753DD6F13991F991DD7904B	051C0E736CAD0C87B44C19ECCD86354B4593C53A88C5914B520D65568A15301D
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e8fff2df-6041-8f21-3df7-db31661aa09b.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8162889C72B7E56B5D94858BE372295B	29CFE2F336949590BE9D8BF8D223A28569C458CB	5CD9845DADEE32C3633949B1F1F05BBE6F0FACE2548D9F890307379AEA685465
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e9bff135-4a26-0e2f-d743-30d9666eed8e.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FA0CEC81CCD534AD012B170EA5931DD2	116BA71F9514A67C64A110DA67930FF55629CC5D	AEC9EA710741785537DA629F45C56C5BBE5BB3F5BB6D5744EF77AA8E51896C93
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\ea39969e-9808-10a2-23ff-be783a132fea.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	729292192EFFFF95BD7575096533D73E	FBCFCF0B7F56F83B2DFEDF6FCCFDBD52FA9CF178	E967E233C05B3B80161DBD7DEA59118FB9414635656D6A41D605D7842CE0A78E
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\ecbc2601-0a67-4963-e594-43c65d6ec9a5.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E0569CDE5EF62A1CDB215BA173F2E604	1BB09B759324429EFC7E58666540C1436EDD3603	64E7489F030A2A129FA7668E83C18E60E43B1A911326583D92C0F65198F5F91B
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\eee47229-947d-2ac7-e8a3-49bafee251d1.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6D3F37906D5C770AA98E54021FFA95AA	58D2903E8381A9377C2A964F8B60D9C09D199118	48A5EDA4C651B401A5DD62C6222B00AB20A6B038DAA073E9813C8C1D19ABAA56
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\f1d940d0-b5b2-0083-8403-807a8db430d5.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BC9D542B5FA523E6D8827F1479026B38	103A2DFE6F4F20CD9B96605C101222C27299BDA8	4F0D49A73B3EF9F0D358AFE5094748B7DB940747A1C08F2E4F41F6D3EDB341EF
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\f5fc8c03-78f6-342c-372b-15d02609bd3c.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	ED23DE819F05F8FC2E60FE4DFACCD5E6	2EE287CF8FBF32E506F49670FE4E1BE754886515	B984EA761688C5B91DE2FF698115CFD9140CFA718C25462D95354036D4A0D5D1
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\fc93b452-8a84-dede-3b7a-0fc9413c4592.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1089AC8C01F32206576FC056E1E374FD	37133E08F1367DA4501FDEE3501E12BFCF8A4174	839ABA7B8D59B6E0AE931ABFE2F4ED0B55263FE8C54DFEC08748DA5E288A7CC4
C:\ProgramData\Microsoft\Windows\ClipSVC\tokens.dat.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BE2D543F275BB8D74DB5C84B527930CC	CB612CF22B643CB2EBF3842CFA5B8F128EB2266D	B0EABC7E2A1A99D237D08310BBC887A5DCBF5137C0CF3C9B50B81F23844A3C2E
C:\ProgramData\Microsoft\Windows\DeviceMetadataCache\dmrc.idx.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6558AABEE09B12996ABCB78EEAA0E2DE	B0C2CD914BC057AFCCE645A23231EC86A734EB2D	7BF2D57F86BF66B301661E9A14AB40B3AF2CEBB80A5D1589F4A4533CFB518942
C:\ProgramData\Microsoft\Windows\LfSvc\Geofence\GeofenceApplicationID.dat.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	93FB44AF30B65E87BA4B23F39715EA2C	8331C78301BD01AB05848B2EB50B73DE674F84FB	322970485BD614DEC16A24513EAF4673C4AEB7EC663B3271E988A3FC945639EE
C:\ProgramData\Microsoft\Windows\LfSvc\Geofence\GeofenceApplicationID.dat.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	43AEB817464D18F51883B1F1BDBD971A	C536F074ED66E682970615E703C3D42FF04C0634	E607CB357BCA2552A130E33AF61EF7FE6CDF1B31F9D5E410550CF4D55AD290D5
C:\ProgramData\Microsoft\Windows\OneSettings\ASAP_CloudPolicy.json.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AD51DCE6CD0A55E633F05230AD413875	D8C1E0855EDB03AF02758B6AF44FBF8D8FC23F5A	E7023EC800FB6E46A847A0B23854BD397CC54EBCB94A5CCB2B71DFC1D03BDECE
C:\ProgramData\Microsoft\Windows\OneSettings\ASAP_CloudPolicy.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E9052B1844676B4D8BDFFE77474AF962	36DCAD05F5858D4DA625F5425C8955BF5DBF98CE	2B88320BEB597E14024DCFC5AE3A26B075FE5BC82E66E2C161F654CE5621C7FA
C:\ProgramData\Microsoft\Windows\OneSettings\CTAC.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0721BAFC5B765D8F5AB2FE893CBC57D5	9E1454A2F51D993BCEBF7D7E99662A1E54BD1E62	982D95086FDA3294E6B646042E50935E2A0D7374ACEF6B411E0B752C55406C28
C:\ProgramData\Microsoft\Windows\OneSettings\CortanaUWP.json.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6D77AFEBDDA21FEA4FD498190BB7D4A0	FE7676511E8F7B6DEDF94E6F082A852BD9CE638B	93C94F2F2DB49E9E7DBCEBF7C05FA1170A34D752E6CC6566F16385E8AA4269D4
C:\ProgramData\Microsoft\Windows\OneSettings\CortanaUWP.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E429B3A072201ABE36B13A79DEDADDD8	37B3FAFD3FFE66659604097E07CF44BB49018506	29577603FF03183FB53FB17FCC7957ACFF0DBCA18C954A033910D107A82AA580
C:\ProgramData\Microsoft\Windows\OneSettings\DirectXDbVersion.json.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3F368A25B6047AC5DC963A6557F8F48D	0B9F4401134BB97889661175A0BD72DF5338DFD4	5D4814D28031909BF05AB070259A53FA58DCDE5C2F058930CA4B1FFF1C544733
C:\ProgramData\Microsoft\Windows\OneSettings\DirectXDbVersion.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D6EA6FA0F995B37E71746D56C572B75B	CDE9BEEECA25AFA7EB021992F3875D5A26B6EA91	EFE2C86E05BD679DFFE4EFFDFBBBB3B390FCDDFB31E5572587A446648D8A8A35
C:\ProgramData\Microsoft\Windows\OneSettings\FeatureConfig.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	70A88E38ADDF00078FCC577F94515088	E2BD7DC2E50C4C04A3ABC5D5F246F72390CCCC51	1377CF5D9ADF5CA78909298DC7C198E6763356D09892D98B246EF7E0C80932E8
C:\ProgramData\Microsoft\Windows\OneSettings\SCCInstallService.json.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C3E47F763CD9CAAF85F5944E2D5767D4	EF54B889FC086D8D5B55C7EF5BAC5C72CF5746B4	4A22BDAD79A3DAEC7702C32B15DA08627C35C1BB98C606237A508465AB7FDDCF
C:\ProgramData\Microsoft\Windows\OneSettings\SCCInstallService.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	61E3F3612B3D50498EC17814A4AAE935	F0ABE46190C7CFD50CFFD7C7D7DB3AB75335AD38	9362FE5A37979D61AFDD4DC34A080B2741A8CEC853E3E5C869502CD24B82E77E
C:\ProgramData\Microsoft\Windows\OneSettings\StorageGroveler.json.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8ED4B7429BE6DFF8BCA54CE73943D57A	4738F8EE3B98D563A493896C7036F72C57AE12A3	53D6CA3631669915EBBD1C6A5ECB00DAFCEC6332A410A5F400295493596AD488
C:\ProgramData\Microsoft\Windows\OneSettings\StorageGroveler.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F264011F9E9A5CC98B710915F781695D	749D3C539792BA7DC1B9E1123F39D225D302C694	6FF614AD61002140263949897266FB2A1BD944AB53E8C8E757B786ACE938C631
C:\ProgramData\Microsoft\Windows\OneSettings\TroubleshootingSvc.json.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EE25D92F9FB011D1553E6FF73CB957F4	0ACCF6A98274FDDABA693340EDD60B325A7B6327	EE70969CBA2EA7BA9906017FD6E3E5126340B59F7B53BD548E66DCB3797BEF11
C:\ProgramData\Microsoft\Windows\OneSettings\TroubleshootingSvc.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	99B7B190BC27D841710830C591C92906	9C0CFFDDFFCA6816AE2051472E2F54CA18D496A6	E823F7EC60DBAC72115519477A01507C4A0089B2BA5AE837D4A7AC84A701DE05
C:\ProgramData\Microsoft\Windows\OneSettings\UsoSettings.json.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	98C142BF12152C6CA7A0E825CE2182CE	4AA4F46EB7742C22CFB30B00DFBB938E19824942	58ED5A13F811652A7288B386241DCCBA2E85AA4C3714115275F1D61E348472DA
C:\ProgramData\Microsoft\Windows\OneSettings\UsoSettings.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CCE53208D52438B8469D396E62613473	957650E9DA7C26CE084EFAC63324AA191B50CB9E	BC1190B2E2A1FD5B34D462F20D355B6AA869B9A27D2DCE360EE67F0CD9391104
C:\ProgramData\Microsoft\Windows\OneSettings\config.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0267AB9C67A026FC9C9ED3A1D75FBAD9	19465220F45F354F8C4370B642763E0C6D412DAB	BA32BADCCA6D6C31361407DC8E679600D54E18864647903C64797B9494C42323
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5D5FBB0CC6AAADA17E95B7346892676E	AA5E44645609C57E7D924454A577A80E7E05A005	3F7D134B1E3D6B4A34E1B616DB0323E69871CDFAF49F7A5EC18ED44F690F3583
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4FDBD86E59221A8ACF259262CCB7F9C2	4A4EF1DF1465B147D6863E82E4D5BC75678DC03F	CD60D46562DD03E0FA41203EE8A69E66BE11737F1087A4A0B3DDAB3D62A4A19E
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2AB8CA300528DC5FA5EFAEBCFA8B9276	C0FF0E57778933D6CD65A12A1287857439D6E347	B5BB18B2B7EB7142FCE2B0B1DD53D8F3DDEC49093B9E618F6821012DB94BA0F9
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	75C98AF1D0D56F9554BCD7843A53D141	9B9EDC7FF498AB55E168F2040E5AED331EBE5916	C7C37769FD40B03C3DAF2760A16379D8501084ADC8CF9360CC96FE6E5998F201
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	90C0D634B95BBF6DBB14D151CC50FE8D	7301F85F7C14D4D371179E43F51413D3B729014A	31D2A163AA1E561418337091674CFEF32C9650D62E2392F28C7D4E4878A2B2C9
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	87CA15E734BCAEE1C32E9939EBD86088	71AACADBEB549FCFC1BB52F087A09F9628AA59D6	6F115D429B36B5631AF45026690E4CDBA9749CB432DCF53BC5606D5AE4FFD2A0
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E52BD28B9473C001F14D710DB1D00318	20EB36ACB2D5019A41E40804258C54124D02F2D3	449AE47AD6FA846E7521BB367374DD3C6E39920BAF91EE48E5129AF4002CC4D1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9AC0D743B8E1065CA2A71F20C4F91BD0	90448F5C6F4057E2022D67AE0D10BDFD77477563	4640D438143A54A20865619106BB0E2F3C7FAACBE2C5A6F4E090A4FCE1F551F8
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F51277BA67E45EAC631D3DC5E4A90234	E497141396CE0D3C0D3AFA992E10ADF3A84918D6	A8403943E900CA43AE611FA402D1BB75813C0E05D58A43C2B7391412301D0412
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4229C379C8CEA115241E0F8C50DB143E	48991247E7353BBC18BE12B5F9825E5D66802F35	7ABBDD16BB8302991119172829ED55845963A5FED47800342F132F792E2ED6F5
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	482F8B48CDD9BB3C3866D299AA482694	4F66B3FDDFE9F2231BCE53599199679988C4AD61	F8CAB61E17FF5690CC6AB9FEF2E3DE9ED6E77952EBCB3B70A51859C8711942F4
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A81FA409881F5A136BA211A90941501D	4C3C73B925160FFD2207C15C3EC5C14096FCDF28	A686D7F4CE67BA2AC4BFC9ACBD674CEDA9E4952A65D810C033EE4EBDE955A34E
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0171B9BB82ECF9F7F4BBEE4285F346C0	433C81F299B5DFEADA1166C0DF77C4CD5EF46737	42E2321A75A0C01564DB6ED4DCB11F347477BBC9A9E562520EDB446D9F880C92
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FDCE1D93AF569FFB2B8AA9AAB2F799EF	1D915EC1ACC53473F934D5A2CC7062A14B669A70	2B854177E584D4826F7758E98DA6F0EE2545851683A5039E23A0ABD870769CF6
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D04AD37224628CAC9E4DBDCD8BACAD3E	D4A1770A030D74D622183D4213BEFA6AA7863C92	8545A6CFFE1EA1BE36C45968071CAD40F34DBFFF5C32EC8F7706C21729405E66
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	86D43CB64A06A262ECFD33C94E1AA6D6	768579F1A44B432D61DAF25CE070541A7B551058	159AEA62351C6F99A5D0ACE26A676ED6B55EB56D99FF99B73340830EF1F0423B
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	790794CA5295F1713C2ABFA1474BAF28	CE533838C8F9F8097E19799C74CD05AF85DF57F5	D74F13B17D9E22E7A64FD7B0193B19CC6F8637833D496C715BD12B93DB3882B5
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BDC74E151FBAA703BF0D451E25F2E95E	958413D306DB460D4F6103CCC4B91E15E35A7254	8A4BB852C115B1D3FDC0535A7A9C51DA9E2A3B35E241AFA8C5F10492B45C5408
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7D935A2F2F0B996F5B9054AC0C069736	49FFA2B15E781B9F4D722FC508F7AB53AC3EE6C0	78EE1F339E6C319C3CC6A260F85DA71D00C96900843587F9386FD7EDC23BEA06
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7B134696D80B5F961B514B2F27297F11	C67F29BD775B246EFA30AE5B02E2E3394ABB861F	24075EAF5A3CCC51DDCBDA6F4FB44B6BBC0B5D29CBF258BE7498B975735C2A0B
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	79C3127674724047E1F23BE73DCB5B84	2BDA122D445AFD8BE893FC2371F70E77B18A5A2D	B4DC40ACD3A960B8735864F56A9AAA494DAC7C47E3748B1FABB65DE453B8C5EE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E641F30A580264BD45CC9B0056E9D051	AA68106B56499CF91250F5F21054850B1925C5D8	60093A037175C358EC59901AA06935840C6EA540C44B619179ABF2BAA705BE50
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A5BE41698F411E0D2D463F1FFA4286F7	6875B89033DC58BA3E518ED9F9A4CF8A4A38DEC3	996E19B2F918399A0B3568E31FC9D9A0BF2D22D7D12740EEBDAC9BA0BF17E8A5
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	294BC388FA95194D1E0EFDEF22DC72A5	100381C8C2AA5E0F70582DC998DF07D8AE33CDDF	C6C44507E7379B3A4FAA1C2A8C6CC7AB6BC190EBC1E36C60977A5CA32F7721E8
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2AB1ECE237463A32FC98D56ADB896437	DD976D80317F2A82262BDFCCEA41A16D60653019	FDF2C4CA65EA08688776F66F40D11F7F46583E07D02C2448C0AA484D805B48D4
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	644DB7E336F816DF6869E1D89F25702C	F1E77358245131BD6059EE9C407298552DF1E5D6	CB85A935CDDC3106EA56AE84466441C1A480A1D01B72757D5CCDE3F88A8BD5B2
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A200B8523064314079B229AAEE5D258F	E2C0C0CE83F63462E6C9E4B12D9C56CF999E5AAF	9D36622A3F6D334A8860A7D8B812EF393C33D09BEAF3A2689FDC4DB5B433373C
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	28E4F984C23C7CEC7AAC492A05910790	47B96947C3D6457B007FFCC277624698C5803481	F73B59B6CF052665D95DFC222171BEEF39C2B78183BD4A33F7C61D1C162F4091
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	36E907D2A60CDE95580E731004C40737	38F2CC58A78E6ABB1E27317C43150AA0332567EC	786B8E0B2F51543A600F308FE4ADE4208C800FA9DA72A07487F832D867E96D58
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7D426121CA8AAE33F6FC9EE87B16A47B	47919A48315AD127DA29D8AD403D7C31AFAC8208	CB7874C56D317F67C719BC340BF0B6E62CD28ABE12C3F8096E9623E815558119
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B331DB812A3318CE15CC26106C38F452	F5401A39B29475B1BAF7301817F4F52196ACD812	2D92AED0B947B68C109385D116E71D2C1D9403BA255DF5DBC602B8383C2FD5A3
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F2DB4D0D7E897B3D871F48BA6D877E84	880F5DDCB0C0F128B38AA42350940DFFB210F5AF	04CA97A5A6C6FF7EB216EBDA1999C725C4DC5F5F6490567FFD7FFF639D96EB6F
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D076D05C0820478FF88E8DEE2BF5DC6C	0428A46E5368F3AC3D77FD28040CD7E6E86F353C	CC3644C634C35CD60CCB8DF46E0125A4C8FE53FC3C367F40650E569577817EE7
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5BCC40CAD15C883385F1D8FB8ED760ED	F4BD6A076D4F3F763AB9E43CB10DECD9A01CECE6	2256EB10BD2D24FE2D514B35A7B7277D2C0177C17609895CDD629793E02AA543
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C4C292CEAD1E5F188399957338AD3D4D	C8170FCE1F51ED3E33ECFAFD2D92C51023CCB340	6350C36874205FD433D97B28615F4E2A472E6D5F5C37E2985ADD9AF8CC9ABD6B
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	48A20B48021436EB94105E50E8425C34	24303F886AB5696418FFC59E47C54D6D0506BE8A	4CBFB73A1D07A3A4B3607FDAD29DD2C609484B79F160F177FCF459D6C0EA8789
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	758522DFFD9114A2BDCB7940D72140EB	6811C08E66CB3430DE16294F26FD1E9247339F35	0634B4CF58C6AB8D1F0B9C744320A44FF12529D7A20853D782CE5A6D6D14CC15
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AE1860171E76CFFC21AEDC8A87C3B4C0	0DEA950B2FDD65B463A4E676425E226CBB68BFE3	91929B52D1F04B274EFAE0A179DC72199EC9CCB9D509101920FB84D08DD39659
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B8F405CC8AB663C6E1DE1CA2F745919D	AEEF1247B3EDFE820A563BD0B3E92750051C5939	F4158B2D71A9F53A913C3088326787DD7D4A28633721FEC33EF2EC99E48FE777
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A2C073AE36368C096B089CFAA3A44B09	9607984D6CA03AA4845C29061BC3A79213F6D243	3979F0E6F02CD4C1E2347B6764AD61B0EAA16F66D0218753E5E7AB1EF8B36CED
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8D08FE1B8D01D64D24E57F4F4DD79D1E	F3013AC330DA79FAB5736FBDA0B9AB648135BE0F	6C211CFF27A68DC91F0EBA12B30522DDE33D16536FD7F095AEC60AF80C9F0625
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	106E541C7A27C9EED8CE8C6BA5A3FF33	026B9939C4BA57EB69B61F987E1229D62C451959	DB912B38C2C3EA73FAD24E33FF2CD42BF79DE3C39DD6C057E3C5D9F78A991E98
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F77210B5D9B4599606D71A3E8FA5257F	C8787AF74B006BAA8F5A7F1BAC83726A0FE265C8	6F8BBBB9741D72B27A8D50C36120AD83EBBAE44B3A315E4FD5057556064EF855
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	ABD47E493C240117369D248B777D35B4	DD75325026750FACCB781EEC6A976D45C92525E4	0F3F186F41119154715D2079645A38BE9B1463B33B8854A77B7CA5C0D5A4464B
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	960CEFC920656D81B8E55765674AF851	A7E7E1FA6F41CB6166AB24339ECBC12B45A59E9C	0BDD56494E47CAE291A5144C04B4E202E54AA48362FE3CFF1D823852AC3DCDFB
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E9E99EB0A55A66228194E890D83D6513	55E22E2C85EE079A562027DE22EC8A5DC4A69466	C54058CD7908E724860FA825B73F3279A907F5167801C724923D01F6D19003DC
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	04DB578DE9B6933B2541E1E1CE80B610	4C211D61D16766FF9C52600B9018D0F3E8776B6A	B0A80CF359817D235F77DB0AA9D907F1BBC10F7D0453C8682D24432C8BFFDC6B
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Help File.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7C46D3B544AFD482A26020736B50CF04	BF462AA0455516B7F1D0E798AF677425B5298EC4	95B3F24F46BEF144F6A805C678F6B2766F100AE218743938B804794C4A2231EA
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x64).lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D8AD821C132EA991269BB8F1C725F318	30A7C2A5EE5498919E49A9A6FB398CC3330B92ED	A705BF5E302EC639C0A7F25D6EF63236E1A42FF4B1B61686167A6DDA81916AA0
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x86).lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E66DEBA5D58FD515F146D60ABE8EE86C	5B920DE538D4046A63F76EB3A60C95AA71B955F0	8A0EA8E56C169C5C729BFBE18C44597E01DEFE7275A44712186A008B024DAC8E
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Check For SQLite Updates.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	89AE290398E7FF9A653346119CB5CF95	381D27BD7725A1D2E1A2BC19FD70D0E2D2ED67D9	484F89FAB9C3637A84B1F3C0AFCFBAB71B8B1BDB4C0F597B1734420F316DD8BD
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Check For Updates.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	620E8D71E6B3B4971FD76E1B569348EE	6DEC358DA73BC29D4D5AADDA4F24A40B16C83F98	E216F2418D1F43DB2AF29730478B7FC5E493266DCED89C380400B3E607A66E57
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x64).lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	29769250432CF0B5CEA3BE26BB89D9DF	9602BEE7D49A4648FA53AE0A44BAB5C0F4409E4F	226F0B79AF759D7FE8BC52F2D9AA988BCDDE554BC0D79B181B40846DC800AF4C
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x86).lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C88684D93EE2F2EE9882529B66F208BE	A30235C9AE806E4F8E8F76A63ED197F174FFD6F2	DAD5C3D1FFC3505AB1B123698E61111A8B943AF037E49E8ABEE605D5288CC890
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Examples.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1467C0EBB1AA9DCD5A492D9C3BB4C088	854EB043119A42578ADF3210D086A15F4980D3F6	2D6A129C6BA4C3FD72C2FA4A665C0C2B358171D14B9C07104E51F339E900020B
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Examples.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C0CA5F2892CE158F1F4C84D449ECA5B4	9B5EE4D2D715DE6FD796B312AF323F40FF39E3C9	D36C1F07B33E361F4C385CFC6D05DD18D1AE66B0DF7A07783E20CBA53990D73F
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoIt v3 Website.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3691D8FAE27ED6A369500F752E01D68D	378B87CA7D120E7BFCA7ABD5B027569FEC503E35	BB7582A23021F8BD91420D8D1CC669C5D44D2430ADA263C561A5F4C2C120FD55
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoIt v3 Website.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	ADFB54892246B963BC75E016775D448C	31FED4176C1075C43EABD17E55A91FB0075D7825	CA3120360F6E9CCBC4A6ECE170B37EF303AEFECC4661EA638E3A4B99BC4A5FDF
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoItX\AutoItX Help File.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CF299368AB6CD96BC638A8DCE1C0C37B	6E2E3126194CEF4FC7047819C811D39163CA58DB	120B7A4CB1E45BF4E5B92D9881BE190DFC8152D437BD9F4CC5E90A0CAA123865
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoItX\AutoItX Help File.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AEFD6D558047150470308DBF6B596BB5	604B65ED9361B2D8CA5B74F898B35A9C2D89F835	FEAAC23887512FC68F017914A8E2C052C3EFC9D74F8C7CE8B743231A000582C0
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\Browse Extras.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AFF8624F832C4EED42D744389DFD3A6D	C1C33F544A515263BA40D6562596C8CB7839D787	6FEE66962038AC1C71E19875F7F38D70CE797701ADB6B767E093416C563CC575
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\Browse Extras.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A1907A87376FDBD9F6E388A1E5B35034	689646FF4746EA98256168397F75A9CDE6C61A92	1CC61BC3FA1D72561E834D77AD6299136397F1867DE622582E39BEBC4052BE47
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x64).lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	14476CF7515A47AA98013AC0F1CCFC5A	8496BD2F9B2A21F1FF3CB78BF85C082FCA540CF6	0D70E0EDCA36EA47E78DC82BE16A9E84400A8745D525F3D6E51398906251A634
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x64).lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3AFC42958395C431B76FF23A6F42FEA3	936937F2D22791C12662CBD0C32D69CFDC25183C	A369484915C7FA0444AFE62909E6BAF3A4F916568348038A9641600A008C313D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x86).lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	168C7415D5CB98F62368E037A7A35362	127F585874D22A24FCD4653D4B740F51E599AD1F	E8985A745311718F7F9FE985E5A614EC060EE91AAA519303AE21E1E374D4C664
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x86).lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F3CD99366F2CA6752CC1911FDB9E1114	F3404241FB0E9A3C0EA04D50C384D20EB1041066	2B87C8320F76A7D7D8E9C95B351D747C52FA802F5615C6277054393EB861473A
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\SciTE Script Editor.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F4F11C6C92B0A12495A0E2A1649C1482	7D0CD47A99FFA9D7B629E537DA1964744D52302F	A3AEDEF6A43BF5731C1E64BF3ED8136559CFED20EF2DE48BC7F546980128D0BF
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\SciTE Script Editor.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9F927DD88FECFAB1AEADEC264B485F90	918F451C548341270D69AB0BAC0F712DD262D07E	7EB67279B62A2FE4ECBC98E796DF6FE3357A5DBB72DC8B345AAF9722999DAF8E
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4BACA5DF5947844BAAEB39501B44D8A3	A347EB6B9DE79F91C6F75B934ED75E43B7DA1F3F	1C1492E1804307EBC8D06741411A1106FD88A5F29089BB254619D23292D174FA
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	378574F01B3B2A01F39B455BDC22E9F0	79322D9261BA846A382CAFD4BC3A622C8406685F	E50CC75D167A9CFA588246A2D53F2A5B381EDF8A37A7DFD80EFE1F3EA981BDDC
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B9B54C62E66F7DDAFA5D615D17C1F4DC	4F077665DE5DDD6DCC53B320FA416C63F939340A	B62581644313EC68156B1145BEBDA556B9E8D92801C3D3AEEA372C866A249470
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9072843D5B1EA03E32740F8BF5F51ED1	79D6E61296653AE1E6C85DD5479EB322CE9548E3	92D27F605C9B17AA541BA8AF6EB7709ADD83270B5A853E6694B2EE3AD2F6DC88
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3D96D46A16299338D290402DF8DCB134	B2135476AB078AA55F510C1DC2B2B27B672562E6	C7CC112D8744EF6DBAE510048AADA83AA3A2D16147BE4BF7E58257DCE90878FF
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5FB6296AE2463AAD1F089B0B2D90E2E9	8F33D888CE8B1C6759E2004BE6E17AC1569BD39F	C6EDB5CF3DFDD8278648F0CD092B45D9D762E94D153AB5C40AB3AEBD4020818A
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	838FBCF63D5400F124AD0A5C14AEB106	8573480E0865E400B721312A77AB7B98615929A0	A15E4A66D491DBD52FA969C012D00BEB0601A7435BB7C3406F89356B4A3867A4
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0C0ED2EF569E34C097C11E1177BFC94A	DDFD3418473B6AB250CB9119B0B3F68E0D56D572	97D6DC07279AFDB36868533C089B82122748AD18268B958B26E9F5F6E08BF65C
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D0172DD21BF97DFE57EC19A5AC04F242	73DE5492B7F5200F761AE30F1941C30C35DEF84C	8AA9C310C690DCF546C2E45343102E2B8A5A9E011E8CCA65FE47A03542A963CB
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8212DD3BECE36266EA3EE54A2B59717F	E92B9F4473B7FF22877A36286EA0712424BEFB03	298669F81FE3E0820DE028C14C3F01E7BB0A41344DA9164830E746B6C7B90F98
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0C55E3E2F0B6231D09F3B9DF75C6636B	46B4FB1B971CDBCE2157A694392CB8A7D6361B70	95A8D82F38AD820127F922CFCAF5C06F90F0FA1DD8DEE078E36567C33263B224
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	49832133D235E18BB5CC92C0E33D4556	ECE74DF8BB317AC79EB6173DD9C2605E3629F37B	CFD55488D7422841B9EDE822D0D81A6781A09716E1ED21A7DEFAA55DF2848B35
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	792172E65832F94608896B457858362E	93E34D3CD8EEFA2A4515904D16DB1B304061A2E1	D0099E8C6E7C7A37ACD61A002A4F73DF6123CDC4DBD16D6876B0D9B9670E922F
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	38A3F481BEDB236F8BDEA3BC582607A6	214985F345EF2ADF295431A798BCF3862900BD55	92DC27C6A2A493465E8CEBE4C0577B7FA1F0D478D86BDB6C4D62D118FB764488
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	087C4D948AB43D057C101FF4C571027A	5FA374C58299B2BF377162D0871E6D4ADCB3CD41	98974379D27A5CD24950A02C97354BAC237ECC6CAD46C264BB9E21ACB2852A12
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5883702E8AB8223419304B5BC8EC8059	EB9EF59A36ED6DCDD3BED137CC96F683A75FE73C	823A957602188C77B88D1AA03D91859DB7C4631E5F8BF57FF66BAACBF5A70190
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	77EDE32A781B786841D760EE5FD0C5A3	A9E1691011C675A3F9485EBA296F0C8EB8818F1D	F92535F431F6C03D33204FE56864D9D7AA871B0A7C97D47C5190231DF40A3DE3
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	28354E5A1CBAF807085FE348C79CDC2D	C4E0E5068D4015CCAB6D5A24604671B9A11D2AB1	80F7A1236490AB8C0EA90179949D29BC02ABA9AEC3EAAF9C739C2437FFF7926E
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9566894A62CD86CE5E38C46B8C697E67	DF13F3DB79E4770CBE0E52CFFB5BABFF63304A92	1AF4A4CE0E5563E56578CC064A9F9F21DC6899B0277E0B8A459EA36204009874
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CF295471363712F1E729FB874546E824	46D48DA81C981B8CAC13A52558D9CE2E3DCFE7E3	947B3944A42B396680180B0242D2FE281FDF6FE6164D893F500C6985B5732C14
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A0914C81167E851FD3EA6A4F11C806EA	C34182BF66704C84A977877240436CE1BFFCA507	1F75B701F715A118930E64EA1670CA0CCAA67868E6FFBA68E701052B3431E3FF
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4F1F3697339D589E929208B3A4F3917D	C7EA812457878FEEDD7398F0B4B0DE90EBAC7636	0B56473D6611B6DF3FCBF5F3AD476386CC527D6A759E1FF0BA42A803A8AF230D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AEA087DC013A3884F26C7827E2C31F78	F27378B4A719C721DE83C5184436B26E8224B016	155B459D530D725B99A7C8938DD9ABA90B36C1E4A83EF7CADDAE3DEF15EF65D2
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A02D004DB8A835BFDCE2B9080925E67F	A67B27325FEED066820D80EECD12D085C445E573	DA3B99099A2548C8083954A1C694161EBD6213C55ACF477F61DC76BF1628B148
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9027B5522D46D598763B5F9FAD5A91A9	935F67FEFBDF12F2107BD258B4D05F0E145FD554	7A388E69542477E0338790B29FB3A838A2FE812E2CBB4AE95B286CCA9BCF6A88
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office Language Preferences.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	02461247AE3CCCB474311ADB5CBF825D	29FC8E264F79D8F03F2346DE1CB681B152287056	62A664D12A73B158FD9D8226B181709FDF68D36EA46B5C90FCDC432C865DFEF1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Skype for Business Recording Manager.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	25B009DB3AAC4B0ADA0C4B9FEFB5073A	218205DD2C9B1397A5C38BB43DCC9250FB80CE69	01DAC5DAC0DE50991843395B31E2EF73243BB877E79C3A2D1FA50F2E95048024
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AD761246495B50B6C62C6618BBA145C2	59965AED7D5339784718BE815A84CA54E7ECEE37	105F4A9CE6CB0C01977578A60E4C19EB846C00EFA18CF30F6A8BADDF70CB8666
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	7E677EB93F0456E8FA72998A6A50CD48	D16F30E5840DAE9BCC58F5F3090BC673B6FD923A	91F31B938E9A966CB4DB38AAD1EAE9F55F6D6A0FB2519E75BDFB49089685A1FA
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetry Log for Office.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1FBE797F113CBB180848E9AE5C7EDCF8	23F867FD126AA3A292A212D147F107339D0F5B4C	6A387F60FD30C2EE25BD060E82F3B65F773F6FD0872E3A60BC763798BD4AB3B0
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	98585710261E8ED74C8BD9D23F638662	5DDD4DF3C4B2E483F8AE424998C4FAF194033BCF	A3724687A166E2CFDE2571C4E02B5A8DB78D000B11817E2BD14F9497DCFC9BCF
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	37DC13BE77D3F40A3B2DDBEC7E57A6D4	6F363597A6EF3BD8CFF4B488A83397247353E1BD	1615A50AA00858B11613FBDD4067DED0B1D35E3A1827B6431E36F5EB3B882C95
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	3C9CFF312FBC53F6D51B847DDF885C4B	860F82C6A4FD2CFA4A4C9CD736A63347D6D5F45A	D74E3D8773D6FCDF523C07D1AEF43A83954C130C23441975AB35611FC7135A8E
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	94F3D2A586020FD9448E6182A7B942B8	95C7BA6141398DAB775DC3A068A3737F4555AC31	7491D4A2F1B8763B44AB7512ACD9DCCA1DC50E081F311EAFE8482E28982C1D01
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5003D75C7BB5E2460A03238679FBE05F	CA56F0D372A451FA64806EEAEED81DED0CA4A6D9	F374BBBAFF42FB8CA480669D1BF835668CAD502007E59ED6484127CA07E6813F
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C12153DD3128D4E2F9E72FB06E0CA6FE	064420A0741DED541966569C35140606ECF59FB6	401E3E6F151EEDD2FFEA998B312F9280CBECE492FEF5C6FF77BE30A09B103B20
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A2C926EFB0B692E0059E013709A98027	3BB3A6FC35E8CD70FFE25D4356CC0C689EABDEA3	F196FC46F0716CA85E3DD232B00629E38054FA223CE94E4CB99B35385A0F1634
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A5F94B220F3241C6ECD4C59098CA3D98	947394A255FEF7F27B24A62B7D87962A3D1A63ED	FD3CF83ECB2745879ADF14BC2D125D181A921940AD81FB53E48F036D975FD3E8
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BBC01B456C69C2D1FECBE73D27CD22CF	1ED2BA955C3CDDC9AA19A1C39223769B30849C8D	FA189500CFA90D1E18F3E0D0838CB9227BF9DD71E1535D865A1B7E2FC0D3D4A1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A3C9D8FC9A47F31AA48FDCF75C79F407	DCD7F6C6CA8CAD19217C09C20CBD73DF88CC1F31	569A881DC32079E47B4D299B92CB783F43DEC6A09C393548996BFBA7A3B504DE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E0A643E2C301A7247A68009934E79F98	6CF62FCE28FDB47B1E6D6ED40F0D0789C08D82CE	6BC43A7652D1C920CAC623B9B1B48D54B3C66133F382DD7562EC9674B6B527C8
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	51CDBB2EDFE20D10131D1C86E2BEBE55	921DDAC3FC940A4AF1E161B959BF4B858A486CF5	F30D7AACB528B467B49EC52B884BE26A4D239F380A1B0AAAAC9B259209FFA2D0
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	FB61277990FF637E7EEE14E2D2707092	A049EDF4D30F5F6319F412D7009BC3E7C70920E2	E476898F16736D106B154852615EAA20AB2F0824AF2EBA1F4452E05F44A1D7F1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	178623CC2B548F033A300BA5C1091D85	DB58773E3CD1C25C52D9AF946E9066338EBBAA40	599F2B57C77F6646553CFDA343283537DCA49A8ABC52B07A51784D4236780550
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D7E4780BFDBDA6A643B9082B68C5D562	8F04534CD4E438D47A3497C03402FC62ADD89B32	A3BB7DBA80FFF943B856F39B0688600E4AF9E536956DDE24DCB647727E507BD1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	E52C82BF74FF2FCA34C8579322C9A113	D44EC25C00139B22652946438F08A8D7CF938E2C	F38EA9CCA89B1A3F81DF77BDD884451DA16AA7064E26FA440CAD13767F22B4C3
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	67A5944394417BD7B5F3899B251190D8	56F70F53C8932C50609EA6893E561F16347AFA33	A51C8C5D0D86F661CA03BF196CC7CF9AEFEBA6666852F96587F58B22396980F4
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CAA098A5FB68CEAED839E1F1D8B6A09E	65A6E52A0200D63D4936E50067AB2A9A36BE1E3E	95E2A71BBA439DC65A38543222388B77ACD47DBA2CDC3C9D5A4D1D1FDCCD3362
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C9A879C1A1A285B6171716072F6CD9B1	8D90E11C63EFF500AC937D14DF5779EA3C09A2D5	FCDB24B8DC69839EF3D65C69B36A511ECC8C54730E0FD3D3455A3F2A9AD1E38D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	606939999C86A12B4526E7BDCC54E6A4	7DE15739B2543EB659610A1C974ACE65562D990A	0DA13664BDE65D7D93032739C3AEB499BF403B29D6E7C79C8A855E36A6E7E101
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	DB619EFDE0DFAAE354A0ECF72E65ED6A	B61DE568F8EAD145D7A0E3914E6B0D626143FC28	45F1DB6A2D4806ED0DE08EE256F28BDC52D37D7CE6B6EA85EC9A580043DE616A
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	C6883D13537102F74426A32F1B824B59	50197D03D4589A6F69A13146EB069B332BF58AAD	FB9E34FD88E96FAD4BDDAD3D080B2EB9657773768A9E603788A5BD3BC15FCDF6
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	612ECF21EB4B9889350C38C6386E5165	1A6C9DA7AD9DAAA8C43ECDC4E512C682003C531A	FC7F1F3FDA5066F10615A29A12E2AF24F04669EE72723C60FD3EA2ABFE00E7A8
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F3CFB9D4A8B3AA1998150C9B07507249	A4A75E1FBD641202A05BBBF55F1DE7A9EE37D728	6A5228E886A9FB9DDE83F32E3C41E8B8FDB38778014CAFD7EACB44105B3137C3
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2F10CF33E7631FE339AA6F9104B7E9FF	A3C0EDCE7E0B03FFE93C6FBD8DC74308DE1CE523	4B0F075518660DB30354C4FB520CED2F2F34230BB924B717F776AE9E90C6E092
C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F86365C8F02A86725236C415F9C4216E	31F9F9BF86CC4245F4C61E495199C2E7C4FBFE4C	015E5ADEA1AA36ACD8D0A9B4F80413BF24CA8AE6B0EE7443865D61147EDD8B12
C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1F1A1D7890A94B7F594CFEAC58AC6B3A	AC30BDF74AFB97044812DA1C1903759D551E946A	74857FD207B0C15D7BB48E3B044183D037DA427756ECEB754DB42FA17F8ED782
C:\ProgramData\Microsoft\Windows\wfp\wfpdiag.etl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2B455691FB4D2A591AF78B1D216E3321	B408F5E0C3B4A74BB1E4DE4BE18E115B37907418	CC444DA637FDDB5EA50FEA6D3474FFA01CC2752FAFF13DCF5B0C9F571A8586CA
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\UpdateLock-308046B0AF4A39CB.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8A9E255FE934253EDDDFB5D253DBB4BC	956F5E35DFA80AD09625FFDD691647EBC60F48ED	1AF8A75001EA1F5A7328A337A363D7C5EB931CFA7C43843857987079FC93AD79
C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B906799FEF0EDD7BD1ADC3F8D0050460	58040513FEBA90131136AA300D124E7F5BBAEBED	B0DBEA67D8CF9D893232ED7B2FF7340AFF92EE48DE9D18F68D47E95B091B041B
C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\state.rsm.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1F1457F8CC5397DEBD62E724C364AFC3	B75CD75F2E7567F96254B1B8EE20EBC1FE140EA0	2EC0D16DBF27544B216E116CDD7A8628C1DA812C391F85C8DA9335EF1EAE7AC2
C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\state.rsm.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	4079C92C64AED623C6E1EE85A26696B2	EDA6DC8BCDD476B60B5CE9B9BEEDEE01D98E861B	9CEF48580C9872EED9CC234A4868D52993921DD12C314D28BEA2130E535E67A8
C:\ProgramData\TightVNC\tvnserver.log.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	45BD090D4549DE1D84A7D85C802AC81E	B9E6976BAA02C2A76444690401BB0DA364102920	EA877F16797593263E62C179E0DE161140904972D2EE5245AC97ACFDA8631A1A
C:\ProgramData\USOShared\Logs\User\NotifyIcon.0884f9b2-b6ec-4b87-899f-510361add0dc.1.etl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	B2AB229D2FEF817BCAEA50393980D8DA	34FDBCCFC32D08F63264EAA035D2F55E46DCB94B	5A35497B766C3CA1BB51BD9F3BD7D9851A2BD5B0673F79A5EA5D19B47272457F
C:\ProgramData\USOShared\Logs\User\NotifyIcon.1d47542d-bdee-4dc6-94ed-be9cdb6f14e1.1.etl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	BDF14ACF1F5284D0508AF8058FE27882	90E620EA5BD045ECD93B8F87D759D0267C284671	80E5627891D6B8EB6A6BA369C55D68514374AF1699E3B07C42388787735425A5
C:\ProgramData\USOShared\Logs\User\NotifyIcon.21a55447-0332-4ea2-8e22-8ddd09981184.1.etl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	ED0D292828601CFDDFBF3423E33D0325	4633FD74932B2EE601780DE3CE080A0F6E8FB1A4	DE57D6CE2062C6074FEE0EB56CD18308403A155411465D2680A2C628F3C3970D
C:\ProgramData\USOShared\Logs\User\NotifyIcon.38fad0bf-4730-4bc4-be22-5277e88811cd.1.etl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5ED5D07472170E429253BEE72DD4FA76	EC3080DF5DBB2274E25C2A629C2312B5AC11EB49	B0160F50BEC22D26620282E3C9E8BE7FAA7DB10CDFFEBBF7B07AF6494D916E9D
C:\ProgramData\USOShared\Logs\User\NotifyIcon.480bc3f4-4991-4ffc-b70d-c15db82e9d6a.1.etl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	EE72C2CB25A83272C0118CD2912F860F	18F6E1F030C22C3033369A96F9DFECC48C31B4C6	A4CAD697A840FA20A073FB74A763BA367161094B1A334D5C8D6E0F9040B68DBD
C:\ProgramData\USOShared\Logs\User\NotifyIcon.a686e598-6877-4264-9711-989651a302f7.1.etl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	68A62BA99F5A55C7E0A7A2CCED17EDEC	9A0AE6CC76602D74BE476EFA7C156A8297B5C0B7	1F98A9F3FD5A2784FA9CFD3C63E6BB0E2DE705DDBB77971CFD2764371929D942
C:\ProgramData\USOShared\Logs\User\NotifyIcon.a821f645-76e8-4ba9-965c-60ad931c30ce.1.etl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9D0CB806AE06A001A3F8F468852411E3	EC39139E898CDE06FE69B1DC3A618FA0FF0F9C7D	F99FEAF6D532A1CC832B2264B26977EFABADA82BB2D3B47D03E8EE0311A32EAC
C:\ProgramData\USOShared\Logs\User\NotifyIcon.c6e0f9e8-f670-49c4-974e-9d40568a1011.1.etl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	F31C1B64697E347209094612E69792BE	9BF1DCCC426AF331A9D2D8B4E966EF6A8B269C7C	E3D2F34B8C389F1BA76685FFEF1E7FCAE9301220F954521F08F997A2C2EA57C1
C:\ProgramData\USOShared\Logs\User\NotifyIcon.d9261b8a-d5e2-42ed-ab32-cd2fab1962fc.1.etl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	217F82EF52A617635A60E5B5B4698AA7	388425171F72C7C3FE28F52EBFA1FC7DED20745F	695DCFD5854A3FD7D77DBF3790F10B9E75B250300700F21C4C3C1D510164E325
C:\ProgramData\USOShared\Logs\User\NotifyIcon.e99a38d9-255f-44d4-9ce1-275e8cf23855.1.etl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	CC0F9E8299E7B7A055EC4EBF2285B21C	E807E7ADC23A92DB866146E82849AE0C2484E516	32B9CCF3B1521E81D666E8EF4651DAED604BD7B93313CFF8BFB3BE951C4F49F2
C:\ProgramData\USOShared\Logs\User\NotifyIcon.f3f7cc8e-795b-4925-9b8c-26e2ea300f41.1.etl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	2456CFEDB1CF9DD029C6A72C2D01FB6A	BE358D25A3C89938ABB84043FF2B80CEA0A19AB7	BA900E1EC14546C57E048C160BAC483D65689B796698422F85B1202199FEB051
C:\ProgramData\USOShared\Logs\User\NotifyIcon.f4d4c9b8-57b5-43ca-ab7a-5d857e7666b9.1.etl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	93CA78484AC9B68EC3A5C475C0665270	F587FDC07F89DE49DDF32E44D16C1D2A6BBB7EB9	DCE714668A289767388B81FB6554EE608A7CA3D8CA9FD410E8986082B2C354FE
C:\ProgramData\USOShared\Logs\User\NotifyIcon.fbe50464-f61d-4a15-a5b7-ed239a079807.1.etl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	D591CA6A2045BEAFCF9E73D9424EE505	96DF88A905CD5B55D8D3583705DDDD48392D5D4B	22742C2EEA221D48A87F1777997B2449573A55874C64A0BE2EE432BEFB924929
C:\ProgramData\USOShared\Logs\User\UpdateUx.475a5b13-420d-4358-9fdb-c77913ec90af.1.etl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9F36C4E81611DF7D78592AD13A832B6D	1FDCD3A72A433E658BEAF21B8A36A3DA854B2845	EEF4C0C39EB1BFA0A46934384E4125D0B0EF7F82A9732554F1E37FD9AE0D512B
C:\ProgramData\_curlrc.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	AB9C59C1628045067D5C2F29A1C6FBB7	A7E6C112B8587583721FDC282AB09925A01E7316	4ED562D4C1A3A59E3C2628992EC7354C5E207456B948AD90E0B0F61339AA2AD3
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	68F83E9EEB7BEAA41A68059DB76558CB	C9898165E21BBEA0D0DB8D9581A61ECB30D423EA	815A06A44053917B7D436F35247A2F51984E4EB85305F3220563A21C992D301D
C:\Users\Public\Desktop\Adobe Acrobat.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	0D225E49499BF1EEB953EC2E700122B8	4F085022F64510576C9D40788CBC37DA142346D2	DD3A2D56F7A7FC5EA1D556B2EA7C226DD1BEAFAE02758CFEC79CF095E7126E9D
C:\Users\Public\Desktop\Adobe Acrobat.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	68E547FDE35F67BFD064B3EA8F39E680	B6E96CB2CA2FFB9F73E8EDB2C31A02BEC8560D07	133981F736784530C7C539FD7A4BD0BB3CAC8D2A489A59634146A4CD27A104EA
C:\Users\Public\Desktop\Firefox.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	1FF04DA84031307A81FF0830883A4BC6	8014C84E6CADEBB9E40A0EE73C31B1A9396CF6A9	72F12D8277897596604B484C5C5DEE024F73444637FB635081FB2BFF30625DF0
C:\Users\Public\Desktop\Firefox.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6DCE055A03DF83F2CF53AAC9560C5D2A	754480D79294A85A0897AF0C9676626F0EFE740B	F65993EA21826E8252C3D6B3D2EEED674116EFAF2D536E49B76549FD78B0E72E
C:\Users\Public\Desktop\Google Chrome.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5158C31620ECC580AF433C53B8AEB961	EC59FA2929A6D57EEB5B127EB3F65C4D0256231E	67CCE65FEF69C4DE861F84CCF36BFA4C3EFB4E5382473DE3FFE43A357C8BAF37
C:\Users\Public\Desktop\Google Chrome.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	8111F9B8C2056C4BF0E056D527E53629	0833D5AA7AC4C68195153685C62AA7E1DB6069BF	5196DBA170D9F63CAB45B6DDE4D435E0916A61510ACD531C7C523E15B4ACF64D
C:\Users\Public\Desktop\desktop.ini.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A59D2ADC06C07A4FADDAB6B743563EA5	3BA58D1938D42F0E82D45543B14342411F829C6D	498382E5AC7AA6B1462BF31D5AF2F54BC3DFD863A2218626543DEC621A70C90D
C:\Users\Public\Desktop\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	750120688F068755638777F74D41798E	44177DCA5E217BD9E443F043E717C1F96CD08B0E	88B1F5F9FEBC6E21F4D1FE470142BCA0D559722244C977ED07F8563EFB5720CA
C:\Users\Public\Documents\desktop.ini.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6B01C03240F68143E748C521070657AD	A04F9A0984D0D3EFEEC6BD837320BB4DACBA3071	A61C2E48EC88F3BF7B646F362FBA254ACFF910CFF3C07A620E389B14ACFCC9F6
C:\Users\Public\Documents\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	71D8FDE7453F6CDBAC98F849D2DE9E73	33AC222FBD3F0D963C847BB9AF3D1B8071EC7516	6673B634208234D1C6A0E8B038F473726ED8B887D200308A3AED7616F5D7720E
C:\Users\Public\Music\desktop.ini.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	81FA9CC44A7A0B47CD4D4E061A526C72	36E6C074C4CA409EC26C2F67C14C48BD20979F99	40A04E51750782389D16DBDF76FA08CCA7E0993FA9CFE86FCB9B661AB1763510
C:\Users\Public\Music\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	9E4AA42B39047FC90A9E2E0DD5099869	BCD4BBCEFB91EE2B7E2061854138862C4F2A6793	6F42DE1BF650DA6A3DC970651C8E5FFA202DD901DCB874F155D830CFDCD7F7F4
C:\Users\Public\Pictures\desktop.ini.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	677C719A47A3C6A5C96B65FFDC2C4970	DEA0308C7B24D149AD75041FE9EA84C07F0FC5C3	AACA369192D96CA34AA5521EFDAF925A2D17824C03AC61FEABAE4080CB153FA6
C:\Users\Public\Pictures\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	5D4C70EBF1C6189ECE6CCC2E7B95647D	66775CD11B57734E973BAEA1D17BFB8C5D2324A9	829449C074C32C15A820918D5C1D10480F990D848FDDA75B1D791F062F644078
C:\Users\Public\Videos\desktop.ini.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	A3C711A6D5CF1404D3FEDF5A31E96A43	EC9142A924024B68C314D4E2081871ED6D3322E0	AD941828CBAA7FB2EE609B49D8EC1E433DFDD8620D8C58E7BD9917EE416630A4
C:\Users\Public\Videos\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	6AEA41DE0337890E80BC1E4B5E45ACE3	B143F0A51388E050B58DC05C886C9B0AB425367B	365C1893F72E3DA757A2D5FDE68D15E258150802792AF8904733E720E4953C3E

ID:	1523388
Product:	CloudBasic
Start time:	15:04:36
Start date:	01.10.2024
Sample:	mal2
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	5daadb531113cad75786097b02e393f0
SHA1:	9dfad0a4084103d1fb53a9e2f7637a5ba7667ceb
SHA256:	f57bc4c23407f071076c629e9ca80dd737d034dafc216595b5fba3e29d4b2c1b
Filetype:	Win32 Executable (generic) a (10002005/4) 99.66%

Windows Analysis Report
mal2

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Screenshots

Network Map

Windows Analysis Report mal2

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Screenshots

Network Map

Windows Analysis Report
mal2